How-to would be useful

[headguru]

We always have to download a new ini file each time windows is updated. Is there a
guide that we can use to update this ini file itself -- something that explains in depth what
we need to do. Some of the videos on youtube are difficult to watch (fuzzy) and there is no audio. If someone would make a good tutorial I think all of us would be appreciative ..

[symdeb]

This is how far I got for 27695 Canary Windows 11 desperate to get it working. but failed ...

1. Download IDA software https://hex-rays.com/ida-free/

2. locate the termsrv.dll in c:/system32

3. In IDA open the DLL and load the symbols

4. Open the .ini file in C:/RDPWrapper (run notepad as Administrator)

5. Add the two entries with the version of Windows

6. in IDA use text search for all occurences of GetInstanceOfITSLicense

7. Find the match with the line IsLicenseTypeLocalOnly@CSLQuery@@SAJAEAU_GUID@@peah@Z

8. click on the code of "jz" , find the value in the bottom of the windows,

9. Add the lines
   LocalOnlyPatch.x64=1
   LocalOnlyOffset.x64=8AA11

10. Add the code to LocalOnlyOffset

11. Add the next 3 lines
    LocalOnlyCode.x64=jmpshort
    SingleUserPatch.x64=1
    SingleUserOffset.x64=

12. Search for CSEssionAtribtrationHelper::IsSingleSessionPerSerEnabled
    Select the match with "Jump"
    .... now got lost , the code is different than in the video
    ; Attributes: bp-based frame

; __int64 __fastcall CSessionArbitrationHelper::IsSingleSessionPerUserEnabled(CSessionArbitrationHelper *__hidden this, int *)
?IsSingleSessionPerUserEnabled@CSessionArbitrationHelper@@UEAAJPEAH@Z proc near

mov [rsp-18h+arg_0], rbx
mov [rsp-18h+arg_10], rsi
push rbp
push rdi
push r14
mov rbp, rsp
sub rsp, 60h
xor edi, edi
lea rcx, [rbp+arg_8] ; int *
mov rsi, rdx
mov [rbp+arg_8], edi
lea r14d, [rdi+1]
mov [rdx], r14d
call ?IsAppServerAllowed@CSLQuery@@SAJPEAH@Z ; CSLQuery::IsAppServerAllowed(int *)
mov ebx, eax

[udygct]

At least this works for 10.0.26100.1830 Dev Windows 11.
[10.0.[--version--]]

ALT+T: ?IsLicenseTypeLocalOnly@CSLQuery@@SAJAEAU_GUID@@peah@Z
Find: jz short loc_1800[XXXXX]

ALT+T: ?IsSingleSessionPerUser@CUtils@@SAJPEAH@Z proc near
Find: call cs:__imp_VerifyVersionInfoW

ALT+T: ?Query@CDefPolicy@@UEAAJPEAH@Z proc near
Find: mov eax, [rcx+638h]
ALT+B: 8B

ALT+T: ?Initialize@CSLQuery@@sajxz proc near

[10.0.[--version--]]
LocalOnlyPatch.x64 = 1
LocalOnlyOffset.x64 = [First value]
LocalOnlyCode.x64 = jmpshort
SingleUserPatch.x64 = 1
SingleUserOffset.x64 = [Second value]
SingleUserCode.x64 = mov_eax_1_nop_2
DefPolicyPatch.x64 = 1
DefPolicyOffset.x64 = [Third value]
DefPolicyCode.x64 = CDefPolicy_Query_eax_rcx_jmp
SLInitHook.x64 = 1
SLInitOffset.x64 = [Fourth value]
SLInitFunc.x64 = New_CSLQuery_Initialize

[10.0.[--version--]-SLInit]

ALT+T: ?bInitialized@CSLQuery@@0Ha dd ?
ALT+T: ?bServerSku@CSLQuery@@0Ha dd ?
ALT+T: ?lMaxUserSessions@CSLQuery@@0JA dd ?
ALT+T: ?bAppServerAllowed@CSLQuery@@0Ha dd ?
ALT+T: ?bRemoteConnAllowed@CSLQuery@@0Ha dd ?
ALT+T: ?bMultimonAllowed@CSLQuery@@0Ha dd ?
ALT+T: ?ulMaxDebugSessions@CSLQuery@@0ka dd ?
ALT+T: ?bFUSEnabled@CSLQuery@@0Ha dd ?

[10.0.[--version--]-SLInit]
bInitialized.x64 =
bServerSku.x64 =
lMaxUserSessions.x64 =
bAppServerAllowed.x64 =
bRemoteConnAllowed.x64 =
bMultimonAllowed.x64 =
ulMaxDebugSessions.x64 =
bFUSEnabled.x64 =

cd C:\Program Files\RDP Wrapper
uninstall.bat
RDPWInst.exe -i

[10.0.26100.1830]
LocalOnlyPatch.x64=1
LocalOnlyOffset.x64=8ADA1
LocalOnlyCode.x64=jmpshort
SingleUserPatch.x64=1
SingleUserOffset.x64=9778B
SingleUserCode.x64=mov_eax_1_nop_2
DefPolicyPatch.x64=1
DefPolicyOffset.x64=94BAF
DefPolicyCode.x64=CDefPolicy_Query_eax_rcx_jmp
SLInitHook.x64=1
SLInitOffset.x64=AB430
SLInitFunc.x64=New_CSLQuery_Initialize

[10.0.26100.1830-SLInit]
bInitialized.x64 =11ADF0
bServerSku.x64 =11ADF4
lMaxUserSessions.x64 =11ADF8
bAppServerAllowed.x64 =11AE00
bRemoteConnAllowed.x64=11AE08
bMultimonAllowed.x64 =11AE0C
ulMaxDebugSessions.x64=11AE14
bFUSEnabled.x64 =11AE18

termsrv.zip