/src/wireshark/epan/dissectors/packet-rdp_rail.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* Packet-rdp_rail.c |
2 | | * Routines for the RAIL RDP channel |
3 | | * Copyright 2023, David Fort <contact@hardening-consulting.com> |
4 | | * |
5 | | * Wireshark - Network traffic analyzer |
6 | | * By Gerald Combs <gerald@wireshark.org> |
7 | | * Copyright 1998 Gerald Combs |
8 | | * |
9 | | * SPDX-License-Identifier: GPL-2.0-or-later |
10 | | */ |
11 | | |
12 | | /* |
13 | | * See: "[MS-RDPERP] " |
14 | | */ |
15 | | |
16 | | #include "config.h" |
17 | | |
18 | | #include <epan/packet.h> |
19 | | #include <epan/prefs.h> |
20 | | #include <epan/conversation.h> |
21 | | #include <epan/expert.h> |
22 | | #include <epan/value_string.h> |
23 | | |
24 | | #include "packet-rdpudp.h" |
25 | | |
26 | 14 | #define PNAME "RDP Program virtual channel Protocol" |
27 | 14 | #define PSNAME "RAIL" |
28 | 14 | #define PFNAME "rdp_rail" |
29 | | |
30 | | void proto_register_rdp_rail(void); |
31 | | void proto_reg_handoff_rdp_rail(void); |
32 | | |
33 | | |
34 | | static int proto_rdp_rail; |
35 | | |
36 | | static int hf_rail_orderType; |
37 | | static int hf_rail_pduLength; |
38 | | |
39 | | static int hf_rail_caps_handshake_buildNumber; |
40 | | |
41 | | static int hf_rail_windowId; |
42 | | static int hf_rail_windowmove_left; |
43 | | static int hf_rail_windowmove_top; |
44 | | static int hf_rail_windowmove_right; |
45 | | static int hf_rail_windowmove_bottom; |
46 | | |
47 | | static int hf_rail_notify_iconId; |
48 | | static int hf_rail_notify_message; |
49 | | |
50 | | static int hf_rail_localmovesize_isMoveSizeStart; |
51 | | static int hf_rail_localmovesize_moveSizeType; |
52 | | static int hf_rail_localmovesize_posX; |
53 | | static int hf_rail_localmovesize_posY; |
54 | | |
55 | | static int hf_rail_minmaxinfo_maxwidth; |
56 | | static int hf_rail_minmaxinfo_maxheight; |
57 | | static int hf_rail_minmaxinfo_maxPosX; |
58 | | static int hf_rail_minmaxinfo_maxPosY; |
59 | | static int hf_rail_minmaxinfo_minTrackWidth; |
60 | | static int hf_rail_minmaxinfo_minTrackHeight; |
61 | | static int hf_rail_minmaxinfo_maxTrackWidth; |
62 | | static int hf_rail_minmaxinfo_maxTrackHeight; |
63 | | |
64 | | static int hf_rail_cloak_cloaked; |
65 | | |
66 | | static int hf_rail_handshake_flags; |
67 | | static int hf_rail_handshake_flags_hidef; |
68 | | static int hf_rail_handshake_flags_ex_spi; |
69 | | static int hf_rail_handshake_flags_snap; |
70 | | static int hf_rail_handshake_flags_textscale; |
71 | | static int hf_rail_handshake_flags_caretblink; |
72 | | static int hf_rail_handshake_flags_ex_spi2; |
73 | | |
74 | | static int hf_rail_cstatus_flags; |
75 | | static int hf_rail_cstatus_flags_allowlocalmove; |
76 | | static int hf_rail_cstatus_autoreconnect; |
77 | | static int hf_rail_cstatus_zorder_sync; |
78 | | static int hf_rail_cstatus_resize_margin; |
79 | | static int hf_rail_cstatus_hidpi_icons; |
80 | | static int hf_rail_cstatus_appbar_remoting; |
81 | | static int hf_rail_cstatus_powerdisplay; |
82 | | static int hf_rail_cstatus_bidir_cloak; |
83 | | static int hf_rail_cstatus_suppress_icon_border; |
84 | | |
85 | | static int hf_rail_activate_enabled; |
86 | | |
87 | | static int hf_rail_sysparam_server_params; |
88 | | static int hf_rail_sysparam_client_params; |
89 | | |
90 | | static int ett_rdp_rail; |
91 | | static int ett_rdp_rail_handshake_flags; |
92 | | static int ett_rdp_rail_clientstatus_flags; |
93 | | |
94 | | enum { |
95 | | TS_RAIL_ORDER_EXEC = 0x01, |
96 | | TS_RAIL_ORDER_ACTIVATE = 0x02, |
97 | | TS_RAIL_ORDER_SYSPARAM = 0x03, |
98 | | TS_RAIL_ORDER_SYSCOMMAND = 0x04, |
99 | | TS_RAIL_ORDER_HANDSHAKE = 0x05, |
100 | | TS_RAIL_ORDER_NOTIFY_EVENT = 0x06, |
101 | | TS_RAIL_ORDER_WINDOWMOVE = 0x08, |
102 | | TS_RAIL_ORDER_LOCALMOVESIZE = 0x09, |
103 | | TS_RAIL_ORDER_MINMAXINFO = 0x0a, |
104 | | TS_RAIL_ORDER_CLIENTSTATUS = 0x0b, |
105 | | TS_RAIL_ORDER_SYSMENU = 0x0c, |
106 | | TS_RAIL_ORDER_LANGBARINFO = 0x0d, |
107 | | TS_RAIL_ORDER_EXEC_RESULT = 0x80, |
108 | | TS_RAIL_ORDER_GET_APPID_REQ = 0x0e, |
109 | | TS_RAIL_ORDER_GET_APPID_RESP = 0x0f, |
110 | | TS_RAIL_ORDER_TASKBARINFO = 0x10, |
111 | | TS_RAIL_ORDER_LANGUAGEIMEINFO = 0x11, |
112 | | TS_RAIL_ORDER_COMPARTMENTINFO = 0x12, |
113 | | TS_RAIL_ORDER_HANDSHAKE_EX = 0X13, |
114 | | TS_RAIL_ORDER_ZORDER_SYNC = 0x14, |
115 | | TS_RAIL_ORDER_CLOAK = 0x15, |
116 | | TS_RAIL_ORDER_POWER_DISPLAY_REQUEST = 0x16, |
117 | | TS_RAIL_ORDER_SNAP_ARRANGE = 0x17, |
118 | | TS_RAIL_ORDER_GET_APPID_RESP_EX = 0x18, |
119 | | TS_RAIL_ORDER_TEXTSCALEINFO = 0x19, |
120 | | TS_RAIL_ORDER_CARETBLINKINFO = 0x1a |
121 | | }; |
122 | | |
123 | | enum { |
124 | | SPI_SETSCREENSAVEACTIVE = 0x00000011, |
125 | | SPI_SETSCREENSAVESECURE = 0x00000077, |
126 | | |
127 | | SPI_SETDRAGFULLWINDOWS = 0x00000025, |
128 | | SPI_SETKEYBOARDCUES = 0x0000100B, |
129 | | SPI_SETKEYBOARDPREF = 0x00000045, |
130 | | SPI_SETWORKAREA = 0x0000002F, |
131 | | RAIL_SPI_DISPLAYCHANGE = 0x0000F001, |
132 | | SPI_SETMOUSEBUTTONSWAP = 0x00000021, |
133 | | RAIL_SPI_TASKBARPOS = 0x0000F000, |
134 | | SPI_SETHIGHCONTRAST = 0x00000043, |
135 | | SPI_SETCARETWIDTH = 0x00002007, |
136 | | SPI_SETSTICKYKEYS = 0x0000003B, |
137 | | SPI_SETTOGGLEKEYS = 0x00000035, |
138 | | SPI_SETFILTERKEYS = 0x00000033, |
139 | | RAIL_SPI_DISPLAY_ANIMATIONS_ENABLED = 0x0000F002, |
140 | | RAIL_SPI_DISPLAY_ADVANCED_EFFECTS_ENABLED = 0x0000F003, |
141 | | RAIL_SPI_DISPLAY_AUTO_HIDE_SCROLLBARS = 0x0000F004, |
142 | | RAIL_SPI_DISPLAY_MESSAGE_DURATION = 0x0000F005, |
143 | | RAIL_SPI_CLOSED_CAPTION_FONT_COLOR = 0x0000F006, |
144 | | RAIL_SPI_CLOSED_CAPTION_FONT_OPACITY = 0x0000F007, |
145 | | RAIL_SPI_CLOSED_CAPTION_FONT_SIZE = 0x0000F008, |
146 | | RAIL_SPI_CLOSED_CAPTION_FONT_STYLE = 0x0000F009, |
147 | | RAIL_SPI_CLOSED_CAPTION_FONT_EDGE_EFFECT = 0x0000F00A, |
148 | | RAIL_SPI_CLOSED_CAPTION_BACKGROUND_COLOR = 0x0000F00B, |
149 | | RAIL_SPI_CLOSED_CAPTION_BACKGROUND_OPACITY = 0x0000F00C, |
150 | | RAIL_SPI_CLOSED_CAPTION_REGION_COLOR = 0x0000F00D, |
151 | | RAIL_SPI_CLOSED_CAPTION_REGION_OPACITY = 0x0000F00E, |
152 | | }; |
153 | | |
154 | | static const value_string rdp_rail_order_vals[] = { |
155 | | { TS_RAIL_ORDER_EXEC, "Execute"}, |
156 | | { TS_RAIL_ORDER_ACTIVATE, "Activate"}, |
157 | | { TS_RAIL_ORDER_SYSPARAM, "Client system parameters"}, |
158 | | { TS_RAIL_ORDER_SYSCOMMAND, "System command"}, |
159 | | { TS_RAIL_ORDER_HANDSHAKE, "Handshake"}, |
160 | | { TS_RAIL_ORDER_NOTIFY_EVENT, "Notify event"}, |
161 | | { TS_RAIL_ORDER_WINDOWMOVE, "Window move"}, |
162 | | { TS_RAIL_ORDER_LOCALMOVESIZE, "Local move size"}, |
163 | | { TS_RAIL_ORDER_MINMAXINFO, "MinMax info"}, |
164 | | { TS_RAIL_ORDER_CLIENTSTATUS, "Client status"}, |
165 | | { TS_RAIL_ORDER_SYSMENU, "System menu"}, |
166 | | { TS_RAIL_ORDER_LANGBARINFO, "Language bar info"}, |
167 | | { TS_RAIL_ORDER_EXEC_RESULT, "Exec result"}, |
168 | | { TS_RAIL_ORDER_GET_APPID_REQ, "Get appId request"}, |
169 | | { TS_RAIL_ORDER_GET_APPID_RESP, "Get appId response"}, |
170 | | { TS_RAIL_ORDER_TASKBARINFO, "Taskbar info"}, |
171 | | { TS_RAIL_ORDER_LANGUAGEIMEINFO, "Language IME info"}, |
172 | | { TS_RAIL_ORDER_COMPARTMENTINFO, "Compartment info"}, |
173 | | { TS_RAIL_ORDER_HANDSHAKE_EX, "HandshakeEx"}, |
174 | | { TS_RAIL_ORDER_ZORDER_SYNC, "Z-order sync"}, |
175 | | { TS_RAIL_ORDER_CLOAK, "Cloak"}, |
176 | | { TS_RAIL_ORDER_POWER_DISPLAY_REQUEST, "Power display requet"}, |
177 | | { TS_RAIL_ORDER_SNAP_ARRANGE, "Snap arrange"}, |
178 | | { TS_RAIL_ORDER_GET_APPID_RESP_EX, "Get appId response"}, |
179 | | { TS_RAIL_ORDER_TEXTSCALEINFO, "Text scale info"}, |
180 | | { TS_RAIL_ORDER_CARETBLINKINFO, "Caret blink info"}, |
181 | | { 0x0, NULL}, |
182 | | }; |
183 | | |
184 | | static const value_string moveSizeStart_vals[] = { |
185 | | { 0x0001, "RAIL_WMSZ_LEFT" }, |
186 | | { 0x0002, "RAIL_WMSZ_RIGHT" }, |
187 | | { 0x0003, "RAIL_WMSZ_TOP" }, |
188 | | { 0x0004, "RAIL_WMSZ_TOPLEFT" }, |
189 | | { 0x0005, "RAIL_WMSZ_TOPRIGHT" }, |
190 | | { 0x0006, "RAIL_WMSZ_BOTTOM" }, |
191 | | { 0x0007, "RAIL_WMSZ_BOTTOMLEFT" }, |
192 | | { 0x0008, "RAIL_WMSZ_BOTTOMRIGHT" }, |
193 | | { 0x0009, "RAIL_WMSZ_MOVE" }, |
194 | | { 0x000A, "RAIL_WMSZ_KEYMOVE" }, |
195 | | { 0x000B, "RAIL_WMSZ_KEYSIZE" }, |
196 | | { 0x0, NULL}, |
197 | | }; |
198 | | |
199 | | static const value_string rdp_rail_notify_vals[] = { |
200 | | { 0x00000201, "WM_LBUTTONDOWN" }, |
201 | | { 0x00000202, "WM_LBUTTONUP" }, |
202 | | { 0x00000204, "WM_RBUTTONDOWN" }, |
203 | | { 0x00000205, "WM_RBUTTONUP" }, |
204 | | { 0x0000007B, "WM_CONTEXTMENU" }, |
205 | | { 0x00000203, "WM_LBUTTONDBLCLK" }, |
206 | | { 0x00000206, "WM_RBUTTONDBLCLK" }, |
207 | | { 0x00000400, "NIN_SELECT" }, |
208 | | { 0x00000401, "NIN_KEYSELECT" }, |
209 | | { 0x00000402, "NIN_BALLOONSHOW" }, |
210 | | { 0x00000403, "NIN_BALLOONHIDE" }, |
211 | | { 0x00000404, "NIN_BALLOONTIMEOUT" }, |
212 | | { 0x00000405, "NIN_BALLOONUSERCLICK" }, |
213 | | { 0x0, NULL}, |
214 | | }; |
215 | | |
216 | | static const value_string rdp_rail_server_system_params_vals[] = { |
217 | | { SPI_SETSCREENSAVEACTIVE, "SPI_SETSCREENSAVEACTIVE" }, |
218 | | { SPI_SETSCREENSAVESECURE, "SPI_SETSCREENSAVESECURE" }, |
219 | | { 0x0, NULL}, |
220 | | }; |
221 | | |
222 | | static const value_string rdp_rail_client_system_params_vals[] = { |
223 | | { SPI_SETDRAGFULLWINDOWS, "SPI_SETDRAGFULLWINDOWS" }, |
224 | | { SPI_SETKEYBOARDCUES, "SPI_SETKEYBOARDCUES" }, |
225 | | { SPI_SETKEYBOARDPREF, "SPI_SETKEYBOARDPREF" }, |
226 | | { SPI_SETWORKAREA, "SPI_SETWORKAREA" }, |
227 | | { RAIL_SPI_DISPLAYCHANGE, "RAIL_SPI_DISPLAYCHANGE" }, |
228 | | { SPI_SETMOUSEBUTTONSWAP, "SPI_SETMOUSEBUTTONSWAP" }, |
229 | | { RAIL_SPI_TASKBARPOS, "RAIL_SPI_TASKBARPOS" }, |
230 | | { SPI_SETHIGHCONTRAST, "SPI_SETHIGHCONTRAST" }, |
231 | | { SPI_SETCARETWIDTH, "SPI_SETCARETWIDTH" }, |
232 | | { SPI_SETSTICKYKEYS, "SPI_SETSTICKYKEYS" }, |
233 | | { SPI_SETTOGGLEKEYS, "SPI_SETTOGGLEKEYS" }, |
234 | | { SPI_SETFILTERKEYS, "SPI_SETFILTERKEYS" }, |
235 | | { RAIL_SPI_DISPLAY_ANIMATIONS_ENABLED, "RAIL_SPI_DISPLAY_ANIMATIONS_ENABLED" }, |
236 | | { RAIL_SPI_DISPLAY_ADVANCED_EFFECTS_ENABLED, "RAIL_SPI_DISPLAY_ADVANCED_EFFECTS_ENABLED" }, |
237 | | { RAIL_SPI_DISPLAY_AUTO_HIDE_SCROLLBARS, "RAIL_SPI_DISPLAY_AUTO_HIDE_SCROLLBARS" }, |
238 | | { RAIL_SPI_DISPLAY_MESSAGE_DURATION, "RAIL_SPI_DISPLAY_MESSAGE_DURATION" }, |
239 | | { RAIL_SPI_CLOSED_CAPTION_FONT_COLOR, "RAIL_SPI_CLOSED_CAPTION_FONT_COLOR" }, |
240 | | { RAIL_SPI_CLOSED_CAPTION_FONT_OPACITY, "RAIL_SPI_CLOSED_CAPTION_FONT_OPACITY" }, |
241 | | { RAIL_SPI_CLOSED_CAPTION_FONT_SIZE, "RAIL_SPI_CLOSED_CAPTION_FONT_SIZE" }, |
242 | | { RAIL_SPI_CLOSED_CAPTION_FONT_STYLE, "RAIL_SPI_CLOSED_CAPTION_FONT_STYLE" }, |
243 | | { RAIL_SPI_CLOSED_CAPTION_FONT_EDGE_EFFECT, "RAIL_SPI_CLOSED_CAPTION_FONT_EDGE_EFFECT" }, |
244 | | { RAIL_SPI_CLOSED_CAPTION_BACKGROUND_COLOR, "RAIL_SPI_CLOSED_CAPTION_BACKGROUND_COLOR" }, |
245 | | { RAIL_SPI_CLOSED_CAPTION_BACKGROUND_OPACITY, "RAIL_SPI_CLOSED_CAPTION_BACKGROUND_OPACITY" }, |
246 | | { RAIL_SPI_CLOSED_CAPTION_REGION_COLOR, "RAIL_SPI_CLOSED_CAPTION_REGION_COLOR" }, |
247 | | { RAIL_SPI_CLOSED_CAPTION_REGION_OPACITY, "RAIL_SPI_CLOSED_CAPTION_REGION_OPACITY" }, |
248 | | { 0x0, NULL}, |
249 | | }; |
250 | | |
251 | | |
252 | | static int |
253 | | dissect_rdp_rail(tvbuff_t *tvb _U_, packet_info *pinfo, proto_tree *parent_tree _U_, void *data _U_) |
254 | 0 | { |
255 | 0 | proto_item *item; |
256 | 0 | int nextOffset, offset = 0; |
257 | 0 | uint32_t cmdId = 0; |
258 | 0 | uint32_t pduLength; |
259 | 0 | proto_tree *tree; |
260 | 0 | uint32_t windowId; |
261 | 0 | bool packetToServer = rdp_isServerAddressTarget(pinfo); |
262 | |
|
263 | 0 | parent_tree = proto_tree_get_root(parent_tree); |
264 | 0 | col_set_str(pinfo->cinfo, COL_PROTOCOL, "RAIL"); |
265 | 0 | col_clear(pinfo->cinfo, COL_INFO); |
266 | |
|
267 | 0 | pduLength = tvb_get_uint16(tvb, offset + 2, ENC_LITTLE_ENDIAN); |
268 | 0 | item = proto_tree_add_item(parent_tree, proto_rdp_rail, tvb, offset, pduLength, ENC_NA); |
269 | 0 | tree = proto_item_add_subtree(item, ett_rdp_rail); |
270 | |
|
271 | 0 | proto_tree_add_item_ret_uint(tree, hf_rail_orderType, tvb, offset, 2, ENC_LITTLE_ENDIAN, &cmdId); |
272 | 0 | offset += 2; |
273 | |
|
274 | 0 | proto_tree_add_item(tree, hf_rail_pduLength, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
275 | 0 | offset += 2; |
276 | |
|
277 | 0 | nextOffset = offset + (pduLength - 4); |
278 | | |
279 | | /* packets that start with a windowId */ |
280 | 0 | switch (cmdId) { |
281 | 0 | case TS_RAIL_ORDER_ACTIVATE: |
282 | 0 | case TS_RAIL_ORDER_SYSMENU: |
283 | 0 | case TS_RAIL_ORDER_SYSCOMMAND: |
284 | 0 | case TS_RAIL_ORDER_NOTIFY_EVENT: |
285 | 0 | case TS_RAIL_ORDER_GET_APPID_REQ: |
286 | 0 | case TS_RAIL_ORDER_MINMAXINFO: |
287 | 0 | case TS_RAIL_ORDER_WINDOWMOVE: |
288 | 0 | case TS_RAIL_ORDER_LOCALMOVESIZE: |
289 | 0 | case TS_RAIL_ORDER_CLOAK: |
290 | 0 | case TS_RAIL_ORDER_SNAP_ARRANGE: |
291 | 0 | case TS_RAIL_ORDER_GET_APPID_RESP: |
292 | 0 | case TS_RAIL_ORDER_GET_APPID_RESP_EX: |
293 | 0 | case TS_RAIL_ORDER_ZORDER_SYNC: |
294 | 0 | proto_tree_add_item_ret_uint(tree, hf_rail_windowId, tvb, offset, 4, ENC_LITTLE_ENDIAN, &windowId); |
295 | 0 | col_add_fstr(pinfo->cinfo, COL_INFO, "%s|windowId=0x%x", val_to_str_const(cmdId, rdp_rail_order_vals, "Unknown RAIL command"), |
296 | 0 | windowId); |
297 | 0 | offset += 4; |
298 | 0 | break; |
299 | 0 | default: |
300 | 0 | col_set_str(pinfo->cinfo, COL_INFO, val_to_str_const(cmdId, rdp_rail_order_vals, "Unknown RAIL command")); |
301 | 0 | break; |
302 | 0 | } |
303 | | |
304 | | |
305 | | /* do the rest of the parsing */ |
306 | 0 | switch (cmdId) { |
307 | 0 | case TS_RAIL_ORDER_EXEC: |
308 | 0 | break; |
309 | 0 | case TS_RAIL_ORDER_ACTIVATE: |
310 | 0 | proto_tree_add_item(tree, hf_rail_activate_enabled, tvb, offset, 1, ENC_LITTLE_ENDIAN); |
311 | 0 | break; |
312 | 0 | case TS_RAIL_ORDER_SYSPARAM: |
313 | 0 | if (!packetToServer) { |
314 | 0 | uint32_t serverParam; |
315 | |
|
316 | 0 | col_set_str(pinfo->cinfo, COL_INFO, "Server system parameters"); |
317 | |
|
318 | 0 | proto_tree_add_item_ret_uint(tree, hf_rail_sysparam_server_params, tvb, offset, 4, ENC_LITTLE_ENDIAN, &serverParam); |
319 | |
|
320 | 0 | col_append_fstr(pinfo->cinfo, COL_INFO, "|%s", val_to_str_const(serverParam, rdp_rail_server_system_params_vals, "<unknown server param>")); |
321 | 0 | switch(serverParam) { |
322 | 0 | case SPI_SETSCREENSAVEACTIVE: |
323 | 0 | case SPI_SETSCREENSAVESECURE: |
324 | | /* TODO */ |
325 | 0 | break; |
326 | 0 | } |
327 | 0 | } else { |
328 | 0 | uint32_t clientParam; |
329 | |
|
330 | 0 | proto_tree_add_item_ret_uint(tree, hf_rail_sysparam_client_params, tvb, offset, 4, ENC_LITTLE_ENDIAN, &clientParam); |
331 | 0 | col_append_fstr(pinfo->cinfo, COL_INFO, "|%s", val_to_str_const(clientParam, rdp_rail_client_system_params_vals, "<unknown client param>")); |
332 | |
|
333 | 0 | switch(clientParam) { |
334 | 0 | case SPI_SETDRAGFULLWINDOWS: |
335 | 0 | case SPI_SETKEYBOARDCUES: |
336 | 0 | case SPI_SETKEYBOARDPREF: |
337 | 0 | case SPI_SETWORKAREA: |
338 | 0 | case RAIL_SPI_DISPLAYCHANGE: |
339 | 0 | case SPI_SETMOUSEBUTTONSWAP: |
340 | 0 | case RAIL_SPI_TASKBARPOS: |
341 | 0 | case SPI_SETHIGHCONTRAST: |
342 | 0 | case SPI_SETCARETWIDTH: |
343 | 0 | case SPI_SETSTICKYKEYS: |
344 | 0 | case SPI_SETTOGGLEKEYS: |
345 | 0 | case SPI_SETFILTERKEYS: |
346 | 0 | case RAIL_SPI_DISPLAY_ANIMATIONS_ENABLED: |
347 | 0 | case RAIL_SPI_DISPLAY_ADVANCED_EFFECTS_ENABLED: |
348 | 0 | case RAIL_SPI_DISPLAY_AUTO_HIDE_SCROLLBARS: |
349 | 0 | case RAIL_SPI_DISPLAY_MESSAGE_DURATION: |
350 | 0 | case RAIL_SPI_CLOSED_CAPTION_FONT_COLOR: |
351 | 0 | case RAIL_SPI_CLOSED_CAPTION_FONT_OPACITY: |
352 | 0 | case RAIL_SPI_CLOSED_CAPTION_FONT_SIZE: |
353 | 0 | case RAIL_SPI_CLOSED_CAPTION_FONT_STYLE: |
354 | 0 | case RAIL_SPI_CLOSED_CAPTION_FONT_EDGE_EFFECT: |
355 | 0 | case RAIL_SPI_CLOSED_CAPTION_BACKGROUND_COLOR: |
356 | 0 | case RAIL_SPI_CLOSED_CAPTION_BACKGROUND_OPACITY: |
357 | 0 | case RAIL_SPI_CLOSED_CAPTION_REGION_COLOR: |
358 | 0 | case RAIL_SPI_CLOSED_CAPTION_REGION_OPACITY: |
359 | | /* TODO */ |
360 | 0 | break; |
361 | 0 | } |
362 | 0 | } |
363 | 0 | break; |
364 | 0 | case TS_RAIL_ORDER_SYSCOMMAND: |
365 | 0 | break; |
366 | 0 | case TS_RAIL_ORDER_HANDSHAKE: |
367 | 0 | proto_tree_add_item(tree, hf_rail_caps_handshake_buildNumber, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
368 | 0 | break; |
369 | 0 | case TS_RAIL_ORDER_NOTIFY_EVENT: |
370 | 0 | proto_tree_add_item(tree, hf_rail_notify_iconId, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
371 | 0 | offset += 4; |
372 | |
|
373 | 0 | proto_tree_add_item(tree, hf_rail_notify_message, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
374 | 0 | break; |
375 | 0 | case TS_RAIL_ORDER_WINDOWMOVE: |
376 | 0 | proto_tree_add_item(tree, hf_rail_windowmove_left, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
377 | 0 | offset += 2; |
378 | 0 | proto_tree_add_item(tree, hf_rail_windowmove_top, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
379 | 0 | offset += 2; |
380 | 0 | proto_tree_add_item(tree, hf_rail_windowmove_right, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
381 | 0 | offset += 2; |
382 | 0 | proto_tree_add_item(tree, hf_rail_windowmove_bottom, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
383 | 0 | break; |
384 | 0 | case TS_RAIL_ORDER_LOCALMOVESIZE: |
385 | 0 | proto_tree_add_item(tree, hf_rail_localmovesize_isMoveSizeStart, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
386 | 0 | offset += 2; |
387 | 0 | proto_tree_add_item(tree, hf_rail_localmovesize_moveSizeType, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
388 | 0 | offset += 2; |
389 | 0 | proto_tree_add_item(tree, hf_rail_localmovesize_posX, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
390 | 0 | offset += 2; |
391 | 0 | proto_tree_add_item(tree, hf_rail_localmovesize_posY, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
392 | 0 | break; |
393 | 0 | case TS_RAIL_ORDER_MINMAXINFO: |
394 | 0 | proto_tree_add_item(tree, hf_rail_minmaxinfo_maxwidth, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
395 | 0 | offset += 2; |
396 | 0 | proto_tree_add_item(tree, hf_rail_minmaxinfo_maxheight, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
397 | 0 | offset += 2; |
398 | 0 | proto_tree_add_item(tree, hf_rail_minmaxinfo_maxPosX, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
399 | 0 | offset += 2; |
400 | 0 | proto_tree_add_item(tree, hf_rail_minmaxinfo_maxPosY, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
401 | 0 | offset += 2; |
402 | 0 | proto_tree_add_item(tree, hf_rail_minmaxinfo_minTrackWidth, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
403 | 0 | offset += 2; |
404 | 0 | proto_tree_add_item(tree, hf_rail_minmaxinfo_minTrackHeight, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
405 | 0 | offset += 2; |
406 | 0 | proto_tree_add_item(tree, hf_rail_minmaxinfo_maxTrackWidth, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
407 | 0 | offset += 2; |
408 | 0 | proto_tree_add_item(tree, hf_rail_minmaxinfo_maxTrackHeight, tvb, offset, 2, ENC_LITTLE_ENDIAN); |
409 | 0 | break; |
410 | 0 | case TS_RAIL_ORDER_CLIENTSTATUS: { |
411 | 0 | int *flags[] = { |
412 | 0 | &hf_rail_cstatus_flags_allowlocalmove, |
413 | 0 | &hf_rail_cstatus_autoreconnect, |
414 | 0 | &hf_rail_cstatus_zorder_sync, |
415 | 0 | &hf_rail_cstatus_resize_margin, |
416 | 0 | &hf_rail_cstatus_hidpi_icons, |
417 | 0 | &hf_rail_cstatus_appbar_remoting, |
418 | 0 | &hf_rail_cstatus_powerdisplay, |
419 | 0 | &hf_rail_cstatus_bidir_cloak, |
420 | 0 | &hf_rail_cstatus_suppress_icon_border, |
421 | 0 | NULL, |
422 | 0 | }; |
423 | |
|
424 | 0 | proto_tree_add_bitmask(tree, tvb, offset, hf_rail_cstatus_flags, ett_rdp_rail_clientstatus_flags, flags, ENC_LITTLE_ENDIAN); |
425 | 0 | break; |
426 | 0 | } |
427 | 0 | case TS_RAIL_ORDER_SYSMENU: |
428 | 0 | case TS_RAIL_ORDER_LANGBARINFO: |
429 | 0 | case TS_RAIL_ORDER_EXEC_RESULT: |
430 | 0 | case TS_RAIL_ORDER_GET_APPID_REQ: |
431 | 0 | case TS_RAIL_ORDER_GET_APPID_RESP: |
432 | 0 | case TS_RAIL_ORDER_TASKBARINFO: |
433 | 0 | case TS_RAIL_ORDER_LANGUAGEIMEINFO: |
434 | 0 | case TS_RAIL_ORDER_COMPARTMENTINFO: |
435 | 0 | break; |
436 | 0 | case TS_RAIL_ORDER_HANDSHAKE_EX: { |
437 | 0 | int *flags[] = { |
438 | 0 | &hf_rail_handshake_flags_hidef, |
439 | 0 | &hf_rail_handshake_flags_ex_spi, |
440 | 0 | &hf_rail_handshake_flags_snap, |
441 | 0 | &hf_rail_handshake_flags_textscale, |
442 | 0 | &hf_rail_handshake_flags_caretblink, |
443 | 0 | &hf_rail_handshake_flags_ex_spi2, |
444 | 0 | NULL, |
445 | 0 | }; |
446 | |
|
447 | 0 | proto_tree_add_item(tree, hf_rail_caps_handshake_buildNumber, tvb, offset, 4, ENC_LITTLE_ENDIAN); |
448 | 0 | offset += 4; |
449 | |
|
450 | 0 | proto_tree_add_bitmask(tree, tvb, offset, hf_rail_handshake_flags, ett_rdp_rail_handshake_flags, flags, ENC_LITTLE_ENDIAN); |
451 | 0 | break; |
452 | 0 | } |
453 | 0 | case TS_RAIL_ORDER_ZORDER_SYNC: |
454 | 0 | break; |
455 | 0 | case TS_RAIL_ORDER_CLOAK: |
456 | 0 | proto_tree_add_item(tree, hf_rail_cloak_cloaked, tvb, offset, 1, ENC_LITTLE_ENDIAN); |
457 | 0 | break; |
458 | 0 | case TS_RAIL_ORDER_POWER_DISPLAY_REQUEST: |
459 | 0 | case TS_RAIL_ORDER_SNAP_ARRANGE: |
460 | 0 | case TS_RAIL_ORDER_GET_APPID_RESP_EX: |
461 | 0 | case TS_RAIL_ORDER_TEXTSCALEINFO: |
462 | 0 | case TS_RAIL_ORDER_CARETBLINKINFO: |
463 | 0 | break; |
464 | 0 | default: |
465 | 0 | break; |
466 | 0 | } |
467 | | |
468 | 0 | offset = nextOffset; |
469 | 0 | return offset; |
470 | 0 | } |
471 | | |
472 | | |
473 | 14 | void proto_register_rdp_rail(void) { |
474 | 14 | static hf_register_info hf[] = { |
475 | 14 | { &hf_rail_orderType, |
476 | 14 | { "OrderType", "rdp_rail.ordertype", |
477 | 14 | FT_UINT16, BASE_HEX, VALS(rdp_rail_order_vals), 0x0, |
478 | 14 | NULL, HFILL } |
479 | 14 | }, |
480 | 14 | { &hf_rail_pduLength, |
481 | 14 | { "OrderLength", "rdp_rail.orderlength", |
482 | 14 | FT_UINT32, BASE_DEC, NULL, 0x0, |
483 | 14 | NULL, HFILL } |
484 | 14 | }, |
485 | 14 | { &hf_rail_caps_handshake_buildNumber, |
486 | 14 | { "Build number", "rdp_rail.handshake.buildNumber", |
487 | 14 | FT_UINT32, BASE_HEX, NULL, 0x0, |
488 | 14 | NULL, HFILL } |
489 | 14 | }, |
490 | 14 | { &hf_rail_windowId, |
491 | 14 | { "WindowId", "rdp_rail.windowid", |
492 | 14 | FT_UINT32, BASE_HEX, NULL, 0x0, |
493 | 14 | NULL, HFILL } |
494 | 14 | }, |
495 | 14 | { &hf_rail_windowmove_left, |
496 | 14 | { "Left", "rdp_rail.windowmove.left", |
497 | 14 | FT_UINT16, BASE_DEC, NULL, 0x0, |
498 | 14 | NULL, HFILL } |
499 | 14 | }, |
500 | 14 | { &hf_rail_windowmove_top, |
501 | 14 | { "Top", "rdp_rail.windowmove.top", |
502 | 14 | FT_UINT16, BASE_DEC, NULL, 0x0, |
503 | 14 | NULL, HFILL } |
504 | 14 | }, |
505 | 14 | { &hf_rail_windowmove_right, |
506 | 14 | { "Right", "rdp_rail.windowmove.right", |
507 | 14 | FT_UINT16, BASE_DEC, NULL, 0x0, |
508 | 14 | NULL, HFILL } |
509 | 14 | }, |
510 | 14 | { &hf_rail_windowmove_bottom, |
511 | 14 | { "Bottom", "rdp_rail.windowmove.bottom", |
512 | 14 | FT_UINT16, BASE_DEC, NULL, 0x0, |
513 | 14 | NULL, HFILL } |
514 | 14 | }, |
515 | 14 | { &hf_rail_localmovesize_isMoveSizeStart, |
516 | 14 | { "IsMoveSizeStart", "rdp_rail.localmovesize.ismovesizestart", |
517 | 14 | FT_UINT16, BASE_DEC, NULL, 0x0, |
518 | 14 | NULL, HFILL } |
519 | 14 | }, |
520 | 14 | { &hf_rail_localmovesize_moveSizeType, |
521 | 14 | { "Move size type", "rdp_rail.localmovesize.movesizetype", |
522 | 14 | FT_UINT16, BASE_DEC, VALS(moveSizeStart_vals), 0x0, |
523 | 14 | NULL, HFILL } |
524 | 14 | }, |
525 | 14 | { &hf_rail_localmovesize_posX, |
526 | 14 | { "PosX", "rdp_rail.localmovesize.posx", |
527 | 14 | FT_UINT16, BASE_DEC, NULL, 0x0, |
528 | 14 | NULL, HFILL } |
529 | 14 | }, |
530 | 14 | { &hf_rail_localmovesize_posY, |
531 | 14 | { "PosY", "rdp_rail.localmovesize.posy", |
532 | 14 | FT_UINT16, BASE_DEC, NULL, 0x0, |
533 | 14 | NULL, HFILL } |
534 | 14 | }, |
535 | 14 | { &hf_rail_minmaxinfo_maxwidth, |
536 | 14 | { "Max width", "rdp_rail.minmaxinfo.maxwidth", |
537 | 14 | FT_UINT16, BASE_DEC, NULL, 0x0, |
538 | 14 | NULL, HFILL } |
539 | 14 | }, |
540 | 14 | { &hf_rail_minmaxinfo_maxheight, |
541 | 14 | { "Max height", "rdp_rail.minmaxinfo.maxheight", |
542 | 14 | FT_UINT16, BASE_DEC, NULL, 0x0, |
543 | 14 | NULL, HFILL } |
544 | 14 | }, |
545 | 14 | { &hf_rail_minmaxinfo_maxPosX, |
546 | 14 | { "Max posX", "rdp_rail.minmaxinfo.maxposx", |
547 | 14 | FT_UINT16, BASE_DEC, NULL, 0x0, |
548 | 14 | NULL, HFILL } |
549 | 14 | }, |
550 | 14 | { &hf_rail_minmaxinfo_maxPosY, |
551 | 14 | { "Max posY", "rdp_rail.minmaxinfo.maxposy", |
552 | 14 | FT_UINT16, BASE_DEC, NULL, 0x0, |
553 | 14 | NULL, HFILL } |
554 | 14 | }, |
555 | 14 | { &hf_rail_minmaxinfo_minTrackWidth, |
556 | 14 | { "Min track width", "rdp_rail.minmaxinfo.mintrackwidth", |
557 | 14 | FT_UINT16, BASE_DEC, NULL, 0x0, |
558 | 14 | NULL, HFILL } |
559 | 14 | }, |
560 | 14 | { &hf_rail_minmaxinfo_minTrackHeight, |
561 | 14 | { "Min track height", "rdp_rail.minmaxinfo.mintrackheight", |
562 | 14 | FT_UINT16, BASE_DEC, NULL, 0x0, |
563 | 14 | NULL, HFILL } |
564 | 14 | }, |
565 | 14 | { &hf_rail_minmaxinfo_maxTrackWidth, |
566 | 14 | { "Max track width", "rdp_rail.minmaxinfo.maxtrackwidth", |
567 | 14 | FT_UINT16, BASE_DEC, NULL, 0x0, |
568 | 14 | NULL, HFILL } |
569 | 14 | }, |
570 | 14 | { &hf_rail_minmaxinfo_maxTrackHeight, |
571 | 14 | { "Max track height", "rdp_rail.minmaxinfo.maxtrackheight", |
572 | 14 | FT_UINT16, BASE_DEC, NULL, 0x0, |
573 | 14 | NULL, HFILL } |
574 | 14 | }, |
575 | 14 | { &hf_rail_cloak_cloaked, |
576 | 14 | { "Cloaked", "rdp_rail.cloak.cloaked", |
577 | 14 | FT_UINT8, BASE_DEC, NULL, 0x0, |
578 | 14 | NULL, HFILL } |
579 | 14 | }, |
580 | | |
581 | 14 | { &hf_rail_handshake_flags, |
582 | 14 | { "Flags", "rdp_rail.handshakeflags", |
583 | 14 | FT_UINT32, BASE_HEX, NULL, 0, |
584 | 14 | NULL, HFILL }}, |
585 | 14 | { &hf_rail_handshake_flags_hidef, |
586 | 14 | { "HIDEF", "rdp_rail.handshakeflags.hidef", |
587 | 14 | FT_UINT32, BASE_HEX, NULL, 0x00000001, |
588 | 14 | NULL, HFILL }}, |
589 | 14 | { &hf_rail_handshake_flags_ex_spi, |
590 | 14 | { "EXTENDED_SPI_SUPPORTED", "rdp_rail.handshakeflags.exspi", |
591 | 14 | FT_UINT32, BASE_HEX, NULL, 0x00000002, |
592 | 14 | NULL, HFILL }}, |
593 | 14 | { &hf_rail_handshake_flags_snap, |
594 | 14 | { "SNAP_ARRANGE_SUPPORTED", "rdp_rail.handshakeflags.snap", |
595 | 14 | FT_UINT32, BASE_HEX, NULL, 0x00000004, |
596 | 14 | NULL, HFILL }}, |
597 | 14 | { &hf_rail_handshake_flags_textscale, |
598 | 14 | { "TEXT_SCALE_SUPPORTED", "rdp_rail.handshakeflags.textscale", |
599 | 14 | FT_UINT32, BASE_HEX, NULL, 0x00000008, |
600 | 14 | NULL, HFILL }}, |
601 | 14 | { &hf_rail_handshake_flags_caretblink, |
602 | 14 | { "CARET_BLINK_SUPPORTED", "rdp_rail.handshakeflags.caretblink", |
603 | 14 | FT_UINT32, BASE_HEX, NULL, 0x00000010, |
604 | 14 | NULL, HFILL }}, |
605 | 14 | { &hf_rail_handshake_flags_ex_spi2, |
606 | 14 | { "EXTENDED_SPI_2_SUPPORTED", "rdp_rail.handshakeflags.exspi2", |
607 | 14 | FT_UINT32, BASE_HEX, NULL, 0x00000020, |
608 | 14 | NULL, HFILL }}, |
609 | | |
610 | 14 | { &hf_rail_cstatus_flags, |
611 | 14 | { "Flags", "rdp_rail.clientstatus.flags", |
612 | 14 | FT_UINT32, BASE_HEX, NULL, 0x0, |
613 | 14 | NULL, HFILL }}, |
614 | 14 | { &hf_rail_cstatus_flags_allowlocalmove, |
615 | 14 | { "ALLOWLOCALMOVESIZE", "rdp_rail.clientstatus.allowlocalmove", |
616 | 14 | FT_UINT32, BASE_HEX, NULL, 0x00000001, |
617 | 14 | NULL, HFILL }}, |
618 | 14 | { &hf_rail_cstatus_autoreconnect, |
619 | 14 | { "AUTORECONNECT", "rdp_rail.clientstatus.autoreconnect", |
620 | 14 | FT_UINT32, BASE_HEX, NULL, 0x00000002, |
621 | 14 | NULL, HFILL }}, |
622 | 14 | { &hf_rail_cstatus_zorder_sync, |
623 | 14 | { "ZORDER_SYNC", "rdp_rail.clientstatus.zordersync", |
624 | 14 | FT_UINT32, BASE_HEX, NULL, 0x00000004, |
625 | 14 | NULL, HFILL }}, |
626 | 14 | { &hf_rail_cstatus_resize_margin, |
627 | 14 | { "WINDOW_RESIZE_MARGIN_SUPPORTED", "rdp_rail.clientstatus.resizemargin", |
628 | 14 | FT_UINT32, BASE_HEX, NULL, 0x00000010, |
629 | 14 | NULL, HFILL }}, |
630 | 14 | { &hf_rail_cstatus_hidpi_icons, |
631 | 14 | { "HIGH_DPI_ICONS_SUPPORTED", "rdp_rail.clientstatus.highdpiicons", |
632 | 14 | FT_UINT32, BASE_HEX, NULL, 0x00000020, |
633 | 14 | NULL, HFILL }}, |
634 | 14 | { &hf_rail_cstatus_appbar_remoting, |
635 | 14 | { "APPBAR_REMOTING_SUPPORTED", "rdp_rail.clientstatus.appbarremoting", |
636 | 14 | FT_UINT32, BASE_HEX, NULL, 0x00000040, |
637 | 14 | NULL, HFILL }}, |
638 | 14 | { &hf_rail_cstatus_powerdisplay, |
639 | 14 | { "POWER_DISPLAY_REQUEST_SUPPORTED", "rdp_rail.clientstatus.powerdisplay", |
640 | 14 | FT_UINT32, BASE_HEX, NULL, 0x00000080, |
641 | 14 | NULL, HFILL }}, |
642 | 14 | { &hf_rail_cstatus_bidir_cloak, |
643 | 14 | { "BIDIRECTIONAL_CLOAK_SUPPORTED", "rdp_rail.clientstatus.bidircloak", |
644 | 14 | FT_UINT32, BASE_HEX, NULL, 0x00000200, |
645 | 14 | NULL, HFILL }}, |
646 | 14 | { &hf_rail_cstatus_suppress_icon_border, |
647 | 14 | { "SUPPRESS_ICON_ORDERS", "rdp_rail.clientstatus.suppressiconborder", |
648 | 14 | FT_UINT32, BASE_HEX, NULL, 0x00000400, |
649 | 14 | NULL, HFILL }}, |
650 | 14 | { &hf_rail_activate_enabled, |
651 | 14 | { "Enabled", "rdp_rail.activate.enabled", |
652 | 14 | FT_UINT8, BASE_DEC, NULL, 0x0, |
653 | 14 | NULL, HFILL }}, |
654 | | |
655 | 14 | { &hf_rail_notify_iconId, |
656 | 14 | { "IconId", "rdp_rail.notify.iconid", |
657 | 14 | FT_UINT32, BASE_HEX, NULL, 0x0, |
658 | 14 | NULL, HFILL }}, |
659 | 14 | { &hf_rail_notify_message, |
660 | 14 | { "Message", "rdp_rail.notify.message", |
661 | 14 | FT_UINT32, BASE_HEX, VALS(rdp_rail_notify_vals), 0x0, |
662 | 14 | NULL, HFILL }}, |
663 | | |
664 | 14 | { &hf_rail_sysparam_server_params, |
665 | 14 | { "SystemParameter", "rdp_rail.sysparam.serverparameter", |
666 | 14 | FT_UINT32, BASE_HEX, VALS(rdp_rail_server_system_params_vals), 0x0, |
667 | 14 | NULL, HFILL }}, |
668 | | |
669 | 14 | { &hf_rail_sysparam_client_params, |
670 | 14 | { "SystemParameter", "rdp_rail.sysparam.clientparameter", |
671 | 14 | FT_UINT32, BASE_HEX, VALS(rdp_rail_client_system_params_vals), 0x0, |
672 | 14 | NULL, HFILL }}, |
673 | | |
674 | | |
675 | 14 | }; |
676 | | |
677 | 14 | static int *ett[] = { |
678 | 14 | &ett_rdp_rail, |
679 | 14 | &ett_rdp_rail_handshake_flags, |
680 | 14 | &ett_rdp_rail_clientstatus_flags, |
681 | 14 | }; |
682 | | |
683 | 14 | proto_rdp_rail = proto_register_protocol(PNAME, PSNAME, PFNAME); |
684 | | |
685 | | /* Register fields and subtrees */ |
686 | 14 | proto_register_field_array(proto_rdp_rail, hf, array_length(hf)); |
687 | 14 | proto_register_subtree_array(ett, array_length(ett)); |
688 | | |
689 | 14 | register_dissector("rdp_rail", dissect_rdp_rail, proto_rdp_rail); |
690 | 14 | } |
691 | | |
692 | 14 | void proto_reg_handoff_rdp_rail(void) { |
693 | 14 | } |