Tech updates

2014.12.03 :
- added INI reader by Fusix for C++ version
- asulwer also helped with the development

2014.11.25 :
- corrected some typos in INI file
- added EasyPrint policy value

2014.11.24 :
- added support for termsrv.dll 6.3.9600.17415
This commit is contained in:
binarymaster 2014-12-03 22:07:26 +03:00
parent 2136d2c358
commit 81baa4522f
2 changed files with 95 additions and 4 deletions

View File

@ -2,7 +2,7 @@
; Do not modify without special knowledge
[Main]
Updated=2014-11-20
Updated=2014-11-25
LogFile=\rdpwrap.txt
SLPolicyHookNT60=1
SLPolicyHookNT61=1
@ -901,8 +901,8 @@ SLInitFunc.x64=New_CSLQuery_Initialize
LocalOnlyPatch.x86=1
LocalOnlyOffset.x86=A2729
LocalOnlyCode.x86=jmpshort
; .text:000000018008181F cmp [rsp+48h+arg_18], 0
; .text:0000000180081824 jz loc_180031DEF <- nop + jmp
; .text:000000018008181F cmp [rsp+48h+arg_18], 0
; .text:0000000180081824 jz loc_180031DEF <- nop + jmp
LocalOnlyPatch.x64=1
LocalOnlyOffset.x64=81824
LocalOnlyCode.x64=nopjmp
@ -1016,6 +1016,67 @@ SLInitHook.x64=1
SLInitOffset.x64=3B110
SLInitFunc.x64=New_CSLQuery_Initialize
[6.3.9600.17415]
; Patch CEnforcementCore::GetInstanceOfTSLicense
; .text:100B33EB call ?IsLicenseTypeLocalOnly@CSLQuery@@SGJAAU_GUID@@PAH@Z ; CSLQuery::IsLicenseTypeLocalOnly(_GUID &,int *)
; .text:100B33F0 test eax, eax
; .text:100B33F2 js short loc_100B340F
; .text:100B33F4 cmp [ebp+var_C], 0
; .text:100B33F8 jz short loc_100B340F <- jmp
LocalOnlyPatch.x86=1
LocalOnlyOffset.x86=B33F8
LocalOnlyCode.x86=jmpshort
; .text:000000018008B2D4 cmp [rsp+58h+arg_18], 0
; .text:000000018008B2D9 jz loc_180025C39 <- nop + jmp
LocalOnlyPatch.x64=1
LocalOnlyOffset.x64=8B2D9
LocalOnlyCode.x64=nopjmp
; Patch CSessionArbitrationHelper::IsSingleSessionPerUserEnabled
; .text:10037111 lea eax, [esp+150h+VersionInformation]
; .text:10037115 inc ebx <- nop
; .text:10037116 mov [edi], ebx
; .text:10037118 push eax ; lpVersionInformation
; .text:10037119 call ds:__imp__GetVersionExW@4 ; GetVersionExW(x)
SingleUserPatch.x86=1
SingleUserOffset.x86=37115
SingleUserCode.x86=nop
; .text:0000000180033CE3 lea rcx, [rsp+190h+VersionInformation] ; lpVersionInformation
; .text:0000000180033CE8 mov ebx, 1 <- 0
; .text:0000000180033CED mov [rsp+190h+VersionInformation.dwOSVersionInfoSize], 11Ch
; .text:0000000180033CF5 mov [rdi], ebx
; .text:0000000180033CF7 call cs:__imp_GetVersionExW
SingleUserPatch.x64=1
SingleUserOffset.x64=33CE9
SingleUserCode.x64=Zero
; Patch CDefPolicy::Query
; Original
; .text:1003CFF9 cmp eax, [ecx+320h]
; .text:1003CFFF jz loc_1004A52F
; Changed
; .text:1003CFF9 mov eax, 100h
; .text:1003CFFE mov [ecx+320h], eax
; .text:1003D004 nop
DefPolicyPatch.x86=1
DefPolicyOffset.x86=3CFF9
DefPolicyCode.x86=CDefPolicy_Query_eax_ecx
; Original
; .text:0000000180045825 cmp [rcx+63Ch], eax
; .text:000000018004582B jz loc_180067704
; Changed
; .text:0000000180045825 mov eax, 100h
; .text:000000018004582A mov [rcx+638h], eax
; .text:0000000180045830 nop
DefPolicyPatch.x64=1
DefPolicyOffset.x64=45825
DefPolicyCode.x64=CDefPolicy_Query_eax_rcx
; Hook CSLQuery::Initialize
SLInitHook.x86=1
SLInitOffset.x86=18478
SLInitFunc.x86=New_CSLQuery_Initialize
SLInitHook.x64=1
SLInitOffset.x64=5DBC0
SLInitFunc.x64=New_CSLQuery_Initialize
[6.4.9841.0]
; Patch CEnforcementCore::GetInstanceOfTSLicense
; .text:1009569B call sub_100B7EE5
@ -1211,6 +1272,25 @@ bAppServerAllowed.x64 =E44A8
bInitialized.x64 =E44AC
bMultimonAllowed.x64 =E44B0
[6.3.9600.17415-SLInit]
bFUSEnabled.x86 =D3068
lMaxUserSessions.x86 =D306C
bAppServerAllowed.x86 =D3070
bInitialized.x86 =D3074
bMultimonAllowed.x86 =D3078
bServerSku.x86 =D307C
ulMaxDebugSessions.x86=D3080
bRemoteConnAllowed.x86=D3084
bFUSEnabled.x64 =F9054
lMaxUserSessions.x64 =F9058
bAppServerAllowed.x64 =F905C
bInitialized.x64 =F9060
bMultimonAllowed.x64 =F9064
bServerSku.x64 =F9068
ulMaxDebugSessions.x64=F906C
bRemoteConnAllowed.x64=F9070
[6.4.9841.0-SLInit]
bFUSEnabled.x86 =BF9F0
lMaxUserSessions.x86 =BF9F4

View File

@ -35,7 +35,7 @@ Terminal Services supported versions
6.3.9431.0 (Windows 8.1 Preview) [init hook + extended patch]
6.3.9600.16384 (Windows 8.1) [init hook + extended patch]
6.3.9600.17095 (Windows 8.1 with KB2959626) [init hook + extended patch]
6.3.9600.17415 (Windows 8.1 with KB3000850) [!todo]
6.3.9600.17415 (Windows 8.1 with KB3000850) [init hook + extended patch ~ requires INI support]
6.4.9841.0 (Windows 10 Technical Preview) [init hook + extended patch]
6.4.9860.0 (Windows 10 Technical Preview Update 1) [init hook + extended patch]
6.4.9879.0 (Windows 10 Technical Preview Update 2) [!todo]
@ -45,6 +45,17 @@ Known failures
Source code changelog (rdpwrap library):
2014.12.03 :
- added INI reader by Fusix for C++ version
- asulwer also helped with the development
2014.11.25 :
- corrected some typos in INI file
- added EasyPrint policy value
2014.11.24 :
- added support for termsrv.dll 6.3.9600.17415
2014.11.21 :
- new LiteINI module to read INI files
- added support to store patch settings in INI file