locked
Question about Server Drive Query Directory Request (DR_DRIVE_QUERY_DIRECTORY_REQ) MS-RDPEFS RRS feed

  • Question

  • Hi everybody,

     the [MS-RDPEFS]: Remote Desktop Protocol: File System Virtual Channel Extension v23.0 (7/14/2016) document specifies that when a DR_DRIVE_QUERY_DIRECTORY_REQ query is received and there is no more files a STATUS_NO_MORE_FILES status must be returned. But after decrypting a RDP connection I see that sometimes mstsc.exe returns a STATUS_NO_SUCH_FILE status.

    Also the STATUS_NO_MORE_FILES causes LibreOffice base to fail.

      Frame: Number = 7253, Captured Frame Length = 135, MediaType = DecryptedPayloadHeader
    + DecryptedPayloadHeader: FrameCount = 1, ErrorStatus = ERROR
      TLSSSLData: Transport Layer Security (TLS) Payload Data
    + TLS: TLS Rec Layer-1 SSL Application Data, Decryption Error
      ISOTS: TPKTCount = 1
    + TPKT: version: 3, Length: 78
    + X224: Data
    + T125: Data Packet
    + RDPBCGR: RDPEFS
      VirtualChannelData: RDPEFS
    - RDPEFS: RDPDrDeviceIORequest
      + RdpdrHeader: Component = RDPDR_CTYP_CORE, PacketId = PAKID_CORE_DEVICE_IOREQUEST
      - DrCoreDeviceIORequest: IRP_MJ_DIRECTORY_CONTROL, DeviceId = 2
         DeviceId: 2 (0x2)
         FileId: 6 (0x6)
         CompletionId: 2 (0x2)
         MajorFunction: IRP_MJ_DIRECTORY_CONTROL
         MinorFunction: IRP_MN_QUERY_DIRECTORY
         FileInformationClass: FileBothDirectoryInformation (3)
         InitialQuery: 0 (0x0)
         PathLength: 0 (0x0)
         Padding: Binary Large Object (23 Bytes)

      Frame: Number = 7255, Captured Frame Length = 100, MediaType = DecryptedPayloadHeader
    + DecryptedPayloadHeader: FrameCount = 1, ErrorStatus = ERROR
      TLSSSLData: Transport Layer Security (TLS) Payload Data
    + TLS: TLS Rec Layer-1 SSL Application Data, Decryption Error
      ISOTS: TPKTCount = 1
    + TPKT: version: 3, Length: 43
    + X224: Data
    + T125: Data Packet
    + RDPBCGR: RDPEFS
      VirtualChannelData: RDPEFS
    - RDPEFS: RDPDrDeviceIOCompletion
      + RdpdrHeader: Component = RDPDR_CTYP_CORE, PacketId = PAKID_CORE_DEVICE_IOCOMPLETION
      - DrDeviceIOCompletion: DeviceID = 2
         DeviceID: 2 (0x2)
         CompletionID: 2 (0x2)
       - IOStatus: Warning - 0x80000006 - STATUS_NO_MORE_FILES
          Code:      (................0000000000000110) 0x80000006 - STATUS_NO_MORE_FILES
          Facility:  (....000000000000................) Undefined Value(0)
          N:         (...0............................) Reserved
          C:         (..0.............................) Microsoft-defined
          Sev:       (10..............................) Warning
         Length: 0 (0x0)

      Frame: Number = 8872, Captured Frame Length = 173, MediaType = DecryptedPayloadHeader
    + DecryptedPayloadHeader: FrameCount = 1, ErrorStatus = ERROR
      TLSSSLData: Transport Layer Security (TLS) Payload Data
    + TLS: TLS Rec Layer-1 SSL Application Data, Decryption Error
      ISOTS: TPKTCount = 1
    + TPKT: version: 3, Length: 116
    + X224: Data
    + T125: Data Packet
    + RDPBCGR: RDPEFS
      VirtualChannelData: RDPEFS
    - RDPEFS: RDPDrDeviceIORequest
      + RdpdrHeader: Component = RDPDR_CTYP_CORE, PacketId = PAKID_CORE_DEVICE_IOREQUEST
      - DrCoreDeviceIORequest: IRP_MJ_DIRECTORY_CONTROL, DeviceId = 2
         DeviceId: 2 (0x2)
         FileId: 40 (0x28)
         CompletionId: 6 (0x6)
         MajorFunction: IRP_MJ_DIRECTORY_CONTROL
         MinorFunction: IRP_MN_QUERY_DIRECTORY
         FileInformationClass: FileBothDirectoryInformation (3)
         InitialQuery: 1 (0x1)
         PathLength: 38 (0x26)
         Padding: Binary Large Object (23 Bytes)
         Path: \tmp\test1.odb.lck

      Frame: Number = 8874, Captured Frame Length = 100, MediaType = DecryptedPayloadHeader
    + DecryptedPayloadHeader: FrameCount = 1, ErrorStatus = ERROR
      TLSSSLData: Transport Layer Security (TLS) Payload Data
    + TLS: TLS Rec Layer-1 SSL Application Data, Decryption Error
      ISOTS: TPKTCount = 1
    + TPKT: version: 3, Length: 43
    + X224: Data
    + T125: Data Packet
    + RDPBCGR: RDPEFS
      VirtualChannelData: RDPEFS
    - RDPEFS: RDPDrDeviceIOCompletion
      + RdpdrHeader: Component = RDPDR_CTYP_CORE, PacketId = PAKID_CORE_DEVICE_IOCOMPLETION
      - DrDeviceIOCompletion: DeviceID = 2
         DeviceID: 2 (0x2)
         CompletionID: 6 (0x6)
       + IOStatus: Error - 0xC000000F - STATUS_NO_SUCH_FILE
         Length: 0 (0x0)

    So the question is: When must I return STATUS_NO_MORE_FILES? And when must I return STATUS_NO_SUCH_FILE?

    Thank you very much!

    Monday, April 17, 2017 9:41 AM

Answers

  • UPDATE PROVIDED 4/27

    MS-RDPEFS section 2.2.3.3.10 Server Drive Query Directory Request (DR_DRIVE_QUERY_DIRECTORY_REQ) will be updated with the following information.

    When InitialQuery is set to 1, if such a file does not exist, the client MUST complete this request with STATUS_NO_SUCH_FILE in the IoStatus field of the Client Drive I/O Response packet.

    Regards,
    Sreekanth Nadendla
    Microsoft Windows Open specifications


    Friday, April 28, 2017 1:56 PM

All replies

  • Hello Bstia, I will be assisting you with your issue. Would you be able to contact me by sending email to dochelp at Microsoft dot com. Please attach a copy of the decrypted network trace with frame details.

    Regards,
    Sreekanth Nadendla
    Microsoft Windows Open specifications

    Monday, April 17, 2017 2:46 PM
  • UPDATE PROVIDED 4/27

    MS-RDPEFS section 2.2.3.3.10 Server Drive Query Directory Request (DR_DRIVE_QUERY_DIRECTORY_REQ) will be updated with the following information.

    When InitialQuery is set to 1, if such a file does not exist, the client MUST complete this request with STATUS_NO_SUCH_FILE in the IoStatus field of the Client Drive I/O Response packet.

    Regards,
    Sreekanth Nadendla
    Microsoft Windows Open specifications


    Friday, April 28, 2017 1:56 PM