基本信息
0x00F5AB20 cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd ................
0x00F5AB30 cd cd cd cd cd cd cd 01 c0 d8 00 04 00 08 00 84 ................
0x00F5AB40 03 58 02 01 ca 03 aa 04 08 00 00 28 0a 00 00 79 .X.........(...y
0x00F5AB50 00 67 00 50 00 6c 00 61 00 74 00 66 00 6f 00 72 .g.P.l.a.t.f.o.r
0x00F5AB60 00 6d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .m..............
0x00F5AB70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00F5AB80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00F5AB90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00F5ABA0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00F5ABB0 00 00 00 00 00 00 00 00 00 00 00 01 ca 01 00 00 ................
0x00F5ABC0 00 00 00 0f 00 0f 00 01 00 00 00 00 00 00 00 00 ................
0x00F5ABD0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00F5ABE0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00F5ABF0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00F5AC00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 cd ................
01 C0 0xC001 高位在后 RDP_MCS_CONNECT_BLOCKS.UDH_CS_CORE
D8 00 0x00D8 = 216
04 00 08 00 0x00800004 client version RDP5 0x00800004 RDP4 0x00800001
84 03 0x0384 = 900 desktopWidth
58 02 0x0258 = 600 desktopHeight
01 ca 0xCA01 RNS_UD_COLOR_8BPP colorDepth, ignored because of postBeta2ColorDepth
RNS_UD_COLOR_4BPP 0xCA00
RNS_UD_COLOR_8BPP 0xCA01
RNS_UD_COLOR_16BPP_555 0xCA02
RNS_UD_COLOR_16BPP_565 0xCA03
RNS_UD_COLOR_24BPP 0xCA04
03 aa 0xAA03 RNS_UD_SAS_DEL Secure Access Sequence
04 08 00 00 0x00000804=2052 中文键盘 keyboardLayout
28 0a 00 00 0x00000A28=2600 clientBuild
32 字节 UNICODE HOSTNAME客户机机器名 [0-15]
00 00 00 00 keyboardType
00 00 00 00 keyboardSubType
00 00 00 00 keyboardFunctionKey
64 字节 UNCODE imeFilename 输入法文件名
01 ca 0xCA01 postBeta2ColorDepth
01 00 clientProductID
00 00 00 00 serialNumber (should be initialized to 0)
0f 00 highColorDepth (
RNS_UD_32BPP_SUPPORT 0x0008
|RNS_UD_24BPP_SUPPORT 0x0001
|RNS_UD_16BPP_SUPPORT 0x0002
|RNS_UD_15BPP_SUPPORT 0x0004
)
0f 00 supportedColorDepths(同上)
01 00 earlyCapabilityFlags
若32位色 RNS_UD_CS_SUPPORT_ERRINFO_PDU| RNS_UD_CS_WANT_32BPP_SESSION
RNS_UD_CS_SUPPORT_ERRINFO_PDU 0x0001
RNS_UD_CS_WANT_32BPP_SESSION 0x0002
RNS_UD_CS_SUPPORT_STATUSINFO_PDU 0x0004
RNS_UD_CS_STRONG_ASYMMETRIC_KEYS 0x0008
RNS_UD_CS_VALID_CONNECTION_TYPE 0x0020
RNS_UD_CS_SUPPORT_MONITOR_LAYOUT_PDU 0x0040
64字节 clientDigProductId
-
connectionType, only valid when RNS_UD_CS_VALID_CONNECTION_TYPE is set in earlyCapabilityFlags
-
pad1octet
00 00 00 00 serverSelectedProtocol
SECURE.C 480行sec_out_client_cluster_data
0x00F5AC00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 ................
0x00F5AC10 c0 0c 00 0d 00 00 00 00 00 00 00 cd cd cd cd cd ................
04 C0 User Data Header type UDH_CS_CLUSTER
enum RDP_MCS_CONNECT_BLOCKS
UDH_CS_CORE = 0xc001,
UDH_CS_SECURITY = 0xc002,
UDH_CS_NET = 0xc003,
UDH_CS_CLUSTER = 0xc004,
UDH_CS_MONITOR = 0xc005,
UDH_SC_CORE = 0x0c01,
UDH_SC_SECURITY = 0x0c02,
UDH_SC_NET = 0x0c03
0c 00 =12 length
0d 00 00 00 REDIRECTED_SESSIONID_FIELD_VALID | REDIRECTION_SUPPORTED | REDIRECTION_VERSION4
或 REDIRECTION_SUPPORTED | REDIRECTION_VERSION4
Redirection Capabilities Flags
REDIRECTION_SUPPORTED 0x00000001
ServerSessionRedirectionVersionMask 0x0000003C
REDIRECTED_SESSIONID_FIELD_VALID 0x00000002
REDIRECTED_SMARTCARD 0x00000040
The following values are shifted 2 places to fit into ServerSessionRedirectionVersionMask
REDIRECTION_VERSION3 (0x02 << 2)
REDIRECTION_VERSION4 (0x03 << 2)
REDIRECTION_VERSION5 (0x04 << 2)
00 00 00 00 RedirectedSessionID
SECURE.C 444行 sec_out_client_security_data
0x00F5AC10 c0 0c 00 0d 00 00 00 00 00 00 00 02 c0 0c 00 03 ................
0x00F5AC20 00 00 00 00 00 00 00 cd cd cd cd cd cd cd cd cd
02 c0 UDH_CS_SECURITY
0c 00 =12 length
03 00 00 00 encryptionMethods ENCRYPTION_40BIT_FLAG | ENCRYPTION_128BIT_FLAG
ENCRYPTION_40BIT_FLAG 0x00000001
ENCRYPTION_128BIT_FLAG 0x00000002
ENCRYPTION_56BIT_FLAG 0x00000008
ENCRYPTION_FIPS_FLAG 0x00000010
下面应该是 通道数据
out_uint16_le(s, UDH_CS_NET); /* User Data Header type */
out_uint16_le(s, settings->num_channels * 12 + 8); /* total length */
out_uint32_le(s, settings->num_channels); /* channelCount */
for (i = 0; i < settings->num_channels; i++) {
out_uint8a(s, settings->channels[i].name, 8); /* name (8 bytes) 7 characters with null terminator */
out_uint32_le(s, settings->channels[i].flags); /* options (4 bytes) */
}
SECURE.C 510行
0x00F5AB20 00 05 00 14 7c 00 01 80 fe 00 08 00 10 00 01 c0 ....|..?........
0x00F5AB30 00 44 75 63 61 80 f0 01 c0 d8 00 04 00 08 00 84 .Duca?..........
00 05
-
4 0x0014 Length
7c
00 01
80 fe length 254=0xfe OR 0x8000 connectPDU length
01 c0 ConferenceCreateRequest
00 08 =8
00 10 =16
00 = 0
01 c0 userData key is h221NonStandard
00
44 75 63 61 "Duca"
80 f0 length(0xf0) | 0x8000