Sign in with
Sign up | Sign in
Your question
Solved

RDP causes BSOD when using file explorer

Last response: in Windows XP
Share
April 7, 2013 8:22:54 PM

XP SP3, accessed via RDP from Win7 (both on home intranet)
RDP has worked fine, for 2 years, until today. RDP connection went BSOD { STOP 0x0000007E (0xC0000005, 0x00000000, 0xAE0531A8, 0xAE052EA4) } on trying to paste a file, copied on Win 7 computer, into Win XP file explorer. Had done about 2 hours of work in same RDP session before this happened, without issue.

After rebooting XP, tried to copy from XP computer...but Win 7 drives not mapped (they usually are). When RDP'd into XP, random clicking inside file explorer cause sBSOD (same hex codes, except last two, which change slightly). Otherwise fine.

Win XP --- direction connection, *not* RDP --- seems completely OK.

Minidmp file says rdpdr.sys as the culprit; BlueSreenView output:
rdpdr.sys rdpdr.sys+13f18 0xb821f000 0xb824ee80 0x0002fe80 0x480251d2 4/13/2008 2:32:50 PM

Worried that this is a seemingly very old rdpdr.sys, I tried to update it -- several Windows KB articles mention updates, but the only available MS download failed (after MS emailed me the zip file, the file wouldn't unzip properly...asking for next disk!!). I tried to use a new rdpdr.sys from opendll.com, but it was automatically removed (!) after I put it in C:\windows\system32\drivers (after renaming existing file to rdpdr.sys.old). I think the opendll.com version is 64 bit, which wouldn't work anyway with XP...

But all this seems very, very strange. It was working, for several years, with daily use...and suddenly went bad.

Any ideas??
Thanks

P.S. - WinXP is up-to-date (ran sysupdate after BSOD; previous update had been ~2 months prior). Avast! AV installed and up-to-date (in use for ~1.5 years, last update to program & virus defs *yesterday*).
P.P.S. - I'd attach the minidump file, but don't see how to do that here...

More about : rdp bsod file explorer

April 7, 2013 9:03:52 PM

Did the Windows XP machine BSOD? If so, how could you tell it did in fact BSOD if you are working remotely?

Without researching the error codes or anything this could be just a hiccup.

*Fingers crossed*
m
0
l
April 7, 2013 10:21:56 PM

Was there anything suspicious about the file you were pasting - overly large perhaps or extra long path? If it only happened once, I'm with jackson1420 - keep calm and carry on - it may not recur.
m
0
l
Related resources
April 8, 2013 4:32:12 AM

>jackson1420:
The two computers are side by side, so if I switch which computer the monitor/keybd/mouse are connected two, I can directly use the XP computer --- and when the RDP connection is lost, the XP computer has the BSOD.

Not a hiccup, unfortunately, as this is now occurring with every RDP connection to the XP machine. And in case I wasn't clear, the BSOD seems to come *only* upon trying to do something in the file explorer window. That might be a clue, or maybe it's a false lead.

>Saga Lout:
Nothing suspicious: First time I copied a 2 kB text file (which I created) on the Win7 computer, c:\users\borhani\desktop\junk.txt, and tried to paste into the file explorer on Win XP (via RDP). Next time it happened, I simply clicked on a file name in the file explorer (on XP via RDP)...and then that happened again, and again, ...

m
0
l
April 8, 2013 12:57:45 PM

Reset the explorer service? Very interesting issue I will ponder on and respond if I think of anything
m
0
l
April 8, 2013 1:17:54 PM

jackson1420 said:
Reset the explorer service? Very interesting issue I will ponder on and respond if I think of anything

Thanks! How does one do this? The computer has been rebooted several times. Is there some registry key, or something else, that "resets" explorer?

m
0
l
April 8, 2013 2:38:56 PM

1. Press CTRL+SHIFT+ESCAPE.
2. Click on the Processes tab
3. Look for explorer.exe in the Image Name column.
4. Right click on it and select End Process. This will terminate Windows Explorer.
6. Open Start Menu and type explorer.exe
8. Click OK or hit Enter. The Windows Explorer shell will restart.
m
0
l
April 8, 2013 6:09:01 PM

Thanks, but that didn't work:
1. Connected via RDP to XP computer.
2. Started file explorer. OK
3. In file explorer, clicked the "+" signs to get the C: drive on the Win7 computer to be displayed. OK
4. Stopped & restarted explorer.exe. OK
5. Started file explorer again. OK
6. In file explorer, again clicked the "+" signs to get the C: drive on the Win7 computer to be displayed. OK
7. Actually *clicked* on the Win7 C: drive (as though I wanted to see what files it had) ===> BSOD

It really seems to be something changed about RDP, I guess on the XP side: It sends a request to the host (Win7), like "tell me what files I should display here...", and that sending of the request is killing it; or the reply back from Win7 is killing it...

How can I debug this, i.e., capture the communication back & forth between the two computers, to see how far they actually get before WinXP dies?



m
0
l
April 8, 2013 8:11:59 PM

jackson1420 said:
Have fun :D 

Sounds like a blast! Will update on what I discover...


m
0
l
April 8, 2013 9:58:05 PM

Does the Event Viewer in the XP system throw any light on this?
m
0
l
April 9, 2013 5:55:15 AM

I ran wireshark, capturing all available ports, while connecting via RDP (from 192.168.1.2 [Win7] to 192.168.1.7 [WinXP]). Capture is posted here: https://www.dropbox.com/s/mf9xrf6jtrahb2k/RDP_Debugging...

Sequence of events:
1. Started wireshark capture on Win7
2. Started RDP connection
3. Logged in to WinXP via RDP
4. ( Most of the capture time is here... WinXP logging me, starting the few processes that run when I log in )
5. Started file explorer (OK), though the Win7 local C drive was not listed (Win7 was not VPN-networked, so only it's local drive would show up...but it doesn't; usually, when I am VPN-connected on Win7, *all* drives, including network drives, show up on the RDP session; when RDP crash first occurred I was VPN-connected, but VPN status seems to be irrelevant).
6. Back to Win7, copied same text file mentioned in original post
7. Back to WinXP/RDP, tried to paste file ==> BSOD
8. Stopped capture.

So, the BSOD should be about 15 seconds or less from the end of the capture, which runs from 07:57:40 to 08:00:04. The two computers clocks are approximately in sync (certainly to the minute). The WinXP system log posted here: https://www.dropbox.com/s/n7f0t2o132uhdxl/WinXP_SystemL...

I don't see anything particularly informative in the log: some seemingly innocuous RDP errors (in that they occurred long before the BSOD), then some complaints about Win7 printers that WinXP cannot find, then notification of the minidump.

Ideas? I'm beginning to think this is a memory error...
m
0
l
April 9, 2013 3:12:04 PM

If its worked before the memory error wouldn't hold true. You can test you memory with memtestx86. (If your motherboard doesn't support the memory modules then you may not at all see the error via memtestx86 or any other method but random behavior)

Reinstall and/or uninstall the printer then try. Printers have random issues sometimes
m
0
l
April 10, 2013 9:57:32 AM

Disabling printer forwarding in the RDP settings made no difference. Same BSOD behavior.
Checking for malware & alteration of system files (such as rdpdr.sys)
m
0
l
April 20, 2013 3:35:15 PM

Folks, I've *completely* wiped & reinstalled WinXP (new disk) --- ALL old stuff not even connected to computer. Still have this error.
BSOD says rdpdr.sys (ver 5.1.2600.5512) is causing the error.

I *can* RDP from XP to Win7 --- that works great, can copy & paste, no trouble at all. But RDP from Win7 into XP causes the BSOD, exactly and only when I try to copy, paste, or click on one of the Win7 drives in file explorer.

ANY ideas?
m
0
l
April 20, 2013 11:06:11 PM

Is the XP user account password protected? If Windows 7 calls for a password it could throw XP into a flat spin if it's already logged in and may not be able to validate the request.
m
0
l
April 21, 2013 6:53:43 AM

Saga Lout said:
Is the XP user account password protected? If Windows 7 calls for a password it could throw XP into a flat spin if it's already logged in and may not be able to validate the request.

You may be onto something! Yes, both accounts are password protected (Win7 Enterprise, and XP Pro). RDP connection in either direction is authenticated through the C-A-D screen. I think the following details matter, and may be useful clues.

With XP as the RDP client, Win7 server there are no issues. I can copy something in the RDP session (including files) and then paste it back onto the XP computer. I also have folder sharing set up. In file explorer on XP, after the RDP connection is made, the Win7 computer C & D drives appear --- interestingly, after a *second* request for my Win7 domain\username & password --- as "My Network Places\Microsoft Windows Network\Win7_domainname\Win7_computername\Win7_C[D]_drive", and they both work for copy/paste, in both directions, to/from XP.

And, on the Win7 RDP server, in *its* file explorer, the XP disks show up (they take a little longer than Win7 disks showing up on the XP, I think because the Win7 computer is much newer & faster). I can copy/paste to them without issue.

In short, everything works as expected when I RDP from XP to the Win7 server.

HOWEVER, with Win7 client, XP server that's when I get the XP BSOD --- the instant I click on a Win7 drive listed in the (RDP'd) XP file explorer, or paste there, or even copy (an XP file) there. (Copy/paste entirely in the Win7 compter doesn't hurt the RDP session or the XP computer.)

I upgraded last night the the latest rdpdr.sys file for XP I could access (KB972422, ver. 5.1.2600.5875, 4-SEP-2009). It made no difference. BSOD still says rdpdr.sys is the culprit (though some of the parameter addresses are different.)

I don't know if this is relevant/helpful: I am running the updated ver. 7 RDP client on XP (kb969084). I have not enabled the CredSSP, however (kb951608), but RDP to Win7 works fine. (Win7 is running RDP ver. 87, I think [no "quality of connection" icon in connect bar]). When I made the two registry changes to enable CredSSP, the look of connection changed (got an immediate dialog asking for username/password, instead of "connecting to Win7..."), and authentication failed with a message saying that protocol wasn't enabled. So I backed out the CredSSP changes, and it and rebooted, RDP to Win7 still works fine again. Maybe these just means Win7 computer isn't running CredSSP either?

In other words, I'm running the latest, correctly installed RDP client on XP, and it works to connect to Win7. But, connection from Win7 to XP still causes BSOD on copy/paste.

m
0
l
April 21, 2013 11:08:38 AM

It could be worth a shot at removing the password from the XP system, restarting and trying once more. I'm just stuck on the way W7 expects to see passwords in all other networked systems and how that could interfere with the RDP's usual procedure.
m
0
l
April 21, 2013 5:06:45 PM

I can certainly try that. Maybe it will work (though I'm doubtful...hope my doubts don't ensure it doesn't work!
;) ). But if that change works, it will need to be durable, once I turn the password back on.

Is there any way to debug the problem? I've looked at minidumps, which point to rdpdr.sys. What if I do a full dump, and run it through the [a] debugger? Will that pinpoint what's going wrong? If yes, what debugging program would I need?
m
0
l
April 21, 2013 9:26:46 PM

I disabled the C-A-D logon sequence, set password length to zero, and deleted the password for one user (regular user, and also in Remote Desktop User group). I could not log in via RDP from Win7. Says password is required. (I had tested it directly on the XP box, and it worked *without* password). So, I'm not sure how to really test your suggestion.

I also tried supplying Win7 the user/passwd in the RDP dialog (i.e., keep the passwd stored on Win7). RDP login was instantaneous (no asking for passwd) --- and it gave the BSOD upon clicking a Win7 drive in the XP file explorer.

Any other ideas? Debugging suggestions?
m
0
l
April 21, 2013 11:19:06 PM

I agree with Saga Lout.

I feel I would have to sit down and have a personally have a conversation with this trouble machine.

Strange issue and it sounds hardware related. I really don't have a clue how hardware could conflict this single operation but at the same time we didn't test for everything possible.

Perhaps trying a different install media freshly downloaded will install non-corrupted system files.

Very odd but if you can try a different network adapter even maybe that is the issue.

As strange as it is I have had weird issues like that.

Last week a power outage occurred at work.

Switch A was hooked up to a surge protector

Switch B was NOT hooked up to a surge protector

Switch A was damaged and required RMA (Diagnosed by vendor tech)

Switch B survived and is working strong even under stress test.

We live in a cruel world where people do mean things to people without reason.

Computers seem to follow the same logic some times even though I try so hard to tell myself each issue is logical - it isn't always logical.
m
0
l
April 22, 2013 6:55:19 AM

Three things make me think it's not hardware: 1. It used to work just fine (I know, the hardware could have *just* failed...). 2. RDP works *in every respect* in the XP_client-to-Win7_server direction. 3. RDP works in every respect *except for copy/paste operations* in the Win7_client-to-XP_server direction.

> corrupted system files
I ran sfc: it reported no issues. I don't have any other XP media.

One other thing...which does make me wonder:

As I did the complete wipe/reinstall, at some point (I'm kicking myself for not properly noting it down), RDP (Win7 client, XP server) into the freshly installed XP worked, *with copy/paste*. I tried it a few times, copied files back & forth. Fine. So, I proceeded to rebuild the rest of my computer (copy user files back on, install s/w, etc). The "some point" was quite early on in this process: I think it was either after the initial XP_SP2 (from CDROM), or after applying the SP3 upgrade, or installing the nVidia motherboard drivers (without which I had not networking), or after installing AVAST, or after the ~130 MS updates (including IE8). Things were done in that order. I probably tested it as soon as I had network, i.e. before the MS updates, possibly before AVAST installation. (*Before* any of this went wrong (i.e., my old XPSP3 install from 2 years ago up until 2 weeks ago), I was at the current update level, with AVAST.)

Is it possible that there is something new in AVAST that is causing the trouble? Less likely, that one of the MS updates is the culprit? I guess I could uninstall AVAST and quickly test whether that makes a difference.
m
0
l
April 22, 2013 8:49:27 AM

Sorry to have to give up on this one but this is my absolute final and totally last shot - is the amount you're trying to paste overly large in relation to the RAM in the XP box? Will it succeed in a simple, say, two lines of text, paste operation?
m
0
l
April 22, 2013 9:18:26 AM

No, even a few bytes will do it.

The other (actually, *extremely* irritating) possibility that I'm pursuing is that the Win7 computer (which is my work laptop) has had it's group policies altered in such a way as to cause the the XP BSOD. Apparently, our systems engineers, recently implemented a group policy change to disable copy/paste on remote sessions (including intra-company Win7-Win7 or Linux-Win7 RDP's), which they then quickly backed-out, after the resulting furor (as you can well imagine). They thought they could disable mapping of network drives through RDP and keep copy/paste, but MS confirmed that that is not the case: you get neither, or you get both.

SO, supposedly, my Win7 laptop is back to its original behavior (the group policy changes, and reversions, are pushed out every time I VPN connect, i.e. daily). BUT, what if somehow my laptop didn't get the reversion...

Even if this scenario is what's happening, it's unclear to me why RDP should work in the opposite direction (*with* copy/paste working!), or why if the group policy in the Win7_client-XP_server RDP direction is being violated, it should cause a BSOD instead of simply doing nothing, or giving an error message along the lines of "Group policy doesn't allow you to do that"

I'll update as I learn more from our Systems folks...
m
0
l
May 2, 2013 3:57:59 AM

Hello.

I have the same problem with RDP. Did you find the cause of the problem?
m
0
l
May 2, 2013 6:32:14 AM

No, still working on it (unfortunately). What are your system configurations (RDP client, and RDP server)?
m
0
l
May 2, 2013 7:32:08 AM

I found the couse: avast! Free Antivirus. I uninstalled it and RDP is working fine now in both directions.
m
0
l
May 2, 2013 8:44:58 AM

Did you also have the BSOD problem only in one direction, and only upon attempted copy/paste (i.e., did your RDP session establish OK)?

I'll try disabling AVAST. If it is AVAST, however, there should be a way to configure it to not cause the problem... My problem started suddenly, about 4 weeks ago. I guess it is possible that there was an updated AVAST program/engine/virus definition at that time that suddenly recognized RDP as "bad".
m
0
l
May 2, 2013 9:43:03 AM

I am the least expert on these matters so I'm just asking, aren't you supposed to have the RDP on the Windows 7 to enable the copy/paste from XP to Windows 7?

Usually, a normal copy /paste from XP to Windows 7 (as long as you boot to Windows 7 first), you don't need any special software but you got all those protocols in place, I think you need to instal the RDP on the Windows 7 OS (as well) .
m
0
l
May 2, 2013 11:07:30 AM

TenPc said:
aren't you supposed to have the RDP on the Windows 7 to enable the copy/paste from XP to Windows 7?

Usually, a normal copy /paste from XP to Windows 7 (as long as you boot to Windows 7 first), you don't need any special software but you got all those protocols in place, I think you need to instal the RDP on the Windows 7 OS (as well) .


I don't understand your question. It's two separate computers, not a dual boot. One runs XP, the other runs Win7. Either computer should be able to serve as RDP client (and the other as RDP server), and copy from one, paste on the other, should work in either direction, regardless of which computer is server or client.

But maybe that's not what you're asking?


m
0
l
May 2, 2013 11:22:00 AM

Yes, two different computers but if you are on the Windows 7 Pc then copy and paste from the XP PC then you'd need the RDP to be the Windows 7 host.

As I said, I'm least expert, I used to do this type of thing 15 years ago but through a network cable, with both PC's in the same room, so my memory of it is a bit faded.

Last ditch effort -
You might want to try to "Allow" all users on both PC's. When I was transferring data from XP to Windows 7 Pc through a usb to usb cable (can't think of the actual name for it), I had to allow ALL users to Target drive on one drive and Allow all users on the Source hdd otherwise it would not work. It's the Permissions that stops it from happening.
m
0
l
May 2, 2013 11:27:20 AM

According to Wiki - "Microsoft provides the client required for connecting to newer RDP versions for downlevel operating systems. Since the server improvements are not available downlevel, the features introduced with each newer RDP version only work on downlevel operating systems when connecting to a higher version RDP server from these older operating systems, and not when using the RDP server in the older operating system."
-http://en.wikipedia.org/wiki/Remote_Desktop_Protocol
m
0
l
May 2, 2013 12:34:02 PM

borhani said:
Did you also have the BSOD problem only in one direction, and only upon attempted copy/paste (i.e., did your RDP session establish OK)?
Yes.

borhani said:
If it is AVAST, however, there should be a way to configure it to not cause the problem... I guess it is possible that there was an updated AVAST program/engine/virus definition at that time that suddenly recognized RDP as "bad".
Maybe, but I haven't time for it. I installed AVG AntiVirus Free Edition 2013 which doesn't have such problem.

m
0
l
May 2, 2013 12:57:07 PM

[/quotemsg]Maybe, but I haven't time for it. I installed AVG AntiVirus Free Edition 2013 which doesn't have such problem.[/quotemsg]

Funny, I switched from AVG to Avast about 16 months ago, because AVG was a huge cpu hog, and I have found Avast to be much leaner and faster. I'll also check on the Avast web forums for this issue cropping up.
m
0
l
May 2, 2013 10:22:01 PM

TenPC said "When I was transferring data from XP to Windows 7 Pc through a usb to usb cable (can't think of the actual name for it)"

A sort of ad hoc network, I think. It would be interesting to see if borhani could set one up for experimental purposes to see if it still kills XP, only with an ethernet cable and not not SB - cutting out the router/switch or whatever in between.
m
0
l
May 3, 2013 12:28:06 AM

Just taking a different tack and something to ponder -

You said "RDP has worked fine, for 2 years, until today. RDP connection went BSOD { STOP 0x0000007E (0xC0000005, 0x00000000, 0xAE0531A8, 0xAE052EA4) } on trying to paste a file, copied on Win 7 computer, into Win XP file explorer. Had done about 2 hours of work in same RDP session before this happened, without issue."

Considering that the past two years have been trouble free, we all assume that you have done "transactions" both ways to and from the target and source on either PC

"Had done about 2 hours of work "
How much work?
How much data?
Could it be some sort of mass volume?
Were past actions the same type of volume for the same or more time frame?
Is the target folder in the C: directory or in a partition of the OS drive or elsewhere?
Maybe somewhere different than otherwise taken at other times?
In the same folder as other previous files?
I think XP has a volume maximum for each of the fiolders, you should try a different target folder.
Could the XP hdd be at fault?

Things to try - CHKDSK /F for both PC's

Shut down both PC's for a minute then boot up the Windows 7 PC to desktop then boot up the XP PC to desktop and try the action again.
m
0
l
May 3, 2013 1:44:53 AM

Or maybe a Windows Update crept in that day.
m
0
l
May 3, 2013 6:08:20 AM

TenPc said:

"Had done about 2 hours of work "
How much work?
How much data?

etc...

I don't think any of this is relevant.

    2 hours of very light web browsing (to check info on, of all things, torques for wheel lug nuts...I was changing from snow tires to regular tires!)
    C: drive
    Copied a trivial file (~2 kB text file)
    Same type/volume of past actions


I think it's Avast (or, as Saga Lout suggests, possibly a Windows update). I'm going to try turning off (or uninstalling, if needed) Avast this weekend, and if that fixes it, at least the source of the problem will be identified.


m
0
l
May 4, 2013 3:06:42 PM

Re-confirmed problem (for the millionth time): local copy/paste while RDP'd into the XP server works OK; copy or other access to the RDP client shared drive causes BSOD for XP box.

Rebooted. Stopped AVAST (shut down all shields, stopped Avast service). Avast UI (and I guess some very low-level hook) is still running. BSOD on copy from RDP client.

Rebooted. COMPLETELY uninstalled AVAST antivirus & rebooted; confirmed that uninstallation was complete.
==> Now, can RDP in to XP and copy/paste anything, in both directions! <==

AVAST antivirus is the problem!

I have posted on the Avast forum: http://forum.avast.com/index.php?topic=123144.0. Someone else had the very same problem, with Win Server 2003; Avast says that Microsoft has claimed the problem as theirs: http://support.microsoft.com/kb/960652. The only problem is that the rdpdr.sys updates in the KB article are for Win Server 2003, not for Win XP, as far as I can tell.

Ideas?
Thanks
m
0
l
May 4, 2013 3:39:00 PM

Well, it seems that you have done something different than in the past two years, you installed Avast Anti Virus!
m
0
l
May 4, 2013 5:10:22 PM

TenPc said:
Well, it seems that you have done something different than in the past two years, you installed Avast Anti Virus!

The obvious conclusion, I will admit...but alas, not true. I wish it were simply that! I have been running for the past ~16 months with Avast.

But, it is possible, and I suspect is the most likely explanation, that something changed in Avast (engine/virus update) which brought the problem on early in April 2013. Let me see what the Avast folks have to suggest (before I switch to some other antivirus program).
m
0
l
May 4, 2013 10:49:28 PM

Avast will blame Microsoft, of course. It is worth noting that XP and Server 2003 are extremely close cousins if not brothers. Turning off the resident shield for a day is better than uninstalling completely.
m
0
l
May 5, 2013 7:17:48 AM

If your Avast was out of date then that might have caused the issue as nearly, if not all, anti-virus program either trial version or past their license date, seem to give everyone headaches of some sort. Perhaps you had not renewed Avast within the allotted time frame and it got annoyed with you.

You don't hapen to have any other programs that are trial versions past their use by date, by chance?
m
0
l
May 5, 2013 11:00:32 AM

Avast up-to-date. Non-trial, free version. Plus, completely wiped, and then reinstalled, Avast. No other trial versions present AFAIK. Ill try the Avast aswClear.exe, to really be sure, and also some uninstallers from Singular Labs http://singularlabs.com/uninstallers/security-software/
m
3
l

Best solution

May 17, 2013 1:00:33 PM

PROBLEM SOLVED! See this Avast! forum page.

Bottom Line, it's both Avast! and Windows (XP). Petr at Avast! wrote:
we change one part in filesystem driver which queries for file paths. Unfortunately, in RDP session (under XP/2003) it can lead to BSOD if you mapped harddisk drives and you access them. This bug is in XP and it was fixed in Vista+. I would suggest you to apply that KB fix (http://support.microsoft.com/kb/960652). It should work on XP as well (please confirm it, so we can use it as official answer until we release new program version).

As noted before, that KB refers only to Win Server 2003. For the 64-bit OS, apparently that is identical to 64-bit XP; for 32-bit XP...well, it turns out that it works. Some serious MS wonkiness getting the Server 2003 rdpdr.sys patch to actually work under XP, as it's "for the wrong operating system" (i.e. XP will not install the patch).

Petr posted download links for rdpdr.sys:
x86: http://public.avast.com/~kurtin/patches/rdpdr/x86/SP2QFE/rdpdr.sys
x64: http://public.avast.com/~kurtin/patches/rdpdr/x64/SP2QFE/rdpdr.sys

Then the fun began:
I had to disable the Windows System File Protector, setting it to ignore (only) rdpdr.sys, so that I could slip in the Win 2003 Server version of rdpdr.sys that Petr supplied. Instructions on how to do this are here: http://bitsum.com/aboutwfp.asp Skip right to:
Mod Method 5: Disable WFP permanently for specific files via patching the protected file list
More simple than patching executable code is simply patching the list of files contained in SFCFILES.DLL. First, copy
SFCFILES.DLL to a temporary file. Using a hex editor (i.e. UltraEdit), search for files to disable protection on inside
the temporary file. Once found, replacing the first character of the file name with 0 (that is: value 0 NOT ascii '0'
character). After completing the modifications, correct the checksum using our PEChkSum utility and set the temporary
file to replace the original at boot-time using our MoveLatr utility. Reboot the computer to finish the process.I used HxD to edit C:\WINDOWS\system32\SFCFILES.DLL; there were ~5 instances of "r◊d◊p◊d◊r◊.◊s◊y◊s" ("◊" = null, hex 0x0). I changed them all to "◊◊d◊p◊d◊r◊.◊s◊y◊s"; fixed the checksum (Chksum.exe sfcfiles.bak); set up the file replacement (MoveLatr.exe sfcfiles.bak sfcfiles.dll); and rebooted. Worked fine (as evidenced by a quick peek at the new SFCFILES.DLL).
The needed utilities Jeremy Collake mentions are here: http://bitsum.com/other/ WORKED LIKE A CHARM (Thanks Jeremy!)

THEN, I was able to copy the new rdpdr.sys (having saved a copy of the old one!) to C:\WINDOWS\system32\drivers & :\WINDOWS\system32\dllcache (for good measure), without the WinXP WFP "nanny" replacing the file!!

Tested RDP from Win7 client to the now-stably-modified WinXP sever: it worked fine;

Reinstalled Avast! (ver. 8, free version). OK

And the Acid Test: RDP from Win7 into WinXP --- with Avast! running --- IT WORKED! copy/paste, with drives mapped, worked in both directions.

Share
May 17, 2013 10:31:30 PM

All your hard work and research earns you the right to the Best Answer in your own thread - a rarity in itself. :D  Well done, borhani - that fix is a keeper.
m
0
l
May 18, 2013 9:13:37 AM

;)  Couldn't have done it without the help of all!
m
0
l
!