Need help patching a termsrv.dll, Windows 7, 6.1.7601.22843. RDPwrap does have this termsrv.dll patched, but I do not use RDPwrap due to massive stability and reliability issues that have in the past cost me a datacenter run. When the termsrv.dll patch fails I can still login but when RDPwrap fails, it can deny connections even if you want to use it without multiuser. Anyways, I have attached what RDPwrap uses to "fix" RDP. Can binary patches be developed easily from this information or is working knowledge of IDA needed? [6.1.7601.22843] SingleUserPatch.x86=1 SingleUserOffset.x86=1A655 SingleUserCode.x86=nop SingleUserPatch.x64=1 SingleUserOffset.x64=17F96 SingleUserCode.x64=Zero DefPolicyPatch.x86=1 DefPolicyOffset.x86=19E25 DefPolicyCode.x86=CDefPolicy_Query_eax_esi DefPolicyPatch.x64=1 DefPolicyOffset.x64=17D6E DefPolicyCode.x64=CDefPolicy_Query_eax_rdi [6.1.7601.22843] ; Patch CSessionArbitrationHelper::IsSingleSessionPerUserEnabled ; Imagebase: 6F2E0000 ; .text:6F2FA64F lea eax, [ebp+VersionInformation] ; .text:6F2FA655 inc ebx <- nop ; .text:6F2FA656 push eax ; lpVersionInformation ; .text:6F2FA657 mov [ebp+VersionInformation.dwOSVersionInfoSize], 11Ch ; .text:6F2FA661 mov [esi], ebx ; .text:6F2FA663 call ds:__imp__GetVersionExW@4 ; GetVersionExW(x) SingleUserPatch.x86=1 SingleUserOffset.x86=1A655 SingleUserCode.x86=nop ; Imagebase: 7FF75A80000 ; .text:000007FF75A97F90 lea rcx, [rsp+198h+VersionInformation] ; lpVersionInformation ; .text:000007FF75A97F95 mov ebx, 1 <- 0 ; .text:000007FF75A97F9A mov [rsp+198h+VersionInformation.dwOSVersionInfoSize], 11Ch ; .text:000007FF75A97FA2 mov [rdi], ebx ; .text:000007FF75A97FA4 call cs:__imp_GetVersionExW SingleUserPatch.x64=1 SingleUserOffset.x64=17F96 SingleUserCode.x64=Zero ; Patch CDefPolicy::Query ; Original ; .text:6F2F9E25 cmp eax, [esi+320h] ; .text:6F2F9E2B jz loc_6F30B6D6 ; Changed ; .text:6F2F9E25 mov eax, 100h ; .text:6F2F9E2A mov [esi+320h], eax ; .text:6F2F9E30 nop DefPolicyPatch.x86=1 DefPolicyOffset.x86=19E25 DefPolicyCode.x86=CDefPolicy_Query_eax_esi ; Original ; .text:000007FF75A97D6E cmp [rdi+63Ch], eax ; .text:000007FF75A97D74 jz loc_7FF75AA4182 ; Changed ; .text:000007FF75A97D6E mov eax, 100h ; .text:000007FF75A97D73 mov [rdi+638h], eax ; .text:000007FF75A97D79 nop DefPolicyPatch.x64=1 DefPolicyOffset.x64=17D6E DefPolicyCode.x64=CDefPolicy_Query_eax_rdi
i know.. this thread is old.. but maybe you can help me.. scenario: two users... user 1 is restricted to start only a few programs.. user 2 is admin and starts some other programs... user 1 is connected to TV/Monitor... user 2 needs access only via RDP i want both of them to start their sessions right after boot... since several years i drive a solution that is not very nice: user 1 has auto login.. user 1 automaticaly starts a RDP session to user 2... and user 2 automaticaly kills this RDP session remotely... but.. this means, the restricted user 1 is able to connect via RDP to the admin user 2.. that's not good.. is there any solution to boot/autologin both users parallel, without giving user 1 access via RDP to user 2?
Any chance anyone will update this crack? I was activated, but now can't reactivate myself. I believe I took an update, and it wont let me activate it anymore.