rdpwrap_v2/technical.txt

412 lines
17 KiB
Plaintext
Raw Normal View History

RDP Wrapper Library project by Stas'M
Terminal Services supported versions
6.0.X.X (Windows Vista, any) [policy hook only]
6.0.6000.16386 (Windows Vista) [policy hook + extended patch]
6.0.6000.20723 (Windows Vista with KB944917) [todo]
6.0.6001.18000 (Windows Vista SP1) [policy hook + extended patch]
6.0.6001.22286 (Windows Vista SP1 with KB958612) [todo]
6.0.6001.22357 (Windows Vista SP1 with KB958612 v2) [todo]
6.0.6001.22323 (Windows Vista SP1 with KB960742) [todo]
6.0.6001.22392 (Windows Vista SP1 with KB968680) [todo]
6.0.6001.22565 (Windows Vista SP1 with KB977541) [todo]
6.0.6001.22635 (Windows Vista SP1 with KB970911) [todo]
6.0.6001.22801 (Windows Vista SP1 with KB2381675) [todo]
6.0.6002.18005 (Windows Vista SP2) [policy hook + extended patch]
6.0.6002.22269 (Windows Vista SP2 with KB977541) [todo]
6.0.6002.22340 (Windows Vista SP2 with KB970911) [todo]
6.0.6002.22515 (Windows Vista SP2 with KB2381675) [todo]
6.0.6002.22641 (Windows Vista SP2 with KB2523307) [todo]
6.0.6002.22790 (Windows Vista SP2 with KB2672601) [todo]
6.0.6002.19214 (Windows Vista SP2 with KB3003743 GDR) [policy hook + extended patch]
6.0.6002.23521 (Windows Vista SP2 with KB3003743 LDR) [policy hook + extended patch]
6.1.X.X (Windows 7, any) [policy hook only]
6.1.7100.0 (Windows 7 Release Candidate) [todo]
6.1.7600.16385 (Windows 7) [policy hook + extended patch]
6.1.7600.20661 (Windows 7 with KB951422) [todo]
6.1.7600.21085 (Windows 7 with KB951422 v2) [todo]
6.1.7600.20621 (Windows 7 with KB979470) [todo]
6.1.7600.20890 (Windows 7 with KB2479710) [todo]
6.1.7600.21316 (Windows 7 with KB2750090) [todo]
6.1.7600.21420 (Windows 7 with KB2800789) [todo]
6.1.7601.17514 (Windows 7 SP1) [policy hook + extended patch]
6.1.7601.21855 (Windows 7 SP1 with KB951422 v2) [todo]
6.1.7601.21650 (Windows 7 SP1 with KB2479710) [todo]
6.1.7601.21866 (Windows 7 SP1 with KB2647409) [todo]
6.1.7601.22104 (Windows 7 SP1 with KB2750090) [todo]
6.1.7601.22213 (Windows 7 SP1 with KB2800789) [todo]
6.1.7601.22476 (Windows 7 SP1 with KB2870165) [todo]
6.1.7601.22435 (Windows 7 SP1 with KB2878424) [todo]
6.1.7601.22477 (Windows 7 SP1 with KB2896256) [todo]
6.1.7601.18540 (Windows 7 SP1 with KB2984972 GDR) [policy hook + extended patch]
6.1.7601.22750 (Windows 7 SP1 with KB2984972 LDR) [policy hook + extended patch]
6.1.7601.18637 (Windows 7 SP1 with KB3003743 GDR) [policy hook + extended patch]
6.1.7601.22843 (Windows 7 SP1 with KB3003743 LDR) [policy hook + extended patch]
6.1.7601.23403 (Windows 7 SP1 with KB3125574) [policy hook + extended patch]
6.2.8102.0 (Windows 8 Developer Preview) [policy hook + extended patch]
6.2.8250.0 (Windows 8 Consumer Preview) [policy hook + extended patch]
6.2.8400.0 (Windows 8 Release Preview) [policy hook + extended patch]
6.2.9200.16384 (Windows 8) [policy hook + extended patch]
6.2.9200.17048 (Windows 8 with KB2973501 GDR) [policy hook + extended patch]
6.2.9200.21166 (Windows 8 with KB2973501 LDR) [policy hook + extended patch]
6.3.9431.0 (Windows 8.1 Preview) [init hook + extended patch]
6.3.9600.16384 (Windows 8.1) [init hook + extended patch]
6.3.9600.17095 (Windows 8.1 with KB2959626) [init hook + extended patch]
6.3.9600.17415 (Windows 8.1 with KB3000850) [init hook + extended patch]
6.4.9841.0 (Windows 10 Technical Preview) [init hook + extended patch]
6.4.9860.0 (Windows 10 Technical Preview UP1) [init hook + extended patch]
6.4.9879.0 (Windows 10 Technical Preview UP2) [init hook + extended patch]
10.0.9926.0 (Windows 10 Pro Technical Preview) [init hook + extended patch]
10.0.10041.0 (Windows 10 Pro Technical Preview UP1) [init hook + extended patch]
10.0.10049.0 (Windows 10 Pro Technical Preview UP2) [todo]
10.0.10061.0 (Windows 10 Pro Technical Preview UP3) [todo]
10.0.10240.16384 (Windows 10 RTM) [init hook + extended patch]
10.0.10525.0 (Windows 10 th2_release.150812-1658) [todo]
10.0.10532.0 (Windows 10 th2_release.150822-1406) [todo]
10.0.10547.0 (Windows 10 th2_release.150913-1511) [todo]
10.0.10586.0 (Windows 10 th2_release.151029-1700) [init hook + extended patch]
10.0.10586.589 (Windows 10 th2_release.160906-1759) [init hook + extended patch]
10.0.11082.1000 (Windows 10 rs1_release.151210-2021) [init hook + extended patch]
10.0.11102.1000 (Windows 10 rs1_release.160113-1800) [init hook + extended patch]
10.0.14251.1000 (Windows 10 rs1_release.160124-1059) [init hook + extended patch]
10.0.14271.1000 (Windows 10 rs1_release.160218-2310) [init hook + extended patch]
10.0.14279.1000 (Windows 10 rs1_release.160229-1700) [init hook + extended patch]
10.0.14295.1000 (Windows 10 rs1_release.160318-1628) [init hook + extended patch]
10.0.14300.1000 (Windows Server 2016 Technical Preview 5) [init hook + extended patch]
10.0.14316.1000 (Windows 10 rs1_release.160402-2227) [init hook + extended patch]
10.0.14328.1000 (Windows 10 rs1_release.160418-1609) [init hook + extended patch]
10.0.14332.1001 (Windows 10 rs1_release.160422-1940) [init hook + extended patch]
10.0.14342.1000 (Windows 10 rs1_release.160506-1708) [init hook + extended patch]
10.0.14352.1002 (Windows 10 rs1_release.160522-1930) [init hook + extended patch]
10.0.14366.0 (Windows 10 rs1_release.160610-1700) [init hook + extended patch]
10.0.14367.0 (Windows 10 rs1_release.160613-1700) [init hook + extended patch]
10.0.14372.0 (Windows 10 rs1_release.160620-2342) [init hook + extended patch]
10.0.14379.0 (Windows 10 rs1_release.160627-1607) [init hook + extended patch]
10.0.14383.0 (Windows 10 rs1_release.160701-1839) [init hook + extended patch]
10.0.14385.0 (Windows 10 rs1_release.160706-1700) [init hook + extended patch]
10.0.14388.0 (Windows 10 rs1_release.160709-1635) [init hook + extended patch]
10.0.14393.0 (Windows 10 rs1_release.160715-1616) [init hook + extended patch]
10.0.14901.1000 (Windows 10 rs_prerelease.160805-1700) [init hook + extended patch]
10.0.14905.1000 (Windows 10 rs_prerelease.160811-1739) [init hook + extended patch]
10.0.14915.1000 (Windows 10 rs_prerelease.160826-1902) [init hook + extended patch]
10.0.14926.1000 (Windows 10 rs_prerelease.160910-1529) [init hook + extended patch]
10.0.14931.1000 (Windows 10 rs_prerelease.160916-1700) [init hook + extended patch]
10.0.14936.1000 (Windows 10 rs_prerelease.160923-1700) [init hook + extended patch]
10.0.14942.1000 (Windows 10 rs_prerelease.161003-1929) [init hook + extended patch]
10.0.14946.1000 (Windows 10 rs_prerelease.161007-1700) [init hook + extended patch]
10.0.14951.1000 (Windows 10 rs_prerelease.161014-1700) [init hook + extended patch]
10.0.14955.1000 (Windows 10 rs_prerelease.161020-1700) [init hook + extended patch]
10.0.14959.1000 (Windows 10 rs_prerelease.161026-1700) [init hook + extended patch]
10.0.14965.1001 (Windows 10 rs_prerelease.161104-1700) [init hook + extended patch]
10.0.14971.1000 (Windows 10 rs_prerelease.161111-1700) [init hook + extended patch]
10.0.14986.1000 (Windows 10 WinBuild.160101.0800) [init hook + extended patch]
10.0.15002.1001 (Windows 10 WinBuild.160101.0800) [init hook + extended patch]
10.0.15007.1000 (Windows 10 WinBuild.160101.0800) [init hook + extended patch]
10.0.15014.1000 (Windows 10 WinBuild.160101.0800) [init hook + extended patch]
10.0.15019.1000 (Windows 10 rs_prerelease.170121-1513) [init hook + extended patch]
10.0.15025.1000 (Windows 10 rs_prerelease.170127-1750) [init hook + extended patch]
10.0.15031.0 (Windows 10 rs2_release.170204-1546) [init hook + extended patch]
10.0.15042.0 (Windows 10 rs2_release.170219-2329) [init hook + extended patch]
10.0.15046.0 (Windows 10 WinBuild.160101.0800) [init hook + extended patch]
10.0.15048.0 (Windows 10 WinBuild.160101.0800) [init hook + extended patch]
10.0.15055.0 (Windows 10 WinBuild.160101.0800) [init hook + extended patch]
10.0.15058.0 (Windows 10 WinBuild.160101.0800) [init hook + extended patch]
Source code changelog (rdpwrap library):
2017.03.16 :
- added support for termsrv.dll 10.0.15058.0
2017.03.14 :
- added support for termsrv.dll 10.0.15055.0
2017.03.05 :
- added support for termsrv.dll 10.0.15048.0
2017.03.02 :
- added support for termsrv.dll 10.0.15046.0
2017.03.01 :
- added support for termsrv.dll 10.0.15031.0
- added support for termsrv.dll 10.0.15042.0
2017.02.03 :
- added support for termsrv.dll 10.0.15025.1000 x64
2017.01.28 :
- added support for termsrv.dll 10.0.15019.1000
2017.01.21 :
- added support for termsrv.dll 10.0.15014.1000
2017.01.15 :
- added support for termsrv.dll 10.0.15007.1000
2017.01.12 :
- added support for termsrv.dll 10.0.15002.1001
2016.12.23 :
- added support for termsrv.dll 10.0.14986.1000
2016.11.19 :
- added support for termsrv.dll 10.0.14959.1000
- added support for termsrv.dll 10.0.14965.1001
- added support for termsrv.dll 10.0.14971.1000
2016.10.28 :
- added support for termsrv.dll 10.0.14955.1000
2016.10.21 :
- added support for termsrv.dll 10.0.14951.1000
2016.10.19 :
- added support for termsrv.dll 10.0.14946.1000
2016.10.08 :
- added support for termsrv.dll 10.0.14942.1000
2016.09.30 :
- added support for termsrv.dll 10.0.14936.1000
2016.09.27 :
- added support for termsrv.dll 10.0.14931.1000
2016.09.15 :
- added support for termsrv.dll 10.0.14926.1000
2016.09.14 :
- added support for termsrv.dll 10.0.10586.589
2016.09.03 :
- added support for termsrv.dll 10.0.14915.1000
2016.08.28 :
- added support for termsrv.dll 6.1.7601.23403
- added support for termsrv.dll 10.0.14901.1000
- added support for termsrv.dll 10.0.14905.1000
2016.08.12 :
- added support for termsrv.dll 10.0.14385.0
2016-08-01 15:32:00 +02:00
2016.08.01 :
- preparing the release
2016.07.23 :
- added online install mode to installer
- added feature to keep settings on uninstall
- fixed update firewall rule on port change in config tool
- added feature to hide users on logon
2016.07.22 :
- added support for termsrv.dll 10.0.14393.0
2016.07.15 :
- added support for termsrv.dll 10.0.14383.0
- added support for termsrv.dll 10.0.14388.0
2016.07.06 :
- added support for termsrv.dll 10.0.14379.0
2016.06.27 :
- added support for termsrv.dll 10.0.14372.0 x86
2016.06.26 :
- added support for termsrv.dll 10.0.14372.0 x64 by kbmorris
2016-06-17 21:09:18 +02:00
2016.06.17 :
- fixed issue with termsrv.dll 10.0.14352.1002
- added support for termsrv.dll 10.0.14366.0
- added support for termsrv.dll 10.0.14367.0
2016.05.30 :
- added support for termsrv.dll 10.0.14352.1002
2016.05.14 :
- added support for termsrv.dll 10.0.14342.1000
2016.05.08 :
- added support for termsrv.dll 10.0.14300.1000 x64
- added support for termsrv.dll 10.0.14328.1000
2016.04.29 :
- added support for termsrv.dll 10.0.14332.1001 by maxpiva
2016-04-14 18:28:00 +02:00
2016.04.14 :
- added support for termsrv.dll 10.0.14316.1000
2016-04-06 13:12:47 +02:00
2016.04.06 :
- added support for termsrv.dll 10.0.14295.1000
2016.03.07 :
- added experimental codes for ARMv7 architecture (see rdpwrap-arm-kb.ini)
- Windows RT / termsrv.dll 6.2.9200.16384
- Windows RT 8.1 / termsrv.dll 6.3.9600.16384
- Windows RT 8.1 / termsrv.dll 6.3.9600.17095
2016-03-06 12:19:32 +01:00
2016.03.06 :
- added support for termsrv.dll 10.0.14279.1000
2016-02-29 12:37:49 +01:00
2016.02.29 :
- added support for termsrv.dll 10.0.14271.1000
2016-01-28 18:52:46 +01:00
2016.01.28 :
- added support for termsrv.dll 10.0.14251.1000
2016-01-26 16:37:44 +01:00
2016.01.26 :
- added support for termsrv.dll 10.0.11102.1000
2016-01-15 20:59:48 +01:00
2016.01.15 :
- updated messages in the installer
- added support for termsrv.dll 10.0.11082.1000
2015-11-14 14:44:08 +01:00
2015.11.14 :
- added support for termsrv.dll 10.0.10586.0
2015-08-12 18:39:06 +02:00
2015.08.11 :
- embed new rdpclip versions in the installer (for NT 6.0 and 6.1)
- preparing the release
2015.08.07 :
- added INI update feature to installer
2015-07-30 00:15:55 +02:00
2015.07.30 :
- fixed issue with Windows 10 Home x86 (wrong LocalOnly offset was specified in INI file)
2015-07-17 01:06:27 +02:00
2015.07.17 :
- added support for termsrv.dll 10.0.10240.16384
2015-07-17 01:19:07 +02:00
- added HOW TO hints to KB (so other reverse engineers can do this hard work more easier)
2015-07-17 01:06:27 +02:00
2015-07-16 20:43:08 +02:00
2015.07.16 :
2015-07-17 01:19:07 +02:00
- moved all comments from INI file to Knowledge Base text file
- now INI file have smaller size
- updated RDP checker: changed IP Address to 127.0.0.2 (sometimes client doesn't want to connect .1), updated text message
- updated RDP config: list all possible shadowing modes, also write group policy
- updated installer: added workaround for 1056 error
- updated copyright years in source code
2015-07-16 20:43:08 +02:00
- obtained files from build 10.0.10240.16384
2015-07-17 01:21:51 +02:00
- researching Windows 10 RTM
2015-07-16 20:43:08 +02:00
2015-03-23 16:13:24 +01:00
2015.03.23 :
- researching Windows 10 Pro Technical Preview UP1
- added support for termsrv.dll 10.0.10041.0
2015.03.20 :
2015-03-23 16:13:24 +01:00
- new build 10.0.10041.0 was released, obtaining files...
2015-01-27 12:25:29 +01:00
2015.01.26 :
2015-03-23 16:13:24 +01:00
- researching Windows 10 Pro Technical Preview (10.0.9926.0 x86)
2015-01-27 12:25:29 +01:00
- added support for termsrv.dll 10.0.9926.0 (x86)
2015-01-24 18:36:45 +01:00
2015.01.22 :
- v-yadli contributed offsets for version 10.0.9926.0 (x64)
2014-12-13 12:39:58 +01:00
2014.12.13 :
2015-03-23 16:13:24 +01:00
- added more policy values to INI file
2014-12-13 12:39:58 +01:00
2014-12-10 19:25:57 +01:00
2014.12.10 :
- C++ version seems to work well now!
- added support for termsrv.dll 6.4.9879.0
- preparing the new release
2014-12-09 01:34:35 +01:00
2014.12.09 :
- many bug fixes in C++ version, you can track it in the git history :)
- it can be compiled now :D
- we are getting closer to the finish line!
2014.12.03 :
- added INI reader by Fusix for C++ version
- asulwer also helped with the development
2014.11.25 :
- corrected some typos in INI file
- added EasyPrint policy value
2014.11.24 :
- added support for termsrv.dll 6.3.9600.17415
2014-11-21 03:50:42 +01:00
2014.11.21 :
- new LiteINI module to read INI files
- added support to store patch settings in INI file
- version support can be extended without recompilation
- C++ version needs to be updated
2014.11.20 :
- improved comments
- researching KB3000850
2014-11-20 21:17:09 +01:00
- found required files
- improving RDPWrap...
- placing signatures, offsets, values, etc in separate config file
- working with code
2014.11.13 :
- researching KB3003743
- added support for version 6.0.6002.19214
- added support for version 6.0.6002.23521
- added support for version 6.1.7601.18637
- added support for version 6.1.7601.22843
2014.11.02 :
- researching termsrv.dll 6.4.9860.0
- done
2014.10.19 :
- added support for version 6.0.6000.16386 (x64)
- added support for version 6.0.6001.18000 (x64)
- added support for version 6.1.7600.16385
2014.10.18 :
- corrected some typos in source
- simplified signature constants
- added support for version 6.0.6000.16386 (x86)
- added support for version 6.0.6001.18000 (x86)
- added support for version 6.0.6002.18005
- added support for version 6.1.7601.17514
- added support for version 6.1.7601.18540
- added support for version 6.1.7601.22750
- added support for version 6.2.9200.17048
- added support for version 6.2.9200.21166
2014.10.17 :
- collecting information about all versions of Terminal Services beginning from Vista
- added [todo] to the versions list
2014.10.16 :
- got new updates: KB2984972 for Win 7 (still works with 2 concurrent users) and KB2973501 for Win 8 (doesn't work)
2014.10.02 :
- researching Windows 10 TP Remote Desktop
- done! even without debugging symbols ^^)
2014.07.20 :
- added support for Windows 8 Release Preview
- added support for Windows 8 Consumer Preview
- added support for Windows 8 Developer Preview
2014.07.19 :
- improved patching of Windows 8
- added policy patches
- will patch CDefPolicy::Query
- will patch CSessionArbitrationHelper::IsSingleSessionPerUserEnabled
2014.07.18 :
- researched patched files from MDL forum
- CSLQuery::GetMaxSessions requires no patching
- it's better to change the default policy, so...
- will patch CDefPolicy::Query
- will patch CEnforcementCore::GetInstanceOfTSLicense
- will patch CSessionArbitrationHelper::IsSingleSessionPerUserEnabled
- the function CSLQuery::Initialize is hooked correctly
2014.07.17 :
- will hook only CSLQuery::Initialize function
- CSLQuery::GetMaxSessions will be patched
- added x86 signatures for 6.3.9431.0 (Windows 8.1 Preview)
2014.07.16 :
- changing asm opcodes is bad, will hook CSL functions
2014.07.15 :
- added x86 signatures for 6.3.9600.16384 (Windows 8.1)
2014.07.15 :
- added x86 signatures for 6.3.9600.17095 (Windows 8.1 with KB2959626)