Thursday, June 11, 2009

Guide: How to Enable Concurrent RDP Sessions in Vista

Scenario: I RDP into my home machine which is running Vista Ultimate. My wife has her own user account, but everytime I RDP in, I have to kick her off. Seems Concurrent Sessions just doesn't exist out of the box for the O/S Vista like it does for Windows Server.

This is not my hack so Thank you to "Sunmorgus" on this forum thread for making this possible: TheGreenButton

------------------------------------------------------------------------------------------------------------------------------

Some things to check. Make sure your version of Vista SUPPORTS Remote Desktop connection to begin with. OnlyVista BUSINESS & Vista ULTIMATE. If you have Vista HOME PREMIUM you have to use another hacked Termsrv.dll

Here are the steps for Vista BUSINESS & Vista ULTIMATE Instructions::

  1. Download Sunmorgus' hacked Termsrv.dll file (see links below) 
    1. EDIT 7/24: Thanks to Sunmorgus, here is the new location for the files:
For the 32bit:
http://dl.jtstroup.net/termsrv/termsrv_new.dll
for the 64bit:
http://dl.jtstroup.net/termsrv/termsrv64.dll
For Vista HOME PREMIUM: (Instructions are located within the zip)
http://dl.jtstroup.net/termsrv/termsrvHomePremium.zip

  1. We need to modify termsrv.dll to enable us to swap out the hacked assembly. termsrv.dll is located at C:\Windows\System32;
  2. Click Start, then type "cmd" in the search box & hit enter. This will launch the Command prompt
  3. Type the following & hit enter: takeown /f C:\Windows\System32\termsrv.dll
  4. Then type this & hit enter (NOTE: Replace USERNAME with YOUR USERNAME!! If your name has a space in it, enclose it with quotes, like "Richard Rahl"): cacls C:\Windows\System32\termsrv.dll /G USERNAME:F
  5. Then go to your Windows Explorer, and go to C:\Windows\System32
  6. It is always a good idea to rename any original files you want to replace and store them for safe keeping so we can always return to the original state if something was to go wrong. I suggest renaming Termsrv.dll to something like "termsrvOriginal.dll" or "termsrv.dll.Original"
  7. *NOTE* If you are unable to do the above, try rebooting into SAFE MODE
  8. Then copy & paste the Hacked DLL you downloaded in Step 1 into the C:\Windows\System32 folder
  9. You should now have concurrent sessions.

*MS Updates* if any Microsoft patches come out which may replace the "termsrv.dll" then you will need to reapply the patch. I've never had a problem on Vista ULTIMATE, but have read that some Vista HOME PREMIUM users have needed to reapply their patch.

P.S. 

Some people have had some issues with the termsrv.dll not working on their machines or their services is unable to register the new termsrv file and then run the service. if that is the case you can download a program called "UniversalTermsrvPatch" here: http://deepxw.blogspot.com/2009/04/universal-termsrvdll-patch.html

use your ORIGINAL termsrv.dll and run the program. It will then restart your computer and you will be back to normal with Terminal Services working.

Tuesday, June 9, 2009

Attempted to read or write protected memory. This is often an indication that other memory is corrupt.

I received a very interesting bug that’s been plaguing our product for a long time now. The problem is that intermittently our WinForm client users would view an image using the WebBrowser Control that would cause the program to crash. Listing this error:

Attempted to read or write protected memory. This is often an indication that other memory is corrupt.

This problem happen when our users attempted to use a SVG Viewer or Tiff Viewer ActiveX object. (Which worked perfectly in IE outside of our app) and this did not occur on every machine. Some machines would work, others would not. We were finally able to narrow it down to those using MS Vista’s 32 bit operating system.

After loads of research I was able to narrow it down to Vistas Data Execution Prevention (DEP).

Snippet from Wikipedia about this:

Data Execution Prevention (DEP) is a security feature that is intended to prevent an application or service from executing code from a non-executable memory region. This helps prevent certain exploits that store code via a buffer overflow, for example. DEP runs in two modes: hardware-enforced DEP for CPUs that can mark memory pages as nonexecutable, and software-enforced DEP with a limited prevention for CPUs that do not have hardware support. Software-enforced DEP does not protect from execution of code in data pages, but instead from another type of attack (SEH overwrite).

DEP was introduced in Windows XP Service Pack 2 and is included in Windows XP Tablet PC Edition 2005, Windows Server 2003Service Pack 1 and later,[1] Windows Vista, and Windows Server 2008.

Software configuration

So how does one configure DEP. There are multiple ways of configuring this. Boot.ini (XP and VISTA) ,command line and using Microsoft’s ACT 5.0. By far the easiest method is to use the command line.

1) Find your Command prompt and right click and select “run as administrator

2) Then type “bcdedit.exe /set {current} nx XXXXXXX”

a. Where XXXXXXX can be the following:

OptIn ( 2 ): This setting is the default configuration for Windows XP. On systems with processors that can implement hardware-enforced DEP, DEP is enabled by default for limited system binaries and programs that "opt-in." With this option, only Windows system binaries are covered by DEP by default.

OptOut( 3 ): This setting is the default configuration for Windows 2003 SP1. DEP is enabled by default for all processes. A list of specific programs that should not have DEP applied can be entered using the System dialog box in Control Panel. Network administrators can use the Application Compatibility Toolkit to "opt-out" one or more programs from DEP protection. System compatibility fixes, or shims, for DEP do take effect. Also note that Windows silently disables DEP for certain executables, such as those packaged with ASPack. [5]

AlwaysOn( 1 ): This setting provides full DEP coverage for the whole system. All processes always run with DEP applied. The exceptions list to exempt specific programs from DEP protection is not available. System compatibility fixes for DEP do not take effect. Programs that have been opted-out by using the Application Compatibility Toolkit run with DEP applied.

AlwaysOff( 0 ): This setting does not provide any DEP coverage for any part of the system, regardless of hardware DEP support. (except in Windows Vista Ultimate)

So your commandline might look something like this:

bcdedit.exe /set {current} nx AlwaysOff

Once you are done with this you will need to restart your computer.

To check the status of your DEP Policy you can run this command:

wmic os get dataexecutionprevention_supportpolicy” This will return a number value.  See values above to see what numbers mean.

Now this is how we defined what the problem was. But turning off DEP entirely isn’t a viable solution since that will expose your computer to many evil virus and hacking code.

Vista provides an interface to select specific programs to be marked as DEP non compliance. You can get to it by going to:

1) Start

2) Right Click “My Computer” à Properties

3) Advanced System Settings

4) Advanced Tab

5) Under Performance select “Settings

6) Select the tab “Data Execution Prevention

Here is where you are able to add DEP for all programs and services except those I select. This will set your DEP Policy to 3 (OptOut). You can then select the exe programs that enable you to mark that program as DEP noncompliant.

Well that might work for other people, but it didn’t work for me on my machine. Everytime I tried to select my program’s exe, I got the message “This program must run with data execution protection(DEP) enabled. You cannot turn off DEP for this program.

Later I found a website that lists a NXCOMPAT and the C# compiler.

Turns out that you can add this switch to your postbuild event of your project and it will mark your compiled project as DEP non compliant.

1) Right click on project in Visual Studio

2) Properties

3) Build Events

4) Edit Post Build ...

REM Mark project as DEP Noncompliant

call "$(DevEnvDir)..\..\VC\bin\vcvars32.bat"

call "$(DevEnvDir)..\..\VC\bin\editbin.exe" /NXCOMPAT:NO "$(TargetPath)"

Another way to do this is to open up the Visual Studio command prompt, browse to your exe location and type:

editbin.exe /NXCOMPAT:NO YourProgram.exe

That’s it, now our product will compile and it fixes many crash log errors we were receiving previously.