Code Monkey home page Code Monkey logo

Comments (6)

CodeDruidX avatar CodeDruidX commented on August 28, 2024

i did some research and found offsets via IDA.
It was quite easy with one of the last versions as example, but smth went wrong

[10.0.25982.1000]
; no x86 section
SingleUserPatch.x64=1
SingleUserOffset.x64=9850B
SingleUserCode.x64=Zero

DefPolicyPatch.x64=1
DefPolicyOffset.x64=95945
DefPolicyCode.x64=CDefPolicy_Query_eax_rcx

LocalOnlyPatch.x64=1
LocalOnlyOffset.x64=8BB21
LocalOnlyCode.x64=jmpshort

SLInitHook.x64=1
SLInitOffset.x64=ACA68
SLInitFunc.x64=New_CSLQuery_Initialize

[10.0.25982.1000-SLInit]
; no x86 section
bInitialized.x64 =11BDF0
bServerSku.x64 =11BDF4
lMaxUserSessions.x64 =11BDF8
bAppServerAllowed.x64 =11BE00
bRemoteConnAllowed.x64=11BE08
bMultimonAllowed.x64 =11BE0C
ulMaxDebugSessions.x64=11BE14
bFUSEnabled.x64 =11BE18

The second session still kicks the first
image
After reboot TermService cannot start:
image

Here is my explanation:
SLInitHook.x64=1
SLInitOffset.x64=ACA68
SLInitFunc.x64=New_CSLQuery_Initialize
image
DefPolicyPatch.x64=1
DefPolicyOffset.x64=95945
DefPolicyCode.x64=CDefPolicy_Query_eax_rcx
image
LocalOnlyPatch.x64=1
LocalOnlyOffset.x64=8BB21
LocalOnlyCode.x64=jmpshort
image
SingleUserPatch.x64=1
SingleUserOffset.x64=9850B
SingleUserCode.x64=Zero
image
bInitialized.x64 =11BDF0
bServerSku.x64 =11BDF4
lMaxUserSessions.x64 =11BDF8
bAppServerAllowed.x64 =11BE00
bRemoteConnAllowed.x64=11BE08
bMultimonAllowed.x64 =11BE0C
ulMaxDebugSessions.x64=11BE14
bFUSEnabled.x64 =11BE18
image

All assemble seems to be the same as here (10.0.20348.2400):
#2555 (comment)
i carefully adapted it, but where is mistake?

Really want to start it with my creepy build)
Someone, please help!

from rdpwrap.

loyejaotdiqr47123 avatar loyejaotdiqr47123 commented on August 28, 2024

i did some research and found offsets via IDA. It was quite easy with one of the last versions as example, but smth went wrong

[10.0.25982.1000] ; no x86 section SingleUserPatch.x64=1 SingleUserOffset.x64=9850B SingleUserCode.x64=Zero

DefPolicyPatch.x64=1 DefPolicyOffset.x64=95945 DefPolicyCode.x64=CDefPolicy_Query_eax_rcx

LocalOnlyPatch.x64=1 LocalOnlyOffset.x64=8BB21 LocalOnlyCode.x64=jmpshort

SLInitHook.x64=1 SLInitOffset.x64=ACA68 SLInitFunc.x64=New_CSLQuery_Initialize

[10.0.25982.1000-SLInit] ; no x86 section bInitialized.x64 =11BDF0 bServerSku.x64 =11BDF4 lMaxUserSessions.x64 =11BDF8 bAppServerAllowed.x64 =11BE00 bRemoteConnAllowed.x64=11BE08 bMultimonAllowed.x64 =11BE0C ulMaxDebugSessions.x64=11BE14 bFUSEnabled.x64 =11BE18

The second session still kicks the first image After reboot TermService cannot start: image

Here is my explanation: SLInitHook.x64=1 SLInitOffset.x64=ACA68 SLInitFunc.x64=New_CSLQuery_Initialize image DefPolicyPatch.x64=1 DefPolicyOffset.x64=95945 DefPolicyCode.x64=CDefPolicy_Query_eax_rcx image LocalOnlyPatch.x64=1 LocalOnlyOffset.x64=8BB21 LocalOnlyCode.x64=jmpshort image SingleUserPatch.x64=1 SingleUserOffset.x64=9850B SingleUserCode.x64=Zero image bInitialized.x64 =11BDF0 bServerSku.x64 =11BDF4 lMaxUserSessions.x64 =11BDF8 bAppServerAllowed.x64 =11BE00 bRemoteConnAllowed.x64=11BE08 bMultimonAllowed.x64 =11BE0C ulMaxDebugSessions.x64=11BE14 bFUSEnabled.x64 =11BE18 image

All assemble seems to be the same as here (10.0.20348.2400): #2555 (comment) i carefully adapted it, but where is mistake?

Really want to start it with my creepy build) Someone, please help!

Wait.DefPolicy offset is wrong

from rdpwrap.

loyejaotdiqr47123 avatar loyejaotdiqr47123 commented on August 28, 2024 
DefPolicyPatch.x64=1
DefPolicyOffset.x64=9593F
DefPolicyCode.x64=CDefPolicy_Query_eax_rcx_jmp

from rdpwrap.

CodeDruidX avatar CodeDruidX commented on August 28, 2024 
DefPolicyPatch.x64=1
DefPolicyOffset.x64=9593F
DefPolicyCode.x64=CDefPolicy_Query_eax_rcx_jmp

Thank you very much, it works!

from rdpwrap.

loyejaotdiqr47123 avatar loyejaotdiqr47123 commented on August 28, 2024

@binarymaster Please reopen

from rdpwrap.

loyejaotdiqr47123 avatar loyejaotdiqr47123 commented on August 28, 2024

sebaxakerhtc/rdpwrap.ini@611d3bf

from rdpwrap.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.