RDP笔记(二)

于 2013-08-28 20:26:01 发布
阅读量263 收藏
点赞数
分类专栏: RDP协议
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/sun280/article/details/10472121
版权

基本信息

0x00F5AB20 cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd cd ................

0x00F5AB30 cd cd cd cd cd cd cd 01 c0 d8 00 04 00 08 00 84 ................

0x00F5AB40 03 58 02 01 ca 03 aa 04 08 00 00 28 0a 00 00 79 .X.........(...y

0x00F5AB50 00 67 00 50 00 6c 00 61 00 74 00 66 00 6f 00 72 .g.P.l.a.t.f.o.r

0x00F5AB60 00 6d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .m..............

0x00F5AB70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

0x00F5AB80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

0x00F5AB90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

0x00F5ABA0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

0x00F5ABB0 00 00 00 00 00 00 00 00 00 00 00 01 ca 01 00 00 ................

0x00F5ABC0 00 00 00 0f 00 0f 00 01 00 00 00 00 00 00 00 00 ................

0x00F5ABD0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

0x00F5ABE0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

0x00F5ABF0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

0x00F5AC00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 cd ................

 

01 C0 0xC001 高位在后 RDP_MCS_CONNECT_BLOCKS.UDH_CS_CORE

D8 00 0x00D8 = 216

04 00 08 00 0x00800004 client version RDP5 0x00800004 RDP4 0x00800001

84 03 0x0384 = 900 desktopWidth

58 02 0x0258 = 600 desktopHeight

01 ca 0xCA01 RNS_UD_COLOR_8BPP colorDepth, ignored because of postBeta2ColorDepth

RNS_UD_COLOR_4BPP    0xCA00

RNS_UD_COLOR_8BPP    0xCA01

RNS_UD_COLOR_16BPP_555    0xCA02

RNS_UD_COLOR_16BPP_565    0xCA03

RNS_UD_COLOR_24BPP    0xCA04

03 aa 0xAA03 RNS_UD_SAS_DEL Secure Access Sequence

04 08 00 00 0x00000804=2052 中文键盘 keyboardLayout

28 0a 00 00 0x00000A28=2600 clientBuild

32 字节 UNICODE HOSTNAME客户机机器名 [0-15]

00 00 00 00 keyboardType

00 00 00 00 keyboardSubType

00 00 00 00 keyboardFunctionKey

64 字节 UNCODE imeFilename 输入法文件名

01 ca 0xCA01 postBeta2ColorDepth

01 00 clientProductID

00 00 00 00 serialNumber (should be initialized to 0)

0f 00 highColorDepth (

RNS_UD_32BPP_SUPPORT 0x0008

|RNS_UD_24BPP_SUPPORT 0x0001

|RNS_UD_16BPP_SUPPORT 0x0002

|RNS_UD_15BPP_SUPPORT 0x0004

)

0f 00 supportedColorDepths(同上)

01 00 earlyCapabilityFlags

32位色 RNS_UD_CS_SUPPORT_ERRINFO_PDU| RNS_UD_CS_WANT_32BPP_SESSION

 

RNS_UD_CS_SUPPORT_ERRINFO_PDU        0x0001

RNS_UD_CS_WANT_32BPP_SESSION         0x0002

RNS_UD_CS_SUPPORT_STATUSINFO_PDU    0x0004

RNS_UD_CS_STRONG_ASYMMETRIC_KEYS    0x0008

RNS_UD_CS_VALID_CONNECTION_TYPE        0x0020

RNS_UD_CS_SUPPORT_MONITOR_LAYOUT_PDU    0x0040

 

64字节 clientDigProductId

  1. connectionType, only valid when RNS_UD_CS_VALID_CONNECTION_TYPE is set in earlyCapabilityFlags
  2. pad1octet

00 00 00 00 serverSelectedProtocol

 

SECURE.C 480行sec_out_client_cluster_data

0x00F5AC00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 ................

0x00F5AC10 c0 0c 00 0d 00 00 00 00 00 00 00 cd cd cd cd cd ................

 

04 C0 User Data Header type UDH_CS_CLUSTER

enum RDP_MCS_CONNECT_BLOCKS

     UDH_CS_CORE = 0xc001,

     UDH_CS_SECURITY = 0xc002,

     UDH_CS_NET = 0xc003,

     UDH_CS_CLUSTER = 0xc004,

     UDH_CS_MONITOR = 0xc005,

     UDH_SC_CORE = 0x0c01,

     UDH_SC_SECURITY = 0x0c02,

     UDH_SC_NET = 0x0c03

0c 00 =12 length

0d 00 00 00 REDIRECTED_SESSIONID_FIELD_VALID | REDIRECTION_SUPPORTED | REDIRECTION_VERSION4

REDIRECTION_SUPPORTED | REDIRECTION_VERSION4

 

Redirection Capabilities Flags

REDIRECTION_SUPPORTED            0x00000001

ServerSessionRedirectionVersionMask    0x0000003C

REDIRECTED_SESSIONID_FIELD_VALID    0x00000002

REDIRECTED_SMARTCARD            0x00000040

The following values are shifted 2 places to fit into ServerSessionRedirectionVersionMask

REDIRECTION_VERSION3    (0x02 << 2)

REDIRECTION_VERSION4    (0x03 << 2)

REDIRECTION_VERSION5    (0x04 << 2)

00 00 00 00 RedirectedSessionID

SECURE.C 444行 sec_out_client_security_data

0x00F5AC10 c0 0c 00 0d 00 00 00 00 00 00 00 02 c0 0c 00 03 ................

0x00F5AC20 00 00 00 00 00 00 00 cd cd cd cd cd cd cd cd cd

02 c0 UDH_CS_SECURITY

0c 00 =12 length

03 00 00 00 encryptionMethods ENCRYPTION_40BIT_FLAG | ENCRYPTION_128BIT_FLAG

 

ENCRYPTION_40BIT_FLAG    0x00000001

ENCRYPTION_128BIT_FLAG    0x00000002

ENCRYPTION_56BIT_FLAG    0x00000008

ENCRYPTION_FIPS_FLAG    0x00000010

 

下面应该是 通道数据

out_uint16_le(s, UDH_CS_NET);    /* User Data Header type */

        out_uint16_le(s, settings->num_channels * 12 + 8);    /* total length */

        out_uint32_le(s, settings->num_channels);    /* channelCount */

        for (i = 0; i < settings->num_channels; i++)        {

            out_uint8a(s, settings->channels[i].name, 8); /* name (8 bytes) 7 characters with null terminator */

            out_uint32_le(s, settings->channels[i].flags); /* options (4 bytes) */

        }

 

SECURE.C 510行

0x00F5AB20 00 05 00 14 7c 00 01 80 fe 00 08 00 10 00 01 c0 ....|..?........

0x00F5AB30 00 44 75 63 61 80 f0 01 c0 d8 00 04 00 08 00 84 .Duca?..........

00 05

  1. 4 0x0014 Length

7c

00 01

80 fe length 254=0xfe OR 0x8000 connectPDU length

01 c0 ConferenceCreateRequest

00 08 =8

00 10 =16

00 = 0

01 c0 userData key is h221NonStandard

00

44 75 63 61 "Duca"

80 f0 length(0xf0) | 0x8000

sun280
关注
专栏目录
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值