Export (0) Print
Expand All

4.4 Annotated Server-to-Client Virtual Channel PDU

The following is an annotated dump of the Virtual Channel PDU (section 2.2.6.1) that was exchanged between a Microsoft RDP 5.1 client and Microsoft RDP 5.1 server.

 00000000 03 00 00 2e 02 f0 80 68 00 01 03 ed f0 1c 08 08 .......h..... ..
 00000010 01 00 47 bd eb cb 29 51 ae 0a f6 07 33 ce fc a5 ..G...)Q....3...
 00000020 f7 09 de 67 4e a3 2a 2c 38 29                   ...gN.*,8)
  
 03 00 00 2a -> TPKT Header (length = 42 bytes)
 02 f0 80 -> X.224 Data TPDU
  
 68 00 01 03 ed f0 1c -> PER encoded (ALIGNED variant of BASIC-PER) SendDataIndication
 initiator = 1002 (0x03ea)
 channelId = 1005 (0x03ed) = "cliprdr"
 dataPriority = low
 segmentation = begin | end
 userData length = 0x1c = 28 bytes
  
 08 08 -> TS_SECURITY_HEADER::flags = 0x0808
 0x0808
 = 0x0800 | 0x0008
 = SEC_SECURE_CHECKSUM | SEC_ENCRYPT
  
 01 00 -> TS_SECURITY_HEADER::flagsHi - ignored as flags field does 
 not contain SEC_FLAGSHI_VALID (0x8000)
 47 bd eb cb 29 51 ae 0a -> TS_SECURITY_HEADER::dataSignature
  
 f6 07 33 ce fc a5 f7 09 de 67 4e a3 2a 2c 38 29 -> Encrypted static 
 virtual channel data 
  
 Decrypted static virtual channel data:
 00000000 08 00 00 00 03 00 00 00 03 00 01 00 00 00 00 00 ................
  
 08 00 00 00 -> CHANNEL_PDU_HEADER::length = 8 bytes
  
 03 00 00 00 -> CHANNEL_PDU_HEADER::flags = 0x00000003
 0x00000003
 = 0x00000002 | 0x00000001
 = CHANNEL_FLAG_FIRST | CHANNEL_FLAG_LAST
  
 03 00 01 00 00 00 00 00 -> Channel data to be processed by the 
 "cliprdr" handler
Show:
© 2016 Microsoft