wader/fq
1
1
Fork 0
mirror of https://github.com/wader/fq.git synced 2024-07-14 23:30:28 +03:00
Code Issues Projects Releases Wiki Activity

pyrdp: Move pdu types into pdu package and some cleeanup

Browse Source
This commit is contained in:
Mattias Wadman 2024-06-16 22:30:04 +02:00
parent 36d5cd47ec
commit 86f28b6c21
7 changed files with 85 additions and 95 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
format/pyrdp/pdu/client_data.go
View File

@ -54,7 +54,7 @@ var clientDataMap = scalar.UintMapSymStr{
CLIENT_CLUSTER: "cluster",
}
func ParseClientData(d *decode.D, length int64) {
func parseClientData(d *decode.D, length int64) {
d.FieldStruct("client_data", func(d *decode.D) {
header := d.FieldU16("header", clientDataMap)
dataLen := int64(d.FieldU16("length") - 4)

2
format/pyrdp/pdu/client_info.go
View File

@ -8,7 +8,7 @@ import (
"github.com/wader/fq/pkg/scalar"
)
func ParseClientInfo(d *decode.D, length int64) {
func parseClientInfo(d *decode.D, length int64) {
d.FieldStruct("client_info", func(d *decode.D) {
pos := d.Pos()
var (

2
format/pyrdp/pdu/clipboard_data.go
View File

@ -54,7 +54,7 @@ var cbParseFnMap = map[uint16]interface{}{
CB_FORMAT_DATA_RESPONSE: parseCbFormatDataResponse,
}
func ParseClipboardData(d *decode.D, length int64) {
func parseClipboardData(d *decode.D, length int64) {
d.FieldStruct("clipboard_data", func(d *decode.D) {
msgType := uint16(d.FieldU16("msg_type", cbTypesMap))
d.FieldU16("msg_flags", cbFlagsMap)

2
format/pyrdp/pdu/fastpath_input.go
View File

@ -50,7 +50,7 @@ const (
// FASTPATH_INPUT_EVENT_QOE_TIMESTAMP: 5,
//}
func ParseFastPathInput(d *decode.D, length int64) {
func parseFastPathInput(d *decode.D, length int64) {
d.FieldStruct("fastpath_input", func(d *decode.D) {
// var (
// events uint8 = 1

78
format/pyrdp/pdu/types.go Normal file
View File

@ -0,0 +1,78 @@
package pdu
import (
"github.com/wader/fq/pkg/decode"
"github.com/wader/fq/pkg/scalar"
)
const (
// PDU Types.
TYPE_FAST_PATH_INPUT = 1 // Ex: scan codes, mouse, etc.
TYPE_FAST_PATH_OUTPUT = 2 // Ex: image
TYPE_CLIENT_INFO = 3 // Creds on connection
TYPE_SLOW_PATH_PDU = 4 // For slow-path PDUs
TYPE_CONNECTION_CLOSE = 5 // To advertise the end of the connection
TYPE_CLIPBOARD_DATA = 6 // To collect clipboard data
TYPE_CLIENT_DATA = 7 // Contains the clientName
TYPE_MOUSE_MOVE = 8 // Mouse move event from the player
TYPE_MOUSE_BUTTON = 9 // Mouse button event from the player
TYPE_MOUSE_WHEEL = 10 // Mouse wheel event from the player
TYPE_KEYBOARD = 11 // Keyboard event from the player
TYPE_TEXT = 12 // Text event from the player
TYPE_FORWARDING_STATE = 13 // Event from the player to change the state of I/O forwarding
TYPE_BITMAP = 14 // Bitmap event from the player
TYPE_DEVICE_MAPPING = 15 // Device mapping event notification
TYPE_DIRECTORY_LISTING_REQUEST = 16 // Directory listing request from the player
TYPE_DIRECTORY_LISTING_RESPONSE = 17 // Directory listing response to the player
TYPE_FILE_DOWNLOAD_REQUEST = 18 // File download request from the player
TYPE_FILE_DOWNLOAD_RESPONSE = 19 // File download response to the player
TYPE_FILE_DOWNLOAD_COMPLETE = 20 // File download completion notification to the player
)
var TypesMap = scalar.UintMapSymStr{
TYPE_FAST_PATH_INPUT: "fastpath_input",
TYPE_FAST_PATH_OUTPUT: "fastpath_output",
TYPE_CLIENT_INFO: "client_info",
TYPE_SLOW_PATH_PDU: "slow_path_pdu",
TYPE_CONNECTION_CLOSE: "connection_close",
TYPE_CLIPBOARD_DATA: "clipboard_data",
TYPE_CLIENT_DATA: "client_data",
TYPE_MOUSE_MOVE: "mouse_move",
TYPE_MOUSE_BUTTON: "mouse_button",
TYPE_MOUSE_WHEEL: "mouse_wheel",
TYPE_KEYBOARD: "keyboard",
TYPE_TEXT: "text",
TYPE_FORWARDING_STATE: "forwarding_state",
TYPE_BITMAP: "bitmap",
TYPE_DEVICE_MAPPING: "device_mapping",
TYPE_DIRECTORY_LISTING_REQUEST: "directory_listing_request",
TYPE_DIRECTORY_LISTING_RESPONSE: "directory_listing_response",
TYPE_FILE_DOWNLOAD_REQUEST: "file_download_request",
TYPE_FILE_DOWNLOAD_RESPONSE: "file_download_response",
TYPE_FILE_DOWNLOAD_COMPLETE: "file_download_complete",
}
func noParse(d *decode.D, length int64) {}
var ParsersMap = map[uint16]interface{}{
TYPE_FAST_PATH_INPUT: parseFastPathInput,
// TYPE_FAST_PATH_OUTPUT: parseFastPathOut,
TYPE_CLIENT_INFO: parseClientInfo,
// TYPE_SLOW_PATH_PDU: parseSlowPathPDU,
TYPE_CONNECTION_CLOSE: noParse,
TYPE_CLIPBOARD_DATA: parseClipboardData,
TYPE_CLIENT_DATA: parseClientData,
// TYPE_MOUSE_MOVE: parseMouseMove,
// TYPE_MOUSE_BUTTON: parseMouseButton,
// TYPE_MOUSE_WHEEL: parseMouseWheel,
// TYPE_KEYBOARD: parseKeyboard,
// TYPE_TEXT: parseText,
// TYPE_FORWARDING_STATE: parseForwardingState,
// TYPE_BITMAP: parseBitmap,
// TYPE_DEVICE_MAPPING: parseDeviceMapping,
// TYPE_DIRECTORY_LISTING_REQUEST: parseDirectoryListingRequest,
// TYPE_DIRECTORY_LISTING_RESPONSE: parseDirectoryListingResponse,
// TYPE_FILE_DOWNLOAD_REQUEST: parseFileDownloadRequest,
// TYPE_FILE_DOWNLOAD_RESPONSE: parseFileDownloadResponse,
// TYPE_FILE_DOWNLOAD_COMPLETE: parseFileDownloadComplete,
}

16
format/pyrdp/pdu/util.go
View File

@ -1,16 +0,0 @@
// Copyright (c) 2022-2023 GoSecure Inc.
// Copyright (c) 2024 Flare Systems
// Licensed under the MIT License
package pdu
import (
"fmt"
"github.com/wader/fq/pkg/scalar"
)
var CharMapper = scalar.UintFn(func(s scalar.Uint) (scalar.Uint, error) {
char := s.Actual
s.Sym = fmt.Sprintf("%c", int(char))
return s, nil
})

78
format/pyrdp/pyrdp.go
View File

@ -14,7 +14,7 @@ import (
"time"
"github.com/wader/fq/format"
pyrdp_pdu "github.com/wader/fq/format/pyrdp/pdu"
"github.com/wader/fq/format/pyrdp/pdu"
"github.com/wader/fq/pkg/decode"
"github.com/wader/fq/pkg/interp"
"github.com/wader/fq/pkg/scalar"
@ -33,76 +33,6 @@ func init() {
interp.RegisterFS(pyrdpFS)
}
const (
// PDU Types.
PDU_FAST_PATH_INPUT = 1 // Ex: scan codes, mouse, etc.
PDU_FAST_PATH_OUTPUT = 2 // Ex: image
PDU_CLIENT_INFO = 3 // Creds on connection
PDU_SLOW_PATH_PDU = 4 // For slow-path PDUs
PDU_CONNECTION_CLOSE = 5 // To advertise the end of the connection
PDU_CLIPBOARD_DATA = 6 // To collect clipboard data
PDU_CLIENT_DATA = 7 // Contains the clientName
PDU_MOUSE_MOVE = 8 // Mouse move event from the player
PDU_MOUSE_BUTTON = 9 // Mouse button event from the player
PDU_MOUSE_WHEEL = 10 // Mouse wheel event from the player
PDU_KEYBOARD = 11 // Keyboard event from the player
PDU_TEXT = 12 // Text event from the player
PDU_FORWARDING_STATE = 13 // Event from the player to change the state of I/O forwarding
PDU_BITMAP = 14 // Bitmap event from the player
PDU_DEVICE_MAPPING = 15 // Device mapping event notification
PDU_DIRECTORY_LISTING_REQUEST = 16 // Directory listing request from the player
PDU_DIRECTORY_LISTING_RESPONSE = 17 // Directory listing response to the player
PDU_FILE_DOWNLOAD_REQUEST = 18 // File download request from the player
PDU_FILE_DOWNLOAD_RESPONSE = 19 // File download response to the player
PDU_FILE_DOWNLOAD_COMPLETE = 20 // File download completion notification to the player
)
var pduTypesMap = scalar.UintMapSymStr{
PDU_FAST_PATH_INPUT: "fastpath_input",
PDU_FAST_PATH_OUTPUT: "fastpath_output",
PDU_CLIENT_INFO: "client_info",
PDU_SLOW_PATH_PDU: "slow_path_pdu",
PDU_CONNECTION_CLOSE: "connection_close",
PDU_CLIPBOARD_DATA: "clipboard_data",
PDU_CLIENT_DATA: "client_data",
PDU_MOUSE_MOVE: "mouse_move",
PDU_MOUSE_BUTTON: "mouse_button",
PDU_MOUSE_WHEEL: "mouse_wheel",
PDU_KEYBOARD: "keyboard",
PDU_TEXT: "text",
PDU_FORWARDING_STATE: "forwarding_state",
PDU_BITMAP: "bitmap",
PDU_DEVICE_MAPPING: "device_mapping",
PDU_DIRECTORY_LISTING_REQUEST: "directory_listing_request",
PDU_DIRECTORY_LISTING_RESPONSE: "directory_listing_response",
PDU_FILE_DOWNLOAD_REQUEST: "file_download_request",
PDU_FILE_DOWNLOAD_RESPONSE: "file_download_response",
PDU_FILE_DOWNLOAD_COMPLETE: "file_download_complete",
}
var pduParsersMap = map[uint16]interface{}{
PDU_FAST_PATH_INPUT: pyrdp_pdu.ParseFastPathInput,
// PDU_FAST_PATH_OUTPUT: pyrdp_pdu.ParseFastPathOut,
PDU_CLIENT_INFO: pyrdp_pdu.ParseClientInfo,
// PDU_SLOW_PATH_PDU: pyrdp_pdu.ParseSlowPathPDU,
PDU_CONNECTION_CLOSE: noParse,
PDU_CLIPBOARD_DATA: pyrdp_pdu.ParseClipboardData,
PDU_CLIENT_DATA: pyrdp_pdu.ParseClientData,
// PDU_MOUSE_MOVE: pyrdp_pdu.ParseMouseMove,
// PDU_MOUSE_BUTTON: pyrdp_pdu.ParseMouseButton,
// PDU_MOUSE_WHEEL: pyrdp_pdu.ParseMouseWheel,
// PDU_KEYBOARD: pyrdp_pdu.ParseKeyboard,
// PDU_TEXT: pyrdp_pdu.ParseText,
// PDU_FORWARDING_STATE: pyrdp_pdu.ParseForwardingState,
// PDU_BITMAP: pyrdp_pdu.ParseBitmap,
// PDU_DEVICE_MAPPING: pyrdp_pdu.ParseDeviceMapping,
// PDU_DIRECTORY_LISTING_REQUEST: pyrdp_pdu.ParseDirectoryListingRequest,
// PDU_DIRECTORY_LISTING_RESPONSE: pyrdp_pdu.ParseDirectoryListingResponse,
// PDU_FILE_DOWNLOAD_REQUEST: pyrdp_pdu.ParseFileDownloadRequest,
// PDU_FILE_DOWNLOAD_RESPONSE: pyrdp_pdu.ParseFileDownloadResponse,
// PDU_FILE_DOWNLOAD_COMPLETE: pyrdp_pdu.ParseFileDownloadComplete,
}
func decodePYRDP(d *decode.D) any {
d.Endian = decode.LittleEndian
@ -112,11 +42,11 @@ func decodePYRDP(d *decode.D) any {
pos := d.Pos()
size := d.FieldU64("size") // minus the length
pduType := uint16(d.FieldU16("pdu_type", pduTypesMap))
pduType := uint16(d.FieldU16("pdu_type", pdu.TypesMap))
d.FieldU64("timestamp", scalar.UintActualUnixTimeDescription(time.Millisecond, time.RFC3339Nano))
pduSize := int64(size - 18)
pduParser, ok := pduParsersMap[pduType]
pduParser, ok := pdu.ParsersMap[pduType]
if !ok { // catch undeclared parsers
if pduSize > 0 {
d.FieldRawLen("data", pduSize*8)
@ -136,5 +66,3 @@ func decodePYRDP(d *decode.D) any {
})
return nil
}
func noParse(d *decode.D, length int64) {}