4 Protocol Examples
The following is an example of the RDP_PRECONNECTION_PDU_V1.
-
00000000 10 00 00 00 00 00 00 00 01 00 00 00 eb 99 c6 ee ................ 10 00 00 00 -> RDP_PRECONNECTION_PDU_V1::cbSize = 0x10 = 16 bytes 00 00 00 00 -> RDP_PRECONNECTION_PDU_V1::Flags = 0 01 00 00 00 -> RDP_PRECONNECTION_PDU_V1::Version = 1 eb 99 c6 ee -> RDP_PRECONNECTION_PDU_V1::Id = 0xEEC699EB = 4005992939 (random id)
The following is an example of the RDP_PRECONNECTION_PDU_V2, where the PDU is an RDP_PRECONNECTION_PDU_V1 that is extended with a variable-size Unicode string.
-
00000000 20 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 ............... 00000010 07 00 54 00 65 00 73 00 74 00 56 00 4d 00 00 00 ..T.e.s.t.V.M... 20 00 00 00 -> RDP_PRECONNECTION_PDU_V2::RDP_PRECONNECTION_PDU_V1::cbSize = 0x20 = 32 bytes 00 00 00 00 -> RDP_PRECONNECTION_PDU_V2::RDP_PRECONNECTION_PDU_V1::Flags = 0 02 00 00 00 -> RDP_PRECONNECTION_PDU_V2::RDP_PRECONNECTION_PDU_V1::Version = 2 00 00 00 00 -> RDP_PRECONNECTION_PDU_V2::RDP_PRECONNECTION_PDU_V1::Id = 0 07 00 -> RDP_PRECONNECTION_PDU_V2::cchPCB = 0x7 = 7 characters 54 00 65 00 73 00-74 00 56 00 4d 00 00 00 -> RDP_PRECONNECTION_PDU_V2::wszPCB -> "TestVM" (including null terminator)
The following is an example of the RDP_PRECONNECTION_PDU_V2, where the PDU contains the connection request for a virtual machine running on Windows Server 2012 R2 operating system.
-
00000000 7a 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 z............... 00000010 34 00 42 00 41 00 31 00 42 00 36 00 44 00 42 00 4.B.A.1.B.6.D.B. 00000020 44 00 2d 00 38 00 39 00 41 00 43 00 2d 00 34 00 D.-.8.9.A.C.-.4. 00000030 36 00 33 00 30 00 2d 00 41 00 37 00 33 00 37 00 6.3.0.-.A.7.3.7. 00000040 2d 00 43 00 34 00 42 00 43 00 43 00 33 00 42 00 -.C.4.B.C.C.3.B. 00000050 42 00 39 00 39 00 46 00 42 00 3b 00 45 00 6e 00 B.9.9.F.B.;.E.n. 00000060 68 00 61 00 6e 00 63 00 65 00 64 00 4d 00 6f 00 h.a.n.c.e.d.M.o. 00000070 64 00 65 00 3d 00 31 00 00 00 d.e.=.1... 7a 00 00 00 -> RDP_PRECONNECTION_PDU_V2::RDP_PRECONNECTION_PDU_V1::cbSize = 0x7a = 122 bytes 00 00 00 00 -> RDP_PRECONNECTION_PDU_V2::RDP_PRECONNECTION_PDU_V1::Flags = 0 02 00 00 00 -> RDP_PRECONNECTION_PDU_V2::RDP_PRECONNECTION_PDU_V1::Version = 2 00 00 00 00 -> RDP_PRECONNECTION_PDU_V2::RDP_PRECONNECTION_PDU_V1::Id = 0 34 00 -> RDP_PRECONNECTION_PDU_V2::cchPCB = 0x34 = 52 characters 42 00 41 00 31 00 42 00 36 00 44 00 42 00 44 00 2d 00 38 00 39 00 41 00 43 00 2d 00 34 00 36 00 33 00 30 00 2d 00 41 00 37 00 33 00 37 00 2d 00 43 00 34 00 42 00 43 00 43 00 33 00 42 00 42 00 39 00 39 00 46 00 42 00 3b 00 45 00 6e 00 68 00 61 00 6e 00 63 00 65 00 64 00 4d 00 6f 00 64 00 65 00 3d 00 31 00 00 00 -> RDP_PRECONNECTION_PDU_V2::wszPCB -> "BA1B6DBD-89AC-4630-A737-C4BCC3BB99FB;EnhancedMode=1" (including null terminator)