-
Notifications
You must be signed in to change notification settings - Fork 252
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use RDPDR logged on message to time payloads properly #98
Comments
Need to confirm, but i'm 90% sure the message does not get sent if the RDPDR channel is not activated. The purpose of this PDU is to prevent the client from sending useless disk/other IO requests that won't get answered because the client should not have access to the devices |
However, in a typical work environnent, I think its a fair assumption to say that the channel is active most of the time (since I think its activated by default) |
What I would really like to know is whether or not it gets sent even if the client does not have the intention of mapping drives or anything. I'm think all MS clients initialize all channels anyway. If this is indeed the case, then we could probably make use of that message 100% of the time. |
So the client needs to send its capabilities first, we just gotta confirm that tsclient.exe indeed does that even if you don't map anything (I'd think its the case) |
I've done a few tests to understand how the RDPDR channel works, and from my understanding, it only seems enabled when connecting via the default Windows RDP client. I've tried a few other RDP clients. For example, using Windows Remote Client, the server sends the "PAKID_CORE_SERVER_ANNOUNCE" request after connection, but the client never sent any DeviceRedirectionPDU. |
I'm going to close this since the proposed solution would not work across all clients (FreeRDP uses rdpdr for announce lists but never seems to receive a We can revisit this if we find a better way to detect authentication in the future. |
The RDPDR channel seems to send a special PDU when the user has logged on. This would be ideal for timing on-connection payloads.
The packet ID for this message is PAKID_CORE_USER_LOGGEDON.
To do:
The text was updated successfully, but these errors were encountered: