10.0.17063.1000 - Githubissues

sebaxakerhtc / rdpwrap.ini

RDPWrap.ini for RDP Wrapper Library by Stas'M

2.52k stars 756 forks source link

10.0.17063.1000 #375

Closed loyejaotdiqr47123 closed 4 months ago

loyejaotdiqr47123 commented 4 months ago

termsrv_x64.zip Help wanted. How should we patch it?

loyejaotdiqr47123 commented 4 months ago

@sebaxakerhtc

.text:00000001800111C2                 mov     ebx, 100h
.text:00000001800111C7                 mov     edi, 100h
.text:00000001800111CC                 nop
.text:00000001800111CD                 nop
.text:00000001800111CE                 cmp     ebx, edi
.text:00000001800111D0                 jz      loc_18003B100

Maybe so? https://github.com/sebaxakerhtc/rdpwrap.ini/commit/b76648d3cf7d1b9e7da32ea82b3ad884f0a06686

sebaxakerhtc commented 4 months ago

How should we patch it?

I have no time to look deep, here is an output from autoscript

[10.0.17063.1000]
LocalOnlyPatch.x64=1
LocalOnlyOffset.x64=92671
LocalOnlyCode.x64=jmpshort
SingleUserPatch.x64=1
SingleUserOffset.x64=19240
SingleUserCode.x64=Zero
DefPolicyPatch.x64=1
DefPolicyOffset.x64=8917D
DefPolicyCode.x64=CDefPolicy_Query_eax_rcx
SLInitHook.x64=1
SLInitOffset.x64=2318C
SLInitFunc.x64=New_CSLQuery_Initialize

I hope it will help.

loyejaotdiqr47123 commented 4 months ago

How should we patch it?

I have no time to look deep, here is an output from autoscript

[10.0.17063.1000]
LocalOnlyPatch.x64=1
LocalOnlyOffset.x64=92671
LocalOnlyCode.x64=jmpshort
SingleUserPatch.x64=1
SingleUserOffset.x64=19240
SingleUserCode.x64=Zero
DefPolicyPatch.x64=1
DefPolicyOffset.x64=8917D
DefPolicyCode.x64=CDefPolicy_Query_eax_rcx
SLInitHook.x64=1
SLInitOffset.x64=2318C
SLInitFunc.x64=New_CSLQuery_Initialize

I hope it will help.

It's wrong offset...

loyejaotdiqr47123 commented 4 months ago

@sebaxakerhtc Can you find it manually?

loyejaotdiqr47123 commented 4 months ago

https://github.com/sebaxakerhtc/rdpwrap.ini/commit/262d12f4c870b7355068456d0699b017ca1da248 Maybe so?

loyejaotdiqr47123 commented 4 months ago

https://github.com/sebaxakerhtc/rdpwrap.ini/commit/b7e40740ddf3007c6e459d1acc2d62426242bee5

loyejaotdiqr47123 commented 4 months ago

We don't even know if the ptachcode is correct.So added feelback needed

loyejaotdiqr47123 commented 4 months ago

https://github.com/stascorp/rdpwrap/issues/2600

loyejaotdiqr47123 commented 4 months ago

https://github.com/sebaxakerhtc/rdpwrap.ini/commit/6b9cd09ade7185ef4fc1f078af6e5eaa75d03f9d