[DISCUSSION] Windows 10 termsrv.dll Patching

Discussion in 'Windows 10' started by Mr Jinje, Oct 2, 2014.

  1. rschember

    rschember MDL Novice

    Oct 14, 2016
    1
    0
    0
    Here are the offsets for 10.0.17763.771 64-bit. This is my first time getting the offsets, so please double check, but it's working for me. I don't have a 32-bit machine to get the x86 offsets, sorry.

    Code:
    [10.0.17763.771]
    LocalOnlyPatch.x64=1
    LocalOnlyOffset.x64=77AD1
    LocalOnlyCode.x64=jmpshort
    SingleUserPatch.x64=1
    SingleUserOffset.x64=3E5B0
    SingleUserCode.x64=Zero
    DefPolicyPatch.x64=1
    DefPolicyOffset.x64=18025
    DefPolicyCode.x64=CDefPolicy_Query_eax_rcx
    SLInitHook.x64=1
    SLInitOffset.x64=1ACDC
    SLInitFunc.x64=New_CSLQuery_Initialize
    
    [10.0.17763.771-SLInit]
    bInitialized.x64      =ECAB4
    bServerSku.x64        =ECAB8
    lMaxUserSessions.x64  =ECABC
    bAppServerAllowed.x64 =ECAC4
    bRemoteConnAllowed.x64=ECAC8
    bMultimonAllowed.x64  =ECACC
    ulMaxDebugSessions.x64=ECAD0
    bFUSEnabled.x64       =ECAD4
     
  2. WAndrey77

    WAndrey77 MDL Novice

    Jan 6, 2016
    5
    4
    0
    Code:
    [10.0.17763.771]
    LocalOnlyPatch.x86=1
    LocalOnlyOffset.x86=AFEB4
    LocalOnlyCode.x86=jmpshort
    SingleUserPatch.x86=1
    SingleUserOffset.x86=4D7F5
    SingleUserCode.x86=nop
    DefPolicyPatch.x86=1
    DefPolicyOffset.x86=4BFF9
    DefPolicyCode.x86=CDefPolicy_Query_eax_ecx
    SLInitHook.x86=1
    SLInitOffset.x86=5B30A
    SLInitFunc.x86=New_CSLQuery_Initialize
    
    LocalOnlyPatch.x64=1
    LocalOnlyOffset.x64=77AD1
    LocalOnlyCode.x64=jmpshort
    SingleUserPatch.x64=1
    SingleUserOffset.x64=1339C
    SingleUserCode.x64=Zero
    DefPolicyPatch.x64=1
    DefPolicyOffset.x64=18025
    DefPolicyCode.x64=CDefPolicy_Query_eax_rcx
    SLInitHook.x64=1
    SLInitOffset.x64=1ACDC
    SLInitFunc.x64=New_CSLQuery_Initialize
    
    [10.0.17763.771-SLInit]
    bInitialized.x86      =CD79C
    bServerSku.x86        =CD7A0
    lMaxUserSessions.x86  =CD7A4 
    bAppServerAllowed.x86 =CD7AC
    bRemoteConnAllowed.x86=CD7B0
    bMultimonAllowed.x86  =CD7B4
    ulMaxDebugSessions.x86=CD7B8
    bFUSEnabled.x86       =CD7BC
    
    bServerSku.x64        =ECAB8
    lMaxUserSessions.x64  =ECABC
    bAppServerAllowed.x64 =ECAC4
    bInitialized.x64      =ECAB4
    bRemoteConnAllowed.x64=ECAC8
    bMultimonAllowed.x64  =ECACC
    ulMaxDebugSessions.x64=ECAD0
    bFUSEnabled.x64       =ECAD4
    
     
  3. Baiony

    Baiony MDL Novice

    May 23, 2010
    8
    2
    0
    I patched termsrv.dll 10.0.18362.267 and I think something is wrong .. after I print (only from Adobe Acrobat) 2-3 pages Windows 10 throw me away (the connection is closing). What do you think, there is a fix for this ?!
    P.S. This is happen after Windows 10 has updated to 18362.387 .. I installed Adobe Acrobat from scratch .. and nothing .. same behaviour - disconnected after 2-3 pages printed !

    39813C0600000F845D610100 <=> B80001000089813806000090
    047411488D1577 <=> 04EB11488D1577
    58010000FF15F7 <=> 58000000FF15F7
     
  4. sebus

    sebus MDL Guru

    Jul 23, 2008
    6,354
    2,026
    210
    Any solution for 10.0.18362.387 ?
     
  5. WAndrey77

    WAndrey77 MDL Novice

    Jan 6, 2016
    5
    4
    0
    Give termsrv.dll
     
  6. bjf2000

    bjf2000 MDL Expert

    Apr 11, 2008
    1,085
    197
    60
    Has anyone come across the string for 18362.anything for x86?
     
  7. Cowboy

    Cowboy MDL Member

    Oct 25, 2008
    189
    29
    10
    I have a similar issue for 10.0.18362.267 Windows 10 Pro. There are changes that seem to work for some, but not all. My problem is that I connect to the remote computer with RDP and the User is logged off.Now, if I go to that computer and log the User back on we are both connected with individual sessions. This is not a shadow situation. We can both use the computer ant the same time and the User can log off and on without affecting the remote connection. But if I log the remote connection off - no problem. If I try to remotely connect to that computer again, it logs the User off, and we start all over. I seem to remember having a problem similar to this in the past, but I can't remember what I did to fix it.
     
  8. Cowboy

    Cowboy MDL Member

    Oct 25, 2008
    189
    29
    10
    Answering my own question, I finally remembered. In the RDP setup for the computer I want to connect to I always saved the User ID and password so when I clicked on the shortcut I would connect to the remote machine instantly without having to enter the password. I just changed that setup by checking "Always ask for credentials". Somehow when I always ask for credentials I connect to the remote computer without logging the current Used off. Just for clarity, I am using the same User ID and password as the current User because I want access to all their saved data and program files.
     
  9. sebus

    sebus MDL Guru

    Jul 23, 2008
    6,354
    2,026
    210
    That sounds dodgy...
     
  10. bob4432

    bob4432 MDL Novice

    Aug 4, 2017
    49
    5
    0
    Any update for 10.0.18362.387?

    Bob
     
  11. Baiony

    Baiony MDL Novice

    May 23, 2010
    8
    2
    0
    ... and instructions for patching the *.dll file ? :D
     
  12. Dennisw

    Dennisw MDL Novice

    Dec 4, 2019
    8
    0
    0
    Hi there,
    Just upgraded to 18363.476 and termsrv.dll is now brand new. Is there a new fix to this version?
     
  13. ajjaj86

    ajjaj86 MDL Novice

    Jun 3, 2018
    1
    0
    0
    Hello!
    Any update for 18363.476?
    Thank you.
     
  14. bjf2000

    bjf2000 MDL Expert

    Apr 11, 2008
    1,085
    197
    60
    Just an FYI re the last two questions: since it can take some time for a new patch to become available, in the meantime you can use the previous termsrv.dll without incident (assuming you still have it somewhere). Windows doesn't care, and the odds of whatever changed in the new version being important (relative to the previous one) are slight.
     
  15. Dennisw

    Dennisw MDL Novice

    Dec 4, 2019
    8
    0
    0
    I gave a try.The termsrv.dll in the 18363.476 is actually 18362.267. I tried to patch it as earlier posts instruct but failed. The failure is the Remote Desktop Services would be missing from services.msc...
    Any idea how to proceed?

     
  16. bjf2000

    bjf2000 MDL Expert

    Apr 11, 2008
    1,085
    197
    60
    It's not surprising that the dll didn't change in 1909, since 1909 is just a mini service pack for 1903.

    The patched .267 I have from the summer works fine with 1909 here. I have no idea how Remote Desktop Services could go missing and have never seen that happen. Re-check what changes you made in the dll.
     
  17. Dennisw

    Dennisw MDL Novice

    Dec 4, 2019
    8
    0
    0
    I did it again by typing the codes one by one. Now it looks working.
    Thanks.