[DISCUSSION] Windows 10 termsrv.dll Patching

Discussion in 'Windows 10' started by Mr Jinje, Oct 2, 2014.

  1. Prince_Charles

    Prince_Charles MDL Novice

    May 10, 2007
    38
    33
    0
    Configuration changes to RDP require that the RDP service be restarted.

    Assuming single session RDP mode, try this: restart the server machine: don't log on (headless mode!). From the client machine, initiate an RDP session to the server; iniitiate a second RDP session (with the same credentials as the first) to the server; the first RDP session should terminate, the second session should have connected to the first. This behaviour is consistent with single session RDP.

    If you try to initiate an RDP session with a local session on the server (that is, one where someone has physically logged onto the server) a new RDP session will be initiated: a remote user should never be able to terminate an existing local session. But (assuming single-user mode) a subsequent RDP session will relinquish control of the existing session.

    RDPWrap is working the way that I "designed" and want it to: that under no cirumstance where the server is being administered locally that administrative control is lost.

    The conventional offsets for RDPWrap might give you the behaviour that you desire.
     
  2. ner0

    ner0 MDL Novice

    Aug 12, 2012
    3
    1
    0
    I got a different offset for LocalOnlyOffset.x64, and also SingleUserOffset.x64 seems to be inaccurate, possibly based on the wrong offset from a previous version:


    [10.0.18362.53]
    LocalOnlyPatch.x64=1
    LocalOnlyOffset.x64=82FB5
    LocalOnlyCode.x64=jmpshort
    SingleUserPatch.x64=1
    SingleUserOffset.x64=0DCC9
    SingleUserCode.x64=Zero
    DefPolicyPatch.x64=1
    DefPolicyOffset.x64=1FE15
    DefPolicyCode.x64=CDefPolicy_Query_eax_rcx
    SLInitHook.x64=1
    SLInitOffset.x64=22DDC
    SLInitFunc.x64=New_CSLQuery_Initialize

    [10.0.18362.53-SLInit]
    bInitialized.x64 =F6A8C
    bServerSku.x64 =F6A90
    lMaxUserSessions.x64 =F6A94
    bAppServerAllowed.x64 =F6A9C
    bRemoteConnAllowed.x64=F6AA0
    bMultimonAllowed.x64 =F6AA4
    ulMaxDebugSessions.x64=F6AA8
    bFUSEnabled.x64 =F6AAC


    Sources: github.com/stascorp/rdpwrap/issues/766#issuecomment-487979257
     
  3. Prince_Charles

    Prince_Charles MDL Novice

    May 10, 2007
    38
    33
    0
    @ner0

    See #141

    The conventional
    SingleUserOffset.x64 does not give me the behaviour that I desire: robust (enterprise class) client-server RDP.
     
  4. cyberbot

    cyberbot MDL Senior Member

    Jul 30, 2011
    473
    20
    10
    i am looking for a patched termsrv.dll x64 10.0.18362.53
    unfortunately RDPwrap is working however redirected printers are not working. that why we are using the patched termserv.
    anyone can provide the solutions would be much appreciate it.
     
  5. bjf2000

    bjf2000 MDL Addicted

    Apr 11, 2008
    969
    143
    30
    It's in the middle of post #134.
     
  6. cyberbot

    cyberbot MDL Senior Member

    Jul 30, 2011
    473
    20
    10
    i think on post #134 is just the ini file of the RDPwrap.
    i dont see the .dll file
     
  7. JeanYuhs

    JeanYuhs MDL Member

    Feb 16, 2010
    186
    122
    10
    You have to patch it yourself, this place doesn't supply the actual .dll files, that's entirely too risky, hence the instructions on how to patch the file yourself from your local copy.
     
  8. l33tissw00t

    l33tissw00t MDL Addicted

    Dec 6, 2012
    795
    490
    30
    Ever found a fix to this? That limits single session ONLY
     
  9. Hotty

    Hotty MDL Novice

    Aug 5, 2010
    1
    0
    0
    #149 Hotty, Jun 15, 2019
    Last edited: Jun 15, 2019
    deleted...
     
  10. GoodIPABeer

    GoodIPABeer MDL Novice

    Jan 27, 2019
    1
    0
    0
    Not sure if this is the behavior you're looking for, but on my remote computer I usually have 2 sessions open for the same username.

    What I do is I disable Single session per user, then after the two sessions are up, I then enable Single session per user. What this does it keeps the two sessions I have open, but restricts the sessions for the username to one of those two sessions.
     
  11. Prince_Charles

    Prince_Charles MDL Novice

    May 10, 2007
    38
    33
    0
    =============================
    termsrv.dll x64 10.0.18362.10000
    =============================

    rdpwrap.ini

    [10.0.18362.10000]
    LocalOnlyPatch.x64=1
    LocalOnlyOffset.x64=82FB5
    LocalOnlyCode.x64=jmpshort
    SingleUserPatch.x64=1
    SingleUserOffset.x64=0DBFC
    SingleUserCode.x64=Zero
    DefPolicyPatch.x64=1
    DefPolicyOffset.x64=1FE15
    DefPolicyCode.x64=CDefPolicy_Query_eax_rcx
    SLInitHook.x64=1
    SLInitOffset.x64=22DDC
    SLInitFunc.x64=New_CSLQuery_Initialize

    [10.0.18362.10000-SLInit]
    bInitialized.x64 =F6A8C
    bServerSku.x64 =F6A90
    lMaxUserSessions.x64 =F6A94
    bAppServerAllowed.x64 =F6A9C
    bRemoteConnAllowed.x64=F6AA0
    bMultimonAllowed.x64 =F6AA4
    ulMaxDebugSessions.x64=F6AA8
    bFUSEnabled.x64 =F6AAC


    ================

    39813C0600000F845D610100
    B80001000089813806000090

    7DBB007452833D52
    7DBB00EB52833D52

    DBC7400801000000
    DBC7400800000000
     
  12. Baiony

    Baiony MDL Novice

    May 23, 2010
    5
    2
    0
    Hello ... any news for 10.0.18362.267 (to patch the dll file) ? Thanks !

    P.S. .. for "rdpwrap.ini" I found this (but I dont' use rdpwrap app):
    [10.0.18362.267]
    LocalOnlyPatch.x64=1
    LocalOnlyOffset.x64=82FB5
    LocalOnlyCode.x64=jmpshort
    SingleUserPatch.x64=1
    SingleUserOffset.x64=0DBFC
    SingleUserCode.x64=Zero
    DefPolicyPatch.x64=1
    DefPolicyOffset.x64=1FE15
    DefPolicyCode.x64=CDefPolicy_Query_eax_rcx
    SLInitHook.x64=1
    SLInitOffset.x64=22DDC
    SLInitFunc.x64=New_CSLQuery_Initialize

    [10.0.18362.267-SLInit]
    bInitialized.x64 =F6A8C
    bServerSku.x64 =F6A90
    lMaxUserSessions.x64 =F6A94
    bAppServerAllowed.x64 =F6A9C
    bRemoteConnAllowed.x64=F6AA0
    bMultimonAllowed.x64 =F6AA4
    ulMaxDebugSessions.x64=F6AA8
    bFUSEnabled.x64 =F6AAC
     
  13. magarjoba

    magarjoba MDL Novice

    Aug 6, 2019
    1
    0
    0
    Dear forum users
    . help with the problem, namely the patch on Win10x64 [10.0.17134.1] does not work correctly.
    I became familiar with the methods for replacing and patching termsrv.dll but:
    1) in the use case of RDPWrap simultaneous login from under the same user does not work, in ini file
    Code:
    [10.0.17134.1]
    LocalOnlyPatch.x86=1
    LocalOnlyOffset.x86=AD738
    LocalOnlyCode.x86=jmpshort
    LocalOnlyPatch.x64=1
    LocalOnlyOffset.x64=925D1
    LocalOnlyCode.x64=jmpshort
    SingleUserPatch.x86=1
    SingleUserOffset.x86=36B0C
    SingleUserCode.x86=nop
    SingleUserPatch.x64=1
    SingleUserOffset.x64=1511C
    SingleUserCode.x64=Zero
    DefPolicyPatch.x86=1
    DefPolicyOffset.x86=33569
    DefPolicyCode.x86=CDefPolicy_Query_eax_ecx
    DefPolicyPatch.x64=1
    DefPolicyOffset.x64=10E78
    DefPolicyCode.x64=CDefPolicy_Query_edi_rcx
    SLInitHook.x86=1
    SLInitOffset.x86=474AD
    SLInitFunc.x86=New_CSLQuery_Initialize
    SLInitHook.x64=1
    SLInitOffset.x64=22E6C
    SLInitFunc.x64=New_CSLQuery_Initialize
    
    
    [10.0.17134.1-SLInit]
    bInitialized.x86      =CBF38
    bServerSku.x86        =CBF3C
    lMaxUserSessions.x86  =CBF40
    bAppServerAllowed.x86 =CBF44
    bRemoteConnAllowed.x86=CBF48
    bMultimonAllowed.x86  =CBF4C
    ulMaxDebugSessions.x86=CBF50
    bFUSEnabled.x86       =CBF54
    
    bServerSku.x64        =F1378
    lMaxUserSessions.x64  =F137C
    bAppServerAllowed.x64 =F1380
    bInitialized.x64      =F2430
    bRemoteConnAllowed.x64=F2434
    bMultimonAllowed.x64  =F2438
    ulMaxDebugSessions.x64=F243C
    bFUSEnabled.x64       =F2440
    
    -------

    original file, from my PC

    Here are the meanings
    and this option does not work.

    The computer is ideally configured, users have access, somehow didn’t download updates.

    2) the patched file does not work as it should at all.
    I can’t update the assembly, therefore, I ask for help in solving this problem ...
    I’ll attach the file in the attachment, please help !!
     
  14. zielonyjelen

    zielonyjelen MDL Novice

    Jan 10, 2012
    1
    0
    0
    #154 zielonyjelen, Aug 12, 2019
    Last edited: Aug 12, 2019
    RDPWrapper has problems with remote printing, so we need a patch for 10.0.18362.267

    EDIT:
    termsrv.dll x64 10.0.18362.53 patch is still working with 10.0.18362.267:

    39813C0600000F845D610100
    B80001000089813806000090

    047411488D1577
    04EB11488D1577

    58010000FF15F7
    58000000FF15F7
     
  15. RazupX

    RazupX MDL Novice

    Jun 27, 2011
    10
    0
    0
    how i install it on 10.0.18362.295 ?
    thanks
     
  16. bjf2000

    bjf2000 MDL Addicted

    Apr 11, 2008
    969
    143
    30
    If you look at the file, you'll see that it's really .267...and so is described in the post immediately before yours.