-
Notifications
You must be signed in to change notification settings - Fork 14
/
Copy pathREADME
58 lines (38 loc) · 2.17 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
mstscdump: MSTSC Packet Dump Utility
====================================
The mstscdump utility allows unencrypted RDP packets being sent or received by
MSTSC.EXE (or any other application that loads MSTSCAX.DLL) to be captured into
a PCAP file for later analysis in various tools such as Microsoft Message Analyzer,
Microsoft Network Monitor, or WireShark. It also demonstrates how to hook into the
ActiveX interfaces exposed by MSTSCAX.DLL.
How to use the utility
----------------------
Precompiled binaries for x86 and x64 are provided in the bin\x86 and bin\x64
directories, respectively. Open a Command Prompt window and change directories
to the appropriate directory. Two binaries are provided.
mstscdump.exe - Main binary for the utility
mstschook.dll - Hook module for hooking MSTSCAX.DLL
When executed, the utility will create a mstscdump.pcap file containing the
captured packets. This file will get written to the current directory.
The following examples will cause mstscdump to execute MSTSC.EXE.
mstscdump - runs MSTSC.EXE with no arguments
mstscdump /v:MikeM-Win2012 - runs MSTSC.EXE with specified arguments
mstscdump MikeM-Win2012.rdp - runs MSTSC.EXE with an RDP file as the argument
The following example will cause mstscdump to execute VMCONNECT.EXE.
mstscdump vmconnect localhost MikeM-Win2012
Any application loading MSTSCAX.DLL can be analyzed by running "mstscdump <program>"
where <program> is the application (plus command line arguments) to be analyzed.
Building the utility from sources
---------------------------------
A build.bat and Makefile have been provided to assist in building the software
from sources. A proper installation of Visual Studio is required. Visual Studio
2012 was used for testing purposes.
To build the software:
1. Open a Developer Command Prompt window for Visual Studio.
2. Change directories to the root directory for mstscdump.
3. Type "build" to execute the build.bat script.
Resulting binaries are written to the bin\x86 and bin\x64 directories.
Additional Information
----------------------
Feature requests, bug reports, or kudos can be sent to Mike McDonald at
mikem@nogginware.com.