4 Protocol Examples

The following is an example of the RDP_PRECONNECTION_PDU_V1.

 00000000  10 00 00 00 00 00 00 00 01 00 00 00 eb 99 c6 ee  ................
  
 10 00 00 00 -> RDP_PRECONNECTION_PDU_V1::cbSize = 0x10 = 16 bytes
 00 00 00 00 -> RDP_PRECONNECTION_PDU_V1::Flags = 0
 01 00 00 00 -> RDP_PRECONNECTION_PDU_V1::Version = 1
  
 eb 99 c6 ee -> RDP_PRECONNECTION_PDU_V1::Id = 0xEEC699EB = 4005992939 
 (random id)
  

The following is an example of the RDP_PRECONNECTION_PDU_V2, where the PDU is an RDP_PRECONNECTION_PDU_V1 that is extended with a variable-size Unicode string.

 00000000  20 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00   ...............
 00000010  07 00 54 00 65 00 73 00 74 00 56 00 4d 00 00 00  ..T.e.s.t.V.M...
  
 20 00 00 00 -> RDP_PRECONNECTION_PDU_V2::RDP_PRECONNECTION_PDU_V1::cbSize = 0x20 = 32 bytes
 00 00 00 00 -> RDP_PRECONNECTION_PDU_V2::RDP_PRECONNECTION_PDU_V1::Flags = 0
 02 00 00 00 -> RDP_PRECONNECTION_PDU_V2::RDP_PRECONNECTION_PDU_V1::Version = 2
 00 00 00 00 -> RDP_PRECONNECTION_PDU_V2::RDP_PRECONNECTION_PDU_V1::Id = 0
 07 00       -> RDP_PRECONNECTION_PDU_V2::cchPCB = 0x7 = 7 characters
  
 54 00 65 00 73 00-74 00 56 00 4d 00 00 00 -> RDP_PRECONNECTION_PDU_V2::wszPCB -> "TestVM" (including null terminator)

The following is an example of the RDP_PRECONNECTION_PDU_V2, where the PDU contains the connection request for a virtual machine running on Windows Server 2012 R2 operating system.

 00000000  7a 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00  z...............
 00000010  34 00 42 00 41 00 31 00 42 00 36 00 44 00 42 00  4.B.A.1.B.6.D.B.
 00000020  44 00 2d 00 38 00 39 00 41 00 43 00 2d 00 34 00  D.-.8.9.A.C.-.4.
 00000030  36 00 33 00 30 00 2d 00 41 00 37 00 33 00 37 00  6.3.0.-.A.7.3.7.
 00000040  2d 00 43 00 34 00 42 00 43 00 43 00 33 00 42 00  -.C.4.B.C.C.3.B.
 00000050  42 00 39 00 39 00 46 00 42 00 3b 00 45 00 6e 00  B.9.9.F.B.;.E.n.
 00000060  68 00 61 00 6e 00 63 00 65 00 64 00 4d 00 6f 00  h.a.n.c.e.d.M.o.
 00000070  64 00 65 00 3d 00 31 00 00 00                    d.e.=.1...
  
 7a 00 00 00 -> RDP_PRECONNECTION_PDU_V2::RDP_PRECONNECTION_PDU_V1::cbSize = 0x7a = 122 bytes
 00 00 00 00 -> RDP_PRECONNECTION_PDU_V2::RDP_PRECONNECTION_PDU_V1::Flags = 0
 02 00 00 00 -> RDP_PRECONNECTION_PDU_V2::RDP_PRECONNECTION_PDU_V1::Version = 2
 00 00 00 00 -> RDP_PRECONNECTION_PDU_V2::RDP_PRECONNECTION_PDU_V1::Id = 0
 34 00       -> RDP_PRECONNECTION_PDU_V2::cchPCB = 0x34 = 52 characters
  
 42 00 41 00 31 00 42 00 36 00 44 00 42 00 44 00 
 2d 00 38 00 39 00 41 00 43 00 2d 00 34 00 36 00 
 33 00 30 00 2d 00 41 00 37 00 33 00 37 00 2d 00 
 43 00 34 00 42 00 43 00 43 00 33 00 42 00 42 00 
 39 00 39 00 46 00 42 00 3b 00 45 00 6e 00 68 00 
 61 00 6e 00 63 00 65 00 64 00 4d 00 6f 00 64 00 
 65 00 3d 00 31 00 00 00 -> RDP_PRECONNECTION_PDU_V2::wszPCB -> "BA1B6DBD-89AC-4630-A737-C4BCC3BB99FB;EnhancedMode=1" (including null terminator)
Show: