From 0d299585609b13f1cf43939199431e9207c8fd13 Mon Sep 17 00:00:00 2001 From: zeffy Date: Tue, 20 Jun 2017 03:48:43 -0700 Subject: [PATCH] new *dbgprintf macros that have fname(line): prefix --- wufuc/core.c | 5 ++--- wufuc/rundll32.c | 2 +- wufuc/util.c | 4 ++-- wufuc/util.h | 13 +++++++++++-- 4 files changed, 16 insertions(+), 8 deletions(-) diff --git a/wufuc/core.c b/wufuc/core.c index e1d061a..d3a323b 100644 --- a/wufuc/core.c +++ b/wufuc/core.c @@ -111,13 +111,12 @@ BOOL PatchWUAgentHMODULE(HMODULE hModule) { if (*lpbFirstRun) { *lpbFirstRun = FALSE; - _tdbgprintf(_T("Changed first run to FALSE. (%p=%08x)"), lpbFirstRun, *lpbFirstRun); + _tdbgprintf(_T("Unset first run var. (%p=%08x)"), lpbFirstRun, *lpbFirstRun); result = TRUE; } if (!*lpbIsCPUSupportedResult) { *lpbIsCPUSupportedResult = TRUE; - _tdbgprintf(_T("Changed cached result to TRUE. (%p=%08x)."), - lpbIsCPUSupportedResult, *lpbIsCPUSupportedResult); + _tdbgprintf(_T("Set cached result. (%p=%08x)"), lpbIsCPUSupportedResult, *lpbIsCPUSupportedResult); result = TRUE; } return result; diff --git a/wufuc/rundll32.c b/wufuc/rundll32.c index a69e7ee..d080900 100644 --- a/wufuc/rundll32.c +++ b/wufuc/rundll32.c @@ -51,7 +51,7 @@ void CALLBACK Rundll32Entry(HWND hwnd, HINSTANCE hinst, LPSTR lpszCmdLine, int n } } while (Module32Next(hSnap, &me)); - HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)GetProcAddress(me.hModule, _CRT_STRINGIZE(LoadLibrary)), lpBaseAddress, 0, NULL); + HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)GetProcAddress(me.hModule, STRINGIZE(LoadLibrary)), lpBaseAddress, 0, NULL); CloseHandle(hThread); } CloseHandle(hSnap); diff --git a/wufuc/util.c b/wufuc/util.c index 135bcf5..c2b227e 100644 --- a/wufuc/util.c +++ b/wufuc/util.c @@ -96,7 +96,7 @@ BOOL IsOperatingSystemSupported(LPBOOL lpbIsWindows7, LPBOOL lpbIsWindows8Point1 #endif } -VOID _wdbgprintf(LPCWSTR format, ...) { +VOID wdbgprintf(LPCWSTR format, ...) { WCHAR buffer[0x1000]; va_list argptr; va_start(argptr, format); @@ -105,7 +105,7 @@ VOID _wdbgprintf(LPCWSTR format, ...) { OutputDebugStringW(buffer); } -VOID _dbgprintf(LPCSTR format, ...) { +VOID dbgprintf(LPCSTR format, ...) { CHAR buffer[0x1000]; va_list argptr; va_start(argptr, format); diff --git a/wufuc/util.h b/wufuc/util.h index 4124b40..076e047 100644 --- a/wufuc/util.h +++ b/wufuc/util.h @@ -12,8 +12,8 @@ VOID ResumeAndCloseThreads(HANDLE *lphThreads, SIZE_T dwSize); BOOL CompareWindowsVersion(BYTE Operator, DWORD dwMajorVersion, DWORD dwMinorVersion, WORD wServicePackMajor, WORD wServicePackMinor, DWORD dwTypeMask); BOOL IsOperatingSystemSupported(LPBOOL lpbIsWindows7, LPBOOL lpbIsWindows8Point1); -VOID _wdbgprintf(LPCWSTR format, ...); -VOID _dbgprintf(LPCSTR format, ...); +VOID wdbgprintf(LPCWSTR format, ...); +VOID dbgprintf(LPCSTR format, ...); #define DETOUR_IAT(x, y) \ LPVOID _LPORIGINAL##y; \ @@ -21,6 +21,15 @@ VOID _dbgprintf(LPCSTR format, ...); #define RESTORE_IAT(x, y) \ DetourIAT(x, #y, NULL, _LPORIGINAL##y) +#define STRINGIZEW_(x) L#x +#define STRINGIZEW(x) STRINGIZEW_(x) +#define __LINEWSTR__ STRINGIZEW(__LINE__) +#define _wdbgprintf(format, ...) wdbgprintf(__FILEW__ L"(" __LINEWSTR__ L"): " format, ##__VA_ARGS__) + +#define STRINGIZE_(x) #x +#define STRINGIZE(x) STRINGIZE_(x) +#define __LINESTR__ STRINGIZE(__LINE__) +#define _dbgprintf(format, ...) dbgprintf(__FILE__ "(" __LINESTR__ "): " format, ##__VA_ARGS__) #ifdef UNICODE #define _tdbgprintf _wdbgprintf #else