Patching Microsoft’s RDP service yourself

You probably arrived at this article looking for a way to allow multiple RDP sessions to you Windows Home or Professional machine. If you want the quick fix, read this article.

If you want to know a little bit more what you are doing, keep reading this ;-)

The original article describes 2 ways of patching your RDP service: running RDP Wrapper or patching termsrv.dll In this article I’ll be looking into patching the dll as I want to know what I’m doing.

Long story short, you need to look for the following bytes inside the dll:

39 81 3C 06 00 00 xx xx xx xx xx xx

xx xx xx xx xx xx are bytes that change from Windows update to Windows update.

Replace all of those bytes with:

B8 00 01 00 00 89 81 38 06 00 00 90

But what are we actually doing here?

Let’s load up termsrv.dll in x64dbg, that’s an open source debugger for Windows. Hit the play button so you’ll arrive at termsrv.dll .

Next, let’s look for these mysterious set of bytes. Right click anywhere and select Search For, All Modules, Pattern:

Enter the 6 bytes 39 81 3C 06 00 00 and hit OK to search: