[DISCUSSION] Windows 10 termsrv.dll Patching

Discussion in 'Windows 10' started by Mr Jinje, Oct 2, 2014.

  1. rschember

    rschember MDL Novice

    Oct 14, 2016
    1
    0
    0
    Here are the offsets for 10.0.17763.771 64-bit. This is my first time getting the offsets, so please double check, but it's working for me. I don't have a 32-bit machine to get the x86 offsets, sorry.

    Code:
    [10.0.17763.771]
    LocalOnlyPatch.x64=1
    LocalOnlyOffset.x64=77AD1
    LocalOnlyCode.x64=jmpshort
    SingleUserPatch.x64=1
    SingleUserOffset.x64=3E5B0
    SingleUserCode.x64=Zero
    DefPolicyPatch.x64=1
    DefPolicyOffset.x64=18025
    DefPolicyCode.x64=CDefPolicy_Query_eax_rcx
    SLInitHook.x64=1
    SLInitOffset.x64=1ACDC
    SLInitFunc.x64=New_CSLQuery_Initialize
    
    [10.0.17763.771-SLInit]
    bInitialized.x64      =ECAB4
    bServerSku.x64        =ECAB8
    lMaxUserSessions.x64  =ECABC
    bAppServerAllowed.x64 =ECAC4
    bRemoteConnAllowed.x64=ECAC8
    bMultimonAllowed.x64  =ECACC
    ulMaxDebugSessions.x64=ECAD0
    bFUSEnabled.x64       =ECAD4
     
  2. WAndrey77

    WAndrey77 MDL Novice

    Jan 6, 2016
    2
    4
    0
    Code:
    [10.0.17763.771]
    LocalOnlyPatch.x86=1
    LocalOnlyOffset.x86=AFEB4
    LocalOnlyCode.x86=jmpshort
    SingleUserPatch.x86=1
    SingleUserOffset.x86=4D7F5
    SingleUserCode.x86=nop
    DefPolicyPatch.x86=1
    DefPolicyOffset.x86=4BFF9
    DefPolicyCode.x86=CDefPolicy_Query_eax_ecx
    SLInitHook.x86=1
    SLInitOffset.x86=5B30A
    SLInitFunc.x86=New_CSLQuery_Initialize
    
    LocalOnlyPatch.x64=1
    LocalOnlyOffset.x64=77AD1
    LocalOnlyCode.x64=jmpshort
    SingleUserPatch.x64=1
    SingleUserOffset.x64=1339C
    SingleUserCode.x64=Zero
    DefPolicyPatch.x64=1
    DefPolicyOffset.x64=18025
    DefPolicyCode.x64=CDefPolicy_Query_eax_rcx
    SLInitHook.x64=1
    SLInitOffset.x64=1ACDC
    SLInitFunc.x64=New_CSLQuery_Initialize
    
    [10.0.17763.771-SLInit]
    bInitialized.x86      =CD79C
    bServerSku.x86        =CD7A0
    lMaxUserSessions.x86  =CD7A4 
    bAppServerAllowed.x86 =CD7AC
    bRemoteConnAllowed.x86=CD7B0
    bMultimonAllowed.x86  =CD7B4
    ulMaxDebugSessions.x86=CD7B8
    bFUSEnabled.x86       =CD7BC
    
    bServerSku.x64        =ECAB8
    lMaxUserSessions.x64  =ECABC
    bAppServerAllowed.x64 =ECAC4
    bInitialized.x64      =ECAB4
    bRemoteConnAllowed.x64=ECAC8
    bMultimonAllowed.x64  =ECACC
    ulMaxDebugSessions.x64=ECAD0
    bFUSEnabled.x64       =ECAD4
    
     
  3. Baiony

    Baiony MDL Novice

    May 23, 2010
    6
    2
    0
    I patched termsrv.dll 10.0.18362.267 and I think something is wrong .. after I print (only from Adobe Acrobat) 2-3 pages Windows 10 throw me away (the connection is closing). What do you think, there is a fix for this ?!
    P.S. This is happen after Windows 10 has updated to 18362.387 .. I installed Adobe Acrobat from scratch .. and nothing .. same behaviour - disconnected after 2-3 pages printed !

    39813C0600000F845D610100 <=> B80001000089813806000090
    047411488D1577 <=> 04EB11488D1577
    58010000FF15F7 <=> 58000000FF15F7
     
  4. sebus

    sebus MDL Guru

    Jul 23, 2008
    6,049
    1,858
    210
    Any solution for 10.0.18362.387 ?
     
  5. WAndrey77

    WAndrey77 MDL Novice

    Jan 6, 2016
    2
    4
    0
    Give termsrv.dll
     
  6. bjf2000

    bjf2000 MDL Addicted

    Apr 11, 2008
    974
    144
    30
    Has anyone come across the string for 18362.anything for x86?
     
  7. Cowboy

    Cowboy MDL Member

    Oct 25, 2008
    189
    29
    10
    I have a similar issue for 10.0.18362.267 Windows 10 Pro. There are changes that seem to work for some, but not all. My problem is that I connect to the remote computer with RDP and the User is logged off.Now, if I go to that computer and log the User back on we are both connected with individual sessions. This is not a shadow situation. We can both use the computer ant the same time and the User can log off and on without affecting the remote connection. But if I log the remote connection off - no problem. If I try to remotely connect to that computer again, it logs the User off, and we start all over. I seem to remember having a problem similar to this in the past, but I can't remember what I did to fix it.
     
  8. Cowboy

    Cowboy MDL Member

    Oct 25, 2008
    189
    29
    10
    Answering my own question, I finally remembered. In the RDP setup for the computer I want to connect to I always saved the User ID and password so when I clicked on the shortcut I would connect to the remote machine instantly without having to enter the password. I just changed that setup by checking "Always ask for credentials". Somehow when I always ask for credentials I connect to the remote computer without logging the current Used off. Just for clarity, I am using the same User ID and password as the current User because I want access to all their saved data and program files.