Export (0) Print
Expand All

4.3.2 Plain Notify

The following is an annotated dump of Save Session Info PDU (section 2.2.10.1.1) containing a Plain Notify structure, section 2.2.10.1.1.3.

00000000 03 00 02 71 02 f0 80 68 00 01 03 eb 70 82 62 08 ...q...h....p.b.
00000010 08 02 03 90 94 9a cc a2 38 22 3b 03 6e a4 a2 e3 ........8";.n...
00000020 1c 4d 55 aa 56 d3 ca f8 e6 52 99 1e b5 f1 a0 42 .MU.V....R.....B
00000030 4e 89 64 83 54 1f da 89 a7 f5 53 8b 61 bb 73 b5 N.d.T.....S.a.s.
00000040 58 d4 6b bc 28 c2 84 c3 90 b4 45 b5 97 d5 d2 05 X.k.(.....E.....
00000050 bc 66 a4 d4 73 31 7e 0e 4d 42 12 0a 95 88 18 ff .f..s1~.MB......
00000060 f6 87 07 71 38 5b 3e 48 e6 d4 d0 2f c2 80 4c 7f ...q8[>H.../..L.
00000070 7d 88 78 5f ec 06 cf 8d cb 91 d6 d3 7c 56 45 59 }.x_........|VEY
00000080 7c 26 05 ed 14 92 a4 a5 a7 d8 98 1b f0 bf be b0 |&..............
00000090 bf e3 35 e8 38 8a ad 12 ec e1 72 9c 89 0a 1e a5 ..5.8.....r.....
000000a0 dc 19 48 5e 2a 7f 9e d0 11 92 70 cc 01 45 50 d5 ..H^*.....p..EP.
000000b0 1e c7 f9 ff 74 c1 74 45 04 4e 4f 5d 49 ce 41 b3 ....t.tE.NO]I.A.
000000c0 ed 7f 5c 0e bb 37 50 d0 f7 79 e9 d7 c0 55 4a 1c ..\..7P..y...UJ.
000000d0 54 29 84 62 3f c9 68 04 5f b3 51 41 89 2b 36 a6 T).b?.h._.QA.+6.
000000e0 65 0a 4e da 92 61 38 a5 73 16 a5 b4 cd 87 db 84 e.N..a8.s.......
000000f0 10 3e b9 1f ad 3e df 50 37 5b 8e ac cb e9 e5 51 .>...>.P7[.....Q
00000100 90 bf e1 e5 0f 16 f2 70 b9 dc 89 2a 46 53 c1 fa .......p...*FS..
00000110 e2 ef 0a bb ce 16 a1 2a 2d 24 1e 21 fe b9 b6 54 .......*-$.!...T
00000120 2a 6e ff e5 b7 d3 84 52 19 dd 41 eb eb 4b 81 ab *n.....R..A..K..
00000130 20 11 8c 18 19 45 e9 23 00 58 a5 71 94 6c c0 58  ....E.#.X.q.l.X
00000140 70 9b 1d 75 f6 e4 f7 18 17 f9 8c 1d e9 c1 9b 76 p..u...........v
00000150 21 a3 6e f6 3e 4b 82 54 f2 16 96 21 0e 1c 54 e9 !.n.>K.T...!..T.
00000160 d1 65 18 0f e5 f9 45 bf d7 f9 24 a9 7e 3e 6a 73 .e....E...$.~>js
00000170 23 fc 3c 0a 04 52 c4 ee fa 13 64 21 a1 47 2d 4a #.<..R....d!.G-J
00000180 4f 00 c0 80 8b 9c a6 ec e9 94 57 a4 3d 88 77 e5 O.........W.=.w.
00000190 b6 71 e6 a1 15 a4 c6 02 64 a1 af 34 b9 73 87 e1 .q......d..4.s..
000001a0 22 1b 33 a5 bf bb 7e 96 bc 31 92 f8 4a bc ab f8 ".3...~..1..J...
000001b0 3f 5b 85 1b 23 75 46 45 b7 31 08 45 ca de 1f df ?[..#uFE.1.E....
000001c0 49 3e 37 f1 2e af 16 d2 5c 3e 2e 30 68 36 d1 ae I>7.....\>.0h6..
000001d0 9e 0d bf ff 53 ce 96 f6 6f 31 60 f1 40 e0 6f 0c ....S...o1`.@.o.
000001e0 a1 b3 b3 6b 04 99 a1 f6 b9 cf 69 21 e4 a2 bc 07 ...k......i!....
000001f0 81 c4 36 dc 9e 99 9d 50 da 62 55 71 f0 5d 3d fd ..6....P.bUq.]=.
00000200 08 73 54 b6 cb 48 dd 5d 54 1a 08 09 ae 9f 98 b0 .sT..H.]T.......
00000210 3b e3 2a a8 e8 61 1f 4f e5 11 d4 4f 8e e0 96 8d ;.*..a.O...O....
00000220 c8 ed d1 9e f2 27 1f c6 79 dc a2 df 52 01 21 be .....'..y...R.!.
00000230 13 7f c6 55 bb 08 b1 d3 2d de e3 7b 8b 11 95 53 ...U....-..{...S
00000240 af 4b bf 80 e9 5f 54 d4 96 f1 da 35 ee d4 50 e8 .K..._T....5..P.
00000250 28 58 aa 59 86 db f3 e5 44 a3 8b 3c 40 fd f5 b5 (X.Y....D..<@...
00000260 9f 1d b8 1c 30 43 52 9f 4b 34 4b c7 59 6b b6 06 ....0CR.K4K.Yk..
00000270 e7                                              .

03 00 02 71 -> TPKT Header (length = 625 bytes)
02 f0 80 -> X.224 Data TPDU

68 00 01 03 eb 70 82 62 -> PER encoded (ALIGNED variant of BASIC-PER) SendDataIndication
initiator = 1002 (0x03ea)
channelId = 1003 (0x03eb)
dataPriority = high
segmentation = begin | end
userData length = 0x262 = 610 bytes

08 08 -> TS_SECURITY_HEADER::flags = 0x0808
0x0808 
= 0x0800 | 0x0008
= SEC_SECURE_CHECKSUM | SEC_ENCRYPT

02 03 -> TS_SECURITY_HEADER::flagsHi - ignored as flags field does 
not contain SEC_FLAGSHI_VALID (0x8000)

90 94 9a cc a2 38 22 3b -> TS_SECURITY_HEADER1::dataSignature

03 6e a4 a2 e3 1c 4d 55 aa 56 d3 ca f8 e6 52 99 
1e b5 f1 a0 42 4e 89 64 83 54 1f da 89 a7 f5 53 
8b 61 bb 73 b5 58 d4 6b bc 28 c2 84 c3 90 b4 45 
b5 97 d5 d2 05 bc 66 a4 d4 73 31 7e 0e 4d 42 12 
0a 95 88 18 ff f6 87 07 71 38 5b 3e 48 e6 d4 d0 
2f c2 80 4c 7f 7d 88 78 5f ec 06 cf 8d cb 91 d6 
d3 7c 56 45 59 7c 26 05 ed 14 92 a4 a5 a7 d8 98 
1b f0 bf be b0 bf e3 35 e8 38 8a ad 12 ec e1 72 
9c 89 0a 1e a5 dc 19 48 5e 2a 7f 9e d0 11 92 70 
cc 01 45 50 d5 1e c7 f9 ff 74 c1 74 45 04 4e 4f 
5d 49 ce 41 b3 ed 7f 5c 0e bb 37 50 d0 f7 79 e9 
d7 c0 55 4a 1c 54 29 84 62 3f c9 68 04 5f b3 51 
41 89 2b 36 a6 65 0a 4e da 92 61 38 a5 73 16 a5 
b4 cd 87 db 84 10 3e b9 1f ad 3e df 50 37 5b 8e 
ac cb e9 e5 51 90 bf e1 e5 0f 16 f2 70 b9 dc 89 
2a 46 53 c1 fa e2 ef 0a bb ce 16 a1 2a 2d 24 1e 
21 fe b9 b6 54 2a 6e ff e5 b7 d3 84 52 19 dd 41 
eb eb 4b 81 ab 20 11 8c 18 19 45 e9 23 00 58 a5 
71 94 6c c0 58 70 9b 1d 75 f6 e4 f7 18 17 f9 8c 
1d e9 c1 9b 76 21 a3 6e f6 3e 4b 82 54 f2 16 96 
21 0e 1c 54 e9 d1 65 18 0f e5 f9 45 bf d7 f9 24 
a9 7e 3e 6a 73 23 fc 3c 0a 04 52 c4 ee fa 13 64 
21 a1 47 2d 4a 4f 00 c0 80 8b 9c a6 ec e9 94 57 
a4 3d 88 77 e5 b6 71 e6 a1 15 a4 c6 02 64 a1 af 
34 b9 73 87 e1 22 1b 33 a5 bf bb 7e 96 bc 31 92 
f8 4a bc ab f8 3f 5b 85 1b 23 75 46 45 b7 31 08 
45 ca de 1f df 49 3e 37 f1 2e af 16 d2 5c 3e 2e 
30 68 36 d1 ae 9e 0d bf ff 53 ce 96 f6 6f 31 60 
f1 40 e0 6f 0c a1 b3 b3 6b 04 99 a1 f6 b9 cf 69 
21 e4 a2 bc 07 81 c4 36 dc 9e 99 9d 50 da 62 55 
71 f0 5d 3d fd 08 73 54 b6 cb 48 dd 5d 54 1a 08 
09 ae 9f 98 b0 3b e3 2a a8 e8 61 1f 4f e5 11 d4 
4f 8e e0 96 8d c8 ed d1 9e f2 27 1f c6 79 dc a2 
df 52 01 21 be 13 7f c6 55 bb 08 b1 d3 2d de e3 
7b 8b 11 95 53 af 4b bf 80 e9 5f 54 d4 96 f1 da 
35 ee d4 50 e8 28 58 aa 59 86 db f3 e5 44 a3 8b 
3c 40 fd f5 b5 9f 1d b8 1c 30 43 52 9f 4b 34 4b 
c7 59 6b b6 06 e7 -> Encrypted TS_SAVE_SESSION_INFO_PDU_DATA

Decrypted TS_SAVE_SESSION_INFO_PDU_DATA:
00000 56 02 17 00 ea 03 ea 03 02 00 00 01 56 02 26 00 V...........V.&.
00010 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00100 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00110 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00120 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00130 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00140 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00150 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00160 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00170 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00180 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00190 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
001a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
001b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
001c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
001d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
001e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
001f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00200 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00210 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00220 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00230 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00240 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00250 00 00 00 00 00 00                               ......

56 02 -> TS_SHARECONTROLHEADER::totalLength = 0x0256 = 598 bytes
17 00 -> TS_SHARECONTROLHEADER::pduType = 0x0017 
0x0017 
= 0x0010 | 0x0007 
= TS_PROTOCOL_VERSION | PDUTYPE_DATAPDU

ea 03 -> TS_SHARECONTROLHEADER::pduSource = 0x03ea = 1002
ea 03 02 00 -> TS_SHAREDATAHEADER::shareID = 0x000203ea
00 -> TS_SHAREDATAHEADER::pad1
01 -> TS_SHAREDATAHEADER::streamId = STREAM_LOW (1)
56 02 -> TS_SHAREDATAHEADER::uncompressedLength = 0x0256 = 598 bytes
26 -> TS_SHAREDATAHEADER::pduType2 = PDUTYPE2_SAVE_SESSION_INFO (38)
00 -> TS_SHAREDATAHEADER::generalCompressedType = 0
00 00 -> TS_SHAREDATAHEADER::generalCompressedLength = 0

02 00 00 00 -> TS_SAVE_SESSION_INFO_PDU_DATA::infoType = 
INFOTYPE_LOGON_PLAINNOTIFY (2)

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 -> 
TS_PLAIN_NOTIFY::Pad (576 bytes)
 
Show:
© 2014 Microsoft