How-to would be useful

[headguru]

We always have to download a new ini file each time windows is updated. Is there a guide that we can use to update this ini file itself -- something that explains in depth what we need to do. Some of the videos on youtube are difficult to watch (fuzzy) and there is no audio. If someone would make a good tutorial I think all of us would be appreciative ..

[symdeb]

This is how far I got for 27695 Canary Windows 11 desperate to get it working. but failed ...

1. Download IDA software https://hex-rays.com/ida-free/

2. locate the termsrv.dll in c:/system32

3. In IDA open the DLL and load the symbols

4. Open the .ini file in C:/RDPWrapper (run notepad as Administrator)

5. Add the two entries with the version of Windows

6. in IDA use text search for all occurences of GetInstanceOfITSLicense

7. Find the match with the line IsLicenseTypeLocalOnly@CSLQuery@@SAJAEAU_GUID@@PEAH@Z

8. click on the code of "jz" , find the value in the bottom of the windows,

9. Add the lines LocalOnlyPatch.x64=1 LocalOnlyOffset.x64=8AA11

10. Add the code to LocalOnlyOffset

11. Add the next 3 lines LocalOnlyCode.x64=jmpshort SingleUserPatch.x64=1 SingleUserOffset.x64=

12. Search for CSEssionAtribtrationHelper::IsSingleSessionPerSerEnabled Select the match with "Jump" .... now got lost , the code is different than in the video ; Attributes: bp-based frame

; int64 fastcall CSessionArbitrationHelper::IsSingleSessionPerUserEnabled(CSessionArbitrationHelper __hidden this, int ) ?IsSingleSessionPerUserEnabled@CSessionArbitrationHelper@@UEAAJPEAH@Z proc near

mov [rsp-18h+arg_0], rbx mov [rsp-18h+arg_10], rsi push rbp push rdi push r14 mov rbp, rsp sub rsp, 60h xor edi, edi lea rcx, [rbp+arg_8] ; int mov rsi, rdx mov [rbp+arg_8], edi lea r14d, [rdi+1] mov [rdx], r14d call ?IsAppServerAllowed@CSLQuery@@SAJPEAH@Z ; CSLQuery::IsAppServerAllowed(int ) mov ebx, eax

[udygct]

At least this works for 10.0.26100.1830 Dev Windows 11. [10.0.[--version--]]

ALT+T: ?IsLicenseTypeLocalOnly@CSLQuery@@SAJAEAU_GUID@@PEAH@Z Find: jz short loc_1800[XXXXX]

ALT+T: ?IsSingleSessionPerUser@CUtils@@SAJPEAH@Z proc near Find: call cs:__imp_VerifyVersionInfoW

ALT+T: ?Query@CDefPolicy@@UEAAJPEAH@Z proc near Find: mov eax, [rcx+638h] ALT+B: 8B

ALT+T: ?Initialize@CSLQuery@@SAJXZ proc near

[10.0.[--version--]] LocalOnlyPatch.x64 = 1 LocalOnlyOffset.x64 = [First value] LocalOnlyCode.x64 = jmpshort SingleUserPatch.x64 = 1 SingleUserOffset.x64 = [Second value] SingleUserCode.x64 = mov_eax_1_nop_2 DefPolicyPatch.x64 = 1 DefPolicyOffset.x64 = [Third value] DefPolicyCode.x64 = CDefPolicy_Query_eax_rcx_jmp SLInitHook.x64 = 1 SLInitOffset.x64 = [Fourth value] SLInitFunc.x64 = New_CSLQuery_Initialize

[10.0.[--version--]-SLInit]

ALT+T: ?bInitialized@CSLQuery@@0HA dd ? ALT+T: ?bServerSku@CSLQuery@@0HA dd ? ALT+T: ?lMaxUserSessions@CSLQuery@@0JA dd ? ALT+T: ?bAppServerAllowed@CSLQuery@@0HA dd ? ALT+T: ?bRemoteConnAllowed@CSLQuery@@0HA dd ? ALT+T: ?bMultimonAllowed@CSLQuery@@0HA dd ? ALT+T: ?ulMaxDebugSessions@CSLQuery@@0KA dd ? ALT+T: ?bFUSEnabled@CSLQuery@@0HA dd ?

[10.0.[--version--]-SLInit] bInitialized.x64 = bServerSku.x64 = lMaxUserSessions.x64 = bAppServerAllowed.x64 = bRemoteConnAllowed.x64 = bMultimonAllowed.x64 = ulMaxDebugSessions.x64 = bFUSEnabled.x64 =

cd C:\Program Files\RDP Wrapper uninstall.bat RDPWInst.exe -i

[10.0.26100.1830] LocalOnlyPatch.x64=1 LocalOnlyOffset.x64=8ADA1 LocalOnlyCode.x64=jmpshort SingleUserPatch.x64=1 SingleUserOffset.x64=9778B SingleUserCode.x64=mov_eax_1_nop_2 DefPolicyPatch.x64=1 DefPolicyOffset.x64=94BAF DefPolicyCode.x64=CDefPolicy_Query_eax_rcx_jmp SLInitHook.x64=1 SLInitOffset.x64=AB430 SLInitFunc.x64=New_CSLQuery_Initialize

[10.0.26100.1830-SLInit] bInitialized.x64 =11ADF0 bServerSku.x64 =11ADF4 lMaxUserSessions.x64 =11ADF8 bAppServerAllowed.x64 =11AE00 bRemoteConnAllowed.x64=11AE08 bMultimonAllowed.x64 =11AE0C ulMaxDebugSessions.x64=11AE14 bFUSEnabled.x64 =11AE18

termsrv.zip