You can make an issue with dll file and i will try to make it working. I will install insider build today and will make an update. Glad to be helpful
Hello in win 10 x64 19041.264 I tried to change 007444833D46BA<=>00EB44833D46BA EC2033DBC7400801<=>EC2033DBC7400800 39813C0600000F84D9510100<=>B80001000089813806000090 or to change only 39813C0600000F84D9510100<=>B80001000089813806000090 after x restarts the service did not start, it gives me always an error... thank you - whats wrong?
@Lucas Rey A couple of comments from a person following this guide: it may be just me doing something wrong, but IDA could not find any of the strings you've indicated, such as IsSingleSessionPerUserEnabled. It is likely that the functions were renamed or code altered. I've succeeded by looking for things like dword ptr [rax+8], 1 or cmp [rbp+arg_18], 0 the changes should happen in this order (otherwise you need to move back to the beginning to do the search in order to find the string): Code: EC 20 33 DB C7 40 08 01 00 00 00 ==> 01=>00 39 81 3C 06 00 00 0F 84 D9 51 01 00 ==> B8 00 01 00 00 89 81 38 06 00 00 90 00 74 44 83 3D 46 BA 07 00 02 ==> 74=>EB
- termsrv.dll x64 v2004 10.0.19041.84 11.05.2020 - Multiusuario: Permite conectarse remotamente con otro usuario sin cerrar la sesión local. DefPolicyOffset.x64 =17ED5 DefPolicyCode.x64 =CDefPolicy_Query_eax_rcx B80001000089813806000090 39813C0600000F84 B80001000089813806000090 File offset: 172D5h Write: B80001000089813806000090 Verification: Ok. - Multisesión: Permite conectarse remotamente con el mismo usuario sin cerrar la sesión local. SingleUserOffset.x64 =0BF0C SingleUserCode.x64 =Zero EC2033DBC7400801000000 : 01 > 00 File offset: B30Ch Write: 00 Verification: FAIL <------------------------------------------------ LocalOnlyOffset.x64 =87611 LocalOnlyCode.x64 =jmpshort 007444833D46BA070002 : 74 > EB File offset: 86A11h Write: EB Verification: FAIL <-----------------------------------------------
@Lucas Rey Hello Lucas, thanks for the instructions - I promise I will try next months - for now I would ask you for a patched termsrv file. Thanks a lot and greatings from italy
That's very strange, I don't think the string is related to language, my termsrv.dll is coming from Windows 10 Pro Italian. Could you please share your termsrv.dll? Out of curiosity.
@Lucas Rey I have x64 19041.264, Education (Business) is that the reason, why I have problems with the codes? Thanks
W10 Pro x64 19041.264 termsrv.dll 19041.84 x64 Multi-user Ok: 39813C0600000F84D9510100<=>B80001000089813806000090 When starting remote desktop with a different user than the one already logged in, the session is opened and the one of the local machine is maintained. Multi-session Fail: 007444833D46BA<=>00EB44833D46BA Multi-session Fail: EC2033DBC7400801<=>EC2033DBC7400800 When you start remote desktop with the same user who is already logged in, you are logged out and moved to the remote machine.