From 205ad747ad3d64f4819201b635d323031db4d256 Mon Sep 17 00:00:00 2001 From: NULL Date: Thu, 20 Sep 2018 00:31:59 +0200 Subject: [PATCH 01/14] Update rdpwrap.ini --- res/rdpwrap.ini | 208 +++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 197 insertions(+), 11 deletions(-) diff --git a/res/rdpwrap.ini b/res/rdpwrap.ini index 56c822e0..c93a09e1 100644 --- a/res/rdpwrap.ini +++ b/res/rdpwrap.ini @@ -2,7 +2,7 @@ ; Do not modify without special knowledge [Main] -Updated=2018-05-16 +Updated=2018-09-10 LogFile=\rdpwrap.txt SLPolicyHookNT60=1 SLPolicyHookNT61=1 @@ -121,6 +121,34 @@ DefPolicyPatch.x64=1 DefPolicyOffset.x64=17AD2 DefPolicyCode.x64=CDefPolicy_Query_eax_rdi +[6.1.7600.20890] +SingleUserPatch.x86=1 +SingleUserOffset.x86=19E2D +SingleUserCode.x86=nop +SingleUserPatch.x64=1 +SingleUserOffset.x64=17DF2 +SingleUserCode.x64=Zero +DefPolicyPatch.x86=1 +DefPolicyOffset.x86=196FB +DefPolicyCode.x86=CDefPolicy_Query_eax_esi +DefPolicyPatch.x64=1 +DefPolicyOffset.x64=17B0E +DefPolicyCode.x64=CDefPolicy_Query_eax_rdi + +[6.1.7600.21316] +SingleUserPatch.x86=1 +SingleUserOffset.x86=19E2D +SingleUserCode.x86=nop +SingleUserPatch.x64=1 +SingleUserOffset.x64=17E3E +SingleUserCode.x64=Zero +DefPolicyPatch.x86=1 +DefPolicyOffset.x86=196FB +DefPolicyCode.x86=CDefPolicy_Query_eax_esi +DefPolicyPatch.x64=1 +DefPolicyOffset.x64=17B5E +DefPolicyCode.x64=CDefPolicy_Query_eax_rdi + [6.1.7601.17514] SingleUserPatch.x86=1 SingleUserOffset.x86=1A49D @@ -149,32 +177,74 @@ DefPolicyPatch.x64=1 DefPolicyOffset.x64=17C82 DefPolicyCode.x64=CDefPolicy_Query_eax_rdi -[6.1.7601.22750] +[6.1.7601.18637] SingleUserPatch.x86=1 -SingleUserOffset.x86=1A655 +SingleUserOffset.x86=1A4DD SingleUserCode.x86=nop SingleUserPatch.x64=1 -SingleUserOffset.x64=17E8E +SingleUserOffset.x64=180FA SingleUserCode.x64=Zero DefPolicyPatch.x86=1 -DefPolicyOffset.x86=19E21 +DefPolicyOffset.x86=19DBB DefPolicyCode.x86=CDefPolicy_Query_eax_esi DefPolicyPatch.x64=1 -DefPolicyOffset.x64=17C92 +DefPolicyOffset.x64=17DC6 DefPolicyCode.x64=CDefPolicy_Query_eax_rdi -[6.1.7601.18637] +[6.1.7601.21650] SingleUserPatch.x86=1 -SingleUserOffset.x86=1A4DD +SingleUserOffset.x86=1A49D SingleUserCode.x86=nop SingleUserPatch.x64=1 -SingleUserOffset.x64=180FA +SingleUserOffset.x64=180BE SingleUserCode.x64=Zero DefPolicyPatch.x86=1 -DefPolicyOffset.x86=19DBB +DefPolicyOffset.x86=19D53 DefPolicyCode.x86=CDefPolicy_Query_eax_esi DefPolicyPatch.x64=1 -DefPolicyOffset.x64=17DC6 +DefPolicyOffset.x64=17D5A +DefPolicyCode.x64=CDefPolicy_Query_eax_rdi + +[6.1.7601.21866] +SingleUserPatch.x86=1 +SingleUserOffset.x86=1A49D +SingleUserCode.x86=nop +SingleUserPatch.x64=1 +SingleUserOffset.x64=180BE +SingleUserCode.x64=Zero +DefPolicyPatch.x86=1 +DefPolicyOffset.x86=19D53 +DefPolicyCode.x86=CDefPolicy_Query_eax_esi +DefPolicyPatch.x64=1 +DefPolicyOffset.x64=17D5A +DefPolicyCode.x64=CDefPolicy_Query_eax_rdi + +[6.1.7601.22104] +SingleUserPatch.x86=1 +SingleUserOffset.x86=1A49D +SingleUserCode.x86=nop +SingleUserPatch.x64=1 +SingleUserOffset.x64=180C6 +SingleUserCode.x64=Zero +DefPolicyPatch.x86=1 +DefPolicyOffset.x86=19D53 +DefPolicyCode.x86=CDefPolicy_Query_eax_esi +DefPolicyPatch.x64=1 +DefPolicyOffset.x64=17D5E +DefPolicyCode.x64=CDefPolicy_Query_eax_rdi + +[6.1.7601.22750] +SingleUserPatch.x86=1 +SingleUserOffset.x86=1A655 +SingleUserCode.x86=nop +SingleUserPatch.x64=1 +SingleUserOffset.x64=17E8E +SingleUserCode.x64=Zero +DefPolicyPatch.x86=1 +DefPolicyOffset.x86=19E21 +DefPolicyCode.x86=CDefPolicy_Query_eax_esi +DefPolicyPatch.x64=1 +DefPolicyOffset.x64=17C92 DefPolicyCode.x64=CDefPolicy_Query_eax_rdi [6.1.7601.22843] @@ -507,6 +577,32 @@ SLInitHook.x64=1 SLInitOffset.x64=5D830 SLInitFunc.x64=New_CSLQuery_Initialize +[6.3.9600.19093] +LocalOnlyPatch.x86=1 +LocalOnlyOffset.x86=B3958 +LocalOnlyCode.x86=jmpshort +LocalOnlyPatch.x64=1 +LocalOnlyOffset.x64=8AE4E +LocalOnlyCode.x64=nopjmp +SingleUserPatch.x86=1 +SingleUserOffset.x86=3F045 +SingleUserCode.x86=nop +SingleUserPatch.x64=1 +SingleUserOffset.x64=36BC9 +SingleUserCode.x64=Zero +DefPolicyPatch.x86=1 +DefPolicyOffset.x86=3D899 +DefPolicyCode.x86=CDefPolicy_Query_eax_ecx +DefPolicyPatch.x64=1 +DefPolicyOffset.x64=45305 +DefPolicyCode.x64=CDefPolicy_Query_eax_rcx +SLInitHook.x86=1 +SLInitOffset.x86=18288 +SLInitFunc.x86=New_CSLQuery_Initialize +SLInitHook.x64=1 +SLInitOffset.x64=5D660 +SLInitFunc.x64=New_CSLQuery_Initialize + [6.4.9841.0] LocalOnlyPatch.x86=1 LocalOnlyOffset.x86=956A8 @@ -1227,15 +1323,27 @@ SLInitFunc.x64=New_CSLQuery_Initialize LocalOnlyPatch.x86=1 LocalOnlyOffset.x86=A6088 LocalOnlyCode.x86=jmpshort +LocalOnlyPatch.x64=1 +LocalOnlyOffset.x64=8D781 +LocalOnlyCode.x64=jmpshort SingleUserPatch.x86=1 SingleUserOffset.x86=359C5 SingleUserCode.x86=nop +SingleUserPatch.x64=1 +SingleUserOffset.x64=299A4 +SingleUserCode.x64=Zero DefPolicyPatch.x86=1 DefPolicyOffset.x86=2FF29 DefPolicyCode.x86=CDefPolicy_Query_eax_ecx +DefPolicyPatch.x64=1 +DefPolicyOffset.x64=1AFC5 +DefPolicyCode.x64=CDefPolicy_Query_eax_rcx SLInitHook.x86=1 SLInitOffset.x86=45636 SLInitFunc.x86=New_CSLQuery_Initialize +SLInitHook.x64=1 +SLInitOffset.x64=C930 +SLInitFunc.x64=New_CSLQuery_Initialize [10.0.14393.1737] LocalOnlyPatch.x86=1 @@ -1263,6 +1371,20 @@ SLInitHook.x64=1 SLInitOffset.x64=C930 SLInitFunc.x64=New_CSLQuery_Initialize +[10.0.14393.2457] +LocalOnlyPatch.x64=1 +LocalOnlyOffset.x64=8D781 +LocalOnlyCode.x64=jmpshort +SingleUserPatch.x64=1 +SingleUserOffset.x64=2A3D4 +SingleUserCode.x64=Zero +DefPolicyPatch.x64=1 +DefPolicyOffset.x64=1B545 +DefPolicyCode.x64=CDefPolicy_Query_eax_rcx +SLInitHook.x64=1 +SLInitOffset.x64=C920 +SLInitFunc.x64=New_CSLQuery_Initialize + [10.0.14901.1000] LocalOnlyPatch.x86=1 LocalOnlyOffset.x86=A6038 @@ -1993,6 +2115,21 @@ SLInitHook.x64=1 SLInitOffset.x64=D1EC SLInitFunc.x64=New_CSLQuery_Initialize +[10.0.15063.1155] +; no x86 version +LocalOnlyPatch.x64=1 +LocalOnlyOffset.x64=8CB01 +LocalOnlyCode.x64=jmpshort +SingleUserPatch.x64=1 +SingleUserOffset.x64=15EA4 +SingleUserCode.x64=Zero +DefPolicyPatch.x64=1 +DefPolicyOffset.x64=FAE5 +DefPolicyCode.x64=CDefPolicy_Query_eax_rcx +SLInitHook.x64=1 +SLInitOffset.x64=234DC +SLInitFunc.x64=New_CSLQuery_Initialize + [10.0.16179.1000] LocalOnlyPatch.x86=1 LocalOnlyOffset.x86=AA568 @@ -2994,6 +3131,25 @@ bServerSku.x64 =FA068 ulMaxDebugSessions.x64=FA06C bRemoteConnAllowed.x64=FA070 +[6.3.9600.19093-SLInit] +bFUSEnabled.x86 =D3068 +lMaxUserSessions.x86 =D306C +bAppServerAllowed.x86 =D3070 +bInitialized.x86 =D3074 +bMultimonAllowed.x86 =D3078 +bServerSku.x86 =D307C +ulMaxDebugSessions.x86=D3080 +bRemoteConnAllowed.x86=D3084 + +bFUSEnabled.x64 =FA054 +lMaxUserSessions.x64 =FA058 +bAppServerAllowed.x64 =FA05C +bInitialized.x64 =FA060 +bMultimonAllowed.x64 =FA064 +bServerSku.x64 =FA068 +ulMaxDebugSessions.x64=FA06C +bRemoteConnAllowed.x64=FA070 + [6.4.9841.0-SLInit] bFUSEnabled.x86 =BF9F0 lMaxUserSessions.x86 =BF9F4 @@ -3527,6 +3683,15 @@ bMultimonAllowed.x86 =C1F80 ulMaxDebugSessions.x86=C1F84 bFUSEnabled.x86 =C1F88 +bServerSku.x64 =E73D0 +lMaxUserSessions.x64 =E73D4 +bAppServerAllowed.x64 =E73D8 +bInitialized.x64 =E8470 +bRemoteConnAllowed.x64=E8474 +bMultimonAllowed.x64 =E8478 +ulMaxDebugSessions.x64=E847C +bFUSEnabled.x64 =E8480 + [10.0.14393.1737-SLInit] bInitialized.x86 =C1F6C bServerSku.x86 =C1F70 @@ -3546,6 +3711,16 @@ bMultimonAllowed.x64 =E8478 ulMaxDebugSessions.x64=E847C bFUSEnabled.x64 =E8480 +[10.0.14393.2457-SLInit] +bServerSku.x64 =E73D0 +lMaxUserSessions.x64 =E73D4 +bAppServerAllowed.x64 =E73D8 +bInitialized.x64 =E8470 +bRemoteConnAllowed.x64=E8474 +bMultimonAllowed.x64 =E8478 +ulMaxDebugSessions.x64=E847C +bFUSEnabled.x64 =E8480 + [10.0.14901.1000-SLInit] bInitialized.x86 =C1F6C bServerSku.x86 =C1F70 @@ -4079,6 +4254,17 @@ bServerSku.x64 =E9484 lMaxUserSessions.x64 =E9488 bAppServerAllowed.x64 =E948C +[10.0.15063.1155-SLInit] +; no x86 version +bInitialized.x64 =E9468 +bRemoteConnAllowed.x64=E946C +bMultimonAllowed.x64 =E9470 +ulMaxDebugSessions.x64=E9474 +bFUSEnabled.x64 =E9478 +bServerSku.x64 =E9484 +lMaxUserSessions.x64 =E9488 +bAppServerAllowed.x64 =E948C + [10.0.16179.1000-SLInit] bInitialized.x86 =C7F6C bServerSku.x86 =C7F70 From 086183ba3d99890259bc96e87cfc71168d9b5067 Mon Sep 17 00:00:00 2001 From: NULL Date: Thu, 20 Sep 2018 00:37:46 +0200 Subject: [PATCH 02/14] Update rdpwrap-ini-kb.txt --- res/rdpwrap-ini-kb.txt | 188 ++++++++++++++++++++++++++++++++++++++++- 1 file changed, 187 insertions(+), 1 deletion(-) diff --git a/res/rdpwrap-ini-kb.txt b/res/rdpwrap-ini-kb.txt index 4f9c24f6..06bdb0fb 100644 --- a/res/rdpwrap-ini-kb.txt +++ b/res/rdpwrap-ini-kb.txt @@ -1,6 +1,6 @@ [Main] ; Last updated date -Updated=2018-05-16 +Updated=2018-09-10 ; Address to log file (RDP Wrapper will write it, if exists) LogFile=\rdpwrap.txt ; Hook SLPolicy API on Windows NT 6.0 @@ -343,6 +343,34 @@ DefPolicyPatch.x64=1 DefPolicyOffset.x64=17AD2 DefPolicyCode.x64=CDefPolicy_Query_eax_rdi +[6.1.7600.20890] +SingleUserPatch.x86=1 +SingleUserOffset.x86=19E2D +SingleUserCode.x86=nop +SingleUserPatch.x64=1 +SingleUserOffset.x64=17DF2 +SingleUserCode.x64=Zero +DefPolicyPatch.x86=1 +DefPolicyOffset.x86=196FB +DefPolicyCode.x86=CDefPolicy_Query_eax_esi +DefPolicyPatch.x64=1 +DefPolicyOffset.x64=17B0E +DefPolicyCode.x64=CDefPolicy_Query_eax_rdi + +[6.1.7600.21316] +SingleUserPatch.x86=1 +SingleUserOffset.x86=19E2D +SingleUserCode.x86=nop +SingleUserPatch.x64=1 +SingleUserOffset.x64=17E3E +SingleUserCode.x64=Zero +DefPolicyPatch.x86=1 +DefPolicyOffset.x86=196FB +DefPolicyCode.x86=CDefPolicy_Query_eax_esi +DefPolicyPatch.x64=1 +DefPolicyOffset.x64=17B5E +DefPolicyCode.x64=CDefPolicy_Query_eax_rdi + [6.1.7601.17514] ; Patch CSessionArbitrationHelper::IsSingleSessionPerUserEnabled ; Imagebase: 6F2E0000 @@ -386,6 +414,48 @@ DefPolicyPatch.x64=1 DefPolicyOffset.x64=17D8A DefPolicyCode.x64=CDefPolicy_Query_eax_rdi +[6.1.7601.21650] +SingleUserPatch.x86=1 +SingleUserOffset.x86=1A49D +SingleUserCode.x86=nop +SingleUserPatch.x64=1 +SingleUserOffset.x64=180BE +SingleUserCode.x64=Zero +DefPolicyPatch.x86=1 +DefPolicyOffset.x86=19D53 +DefPolicyCode.x86=CDefPolicy_Query_eax_esi +DefPolicyPatch.x64=1 +DefPolicyOffset.x64=17D5A +DefPolicyCode.x64=CDefPolicy_Query_eax_rdi + +[6.1.7601.21866] +SingleUserPatch.x86=1 +SingleUserOffset.x86=1A49D +SingleUserCode.x86=nop +SingleUserPatch.x64=1 +SingleUserOffset.x64=180BE +SingleUserCode.x64=Zero +DefPolicyPatch.x86=1 +DefPolicyOffset.x86=19D53 +DefPolicyCode.x86=CDefPolicy_Query_eax_esi +DefPolicyPatch.x64=1 +DefPolicyOffset.x64=17D5A +DefPolicyCode.x64=CDefPolicy_Query_eax_rdi + +[6.1.7601.22104] +SingleUserPatch.x86=1 +SingleUserOffset.x86=1A49D +SingleUserCode.x86=nop +SingleUserPatch.x64=1 +SingleUserOffset.x64=180C6 +SingleUserCode.x64=Zero +DefPolicyPatch.x86=1 +DefPolicyOffset.x86=19D53 +DefPolicyCode.x86=CDefPolicy_Query_eax_esi +DefPolicyPatch.x64=1 +DefPolicyOffset.x64=17D5E +DefPolicyCode.x64=CDefPolicy_Query_eax_rdi + [6.1.7601.18540] ; Patch CSessionArbitrationHelper::IsSingleSessionPerUserEnabled ; Imagebase: 6F2E0000 @@ -1216,6 +1286,32 @@ SLInitHook.x64=1 SLInitOffset.x64=5D830 SLInitFunc.x64=New_CSLQuery_Initialize +[6.3.9600.19093] +LocalOnlyPatch.x86=1 +LocalOnlyOffset.x86=B3958 +LocalOnlyCode.x86=jmpshort +LocalOnlyPatch.x64=1 +LocalOnlyOffset.x64=8AE4E +LocalOnlyCode.x64=nopjmp +SingleUserPatch.x86=1 +SingleUserOffset.x86=3F045 +SingleUserCode.x86=nop +SingleUserPatch.x64=1 +SingleUserOffset.x64=36BC9 +SingleUserCode.x64=Zero +DefPolicyPatch.x86=1 +DefPolicyOffset.x86=3D899 +DefPolicyCode.x86=CDefPolicy_Query_eax_ecx +DefPolicyPatch.x64=1 +DefPolicyOffset.x64=45305 +DefPolicyCode.x64=CDefPolicy_Query_eax_rcx +SLInitHook.x86=1 +SLInitOffset.x86=18288 +SLInitFunc.x86=New_CSLQuery_Initialize +SLInitHook.x64=1 +SLInitOffset.x64=5D660 +SLInitFunc.x64=New_CSLQuery_Initialize + [6.4.9841.0] ; Patch CEnforcementCore::GetInstanceOfTSLicense ; .text:1009569B call sub_100B7EE5 @@ -2203,18 +2299,30 @@ SLInitFunc.x64=New_CSLQuery_Initialize LocalOnlyPatch.x86=1 LocalOnlyOffset.x86=A6088 LocalOnlyCode.x86=jmpshort +LocalOnlyPatch.x64=1 +LocalOnlyOffset.x64=8D781 +LocalOnlyCode.x64=jmpshort ; Patch CSessionArbitrationHelper::IsSingleSessionPerUserEnabled SingleUserPatch.x86=1 SingleUserOffset.x86=359C5 SingleUserCode.x86=nop +SingleUserPatch.x64=1 +SingleUserOffset.x64=299A4 +SingleUserCode.x64=Zero ; Patch CDefPolicy::Query DefPolicyPatch.x86=1 DefPolicyOffset.x86=2FF29 DefPolicyCode.x86=CDefPolicy_Query_eax_ecx +DefPolicyPatch.x64=1 +DefPolicyOffset.x64=1AFC5 +DefPolicyCode.x64=CDefPolicy_Query_eax_rcx ; Hook CSLQuery::Initialize SLInitHook.x86=1 SLInitOffset.x86=45636 SLInitFunc.x86=New_CSLQuery_Initialize +SLInitHook.x64=1 +SLInitOffset.x64=C930 +SLInitFunc.x64=New_CSLQuery_Initialize [10.0.14393.1737] ; Patch CEnforcementCore::GetInstanceOfTSLicense @@ -2246,6 +2354,20 @@ SLInitHook.x64=1 SLInitOffset.x64=C930 SLInitFunc.x64=New_CSLQuery_Initialize +[10.0.14393.2457] +LocalOnlyPatch.x64=1 +LocalOnlyOffset.x64=8D781 +LocalOnlyCode.x64=jmpshort +SingleUserPatch.x64=1 +SingleUserOffset.x64=2A3D4 +SingleUserCode.x64=Zero +DefPolicyPatch.x64=1 +DefPolicyOffset.x64=1B545 +DefPolicyCode.x64=CDefPolicy_Query_eax_rcx +SLInitHook.x64=1 +SLInitOffset.x64=C920 +SLInitFunc.x64=New_CSLQuery_Initialize + [10.0.14901.1000] ; Patch CEnforcementCore::GetInstanceOfTSLicense LocalOnlyPatch.x86=1 @@ -3092,6 +3214,21 @@ SLInitHook.x64=1 SLInitOffset.x64=D1EC SLInitFunc.x64=New_CSLQuery_Initialize +[10.0.15063.1155] +; no x86 version +LocalOnlyPatch.x64=1 +LocalOnlyOffset.x64=8CB01 +LocalOnlyCode.x64=jmpshort +SingleUserPatch.x64=1 +SingleUserOffset.x64=15EA4 +SingleUserCode.x64=Zero +DefPolicyPatch.x64=1 +DefPolicyOffset.x64=FAE5 +DefPolicyCode.x64=CDefPolicy_Query_eax_rcx +SLInitHook.x64=1 +SLInitOffset.x64=234DC +SLInitFunc.x64=New_CSLQuery_Initialize + [10.0.16179.1000] ; Patch CEnforcementCore::GetInstanceOfTSLicense LocalOnlyPatch.x86=1 @@ -4248,6 +4385,25 @@ bServerSku.x64 =FA068 ulMaxDebugSessions.x64=FA06C bRemoteConnAllowed.x64=FA070 +[6.3.9600.19093-SLInit] +bFUSEnabled.x86 =D3068 +lMaxUserSessions.x86 =D306C +bAppServerAllowed.x86 =D3070 +bInitialized.x86 =D3074 +bMultimonAllowed.x86 =D3078 +bServerSku.x86 =D307C +ulMaxDebugSessions.x86=D3080 +bRemoteConnAllowed.x86=D3084 + +bFUSEnabled.x64 =FA054 +lMaxUserSessions.x64 =FA058 +bAppServerAllowed.x64 =FA05C +bInitialized.x64 =FA060 +bMultimonAllowed.x64 =FA064 +bServerSku.x64 =FA068 +ulMaxDebugSessions.x64=FA06C +bRemoteConnAllowed.x64=FA070 + [6.4.9841.0-SLInit] bFUSEnabled.x86 =BF9F0 lMaxUserSessions.x86 =BF9F4 @@ -4782,6 +4938,15 @@ bMultimonAllowed.x86 =C1F80 ulMaxDebugSessions.x86=C1F84 bFUSEnabled.x86 =C1F88 +bServerSku.x64 =E73D0 +lMaxUserSessions.x64 =E73D4 +bAppServerAllowed.x64 =E73D8 +bInitialized.x64 =E8470 +bRemoteConnAllowed.x64=E8474 +bMultimonAllowed.x64 =E8478 +ulMaxDebugSessions.x64=E847C +bFUSEnabled.x64 =E8480 + [10.0.14393.1737-SLInit] bInitialized.x86 =C1F6C bServerSku.x86 =C1F70 @@ -4801,6 +4966,16 @@ bMultimonAllowed.x64 =E8478 ulMaxDebugSessions.x64=E847C bFUSEnabled.x64 =E8480 +[10.0.14393.2457-SLInit] +bServerSku.x64 =E73D0 +lMaxUserSessions.x64 =E73D4 +bAppServerAllowed.x64 =E73D8 +bInitialized.x64 =E8470 +bRemoteConnAllowed.x64=E8474 +bMultimonAllowed.x64 =E8478 +ulMaxDebugSessions.x64=E847C +bFUSEnabled.x64 =E8480 + [10.0.14901.1000-SLInit] bInitialized.x86 =C1F6C bServerSku.x86 =C1F70 @@ -5334,6 +5509,17 @@ bServerSku.x64 =E9484 lMaxUserSessions.x64 =E9488 bAppServerAllowed.x64 =E948C +[10.0.15063.1155-SLInit] +; no x86 version +bInitialized.x64 =E9468 +bRemoteConnAllowed.x64=E946C +bMultimonAllowed.x64 =E9470 +ulMaxDebugSessions.x64=E9474 +bFUSEnabled.x64 =E9478 +bServerSku.x64 =E9484 +lMaxUserSessions.x64 =E9488 +bAppServerAllowed.x64 =E948C + [10.0.16179.1000-SLInit] bInitialized.x86 =C7F6C bServerSku.x86 =C7F70 From 13e98943f802b47e3347ab5ce1c5be6a7e0f7242 Mon Sep 17 00:00:00 2001 From: NULL Date: Thu, 20 Sep 2018 00:40:59 +0200 Subject: [PATCH 03/14] Update README.md --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index 999d27e7..bf097c91 100644 --- a/README.md +++ b/README.md @@ -282,7 +282,12 @@ Visit [issues](https://github.com/stascorp/rdpwrap/issues) section, and check wh - 6.0.6002.23521 (Windows Vista SP2 with KB3003743 LDR) - 6.1.X.X (Windows 7 / Server 2008 R2) - 6.1.7600.16385 (Windows 7) +- 6.1.7600.20890 +- 6.1.7600.21316 - 6.1.7601.17514 (Windows 7 SP1) +- 6.1.7601.21650 +- 6.1.7601.21866 +- 6.1.7601.22104 - 6.1.7601.18540 (Windows 7 SP1 with KB2984972 GDR) - 6.1.7601.22750 (Windows 7 SP1 with KB2984972 LDR) - 6.1.7601.18637 (Windows 7 SP1 with KB3003743 GDR) @@ -301,6 +306,7 @@ Visit [issues](https://github.com/stascorp/rdpwrap/issues) section, and check wh - 6.3.9600.18692 (Windows 8.1 with KB4022720) - 6.3.9600.18708 (Windows 8.1 with KB4025335) - 6.3.9600.18928 (Windows 8.1 with KB4088876) +- 6.3.9600.19093 (Windows 8.1 with 2018-09 rollup) - 6.4.9841.0 (Windows 10 Technical Preview) - 6.4.9860.0 (Windows 10 Technical Preview Update 1) - 6.4.9879.0 (Windows 10 Technical Preview Update 2) @@ -331,6 +337,7 @@ Visit [issues](https://github.com/stascorp/rdpwrap/issues) section, and check wh - 10.0.14393.0 (Windows 10 RS1 Release 160715-1616) - 10.0.14393.1198 (Windows 10 RS1 Release Sec 170427-1353 with KB4019472) - 10.0.14393.1737 (Windows 10 RS1 Release Inmarket 170914-1249 with KB4041691) +- 10.0.14393.2457 (Windows 10 RS1 with 2018-09 rollup; just x64 yet) - 10.0.14901.1000 (Windows 10 RS Pre-Release 160805-1700) - 10.0.14905.1000 (Windows 10 RS Pre-Release 160811-1739) - 10.0.14915.1000 (Windows 10 RS Pre-Release 160826-1902) @@ -360,6 +367,7 @@ Visit [issues](https://github.com/stascorp/rdpwrap/issues) section, and check wh - 10.0.15061.0 (Windows 10 Build 160101.0800) - 10.0.15063.0 (Windows 10 Build 160101.0800) - 10.0.15063.296 (Windows 10 Build 160101.0800) +- 10.0.15063.1155 (Windows 10 RS2) - 10.0.16179.1000 (Windows 10 Build 160101.0800) - 10.0.16184.1001 (Windows 10 Build 160101.0800) - 10.0.16199.1000 (Windows 10 Build 160101.0800) From 615f00f136a3aeea5d293e7eae995d649629972e Mon Sep 17 00:00:00 2001 From: NULL Date: Thu, 20 Sep 2018 00:47:31 +0200 Subject: [PATCH 04/14] Update technical.txt --- technical.txt | 24 +++++++++++++++++++----- 1 file changed, 19 insertions(+), 5 deletions(-) diff --git a/technical.txt b/technical.txt index d1735ba0..cfe69124 100644 --- a/technical.txt +++ b/technical.txt @@ -26,14 +26,14 @@ Terminal Services supported versions 6.1.7600.20661 (Windows 7 with KB951422) [todo] 6.1.7600.21085 (Windows 7 with KB951422 v2) [todo] 6.1.7600.20621 (Windows 7 with KB979470) [todo] -6.1.7600.20890 (Windows 7 with KB2479710) [todo] -6.1.7600.21316 (Windows 7 with KB2750090) [todo] +6.1.7600.20890 (Windows 7 with KB2479710) [policy hook + extended patch] +6.1.7600.21316 (Windows 7 with KB2750090) [policy hook + extended patch] 6.1.7600.21420 (Windows 7 with KB2800789) [todo] 6.1.7601.17514 (Windows 7 SP1) [policy hook + extended patch] 6.1.7601.21855 (Windows 7 SP1 with KB951422 v2) [todo] -6.1.7601.21650 (Windows 7 SP1 with KB2479710) [todo] -6.1.7601.21866 (Windows 7 SP1 with KB2647409) [todo] -6.1.7601.22104 (Windows 7 SP1 with KB2750090) [todo] +6.1.7601.21650 (Windows 7 SP1 with KB2479710) [policy hook + extended patch] +6.1.7601.21866 (Windows 7 SP1 with KB2647409) [policy hook + extended patch] +6.1.7601.22104 (Windows 7 SP1 with KB2750090) [policy hook + extended patch] 6.1.7601.22213 (Windows 7 SP1 with KB2800789) [todo] 6.1.7601.22476 (Windows 7 SP1 with KB2870165) [todo] 6.1.7601.22435 (Windows 7 SP1 with KB2878424) [todo] @@ -56,6 +56,7 @@ Terminal Services supported versions 6.3.9600.18692 (Windows 8.1 with KB4022720) [init hook + extended patch] 6.3.9600.18708 (Windows 8.1 with KB4025335) [init hook + extended patch] 6.3.9600.18928 (Windows 8.1 with KB4088876) [init hook + extended patch] +6.3.9600.19093 (Windows 8.1 with 2018-09 rollup) [init hook + extended patch] 6.4.9841.0 (Windows 10 Technical Preview) [init hook + extended patch] 6.4.9860.0 (Windows 10 Technical Preview UP1) [init hook + extended patch] 6.4.9879.0 (Windows 10 Technical Preview UP2) [init hook + extended patch] @@ -91,6 +92,7 @@ Terminal Services supported versions 10.0.14393.0 (Windows 10 rs1_release.160715-1616) [init hook + extended patch] 10.0.14393.1198 (Windows 10 rs1_release_sec.170427-1353) [init hook + extended patch] 10.0.14393.1737 (Windows 10 rs1_release_inmarket.170914-1249) [init hook + extended patch] +10.0.14393.2457 (Windows 10 RS1) [init hook + extended patch] 10.0.14901.1000 (Windows 10 rs_prerelease.160805-1700) [init hook + extended patch] 10.0.14905.1000 (Windows 10 rs_prerelease.160811-1739) [init hook + extended patch] 10.0.14915.1000 (Windows 10 rs_prerelease.160826-1902) [init hook + extended patch] @@ -121,6 +123,7 @@ Terminal Services supported versions 10.0.15063.0 (Windows 10 WinBuild.160101.0800) [init hook + extended patch] 10.0.15063.296 (Windows 10 WinBuild.160101.0800) [init hook + extended patch] 10.0.15063.994 (Windows 10 WinBuild.160101.0800) [todo] +10.0.15063.1155 (Windows 10 RS2) [init hook + extended patch] 10.0.16179.1000 (Windows 10 WinBuild.160101.0800) [init hook + extended patch] 10.0.16184.1001 (Windows 10 WinBuild.160101.0800) [init hook + extended patch] 10.0.16199.1000 (Windows 10 WinBuild.160101.0800) [init hook + extended patch] @@ -160,6 +163,17 @@ Terminal Services supported versions Source code changelog (rdpwrap library): +2018.09.10 : +- added support for termsrv.dll 6.1.7600.20890 +- added support for termsrv.dll 6.1.7600.21316 +- added support for termsrv.dll 6.1.7601.21650 +- added support for termsrv.dll 6.1.7601.21866 +- added support for termsrv.dll 6.1.7601.22104 +- added support for termsrv.dll 6.3.9600.19093 +- added support for termsrv.dll 10.0.14393.1198 (added missing x64 offsets) +- added support for termsrv.dll 10.0.14393.2457 (x86 still missing) +- added support for termsrv.dll 10.0.15063.1155 + 2018.05.16 : - added support for termsrv.dll 10.0.17115.1 - added support for termsrv.dll 10.0.17128.1 From c7ee8f8b59c6a21857375e21322a3fc07df1ba64 Mon Sep 17 00:00:00 2001 From: NULL Date: Thu, 20 Sep 2018 23:08:38 +0200 Subject: [PATCH 05/14] Update technical.txt --- technical.txt | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/technical.txt b/technical.txt index cfe69124..185e871d 100644 --- a/technical.txt +++ b/technical.txt @@ -16,7 +16,7 @@ Terminal Services supported versions 6.0.6002.22269 (Windows Vista SP2 with KB977541) [todo] 6.0.6002.22340 (Windows Vista SP2 with KB970911) [todo] 6.0.6002.22515 (Windows Vista SP2 with KB2381675) [todo] -6.0.6002.22641 (Windows Vista SP2 with KB2523307) [todo] +6.0.6002.22641 (Windows Vista SP2 with KB2523307) [unsupported] 6.0.6002.22790 (Windows Vista SP2 with KB2672601) [todo] 6.0.6002.19214 (Windows Vista SP2 with KB3003743 GDR) [policy hook + extended patch] 6.0.6002.23521 (Windows Vista SP2 with KB3003743 LDR) [policy hook + extended patch] @@ -56,7 +56,7 @@ Terminal Services supported versions 6.3.9600.18692 (Windows 8.1 with KB4022720) [init hook + extended patch] 6.3.9600.18708 (Windows 8.1 with KB4025335) [init hook + extended patch] 6.3.9600.18928 (Windows 8.1 with KB4088876) [init hook + extended patch] -6.3.9600.19093 (Windows 8.1 with 2018-09 rollup) [init hook + extended patch] +6.3.9600.19093 (Windows 8.1 with KB4343891) [init hook + extended patch] 6.4.9841.0 (Windows 10 Technical Preview) [init hook + extended patch] 6.4.9860.0 (Windows 10 Technical Preview UP1) [init hook + extended patch] 6.4.9879.0 (Windows 10 Technical Preview UP2) [init hook + extended patch] @@ -92,7 +92,7 @@ Terminal Services supported versions 10.0.14393.0 (Windows 10 rs1_release.160715-1616) [init hook + extended patch] 10.0.14393.1198 (Windows 10 rs1_release_sec.170427-1353) [init hook + extended patch] 10.0.14393.1737 (Windows 10 rs1_release_inmarket.170914-1249) [init hook + extended patch] -10.0.14393.2457 (Windows 10 RS1) [init hook + extended patch] +10.0.14393.2457 (Windows 10 rs1_release_inmarket.180822-1743) [init hook + extended patch] 10.0.14901.1000 (Windows 10 rs_prerelease.160805-1700) [init hook + extended patch] 10.0.14905.1000 (Windows 10 rs_prerelease.160811-1739) [init hook + extended patch] 10.0.14915.1000 (Windows 10 rs_prerelease.160826-1902) [init hook + extended patch] @@ -123,7 +123,7 @@ Terminal Services supported versions 10.0.15063.0 (Windows 10 WinBuild.160101.0800) [init hook + extended patch] 10.0.15063.296 (Windows 10 WinBuild.160101.0800) [init hook + extended patch] 10.0.15063.994 (Windows 10 WinBuild.160101.0800) [todo] -10.0.15063.1155 (Windows 10 RS2) [init hook + extended patch] +10.0.15063.1155 (Windows 10 WinBuild.160101.0800) [init hook + extended patch] 10.0.16179.1000 (Windows 10 WinBuild.160101.0800) [init hook + extended patch] 10.0.16184.1001 (Windows 10 WinBuild.160101.0800) [init hook + extended patch] 10.0.16199.1000 (Windows 10 WinBuild.160101.0800) [init hook + extended patch] From 5b156ded3e21558da94587384fea15747ac88197 Mon Sep 17 00:00:00 2001 From: NULL Date: Thu, 20 Sep 2018 23:11:11 +0200 Subject: [PATCH 06/14] Update README.md --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index bf097c91..c7d8134c 100644 --- a/README.md +++ b/README.md @@ -306,7 +306,7 @@ Visit [issues](https://github.com/stascorp/rdpwrap/issues) section, and check wh - 6.3.9600.18692 (Windows 8.1 with KB4022720) - 6.3.9600.18708 (Windows 8.1 with KB4025335) - 6.3.9600.18928 (Windows 8.1 with KB4088876) -- 6.3.9600.19093 (Windows 8.1 with 2018-09 rollup) +- 6.3.9600.19093 (Windows 8.1 with KB4343891) - 6.4.9841.0 (Windows 10 Technical Preview) - 6.4.9860.0 (Windows 10 Technical Preview Update 1) - 6.4.9879.0 (Windows 10 Technical Preview Update 2) @@ -337,7 +337,7 @@ Visit [issues](https://github.com/stascorp/rdpwrap/issues) section, and check wh - 10.0.14393.0 (Windows 10 RS1 Release 160715-1616) - 10.0.14393.1198 (Windows 10 RS1 Release Sec 170427-1353 with KB4019472) - 10.0.14393.1737 (Windows 10 RS1 Release Inmarket 170914-1249 with KB4041691) -- 10.0.14393.2457 (Windows 10 RS1 with 2018-09 rollup; just x64 yet) +- 10.0.14393.2457 (Windows 10 RS1 Release Inmarket 180822-1743 with KB4457131) - 10.0.14901.1000 (Windows 10 RS Pre-Release 160805-1700) - 10.0.14905.1000 (Windows 10 RS Pre-Release 160811-1739) - 10.0.14915.1000 (Windows 10 RS Pre-Release 160826-1902) @@ -367,7 +367,7 @@ Visit [issues](https://github.com/stascorp/rdpwrap/issues) section, and check wh - 10.0.15061.0 (Windows 10 Build 160101.0800) - 10.0.15063.0 (Windows 10 Build 160101.0800) - 10.0.15063.296 (Windows 10 Build 160101.0800) -- 10.0.15063.1155 (Windows 10 RS2) +- 10.0.15063.1155 (Windows 10 Build 160101.0800) - 10.0.16179.1000 (Windows 10 Build 160101.0800) - 10.0.16184.1001 (Windows 10 Build 160101.0800) - 10.0.16199.1000 (Windows 10 Build 160101.0800) From 68d3e9c31504dcdc52c3ed89bc7009f8885218da Mon Sep 17 00:00:00 2001 From: NULL Date: Thu, 20 Sep 2018 23:13:29 +0200 Subject: [PATCH 07/14] Revert "Update rdpwrap-ini-kb.txt" Can't do this on my machine --- res/rdpwrap-ini-kb.txt | 188 +---------------------------------------- 1 file changed, 1 insertion(+), 187 deletions(-) diff --git a/res/rdpwrap-ini-kb.txt b/res/rdpwrap-ini-kb.txt index 06bdb0fb..4f9c24f6 100644 --- a/res/rdpwrap-ini-kb.txt +++ b/res/rdpwrap-ini-kb.txt @@ -1,6 +1,6 @@ [Main] ; Last updated date -Updated=2018-09-10 +Updated=2018-05-16 ; Address to log file (RDP Wrapper will write it, if exists) LogFile=\rdpwrap.txt ; Hook SLPolicy API on Windows NT 6.0 @@ -343,34 +343,6 @@ DefPolicyPatch.x64=1 DefPolicyOffset.x64=17AD2 DefPolicyCode.x64=CDefPolicy_Query_eax_rdi -[6.1.7600.20890] -SingleUserPatch.x86=1 -SingleUserOffset.x86=19E2D -SingleUserCode.x86=nop -SingleUserPatch.x64=1 -SingleUserOffset.x64=17DF2 -SingleUserCode.x64=Zero -DefPolicyPatch.x86=1 -DefPolicyOffset.x86=196FB -DefPolicyCode.x86=CDefPolicy_Query_eax_esi -DefPolicyPatch.x64=1 -DefPolicyOffset.x64=17B0E -DefPolicyCode.x64=CDefPolicy_Query_eax_rdi - -[6.1.7600.21316] -SingleUserPatch.x86=1 -SingleUserOffset.x86=19E2D -SingleUserCode.x86=nop -SingleUserPatch.x64=1 -SingleUserOffset.x64=17E3E -SingleUserCode.x64=Zero -DefPolicyPatch.x86=1 -DefPolicyOffset.x86=196FB -DefPolicyCode.x86=CDefPolicy_Query_eax_esi -DefPolicyPatch.x64=1 -DefPolicyOffset.x64=17B5E -DefPolicyCode.x64=CDefPolicy_Query_eax_rdi - [6.1.7601.17514] ; Patch CSessionArbitrationHelper::IsSingleSessionPerUserEnabled ; Imagebase: 6F2E0000 @@ -414,48 +386,6 @@ DefPolicyPatch.x64=1 DefPolicyOffset.x64=17D8A DefPolicyCode.x64=CDefPolicy_Query_eax_rdi -[6.1.7601.21650] -SingleUserPatch.x86=1 -SingleUserOffset.x86=1A49D -SingleUserCode.x86=nop -SingleUserPatch.x64=1 -SingleUserOffset.x64=180BE -SingleUserCode.x64=Zero -DefPolicyPatch.x86=1 -DefPolicyOffset.x86=19D53 -DefPolicyCode.x86=CDefPolicy_Query_eax_esi -DefPolicyPatch.x64=1 -DefPolicyOffset.x64=17D5A -DefPolicyCode.x64=CDefPolicy_Query_eax_rdi - -[6.1.7601.21866] -SingleUserPatch.x86=1 -SingleUserOffset.x86=1A49D -SingleUserCode.x86=nop -SingleUserPatch.x64=1 -SingleUserOffset.x64=180BE -SingleUserCode.x64=Zero -DefPolicyPatch.x86=1 -DefPolicyOffset.x86=19D53 -DefPolicyCode.x86=CDefPolicy_Query_eax_esi -DefPolicyPatch.x64=1 -DefPolicyOffset.x64=17D5A -DefPolicyCode.x64=CDefPolicy_Query_eax_rdi - -[6.1.7601.22104] -SingleUserPatch.x86=1 -SingleUserOffset.x86=1A49D -SingleUserCode.x86=nop -SingleUserPatch.x64=1 -SingleUserOffset.x64=180C6 -SingleUserCode.x64=Zero -DefPolicyPatch.x86=1 -DefPolicyOffset.x86=19D53 -DefPolicyCode.x86=CDefPolicy_Query_eax_esi -DefPolicyPatch.x64=1 -DefPolicyOffset.x64=17D5E -DefPolicyCode.x64=CDefPolicy_Query_eax_rdi - [6.1.7601.18540] ; Patch CSessionArbitrationHelper::IsSingleSessionPerUserEnabled ; Imagebase: 6F2E0000 @@ -1286,32 +1216,6 @@ SLInitHook.x64=1 SLInitOffset.x64=5D830 SLInitFunc.x64=New_CSLQuery_Initialize -[6.3.9600.19093] -LocalOnlyPatch.x86=1 -LocalOnlyOffset.x86=B3958 -LocalOnlyCode.x86=jmpshort -LocalOnlyPatch.x64=1 -LocalOnlyOffset.x64=8AE4E -LocalOnlyCode.x64=nopjmp -SingleUserPatch.x86=1 -SingleUserOffset.x86=3F045 -SingleUserCode.x86=nop -SingleUserPatch.x64=1 -SingleUserOffset.x64=36BC9 -SingleUserCode.x64=Zero -DefPolicyPatch.x86=1 -DefPolicyOffset.x86=3D899 -DefPolicyCode.x86=CDefPolicy_Query_eax_ecx -DefPolicyPatch.x64=1 -DefPolicyOffset.x64=45305 -DefPolicyCode.x64=CDefPolicy_Query_eax_rcx -SLInitHook.x86=1 -SLInitOffset.x86=18288 -SLInitFunc.x86=New_CSLQuery_Initialize -SLInitHook.x64=1 -SLInitOffset.x64=5D660 -SLInitFunc.x64=New_CSLQuery_Initialize - [6.4.9841.0] ; Patch CEnforcementCore::GetInstanceOfTSLicense ; .text:1009569B call sub_100B7EE5 @@ -2299,30 +2203,18 @@ SLInitFunc.x64=New_CSLQuery_Initialize LocalOnlyPatch.x86=1 LocalOnlyOffset.x86=A6088 LocalOnlyCode.x86=jmpshort -LocalOnlyPatch.x64=1 -LocalOnlyOffset.x64=8D781 -LocalOnlyCode.x64=jmpshort ; Patch CSessionArbitrationHelper::IsSingleSessionPerUserEnabled SingleUserPatch.x86=1 SingleUserOffset.x86=359C5 SingleUserCode.x86=nop -SingleUserPatch.x64=1 -SingleUserOffset.x64=299A4 -SingleUserCode.x64=Zero ; Patch CDefPolicy::Query DefPolicyPatch.x86=1 DefPolicyOffset.x86=2FF29 DefPolicyCode.x86=CDefPolicy_Query_eax_ecx -DefPolicyPatch.x64=1 -DefPolicyOffset.x64=1AFC5 -DefPolicyCode.x64=CDefPolicy_Query_eax_rcx ; Hook CSLQuery::Initialize SLInitHook.x86=1 SLInitOffset.x86=45636 SLInitFunc.x86=New_CSLQuery_Initialize -SLInitHook.x64=1 -SLInitOffset.x64=C930 -SLInitFunc.x64=New_CSLQuery_Initialize [10.0.14393.1737] ; Patch CEnforcementCore::GetInstanceOfTSLicense @@ -2354,20 +2246,6 @@ SLInitHook.x64=1 SLInitOffset.x64=C930 SLInitFunc.x64=New_CSLQuery_Initialize -[10.0.14393.2457] -LocalOnlyPatch.x64=1 -LocalOnlyOffset.x64=8D781 -LocalOnlyCode.x64=jmpshort -SingleUserPatch.x64=1 -SingleUserOffset.x64=2A3D4 -SingleUserCode.x64=Zero -DefPolicyPatch.x64=1 -DefPolicyOffset.x64=1B545 -DefPolicyCode.x64=CDefPolicy_Query_eax_rcx -SLInitHook.x64=1 -SLInitOffset.x64=C920 -SLInitFunc.x64=New_CSLQuery_Initialize - [10.0.14901.1000] ; Patch CEnforcementCore::GetInstanceOfTSLicense LocalOnlyPatch.x86=1 @@ -3214,21 +3092,6 @@ SLInitHook.x64=1 SLInitOffset.x64=D1EC SLInitFunc.x64=New_CSLQuery_Initialize -[10.0.15063.1155] -; no x86 version -LocalOnlyPatch.x64=1 -LocalOnlyOffset.x64=8CB01 -LocalOnlyCode.x64=jmpshort -SingleUserPatch.x64=1 -SingleUserOffset.x64=15EA4 -SingleUserCode.x64=Zero -DefPolicyPatch.x64=1 -DefPolicyOffset.x64=FAE5 -DefPolicyCode.x64=CDefPolicy_Query_eax_rcx -SLInitHook.x64=1 -SLInitOffset.x64=234DC -SLInitFunc.x64=New_CSLQuery_Initialize - [10.0.16179.1000] ; Patch CEnforcementCore::GetInstanceOfTSLicense LocalOnlyPatch.x86=1 @@ -4385,25 +4248,6 @@ bServerSku.x64 =FA068 ulMaxDebugSessions.x64=FA06C bRemoteConnAllowed.x64=FA070 -[6.3.9600.19093-SLInit] -bFUSEnabled.x86 =D3068 -lMaxUserSessions.x86 =D306C -bAppServerAllowed.x86 =D3070 -bInitialized.x86 =D3074 -bMultimonAllowed.x86 =D3078 -bServerSku.x86 =D307C -ulMaxDebugSessions.x86=D3080 -bRemoteConnAllowed.x86=D3084 - -bFUSEnabled.x64 =FA054 -lMaxUserSessions.x64 =FA058 -bAppServerAllowed.x64 =FA05C -bInitialized.x64 =FA060 -bMultimonAllowed.x64 =FA064 -bServerSku.x64 =FA068 -ulMaxDebugSessions.x64=FA06C -bRemoteConnAllowed.x64=FA070 - [6.4.9841.0-SLInit] bFUSEnabled.x86 =BF9F0 lMaxUserSessions.x86 =BF9F4 @@ -4938,15 +4782,6 @@ bMultimonAllowed.x86 =C1F80 ulMaxDebugSessions.x86=C1F84 bFUSEnabled.x86 =C1F88 -bServerSku.x64 =E73D0 -lMaxUserSessions.x64 =E73D4 -bAppServerAllowed.x64 =E73D8 -bInitialized.x64 =E8470 -bRemoteConnAllowed.x64=E8474 -bMultimonAllowed.x64 =E8478 -ulMaxDebugSessions.x64=E847C -bFUSEnabled.x64 =E8480 - [10.0.14393.1737-SLInit] bInitialized.x86 =C1F6C bServerSku.x86 =C1F70 @@ -4966,16 +4801,6 @@ bMultimonAllowed.x64 =E8478 ulMaxDebugSessions.x64=E847C bFUSEnabled.x64 =E8480 -[10.0.14393.2457-SLInit] -bServerSku.x64 =E73D0 -lMaxUserSessions.x64 =E73D4 -bAppServerAllowed.x64 =E73D8 -bInitialized.x64 =E8470 -bRemoteConnAllowed.x64=E8474 -bMultimonAllowed.x64 =E8478 -ulMaxDebugSessions.x64=E847C -bFUSEnabled.x64 =E8480 - [10.0.14901.1000-SLInit] bInitialized.x86 =C1F6C bServerSku.x86 =C1F70 @@ -5509,17 +5334,6 @@ bServerSku.x64 =E9484 lMaxUserSessions.x64 =E9488 bAppServerAllowed.x64 =E948C -[10.0.15063.1155-SLInit] -; no x86 version -bInitialized.x64 =E9468 -bRemoteConnAllowed.x64=E946C -bMultimonAllowed.x64 =E9470 -ulMaxDebugSessions.x64=E9474 -bFUSEnabled.x64 =E9478 -bServerSku.x64 =E9484 -lMaxUserSessions.x64 =E9488 -bAppServerAllowed.x64 =E948C - [10.0.16179.1000-SLInit] bInitialized.x86 =C7F6C bServerSku.x86 =C7F70 From 5808fbfd9960987f5066986e2c9594325d49c818 Mon Sep 17 00:00:00 2001 From: NULL Date: Sat, 22 Sep 2018 18:10:08 +0200 Subject: [PATCH 08/14] Update README.md --- README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index c7d8134c..77d9f52b 100644 --- a/README.md +++ b/README.md @@ -282,12 +282,12 @@ Visit [issues](https://github.com/stascorp/rdpwrap/issues) section, and check wh - 6.0.6002.23521 (Windows Vista SP2 with KB3003743 LDR) - 6.1.X.X (Windows 7 / Server 2008 R2) - 6.1.7600.16385 (Windows 7) -- 6.1.7600.20890 -- 6.1.7600.21316 +- 6.1.7600.20890 (Windows 7 with KB2479710) +- 6.1.7600.21316 (Windows 7 with KB2750090) - 6.1.7601.17514 (Windows 7 SP1) -- 6.1.7601.21650 -- 6.1.7601.21866 -- 6.1.7601.22104 +- 6.1.7601.21650 (Windows 7 SP1 with KB2479710) +- 6.1.7601.21866 (Windows 7 SP1 with KB2647409) +- 6.1.7601.22104 (Windows 7 SP1 with KB2750090) - 6.1.7601.18540 (Windows 7 SP1 with KB2984972 GDR) - 6.1.7601.22750 (Windows 7 SP1 with KB2984972 LDR) - 6.1.7601.18637 (Windows 7 SP1 with KB3003743 GDR) From 5dd6055c45952245da306c132fc9d3f3b25d69a8 Mon Sep 17 00:00:00 2001 From: Stas'M Date: Wed, 3 Oct 2018 20:01:33 +0300 Subject: [PATCH 09/14] INI: Fix 10.0.14393.2457 x64 offsets --- res/rdpwrap.ini | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/res/rdpwrap.ini b/res/rdpwrap.ini index c93a09e1..71911f23 100644 --- a/res/rdpwrap.ini +++ b/res/rdpwrap.ini @@ -1373,10 +1373,10 @@ SLInitFunc.x64=New_CSLQuery_Initialize [10.0.14393.2457] LocalOnlyPatch.x64=1 -LocalOnlyOffset.x64=8D781 +LocalOnlyOffset.x64=8D811 LocalOnlyCode.x64=jmpshort SingleUserPatch.x64=1 -SingleUserOffset.x64=2A3D4 +SingleUserOffset.x64=29CF4 SingleUserCode.x64=Zero DefPolicyPatch.x64=1 DefPolicyOffset.x64=1B545 From c84932e397c3791d19fa375dda228df3f7f569d3 Mon Sep 17 00:00:00 2001 From: Stas'M Date: Wed, 3 Oct 2018 20:10:29 +0300 Subject: [PATCH 10/14] Could not find 10.0.14393.1198 x64 DLL binary --- res/rdpwrap.ini | 21 --------------------- technical.txt | 1 - 2 files changed, 22 deletions(-) diff --git a/res/rdpwrap.ini b/res/rdpwrap.ini index 71911f23..89980eb5 100644 --- a/res/rdpwrap.ini +++ b/res/rdpwrap.ini @@ -1323,27 +1323,15 @@ SLInitFunc.x64=New_CSLQuery_Initialize LocalOnlyPatch.x86=1 LocalOnlyOffset.x86=A6088 LocalOnlyCode.x86=jmpshort -LocalOnlyPatch.x64=1 -LocalOnlyOffset.x64=8D781 -LocalOnlyCode.x64=jmpshort SingleUserPatch.x86=1 SingleUserOffset.x86=359C5 SingleUserCode.x86=nop -SingleUserPatch.x64=1 -SingleUserOffset.x64=299A4 -SingleUserCode.x64=Zero DefPolicyPatch.x86=1 DefPolicyOffset.x86=2FF29 DefPolicyCode.x86=CDefPolicy_Query_eax_ecx -DefPolicyPatch.x64=1 -DefPolicyOffset.x64=1AFC5 -DefPolicyCode.x64=CDefPolicy_Query_eax_rcx SLInitHook.x86=1 SLInitOffset.x86=45636 SLInitFunc.x86=New_CSLQuery_Initialize -SLInitHook.x64=1 -SLInitOffset.x64=C930 -SLInitFunc.x64=New_CSLQuery_Initialize [10.0.14393.1737] LocalOnlyPatch.x86=1 @@ -3683,15 +3671,6 @@ bMultimonAllowed.x86 =C1F80 ulMaxDebugSessions.x86=C1F84 bFUSEnabled.x86 =C1F88 -bServerSku.x64 =E73D0 -lMaxUserSessions.x64 =E73D4 -bAppServerAllowed.x64 =E73D8 -bInitialized.x64 =E8470 -bRemoteConnAllowed.x64=E8474 -bMultimonAllowed.x64 =E8478 -ulMaxDebugSessions.x64=E847C -bFUSEnabled.x64 =E8480 - [10.0.14393.1737-SLInit] bInitialized.x86 =C1F6C bServerSku.x86 =C1F70 diff --git a/technical.txt b/technical.txt index 185e871d..4d151cdd 100644 --- a/technical.txt +++ b/technical.txt @@ -170,7 +170,6 @@ Source code changelog (rdpwrap library): - added support for termsrv.dll 6.1.7601.21866 - added support for termsrv.dll 6.1.7601.22104 - added support for termsrv.dll 6.3.9600.19093 -- added support for termsrv.dll 10.0.14393.1198 (added missing x64 offsets) - added support for termsrv.dll 10.0.14393.2457 (x86 still missing) - added support for termsrv.dll 10.0.15063.1155 From 1037de9c5696a888b0d3ed837466ed0f6550fce5 Mon Sep 17 00:00:00 2001 From: Stas'M Date: Wed, 3 Oct 2018 20:13:20 +0300 Subject: [PATCH 11/14] Could not find 10.0.14393.2457 x86 DLL binary --- technical.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/technical.txt b/technical.txt index 4d151cdd..419fad66 100644 --- a/technical.txt +++ b/technical.txt @@ -170,7 +170,7 @@ Source code changelog (rdpwrap library): - added support for termsrv.dll 6.1.7601.21866 - added support for termsrv.dll 6.1.7601.22104 - added support for termsrv.dll 6.3.9600.19093 -- added support for termsrv.dll 10.0.14393.2457 (x86 still missing) +- added support for termsrv.dll 10.0.14393.2457 x64 - added support for termsrv.dll 10.0.15063.1155 2018.05.16 : From 3f5f1370a638c23f12f994cf489937a283d4a391 Mon Sep 17 00:00:00 2001 From: Stas'M Date: Wed, 3 Oct 2018 20:14:59 +0300 Subject: [PATCH 12/14] Fix note for 10.0.15063.1155 (x64 only) --- res/rdpwrap.ini | 2 -- technical.txt | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/res/rdpwrap.ini b/res/rdpwrap.ini index 89980eb5..f68c6712 100644 --- a/res/rdpwrap.ini +++ b/res/rdpwrap.ini @@ -2104,7 +2104,6 @@ SLInitOffset.x64=D1EC SLInitFunc.x64=New_CSLQuery_Initialize [10.0.15063.1155] -; no x86 version LocalOnlyPatch.x64=1 LocalOnlyOffset.x64=8CB01 LocalOnlyCode.x64=jmpshort @@ -4234,7 +4233,6 @@ lMaxUserSessions.x64 =E9488 bAppServerAllowed.x64 =E948C [10.0.15063.1155-SLInit] -; no x86 version bInitialized.x64 =E9468 bRemoteConnAllowed.x64=E946C bMultimonAllowed.x64 =E9470 diff --git a/technical.txt b/technical.txt index 419fad66..fe2166e0 100644 --- a/technical.txt +++ b/technical.txt @@ -171,7 +171,7 @@ Source code changelog (rdpwrap library): - added support for termsrv.dll 6.1.7601.22104 - added support for termsrv.dll 6.3.9600.19093 - added support for termsrv.dll 10.0.14393.2457 x64 -- added support for termsrv.dll 10.0.15063.1155 +- added support for termsrv.dll 10.0.15063.1155 x64 2018.05.16 : - added support for termsrv.dll 10.0.17115.1 From 200b5683397842747f10ebb614438f1a6eb00b23 Mon Sep 17 00:00:00 2001 From: Stas'M Date: Wed, 3 Oct 2018 20:52:58 +0300 Subject: [PATCH 13/14] I have 6.0.6002.22641 binaries --- technical.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/technical.txt b/technical.txt index fe2166e0..a7f74054 100644 --- a/technical.txt +++ b/technical.txt @@ -16,7 +16,7 @@ Terminal Services supported versions 6.0.6002.22269 (Windows Vista SP2 with KB977541) [todo] 6.0.6002.22340 (Windows Vista SP2 with KB970911) [todo] 6.0.6002.22515 (Windows Vista SP2 with KB2381675) [todo] -6.0.6002.22641 (Windows Vista SP2 with KB2523307) [unsupported] +6.0.6002.22641 (Windows Vista SP2 with KB2523307) [todo] 6.0.6002.22790 (Windows Vista SP2 with KB2672601) [todo] 6.0.6002.19214 (Windows Vista SP2 with KB3003743 GDR) [policy hook + extended patch] 6.0.6002.23521 (Windows Vista SP2 with KB3003743 LDR) [policy hook + extended patch] From 056bb4f0aebd0f8c114058d5055d33f3bcf59a87 Mon Sep 17 00:00:00 2001 From: Stas'M Date: Wed, 3 Oct 2018 21:39:38 +0300 Subject: [PATCH 14/14] INI: Update knowledge base --- res/rdpwrap-ini-kb.txt | 187 ++++++++++++++++++++++++++++++++++++++++- 1 file changed, 186 insertions(+), 1 deletion(-) diff --git a/res/rdpwrap-ini-kb.txt b/res/rdpwrap-ini-kb.txt index 4f9c24f6..34d3d0bc 100644 --- a/res/rdpwrap-ini-kb.txt +++ b/res/rdpwrap-ini-kb.txt @@ -1,6 +1,6 @@ [Main] ; Last updated date -Updated=2018-05-16 +Updated=2018-09-10 ; Address to log file (RDP Wrapper will write it, if exists) LogFile=\rdpwrap.txt ; Hook SLPolicy API on Windows NT 6.0 @@ -343,6 +343,38 @@ DefPolicyPatch.x64=1 DefPolicyOffset.x64=17AD2 DefPolicyCode.x64=CDefPolicy_Query_eax_rdi +[6.1.7600.20890] +; Patch CSessionArbitrationHelper::IsSingleSessionPerUserEnabled +SingleUserPatch.x86=1 +SingleUserOffset.x86=19E2D +SingleUserCode.x86=nop +SingleUserPatch.x64=1 +SingleUserOffset.x64=17DF2 +SingleUserCode.x64=Zero +; Patch CDefPolicy::Query +DefPolicyPatch.x86=1 +DefPolicyOffset.x86=196FB +DefPolicyCode.x86=CDefPolicy_Query_eax_esi +DefPolicyPatch.x64=1 +DefPolicyOffset.x64=17B0E +DefPolicyCode.x64=CDefPolicy_Query_eax_rdi + +[6.1.7600.21316] +; Patch CSessionArbitrationHelper::IsSingleSessionPerUserEnabled +SingleUserPatch.x86=1 +SingleUserOffset.x86=19E2D +SingleUserCode.x86=nop +SingleUserPatch.x64=1 +SingleUserOffset.x64=17E3E +SingleUserCode.x64=Zero +; Patch CDefPolicy::Query +DefPolicyPatch.x86=1 +DefPolicyOffset.x86=196FB +DefPolicyCode.x86=CDefPolicy_Query_eax_esi +DefPolicyPatch.x64=1 +DefPolicyOffset.x64=17B5E +DefPolicyCode.x64=CDefPolicy_Query_eax_rdi + [6.1.7601.17514] ; Patch CSessionArbitrationHelper::IsSingleSessionPerUserEnabled ; Imagebase: 6F2E0000 @@ -515,6 +547,54 @@ DefPolicyPatch.x64=1 DefPolicyOffset.x64=17DC6 DefPolicyCode.x64=CDefPolicy_Query_eax_rdi +[6.1.7601.21650] +; Patch CSessionArbitrationHelper::IsSingleSessionPerUserEnabled +SingleUserPatch.x86=1 +SingleUserOffset.x86=1A49D +SingleUserCode.x86=nop +SingleUserPatch.x64=1 +SingleUserOffset.x64=180BE +SingleUserCode.x64=Zero +; Patch CDefPolicy::Query +DefPolicyPatch.x86=1 +DefPolicyOffset.x86=19D53 +DefPolicyCode.x86=CDefPolicy_Query_eax_esi +DefPolicyPatch.x64=1 +DefPolicyOffset.x64=17D5A +DefPolicyCode.x64=CDefPolicy_Query_eax_rdi + +[6.1.7601.21866] +; Patch CSessionArbitrationHelper::IsSingleSessionPerUserEnabled +SingleUserPatch.x86=1 +SingleUserOffset.x86=1A49D +SingleUserCode.x86=nop +SingleUserPatch.x64=1 +SingleUserOffset.x64=180BE +SingleUserCode.x64=Zero +; Patch CDefPolicy::Query +DefPolicyPatch.x86=1 +DefPolicyOffset.x86=19D53 +DefPolicyCode.x86=CDefPolicy_Query_eax_esi +DefPolicyPatch.x64=1 +DefPolicyOffset.x64=17D5A +DefPolicyCode.x64=CDefPolicy_Query_eax_rdi + +[6.1.7601.22104] +; Patch CSessionArbitrationHelper::IsSingleSessionPerUserEnabled +SingleUserPatch.x86=1 +SingleUserOffset.x86=1A49D +SingleUserCode.x86=nop +SingleUserPatch.x64=1 +SingleUserOffset.x64=180C6 +SingleUserCode.x64=Zero +; Patch CDefPolicy::Query +DefPolicyPatch.x86=1 +DefPolicyOffset.x86=19D53 +DefPolicyCode.x86=CDefPolicy_Query_eax_esi +DefPolicyPatch.x64=1 +DefPolicyOffset.x64=17D5E +DefPolicyCode.x64=CDefPolicy_Query_eax_rdi + [6.1.7601.22843] ; Patch CSessionArbitrationHelper::IsSingleSessionPerUserEnabled ; Imagebase: 6F2E0000 @@ -1216,6 +1296,36 @@ SLInitHook.x64=1 SLInitOffset.x64=5D830 SLInitFunc.x64=New_CSLQuery_Initialize +[6.3.9600.19093] +; Patch CEnforcementCore::GetInstanceOfTSLicense +LocalOnlyPatch.x86=1 +LocalOnlyOffset.x86=B3958 +LocalOnlyCode.x86=jmpshort +LocalOnlyPatch.x64=1 +LocalOnlyOffset.x64=8AE4E +LocalOnlyCode.x64=nopjmp +; Patch CSessionArbitrationHelper::IsSingleSessionPerUserEnabled +SingleUserPatch.x86=1 +SingleUserOffset.x86=3F045 +SingleUserCode.x86=nop +SingleUserPatch.x64=1 +SingleUserOffset.x64=36BC9 +SingleUserCode.x64=Zero +; Patch CDefPolicy::Query +DefPolicyPatch.x86=1 +DefPolicyOffset.x86=3D899 +DefPolicyCode.x86=CDefPolicy_Query_eax_ecx +DefPolicyPatch.x64=1 +DefPolicyOffset.x64=45305 +DefPolicyCode.x64=CDefPolicy_Query_eax_rcx +; Hook CSLQuery::Initialize +SLInitHook.x86=1 +SLInitOffset.x86=18288 +SLInitFunc.x86=New_CSLQuery_Initialize +SLInitHook.x64=1 +SLInitOffset.x64=5D660 +SLInitFunc.x64=New_CSLQuery_Initialize + [6.4.9841.0] ; Patch CEnforcementCore::GetInstanceOfTSLicense ; .text:1009569B call sub_100B7EE5 @@ -2246,6 +2356,24 @@ SLInitHook.x64=1 SLInitOffset.x64=C930 SLInitFunc.x64=New_CSLQuery_Initialize +[10.0.14393.2457] +; Patch CEnforcementCore::GetInstanceOfTSLicense +LocalOnlyPatch.x64=1 +LocalOnlyOffset.x64=8D811 +LocalOnlyCode.x64=jmpshort +; Patch CSessionArbitrationHelper::IsSingleSessionPerUserEnabled +SingleUserPatch.x64=1 +SingleUserOffset.x64=29CF4 +SingleUserCode.x64=Zero +; Patch CDefPolicy::Query +DefPolicyPatch.x64=1 +DefPolicyOffset.x64=1B545 +DefPolicyCode.x64=CDefPolicy_Query_eax_rcx +; Hook CSLQuery::Initialize +SLInitHook.x64=1 +SLInitOffset.x64=C920 +SLInitFunc.x64=New_CSLQuery_Initialize + [10.0.14901.1000] ; Patch CEnforcementCore::GetInstanceOfTSLicense LocalOnlyPatch.x86=1 @@ -3092,6 +3220,24 @@ SLInitHook.x64=1 SLInitOffset.x64=D1EC SLInitFunc.x64=New_CSLQuery_Initialize +[10.0.15063.1155] +; Patch CEnforcementCore::GetInstanceOfTSLicense +LocalOnlyPatch.x64=1 +LocalOnlyOffset.x64=8CB01 +LocalOnlyCode.x64=jmpshort +; Patch CSessionArbitrationHelper::IsSingleSessionPerUserEnabled +SingleUserPatch.x64=1 +SingleUserOffset.x64=15EA4 +SingleUserCode.x64=Zero +; Patch CDefPolicy::Query +DefPolicyPatch.x64=1 +DefPolicyOffset.x64=FAE5 +DefPolicyCode.x64=CDefPolicy_Query_eax_rcx +; Hook CSLQuery::Initialize +SLInitHook.x64=1 +SLInitOffset.x64=234DC +SLInitFunc.x64=New_CSLQuery_Initialize + [10.0.16179.1000] ; Patch CEnforcementCore::GetInstanceOfTSLicense LocalOnlyPatch.x86=1 @@ -4248,6 +4394,25 @@ bServerSku.x64 =FA068 ulMaxDebugSessions.x64=FA06C bRemoteConnAllowed.x64=FA070 +[6.3.9600.19093-SLInit] +bFUSEnabled.x86 =D3068 +lMaxUserSessions.x86 =D306C +bAppServerAllowed.x86 =D3070 +bInitialized.x86 =D3074 +bMultimonAllowed.x86 =D3078 +bServerSku.x86 =D307C +ulMaxDebugSessions.x86=D3080 +bRemoteConnAllowed.x86=D3084 + +bFUSEnabled.x64 =FA054 +lMaxUserSessions.x64 =FA058 +bAppServerAllowed.x64 =FA05C +bInitialized.x64 =FA060 +bMultimonAllowed.x64 =FA064 +bServerSku.x64 =FA068 +ulMaxDebugSessions.x64=FA06C +bRemoteConnAllowed.x64=FA070 + [6.4.9841.0-SLInit] bFUSEnabled.x86 =BF9F0 lMaxUserSessions.x86 =BF9F4 @@ -4801,6 +4966,16 @@ bMultimonAllowed.x64 =E8478 ulMaxDebugSessions.x64=E847C bFUSEnabled.x64 =E8480 +[10.0.14393.2457-SLInit] +bServerSku.x64 =E73D0 +lMaxUserSessions.x64 =E73D4 +bAppServerAllowed.x64 =E73D8 +bInitialized.x64 =E8470 +bRemoteConnAllowed.x64=E8474 +bMultimonAllowed.x64 =E8478 +ulMaxDebugSessions.x64=E847C +bFUSEnabled.x64 =E8480 + [10.0.14901.1000-SLInit] bInitialized.x86 =C1F6C bServerSku.x86 =C1F70 @@ -5334,6 +5509,16 @@ bServerSku.x64 =E9484 lMaxUserSessions.x64 =E9488 bAppServerAllowed.x64 =E948C +[10.0.15063.1155-SLInit] +bInitialized.x64 =E9468 +bRemoteConnAllowed.x64=E946C +bMultimonAllowed.x64 =E9470 +ulMaxDebugSessions.x64=E9474 +bFUSEnabled.x64 =E9478 +bServerSku.x64 =E9484 +lMaxUserSessions.x64 =E9488 +bAppServerAllowed.x64 =E948C + [10.0.16179.1000-SLInit] bInitialized.x86 =C7F6C bServerSku.x86 =C7F70