Skip to content

Commit

Permalink
pyrdp: Add unused fields to replace gap fields
Browse files Browse the repository at this point in the history
  • Loading branch information
wader committed Jun 14, 2024
1 parent 9874077 commit 3f2aa75
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 7 deletions.
7 changes: 3 additions & 4 deletions format/pyrdp/pdu/client_info.go
Original file line number Diff line number Diff line change
Expand Up @@ -92,14 +92,14 @@ const (
func decodeFlagsFn(d *decode.D) {
d.FieldBool("mouse")
d.FieldBool("disabledctrlaltdel")
d.SeekRel(1)
d.FieldRawLen("unused0", 1)
d.FieldBool("autologon")
d.FieldBool("unicode")
d.FieldBool("maximizeshell")
d.FieldBool("logonnotify")
d.FieldBool("compression")
d.FieldBool("enablewindowskey")
d.SeekRel(4)
d.FieldRawLen("unused1", 4)
d.FieldBool("remoteconsoleaudio")
d.FieldBool("force_encrypted_cs_pdu")
d.FieldBool("rail")
Expand All @@ -113,6 +113,5 @@ func decodeFlagsFn(d *decode.D) {
d.FieldBool("reserved1")
d.FieldBool("reserved2")
d.FieldBool("hidef_rail_supported")

d.SeekRel(d.Pos() % 31)
d.FieldRawLen("unused2", 6)
}
7 changes: 4 additions & 3 deletions format/pyrdp/testdata/test.fqtest
Original file line number Diff line number Diff line change
Expand Up @@ -40,15 +40,17 @@ $ ./fq -d pyrdp dv /test.pyrdp
| | | client_info{}: 0x15e-0x226 (200)
0x000150| 04 08| ..| code_page: 134481924 0x15e-0x162 (4)
0x000160|04 08 |.. |
| | | flags{}: 0x162-0x165.2 (3.2)
| | | flags{}: 0x162-0x166 (4)
0x000160| b3 | . | mouse: true 0x162-0x162.1 (0.1)
0x000160| b3 | . | disabledctrlaltdel: false 0x162.1-0x162.2 (0.1)
0x000160| b3 | . | unused0: raw bits 0x162.2-0x162.3 (0.1)
0x000160| b3 | . | autologon: true 0x162.3-0x162.4 (0.1)
0x000160| b3 | . | unicode: false 0x162.4-0x162.5 (0.1)
0x000160| b3 | . | maximizeshell: false 0x162.5-0x162.6 (0.1)
0x000160| b3 | . | logonnotify: true 0x162.6-0x162.7 (0.1)
0x000160| b3 | . | compression: true 0x162.7-0x163 (0.1)
0x000160| 47 | G | enablewindowskey: false 0x163-0x163.1 (0.1)
0x000160| 47 | G | unused1: raw bits 0x163.1-0x163.5 (0.4)
0x000160| 47 | G | remoteconsoleaudio: true 0x163.5-0x163.6 (0.1)
0x000160| 47 | G | force_encrypted_cs_pdu: true 0x163.6-0x163.7 (0.1)
0x000160| 47 | G | rail: true 0x163.7-0x164 (0.1)
Expand All @@ -62,6 +64,7 @@ $ ./fq -d pyrdp dv /test.pyrdp
0x000160| 01 | . | reserved1: true 0x164.7-0x165 (0.1)
0x000160| 00 | . | reserved2: false 0x165-0x165.1 (0.1)
0x000160| 00 | . | hidef_rail_supported: false 0x165.1-0x165.2 (0.1)
0x000160| 00 | . | unused2: raw bits 0x165.2-0x166 (0.6)
0x000160| 02 00 | .. | domain_length: 2 0x166-0x168 (2)
0x000160| 04 00 | .. | username_length: 4 0x168-0x16a (2)
0x000160| 02 00 | .. | password_length: 2 0x16a-0x16c (2)
Expand Down Expand Up @@ -3564,5 +3567,3 @@ $ ./fq -d pyrdp dv /test.pyrdp
0x2d2c10| 9c fc cb 14 85 01| ......| timestamp: 1671091190940 (2022-12-15T07:59:50.94Z) 0x2d2c1a-0x2d2c22 (8)
0x2d2c20|00 00| |..| |
| | | extra: raw bits 0x2d2c22-0x2d2c22 (0)
0x000160| 47 | G | gap0: raw bits 0x163.1-0x163.5 (0.4)
0x000160| 00 | . | gap1: raw bits 0x165.2-0x166 (0.6)

0 comments on commit 3f2aa75

Please sign in to comment.