[DISCUSSION] Windows 8.1 termsrv.dll Patching

Discussion in 'Windows 8' started by GuryYu, Aug 31, 2013.

Tags:
  1. 09chja

    09chja MDL Novice

    Sep 22, 2013
    2
    0
    0
    Hi @ all,
    I managed it alone, it runs for a few days now without any problems! Too bad this is, people need help with less programming skills alone, but with some ambition works also :)!


    Thanks for the code. I hope the run for a long time!

    MfG 09chja :)
     
  2. Supern00b

    Supern00b MDL Addicted

    Dec 30, 2010
    728
    540
    30
    Perhaps a little off-topic, but is there something similar for Windows XP to allow more than ten users per network share?
    Hard limit seems 10 users.

    Cheers.
     
  3. Mr Jinje

    Mr Jinje MDL Expert

    Aug 19, 2009
    1,770
    1,101
    60
    #23 Mr Jinje, Sep 27, 2013
    Last edited by a moderator: Apr 20, 2017
  4. Supern00b

    Supern00b MDL Addicted

    Dec 30, 2010
    728
    540
    30
    Thanks, but that's a different (and well known) issue.
    TCP IP limit has little to do with maximum allowed access to a share in Windows XP, we can patch TCP.sys but this does not allow more then 10 users accessing a share.
    The obvious answer would be "Use a server OS" but that would be overkill.

    Cheers.
     
  5. Smorgan

    Smorgan Glitcher

    Mar 25, 2010
    1,855
    1,051
    60
    Could I take this tool add the termsrv.dll to a silent install of Windows Server 2012 R2 then using basic command line do all those commands including the registry portion myself using simple REG ADD stuff.

    I feel this may be worth the time to do so.
     
  6. Mr Jinje

    Mr Jinje MDL Expert

    Aug 19, 2009
    1,770
    1,101
    60
    #26 Mr Jinje, Sep 27, 2013
    Last edited by a moderator: Apr 20, 2017
    Yep, I replaced it in both the system32 and the winsxs (inside my mounted install.wim). Be sure to take ownership of the folder in winsxs because you won't have rights to rename the old file. Then you can do the reg bits from SetupComplete.cmd and RDP immediately after installation.

    Code:
    C:\Windows\System32\termsrv.dll
    
    C:\Windows\WinSxS\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.3.9600.16384_none_7f5da1d3283b1dd6\termsrv.dll
     
  7. Smorgan

    Smorgan Glitcher

    Mar 25, 2010
    1,855
    1,051
    60
    #27 Smorgan, Sep 27, 2013
    Last edited by a moderator: Apr 20, 2017
    And now for the next logical question.

    Can I do this with dism before the install so that the files don't need to be modified after the install. Meaning I inject the modified files into the WIM then do the reg add after the install?

    In other words modding the wim to make this happen obviously it isn't the only reason I modded the WIM but just wondering.
     
  8. Mr Jinje

    Mr Jinje MDL Expert

    Aug 19, 2009
    1,770
    1,101
    60
    #28 Mr Jinje, Sep 28, 2013
    Last edited by a moderator: Apr 20, 2017
    That's exactly what I meant. Here is an alpha script to help do that.

    Step 1) Create a new .PS1 into your sources folder (right next to install.wim), copy the contents of the spoiler into the .ps1 file (do not run from console)
    Step 2) Put your modded termsrv.dll in the same location.
    Step 3) Run the script. It will find the install.wim if in same directory. Will also create a Mount folder, mount the install.wim, take ownership, icacls, rename.bak and xcopy the patch file to both locations. Then it commits the wim (saves) followed by dismount w/discard to avoid stray lock process errors.

    Alpha test script below. Change your image index # ('4' in the script) if you are not doing the DC full edition.
    Only thing missing is mounting the system hive to do the reg bits. Probably needs a bit to delete/recreate the mount folder after script runs + run the cleanup wim command in case of any stale mount points / unable to dismount correctly due to random locked processes. I think these DISM cmdlets are only available on W2012R2 and 8.1, maybe someone on W7 could rewrite it for DISM, but for now you'll have to run it from an installed 8.1 or 2012r2 machine.

    EDIT: Haven't tested, wonder if the new dismount cmdlet has the same BUG that dism has (not killing all processes before attempting to dismount, causing high failure rate). Report back if anyone knows.
     
  9. bbarou

    bbarou MDL Novice

    Oct 6, 2013
    2
    0
    0
    #29 bbarou, Oct 6, 2013
    Last edited by a moderator: Apr 20, 2017
    Hi all,

    how do you make this script work? I first copied and passed it, got some error then downloaded it and it still does not work

    I tried to run it in an administtrator powerhell window and I got the following:

    Code:
    At $somepath$\TERMSRV_DLL_PATCHER_IMPERIAL_MARCH_MDL_v2.ps1:31 char:18
    + $someFilePath = "C:\Windows\System32\termsrv.dll"
    +                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Unexpected token 'C:\Windows\System32\termsrv.dll"
    $SHA1 = new-object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider
    $hash =
    [System.BitConverter]::ToString($SHA1.ComputeHash([System.IO.File]::Open("$someFilePath",[System.IO.Filemode]::Open,
    [System.IO.FileAccess]::Read))) -replace "-",""
    $hash
    #If (($hash -eq "d9560284ff79d139e5d7dd73c94af2f4fbff1551") -ne $False) {
    If (($hash -eq "D9560284FF79D139E5D7DD73C94AF2F4FBFF1551") -ne $False) {
    $out = [System.IO.File]::ReadAllBytes("C:\Windows\System32\termsrv.dll")
    $hexed = Convert-ByteArrayToHexString $out -width 40 -delimiter ""
    $hexed = $hexed -replace "8B813806000039813C0600000F841B700000","B80001000089813806000090909090909090"
    $hexed = "0x" + $hexed
    $done = Convert-HexStringToByteArray $hexed
    set-content -value $done -encoding byte -path "C:\termsrv.dll"
    net stop TermService
    Set-ItemProperty -Path "registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal' in expression or
    statement.
    At $somepath$\TERMSRV_DLL_PATCHER_IMPERIAL_MARCH_MDL_v2.ps1:58 char:74
    + } else {write-host "Wrong version termsrv.dll Dummy, only works on 8.1x64";Write ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    The string is missing the terminator: ".
        + CategoryInfo          : ParserError: (:) [], ParseException
        + FullyQualifiedErrorId : UnexpectedToken
    
    
    Thanks for any help.
     
  10. aXmeD

    aXmeD MDL Novice

    Dec 26, 2011
    2
    0
    0
    Hi all,

    Maybe do the same for the 8.1 x86?

    Thanks for help.
     
  11. Mr Jinje

    Mr Jinje MDL Expert

    Aug 19, 2009
    1,770
    1,101
    60
    #31 Mr Jinje, Oct 7, 2013
    Last edited by a moderator: Apr 20, 2017
  12. bbarou

    bbarou MDL Novice

    Oct 6, 2013
    2
    0
    0

    Looks like it's working. Thanks mate.
     
  13. tking0036

    tking0036 MDL Novice

    Dec 15, 2009
    6
    0
    0
    #33 tking0036, Oct 9, 2013
    Last edited: Oct 9, 2013
    8.1 Pro x64 9600 not working here.. Still 5 LTC for anyone who can get it working for me. VNC sucks ass
     
  14. theo2889

    theo2889 MDL Novice

    Oct 10, 2013
    5
    0
    0
    I'm on Build 9431, replacing the termsrv.dll stops me from being able to remote in, and running the script it states it's errors out saying I need to be on 8.1. Any chance to get an update for this. Thank you already for you time, and appreciate any help you can give.
     
  15. theo2889

    theo2889 MDL Novice

    Oct 10, 2013
    5
    0
    0
    Yea, I realized that the day after I posted, but now that I'm updated to build version 9600 I'm in the same boat as tking0036, it's a no go.
     
  16. Mr Jinje

    Mr Jinje MDL Expert

    Aug 19, 2009
    1,770
    1,101
    60
  17. theo2889

    theo2889 MDL Novice

    Oct 10, 2013
    5
    0
    0
    Thank you very much.
     
  18. alexandraki

    alexandraki MDL Novice

    Mar 23, 2013
    8
    16
    0
    #39 alexandraki, Oct 16, 2013
    Last edited: Oct 16, 2013
    termsrv.dll from this page works perfectly in Windows 8.1 Pro VL x64 without any registry changes.
     
  19. Mr Jinje

    Mr Jinje MDL Expert

    Aug 19, 2009
    1,770
    1,101
    60
    Can someone who is running GA rollup on x64 and or R2 test this for us.