[DISCUSSION] Windows 10 termsrv.dll Patching

- termsrv.dll x64 19041.746 12.01.2020 (Windows x64 v20H2 10.0.19042.746)
- Multi-user: File offset: 17E15h. Write: B80001000089813806000090
- Multi-session: File offset: BF52h. Write: 00

 

This change doesn't work for me. What could be the reason? fSingleSessionPerUser = 0 - need any additional settings?

 

For multi-user the first change is made. For multi-session you need the 2 changes. If you only do the second one, it won't work.
Check that the 00 is written where the 01 is and not at the beginning of the search string, or better go to the displacement and write a 00 without searching for anything.
termsrv.dll x64 19041.746 12.01.2020 (Windows x64 v20H2 10.0.19042.746) easyupload.io/yf9cdj

 

these are my changes (match yours):
fc /b termsrv.dll.bak termsrv.dll
0000BF52: 01 00
00017E15: 39 B8
00017E16: 81 00
00017E17: 3C 01
00017E18: 06 00
00017E1A: 00 89
00017E1B: 0F 81
00017E1C: 84 38
00017E1D: 01 06
00017E1E: 5E 00
00017E1F: 01 00
00017E20: 00 90

 

The file comparison you have done is correct.
I confirm that it works. I've checked again. I put the remote desktop and log in with the same user who is already logged in locally.
I'm sorry it doesn't work for you but it has to be something else. These search strings work from version termsrv.dll:
19041.84 11.05.2020 27.09.2020 (Windows 10 x64 v2004)
19041.662 01.12.2020 (Windows x64 v20H2 10.0.19042.662 .685)
19041.746 12.01.2020 (Windows x64 v20H2 10.0.19042.746)

 

===============================
termsrv.dll (x64) 10.0.19041.746
===============================

39813C0600000F84015E0100
B80001000089813806000090

 

This works Thank you.

JoNaTaZ said
39813C0600000F84015E0100
B80001000089813806000090

 

Can you test 2 or 3 sessions with the same user from remote computer?

 

RDP Wrapper works on this version(Win Serv 2019).
10.0.17763.1697 version, on the site github.

 

- termsrv.dll x64 19041.789 03.02.2021 (Windows x64 v20H2 10.0.19042.789)
- Multi-user: File offset: 17E15h. Write: B80001000089813806000090
- Multi-session: File offset: BF52h. Write: 00

 

when you write 12 bytes over the 8 and restart the service, it says it is "The Remote Desktop Services service could not be started. A system error has occured. *** is not a valid Win32 application."

edit: searched and replaced 39813C0600000F84015E0100 with B80001000089813806000090, worked on .789

 

Search 8 bytes: 39813C0600000F84 --> offset 17E15h --> Write 12 bytes: B80001000089813806000090.
Search 12 bytes: 39813C0600000F84015E0100 --> offset 17E15h --> Write 12 bytes: B80001000089813806000090.
Search 4 bytes: 39813C06 --> offset 17E15h --> Write 12 bytes: B80001000089813806000090.

They are exactly the same. You would do something wrong in the search for the 8 bytes so that it does not work. Maybe you didn't restart the computer? Maybe you compressed the 12 bytes to be written into 8 bytes? XDD

 

If you're not in overwrite mode, it will insert the 12 bytes in an 8 byte space, shifting the data and the file won't work.

 

From now on I will not put more search strings. I'll put an offset and the bytes to write so that you don't have to look for anything that confuses people.

- termsrv.dll x64 19041.789 03.02.2021 (Windows x64 v20H2 10.0.19042.789.844)
- Multi-user: File offset: 17E15h. Write: B80001000089813806000090
- Multi-session: File offset: BF52h. Write: 00

 

I ask again. Can you test 2 or 3 sessions with the same user from remote computer?

 

You need to login to view this posts content.

 

You need to login to view this posts content.

 

Try, who knows what you can stir up...

 

Edition Windows 10 Pro
Version 20H2
OS Build 19042.867
Experience Windows Feature Experience Pack 120.2212.551.0

& Windows Server 2019

RDP Patch

 

=========================
Windows 10 Pro
Version: 20H2
OS Build: 19042.964
termsrv.dll: 10.0.19041.964
=========================
Replace:
39813C0600000F84E16A0100

B80001000089813806000090