From fd565338979fde947c05bd7118635c6476259e6c Mon Sep 17 00:00:00 2001 From: binarymaster Date: Mon, 23 Mar 2015 18:13:24 +0300 Subject: [PATCH] Add support for 10.0.10041.0 --- res/rdpwrap.ini | 86 ++++++++++++++++++++++++++++++++++++++++++++++++- technical.txt | 12 ++++--- 2 files changed, 93 insertions(+), 5 deletions(-) diff --git a/res/rdpwrap.ini b/res/rdpwrap.ini index 5f83a5a..3feaf5c 100644 --- a/res/rdpwrap.ini +++ b/res/rdpwrap.ini @@ -2,7 +2,7 @@ ; Do not modify without special knowledge [Main] -Updated=2015-01-26 +Updated=2015-03-23 LogFile=\rdpwrap.txt SLPolicyHookNT60=1 SLPolicyHookNT61=1 @@ -1320,6 +1320,71 @@ SLInitHook.x64=1 SLInitOffset.x64=24EC0 SLInitFunc.x64=New_CSLQuery_Initialize +[10.0.10041.0] +; Patch CEnforcementCore::GetInstanceOfTSLicense +; .text:100A9D7B call ?IsLicenseTypeLocalOnly@CSLQuery@@SGJAAU_GUID@@PAH@Z ; CSLQuery::IsLicenseTypeLocalOnly(_GUID &,int *) +; .text:100A9D80 test eax, eax +; .text:100A9D82 js short loc_100A9D9F +; .text:100A9D84 cmp [ebp+var_C], 0 +; .text:100A9D88 jz short loc_100A9D9F <- jmp +LocalOnlyPatch.x86=1 +LocalOnlyOffset.x86=A9D88 +LocalOnlyCode.x86=jmpshort +; .text:0000000180097133 call ?IsLicenseTypeLocalOnly@CSLQuery@@SAJAEAU_GUID@@PEAH@Z ; CSLQuery::IsLicenseTypeLocalOnly(_GUID &,int *) +; .text:0000000180097138 test eax, eax +; .text:000000018009713A js short loc_18009715B +; .text:000000018009713C cmp [rsp+58h+arg_18], 0 +; .text:0000000180097141 jz short loc_18009715B <- jmp +LocalOnlyPatch.x64=1 +LocalOnlyOffset.x64=97141 +LocalOnlyCode.x64=jmpshort +; Patch CSessionArbitrationHelper::IsSingleSessionPerUserEnabled +; .text:10032211 lea eax, [esp+150h+VersionInformation] +; .text:10032215 inc ebx <- nop +; .text:10032216 mov [edi], ebx +; .text:10032218 push eax ; lpVersionInformation +; .text:10032219 call ds:__imp__GetVersionExW@4 ; GetVersionExW(x) +SingleUserPatch.x86=1 +SingleUserOffset.x86=32215 +SingleUserCode.x86=nop +; .text:0000000180015C5E call memset_0 +; .text:0000000180015C63 mov ebx, 1 <- 0 +; .text:0000000180015C68 mov [rsp+190h+VersionInformation.dwOSVersionInfoSize], 11Ch +; .text:0000000180015C70 lea rcx, [rsp+190h+VersionInformation] ; lpVersionInformation +; .text:0000000180015C75 mov [rdi], ebx +; .text:0000000180015C77 call cs:__imp_GetVersionExW +SingleUserPatch.x64=1 +SingleUserOffset.x64=15C64 +SingleUserCode.x64=Zero +; Patch CDefPolicy::Query +; Original +; .text:1002DFC9 cmp eax, [ecx+320h] +; .text:1002DFCF jz loc_10056550 +; Changed +; .text:1002DFC9 mov eax, 100h +; .text:1002DFCE mov [ecx+320h], eax +; .text:1002DFD4 nop +DefPolicyPatch.x86=1 +DefPolicyOffset.x86=2DFC9 +DefPolicyCode.x86=CDefPolicy_Query_eax_ecx +; Original +; .text:000000018000B795 cmp [rcx+63Ch], eax +; .text:000000018000B79B jz sub_18003A79A +; Changed +; .text:000000018000B795 mov eax, 100h +; .text:000000018000B79A mov [rcx+638h], eax +; .text:000000018000B7A0 nop +DefPolicyPatch.x64=1 +DefPolicyOffset.x64=B795 +DefPolicyCode.x64=CDefPolicy_Query_eax_rcx +; Hook CSLQuery::Initialize +SLInitHook.x86=1 +SLInitOffset.x86=46960 +SLInitFunc.x86=New_CSLQuery_Initialize +SLInitHook.x64=1 +SLInitOffset.x64=22E40 +SLInitFunc.x64=New_CSLQuery_Initialize + [SLInit] bServerSku=1 bRemoteConnAllowed=1 @@ -1481,3 +1546,22 @@ bMultimonAllowed.x64 =EEC00 bServerSku.x64 =EEC04 ulMaxDebugSessions.x64=EEC08 bRemoteConnAllowed.x64=EEC0C + +[10.0.10041.0-SLInit] +bFUSEnabled.x86 =C5F60 +lMaxUserSessions.x86 =C5F64 +bAppServerAllowed.x86 =C5F68 +bInitialized.x86 =C5F6C +bMultimonAllowed.x86 =C5F70 +bServerSku.x86 =C5F74 +ulMaxDebugSessions.x86=C5F78 +bRemoteConnAllowed.x86=C5F7C + +bFUSEnabled.x64 =F3448 +lMaxUserSessions.x64 =F344C +bAppServerAllowed.x64 =F3450 +bInitialized.x64 =F3454 +bMultimonAllowed.x64 =F3458 +bServerSku.x64 =F345C +ulMaxDebugSessions.x64=F3460 +bRemoteConnAllowed.x64=F3464 diff --git a/technical.txt b/technical.txt index b6eb369..0c49cd5 100644 --- a/technical.txt +++ b/technical.txt @@ -56,25 +56,29 @@ Terminal Services supported versions 6.4.9860.0 (Windows 10 Technical Preview UP1) [init hook + extended patch] 6.4.9879.0 (Windows 10 Technical Preview UP2) [init hook + extended patch] 10.0.9926.0 (Windows 10 Pro Technical Preview) [init hook + extended patch] -10.0.10041.0 (Windows 10 Pro Technical Preview UP1) [!todo] +10.0.10041.0 (Windows 10 Pro Technical Preview UP1) [init hook + extended patch] Known failures 6.0.6000.16386 (Windows Vista RTM x86, crashes on logon attempt) Source code changelog (rdpwrap library): +2015.03.23 : +- researching Windows 10 Pro Technical Preview UP1 +- added support for termsrv.dll 10.0.10041.0 + 2015.03.20 : -- New build 10.0.10041.0 was released, obtaining files... +- new build 10.0.10041.0 was released, obtaining files... 2015.01.26 : -- Researching Windows 10 Pro Technical Preview (10.0.9926.0 x86) +- researching Windows 10 Pro Technical Preview (10.0.9926.0 x86) - added support for termsrv.dll 10.0.9926.0 (x86) 2015.01.22 : - v-yadli contributed offsets for version 10.0.9926.0 (x64) 2014.12.13 : -- Added more policy values to INI file +- added more policy values to INI file 2014.12.10 : - C++ version seems to work well now!