[DISCUSSION] Windows 10 termsrv.dll Patching

Discussion in 'Windows 10' started by Mr Jinje, Oct 2, 2014.

Page 23 of 24
  1. kixeon

    kixeon MDL Novice

    May 5, 2015
    7
    1
    0
    #441 kixeon, Aug 16, 2023
    Last edited: Aug 16, 2023
    Hello to everyone!
    On a github page of rdp wrapper I found information that I can have up to 15 concurrent connections (the actual limitation depends on your hardware and OS version).
    What does this actually mean? I need 20+ connection. Everything is working fine on Win7 with wrapper. I was thinking to upgrade OS to Win10 but I'm not sure what to do now.
    Any advice?
    Thank you.
     
  2. lancillotto

    lancillotto MDL Novice

    Aug 3, 2010
    1
    0
    0
    #442 lancillotto, Sep 10, 2023
    Hi everyone,
    I downloaded the latest rdpwrap.ini (Updated=2023-09-09, Edited by sebaxakerhtc) just to double check my IdaPro skills.
    I think there is an error in SingleUserOffset.x64. Termsrv.dll version is 10.0.22621.2070.

    [10.0.22621.2070]
    ; no x86 section

    LocalOnlyPatch.x64 =1
    LocalOnlyOffset.x64 =9BBA1
    LocalOnlyCode.x64 =jmpshort
    SingleUserPatch.x64 =1
    SingleUserOffset.x64 =1CC29 <--- according to IdaPro should be 18602
    SingleUserCode.x64 =Zero
    DefPolicyPatch.x64 =1
    DefPolicyOffset.x64 =1C045
    DefPolicyCode.x64 =CDefPolicy_Query_eax_rcx
    SLInitHook.x64 =1
    SLInitOffset.x64 =28BA0
    SLInitFunc.x64 =New_CSLQuery_Initialize

    Strangely enough the correct offset is just a few lines above (in 10.0.22621.2066 section):

    [10.0.22621.2066]
    ; no x86 section

    LocalOnlyPatch.x64 =1
    LocalOnlyOffset.x64 =9BBA1
    LocalOnlyCode.x64 =jmpshort
    SingleUserPatch.x64 =1
    SingleUserOffset.x64 =18602 <--- right one for ver 10.0.22621.2070
    SingleUserCode.x64 =Zero
    DefPolicyPatch.x64 =1
    DefPolicyOffset.x64 =1C045
    DefPolicyCode.x64 =CDefPolicy_Query_eax_rcx
    SLInitHook.x64 =1
    SLInitOffset.x64 =28BA0
    SLInitFunc.x64 =New_CSLQuery_Initialize

    Furthermore, the remaining offsets in 10.0.22621.2066...they are exactly the same as those of ver 10.0.22621.2070.
    Is it possible? I don't have termsrv.dll ver 10.0.22621.2066 to check it out...
    Someone (human error?) or something (automated tools? autohotkey?...) must have messed things up.
     
  3. JoNaTaZ

    JoNaTaZ MDL Novice

    Oct 1, 2009
    24
    35
    0
    #443 JoNaTaZ, Sep 27, 2023
    Windows 10 Pro
    Version: 22H2
    OS Build: 19045.3516
    ===================================
    termsrv.dll (x64): 10.0.19041.3516
    ===================================

    Offset: 1E715

    Search: 39 81 3C 06 00 00 0F 84 F7 40 01 00

    Replace: B8 00 01 00 00 89 81 38 06 00 00 90
     
  4. selcali

    selcali MDL Novice

    Oct 7, 2011
    12
    1
    0
    #444 selcali, Oct 21, 2023
    anyone have the search value for 10.0.19041.3570 ?
     
  5. dima_zeus

    dima_zeus MDL Novice

    Jul 28, 2015
    5
    0
    0
    #445 dima_zeus, Oct 29, 2023
    i am joining
     
  6. JoNaTaZ

    JoNaTaZ MDL Novice

    Oct 1, 2009
    24
    35
    0
    #446 JoNaTaZ, Oct 30, 2023
    Windows 10 Pro
    Version: 22H2
    OS Build: 19045.3636
    ===================================
    termsrv.dll (x64): 10.0.19041.3636
    ===================================

    Offset: 1E710

    Search: 39 81 3C 06 00 00 0F 84 F7 40 01 00

    Replace: B8 00 01 00 00 89 81 38 06 00 00 90
     
  7. bjf2000

    bjf2000 MDL Expert

    Apr 11, 2008
    1,104
    200
    60
    #447 bjf2000, Nov 3, 2023
    It's the same as what's posted in the previous post to this for 10.0.19041.3636.
     
  8. shweew

    shweew MDL Novice

    Nov 21, 2009
    5
    3
    0
    #448 shweew, Nov 14, 2023
    termsrv.dll (x64): 10.0.19041.3570
    ===============================
    Search:
    39 81 3C 06 00 00 0F 84 F7 40 01 00
    Replace:
    B8 00 01 00 00 89 81 38 06 00 00 90
     
  9. FreddieLourens

    FreddieLourens MDL Novice

    Oct 21, 2017
    3
    0
    0
    #449 FreddieLourens, Jan 15, 2024
    v10.0.22621.2861
    Find: (regel 1C04A)
    39 81 3C 06 00 00 0F 84 DF 89 01 00
    Replace With: (Multi-User)
    B8 00 01 00 00 89 81 38 06 00 00 90
     
  10. shweew

    shweew MDL Novice

    Nov 21, 2009
    5
    3
    0
    #450 shweew, Jan 26, 2024
    Last edited: Jan 26, 2024
    Delete
     
  11. dima_zeus

    dima_zeus MDL Novice

    Jul 28, 2015
    5
    0
    0
    #451 dima_zeus, Apr 9, 2024
    termsrv.dll (x64): "10.0.19041.4239" is not ready?
     
  12. pm67310

    pm67310 MDL Guru

    Sep 6, 2011
    3,548
    2,783
    120
    #452 pm67310, Apr 9, 2024
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  13. dima_zeus

    dima_zeus MDL Novice

    Jul 28, 2015
    5
    0
    0
    #453 dima_zeus, Apr 9, 2024
    Thanks, but I'm looking for the dll-file.
     
  14. JoNaTaZ

    JoNaTaZ MDL Novice

    Oct 1, 2009
    24
    35
    0
    #454 JoNaTaZ, Apr 10, 2024
    Last edited: Apr 10, 2024
    Windows 10 Pro
    Version: 22H2
    OS Build: 19045.4291
    ===================================
    termsrv.dll (x64): 10.0.19041.4239
    ===================================

    Offset: 1E6D5

    Search : 39 81 3C 06 00 00 0F 84 A7 3A 01 00

    Replace: B8 00 01 00 00 89 81 38 06 00 00 90
     
  15. dima_zeus

    dima_zeus MDL Novice

    Jul 28, 2015
    5
    0
    0
    #455 dima_zeus, Apr 10, 2024

    Big Thanks!!!!!!!!!!!!!! You are The Best!
     
  16. JoNaTaZ

    JoNaTaZ MDL Novice

    Oct 1, 2009
    24
    35
    0
    #456 JoNaTaZ, Apr 24, 2024
    Windows 10 Pro
    Version: 22H2
    OS Build: 19045.4355
    ===================================
    termsrv.dll (x64): 10.0.19041.4355
    ===================================

    Offset: 1E775

    Search : 39 81 3C 06 00 00 0F 84 67 42 01 00

    Replace: B8 00 01 00 00 89 81 38 06 00 00 90
     
  17. dima_zeus

    dima_zeus MDL Novice

    Jul 28, 2015
    5
    0
    0
    #457 dima_zeus, May 3, 2024
    Thanks!!!!!!!!!!
     
  18. JoNaTaZ

    JoNaTaZ MDL Novice

    Oct 1, 2009
    24
    35
    0
    #458 JoNaTaZ, May 31, 2024
    Windows 10 Pro
    Version: 22H2
    OS Build: 19045.4474
    ===================================
    termsrv.dll (x64): 10.0.19041.4474
    ===================================

    Offset: 1E855

    Search : 39 81 3C 06 00 00 0F 84 A7 67 01 00

    Replace: B8 00 01 00 00 89 81 38 06 00 00 90
     
  19. Wupt

    Wupt MDL Novice

    Jun 13, 2010
    1
    0
    0
    #459 Wupt, Jun 5, 2024
    I've used the patchs here and also the termsrv_rdp_patch.ps1 to patch the termsrv.dll, but with both I now face an issue when logging onto an RDP session that was first opened with rdp, the session closes upon logging and open another fresh one, but if the session was first opened in the console instead the behavior is as expected (it takes control of the disconnected session) even multiple times.
    any idea why this happens ? It's strange I can't find anyone with the same issue as me as it's a very blatant one
     
  20. DavicoRm

    DavicoRm MDL Novice

    Aug 17, 2009
    1
    1
    0
    #460 DavicoRm, Aug 15, 2024
    Windows Server 2022
    termsrv.dll x64 v10.0.20348.2652
    Multi-User: Offset: 1C975
    Search : 39 81 3C 06 00 00 0F 84 2D 7B 01 00
    Replace : B8 00 01 00 00 89 81 38 06 00 00 90

    Windows Server 2022
    termsrv.dll x64 v10.0.20348.1906
    Multi-User: Offset: 1C945
    Search : 39 81 3C 06 00 00 0F 84 89 53 01 00
    Replace : B8 00 01 00 00 89 81 38 06 00 00 90

    Windows Server 2019
    termsrv.dll x64 v10.0.17763.5830
    Multi-User: Offset: 1F835
    Search : 39 81 3C 06 00 00 0F 84 DD 93 01 00
    Replace : B8 00 01 00 00 89 81 38 06 00 00 90

    Windows Server 2019
    termsrv.dll x64 v10.0.17763.1971
    Multi-User: Offset: 17475
    Search : 39 81 3C 06 00 00 0F 84 E3 2B 01 00
    Replace : B8 00 01 00 00 89 81 38 06 00 00 90
     
Page 23 of 24