[DISCUSSION] Windows 8.1 termsrv.dll Patching

Discussion in 'Windows 8' started by GuryYu, Aug 31, 2013.

Tags:
  1. sunstar

    sunstar MDL Junior Member

    Jun 29, 2013
    50
    22
    0
    for those that have problem with permission of termsrv.dll in windir use NTFS Access 2.1 for do that for you and then change termsrv.dll easily
     
  2. Mr Jinje

    Mr Jinje MDL Expert

    Aug 19, 2009
    1,770
    1,101
    60
    #82 Mr Jinje, Oct 28, 2013
    Last edited by a moderator: Apr 20, 2017
  3. Tito

    Tito Super Mod / Adviser
    Staff Member

    Nov 30, 2009
    18,682
    18,581
    340
    xdelta (instead of bsdiff)??
     
  4. Mr Jinje

    Mr Jinje MDL Expert

    Aug 19, 2009
    1,770
    1,101
    60
    #84 Mr Jinje, Oct 28, 2013
    Last edited: Oct 28, 2013
    Ayup.

    I can do the trick with 3kb from Powershell, bspatch does it in 35kb, one could argue that at 223kb the command line version of xdelta is bloated. If people complains too much, easy enough to include a bunch of 1kb xdelta/svf patches for the DIY crowd. But obviously not until we have higher success rate from testers.
     
  5. sunstar

    sunstar MDL Junior Member

    Jun 29, 2013
    50
    22
    0
    i have server 2012 r2 x64 patched termsrv.dll that same as windows 8.1 x64

    upload for you ?
     
  6. Mr Jinje

    Mr Jinje MDL Expert

    Aug 19, 2009
    1,770
    1,101
    60
  7. Psychoferno

    Psychoferno MDL Novice

    Oct 25, 2013
    4
    2
    0
    I applied the patch suggested by sunstar and now is working on x86. Below is the DLL with the patch applied.

    www1.datafilehost.com/d/ea26961b

    SHA-1 original: E10028B074D24605E05B5E0BAFD42F6A93AC01AD
    SHA-1 patched: 074994538C6D26ACAA794D23B7D2E11323A054F5
     
  8. Mr Jinje

    Mr Jinje MDL Expert

    Aug 19, 2009
    1,770
    1,101
    60
  9. sunstar

    sunstar MDL Junior Member

    Jun 29, 2013
    50
    22
    0
    Windows Server 2012 R2 x64 / Windows 8.1 x64 / Windows 8.1 x86 Patched Termsrv


    h t t p://www1.datafilehost.com/d/d22fe28f


    Tested / fully working without any registry edit
     
  10. aXmeD

    aXmeD MDL Novice

    Dec 26, 2011
    2
    0
    0
    Mr Jinje, it works, on Windows 8.1 Enterprise x86!
    Thank you very much! :cheers:
     
  11. Pebaar

    Pebaar MDL Novice

    Oct 22, 2013
    14
    0
    0
    In trying this out I finally noticed what my problem was. The copy to System32 was not successful. After copying to both WinSxs and System32 I noticed different timestamps. Very strange considering the copy operation never reported a failure (via File Explorer). I've since used Copy-Item via PowerShell and that did the trick! Really happy to have this working :)
     
  12. Mr Jinje

    Mr Jinje MDL Expert

    Aug 19, 2009
    1,770
    1,101
    60
    #92 Mr Jinje, Oct 29, 2013
    Last edited: Oct 29, 2013
    Sounds good. But I question how it works without any registry edit, are you saying the even with fDenyTSConnections set to 1 it still allows RDP connections. Possibly you are referring only to the fSingleSessionPerUser setting.

    Or were both registry settings already at 0 and didn't need to be changed.
     
  13. sunstar

    sunstar MDL Junior Member

    Jun 29, 2013
    50
    22
    0
    my default reg settings :

    fDenyTSConnections = 0
    fSingleSessionPerUser = 1

    Final Hex Patch for 8.1 x86 and 8.1 x64 and server 2012 r2 x64 by sunstar :eek: (the smallest patch)

    termsrv windows 8.1 x86
    change
    3B 81 20 03 00 00 0F 84 C0 EC 01 00
    to
    B8 00 01 00 00 89 81 20 03 00 00 90

    Windows 8.1 x64 and 2012 Server R2 X64
    change
    39 81 3C 06 00 00 0F 84 1B 70 00 00
    to
    B8 00 01 00 00 89 81 38 06 00 00 90
     
  14. Mr Jinje

    Mr Jinje MDL Expert

    Aug 19, 2009
    1,770
    1,101
    60
    #94 Mr Jinje, Oct 29, 2013
    Last edited by a moderator: Apr 20, 2017
    and here are the hashes of the files so people know if they did it right.

    Code:
      File: W8.1x64 + 2012-R2 termsrv.dll - Original Untouched
    CRC-32: 2d44a1b2
       MD4: ef7a33935f21c454cac5557527df80ca
       MD5: 2c77831737491f4d684d315b95c62883
     SHA-1: d9560284ff79d139e5d7dd73c94af2f4fbff1551
    
      File: W8.1x64 + 2012-R2 termsrv.dll - Sunstar Patch
    CRC-32: e7aa06a2
       MD4: fd91ff92b305c3a3dc3350fc545843a0
       MD5: 7b5aebc26a58e5c063881790de1c8564
     SHA-1: 0c57c3d7843faa72eaa281ee81c8bf2b0daeb5c4
    
      File: W8.1x86 termsrv.dll - Original Untouched
    CRC-32: 202cd912
       MD4: a879d39b8fbcd968b525af05a66aaf2c
       MD5: 7a8e1158291cf4c8d8474a2091b9bf6d
     SHA-1: e10028b074d24605e05b5e0bafd42f6a93ac01ad
    
      File: W8.1x86 termsrv.dll - Sunstar Patch
    CRC-32: e8a79326
       MD4: 618457a5506f33e373e41a4ab26670eb
       MD5: 851a770b9a541083d894df13881d1113
     SHA-1: 074994538c6d26acaa794d23b7d2e11323a054f5
    
     
  15. Mr Jinje

    Mr Jinje MDL Expert

    Aug 19, 2009
    1,770
    1,101
    60
    #95 Mr Jinje, Oct 29, 2013
    Last edited: Oct 29, 2013
    Tested on 2012-R2 Server, have 6 open connections from Administrator account, so far so good.

    FYI, before you experiences issues in your VM's, don't forget each RDP session eats a lot of RAM. Make sure you have a pagefile (at least 1024MB) and a few spare GB of RAM. I was getting multiple errors on VM's with 1GB RAM and no pagefile and it went away instantly after adding 1GB pagefile and 4GB RAM to the VM.
     
  16. nchall

    nchall MDL Novice

    Dec 11, 2012
    15
    3
    0
    How do you copy to System32?

    I have downloaded the patched termsrv.dll but am unable to copy to the System32 folder via either Explorer or PowerShell. Have also tried the NTFS Access program as well to no avail.

    Thanks.
     
  17. nchall

    nchall MDL Novice

    Dec 11, 2012
    15
    3
    0
    #97 nchall, Oct 30, 2013
    Last edited: Oct 30, 2013
    Figured it out. These instructions proved helpful, even though they are for an earlier version of Windows:

    1. Download cracked termsrv.dll
    2. Click Start, then type "cmd" in the search box & hit enter. This will launch the Command prompt
    3. Type the following & hit enter: takeown /f C:\Windows\System32\termsrv.dll
    4. Then type this & hit enter (NOTE: Replace USERNAME with YOUR USERNAME!! If your name has a space in it, enclose it with quotes, like "User Name"): cacls C:\Windows\System32\termsrv.dll /G USERNAME:F
    5. Then go to your Windows Explorer, and go to C:\Windows\System32
    6. Rename the original termsrv.dll to something else, like "termsrv.dll.ORIGINAL", just in case
    7. *NOTE* If you are unable to do the above, try rebooting into SAFE MODE
    8. Then copy & paste the Hacked DLL you downloaded in Step 1 into the C:\Windows\System32 folder
     
  18. Mr Jinje

    Mr Jinje MDL Expert

    Aug 19, 2009
    1,770
    1,101
    60
    #99 Mr Jinje, Oct 31, 2013
    Last edited by a moderator: Apr 20, 2017
  19. Mr Jinje

    Mr Jinje MDL Expert

    Aug 19, 2009
    1,770
    1,101
    60
    #100 Mr Jinje, Oct 31, 2013
    Last edited by a moderator: Apr 20, 2017
    Nevermind, figured the problem. There is a discrepancy in U********* code, the upatch hex does not match what was in the untouched file.