-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix for 10.0.17134.706 and 10.0.17134.437 #741
Comments
Thanks!! Tested - fully functional for Windows 10 Version 1803 (OS Build 17134.706) with termsrv.dll 10.0.17134.706 after a reboot. But I did not have to uninstall KB449344 yet to get it working. Will continue testing this aspect in case of a delayed trojan. I have disabled Windows Update in Computer Management Services, to avoid more sneaky gollum updates. From now on only manual Win 10 updates on a test system first!! |
First time using the guide, but I got a different value for SingleUserOffset. That one was the most changed from the guide, so I took a guess. This works for me without messing with windows updates. I don't see anything negative in the event logs. [10.0.17763.437] |
YOU ARE THE BEST!!!! THX A LOT |
With the new ini updates available, is it still necessary to uninstall kb4493509 and keep it from installing? |
Do you have parametars for x86? |
When my system is bInitialized.x64 =ECAB0 |
what the hell ? I suddenly found this feature |
Just changing ini file solves the issue for me (without uninstalling patch). For 10.0.17134.706 |
dsvolkov: "Just changing ini file solves the issue for me (without uninstalling patch). For 10.0.17134.706" Same here. No cumulative patch uninstall needed for 10.0.17134.706 on my W10 Home x64 laptop. |
Thanks. This worked for me without needing to uninstall updates on 10.0.17134.437 |
please help me i cant solve this problem |
Thanks for helping with my remote desktop problem. By the way, when a remote connection is terminated, automatic logoff is done. What should I do? |
Hi, It works for me: [10.0.17134.706-SLInit] |
Note that the code skakyn posted 8 days ago was for 10.0.17134.706 for x64 systems. Is yours a x64 setup? If not, check what kkingstoun posted 5 days ago in this same thread and try that instead. If that isn't the issue preliminarily, and having no background history specific to your setup or personal experience, I would suggest you uninstall RDP Wrapper and start anew with a clean working baseline, then move forward from there. If you've hardened your system in any way to improve security via gpedit or directly in the registry, revert those changes back to their basic, default settings. Also temporarily turn off your firewall. Then after RDP Wrapper is uninstalled, make sure you can connect with a basic RDP handshake on default port 3389. Once that is established, redeploy RDP Wrapper -- again advisably on the default RDP port to keep things as simple as possible initially. When (re)installing the utility, make sure you're running install.bat with the administrative privileges (some choose to run RDPWinst first but I'm not sure if this is actually necessary). Then go ahead and append the new code to the ini config file, again as administrator, and ensure this ini file is placed in the proper programs files directory. Also be sure you are copying the correct code for termsrv.dll 17134.706 - and not 17763.437 - and that you are leaving an empty line at the end of the text. Next run RDPCheck to confirm the handshake process is working correctly, then RDPConf to validate this further while choosing your preferred interface options. You may want to try different authentication (security) modes in the configuration interface to see if that might help. If necessary, reboot your system. Only after this is done and everything is working soundly (RDP Configuration interface reflects all green) would I turn on your firewall, custom configure your RDP port and harden connection security as desired. |
@maxysadm PS You may also want to check the following link: https://github.com/fre4kyC0de/rdpwrap There you can find the appropriate version code to add to your ini file. Remember to reboot your system afterwards and make sure to leave a space at the end of your ini file (important!). |
Help making the wrapper work on ver 10.0.17134.437-SLInit would be appreciated |
Have you looked at BountySource for possible solutions? https://www.bountysource.com/issues/72903039-termsrv-dll-patch-10-0-17763-437 |
Also Sysadmin Tips :: employing HEX Editor |
Solution of skakyn34 in the beggining of thread is working for me for 10.0.17763.437 without uninstalling. Very important point is (Without empty line in the end of ini file it is not working :))
|
That is just not true. I am using it just fine. I only use it with one session per user and that works perfectly fine. If people want to say something is wrong, pull out a hex editor and suggest what the offset should be. I can say for sure that the offsets people got from the first post suggesting offsets aren't even targeting the methods the guide tells you to target, so it is either a different way of doing it, or not correct at all. He never offered an explanation for the offsets. Anyone can use the guide and look at the DLL in IDA to see what these offsets are and intelligently say they are wrong if they are wrong, no need to just speculate. I admit the guide wasn't clear for the SingleUserOffset.x64 offset because it had no examples, that could be wrong. But if you think it is wrong, say what is right based on looking in the dll, not just blindly claiming some other offset is the solution that other people are saying doesn't work either. Many people are just having issues loading the updated ini, so it is hard to take a random person's word for it when they say it doesn't work. The sure fire way I found to update the ini is to replace the existing one and just reboot. It will either work or the terminal service will fail to start if something is wrong, but you know it is actually using the new ini and you aren't having some other kind of issue. |
Thank you so much! I finally got it working with your ini file changes. |
This work for me and the issue of always sign-in a new session also resolved! Thanks a lot! |
Does anyone have both the x86 and x64 ini file info for version *.437 |
This ini works on 3 Windows 10 10.0.17763.437 x86 computers. I don't have x64 computers with this version. |
same for me. just changing the ini file already did the job. (need to execute Thanks for the info! |
13469 in CSessionArbitrationHelper::IsSingleSessionPerUserEnabled looks good for me. |
Duplicate of #720 |
For 10.0.17134.437 you need:
and paste text:
[10.0.17763.437-SLInit]
bInitialized.x86 =CD798
bServerSku.x86 =CD79C
lMaxUserSessions.x86 =CD7A0
bAppServerAllowed.x86 =CD7A8
bRemoteConnAllowed.x86=CD7AC
bMultimonAllowed.x86 =CD7B0
ulMaxDebugSessions.x86=CD7B4
bFUSEnabled.x86 =CD7B8
bInitialized.x64 =ECAB0
bServerSku.x64 =ECAB4
lMaxUserSessions.x64 =ECAB8
bAppServerAllowed.x64 =ECAC0
bRemoteConnAllowed.x64=ECAC4
bMultimonAllowed.x64 =ECAC8
ulMaxDebugSessions.x64=ECACC
bFUSEnabled.x64 =ECAD0
[10.0.17763.437]
LocalOnlyPatch.x64=1
LocalOnlyOffset.x64=77A41
LocalOnlyCode.x64=jmpshort
SingleUserPatch.x64=1
SingleUserOffset.x64=3E520
SingleUserCode.x64=Zero
DefPolicyPatch.x64=1
DefPolicyOffset.x64=18025
DefPolicyCode.x64=CDefPolicy_Query_eax_rcx
SLInitHook.x64=1
SLInitOffset.x64=1ACDC
SLInitFunc.x64=New_CSLQuery_Initialize
There must be an empty line at the end!
2. uninstall update kb4493509.
Open CMD and run command:
wusa /uninstall /kb:4493509
and reboot.
3. For disable updates I'm use utility
https://www.sordum.org/9470/windows-update-blocker-v1-1/
If your system is automatically updated you will lose access again.
For 10.0.17134.706 you need:
and paste text:
[10.0.17134.706-SLInit]
bServerSku.x64 =F1378
lMaxUserSessions.x64 =F137C
bAppServerAllowed.x64 =F1380
bInitialized.x64 =F2430
bRemoteConnAllowed.x64=F2434
bMultimonAllowed.x64 =F2438
ulMaxDebugSessions.x64=F243C
bFUSEnabled.x64 =F2440
[10.0.17134.706]
LocalOnlyPatch.x64=1
LocalOnlyOffset.x64=92521
LocalOnlyCode.x64=jmpshort
SingleUserPatch.x64=1
SingleUserOffset.x64=1511C
SingleUserCode.x64=Zero
DefPolicyPatch.x64=1
DefPolicyOffset.x64=10E78
DefPolicyCode.x64=CDefPolicy_Query_edi_rcx
SLInitHook.x64=1
SLInitOffset.x64=22F5C
SLInitFunc.x64=New_CSLQuery_Initialize
There must be an empty line at the end!
2. uninstall update kb4493464.
Open CMD and run command:
wusa /uninstall /kb:4493464
and reboot.
3. For disable updates I'm use utility
https://www.sordum.org/9470/windows-update-blocker-v1-1/
If your system is automatically updated you will lose access again.
Many thanks to the developers for your work!
Огромное спасибо разработчикам за ваш труд!
The text was updated successfully, but these errors were encountered: