20H2 Build: 19041.789 Not working

[vgisbert]

termsrv 10.0.19041.789.zip

[vgisbert]

Thanks for your hard work

[mariopedroSpo]

try this

[nagyimre1980]

no solution so not good (

[yuasa54]

yeah for now 789 build not in the wrapper ini file. so if you have autoupdater when they update the ini you will have it

[snipper12343]

Can someone post the new INI please?

[snipper12343]

@yuasa54 can you please post your new ini file or copy the lines? thank you

[MarcinWerra]

[10.0.19041.789]
LocalOnlyPatch.x86=1
LocalOnlyOffset.x86=B59D9
LocalOnlyCode.x86=jmpshort
SingleUserPatch.x86=1
SingleUserOffset.x86=3BC45
SingleUserCode.x86=nop
DefPolicyPatch.x86=1
DefPolicyOffset.x86=3E7C9
DefPolicyCode.x86=CDefPolicy_Query_eax_ecx
SLInitHook.x86=1
SLInitOffset.x86=67BF8
SLInitFunc.x86=New_CSLQuery_Initialize

LocalOnlyPatch.x64=1
LocalOnlyOffset.x64=88F41
LocalOnlyCode.x64=jmpshort
SingleUserPatch.x64=1
SingleUserOffset.x64=0CA4C
SingleUserCode.x64=Zero
DefPolicyPatch.x64=1
DefPolicyOffset.x64=18A15
DefPolicyCode.x64=CDefPolicy_Query_eax_rcx
SLInitHook.x64=1
SLInitOffset.x64=1D5BC
SLInitFunc.x64=New_CSLQuery_Initialize

[10.0.19041.789-SLInit]
bInitialized.x86=D0954
bServerSku.x86=D0958
lMaxUserSessions.x86=D095C
bAppServerAllowed.x86=D0964
bRemoteConnAllowed.x86=D096C
bMultimonAllowed.x86=D0970
ulMaxDebugSessions.x86=D0974
bFUSEnabled.x86=D0978

bInitialized.x64=106028
bServerSku.x64=10602C
lMaxUserSessions.x64=106030
bAppServerAllowed.x64=106038
bRemoteConnAllowed.x64=106040
bMultimonAllowed.x64=106044
ulMaxDebugSessions.x64=106048
bFUSEnabled.x64=10604C

[nagyimre1980]

thx
perfect

[emanuelvittar]

It fully works! Thanks!!!!

[vgisbert]

Nice reverse engineering job. Thank you.

[dmcdivitt]

MarcinWerra's change worked for me.

[vgisbert]

It fully works! Thanks MarcinWerra !!!!

[malicon]

MarcinWerra Thank you. It works great.

[Lux-91]

@MarcinWerra there is any guide/tutorial/article where i can try to learn how to update the ini file by myself?
Thx :)

[MarcinWerra]

When I tried to create the parameters for the .ini file myself for the first time, I watched the video on Youtube very carefully "Practical reverse engineering (for RDP Wrapper)"
You can read the issue "How to add support to a new Windows build? How to get the offset for the ini file? #1098"
or malicon's answer.

Recommended tools:

• PDB Downloader
• Ghidra

[lha314981]

Single session per user
doesn't work
best regards

[owencamilo]

Single session per user
doesn't work
best regards

[MarcinWerra]

SingleUserOffset.x64=0CB22

[10.0.19041.789]
LocalOnlyPatch.x86=1
LocalOnlyOffset.x86=B59D9
LocalOnlyCode.x86=jmpshort
SingleUserPatch.x86=1
SingleUserOffset.x86=3BC45
SingleUserCode.x86=nop
DefPolicyPatch.x86=1
DefPolicyOffset.x86=3E7C9
DefPolicyCode.x86=CDefPolicy_Query_eax_ecx
SLInitHook.x86=1
SLInitOffset.x86=67BF8
SLInitFunc.x86=New_CSLQuery_Initialize

LocalOnlyPatch.x64=1
LocalOnlyOffset.x64=88F41
LocalOnlyCode.x64=jmpshort
SingleUserPatch.x64=1
SingleUserOffset.x64=0CB22
SingleUserCode.x64=Zero
DefPolicyPatch.x64=1
DefPolicyOffset.x64=18A15
DefPolicyCode.x64=CDefPolicy_Query_eax_rcx
SLInitHook.x64=1
SLInitOffset.x64=1D5BC
SLInitFunc.x64=New_CSLQuery_Initialize

[10.0.19041.789-SLInit]
bInitialized.x86=D0954
bServerSku.x86=D0958
lMaxUserSessions.x86=D095C
bAppServerAllowed.x86=D0964
bRemoteConnAllowed.x86=D096C
bMultimonAllowed.x86=D0970
ulMaxDebugSessions.x86=D0974
bFUSEnabled.x86=D0978

bInitialized.x64=106028
bServerSku.x64=10602C
lMaxUserSessions.x64=106030
bAppServerAllowed.x64=106038
bRemoteConnAllowed.x64=106040
bMultimonAllowed.x64=106044
ulMaxDebugSessions.x64=106048
bFUSEnabled.x64=10604C

[lha314981]

here more precise test

in both cases ie
SingleUserOffset.x64=0CA4C
and
SingleUserOffset.x64=0CB22
setting Single session per user has no effect

---testing from host computer
i'm using client 5.1.2600.2180 (distibution client doesn’t connect)

connecting with user name and password entered In client works as Single session per user set active
disconected session is reused

connecting with user name and password entered on logon screen works as Single session per user set inactive
always new session is opened

---testing from remote computer
5.1.2600.2180 and distibution client works the same
behaviour is as above

mixing both types of login behaves as Single session per user set inactive

regards

[MarcinWerra]

In the rdpconf.exe application, set:

[ ] Single session per user
(o) GUI Authentication Only

After that, run the command:
RDPWInst -r
(to restart the remote desktop service)

I tested multi-session per user by connecting using client applications from Windows 10 and XP.

[lha314981]

I stand by my opinion
setting Single session per user has no effect

however
Authentication mode works as follows

GUI authentication only (windows login screen) - enables many sessions for same user, each login creates a new session, disconected sessions are not reused, disconected users should be logged out via (fe.) task manager->users->logoff user

Network level authentication (client login dialog) - makes that user can open one (mostly) rdp session, disconected session (one) is reused, if there is more disconeccted sessions, then system behaves as above.

question is: do code which handles "Single session per user" functionality could be patched ?
if it doesn't works it is possible that it changes some random code
so maybe
SingleUserPatch.x64 set to 0
see RDPWrap.cpp line 723 and below

regards

ps.
p. Marcinie ma Pan już to jakkolwiek ogarnięte, może się Panu uda znaleźć właściwe rozwiązanie
życzę powodzenia
pozdrawiam

[MarcinWerra]

@lha314981 setting Single session per user has no effect

I cannot reproduce your problem.
I tested RDPWrap on dozens of computers with version 19041.789 and it works fine with Single session per user.

do code which handles "Single session per user" functionality could be patched ?
if it doesn't works it is possible that it changes some random code

rdpwrap/src-x86-x64-Fusix/RDPWrap.cpp

Lines 722 to 740 in a5c64a4

	#ifdef _WIN64
	if (!(IniFile->GetVariableInSection(Sect, "SingleUserPatch.x64", &Bool))) Bool = false;
	#else
	if (!(IniFile->GetVariableInSection(Sect, "SingleUserPatch.x86", &Bool))) Bool = false;
	#endif
	if (Bool)
	{
	WriteToLog("Patch CSessionArbitrationHelper::IsSingleSessionPerUserEnabled\r\n");
	Bool = false;
	#ifdef _WIN64
	SignPtr = (PLATFORM_DWORD)(TermSrvBase + INIReadDWordHex(IniFile, Sect, "SingleUserOffset.x64", 0));
	Bool = IniFile->GetVariableInSection(Sect, "SingleUserCode.x64", &PatchName);
	#else
	SignPtr = (PLATFORM_DWORD)(TermSrvBase + INIReadDWordHex(IniFile, Sect, "SingleUserOffset.x86", 0));
	Bool = IniFile->GetVariableInSection(Sect, "SingleUserCode.x86", &PatchName);
	#endif
	if (Bool) Bool = IniFile->GetVariableInSection("PatchCodes", PatchName.Value, &Patch);
	if (Bool && (SignPtr > TermSrvBase)) WriteProcessMemory(GetCurrentProcess(), (LPVOID)SignPtr, Patch.Value, Patch.ArraySize, &bw);
	}

The code between lines 722 and 740 looks fine to me.
This function does not randomly change the code.
With the patch SingleUserOffset.x64 = 0CA4C, SingleUserCode.x64 = Zero is patched CSessionArbitrationHelperMgr::IsSingleSessionPerUserEnabled

With the patch SingleUserOffset.x64 = 0CB22, SingleUserCode.x64 = Zero is patched CSessionArbitrationHelper::IsSingleSessionPerUserEnabled

But the strangest thing is that, with the patch disabled by SingleUserPatch.x64 = 0, it also works fine for single session per user and multi session connections.

PS. @lha314981 :-) Może prędzej się dogadamy po polsku. (Proszę odezwać się przez Messenger https://www.facebook.com/WerraMarcin/)

[Mindaugas85]

So at least RDP Wrapper is working on halfway.
RDP multisession working, but not printer redirection :( and it's very saaaad.
When copying old rdpwrap ini file - printers working, but not RDP multisession,
if but I changing ini file to support [10.0.19041.789] Windows 10 20H2 multisession - after restarting pc - printers are disappearing, only leaving to redirect "Pdf creators", One notes and others non-real printers.
Termsrv.dll I haven't modified.

INFO UPDATE
I forgot to mention one thing,
When I'm using unsupported rdp ini file, all printers redirecting,
then updating ini file after closing and saving file without pc restarting.
then and RDP working with multisession and printers redirecting, BUT BUT BUT - when i'm doing OS restart..... redirected printers disappiering and working onlu RDP multissession :(
IN RDP config windows -showing that everuthin green and ok...

[kotoucx]

So at least RDP Wrapper is working on halfway.
RDP multisession working, but not printer redirection :( and it's very saaaad.
When copying old rdpwrap ini file - printers working, but not RDP multisession,
if but I changing ini file to support [10.0.19041.789] Windows 10 20H2 multisession - after restarting pc - printers are disappearing, only leaving to redirect "Pdf creators", One notes and others non-real printers.
Termsrv.dll I haven't modified.

The following worked for me ..
#874 (comment)
I have deleted highlighted italic rows:
[10.0.19041.789]
LocalOnlyPatch.x86=1
LocalOnlyOffset.x86=B59D9
LocalOnlyCode.x86=jmpshort
SingleUserPatch.x86=1
SingleUserOffset.x86=3BC45
SingleUserCode.x86=nop
DefPolicyPatch.x86=1
DefPolicyOffset.x86=3E7C9
DefPolicyCode.x86=CDefPolicy_Query_eax_ecx
SLInitHook.x86=1
SLInitOffset.x86=67BF8
SLInitFunc.x86=New_CSLQuery_Initialize

LocalOnlyPatch.x64=1
LocalOnlyOffset.x64=88F41
LocalOnlyCode.x64=jmpshort
SingleUserPatch.x64=1
SingleUserOffset.x64=0CB22
SingleUserCode.x64=Zero
DefPolicyPatch.x64=1
DefPolicyOffset.x64=18A15
DefPolicyCode.x64=CDefPolicy_Query_eax_rcx
SLInitHook.x64=1
SLInitOffset.x64=1D5BC
SLInitFunc.x64=New_CSLQuery_Initialize

[10.0.19041.789-SLInit]
bInitialized.x86=D0954
bServerSku.x86=D0958
lMaxUserSessions.x86=D095C
bAppServerAllowed.x86=D0964
bRemoteConnAllowed.x86=D096C
bMultimonAllowed.x86=D0970
ulMaxDebugSessions.x86=D0974
bFUSEnabled.x86=D0978

bInitialized.x64=106028
bServerSku.x64=10602C
lMaxUserSessions.x64=106030
bAppServerAllowed.x64=106038
bRemoteConnAllowed.x64=106040
bMultimonAllowed.x64=106044
ulMaxDebugSessions.x64=106048
bFUSEnabled.x64=10604C