[DISCUSSION] Windows 10 termsrv.dll Patching

Discussion in 'Windows 10' started by Mr Jinje, Oct 2, 2014.

  1. boyonthebus

    boyonthebus MDL Member

    Sep 16, 2018
    232
    115
    10
    17763 activates just as 18298 does. So activation is not an issue.
     
  2. cyberbot

    cyberbot MDL Senior Member

    Jul 30, 2011
    471
    20
    10
    Guys today there is a new release and have crashes the rdpwrap.
    any suggestiosn which version to use ?
    thank you so much
     
  3. Prince_Charles

    Prince_Charles MDL Novice

    May 10, 2007
    36
    27
    0
    [10.0.17763.168]
    LocalOnlyPatch.x64=1
    LocalOnlyOffset.x64=77AF1
    LocalOnlyCode.x64=jmpshort
    SingleUserPatch.x64=1
    SingleUserOffset.x64=3DC70
    SingleUserCode.x64=Zero
    DefPolicyPatch.x64=1
    DefPolicyOffset.x64=17F45
    DefPolicyCode.x64=CDefPolicy_Query_eax_rcx
    SLInitHook.x64=1
    SLInitOffset.x64=1ABFC
    SLInitFunc.x64=New_CSLQuery_Initialize

    [10.0.17763.168-SLInit]
    bInitialized.x64 =ECAB0
    bServerSku.x64 =ECAB4
    lMaxUserSessions.x64 =ECAB8
    bAppServerAllowed.x64 =ECAC0
    bRemoteConnAllowed.x64=ECAC4
    bMultimonAllowed.x64 =ECAC8
    ulMaxDebugSessions.x64=ECACC
    bFUSEnabled.x64 =ECAD0

    ==================
    [CU 10.0.17763.194 uses termsrv 10.0.17763.168]
     
  4. Baiony

    Baiony MDL Novice

    May 23, 2010
    4
    2
    0
    @Prince_Charles can you give us a patched file (termsrv 10.0.17763.168) ? :D Thank you in advance !
     
  5. bjf2000

    bjf2000 MDL Addicted

    Apr 11, 2008
    965
    142
    30
    The patch strings are the same as for the original 17763. Look up the thread a bit.
     
  6. cyberbot

    cyberbot MDL Senior Member

    Jul 30, 2011
    471
    20
    10
    #107 cyberbot, Dec 12, 2018
    Last edited: Dec 12, 2018
    @Prince_Charles Do we have to add this to the ini file ?
    it working thank you
     
  7. andarcavar

    andarcavar MDL Novice

    Oct 20, 2013
    13
    1
    0
    Hello,
    Can anybody provide the patched file for 17763.253? I suppose the file termsrv.dll is the same despite the CU version, am I right?
    I've tried to find and replace the hex string, doesn't matter how I try, the result is the same: not found

    FIND:
    39813C0600000F847F2C0100
    OR
    39 81 3C 06 00 00 0F 84 7F 2C 01 00
    REPLACE:
    B80001000089813806000090

    I've tried HxD, can't find!

    Any help would be highly appreciated.

    Thanks in advance!
     
  8. bjf2000

    bjf2000 MDL Addicted

    Apr 11, 2008
    965
    142
    30
    39813C0600000F847F2C0100 is still there (look at the 17340h row for the start of it), same place. I'm not sure what MS is doing updating the file again, since this isn't what they've done in the past (well, they've updated it between major builds, though very rarely, but when they have, these things actually changed). This new behavior of theirs is very annoying.
     
  9. andarcavar

    andarcavar MDL Novice

    Oct 20, 2013
    13
    1
    0
    #110 andarcavar, Jan 14, 2019
    Last edited: Jan 14, 2019
    There where something wrong with the hex editor, pretty weird.
    According to Prince_Charles's post, I've changed only these:
    FIND:
    39813C0600000F847F2C0100
    REPLACE:
    B80001000089813806000090

    FIND:
    8B8058010000FF1597
    REPLACE:
    8B8058000000FF1597

    I've find somewhere else a post when i read about one more to be changed but I didn't.
    FIND:
    007418488D
    REPLACE:
    00EB18488D

    Thanks so much.

    LE: Looks like 00EB18488D is only applicable to Windows Enterprise for Virtual Desktops.
    Not my case, PRO version here.
     
  10. bjf2000

    bjf2000 MDL Addicted

    Apr 11, 2008
    965
    142
    30
    I only noticed it later, but there is no 17763.253 for termsrv.dll. Yes, the date changed on it, but the version number is still .168 and its hash matches the one that came with .168. That certainly explains why nothing changed. :)

    I hope MS doesn't make a habit of changing the date on files for no reason, because when they do, I think that means that the previous one is overwritten, even if it's identical. I wonder if this relates to the switch to Express updates from Delta updates in 17763?
     
  11. andarcavar

    andarcavar MDL Novice

    Oct 20, 2013
    13
    1
    0
    #112 andarcavar, Jan 15, 2019
    Last edited: Jan 17, 2019
    The solution is working very well, as long as you wanna open a new connection using one different user account.
    In case to connect remotely to the current session already opened, a brand new session is created and you are not able to find all the applications already opened, this is the problem. Basically you got two connections under the same user (the one with what you worked and the new one via remote)
    The behavior is totally different comparing with older versions.
    What can I do to use the remote server like I haven't applied this patch? Classic way, I mean.
    Thanks.

    LE: For what I want: remote with a different user account or remote with the main one but not creating a new session You have to replace the first string ONLY (39813C0600000F847F2C0100 ===> B80001000089813806000090) but NOT the second one.
     
  12. bjf2000

    bjf2000 MDL Addicted

    Apr 11, 2008
    965
    142
    30
    This time, with 17763.292, the DLL actually was updated, not just timestamped, probably to fix this:
    "Addresses an issue that causes Remote Desktop Services to stop accepting connections after accepting several connections."

    But the string still hasn't changed, which is weird.
     
  13. Prince_Charles

    Prince_Charles MDL Novice

    May 10, 2007
    36
    27
    0
    #115 Prince_Charles, Jan 25, 2019
    Last edited: Jan 25, 2019
    [10.0.17763.292]
    LocalOnlyPatch.x64=1
    LocalOnlyOffset.x64=77A11
    LocalOnlyCode.x64=jmpshort
    SingleUserPatch.x64=1
    SingleUserOffset.x64=3E570
    SingleUserCode.x64=Zero
    DefPolicyPatch.x64=1
    DefPolicyOffset.x64=17F45
    DefPolicyCode.x64=CDefPolicy_Query_eax_rcx
    SLInitHook.x64=1
    SLInitOffset.x64=1ABFC
    SLInitFunc.x64=New_CSLQuery_Initialize

    [10.0.17763.292-SLInit]
    bInitialized.x64 =ECAB0
    bServerSku.x64 =ECAB4
    lMaxUserSessions.x64 =ECAB8
    bAppServerAllowed.x64 =ECAC0
    bRemoteConnAllowed.x64=ECAC4
    bMultimonAllowed.x64 =ECAC8
    ulMaxDebugSessions.x64=ECACC
    bFUSEnabled.x64 =ECAD0

    @andarcavar

    "Basically you got two connections under the same user (the one with what you worked and the new one via remote)"

    You are logging into the administrator account. The behaviour you are describing is standard: how else would you be able to remotely administer a machine?

    Create a normal account:

    Either regedit or use RDPWrap's configuration utility to set fSingleSessionPerUser.

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server fSingleSessionPerUser (dword) = 0|1
     
  14. l33tissw00t

    l33tissw00t MDL Addicted

    Dec 6, 2012
    784
    479
    30
    This was asked in Telegram group, and didn't receive any good answers. Maybe people here can offer some input.

    Is there any build/sku of Windows 10 that will support concurrent sessions consistently - regardless of windows updates? Does LTSB cumulative updates ever shake of RDP?
    Basically, looking for stable W10 for RDP use.
     
  15. mkuba50

    mkuba50 MDL PHP Wizard

    Nov 9, 2012
    763
    5,230
    30
    Windows 10 Enterprise for Virtual Desktops supports connecting to multiple user accounts at the same time.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  16. l33tissw00t

    l33tissw00t MDL Addicted

    Dec 6, 2012
    784
    479
    30
    What SKU is that in product.ini ?
     
  17. mkuba50

    mkuba50 MDL PHP Wizard

    Nov 9, 2012
    763
    5,230
    30
    ServerRDSH. First install normal Enterprise and then change key to ServerRDSH. If you install it normally you will not be able to create account.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  18. bjf2000

    bjf2000 MDL Addicted

    Apr 11, 2008
    965
    142
    30
    Pretty sure it needs further licensing though after the trial period (90 days?), just like like RDSH does.

    This is unrelated to Windows activation.