New offset values for 10.0.9926.0-SLInit

[v-yadli]

Greetings!

build 9926 has changed the major version of termserv.dll from 6 to 10.

After some asm debugging I found out the new offsets (I only have x64 version):

[10.0.9926.0]
; Patch CEnforcementCore::GetInstanceOfTSLicense
LocalOnlyPatch.x64=1
;;;OFFSET = 0x61
;;;BASE   = 0x95F90
LocalOnlyOffset.x64=95FF1
LocalOnlyCode.x64=jmpshort
; Patch CSessionArbitrationHelper::IsSingleSessionPerUserEnabled
SingleUserPatch.x64=1
;;;OFFSET   = 0x43
;;;BASE     = 0x12F90
;;;;instruction = 0xBB 0x01 0x00 0x00 0x00
;;;                   ^^^ +1 offset
SingleUserOffset.x64=12A34
SingleUserCode.x64=Zero
; Patch CDefPolicy::Query
DefPolicyPatch.x64=1
;;;
;;;BASE     = 0xBDF0
;;;OFFSET   = 0x15
DefPolicyOffset.x64=BE05
DefPolicyCode.x64=CDefPolicy_Query_eax_rcx
; Hook CSLQuery::Initialize
SLInitHook.x64=1
SLInitOffset.x64=24EC0
SLInitFunc.x64=New_CSLQuery_Initialize

[10.0.9926.0-SLInit]
bFUSEnabled.x64       =EEBF0
lMaxUserSessions.x64  =EEBF4
bAppServerAllowed.x64 =EEBF8
bInitialized.x64      =EEBFC
bMultimonAllowed.x64  =EEC00
bServerSku.x64        =EEC04
ulMaxDebugSessions.x64=EEC08
bRemoteConnAllowed.x64=EEC0C

[binarymaster]

Hello!

Allright, can you share DLL file somewhere, so I can check it?

[v-yadli]

I'm not sure if it's possible... Maybe we should wait till it goes public (sorry!).

[binarymaster]

No problem. I think it's better to wait when the release will be published, and then analyse it. Thanks for your help!

[binarymaster]

Well, I figured it out just now, these offsets are for Windows 10 Technical Preview 2015 January Update (fbl_awesome1501.150119-1648).

Added your contributions to the INI file. I'll research x86 version soon.

Thanks again!

[ajcoll5]

With the new INI file, it still won't allow multiple users on at the same time. RDPConf states that everything is installed, listening and that the version is fully supported. I'm running 10.0.9926 x64 and upgraded from the previous TP via WU. Any ideas?

[binarymaster]

Did you restart your PC or terminal services after updating INI file?

[ajcoll5]

Restarted the entire machine. I just tried again - reinstalled RDPWrap, overwrote the INI file in Program Files/RDP Wrap/ and then restarted the machine....still no joy. RDPConf still reporting everything is okay.

[binarymaster]

I'll check it as soon as possible.

[v-yadli]

What I did is to use ResHacker to recompile the resource file in the installer(or otherwise there will be a warning that "the version of termserv.dll is not supported" or so), and then make a clean install.

[binarymaster]

Just checked build 9926 (x64) works ok. Here is screenshot:
http://stascorp.com/images/rdpwrap/Win10PTP.png

@ajcoll5 obviously you're doing something wrong...

[aiugrivef]

@v-yadli could I ask you how did you manage to find those offsets/addresses?

I tried, but I am stuck with "can not parse debug info" on IDA :(
Do you have some tricks or tools which could help me?

[v-yadli]

@aiugrivef I use windbg. assembly code is provided in the INI file. Just search for them, the code is the same for all the builds! ;-)

However I did stumble upon weird behaviors... Wrong offsets will kill the service/freeze sessions at start. It took me a whole afternoon to get the correct combination.

I do believe there're smarter ways, just too eager to try something less brutal.

[MichaelMcD]

Not sure if this is the right place, but I cannot get it to allow multiple RDP sessions either on Windows 10 TP 9926. I am assuming the RDPWrap v1.5 is supposed to work on TP 9926, but it does not. During the install of RDPWrap v1.5 it also says that version 10.0.9926.0 of termsrv.dll is not supported, although it still completes the install and says install was successful. I was messing around previously with modded termsrv.dll files for Windows 8 so, since this is a new build anyway, I did a system restore to before then to make sure that wasn't the problem, and it still doesn't work.

I am also curious to know for anyone who has gotten it to work on Windows 10 how much it has been tested. I can get multiple RDP sessions on Win10 TP 9926 using a modded termsrv.dll file from Windows 8/8.1, and all seems good until I launch a Modern/Metro app in a second RDP session (or first RDP session if I also have a local log-in). Trying to launch a Modern app in a second RDP session causes the app to launch in the first RDP session (or in local log-in if exists). This renders that approach useless for Windows 10, which is why I kept searching for a solution and ended up here.

Thanks in advance!

[MichaelMcD]

Ok, after my previous post I realized that the release date of RDPWrap v1.5 was before the release of Win10 TP 9926 so, despite the notes saying it supported 9926, I checked the INI file and it did not. So I added the info from this thread to the INI file and now I can report that it does allow multiple RDP sessions.

HOWEVER, I get the same undesirable behavior that I did when using the modded termsrv.dll files from Windows 8 as noted previously. Trying to launch Modern/Metro apps in a second session causes them to launch in the first session. This renders the multiple sessions useless. Has anyone else encountered this and it there a fix or a work-around?

[v-yadli]

@MichaelMcD I can confirm that the desktop mode is working for me. Didn't try to start any metro apps though.

[binarymaster]

@MichaelMcD Here is video how to update INI file:
http://www.youtube.com/watch?v=W9BpbEt1yJw

Well, I see you succeeded in this. However I don't know much about Metro app remoting features. I think that Metro apps are just not designed to run in remote desktop sessions...

[MichaelMcD]

Would you or someone else mind opening up two RDP sessions to a Windows 10 TP 9926 computer, then in the second session launching one of the Metro apps in the Start menu, like Mail, Photos, or News? I would really like to know if I am the only one seeing this problem or not.

If I just have one RDP session, and no local session, it runs fine, Metro apps and all. So I am thinking it has something to do with the way the Metro apps are programmed. I was hoping to be able to give 2 accounts simultaneous access to the Win10 computer, but if the second user has to avoid all Metro apps, then it’s not a practical solution. And unfortunately I don’t have the skills to devise a fix.

Thanks!

From: binarymaster [mailto:notifications@github.com]
Sent: Monday, March 02, 2015 2:29 PM
To: binarymaster/rdpwrap
Cc: MichaelMcD
Subject: Re: [rdpwrap] New offset values for 10.0.9926.0-SLInit (#16)

@MichaelMcD https://github.com/MichaelMcD Here is video how to update INI file:
http://www.youtube.com/watch?v=W9BpbEt1yJw

Well, I see you succeeded in this. However I don't know much about Metro app remoting features. I think that Metro apps are not designed to run in remote desktop sessions...

—
Reply to this email directly or view it on GitHub #16 (comment) . https://github.com/notifications/beacon/AKvBXOhsUvWLIxLj8Mpqi6xp18MJs7Z3ks5nxLFygaJpZM4DVxIG.gif

[MichaelMcD]

Can anyone give it a try? Unless my experience is a quirk, the RDPWrap product does not completely work for Windows 10. Wouldn't this be good to know?