search

stascorp / rdpwrap

RDP Wrapper Library
Apache License 2.0
14.51k stars 3.81k forks source link

Wrong patchcode's value for DefPolicyPatch (CDefPolicy_Query_eax_ecx) #3220

Open loyejaotdiqr47123 opened 3 months ago

loyejaotdiqr47123 commented 3 months ago

See https://github.com/stascorp/rdpwrap/issues/2840#issuecomment-2185307986 Scope of impact:Versions that use the value of CDefPolicy_Query_eax_ecx for patching

The correct patchcode is https://github.com/sebaxakerhtc/rdpwrap.ini/commit/67d13fd065bb2af999ee9ff8ab38d7a8551e2352

; CDefPolicy_Query_eax_ecx=B80001000089812003000090
CDefPolicy_Query_eax_ecx=B80001000089812403000090

mov [ecx+320h],eax => mov [ecx+324h], eax

User Solution:Replace CDefPolicy_Query_eax_ecx=B80001000089812003000090 with CDefPolicy_Query_eax_ecx=B80001000089812403000090

loyejaotdiqr47123 commented 3 months ago

@binarymaster See this

binarymaster commented 3 months ago

For this to handle I need to remember how I came with these patch codes at the first. But let's keep this open.

loyejaotdiqr47123 commented 1 month ago

image on 19041 x86 image