Comments (6)
i did some research and found offsets via IDA.
It was quite easy with one of the last versions as example, but smth went wrong
[10.0.25982.1000]
; no x86 section
SingleUserPatch.x64=1
SingleUserOffset.x64=9850B
SingleUserCode.x64=Zero
DefPolicyPatch.x64=1
DefPolicyOffset.x64=95945
DefPolicyCode.x64=CDefPolicy_Query_eax_rcx
LocalOnlyPatch.x64=1
LocalOnlyOffset.x64=8BB21
LocalOnlyCode.x64=jmpshort
SLInitHook.x64=1
SLInitOffset.x64=ACA68
SLInitFunc.x64=New_CSLQuery_Initialize
[10.0.25982.1000-SLInit]
; no x86 section
bInitialized.x64 =11BDF0
bServerSku.x64 =11BDF4
lMaxUserSessions.x64 =11BDF8
bAppServerAllowed.x64 =11BE00
bRemoteConnAllowed.x64=11BE08
bMultimonAllowed.x64 =11BE0C
ulMaxDebugSessions.x64=11BE14
bFUSEnabled.x64 =11BE18
The second session still kicks the first
After reboot TermService cannot start:
Here is my explanation:
SLInitHook.x64=1
SLInitOffset.x64=ACA68
SLInitFunc.x64=New_CSLQuery_Initialize
DefPolicyPatch.x64=1
DefPolicyOffset.x64=95945
DefPolicyCode.x64=CDefPolicy_Query_eax_rcx
LocalOnlyPatch.x64=1
LocalOnlyOffset.x64=8BB21
LocalOnlyCode.x64=jmpshort
SingleUserPatch.x64=1
SingleUserOffset.x64=9850B
SingleUserCode.x64=Zero
bInitialized.x64 =11BDF0
bServerSku.x64 =11BDF4
lMaxUserSessions.x64 =11BDF8
bAppServerAllowed.x64 =11BE00
bRemoteConnAllowed.x64=11BE08
bMultimonAllowed.x64 =11BE0C
ulMaxDebugSessions.x64=11BE14
bFUSEnabled.x64 =11BE18
All assemble seems to be the same as here (10.0.20348.2400):
#2555 (comment)
i carefully adapted it, but where is mistake?
Really want to start it with my creepy build)
Someone, please help!
from rdpwrap.
i did some research and found offsets via IDA. It was quite easy with one of the last versions as example, but smth went wrong
[10.0.25982.1000] ; no x86 section SingleUserPatch.x64=1 SingleUserOffset.x64=9850B SingleUserCode.x64=Zero
DefPolicyPatch.x64=1 DefPolicyOffset.x64=95945 DefPolicyCode.x64=CDefPolicy_Query_eax_rcx
LocalOnlyPatch.x64=1 LocalOnlyOffset.x64=8BB21 LocalOnlyCode.x64=jmpshort
SLInitHook.x64=1 SLInitOffset.x64=ACA68 SLInitFunc.x64=New_CSLQuery_Initialize
[10.0.25982.1000-SLInit] ; no x86 section bInitialized.x64 =11BDF0 bServerSku.x64 =11BDF4 lMaxUserSessions.x64 =11BDF8 bAppServerAllowed.x64 =11BE00 bRemoteConnAllowed.x64=11BE08 bMultimonAllowed.x64 =11BE0C ulMaxDebugSessions.x64=11BE14 bFUSEnabled.x64 =11BE18
The second session still kicks the first After reboot TermService cannot start:
Here is my explanation: SLInitHook.x64=1 SLInitOffset.x64=ACA68 SLInitFunc.x64=New_CSLQuery_Initialize DefPolicyPatch.x64=1 DefPolicyOffset.x64=95945 DefPolicyCode.x64=CDefPolicy_Query_eax_rcx LocalOnlyPatch.x64=1 LocalOnlyOffset.x64=8BB21 LocalOnlyCode.x64=jmpshort SingleUserPatch.x64=1 SingleUserOffset.x64=9850B SingleUserCode.x64=Zero bInitialized.x64 =11BDF0 bServerSku.x64 =11BDF4 lMaxUserSessions.x64 =11BDF8 bAppServerAllowed.x64 =11BE00 bRemoteConnAllowed.x64=11BE08 bMultimonAllowed.x64 =11BE0C ulMaxDebugSessions.x64=11BE14 bFUSEnabled.x64 =11BE18
All assemble seems to be the same as here (10.0.20348.2400): #2555 (comment) i carefully adapted it, but where is mistake?
Really want to start it with my creepy build) Someone, please help!
Wait.DefPolicy offset is wrong
from rdpwrap.
DefPolicyPatch.x64=1
DefPolicyOffset.x64=9593F
DefPolicyCode.x64=CDefPolicy_Query_eax_rcx_jmp
from rdpwrap.
DefPolicyPatch.x64=1 DefPolicyOffset.x64=9593F DefPolicyCode.x64=CDefPolicy_Query_eax_rcx_jmp
Thank you very much, it works!
from rdpwrap.
@binarymaster Please reopen
from rdpwrap.
sebaxakerhtc/rdpwrap.ini@611d3bf
from rdpwrap.
Related Issues (20)
- RDP 10.0.22621.3958 HOT 19
- RDP 10.0.19041.4474 Windows 10 LTSC - "Not Supported" after updating the ini HOT 2
- Windows 11 Canary termsrv build 10.0.26257.5000 HOT 4
- 10.0.22621.3958 (unable to use RDP or reinstall the program) HOT 1
- Version not supported: windows 11 22631.3880 HOT 1
- Offset values for termsrv ver. 10.0.22621.4000 HOT 1
- RDP 10.0.22621.3958 HOT 1
- 10.0.22000.2538 not support HOT 1
- Need support for version 10.0.17763.5830, please HOT 1
- 10.0.17763.6054(winver) not supported HOT 1
- 10.0.19045.4651 HOT 1
- 10.0.19045.4651 not supportad HOT 1
- ajay
- 10.0.22621.3710 not supported HOT 2
- Help: need ini file for windows 10 22h2 build 19045.46.51 HOT 2
- 10.0.20348.2652 not supported HOT 3
- 10.0.19045.4780 not supported HOT 4
- RDPWrap cannot be installed on Windows 11 Home 23H2 HOT 1
- 10.0.22621.3672 not supported HOT 1
- i need help with my rdp its saying access denied when i try to log in HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rdpwrap.