4.4 Annotated Server-to-Client Virtual Channel PDU
The following is an annotated dump of the Virtual Channel PDU (section 2.2.6.1) that was exchanged between a Microsoft RDP 5.1 client and Microsoft RDP 5.1 server.
-
00000000 03 00 00 2e 02 f0 80 68 00 01 03 ed f0 1c 08 08 .......h..... .. 00000010 01 00 47 bd eb cb 29 51 ae 0a f6 07 33 ce fc a5 ..G...)Q....3... 00000020 f7 09 de 67 4e a3 2a 2c 38 29 ...gN.*,8) 03 00 00 2a -> TPKT Header (length = 42 bytes) 02 f0 80 -> X.224 Data TPDU 68 00 01 03 ed f0 1c -> PER encoded (ALIGNED variant of BASIC-PER) SendDataIndication initiator = 1002 (0x03ea) channelId = 1005 (0x03ed) = "cliprdr" dataPriority = low segmentation = begin | end userData length = 0x1c = 28 bytes 08 08 -> TS_SECURITY_HEADER::flags = 0x0808 0x0808 = 0x0800 | 0x0008 = SEC_SECURE_CHECKSUM | SEC_ENCRYPT 01 00 -> TS_SECURITY_HEADER::flagsHi - ignored as flags field does not contain SEC_FLAGSHI_VALID (0x8000) 47 bd eb cb 29 51 ae 0a -> TS_SECURITY_HEADER1::dataSignature f6 07 33 ce fc a5 f7 09 de 67 4e a3 2a 2c 38 29 -> Encrypted static virtual channel data Decrypted static virtual channel data: 00000000 08 00 00 00 03 00 00 00 03 00 01 00 00 00 00 00 ................ 08 00 00 00 -> CHANNEL_PDU_HEADER::length = 8 bytes 03 00 00 00 -> CHANNEL_PDU_HEADER::flags = 0x00000003 0x00000003 = 0x00000002 | 0x00000001 = CHANNEL_FLAG_FIRST | CHANNEL_FLAG_LAST 03 00 01 00 00 00 00 00 -> Channel data to be processed by the "cliprdr" handler