From 9b2a50bfb81b6416d334eb69596b61551bf0af13 Mon Sep 17 00:00:00 2001 From: Stas'M Date: Wed, 16 May 2018 18:43:14 +0300 Subject: [PATCH] INI: Fix bug in DefPolicy patch (fix #486) --- res/rdpwrap-ini-kb.txt | 13 +++++++------ res/rdpwrap.ini | 13 +++++++------ 2 files changed, 14 insertions(+), 12 deletions(-) diff --git a/res/rdpwrap-ini-kb.txt b/res/rdpwrap-ini-kb.txt index e7f5bf4..9c7270a 100644 --- a/res/rdpwrap-ini-kb.txt +++ b/res/rdpwrap-ini-kb.txt @@ -53,6 +53,7 @@ CDefPolicy_Query_eax_rdi=B80001000089873806000090 CDefPolicy_Query_eax_ecx=B80001000089812003000090 CDefPolicy_Query_eax_ecx_jmp=B800010000898120030000EB0E CDefPolicy_Query_eax_rcx=B80001000089813806000090 +CDefPolicy_Query_edi_rcx=BF0001000089B938060000909090 [6.0.6000.16386] ; HOW TO search CSessionArbitrationHelper::IsSingleSessionPerUserEnabled function in IDA Pro: @@ -3981,8 +3982,8 @@ DefPolicyPatch.x86=1 DefPolicyOffset.x86=33569 DefPolicyCode.x86=CDefPolicy_Query_eax_ecx DefPolicyPatch.x64=1 -DefPolicyOffset.x64=10E7E -DefPolicyCode.x64=CDefPolicy_Query_eax_rcx +DefPolicyOffset.x64=10E78 +DefPolicyCode.x64=CDefPolicy_Query_edi_rcx ; Hook CSLQuery::Initialize SLInitHook.x86=1 SLInitOffset.x86=474AD @@ -4011,8 +4012,8 @@ DefPolicyPatch.x86=1 DefPolicyOffset.x86=33569 DefPolicyCode.x86=CDefPolicy_Query_eax_ecx DefPolicyPatch.x64=1 -DefPolicyOffset.x64=10E7E -DefPolicyCode.x64=CDefPolicy_Query_eax_rcx +DefPolicyOffset.x64=10E78 +DefPolicyCode.x64=CDefPolicy_Query_edi_rcx ; Hook CSLQuery::Initialize SLInitHook.x86=1 SLInitOffset.x86=474AD @@ -4041,8 +4042,8 @@ DefPolicyPatch.x86=1 DefPolicyOffset.x86=33569 DefPolicyCode.x86=CDefPolicy_Query_eax_ecx DefPolicyPatch.x64=1 -DefPolicyOffset.x64=10E7E -DefPolicyCode.x64=CDefPolicy_Query_eax_rcx +DefPolicyOffset.x64=10E78 +DefPolicyCode.x64=CDefPolicy_Query_edi_rcx ; Hook CSLQuery::Initialize SLInitHook.x86=1 SLInitOffset.x86=474AD diff --git a/res/rdpwrap.ini b/res/rdpwrap.ini index 4728fe2..cc5ded5 100644 --- a/res/rdpwrap.ini +++ b/res/rdpwrap.ini @@ -35,6 +35,7 @@ CDefPolicy_Query_eax_rdi=B80001000089873806000090 CDefPolicy_Query_eax_ecx=B80001000089812003000090 CDefPolicy_Query_eax_ecx_jmp=B800010000898120030000EB0E CDefPolicy_Query_eax_rcx=B80001000089813806000090 +CDefPolicy_Query_edi_rcx=BF0001000089B938060000909090 [6.0.6000.16386] SingleUserPatch.x86=1 @@ -2763,8 +2764,8 @@ DefPolicyPatch.x86=1 DefPolicyOffset.x86=33569 DefPolicyCode.x86=CDefPolicy_Query_eax_ecx DefPolicyPatch.x64=1 -DefPolicyOffset.x64=10E7E -DefPolicyCode.x64=CDefPolicy_Query_eax_rcx +DefPolicyOffset.x64=10E78 +DefPolicyCode.x64=CDefPolicy_Query_edi_rcx SLInitHook.x86=1 SLInitOffset.x86=474AD SLInitFunc.x86=New_CSLQuery_Initialize @@ -2789,8 +2790,8 @@ DefPolicyPatch.x86=1 DefPolicyOffset.x86=33569 DefPolicyCode.x86=CDefPolicy_Query_eax_ecx DefPolicyPatch.x64=1 -DefPolicyOffset.x64=10E7E -DefPolicyCode.x64=CDefPolicy_Query_eax_rcx +DefPolicyOffset.x64=10E78 +DefPolicyCode.x64=CDefPolicy_Query_edi_rcx SLInitHook.x86=1 SLInitOffset.x86=474AD SLInitFunc.x86=New_CSLQuery_Initialize @@ -2815,8 +2816,8 @@ DefPolicyPatch.x86=1 DefPolicyOffset.x86=33569 DefPolicyCode.x86=CDefPolicy_Query_eax_ecx DefPolicyPatch.x64=1 -DefPolicyOffset.x64=10E7E -DefPolicyCode.x64=CDefPolicy_Query_eax_rcx +DefPolicyOffset.x64=10E78 +DefPolicyCode.x64=CDefPolicy_Query_edi_rcx SLInitHook.x86=1 SLInitOffset.x86=474AD SLInitFunc.x86=New_CSLQuery_Initialize