search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Revert "TODO epan/dissectors/asn1/kerberos/packet-kerberos-template.c new GSS flags"
[wireshark-sm.git] / epan / dissectors / packet-rdp_rail.c
blob711df1cd789d2fc59998253c40205d4c886ccff6
1 /* Packet-rdp_rail.c
2 * Routines for the RAIL RDP channel
3 * Copyright 2023, David Fort <contact@hardening-consulting.com>
4 *
5 * Wireshark - Network traffic analyzer
6 * By Gerald Combs <gerald@wireshark.org>
7 * Copyright 1998 Gerald Combs
8 *
9 * SPDX-License-Identifier: GPL-2.0-or-later
10 */
11
12 /*
13 * See: "[MS-RDPERP] "
14 */
15
16 #include "config.h"
17
18 #include <epan/packet.h>
19 #include <epan/prefs.h>
20 #include <epan/conversation.h>
21 #include <epan/expert.h>
22 #include <epan/value_string.h>
23
24 #include "packet-rdpudp.h"
25
26 #define PNAME "RDP Program virtual channel Protocol"
27 #define PSNAME "RAIL"
28 #define PFNAME "rdp_rail"
29
30 void proto_register_rdp_rail(void);
31 void proto_reg_handoff_rdp_rail(void);
32
33
34 static int proto_rdp_rail;
35
36 static int hf_rail_orderType;
37 static int hf_rail_pduLength;
38
39 static int hf_rail_caps_handshake_buildNumber;
40
41 static int hf_rail_windowId;
42 static int hf_rail_windowmove_left;
43 static int hf_rail_windowmove_top;
44 static int hf_rail_windowmove_right;
45 static int hf_rail_windowmove_bottom;
46
47 static int hf_rail_notify_iconId;
48 static int hf_rail_notify_message;
49
50 static int hf_rail_localmovesize_isMoveSizeStart;
51 static int hf_rail_localmovesize_moveSizeType;
52 static int hf_rail_localmovesize_posX;
53 static int hf_rail_localmovesize_posY;
54
55 static int hf_rail_minmaxinfo_maxwidth;
56 static int hf_rail_minmaxinfo_maxheight;
57 static int hf_rail_minmaxinfo_maxPosX;
58 static int hf_rail_minmaxinfo_maxPosY;
59 static int hf_rail_minmaxinfo_minTrackWidth;
60 static int hf_rail_minmaxinfo_minTrackHeight;
61 static int hf_rail_minmaxinfo_maxTrackWidth;
62 static int hf_rail_minmaxinfo_maxTrackHeight;
63
64 static int hf_rail_cloak_cloaked;
65
66 static int hf_rail_handshake_flags;
67 static int hf_rail_handshake_flags_hidef;
68 static int hf_rail_handshake_flags_ex_spi;
69 static int hf_rail_handshake_flags_snap;
70 static int hf_rail_handshake_flags_textscale;
71 static int hf_rail_handshake_flags_caretblink;
72 static int hf_rail_handshake_flags_ex_spi2;
73
74 static int hf_rail_cstatus_flags;
75 static int hf_rail_cstatus_flags_allowlocalmove;
76 static int hf_rail_cstatus_autoreconnect;
77 static int hf_rail_cstatus_zorder_sync;
78 static int hf_rail_cstatus_resize_margin;
79 static int hf_rail_cstatus_hidpi_icons;
80 static int hf_rail_cstatus_appbar_remoting;
81 static int hf_rail_cstatus_powerdisplay;
82 static int hf_rail_cstatus_bidir_cloak;
83 static int hf_rail_cstatus_suppress_icon_border;
84
85 static int hf_rail_activate_enabled;
86
87 static int hf_rail_sysparam_server_params;
88 static int hf_rail_sysparam_client_params;
89
90 static int ett_rdp_rail;
91 static int ett_rdp_rail_handshake_flags;
92 static int ett_rdp_rail_clientstatus_flags;
93
94 enum {
95 TS_RAIL_ORDER_EXEC = 0x01,
96 TS_RAIL_ORDER_ACTIVATE = 0x02,
97 TS_RAIL_ORDER_SYSPARAM = 0x03,
98 TS_RAIL_ORDER_SYSCOMMAND = 0x04,
99 TS_RAIL_ORDER_HANDSHAKE = 0x05,
100 TS_RAIL_ORDER_NOTIFY_EVENT = 0x06,
101 TS_RAIL_ORDER_WINDOWMOVE = 0x08,
102 TS_RAIL_ORDER_LOCALMOVESIZE = 0x09,
103 TS_RAIL_ORDER_MINMAXINFO = 0x0a,
104 TS_RAIL_ORDER_CLIENTSTATUS = 0x0b,
105 TS_RAIL_ORDER_SYSMENU = 0x0c,
106 TS_RAIL_ORDER_LANGBARINFO = 0x0d,
107 TS_RAIL_ORDER_EXEC_RESULT = 0x80,
108 TS_RAIL_ORDER_GET_APPID_REQ = 0x0e,
109 TS_RAIL_ORDER_GET_APPID_RESP = 0x0f,
110 TS_RAIL_ORDER_TASKBARINFO = 0x10,
111 TS_RAIL_ORDER_LANGUAGEIMEINFO = 0x11,
112 TS_RAIL_ORDER_COMPARTMENTINFO = 0x12,
113 TS_RAIL_ORDER_HANDSHAKE_EX = 0X13,
114 TS_RAIL_ORDER_ZORDER_SYNC = 0x14,
115 TS_RAIL_ORDER_CLOAK = 0x15,
116 TS_RAIL_ORDER_POWER_DISPLAY_REQUEST = 0x16,
117 TS_RAIL_ORDER_SNAP_ARRANGE = 0x17,
118 TS_RAIL_ORDER_GET_APPID_RESP_EX = 0x18,
119 TS_RAIL_ORDER_TEXTSCALEINFO = 0x19,
120 TS_RAIL_ORDER_CARETBLINKINFO = 0x1a
121 };
122
123 enum {
124 SPI_SETSCREENSAVEACTIVE = 0x00000011,
125 SPI_SETSCREENSAVESECURE = 0x00000077,
126
127 SPI_SETDRAGFULLWINDOWS = 0x00000025,
128 SPI_SETKEYBOARDCUES = 0x0000100B,
129 SPI_SETKEYBOARDPREF = 0x00000045,
130 SPI_SETWORKAREA = 0x0000002F,
131 RAIL_SPI_DISPLAYCHANGE = 0x0000F001,
132 SPI_SETMOUSEBUTTONSWAP = 0x00000021,
133 RAIL_SPI_TASKBARPOS = 0x0000F000,
134 SPI_SETHIGHCONTRAST = 0x00000043,
135 SPI_SETCARETWIDTH = 0x00002007,
136 SPI_SETSTICKYKEYS = 0x0000003B,
137 SPI_SETTOGGLEKEYS = 0x00000035,
138 SPI_SETFILTERKEYS = 0x00000033,
139 RAIL_SPI_DISPLAY_ANIMATIONS_ENABLED = 0x0000F002,
140 RAIL_SPI_DISPLAY_ADVANCED_EFFECTS_ENABLED = 0x0000F003,
141 RAIL_SPI_DISPLAY_AUTO_HIDE_SCROLLBARS = 0x0000F004,
142 RAIL_SPI_DISPLAY_MESSAGE_DURATION = 0x0000F005,
143 RAIL_SPI_CLOSED_CAPTION_FONT_COLOR = 0x0000F006,
144 RAIL_SPI_CLOSED_CAPTION_FONT_OPACITY = 0x0000F007,
145 RAIL_SPI_CLOSED_CAPTION_FONT_SIZE = 0x0000F008,
146 RAIL_SPI_CLOSED_CAPTION_FONT_STYLE = 0x0000F009,
147 RAIL_SPI_CLOSED_CAPTION_FONT_EDGE_EFFECT = 0x0000F00A,
148 RAIL_SPI_CLOSED_CAPTION_BACKGROUND_COLOR = 0x0000F00B,
149 RAIL_SPI_CLOSED_CAPTION_BACKGROUND_OPACITY = 0x0000F00C,
150 RAIL_SPI_CLOSED_CAPTION_REGION_COLOR = 0x0000F00D,
151 RAIL_SPI_CLOSED_CAPTION_REGION_OPACITY = 0x0000F00E,
152 };
153
154 static const value_string rdp_rail_order_vals[] = {
155 { TS_RAIL_ORDER_EXEC, "Execute"},
156 { TS_RAIL_ORDER_ACTIVATE, "Activate"},
157 { TS_RAIL_ORDER_SYSPARAM, "Client system parameters"},
158 { TS_RAIL_ORDER_SYSCOMMAND, "System command"},
159 { TS_RAIL_ORDER_HANDSHAKE, "Handshake"},
160 { TS_RAIL_ORDER_NOTIFY_EVENT, "Notify event"},
161 { TS_RAIL_ORDER_WINDOWMOVE, "Window move"},
162 { TS_RAIL_ORDER_LOCALMOVESIZE, "Local move size"},
163 { TS_RAIL_ORDER_MINMAXINFO, "MinMax info"},
164 { TS_RAIL_ORDER_CLIENTSTATUS, "Client status"},
165 { TS_RAIL_ORDER_SYSMENU, "System menu"},
166 { TS_RAIL_ORDER_LANGBARINFO, "Language bar info"},
167 { TS_RAIL_ORDER_EXEC_RESULT, "Exec result"},
168 { TS_RAIL_ORDER_GET_APPID_REQ, "Get appId request"},
169 { TS_RAIL_ORDER_GET_APPID_RESP, "Get appId response"},
170 { TS_RAIL_ORDER_TASKBARINFO, "Taskbar info"},
171 { TS_RAIL_ORDER_LANGUAGEIMEINFO, "Language IME info"},
172 { TS_RAIL_ORDER_COMPARTMENTINFO, "Compartment info"},
173 { TS_RAIL_ORDER_HANDSHAKE_EX, "HandshakeEx"},
174 { TS_RAIL_ORDER_ZORDER_SYNC, "Z-order sync"},
175 { TS_RAIL_ORDER_CLOAK, "Cloak"},
176 { TS_RAIL_ORDER_POWER_DISPLAY_REQUEST, "Power display requet"},
177 { TS_RAIL_ORDER_SNAP_ARRANGE, "Snap arrange"},
178 { TS_RAIL_ORDER_GET_APPID_RESP_EX, "Get appId response"},
179 { TS_RAIL_ORDER_TEXTSCALEINFO, "Text scale info"},
180 { TS_RAIL_ORDER_CARETBLINKINFO, "Caret blink info"},
181 { 0x0, NULL},
182 };
183
184 static const value_string moveSizeStart_vals[] = {
185 { 0x0001, "RAIL_WMSZ_LEFT" },
186 { 0x0002, "RAIL_WMSZ_RIGHT" },
187 { 0x0003, "RAIL_WMSZ_TOP" },
188 { 0x0004, "RAIL_WMSZ_TOPLEFT" },
189 { 0x0005, "RAIL_WMSZ_TOPRIGHT" },
190 { 0x0006, "RAIL_WMSZ_BOTTOM" },
191 { 0x0007, "RAIL_WMSZ_BOTTOMLEFT" },
192 { 0x0008, "RAIL_WMSZ_BOTTOMRIGHT" },
193 { 0x0009, "RAIL_WMSZ_MOVE" },
194 { 0x000A, "RAIL_WMSZ_KEYMOVE" },
195 { 0x000B, "RAIL_WMSZ_KEYSIZE" },
196 { 0x0, NULL},
197 };
198
199 static const value_string rdp_rail_notify_vals[] = {
200 { 0x00000201, "WM_LBUTTONDOWN" },
201 { 0x00000202, "WM_LBUTTONUP" },
202 { 0x00000204, "WM_RBUTTONDOWN" },
203 { 0x00000205, "WM_RBUTTONUP" },
204 { 0x0000007B, "WM_CONTEXTMENU" },
205 { 0x00000203, "WM_LBUTTONDBLCLK" },
206 { 0x00000206, "WM_RBUTTONDBLCLK" },
207 { 0x00000400, "NIN_SELECT" },
208 { 0x00000401, "NIN_KEYSELECT" },
209 { 0x00000402, "NIN_BALLOONSHOW" },
210 { 0x00000403, "NIN_BALLOONHIDE" },
211 { 0x00000404, "NIN_BALLOONTIMEOUT" },
212 { 0x00000405, "NIN_BALLOONUSERCLICK" },
213 { 0x0, NULL},
214 };
215
216 static const value_string rdp_rail_server_system_params_vals[] = {
217 { SPI_SETSCREENSAVEACTIVE, "SPI_SETSCREENSAVEACTIVE" },
218 { SPI_SETSCREENSAVESECURE, "SPI_SETSCREENSAVESECURE" },
219 { 0x0, NULL},
220 };
221
222 static const value_string rdp_rail_client_system_params_vals[] = {
223 { SPI_SETDRAGFULLWINDOWS, "SPI_SETDRAGFULLWINDOWS" },
224 { SPI_SETKEYBOARDCUES, "SPI_SETKEYBOARDCUES" },
225 { SPI_SETKEYBOARDPREF, "SPI_SETKEYBOARDPREF" },
226 { SPI_SETWORKAREA, "SPI_SETWORKAREA" },
227 { RAIL_SPI_DISPLAYCHANGE, "RAIL_SPI_DISPLAYCHANGE" },
228 { SPI_SETMOUSEBUTTONSWAP, "SPI_SETMOUSEBUTTONSWAP" },
229 { RAIL_SPI_TASKBARPOS, "RAIL_SPI_TASKBARPOS" },
230 { SPI_SETHIGHCONTRAST, "SPI_SETHIGHCONTRAST" },
231 { SPI_SETCARETWIDTH, "SPI_SETCARETWIDTH" },
232 { SPI_SETSTICKYKEYS, "SPI_SETSTICKYKEYS" },
233 { SPI_SETTOGGLEKEYS, "SPI_SETTOGGLEKEYS" },
234 { SPI_SETFILTERKEYS, "SPI_SETFILTERKEYS" },
235 { RAIL_SPI_DISPLAY_ANIMATIONS_ENABLED, "RAIL_SPI_DISPLAY_ANIMATIONS_ENABLED" },
236 { RAIL_SPI_DISPLAY_ADVANCED_EFFECTS_ENABLED, "RAIL_SPI_DISPLAY_ADVANCED_EFFECTS_ENABLED" },
237 { RAIL_SPI_DISPLAY_AUTO_HIDE_SCROLLBARS, "RAIL_SPI_DISPLAY_AUTO_HIDE_SCROLLBARS" },
238 { RAIL_SPI_DISPLAY_MESSAGE_DURATION, "RAIL_SPI_DISPLAY_MESSAGE_DURATION" },
239 { RAIL_SPI_CLOSED_CAPTION_FONT_COLOR, "RAIL_SPI_CLOSED_CAPTION_FONT_COLOR" },
240 { RAIL_SPI_CLOSED_CAPTION_FONT_OPACITY, "RAIL_SPI_CLOSED_CAPTION_FONT_OPACITY" },
241 { RAIL_SPI_CLOSED_CAPTION_FONT_SIZE, "RAIL_SPI_CLOSED_CAPTION_FONT_SIZE" },
242 { RAIL_SPI_CLOSED_CAPTION_FONT_STYLE, "RAIL_SPI_CLOSED_CAPTION_FONT_STYLE" },
243 { RAIL_SPI_CLOSED_CAPTION_FONT_EDGE_EFFECT, "RAIL_SPI_CLOSED_CAPTION_FONT_EDGE_EFFECT" },
244 { RAIL_SPI_CLOSED_CAPTION_BACKGROUND_COLOR, "RAIL_SPI_CLOSED_CAPTION_BACKGROUND_COLOR" },
245 { RAIL_SPI_CLOSED_CAPTION_BACKGROUND_OPACITY, "RAIL_SPI_CLOSED_CAPTION_BACKGROUND_OPACITY" },
246 { RAIL_SPI_CLOSED_CAPTION_REGION_COLOR, "RAIL_SPI_CLOSED_CAPTION_REGION_COLOR" },
247 { RAIL_SPI_CLOSED_CAPTION_REGION_OPACITY, "RAIL_SPI_CLOSED_CAPTION_REGION_OPACITY" },
248 { 0x0, NULL},
249 };
250
251
252 static int
253 dissect_rdp_rail(tvbuff_t *tvb _U_, packet_info *pinfo, proto_tree *parent_tree _U_, void *data _U_)
254 {
255 proto_item *item;
256 int nextOffset, offset = 0;
257 uint32_t cmdId = 0;
258 uint32_t pduLength;
259 proto_tree *tree;
260 uint32_t windowId;
261 bool packetToServer = rdp_isServerAddressTarget(pinfo);
262
263 parent_tree = proto_tree_get_root(parent_tree);
264 col_set_str(pinfo->cinfo, COL_PROTOCOL, "RAIL");
265 col_clear(pinfo->cinfo, COL_INFO);
266
267 pduLength = tvb_get_uint16(tvb, offset + 2, ENC_LITTLE_ENDIAN);
268 item = proto_tree_add_item(parent_tree, proto_rdp_rail, tvb, offset, pduLength, ENC_NA);
269 tree = proto_item_add_subtree(item, ett_rdp_rail);
270
271 proto_tree_add_item_ret_uint(tree, hf_rail_orderType, tvb, offset, 2, ENC_LITTLE_ENDIAN, &cmdId);
272 offset += 2;
273
274 proto_tree_add_item(tree, hf_rail_pduLength, tvb, offset, 2, ENC_LITTLE_ENDIAN);
275 offset += 2;
276
277 nextOffset = offset + (pduLength - 4);
278
279 /* packets that start with a windowId */
280 switch (cmdId) {
281 case TS_RAIL_ORDER_ACTIVATE:
282 case TS_RAIL_ORDER_SYSMENU:
283 case TS_RAIL_ORDER_SYSCOMMAND:
284 case TS_RAIL_ORDER_NOTIFY_EVENT:
285 case TS_RAIL_ORDER_GET_APPID_REQ:
286 case TS_RAIL_ORDER_MINMAXINFO:
287 case TS_RAIL_ORDER_WINDOWMOVE:
288 case TS_RAIL_ORDER_LOCALMOVESIZE:
289 case TS_RAIL_ORDER_CLOAK:
290 case TS_RAIL_ORDER_SNAP_ARRANGE:
291 case TS_RAIL_ORDER_GET_APPID_RESP:
292 case TS_RAIL_ORDER_GET_APPID_RESP_EX:
293 case TS_RAIL_ORDER_ZORDER_SYNC:
294 proto_tree_add_item_ret_uint(tree, hf_rail_windowId, tvb, offset, 4, ENC_LITTLE_ENDIAN, &windowId);
295 col_add_fstr(pinfo->cinfo, COL_INFO, "%s|windowId=0x%x", val_to_str_const(cmdId, rdp_rail_order_vals, "Unknown RAIL command"),
296 windowId);
297 offset += 4;
298 break;
299 default:
300 col_set_str(pinfo->cinfo, COL_INFO, val_to_str_const(cmdId, rdp_rail_order_vals, "Unknown RAIL command"));
301 break;
302 }
303
304
305 /* do the rest of the parsing */
306 switch (cmdId) {
307 case TS_RAIL_ORDER_EXEC:
308 break;
309 case TS_RAIL_ORDER_ACTIVATE:
310 proto_tree_add_item(tree, hf_rail_activate_enabled, tvb, offset, 1, ENC_LITTLE_ENDIAN);
311 break;
312 case TS_RAIL_ORDER_SYSPARAM:
313 if (!packetToServer) {
314 uint32_t serverParam;
315
316 col_set_str(pinfo->cinfo, COL_INFO, "Server system parameters");
317
318 proto_tree_add_item_ret_uint(tree, hf_rail_sysparam_server_params, tvb, offset, 4, ENC_LITTLE_ENDIAN, &serverParam);
319
320 col_append_fstr(pinfo->cinfo, COL_INFO, "|%s", val_to_str_const(serverParam, rdp_rail_server_system_params_vals, "<unknown server param>"));
321 switch(serverParam) {
322 case SPI_SETSCREENSAVEACTIVE:
323 case SPI_SETSCREENSAVESECURE:
324 /* TODO */
325 break;
326 }
327 } else {
328 uint32_t clientParam;
329
330 proto_tree_add_item_ret_uint(tree, hf_rail_sysparam_client_params, tvb, offset, 4, ENC_LITTLE_ENDIAN, &clientParam);
331 col_append_fstr(pinfo->cinfo, COL_INFO, "|%s", val_to_str_const(clientParam, rdp_rail_client_system_params_vals, "<unknown client param>"));
332
333 switch(clientParam) {
334 case SPI_SETDRAGFULLWINDOWS:
335 case SPI_SETKEYBOARDCUES:
336 case SPI_SETKEYBOARDPREF:
337 case SPI_SETWORKAREA:
338 case RAIL_SPI_DISPLAYCHANGE:
339 case SPI_SETMOUSEBUTTONSWAP:
340 case RAIL_SPI_TASKBARPOS:
341 case SPI_SETHIGHCONTRAST:
342 case SPI_SETCARETWIDTH:
343 case SPI_SETSTICKYKEYS:
344 case SPI_SETTOGGLEKEYS:
345 case SPI_SETFILTERKEYS:
346 case RAIL_SPI_DISPLAY_ANIMATIONS_ENABLED:
347 case RAIL_SPI_DISPLAY_ADVANCED_EFFECTS_ENABLED:
348 case RAIL_SPI_DISPLAY_AUTO_HIDE_SCROLLBARS:
349 case RAIL_SPI_DISPLAY_MESSAGE_DURATION:
350 case RAIL_SPI_CLOSED_CAPTION_FONT_COLOR:
351 case RAIL_SPI_CLOSED_CAPTION_FONT_OPACITY:
352 case RAIL_SPI_CLOSED_CAPTION_FONT_SIZE:
353 case RAIL_SPI_CLOSED_CAPTION_FONT_STYLE:
354 case RAIL_SPI_CLOSED_CAPTION_FONT_EDGE_EFFECT:
355 case RAIL_SPI_CLOSED_CAPTION_BACKGROUND_COLOR:
356 case RAIL_SPI_CLOSED_CAPTION_BACKGROUND_OPACITY:
357 case RAIL_SPI_CLOSED_CAPTION_REGION_COLOR:
358 case RAIL_SPI_CLOSED_CAPTION_REGION_OPACITY:
359 /* TODO */
360 break;
361 }
362 }
363 break;
364 case TS_RAIL_ORDER_SYSCOMMAND:
365 break;
366 case TS_RAIL_ORDER_HANDSHAKE:
367 proto_tree_add_item(tree, hf_rail_caps_handshake_buildNumber, tvb, offset, 4, ENC_LITTLE_ENDIAN);
368 break;
369 case TS_RAIL_ORDER_NOTIFY_EVENT:
370 proto_tree_add_item(tree, hf_rail_notify_iconId, tvb, offset, 4, ENC_LITTLE_ENDIAN);
371 offset += 4;
372
373 proto_tree_add_item(tree, hf_rail_notify_message, tvb, offset, 4, ENC_LITTLE_ENDIAN);
374 break;
375 case TS_RAIL_ORDER_WINDOWMOVE:
376 proto_tree_add_item(tree, hf_rail_windowmove_left, tvb, offset, 2, ENC_LITTLE_ENDIAN);
377 offset += 2;
378 proto_tree_add_item(tree, hf_rail_windowmove_top, tvb, offset, 2, ENC_LITTLE_ENDIAN);
379 offset += 2;
380 proto_tree_add_item(tree, hf_rail_windowmove_right, tvb, offset, 2, ENC_LITTLE_ENDIAN);
381 offset += 2;
382 proto_tree_add_item(tree, hf_rail_windowmove_bottom, tvb, offset, 2, ENC_LITTLE_ENDIAN);
383 break;
384 case TS_RAIL_ORDER_LOCALMOVESIZE:
385 proto_tree_add_item(tree, hf_rail_localmovesize_isMoveSizeStart, tvb, offset, 2, ENC_LITTLE_ENDIAN);
386 offset += 2;
387 proto_tree_add_item(tree, hf_rail_localmovesize_moveSizeType, tvb, offset, 2, ENC_LITTLE_ENDIAN);
388 offset += 2;
389 proto_tree_add_item(tree, hf_rail_localmovesize_posX, tvb, offset, 2, ENC_LITTLE_ENDIAN);
390 offset += 2;
391 proto_tree_add_item(tree, hf_rail_localmovesize_posY, tvb, offset, 2, ENC_LITTLE_ENDIAN);
392 break;
393 case TS_RAIL_ORDER_MINMAXINFO:
394 proto_tree_add_item(tree, hf_rail_minmaxinfo_maxwidth, tvb, offset, 2, ENC_LITTLE_ENDIAN);
395 offset += 2;
396 proto_tree_add_item(tree, hf_rail_minmaxinfo_maxheight, tvb, offset, 2, ENC_LITTLE_ENDIAN);
397 offset += 2;
398 proto_tree_add_item(tree, hf_rail_minmaxinfo_maxPosX, tvb, offset, 2, ENC_LITTLE_ENDIAN);
399 offset += 2;
400 proto_tree_add_item(tree, hf_rail_minmaxinfo_maxPosY, tvb, offset, 2, ENC_LITTLE_ENDIAN);
401 offset += 2;
402 proto_tree_add_item(tree, hf_rail_minmaxinfo_minTrackWidth, tvb, offset, 2, ENC_LITTLE_ENDIAN);
403 offset += 2;
404 proto_tree_add_item(tree, hf_rail_minmaxinfo_minTrackHeight, tvb, offset, 2, ENC_LITTLE_ENDIAN);
405 offset += 2;
406 proto_tree_add_item(tree, hf_rail_minmaxinfo_maxTrackWidth, tvb, offset, 2, ENC_LITTLE_ENDIAN);
407 offset += 2;
408 proto_tree_add_item(tree, hf_rail_minmaxinfo_maxTrackHeight, tvb, offset, 2, ENC_LITTLE_ENDIAN);
409 break;
410 case TS_RAIL_ORDER_CLIENTSTATUS: {
411 int *flags[] = {
412 &hf_rail_cstatus_flags_allowlocalmove,
413 &hf_rail_cstatus_autoreconnect,
414 &hf_rail_cstatus_zorder_sync,
415 &hf_rail_cstatus_resize_margin,
416 &hf_rail_cstatus_hidpi_icons,
417 &hf_rail_cstatus_appbar_remoting,
418 &hf_rail_cstatus_powerdisplay,
419 &hf_rail_cstatus_bidir_cloak,
420 &hf_rail_cstatus_suppress_icon_border,
421 NULL,
422 };
423
424 proto_tree_add_bitmask(tree, tvb, offset, hf_rail_cstatus_flags, ett_rdp_rail_clientstatus_flags, flags, ENC_LITTLE_ENDIAN);
425 break;
426 }
427 case TS_RAIL_ORDER_SYSMENU:
428 case TS_RAIL_ORDER_LANGBARINFO:
429 case TS_RAIL_ORDER_EXEC_RESULT:
430 case TS_RAIL_ORDER_GET_APPID_REQ:
431 case TS_RAIL_ORDER_GET_APPID_RESP:
432 case TS_RAIL_ORDER_TASKBARINFO:
433 case TS_RAIL_ORDER_LANGUAGEIMEINFO:
434 case TS_RAIL_ORDER_COMPARTMENTINFO:
435 break;
436 case TS_RAIL_ORDER_HANDSHAKE_EX: {
437 int *flags[] = {
438 &hf_rail_handshake_flags_hidef,
439 &hf_rail_handshake_flags_ex_spi,
440 &hf_rail_handshake_flags_snap,
441 &hf_rail_handshake_flags_textscale,
442 &hf_rail_handshake_flags_caretblink,
443 &hf_rail_handshake_flags_ex_spi2,
444 NULL,
445 };
446
447 proto_tree_add_item(tree, hf_rail_caps_handshake_buildNumber, tvb, offset, 4, ENC_LITTLE_ENDIAN);
448 offset += 4;
449
450 proto_tree_add_bitmask(tree, tvb, offset, hf_rail_handshake_flags, ett_rdp_rail_handshake_flags, flags, ENC_LITTLE_ENDIAN);
451 break;
452 }
453 case TS_RAIL_ORDER_ZORDER_SYNC:
454 break;
455 case TS_RAIL_ORDER_CLOAK:
456 proto_tree_add_item(tree, hf_rail_cloak_cloaked, tvb, offset, 1, ENC_LITTLE_ENDIAN);
457 break;
458 case TS_RAIL_ORDER_POWER_DISPLAY_REQUEST:
459 case TS_RAIL_ORDER_SNAP_ARRANGE:
460 case TS_RAIL_ORDER_GET_APPID_RESP_EX:
461 case TS_RAIL_ORDER_TEXTSCALEINFO:
462 case TS_RAIL_ORDER_CARETBLINKINFO:
463 break;
464 default:
465 break;
466 }
467
468 offset = nextOffset;
469 return offset;
470 }
471
472
473 void proto_register_rdp_rail(void) {
474 static hf_register_info hf[] = {
475 { &hf_rail_orderType,
476 { "OrderType", "rdp_rail.ordertype",
477 FT_UINT16, BASE_HEX, VALS(rdp_rail_order_vals), 0x0,
478 NULL, HFILL }
479 },
480 { &hf_rail_pduLength,
481 { "OrderLength", "rdp_rail.orderlength",
482 FT_UINT32, BASE_DEC, NULL, 0x0,
483 NULL, HFILL }
484 },
485 { &hf_rail_caps_handshake_buildNumber,
486 { "Build number", "rdp_rail.handshake.buildNumber",
487 FT_UINT32, BASE_HEX, NULL, 0x0,
488 NULL, HFILL }
489 },
490 { &hf_rail_windowId,
491 { "WindowId", "rdp_rail.windowid",
492 FT_UINT32, BASE_HEX, NULL, 0x0,
493 NULL, HFILL }
494 },
495 { &hf_rail_windowmove_left,
496 { "Left", "rdp_rail.windowmove.left",
497 FT_UINT16, BASE_DEC, NULL, 0x0,
498 NULL, HFILL }
499 },
500 { &hf_rail_windowmove_top,
501 { "Top", "rdp_rail.windowmove.top",
502 FT_UINT16, BASE_DEC, NULL, 0x0,
503 NULL, HFILL }
504 },
505 { &hf_rail_windowmove_right,
506 { "Right", "rdp_rail.windowmove.right",
507 FT_UINT16, BASE_DEC, NULL, 0x0,
508 NULL, HFILL }
509 },
510 { &hf_rail_windowmove_bottom,
511 { "Bottom", "rdp_rail.windowmove.bottom",
512 FT_UINT16, BASE_DEC, NULL, 0x0,
513 NULL, HFILL }
514 },
515 { &hf_rail_localmovesize_isMoveSizeStart,
516 { "IsMoveSizeStart", "rdp_rail.localmovesize.ismovesizestart",
517 FT_UINT16, BASE_DEC, NULL, 0x0,
518 NULL, HFILL }
519 },
520 { &hf_rail_localmovesize_moveSizeType,
521 { "Move size type", "rdp_rail.localmovesize.movesizetype",
522 FT_UINT16, BASE_DEC, VALS(moveSizeStart_vals), 0x0,
523 NULL, HFILL }
524 },
525 { &hf_rail_localmovesize_posX,
526 { "PosX", "rdp_rail.localmovesize.posx",
527 FT_UINT16, BASE_DEC, NULL, 0x0,
528 NULL, HFILL }
529 },
530 { &hf_rail_localmovesize_posY,
531 { "PosY", "rdp_rail.localmovesize.posy",
532 FT_UINT16, BASE_DEC, NULL, 0x0,
533 NULL, HFILL }
534 },
535 { &hf_rail_minmaxinfo_maxwidth,
536 { "Max width", "rdp_rail.minmaxinfo.maxwidth",
537 FT_UINT16, BASE_DEC, NULL, 0x0,
538 NULL, HFILL }
539 },
540 { &hf_rail_minmaxinfo_maxheight,
541 { "Max height", "rdp_rail.minmaxinfo.maxheight",
542 FT_UINT16, BASE_DEC, NULL, 0x0,
543 NULL, HFILL }
544 },
545 { &hf_rail_minmaxinfo_maxPosX,
546 { "Max posX", "rdp_rail.minmaxinfo.maxposx",
547 FT_UINT16, BASE_DEC, NULL, 0x0,
548 NULL, HFILL }
549 },
550 { &hf_rail_minmaxinfo_maxPosY,
551 { "Max posY", "rdp_rail.minmaxinfo.maxposy",
552 FT_UINT16, BASE_DEC, NULL, 0x0,
553 NULL, HFILL }
554 },
555 { &hf_rail_minmaxinfo_minTrackWidth,
556 { "Min track width", "rdp_rail.minmaxinfo.mintrackwidth",
557 FT_UINT16, BASE_DEC, NULL, 0x0,
558 NULL, HFILL }
559 },
560 { &hf_rail_minmaxinfo_minTrackHeight,
561 { "Min track height", "rdp_rail.minmaxinfo.mintrackheight",
562 FT_UINT16, BASE_DEC, NULL, 0x0,
563 NULL, HFILL }
564 },
565 { &hf_rail_minmaxinfo_maxTrackWidth,
566 { "Max track width", "rdp_rail.minmaxinfo.maxtrackwidth",
567 FT_UINT16, BASE_DEC, NULL, 0x0,
568 NULL, HFILL }
569 },
570 { &hf_rail_minmaxinfo_maxTrackHeight,
571 { "Max track height", "rdp_rail.minmaxinfo.maxtrackheight",
572 FT_UINT16, BASE_DEC, NULL, 0x0,
573 NULL, HFILL }
574 },
575 { &hf_rail_cloak_cloaked,
576 { "Cloaked", "rdp_rail.cloak.cloaked",
577 FT_UINT8, BASE_DEC, NULL, 0x0,
578 NULL, HFILL }
579 },
580
581 { &hf_rail_handshake_flags,
582 { "Flags", "rdp_rail.handshakeflags",
583 FT_UINT32, BASE_HEX, NULL, 0,
584 NULL, HFILL }},
585 { &hf_rail_handshake_flags_hidef,
586 { "HIDEF", "rdp_rail.handshakeflags.hidef",
587 FT_UINT32, BASE_HEX, NULL, 0x00000001,
588 NULL, HFILL }},
589 { &hf_rail_handshake_flags_ex_spi,
590 { "EXTENDED_SPI_SUPPORTED", "rdp_rail.handshakeflags.exspi",
591 FT_UINT32, BASE_HEX, NULL, 0x00000002,
592 NULL, HFILL }},
593 { &hf_rail_handshake_flags_snap,
594 { "SNAP_ARRANGE_SUPPORTED", "rdp_rail.handshakeflags.snap",
595 FT_UINT32, BASE_HEX, NULL, 0x00000004,
596 NULL, HFILL }},
597 { &hf_rail_handshake_flags_textscale,
598 { "TEXT_SCALE_SUPPORTED", "rdp_rail.handshakeflags.textscale",
599 FT_UINT32, BASE_HEX, NULL, 0x00000008,
600 NULL, HFILL }},
601 { &hf_rail_handshake_flags_caretblink,
602 { "CARET_BLINK_SUPPORTED", "rdp_rail.handshakeflags.caretblink",
603 FT_UINT32, BASE_HEX, NULL, 0x00000010,
604 NULL, HFILL }},
605 { &hf_rail_handshake_flags_ex_spi2,
606 { "EXTENDED_SPI_2_SUPPORTED", "rdp_rail.handshakeflags.exspi2",
607 FT_UINT32, BASE_HEX, NULL, 0x00000020,
608 NULL, HFILL }},
609
610 { &hf_rail_cstatus_flags,
611 { "Flags", "rdp_rail.clientstatus.flags",
612 FT_UINT32, BASE_HEX, NULL, 0x0,
613 NULL, HFILL }},
614 { &hf_rail_cstatus_flags_allowlocalmove,
615 { "ALLOWLOCALMOVESIZE", "rdp_rail.clientstatus.allowlocalmove",
616 FT_UINT32, BASE_HEX, NULL, 0x00000001,
617 NULL, HFILL }},
618 { &hf_rail_cstatus_autoreconnect,
619 { "AUTORECONNECT", "rdp_rail.clientstatus.autoreconnect",
620 FT_UINT32, BASE_HEX, NULL, 0x00000002,
621 NULL, HFILL }},
622 { &hf_rail_cstatus_zorder_sync,
623 { "ZORDER_SYNC", "rdp_rail.clientstatus.zordersync",
624 FT_UINT32, BASE_HEX, NULL, 0x00000004,
625 NULL, HFILL }},
626 { &hf_rail_cstatus_resize_margin,
627 { "WINDOW_RESIZE_MARGIN_SUPPORTED", "rdp_rail.clientstatus.resizemargin",
628 FT_UINT32, BASE_HEX, NULL, 0x00000010,
629 NULL, HFILL }},
630 { &hf_rail_cstatus_hidpi_icons,
631 { "HIGH_DPI_ICONS_SUPPORTED", "rdp_rail.clientstatus.highdpiicons",
632 FT_UINT32, BASE_HEX, NULL, 0x00000020,
633 NULL, HFILL }},
634 { &hf_rail_cstatus_appbar_remoting,
635 { "APPBAR_REMOTING_SUPPORTED", "rdp_rail.clientstatus.appbarremoting",
636 FT_UINT32, BASE_HEX, NULL, 0x00000040,
637 NULL, HFILL }},
638 { &hf_rail_cstatus_powerdisplay,
639 { "POWER_DISPLAY_REQUEST_SUPPORTED", "rdp_rail.clientstatus.powerdisplay",
640 FT_UINT32, BASE_HEX, NULL, 0x00000080,
641 NULL, HFILL }},
642 { &hf_rail_cstatus_bidir_cloak,
643 { "BIDIRECTIONAL_CLOAK_SUPPORTED", "rdp_rail.clientstatus.bidircloak",
644 FT_UINT32, BASE_HEX, NULL, 0x00000200,
645 NULL, HFILL }},
646 { &hf_rail_cstatus_suppress_icon_border,
647 { "SUPPRESS_ICON_ORDERS", "rdp_rail.clientstatus.suppressiconborder",
648 FT_UINT32, BASE_HEX, NULL, 0x00000400,
649 NULL, HFILL }},
650 { &hf_rail_activate_enabled,
651 { "Enabled", "rdp_rail.activate.enabled",
652 FT_UINT8, BASE_DEC, NULL, 0x0,
653 NULL, HFILL }},
654
655 { &hf_rail_notify_iconId,
656 { "IconId", "rdp_rail.notify.iconid",
657 FT_UINT32, BASE_HEX, NULL, 0x0,
658 NULL, HFILL }},
659 { &hf_rail_notify_message,
660 { "Message", "rdp_rail.notify.message",
661 FT_UINT32, BASE_HEX, VALS(rdp_rail_notify_vals), 0x0,
662 NULL, HFILL }},
663
664 { &hf_rail_sysparam_server_params,
665 { "SystemParameter", "rdp_rail.sysparam.serverparameter",
666 FT_UINT32, BASE_HEX, VALS(rdp_rail_server_system_params_vals), 0x0,
667 NULL, HFILL }},
668
669 { &hf_rail_sysparam_client_params,
670 { "SystemParameter", "rdp_rail.sysparam.clientparameter",
671 FT_UINT32, BASE_HEX, VALS(rdp_rail_client_system_params_vals), 0x0,
672 NULL, HFILL }},
673
674
675 };
676
677 static int *ett[] = {
678 &ett_rdp_rail,
679 &ett_rdp_rail_handshake_flags,
680 &ett_rdp_rail_clientstatus_flags,
681 };
682
683 proto_rdp_rail = proto_register_protocol(PNAME, PSNAME, PFNAME);
684
685 /* Register fields and subtrees */
686 proto_register_field_array(proto_rdp_rail, hf, array_length(hf));
687 proto_register_subtree_array(ett, array_length(ett));
688
689 register_dissector("rdp_rail", dissect_rdp_rail, proto_rdp_rail);
690 }
691
692 void proto_reg_handoff_rdp_rail(void) {
693 }
Metzes wireshark repo