Шукати в цьому блозі

четвер, 28 квітня 2011 р.

Ограничения на количество соединений в Windows XP

Внимание! Речь не о TCP/IP соединениях, а о сервисах.
Ограничение присутствует физически в файлах, а не в реестре:
  • Home - 5
  • Pro - 10
Смотреть надо в сторону srv.sys и srvsvc.dll.
Windows LanServer Connectionlimit patch
=======================================
Removes the allowed LanConnections:
In WinXP Home the limit was 5 and in
In WinXP Pro 10 connections allowed.
Only the files with WinXP SP2
(Compare Versioninfo of file if you're unsure
different version might work too but if you get
and error keep in mind)
Copy/overwrite with your systemfiles - be careful
the windows system file protection might restore
the original files in background and so undo the patch ...
Techdata
patched:
srvsvc.dll::SsLoadConfigurationParameters
srv.sys::SrvNetServerSetInfo
srvsvc.dll::SsLoadConfigurationParameters
 
75098BF9 8BFF MOV EDI, EDI
75098BFB 55 PUSH EBP
75098BFC 8BEC MOV EBP, ESP
75098BFE 51 PUSH ECX
75098BFF E8 D40A0000 CALL LoadSizeParameter
75098C04 85C0 TEST EAX, EAX
75098C06 8945 FC MOV [EBP-4], EAX
75098C09 75 1E JNZ SHORT 75098C29
75098C0B 68 28800975 PUSH 75098028 "LanmanServer\AutotunedParameters"
75098C10 E8 DC000000 CALL LoadParameters
75098C15 85C0 TEST EAX, EAX
75098C17 8945 FC MOV [EBP-4], EAX
75098C1A 75 0D JNZ SHORT 75098C29
75098C1C 68 64610975 PUSH 75096164 "LanmanServer\Parameters"
75098C21 E8 CB000000 CALL LoadParameters
75098C26 8945 FC MOV [EBP-4], EAX
75098C29 A1 40300A75 MOV EAX, [750A3040]
75098C2E 3905 40310A75 CMP [750A3140], EAX
75098C34 0F83 21320000 JNB 7509BE5B
75098C3A 833D 94310A75 0>CMP [DWORD 750A3194], 0
75098C41 0F85 1E320000 JNZ 7509BE65
75098C47 53 PUSH EBX
75098C48 56 PUSH ESI
75098C49 E9 89000000 JMP 75098CD7 <-PATCH!!!

75098C4E FFFF ???
75098C50 85C0 TEST EAX, EAX
75098C52 0F85 86000000 JNZ 75098CDE
75098C58 833D 1C310A75 0>CMP [DWORD 750A311C], 1
75098C5F 6A 05 PUSH 5
75098C61 5E POP ESI
75098C62 6A 0A PUSH 0A
75098C64 5B POP EBX
75098C65 75 5E JNZ SHORT 75098CC5
75098C67 68 00020000 PUSH 200
75098C6C E8 5DF6FFFF CALL IsSuiteVersion
75098C71 85C0 TEST EAX, EAX
75098C73 0F85 FB310000 JNZ 7509BE74
75098C79 803D 1C4E0A75 0>CMP [BYTE ExtendedLicensing], 0
75098C80 0F85 2F320000 JNZ 7509BEB5
75098C86 391D 18300A75 CMP [750A3018], EBX
75098C8C 72 06 JB SHORT 75098C94
75098C8E 891D 18300A75 MOV [750A3018], EBX
75098C94 6A 40 PUSH 40
75098C96 58 POP EAX
75098C97 3905 48300A75 CMP [750A3048], EAX
75098C9D 0F83 08320000 JNB 7509BEAB
75098CA3 891D B4300A75 MOV [750A30B4], EBX
75098CA9 3935 18310A75 CMP [750A3118], ESI
75098CAF 72 06 JB SHORT 75098CB7
75098CB1 8935 18310A75 MOV [750A3118], ESI
75098CB7 8325 44310A75 0>AND [DWORD 750A3144], 0
75098CBE 8325 D0300A75 0>AND [DWORD 750A30D0], 0
75098CC5 68 00040000 PUSH 400
75098CCA E8 FFF5FFFF CALL IsSuiteVersion
75098CCF 85C0 TEST EAX, EAX
75098CD1 0F85 F3310000 JNZ 7509BECA

75098CD7 8B45 FC MOV EAX, [EBP-4]
75098CDA 5E POP ESI
75098CDB 5B POP EBX
75098CDC C9 LEAVE
75098CDD C3 RETN

75098CDE 833D 18300A75 0>CMP [DWORD 750A3018], 0A
75098CE5 ^ 75 F0 JNZ SHORT 75098CD7
75098CE7 E9 13320000 JMP 7509BEFF
75098CEC 90 NOP
75098CED 90 NOP
75098CEE 90 NOP
75098CEF 90 NOP

srv.sys::SrvNetServerSetInfo
 
0002B4D4 E8 495DFFFF CALL SecondsToTime
0002B4D9 A3 F0F80100 MOV [SrvLinkInfoValidTime], EAX
0002B4DE 8915 F4F80100 MOV [1F8F4], EDX
0002B4E4 8B83 0C010000 MOV EAX, [EBX+10C]
0002B4EA 33D2 XOR EDX, EDX
0002B4EC F7B3 A0000000 DIV [DWORD EBX+A0]
0002B4F2 A3 F8F80100 MOV [SrvScavengerUpdateQosCount], EA>

0002B4F7 B8 FFFF0000 MOV EAX, 0FFFF <-Patch!!!
0002B4FC EB 5C JMP SHORT 0002B55A <-Patch!!!

0002B4FE FFFF ??? ; Unknown command
0002B500 85C0 TEST EAX, EAX
0002B502 75 44 JNZ SHORT 0002B548
0002B504 3805 F2F70100 CMP [SrvProductTypeServer], AL
0002B50A 75 2A JNZ SHORT 0002B536
0002B50C 68 00020000 PUSH 200
0002B511 E8 7DECFFFF CALL IsSuiteVersion
0002B516 85C0 TEST EAX, EAX
0002B518 0F85 F8720000 JNZ 00032816
0002B51E 893D 58F90100 MOV [SrvCachedOpenLimit], EDI
0002B524 893D 2C0D0200 MOV [SrvMaxCachedDirectory], EDI
0002B52A 893D 8CF80100 MOV [SrvMaxFreeRfcbs], EDI
0002B530 893D 90F80100 MOV [SrvMaxFreeMfcbs], EDI
0002B536 68 00040000 PUSH 400
0002B53B E8 53ECFFFF CALL IsSuiteVersion
0002B540 85C0 TEST EAX, EAX
0002B542 0F85 06730000 JNZ 0003284E
0002B548 833D B8F80100 F>CMP [DWORD SrvMaxUsers], -1
0002B54F 73 0E JNB SHORT 0002B55F
0002B551 393D B8F80100 CMP [SrvMaxUsers], EDI
0002B557 76 06 JBE SHORT 0002B55F
!002B559 FFA3 B8F80100 JMP [EBX+SrvMaxUsers]
^^<- Patch

0002B55A A3 B8F80100 MOV [SrvMaxUsers], EAX
0002B55F FF35 08F80100 PUSH [DWORD SrvMaxReceiveWorkItemCoun>
0002B565 E8 74000000 CALL MultipleOfProcessors
0002B56A A3 08F80100 MOV [SrvMaxReceiveWorkItemCount], EA>
0002B56F FF35 04F80100 PUSH [DWORD SrvInitialReceiveWorkItem>
0002B575 E8 64000000 CALL MultipleOfProcessors
0002B57A A3 04F80100 MOV [SrvInitialReceiveWorkItemCount]>
0002B57F FF35 84F80100 PUSH [DWORD SrvMinReceiveQueueLength]
0002B585 E8 54000000 CALL MultipleOfProcessors
0002B58A A3 84F80100 MOV [SrvMinReceiveQueueLength], EAX
0002B58F FF35 10F80100 PUSH [DWORD SrvMaxRawModeWorkItemCoun>
0002B595 E8 44000000 CALL MultipleOfProcessors
0002B59A A3 10F80100 MOV [SrvMaxRawModeWorkItemCount], EA>
0002B59F FF35 0CF80100 PUSH [DWORD SrvInitialRawModeWorkItem>
0002B5A5 E8 34000000 CALL MultipleOfProcessors
0002B5AA A3 0CF80100 MOV [SrvInitialRawModeWorkItemCount]>
0002B5AF 33F6 XOR ESI, ESI
0002B5B1 8975 D4 MOV [EBP-2C], ESI
0002B5B4 834D FC FF OR [DWORD EBP-4], FFFFFFFF
0002B5B8 B9 ACFA0100 MOV ECX, SrvConfigurationLock
0002B5BD FF15 00D80100 CALL [_imp_] ; SRV2SY~1.0004C398
0002B5C3 8BC6 MOV EAX, ESI
0002B5C5 E8 A651FEFF CALL _SEH_epilog
0002B5CA C2 0C00 RETN 0C

unpachted....
0002B4F2 A3 F8F80100 MOV [SrvScavengerUpdateQosCount], EA>
0002B4F7 64:40 INC EAX ; Superfluous prefix
0002B4F9 5E POP ESI
0002B4FA 56 PUSH ESI ; /Arg1
0002B4FB E8 93ECFFFF CALL IsSuiteVersion ; \IsSuiteVersion
0002B500 85C0 TEST EAX, EAX
0002B502 75 44 JNZ SHORT 0002B548
0002B504 3805 F2F70100 CMP [SrvProductTypeServer], AL
0002B50A 75 2A JNZ SHORT 0002B536
0002B50C 68 00020000 PUSH 200 ; /Arg1 = 00000200
0002B511 E8 7DECFFFF CALL IsSuiteVersion ; \IsSuiteVersion
0002B516 85C0 TEST EAX, EAX
0002B518 0F85 F8720000 JNZ 00032816
0002B51E 893D 58F90100 MOV [SrvCachedOpenLimit], EDI
0002B524 893D 2C0D0200 MOV [SrvMaxCachedDirectory], EDI
0002B52A 893D 8CF80100 MOV [SrvMaxFreeRfcbs], EDI
0002B530 893D 90F80100 MOV [SrvMaxFreeMfcbs], EDI
0002B536 68 00040000 PUSH 400 ; /Arg1 = 00000400
0002B53B E8 53ECFFFF CALL IsSuiteVersion ; \IsSuiteVersion
0002B540 85C0 TEST EAX, EAX
0002B542 0F85 06730000 JNZ 0003284E
0002B548 833D B8F80100>CMP [DWORD SrvMaxUsers], -1
0002B54F 73 0E JNB SHORT 0002B55F
0002B551 393D B8F80100 CMP [SrvMaxUsers], EDI
0002B557 76 06 JBE SHORT 0002B55F
0002B559 FF05 B8F80100 INC [DWORD SrvMaxUsers]

0002B55F FF35 08F80100 PUSH [DWORD SrvMaxReceiveWorkItemCoun>; /Arg1 = 00000000

Ссылки:
Копировать нужно в Safe Mode:
  • srvsvc.dll в %windir%\system32
  • srv.sys в %windir%\system32\drivers
и ими же перезаписать кэш-длл SVC в %windir%\system32\dllcache

По материалам talks.guns.ru
файлы любезно предоставлены alexis.oasis (skype)
Опубліковано о
Мітки: ,

Немає коментарів:

Дописати коментар

Підписатися на: Дописати коментарі (Atom)