Add support for 10.0.17763.165

[RobertSpir]

New CU KB4470788 for win10 1809 was released that updated termsrv.dll.
It seems that offsets are the same as for 17763.1 version

[10.0.17763.165]
LocalOnlyPatch.x64=1
LocalOnlyOffset.x64=77941
LocalOnlyCode.x64=jmpshort
SingleUserPatch.x64=1
SingleUserOffset.x64=132F9
SingleUserCode.x64=Zero
DefPolicyPatch.x64=1
DefPolicyOffset.x64=17F45
DefPolicyCode.x64=CDefPolicy_Query_eax_rcx
SLInitHook.x64=1
SLInitOffset.x64=1ABFC
SLInitFunc.x64=New_CSLQuery_Initialize

[10.0.17763.165-SLInit]
bInitialized.x64 =ECAB0
bServerSku.x64 =ECAB4
lMaxUserSessions.x64 =ECAB8
bAppServerAllowed.x64 =ECAC0
bRemoteConnAllowed.x64=ECAC4
bMultimonAllowed.x64 =ECAC8
ulMaxDebugSessions.x64=ECACC
bFUSEnabled.x64 =ECAD0

termsrv_x64.zip

[JeffPeters]

Thanks RobertSpir, adding your lines from above to C:\Program Files\RDP Wrapper\rdpwrap.ini
then restarted the service with

net stop TermService
net start TermService

And it is working again. (Showing supported below and I can do multi-login)

I also recompiled the project from source at master, but that was likely not needed.

[negmos]

I tried adding these lines to the end of the file but the service didn't come up at all.

Any ideas what shall be changed?

[hajubu]

Just for all users a short remark: Thanks to @RobertSpir
Something has changed from 17763.1 (incl .55, .107 and .134) to 17763.165 in the x64-data

[10.0.17763.165] // LocalOnlyOffset.x64=xxxxx //
xxxxx.(17763.1) =77941 --> xxxxx.(17763.165) =77AF1 ( tested and validated)

all other x64-ini-data for 1809rs517763.1 to .134 are the same as .165-data

hint: SingleUserOffset.x64=132F9 may be also ==1322C as in the original-ini from 2018-10-10

x86 data not yet fully tested if identical with the base data 17763.1 ( suppose NO!)

[negmos]

Ok, i found my mistake, i didn't change the date of the file :)

Now it works flawlessly .. Many thanks guys.

[hajubu]

Hallo - here my findings for 1809_1773.165
;-----------------------------------------------
; CU KB4470788 for win10 1809 was released that updated termsrv.dll.
; Do not modify without special knowledge
; here is a validated version for 17763.165 ( with ida and in VM)
; Base is #601 - @RobertSpir -mod add 17763( in .1/.134 and in .165 )
; compared to upd-rdpwarp.ini_2018-10-10 for x86 and x64
; Date 18-11-22
; for manually adding the snip-text to your rdpwrap.ini in/to hinted location
; at the end you find a small directive as a how-to manually implement your new ini

;[Main]
;[SLPolicy]
;[PatchCodes]

;--------snip-------------
[10.0.17763.165]
LocalOnlyPatch.x86=1
LocalOnlyOffset.x86=AFC74
LocalOnlyCode.x86=jmpshort
LocalOnlyPatch.x64=1
LocalOnlyOffset.x64=77AF1
LocalOnlyCode.x64=jmpshort
;
SingleUserPatch.x86=1
SingleUserOffset.x86=4D665
SingleUserCode.x86=nop
SingleUserPatch.x64=1
; SingleUserOffset.x64=132F9 -- Github StasCorp/rdpWrap #601 @RoberSpir
; SingleUserOffset.x64=1322C -- StasCorp original 2018-10-10
SingleUserOffset.x64=1322C
SingleUserCode.x64=Zero
;
DefPolicyPatch.x86=1
DefPolicyOffset.x86=4BE69
DefPolicyCode.x86=CDefPolicy_Query_eax_ecx
DefPolicyPatch.x64=1
DefPolicyOffset.x64=17F45
DefPolicyCode.x64=CDefPolicy_Query_eax_rcx
;
SLInitHook.x86=1
SLInitOffset.x86=5B18A
SLInitFunc.x86=New_CSLQuery_Initialize
SLInitHook.x64=1
SLInitOffset.x64=1ABFC
SLInitFunc.x64=New_CSLQuery_Initialize
;--------snip-------------
;
;[SLInit]
;
;--------snip-------------
[10.0.17763.165-SLInit]
bInitialized.x86 =CD798
bServerSku.x86 =CD79C
lMaxUserSessions.x86 =CD7A0
bAppServerAllowed.x86 =CD7A8
bRemoteConnAllowed.x86=CD7AC
bMultimonAllowed.x86 =CD7B0
ulMaxDebugSessions.x86=CD7B4
bFUSEnabled.x86 =CD7B8
;
bInitialized.x64 =ECAB0
bServerSku.x64 =ECAB4
lMaxUserSessions.x64 =ECAB8
bAppServerAllowed.x64 =ECAC0
bRemoteConnAllowed.x64=ECAC4
bMultimonAllowed.x64 =ECAC8
ulMaxDebugSessions.x64=ECACC
bFUSEnabled.x64 =ECAD0
;--------snip-------------

;------------------------use as batch / cmd --------------------------------------------
cls
@echo off
echo.
echo. "TERMSERVICE" will be stopped in phase ONE when you continue and .....
echo.
echo. 1) You may make (!elevated) changes to "Windows\System32\termsrv.dll"
echo. 2) You may make more changes to "Program Files\RDP Wrapper\rdpwrap.ini"
echo. or in "Windows\System32\rdpwrap.ini"
echo.
echo. If You use update/Install/uninstall
echo. You should use modified version of mod.install.bat ( !No -o option)
echo. and mod.uninstall.bat with option -k
echo. You may overwrite or delete your "manually" implemeted rdpwrap.ini
echo. especially if you use update.bat unmodified !.
echo RDP Wrapper Library v1.6 // Installer v2.3 //Copyright (C) Stas'M Corp. 2016
echo USAGE : RDPWInst.exe [-l ^|-i [-s] [-o] ^|-w ^|-u [-k] ^|-r]
echo -l display the license agreement
echo -i install wrapper to Program Files folder (default)
echo -i -s install wrapper to System32 folder
echo -i -o online install mode (loads latest INI file) :: critical!
echo -w get latest update for INI file :: critical!
echo -u uninstall wrapper :: critical!
echo -u -k uninstall wrapper and keep settings
echo -r force restart Terminal Services
echo.
echo. 3) You may add/update (rfxvmt.dll) in "Windows\SYSWOW64"
echo. if you have a missing one or older one in x64-Home
echo.
echo. "YOUR ACTION SHOULD BE FINISHED" after Phase-ONE
echo. When you go-on to Phase-TWO then "TERMSERVICE"
echo. will be started again in Phase-TWO
echo.
ECHO. "PHASE-ONE" of two phases
echo.
echo. CTRL-C aborts
pause
net stop termservice
echo. Waiting for "Your Action(s)"
echo. Or You may go-on to PHASE-TWO of two ?
echo.
echo. CTRL-C aborts
pause
net start termservice
pause
;---------------------------------------------------------------------------

[RobertSpir]

termsrv.dll was updated to 167, offsets seems to be the same

[hajubu]

termsrv.dll was updated meanwhile to .167 (18-11-27) and .168 (18-12-04), offsets seems to be the same.
Just change or add a section for [10.0.17763.nnn] and [10.0.17763.nnn-SLInit] with the data (in #601 -hajubu) with the snipping data [10.0.17763.165] and [10.0.17763.165-SLInit]

• Good Luck -

[DHaak93]

These offsets don't seem to work for me on 168 x64.

[hajubu]

@DHaak93 : the offsets I contributed above are tested against x64/x86 in VM and check per IDA
-> !! IS WORKING !!
To assist your problem - if you like - give more details for your workflow / environment.

[Julien-nl]

@JeffPeters on my current .ini file i see those lines

[10.0.17763.1-SLInit]
bInitialized.x86      =CD798
bServerSku.x86        =CD79C
lMaxUserSessions.x86  =CD7A0
bAppServerAllowed.x86 =CD7A8
bRemoteConnAllowed.x86=CD7AC
bMultimonAllowed.x86  =CD7B0
ulMaxDebugSessions.x86=CD7B4
bFUSEnabled.x86       =CD7B8

bInitialized.x64      =ECAB0
bServerSku.x64        =ECAB4
lMaxUserSessions.x64  =ECAB8
bAppServerAllowed.x64 =ECAC0
bRemoteConnAllowed.x64=ECAC4
bMultimonAllowed.x64  =ECAC8
ulMaxDebugSessions.x64=ECACC
bFUSEnabled.x64       =ECAD0

Do i have to replace them with the lines of @RobertSpir and also Replace termsrv.dll he posted ?

[hajubu]

@Julien-nl ; Hello , for each build , a need for the two ini-Section [10.0.17763.nnn] and [10.0.17763.nnn-SLInit] / nnn= (1 , 165, 167, 168 ) is given, which contains both (.x64 and .x86) offset-values.
This ensures that all these builds will be recognized.
I did a replication of my findings (snip-listing Sections [10.0.17763.165] and [10.0.17763.165-SLInit] above) for all three 177763.nnn-builds (165,167,168),
adding these section by taking the original build from 2018-10-10 from the repository,
whereby the build-number were set according to the wanted build.
(! There is a difference from build 17763.1 to 17763.165).
I did put each section in a row behind 17763.1 and 17763.1-Slinit.
Please be aware not stumbling over
a) os-bit version
b) not using "net stop TermService" and changing the "newly" edited ini-file.
See my comment risk of overwriting this file using unmodified "install.bat/uninstall.bat" or the "update.bat"
c) after you have replaced the ini-file do restart the "PC" or at least use "start net TermService".
Remark:

1. Each build 17763.1 , .165 , 167 , 168 comes with an own "build" version of Termsrv.dll ( x64,x86).
2. The rfxvmt.dll (x64 , x86 ) has always 17763.1, whereby the the added (older) rfxvmt.dll in syswow64 from the rdp-wrapper install also still works fine.

Therefore in x64 you have several choices to circumvent the stumbling stones.
Please let me know if this helped.
Getting the Termsrv.dll and rfxvmt.dll from the dedicated install.wim (x64 / x86) or do a simple VM install of the OS-build of your choice ( my recommendation) and follow up the workflow,
. Good Luck

[andrePKI]

Despite the description of @hajubu I don't seem to get it working in 17763.168

So I got the 2018-10-10 rdpwrap.ini, added two sections for .168 and .168-SLinit, copying the data from the 165 and .165-SLInit respectively.
net stop termservice
net start termservice

and … termservice crashes..

I did not fiddle with the dlls.

(BTW still fighting with virusscanner too -- maybe this disturbes things as well?)

[hajubu]

@andrePKI wrote :: Despite the description I don't seem to get it working in 17763.168 …... „I did not fiddle with the dlls.“ …… BTW still fighting with virusscanner too … maybe this disturbes Things > (!yes may be!) > ?? ( Which one do you use ? > !! Some do strictly forbid making changes in surveyed/observed (System) areas. ! – use $MS Defender only , I had never a Problem with it – but with others ! Try to Keep it Simple (K.I.S.S.) at least for the implementation phase ….. and … termservice crashes.. > ?? ‚When‘ and ‚What‘ is the message or Event id ? There is no „fiddling“ necessary , except If you really want to test manually several builds of “termsrv.dll“, which is not the normal workflow. - So I did it just straight „Forward“ - Use at the first time install or update Win10 and - use the „Install.bat“ ( only once, with Option -o) to get the updated Version of rdpwrap.ini of the repository {2018-10-10), otherwise you receive with rpd-wrap 1.62 the ini-file 2017-12-27 - net stop termservice (elevated) and watch Messages in the admin-console (see my batch cmd proposal) - edit rdpwrap.ini with the updated [section-version] according to your termsrv.dll in system32. - net start termservice (elevated) and watch Messages in the admin-console just see my result at last post (hajubu- 18-12-09) in #606 ----------------

[andrePKI]

Yep, @hajubu, I did exactly that. my termserv.dll is .168, the appcrash event in the eventviewer shows P2: 10.0.17763.1 (.1, not .168?) (2 events were logged on each crash, 1000 from Application Error and 1001 from Windows Error Reporting - but this is not relevant anymore - please read on)
The virusscanner (McAfee) only puts rdpconf in quarantine. On another machine I am at .134 and there I succeed with the vanilla rdpwrap.ini (10-10-18).

So, with 10-10-18 file (no modifications) I can RDP into the machine, but only 1 session at a time. Then, when adding the entries for .168 (just above the [SLInit] section) and .168.SLInit (the bottom of the file) I have several possibilities: either the service doesn't start at all, or it starts then crashes when attempting to open an RDP session.
So I decided to start over again.

1. changed the date in the file to 18-10-09 (otherwise the next step fails with [*] Everything is up to date.)
2. Get the 'clean 10-10 INI file' by running RDPWInst -w

RDP Wrapper Library v1.6.2
Installer v2.5
Copyright (C) Stas'M Corp. 2017

[*] Checking for updates...
[*] Current update date: 2018.10.09
[*] Latest update date:  2018.10.10
[+] New update is available, updating...
[*] Configuring TermService...
[*] Starting TermService...
[+] TermService found (pid 22940).
[*] No shared services found.
[*] Terminating service...
[*] Starting TermService...
[+] Update completed.

3. Added the new sections [10.17763.168] and [10.17763.168-SLInit] with the code from @RobertSpir and your modifications

[10.0.17763.168]
LocalOnlyPatch.x64=1
;LocalOnlyOffset.x64=77941	- #601 @RobertSpir
;LocalOnlyOffset.x64=77AF1	- #601 @hajubu
LocalOnlyOffset.x64=77AF1
LocalOnlyCode.x64=jmpshort
SingleUserPatch.x64=1
SingleUserOffset.x64=132F9
SingleUserCode.x64=Zero
DefPolicyPatch.x64=1
DefPolicyOffset.x64=17F45
DefPolicyCode.x64=CDefPolicy_Query_eax_rcx
SLInitHook.x64=1
SLInitOffset.x64=1ABFC
SLInitFunc.x64=New_CSLQuery_Initialize

[8< --- 8 <---  8< ---]

[10.0.17763.168-SLInit]
bInitialized.x64      =ECAB0
bServerSku.x64        =ECAB4
lMaxUserSessions.x64  =ECAB8
bAppServerAllowed.x64 =ECAC0
bRemoteConnAllowed.x64=ECAC4
bMultimonAllowed.x64  =ECAC8
ulMaxDebugSessions.x64=ECACC
bFUSEnabled.x64       =ECAD0

4. Save, Net stop termservice, Net start termservice
5. No errors in eventlog, service is running (from services.msc)
6. test by starting mstsc from another computer
7. TADAA!! It is working

#Happy. Now, the only thing I have to do is to convince McAfee that they show a false positive on rdpconf.exe, so I can use that tool as well.

[hajubu]

andrePKI wrote ….in the eventviewer shows P2: 10.0.17763.1 (.1, not .168?)

>> HIGH-FIVE! For your success an Explanation >> my Observation was in the past form time to time net stop / net start Needs a while for finilazing the Task. Therefore I’m used to take an elevated Batch.cmd with „pause/wait“cmds to have a Chance to see the stopping/starting Messages of the net termservice. ( A clean „Restart“ is Always the best solution !) >> „McAfee“ -> RDPCfg.exe ( As far I know McAffee observes registry Entries !?!)

Just a short remark : to [Main] updated=yyy.mm.dd i.r. to rdpwrap.ini Updated=yyyy.mm.dd .GE „last.ini in repo“ prevents regular update with update.bat i.r. to DATE Update=yyy.mm.dd .LT pulls the „last.ini“ from repo

>> taking only x64 offset values works for your x64-Environment fine.

Other may Need both x64 and x86

>> The two Section [OS.build.no] and [OS.build.no-SLInit]

should positioned acc. to the given logic in the origial rdpwrap.ini

[Scr34mik]

Yep, @hajubu, I did exactly that. my termserv.dll is .168, the appcrash event in the eventviewer shows P2: 10.0.17763.1 (.1, not .168?) (2 events were logged on each crash, 1000 from Application Error and 1001 from Windows Error Reporting - but this is not relevant anymore - please read on)
The virusscanner (McAfee) only puts rdpconf in quarantine. On another machine I am at .134 and there I succeed with the vanilla rdpwrap.ini (10-10-18).

So, with 10-10-18 file (no modifications) I can RDP into the machine, but only 1 session at a time. Then, when adding the entries for .168 (just above the [SLInit] section) and .168.SLInit (the bottom of the file) I have several possibilities: either the service doesn't start at all, or it starts then crashes when attempting to open an RDP session.
So I decided to start over again.

1. changed the date in the file to 18-10-09 (otherwise the next step fails with `[*] Everything is up to date.`)

2. Get the 'clean 10-10 INI file' by running RDPWInst -w

RDP Wrapper Library v1.6.2
Installer v2.5
Copyright (C) Stas'M Corp. 2017

[*] Checking for updates...
[*] Current update date: 2018.10.09
[*] Latest update date:  2018.10.10
[+] New update is available, updating...
[*] Configuring TermService...
[*] Starting TermService...
[+] TermService found (pid 22940).
[*] No shared services found.
[*] Terminating service...
[*] Starting TermService...
[+] Update completed.

1. Added the new sections [10.17763.168] and [10.17763.168-SLInit] with the code from @RobertSpir and your modifications

[10.0.17763.168]
LocalOnlyPatch.x64=1
;LocalOnlyOffset.x64=77941	- #601 @RobertSpir
;LocalOnlyOffset.x64=77AF1	- #601 @hajubu
LocalOnlyOffset.x64=77AF1
LocalOnlyCode.x64=jmpshort
SingleUserPatch.x64=1
SingleUserOffset.x64=132F9
SingleUserCode.x64=Zero
DefPolicyPatch.x64=1
DefPolicyOffset.x64=17F45
DefPolicyCode.x64=CDefPolicy_Query_eax_rcx
SLInitHook.x64=1
SLInitOffset.x64=1ABFC
SLInitFunc.x64=New_CSLQuery_Initialize

[8< --- 8 <---  8< ---]

[10.0.17763.168-SLInit]
bInitialized.x64      =ECAB0
bServerSku.x64        =ECAB4
lMaxUserSessions.x64  =ECAB8
bAppServerAllowed.x64 =ECAC0
bRemoteConnAllowed.x64=ECAC4
bMultimonAllowed.x64  =ECAC8
ulMaxDebugSessions.x64=ECACC
bFUSEnabled.x64       =ECAD0

1. Save, Net stop termservice, Net start termservice

2. No errors in eventlog, service is running (from services.msc)

3. test by starting mstsc from another computer

4. TADAA!! It _is_ **working**

#Happy. Now, the only thing I have to do is to convince McAfee that they show a false positive on rdpconf.exe, so I can use that tool as well.

Unfortunately doesnt work for me. heres what i get in event logger :
Faulting application name: svchost.exe_TermService, version: 10.0.17763.1, time stamp: 0xb900eeff
Faulting module name: rdpwrap.dll, version: 1.5.0.0, time stamp: 0x5488aa5a
Exception code: 0xc0000005
Fault offset: 0x00000000000029fc
Faulting process id: 0x4abc
Faulting application start time: 0x01d4908f667b83cc
Faulting application path: C:\WINDOWS\System32\svchost.exe
Faulting module path: c:\program files\rdp wrapper\rdpwrap.dll
Report Id: e4b5a0fe-4354-4b60-85d4-31502627058b
Faulting package full name:
Faulting package-relative application ID:

[hajubu]

@Scr34mik::18-12-10
I'm a little bit confused, as you added in "head" the protocol / Post from @andrePIK 18-12-09.
In the tail of your post the "Exception Code: 0xc0000005" is an "well known" error code, whereas
the causes may be for the
(1) Error ‘0xC0000005: Access Violation’ error are: corrupt registry, ....
(2) Error '0xC0000005: Virus ( - oops! It could be a false/positive of your Virusscanner ( like McAfee, etc)
as andrePIK already reported , RDPconf.exe was caught as such.
I personally keeps it simple (K.I.S.S) with Win10 Defender - no problem at all.
(3) Error '0xC0000005: also a forbidden "overwriting" of "old" remained data may causes such effects

Another Msg part hold " Fault offset: 0x00000000000029fc" and the "TermService, version: 10.0.17763.1"
points to an effect that at the time the error occurred, the "older" version of 17763.1 is still registered.

Therefore make sure that you did a "sober" OS-Update to "new" 17763.168 ( I suppose you wanted that)
with // last CU KB4469342 (v168.1.10 ) and SSU KB4470788 both from 2018-12-04 // msu::SSU must be installed before CU , only the 'older' KB4469342 (cab) should/(must) be overwritten.
--- I also installed KB4471331(adobe flash) and KB 4469041 -preview CU upd NetFramew.3.5/4.72) which I believe not so important --- //
If you want to do it manually , please have a good knowledge how to handle the System privileges rules.
-- see my post from 18-12-09 in #606 for more details
. Good Luck

[creatoro]

@hajubu got the same error as @Scr34mik.

I've used the snippet from @hajubu:

[10.0.17763.168]
LocalOnlyPatch.x86=1
LocalOnlyOffset.x86=AFC74
LocalOnlyCode.x86=jmpshort
LocalOnlyPatch.x64=1
LocalOnlyOffset.x64=77AF1
LocalOnlyCode.x64=jmpshort
;
SingleUserPatch.x86=1
SingleUserOffset.x86=4D665
SingleUserCode.x86=nop
SingleUserPatch.x64=1
; SingleUserOffset.x64=132F9 -- Github StasCorp/rdpWrap #601 @RoberSpir
; SingleUserOffset.x64=1322C -- StasCorp original 2018-10-10
SingleUserOffset.x64=1322C
SingleUserCode.x64=Zero
;
DefPolicyPatch.x86=1
DefPolicyOffset.x86=4BE69
DefPolicyCode.x86=CDefPolicy_Query_eax_ecx
DefPolicyPatch.x64=1
DefPolicyOffset.x64=17F45
DefPolicyCode.x64=CDefPolicy_Query_eax_rcx
;
SLInitHook.x86=1
SLInitOffset.x86=5B18A
SLInitFunc.x86=New_CSLQuery_Initialize
SLInitHook.x64=1
SLInitOffset.x64=1ABFC
SLInitFunc.x64=New_CSLQuery_Initialize

[10.0.17763.168-SLInit]
bInitialized.x86 =CD798
bServerSku.x86 =CD79C
lMaxUserSessions.x86 =CD7A0
bAppServerAllowed.x86 =CD7A8
bRemoteConnAllowed.x86=CD7AC
bMultimonAllowed.x86 =CD7B0
ulMaxDebugSessions.x86=CD7B4
bFUSEnabled.x86 =CD7B8
;
bInitialized.x64 =ECAB0
bServerSku.x64 =ECAB4
lMaxUserSessions.x64 =ECAB8
bAppServerAllowed.x64 =ECAC0
bRemoteConnAllowed.x64=ECAC4
bMultimonAllowed.x64 =ECAC8
ulMaxDebugSessions.x64=ECACC
bFUSEnabled.x64 =ECAD0

As soon as I remove this from the .ini the service starts without problems.

Updates were installed in the right order. Also, I've tried to disable anti-virus as well.

Seems to be that the old version of the TermSerivce is causing the problem as @hajubu suggested. Any ideas how to register the new version?

Update: in the meantime I’ve overwritten termsrv.dll with version .165 and it works (thanks for the snippet @hajubu). This is a workaround for now. The termsrv.dll in the first comment is good, thanks for that @RobertSpir. To overwrite, the owner of the file has to be changed to admin and permissions has to be granted for writing. Stop/start of termservice is needed at the end of the process.

[andrePKI]

@hajubu, @
Hajubu wrote

Another Msg part hold " Fault offset: 0x00000000000029fc" and the "TermService, version: 10.0.17763.1"
points to an effect that at the time the error occurred, the "older" version of 17763.1 is still registered.

But the version in the eventlog refers to svchost.exe, which is .1, not .168, so nothing strange there. This process runs as local system, hence the error 5 (0xc00000005) is odd.
I am not sure about the order of the section in the ini file (normally it should not matter), but to be safe I would put [10.0.17763.168] around the middle, just above [SLInit] section and [...168-SLInit] at the bottom of the ini file.

[hajubu]

@andrePKI --------------------------- ….. [Hajubu wrote ''' Another Msg part hold " Fault offset: 0x00000000000029fc" and the "TermService, version: 10.0.17763.1" points to an effect that at the time the error occurred, the "older" version of 17763.1 is still registered. ''''

>>> Thanks andrePKI ,

but I believe there is a little misunderstanding: If the OS-Update from.1 to .168 was done right and „sober“ before, I’d never observed a message with „the old Version I had before“ the update of the rdpwrap.ini. Exchanging „termsrv.dll“ on-the-fly needs a knowledge of handling privileges ( or a tool ) ….. Running the …process as local System, hence the error 5 (0xc00000005) is odd …“

>>>> quite clear, but nevertheless we have to accept that the „update“/„replacing“ -Errors are based on on a handling with wrong privileges ( „access-rights“) anything in the registry or file System, in most cases.

……I am not sure about the order of the section in the ini file (normally it should not matter)

>>> You may be right, but for a simple comparison ( simplier reading), I do prefer the way with the „Two“ part as described ( „part1.xxx“ in the middle bevor the [SLInit]-section and „part2xxx-Slinit“ at bottom of the ini file.

------------------- @creatoro wrote in the update to your post you said: [10.0.1773.165]…[10.0.17763.165-SLinit] data works with now with termsrv.dll.165 which is the way it should. For any other Version of win10.1809_17763.xxx-termsrv.dll.xxx you need an seperate section-pair. 17763.1 , as set in the rdpwrap.ini in the repository) 17763.165 , as you used it. 17763.167 and / or 17763.168 as I explained : Add the data from the [10.0.1773.165]…[10.0.17763.165-SLInit] Section pair in a new pair of sections with each Header(s) for [10.0.17763.167] and [10.0.17763.167-SLInit] and / or for [10.0.17763.168] and [10.0.17763.168-SLInit] just below the above discussed and referenced positions in the ini file. -------------------------------------------------------------------------------- Remark : a) From termsrv.dll.1 to termsrv.165 is a difference in the ini-sections data. Rdpwarp.ini in the repository (Code:res\rdpwrap.ini) used b) When you do a "normal" update.bat call and may overwrite your just edited "new" ini-file depending of the Update=yyyy.mm.dd in the [Main]-section "is Less" then the actual one in the repo [i.e. 2018-10-10] containing only the 1809-build with 10.0.17763.1. c) To avoid to overwrite the already updated rdpwrap.ini you may edit update.bat and delete the option { -o } in the line3 just behind (... RDPWinst" -i) from (RDP-Wrapper V1.62). JUST To Ease The Job: I do recommend to test the workflow always in a VM/Vbox Environment. I explained, for those who are not familiar with handling „System Privileges“ exceptions To do "FIRST" a „sober“ – Standard - „ OS-Update to "new" 17763.168 (…. If wanted …) with // last CU KB4469342 (v168.1.10 i ) and SSU KB4470788 both from 2018-12-04 -- and "THEN" use the workflow to add the [.168 ini-Section] where you need these. -- see my post from 18-12-09 in #606 for more detail -- or follow the post of andrePKI 18-1210 in #601 --------------------------------------------------------------------------------

[hajubu]

just a short note:
10.0.17763.194 - CU KB4471332 - keeps/lifts the termsrv.dll to its file version 10.0.17763.168.
Therefore since .165, .167, .168 use the data-offset, which are the same, we have to add to the rdpwrap.ini dated 2018-10-10 ( last.ini in the repository - code: res\rdpwrap,ini).
Ensure you have the correct ini file with two ini-sections [10.0.17763.1] , [10.0.17763.1-SLInit]
and add then the two sections [10.0.17763.168], [17763.168-SLInit]
---------------read more in #611 --------------------------------

[gitgotgone]

Hi, you people are awesome, but there may be some n00bs like me (relatively speaking) out there getting a bit lost. Here are some streamlined instructions based on hajubu, RobertSpir, Scr34mik, et. al., which worked for me.

This is for those who have already installed 1.6.2 using the install.bat file and RDPWInst.exe.

edited 12/22/2018: I used the code from rcheung81 in the next post, which worked on a Win 10 Pro build 17763.195.

1. Open C:\Program Files\RDP Wrapper
2. Copy rdpwrap.ini file to somewhere like the desktop
3. Open that file and add the following text to the end:

[10.0.17763.168]
LocalOnlyPatch.x86=1
LocalOnlyOffset.x86=AFC74
LocalOnlyCode.x86=jmpshort
LocalOnlyPatch.x64=1
LocalOnlyOffset.x64=77AF1
LocalOnlyCode.x64=jmpshort
SingleUserPatch.x86=1
SingleUserOffset.x86=4D665
SingleUserCode.x86=nop
SingleUserPatch.x64=1
SingleUserOffset.x64=1322C
SingleUserCode.x64=Zero
DefPolicyPatch.x86=1
DefPolicyOffset.x86=4BE69
DefPolicyCode.x86=CDefPolicy_Query_eax_ecx
DefPolicyPatch.x64=1
DefPolicyOffset.x64=17F45
DefPolicyCode.x64=CDefPolicy_Query_eax_rcx
SLInitHook.x86=1
SLInitOffset.x86=5B18A
SLInitFunc.x86=New_CSLQuery_Initialize
SLInitHook.x64=1
SLInitOffset.x64=1ABFC
SLInitFunc.x64=New_CSLQuery_Initialize

[10.0.17763.168-SLInit]
bInitialized.x86 =CD798
bServerSku.x86 =CD79C
lMaxUserSessions.x86 =CD7A0
bAppServerAllowed.x86 =CD7A8
bRemoteConnAllowed.x86=CD7AC
bMultimonAllowed.x86 =CD7B0
ulMaxDebugSessions.x86=CD7B4
bFUSEnabled.x86 =CD7B8

bInitialized.x64 =ECAB0
bServerSku.x64 =ECAB4
lMaxUserSessions.x64 =ECAB8
bAppServerAllowed.x64 =ECAC0
bRemoteConnAllowed.x64=ECAC4
bMultimonAllowed.x64 =ECAC8
ulMaxDebugSessions.x64=ECACC
bFUSEnabled.x64 =ECAD0

4. Open cmd as admin and enter "net stop TermService"
5. Go back to C:\Program Files\RDP Wrapper and rename or delete rdpwrap.ini file.
6. Move the newly edited rdpwrap.ini file to C:\Program Files\RDP Wrapper
7. Open cmd as admin and enter "net start TermService"

That should work.

Thanks for keeping this going!

edited 12/22/2018:
If all else fails, this has worked for me in the past, I have not verified that it works lately:
Find copy of old C:\Windows\System32\termserv.dll (eg on another computer that hasn't been updated)
Rename or move new copy using changing owner:
Properties-->Security-->Advanced-->Change Owner to me
Move old copy to C:\Windows\System32
Open the RDPWrap folder.
Run as administrator uninstall.bat
Run as administrator install.bat

[rcheung81]

Hello,

I followed the instructions from gitgotgone exactly but when I try to restart the service with "net start TermService" I get

A system error has occured
System error 1067 has occured
The process terminated unexpectedly

I rebooted the computer and still same issue. Anyone have any thoughts?

edit
I just tried it again and this time the service says it was started successfully but its still not working.
In RDP Wrapper Configuration, the Wrapper state is installed but the service state says stopped and Listener State is Not Listening.

I uninstalled and reinstalled the whole thing and started over. Now the Wrapper state is installed and the service state is green but the Listener State is still not listening.

I finally got it working. The lines to add were different on my version of windows 10 (17763.194). I read another post by hajubu for my version. You can follow the rest of the instructions from gitgotgone with the exception of which lines to add in the rdpwrap.ini file

Below is what I had to do. Please note you cannot put these snippets at the end of the file and it needs to be followed exactly.

;---------SNIP part1-----goes just behind (above) the section of 10.0.17763.1 ---
[10.0.17763.168]
LocalOnlyPatch.x86=1
LocalOnlyOffset.x86=AFC74
LocalOnlyCode.x86=jmpshort
LocalOnlyPatch.x64=1
LocalOnlyOffset.x64=77AF1
LocalOnlyCode.x64=jmpshort
SingleUserPatch.x86=1
SingleUserOffset.x86=4D665
SingleUserCode.x86=nop
SingleUserPatch.x64=1
SingleUserOffset.x64=1322C
SingleUserCode.x64=Zero
DefPolicyPatch.x86=1
DefPolicyOffset.x86=4BE69
DefPolicyCode.x86=CDefPolicy_Query_eax_ecx
DefPolicyPatch.x64=1
DefPolicyOffset.x64=17F45
DefPolicyCode.x64=CDefPolicy_Query_eax_rcx
SLInitHook.x86=1
SLInitOffset.x86=5B18A
SLInitFunc.x86=New_CSLQuery_Initialize
SLInitHook.x64=1
SLInitOffset.x64=1ABFC
SLInitFunc.x64=New_CSLQuery_Initialize
;--------------end snip part1-----------
;
;-----------snip part2 --------goes just at the bottom of the file behind 10.0.17763.1-SLInit Section------
;.
[10.0.17763.168-SLInit]
bInitialized.x86 =CD798
bServerSku.x86 =CD79C
lMaxUserSessions.x86 =CD7A0
bAppServerAllowed.x86 =CD7A8
bRemoteConnAllowed.x86=CD7AC
bMultimonAllowed.x86 =CD7B0
ulMaxDebugSessions.x86=CD7B4
bFUSEnabled.x86 =CD7B8

bInitialized.x64 =ECAB0
bServerSku.x64 =ECAB4
lMaxUserSessions.x64 =ECAB8
bAppServerAllowed.x64 =ECAC0
bRemoteConnAllowed.x64=ECAC4
bMultimonAllowed.x64 =ECAC8
ulMaxDebugSessions.x64=ECACC
bFUSEnabled.x64 =ECAD0
;---------end snip part2 --------------

[jhugor123]

I tried everything they said there, it did not work here

what I'm going to do, unfortunately, is to leave the 1803 version with the updates blocked until a version that already works with the 1809 termserv .168

thanks

[bubbleguuum]

Instruction from andrePKI worked for me for version 17763.168. Make sure to follow them to the letter, including uninstalling and reinstalling:

#601 (comment)

[mwinter69]

I noticed that it is very important that you have a newline at the end of the file.
Without it the service starts and stops immediately with the same error as @Scr34mik

[gustavoechavarria]

Hi Everyone, I have tried with this .ini file and it worked for me, it's for 10.0.17763.167 version x64
rdpwrap.zip

First, stop the service running CMD as administrator, then run net stop termservice
Replace rdpwrap.ini in C:\Program Files\RDP Wrapper
then run net start termservice
Very important Reboot your PC
then when your pc rebooted, run RDPConf to check the states, make sure All states are green

[cmhowarth]

I'm really sorry but I can't get this to work and I think I've ended up in a muddle with my dlls.
I am trying to get RdpWrap running on Win 10 Home x64, release 10.0.17763.168. I had it running fine before the 1809 update.

I thought I had a recollection of having to copy termsrv.dll and rfxvmt.dll into my system32 folder from my system running Win 10 Pro (also .168) so I did this before running uninstall.bat then install.bat. Looking at the instructions and problems it seems that is not required, just to change the .ini file.
Anyway, I get various errors - mostly just "Not listening", but I'm concerned as to whether I have the correct dlls now. And what happens in syswow64? That seems to be mentioned occasionally by some people - should rfxvmt.dll be copied there? Which version?

So now I'm not sure I have the correct dlls. Could someone send the correct versions I need to work for Win 10 Home x64 10.0.17763.168 with instructions on where they need to be copied to?
Then I can follow the instructions above to reinstall and modify the rdpwrap.ini file.

Apologies for being an idiot.
Thanks.

[mwinter69]

rfcxvmt.dll 10.0.16063.0, 37376 bytes, timestamp Nov. 10th, 2018
termsrv.dll 10.0.17763.168, 1019392 bytes, Dec. 11th 2018
Both DLLs are in system32 only
syswow64 is only required for 32bit processes. They see this folder as system32.

[binarymaster]

There is issue #606 for build 10.0.17763.168, don't post offtopic.

[alyexe]

tell it to cmhowarth ;)