Rdpwrap: Fix for 10.0.17134.706 and 10.0.17134.437

Thanks!!

Tested - fully functional for Windows 10 Version 1803 (OS Build 17134.706) with termsrv.dll 10.0.17134.706 after a reboot.

But I did not have to uninstall KB449344 yet to get it working. Will continue testing this aspect in case of a delayed trojan.

I have disabled Windows Update in Computer Management Services, to avoid more sneaky gollum updates.

From now on only manual Win 10 updates on a test system first!!

First time using the guide, but I got a different value for SingleUserOffset. That one was the most changed from the guide, so I took a guess.

This works for me without messing with windows updates. I don't see anything negative in the event logs.

[10.0.17763.437]
; Patch CEnforcementCore::GetInstanceOfTSLicense
LocalOnlyPatch.x64=1
LocalOnlyOffset.x64=77A41
LocalOnlyCode.x64=jmpshort
; Patch CSessionArbitrationHelper::IsSingleSessionPerUserEnabled
SingleUserPatch.x64=1
SingleUserOffset.x64=133B7
SingleUserCode.x64=Zero
; Patch CDefPolicy::Query
DefPolicyPatch.x64=1
DefPolicyOffset.x64=18025
DefPolicyCode.x64=CDefPolicy_Query_eax_rcx
; Hook CSLQuery::Initialize
SLInitHook.x64=1
SLInitOffset.x64=1ACDC
SLInitFunc.x64=New_CSLQuery_Initialize

YOU ARE THE BEST!!!! THX A LOT

With the new ini updates available, is it still necessary to uninstall kb4493509 and keep it from installing?

Do you have parametars for x86?

When my system is 10.0.17763.292, I can use the Single session per user function, but when my system is 10.0.17763.437,I use your settings, I can't use the Single session per user function, so is there a Some locations are still not set correctly?Here is my 10.0.17763.292 setup information:
[10.0.17763.292]
; Patch CEnforcementCore::GetInstanceOfTSLicense
LocalOnlyPatch.x86=1
LocalOnlyOffset.x86=AFAD4
LocalOnlyCode.x86=jmpshort
LocalOnlyPatch.x64=1
LocalOnlyOffset.x64=77A11
LocalOnlyCode.x64=jmpshort
; Patch CSessionArbitrationHelper::IsSingleSessionPerUserEnabled
SingleUserPatch.x86=1
SingleUserOffset.x86=4D665
SingleUserCode.x86=nop
SingleUserPatch.x64=1
SingleUserOffset.x64=1322C
SingleUserCode.x64=Zero
; Patch CDefPolicy::Query
DefPolicyPatch.x86=1
DefPolicyOffset.x86=4BE69
DefPolicyCode.x86=CDefPolicy_Query_eax_ecx
DefPolicyPatch.x64=1
DefPolicyOffset.x64=17F45
DefPolicyCode.x64=CDefPolicy_Query_eax_rcx
; Hook CSLQuery::Initialize
SLInitHook.x86=1
SLInitOffset.x86=5B18A
SLInitFunc.x86=New_CSLQuery_Initialize
SLInitHook.x64=1
SLInitOffset.x64=1ABFC
SLInitFunc.x64=New_CSLQuery_Initialize
;.---------------------------
[10.0.17763.292-SLInit]
bInitialized.x86 =CD798
bServerSku.x86 =CD79C
lMaxUserSessions.x86 =CD7A0
bAppServerAllowed.x86 =CD7A8
bRemoteConnAllowed.x86=CD7AC
bMultimonAllowed.x86 =CD7B0
ulMaxDebugSessions.x86=CD7B4
bFUSEnabled.x86 =CD7B8

bInitialized.x64 =ECAB0
bServerSku.x64 =ECAB4
lMaxUserSessions.x64 =ECAB8
bAppServerAllowed.x64 =ECAC0
bRemoteConnAllowed.x64=ECAC4
bMultimonAllowed.x64 =ECAC8
ulMaxDebugSessions.x64=ECACC
bFUSEnabled.x64 =ECAD0
;.---------------------------

what the hell ? I suddenly found this feature Single session per user available again, thanks : )

Just changing ini file solves the issue for me (without uninstalling patch). For 10.0.17134.706

dsvolkov: _"Just changing ini file solves the issue for me (without uninstalling patch). For 10.0.17134.706"_

Same here. No cumulative patch uninstall needed for 10.0.17134.706 on my W10 Home x64 laptop.

Thanks. This worked for me without needing to uninstall updates on 10.0.17134.437

please help me i cant solve this problem

Thanks for helping with my remote desktop problem. By the way, when a remote connection is terminated, automatic logoff is done. What should I do?

Hi, It works for me:
[10.0.17134.706]
LocalOnlyPatch.x86=1
LocalOnlyOffset.x86=ADAB8
LocalOnlyCode.x86=jmpshort
LocalOnlyPatch.x64=1
LocalOnlyOffset.x64=92521
LocalOnlyCode.x64=jmpshort
SingleUserPatch.x86=1
SingleUserOffset.x86=36B1C
SingleUserCode.x86=nop
SingleUserPatch.x64=1
SingleUserOffset.x64=1511C
SingleUserCode.x64=Zero
DefPolicyPatch.x86=1
DefPolicyOffset.x86=33579
DefPolicyCode.x86=CDefPolicy_Query_eax_ecx
DefPolicyPatch.x64=1
DefPolicyOffset.x64=10E78
DefPolicyCode.x64=CDefPolicy_Query_edi_rcx
SLInitHook.x86=1
SLInitOffset.x86=475DD
SLInitFunc.x86=New_CSLQuery_Initialize
SLInitHook.x64=1
SLInitOffset.x64=22F5C
SLInitFunc.x64=New_CSLQuery_Initialize

[10.0.17134.706-SLInit]
bServerSku.x64 =F1378
lMaxUserSessions.x64 =F137C
bAppServerAllowed.x64 =F1380
bInitialized.x64 =F2430
bRemoteConnAllowed.x64=F2434
bMultimonAllowed.x64 =F2438
ulMaxDebugSessions.x64=F243C
bFUSEnabled.x64 =F2440

Hi folks! I Have done it but it won't work..
Still shows Listener State Not Listening

Any help for a noob? :(

Hi folks! I Have done it but it won't work..
Still shows Listener State Not Listening
Any help for a noob? :(

Note that the code skakyn posted 8 days ago was for 10.0.17134.706 for x64 systems. Is yours a x64 setup? If not, check what kkingstoun posted 5 days ago in this same thread and try that instead.

If that isn't the issue preliminarily, and having no background history specific to your setup or personal experience, I would suggest you uninstall RDP Wrapper and start anew with a clean working baseline, then move forward from there. If you've hardened your system in any way to improve security via gpedit or directly in the registry, revert those changes back to their basic, default settings. Also temporarily turn off your firewall. Then after RDP Wrapper is uninstalled, make sure you can connect with a basic RDP handshake on default port 3389. Once that is established, redeploy RDP Wrapper -- again advisably on the default RDP port to keep things as simple as possible initially.

When (re)installing the utility, make sure you're running install.bat with the administrative privileges (some choose to run RDPWinst first but I'm not sure if this is actually necessary). Then go ahead and append the new code to the ini config file, again as administrator, and ensure this ini file is placed in the proper programs files directory. Also be sure you are copying the correct code for termsrv.dll 17134.706 - and not 17763.437 - and that you are leaving an empty line at the end of the text. Next run RDPCheck to confirm the handshake process is working correctly, then RDPConf to validate this further while choosing your preferred interface options. You may want to try different authentication (security) modes in the configuration interface to see if that might help. If necessary, reboot your system.

Only after this is done and everything is working soundly (RDP Configuration interface reflects all green) would I turn on your firewall, custom configure your RDP port and harden connection security as desired.

@maxysadm PS

You may also want to check the following link: https://github.com/fre4kyC0de/rdpwrap

There you can find the appropriate version code to add to your ini file. Remember to reboot your system afterwards and make sure to leave a space at the end of your ini file (important!).

Help making the wrapper work on ver 10.0.17134.437-SLInit would be appreciated

Help making the wrapper work on ver 10.0.17134.437-SLInit would be appreciated

Have you looked at BountySource for possible solutions?

https://www.bountysource.com/issues/72903039-termsrv-dll-patch-10-0-17763-437
https://www.bountysource.com/issues/72674005-solution-for-version-10-0-17763-437
https://www.bountysource.com/issues/72619403-rdpwrap-doesn-t-support-10-0-17763-437

Also Sysadmin Tips :: employing HEX Editor

https://www.mysysadmintips.com/windows/clients/545-multiple-rdp-remote-desktop-sessions-in-windows-10

Solution of skakyn34 in the beggining of thread is working for me for 10.0.17763.437 without uninstalling. Very important point is (Without empty line in the end of ini file it is not working :))

There must be an empty line at the end!

First time using the guide, but I got a different value for SingleUserOffset. That one was the most changed from the guide, so I took a guess.
This works for me without messing with windows updates. I don't see anything negative in the event logs.
[10.0.17763.437]
; Patch CEnforcementCore::GetInstanceOfTSLicense
LocalOnlyPatch.x64=1
LocalOnlyOffset.x64=77A41
LocalOnlyCode.x64=jmpshort
; Patch CSessionArbitrationHelper::IsSingleSessionPerUserEnabled
SingleUserPatch.x64=1
SingleUserOffset.x64=133B7
SingleUserCode.x64=Zero
; Patch CDefPolicy::Query
DefPolicyPatch.x64=1
DefPolicyOffset.x64=18025
DefPolicyCode.x64=CDefPolicy_Query_eax_rcx
; Hook CSLQuery::Initialize
SLInitHook.x64=1
SLInitOffset.x64=1ACDC
SLInitFunc.x64=New_CSLQuery_Initialize

This doesn't work

That is just not true. I am using it just fine. I only use it with one session per user and that works perfectly fine. If people want to say something is wrong, pull out a hex editor and suggest what the offset should be. I can say for sure that the offsets people got from the first post suggesting offsets aren't even targeting the methods the guide tells you to target, so it is either a different way of doing it, or not correct at all. He never offered an explanation for the offsets. Anyone can use the guide and look at the DLL in IDA to see what these offsets are and intelligently say they are wrong if they are wrong, no need to just speculate. I admit the guide wasn't clear for the SingleUserOffset.x64 offset because it had no examples, that could be wrong. But if you think it is wrong, say what is right based on looking in the dll, not just blindly claiming some other offset is the solution that other people are saying doesn't work either. Many people are just having issues loading the updated ini, so it is hard to take a random person's word for it when they say it doesn't work.

The sure fire way I found to update the ini is to replace the existing one and just reboot. It will either work or the terminal service will fail to start if something is wrong, but you know it is actually using the new ini and you aren't having some other kind of issue.

When my system is 10.0.17763.292, I can use the Single session per user function, but when my system is 10.0.17763.437,I use your settings, I can't use the Single session per user function, so is there a Some locations are still not set correctly?Here is my 10.0.17763.292 setup information:
[10.0.17763.292]
; Patch CEnforcementCore::GetInstanceOfTSLicense
LocalOnlyPatch.x86=1
LocalOnlyOffset.x86=AFAD4
LocalOnlyCode.x86=jmpshort
LocalOnlyPatch.x64=1
LocalOnlyOffset.x64=77A11
LocalOnlyCode.x64=jmpshort
; Patch CSessionArbitrationHelper::IsSingleSessionPerUserEnabled
SingleUserPatch.x86=1
SingleUserOffset.x86=4D665
SingleUserCode.x86=nop
SingleUserPatch.x64=1
SingleUserOffset.x64=1322C
SingleUserCode.x64=Zero
; Patch CDefPolicy::Query
DefPolicyPatch.x86=1
DefPolicyOffset.x86=4BE69
DefPolicyCode.x86=CDefPolicy_Query_eax_ecx
DefPolicyPatch.x64=1
DefPolicyOffset.x64=17F45
DefPolicyCode.x64=CDefPolicy_Query_eax_rcx
; Hook CSLQuery::Initialize
SLInitHook.x86=1
SLInitOffset.x86=5B18A
SLInitFunc.x86=New_CSLQuery_Initialize
SLInitHook.x64=1
SLInitOffset.x64=1ABFC
SLInitFunc.x64=New_CSLQuery_Initialize
;.---------------------------
[10.0.17763.292-SLInit]
bInitialized.x86 =CD798
bServerSku.x86 =CD79C
lMaxUserSessions.x86 =CD7A0
bAppServerAllowed.x86 =CD7A8
bRemoteConnAllowed.x86=CD7AC
bMultimonAllowed.x86 =CD7B0
ulMaxDebugSessions.x86=CD7B4
bFUSEnabled.x86 =CD7B8

bInitialized.x64 =ECAB0
bServerSku.x64 =ECAB4
lMaxUserSessions.x64 =ECAB8
bAppServerAllowed.x64 =ECAC0
bRemoteConnAllowed.x64=ECAC4
bMultimonAllowed.x64 =ECAC8
ulMaxDebugSessions.x64=ECACC
bFUSEnabled.x64 =ECAD0
;.---------------------------

Thank you so much! I finally got it working with your ini file changes.

First time using the guide, but I got a different value for SingleUserOffset. That one was the most changed from the guide, so I took a guess.

This works for me without messing with windows updates. I don't see anything negative in the event logs.

[10.0.17763.437]
; Patch CEnforcementCore::GetInstanceOfTSLicense
LocalOnlyPatch.x64=1
LocalOnlyOffset.x64=77A41
LocalOnlyCode.x64=jmpshort
; Patch CSessionArbitrationHelper::IsSingleSessionPerUserEnabled
SingleUserPatch.x64=1
SingleUserOffset.x64=133B7
SingleUserCode.x64=Zero
; Patch CDefPolicy::Query
DefPolicyPatch.x64=1
DefPolicyOffset.x64=18025
DefPolicyCode.x64=CDefPolicy_Query_eax_rcx
; Hook CSLQuery::Initialize
SLInitHook.x64=1
SLInitOffset.x64=1ACDC
SLInitFunc.x64=New_CSLQuery_Initialize

This work for me and the issue of always sign-in a new session also resolved! Thanks a lot!

Does anyone have both the x86 and x64 ini file info for version *.437

This ini works on 3 Windows 10 10.0.17763.437 x86 computers.
rdpwrap.zip

I don't have x64 computers with this version.

Just changing ini file solves the issue for me (without uninstalling patch). For 10.0.17134.706

same for me. just changing the ini file already did the job. (need to execute
net stop TermService
net start TermService
in cmd though )

Thanks for the info!

@RoosterIllusion

SingleUserOffset.x64=133B7 is incorrect for 10.0.17763.437, 133B7 is the second argument passed to RtlAcquireResourceShared.

13469 in CSessionArbitrationHelper::IsSingleSessionPerUserEnabled looks good for me.