FreeRdp
- Official site: freerdp.com
- Github repo: https://github.com/FreeRDP/FreeRDP/
- API documentation: https://pub.freerdp.com/api/
- Information regarding the Microsoft Open Specifications can be found at: https://www.microsoft.com/openspecifications/
RDP 协议解析
- 基于TCP连接,标准没有规定服务端端口,默认端口为3389
- 消息流里的多字节数据统一使用小端字节序(little-endian)
消息结构
- 节选了几个有代表性的
静态虚拟通道消息结构
- tpktHeader (4 字节): TPKT 头, 详见 [T123] section 8
- x224Data (3 字节): X.224 Class 0 Data TPDU, 详见 [X224] section 13.7.
- mcsPdu (长度可变):
- securityHeade (长度可变):可选,取决于服务端选择的加密级别与算法
- channelPduHeader (8 字节) : CHANNEL_PDU_HEADER 结构
- virtualChannelData (长度可变): 此通道具体数据,该字段的大小不得大于 CHANNEL_CHUNK_LENGTH (1600) 字节,除非在 Virtual Channel Capability 的 VCChunkSize 字段中指定了最大虚拟通道块大小
基础输出消息结构
- The Slow-Path Graphics Update PDU
- tpktHeader (4 字节)
- x224Data (3 字节)
- mcsSDin (长度可变)
- securityHeade (长度可变):
- slowPathGraphicsUpdates: TS_GRAPHICS_UPDATE 结构
- shareDataHeader (8 字节)
- updateType (2 字节): UPDATETYPE_ORDERS(0x0000) UPDATETYPE_BITMAP(0x0001) UPDATETYPE_PALETTE(0x0002) UPDATETYPE_SYNCHRONIZE(0x0003)
- updateData (长度可变):
- TS_UPDATE_PALETTE
- TS_UPDATE_BITMAP
- TS_UPDATE_SYNC
- Server Fast-Path Update PDU (TS_FP_UPDATE_PDU): 为节省带宽而省略重复头的 Fast-Path 消息结构
- fpOutputHeader (1 字节): 1字节8位,各个位的内容如下:
- action (2 位): 识别位。 FASTPATH_OUTPUT_ACTION_FASTPATH(0x0) 表示此PDU为 Fast-Path; FASTPATH_OUTPUT_ACTION_X224(0x3) 表示此PDU为 Slow-Path
- reserved(4 位): 保留,为0;
- flags (2 位): 描述此PDU的加密 FASTPATH_OUTPUT_SECURE_CHECKSUM(0x1), FASTPATH_OUTPUT_ENCRYPTED(0x2)
- length1 (1 字节)
- length2 (1 字节)(可选)
- fipsInformation (4 字节)(可选)
- dataSignature (8 字节)(可选)
- fpOutputUpdates (可变长度): TS_FP_UPDATE 结构
- TS_FP_UPDATE 基本结构:
- updateHeader (1 字节)
- updateCode (4 位):类型代码
- fragmentation (2 位): 消息分段标志位 FASTPATH_FRAGMENT_SINGLE(0x0) FASTPATH_FRAGMENT_LAST(0x1) FASTPATH_FRAGMENT_FIRST(0x2) FASTPATH_FRAGMENT_NEXT(0x3)
- compression (2位): 标志是否使用 compressionFlags , FASTPATH_OUTPUT_COMPRESSION_USED(0x2)
- compressionFlags (1 字节)(可选)
- size (2 字节)
- updateData (长度可变): 比如 TS_UPDATE_BITMAP_DATA
- TS_UPDATE_BITMAP_DATA 结构
- updateType (2 字节): 16位无符号整型, 此结构固定为值 UPDATETYPE_BITMAP (0x0001).
- numberRectangles (2 字节): 16位无符号整型. 标识下方rectangles 字段所包含的屏幕矩形数量。
- rectangles (长度可变): TS_BITMAP_DATA 的不定长数组
- TS_BITMAP_DATA 的结构:
- destLeft (2 字节): 16位无符号整型. Left bound of the rectangle.
- destTop (2 字节)
- destRight (2 字节)
- destBottom (2 字节)
- width (2 字节): 16位无符号整型. 宽.
- height (2 字节): 16位无符号整型, 高
- bitsPerPixel (2 字节): 16位无符号整型. 颜色位深 bits-per-pixel.
- flags (2 字节): 16位无符号整型. 标识图像数据压缩 BITMAP_COMPRESSION(0x0001) NO_BITMAP_COMPRESSION_HDR(0x0400)
- bitmapLength (2 字节): 16位无符号整型. bitmapComprHdr 和 bitmapDataStream 字段的字节长度.
- bitmapComprHdr (8 字节): 可选
- bitmapDataStream (可变长度): A variable-length array of bytes describing a bitmap image. Bitmap data is either compressed or uncompressed, depending on whether the BITMAP_COMPRESSION flag is present in the flags field. Uncompressed bitmap data is formatted as a bottom-up, left-to-right series of pixels. Each pixel is a whole number of bytes. Each row contains a multiple of four bytes (including up to three bytes of padding, as necessary). Compressed bitmaps not in 32 bpp format are compressed using Interleaved RLE and encapsulated in an RLE Compressed Bitmap Stream structure (section 2.2.9.1.1.3.1.2.4), while compressed bitmaps at a color depth of 32 bpp are compressed using RDP 6.0 Bitmap Compression and stored inside an RDP 6.0 Bitmap Compressed Stream structure ([MS-RDPEGDI] section 2.2.2.5.1).