Vichingo455/wufuc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' into master

Browse Source
This commit is contained in:
zeffy
2017-08-22 23:09:56 -07:00
committed by GitHub
parent 879aa92338 5f0db013f4
commit 1570f910f1
35 changed files with 621 additions and 574 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
CONTRIBUTING.de-DE.md
View File

@@ -1,6 +1,6 @@
# Richtlinien für die Fehlermeldung # Richtlinien für die Fehlermeldung
[English](CONTRIBUTING.md) | [русский](CONTRIBUTING.ru-RU.md) | [Français](CONTRIBUTING.fr-FR.md) | **Deutsch** | [Magyar](CONTRIBUTING.hu-HU.md) | [Portuguese (Brazil)](CONTRIBUTING.pt-BR.md) [English](../CONTRIBUTING.md) | [русский](CONTRIBUTING.ru-RU.md) | [Français](CONTRIBUTING.fr-FR.md) | **Deutsch** | [Magyar](CONTRIBUTING.hu-HU.md) | [Portuguese (Brazil)](CONTRIBUTING.pt-BR.md)
## Fehler melden [![](https://isitmaintained.com/badge/resolution/zeffy/wufuc.svg)](https://isitmaintained.com/project/zeffy/wufuc) ## Fehler melden [![](https://isitmaintained.com/badge/resolution/zeffy/wufuc.svg)](https://isitmaintained.com/project/zeffy/wufuc)

2
CONTRIBUTING.md
View File

@@ -1,6 +1,6 @@
# Contributing guidelines # Contributing guidelines
**English** | [русский](CONTRIBUTING.ru-RU.md) | [Français](CONTRIBUTING.fr-FR.md) | [Deutsch](CONTRIBUTING.de-DE.md) | [Magyar](CONTRIBUTING.de-HU.md) | [Portuguese (Brazil)](CONTRIBUTING.pt-BR.md) **English** | [русский](translations/CONTRIBUTING.ru-RU.md) | [Français](translations/CONTRIBUTING.fr-FR.md) | [Deutsch](translations/CONTRIBUTING.de-DE.md) | [Magyar](translations/CONTRIBUTING.hu-HU.md) | [Portuguese (Brazil)](translations/CONTRIBUTING.pt-BR.md)
## Reporting an issue [![](https://isitmaintained.com/badge/resolution/zeffy/wufuc.svg)](https://isitmaintained.com/project/zeffy/wufuc) ## Reporting an issue [![](https://isitmaintained.com/badge/resolution/zeffy/wufuc.svg)](https://isitmaintained.com/project/zeffy/wufuc)

2
README.md
View File

@@ -1,6 +1,6 @@
# wufuc [![](https://ci.appveyor.com/api/projects/status/0s2unkpokttyslf0?svg=true)](https://ci.appveyor.com/project/zeffy/wufuc) # wufuc [![](https://ci.appveyor.com/api/projects/status/0s2unkpokttyslf0?svg=true)](https://ci.appveyor.com/project/zeffy/wufuc)
**English** | [русский](README.ru-RU.md) | [Français](README.fr-FR.md) | [Deutsch](README.de-DE.md) | [Magyar](README.hu-HU.md) | [Portuguese (Brazil)](README.pt-BR.md) **English** | [русский](translations/README.ru-RU.md) | [Français](translations/README.fr-FR.md) | [Deutsch](translations/README.de-DE.md) | [Magyar](translations/README.hu-HU.md) | [Portuguese (Brazil)](translations/README.pt-BR.md)
[![Click here to lend your support to wufuc and make a donation at pledgie.com !](https://pledgie.com/campaigns/34055.png)](https://pledgie.com/campaigns/34055) <a href='https://gratipay.com/wufuc/'><img height=37 alt='Click here to tip wufuc on Gratipay!' src='https://cdn.rawgit.com/zeffy/gratipay-badge/master/dist/gratipay.svg' /></a> [![Click here to lend your support to wufuc and make a donation at pledgie.com !](https://pledgie.com/campaigns/34055.png)](https://pledgie.com/campaigns/34055) <a href='https://gratipay.com/wufuc/'><img height=37 alt='Click here to tip wufuc on Gratipay!' src='https://cdn.rawgit.com/zeffy/gratipay-badge/master/dist/gratipay.svg' /></a>

2
appveyor.yml
View File

@@ -1,4 +1,4 @@
version: 0.7.1.{build} version: 0.7.2.{build}
skip_commits: skip_commits:
files: files:
- README.md - README.md

34
docs/Patch_Offsets.md
View File

@@ -1,34 +0,0 @@
## Windows 7
Hotfix ID | Architecture | wuaueng.dll version | File offset | Original value | Patched value
--------- | ------------ | ------------------- | ----------- | -------------- | -------------
[KB4012218] | x64 | 7.6.7601.23714 | `0x26C948` | `0x01` | `0x00`
[KB4012218] | x86 | 7.6.7601.23714 | `0x1E4638` | `0x01` | `0x00`
[KB4015546], [KB4015549], [KB4015552], [KB4019264] | x64 | 7.6.7601.23735 | `0x26C948` | `0x01` | `0x00`
[KB4015546], [KB4015549], [KB4015552], [KB4019264] | x86 | 7.6.7601.23735 | `0x1E4838` | `0x01` | `0x00`
[KB4019265] | x64 | 7.6.7601.23775 | `0x26C948` | `0x01` | `0x00`
[KB4019265] | x86 | 7.6.7601.23775 | `0x1E4838` | `0x01` | `0x00`
## Windows 8.1
Hotfix ID | Architecture | wuaueng.dll version | File offset | Original value | Patched value
--------- | ------------ | ------------------- | ----------- | -------------- | -------------
[KB4012219] | x64 | 7.9.9600.18621 | `0x34D3BC` | `0x01` | `0x00`
[KB4012219] | x86 | 7.9.9600.18621 | `0x2BFA50` | `0x01` | `0x00`
[KB4015547], [KB4015550], [KB4015553], [KB4019215], [KB4019217] | x64 | 7.9.9600.18628 | `0x34D5BC` | `0x01` | `0x00`
[KB4015547], [KB4015550], [KB4015553], [KB4019215], [KB4019217] | x86 | 7.9.9600.18628 | `0x2BFA50` | `0x01` | `0x00`
[KB4012218]: https://www.catalog.update.microsoft.com/search.aspx?q=KB4012218
[KB4015546]: https://www.catalog.update.microsoft.com/search.aspx?q=KB4015546
[KB4015549]: https://www.catalog.update.microsoft.com/search.aspx?q=KB4015549
[KB4015552]: https://www.catalog.update.microsoft.com/search.aspx?q=KB4015552
[KB4019264]: https://www.catalog.update.microsoft.com/search.aspx?q=KB4019264
[KB4019265]: https://www.catalog.update.microsoft.com/search.aspx?q=KB4019265
[KB4012219]: https://www.catalog.update.microsoft.com/search.aspx?q=kb4012219
[KB4015547]: https://www.catalog.update.microsoft.com/search.aspx?q=KB4015547
[KB4015550]: https://www.catalog.update.microsoft.com/search.aspx?q=KB4015550
[KB4015553]: https://www.catalog.update.microsoft.com/search.aspx?q=KB4015553
[KB4019215]: https://www.catalog.update.microsoft.com/search.aspx?q=KB4019215
[KB4019217]: https://www.catalog.update.microsoft.com/search.aspx?q=KB4019217

10
setup-ai/wufuc.aip
View File

@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<DOCUMENT Type="Advanced Installer" CreateVersion="14.1.1" version="14.1.1" Modules="enterprise" RootPath="." Language="en" Id="{6DF9A5D1-044E-44C4-9CC3-E4E93457870A}"> <DOCUMENT Type="Advanced Installer" CreateVersion="14.1.1" version="14.2" Modules="enterprise" RootPath="." Language="en" Id="{6DF9A5D1-044E-44C4-9CC3-E4E93457870A}">
<COMPONENT cid="caphyon.advinst.msicomp.ProjectOptionsComponent"> <COMPONENT cid="caphyon.advinst.msicomp.ProjectOptionsComponent">
<ROW Name="HiddenItems" Value="AppXProductDetailsComponent;AppXDependenciesComponent;AppXAppDetailsComponent;AppXVisualAssetsComponent;AppXCapabilitiesComponent;AppXAppDeclarationsComponent;AppXUriRulesComponent;SccmComponent;ActSyncAppComponent"/> <ROW Name="HiddenItems" Value="AppXProductDetailsComponent;AppXDependenciesComponent;AppXAppDetailsComponent;AppXVisualAssetsComponent;AppXCapabilitiesComponent;AppXAppDeclarationsComponent;AppXUriRulesComponent;SccmComponent;ActSyncAppComponent"/>
</COMPONENT> </COMPONENT>
@@ -17,10 +17,10 @@
<ROW Property="ARPURLINFOABOUT" Value="https://github.com/zeffy/wufuc"/> <ROW Property="ARPURLINFOABOUT" Value="https://github.com/zeffy/wufuc"/>
<ROW Property="ARPURLUPDATEINFO" Value="https://github.com/zeffy/wufuc/releases"/> <ROW Property="ARPURLUPDATEINFO" Value="https://github.com/zeffy/wufuc/releases"/>
<ROW Property="Manufacturer" Value="zeffy"/> <ROW Property="Manufacturer" Value="zeffy"/>
<ROW Property="ProductCode" Value="1028:{2F696F74-0FD5-49E1-BEEC-A4256F6D7404} 1030:{3FBD2666-E954-4454-A990-1CC5C25CFFF1} 1031:{FF3A4C63-3A23-4359-B610-AC0812354D10} 1033:{AF23CE93-4FB0-4A8A-A8D6-7A97151BCC14} 1035:{F30F6F66-23A0-44C3-B7B0-78DB57D5A145} 1036:{1E1ACBB4-A907-41FF-9B27-372858AC4D67} 1038:{9F8DD843-9947-4D65-BC4D-7395EF5C21AF} 1040:{48F029CE-132A-45AD-909B-2C86F65025F3} 1041:{14A85935-DA96-487B-9342-93D4A7439D82} 1042:{5605ABFB-127F-466B-902C-31808B2D68BA} 1043:{28BBE85D-1EBA-49BE-9EFA-C4F68572620D} 1045:{B0F63DCC-ACCC-4C45-B666-9322A68A2426} 1046:{68AD7740-E0F0-42B7-91D8-7C572CE32A68} 1049:{BEFE9FBB-D099-40C0-A990-3BA2E749A4AD} 1060:{405A42D2-178A-420F-8E06-A0A17EF926BE} 2052:{A381193A-4291-4D29-9FE2-6364D999B8AE} 3082:{8F760ACC-7186-4A5E-BE22-1AE1801ACBFD} " Type="16"/> <ROW Property="ProductCode" Value="1028:{375EEFF0-5E5A-442E-9F6E-BEEBE3E8ECF9} 1030:{E230204D-CE8F-41E1-A4DB-C4207D93F885} 1031:{FCA8704C-D5A0-4D3D-8397-025D19DDAEBD} 1033:{689BF70E-4EB8-4214-8DD9-FADD6C8C985A} 1035:{E61C5090-D156-4AEB-8A5A-D64C4E0CCDF2} 1036:{E81BF4E2-06A5-4E0F-9CFC-B5FD9801D26D} 1038:{E64712EE-46A4-4288-A691-6FF577879C6A} 1040:{0A7AD69F-0738-472F-B123-4A85D96A645B} 1041:{4A754EE6-CEDC-4EB3-BB51-059852714F83} 1042:{AE3758C2-C229-44E3-BDB9-0EDAF467BCFA} 1043:{4D7C4256-58FA-431C-9915-7C8044D95F66} 1045:{41D27F42-A6E8-4A57-8467-CE6F61535741} 1046:{B4A1DEB5-BC54-44F3-9108-2C7EF60DB651} 1049:{F976B57F-4FAC-4BF1-A09B-CA4590FC65D0} 1060:{4E27F130-256F-41B0-9FE5-8DEF1A553773} 2052:{010DEDF4-F79D-45F6-B747-D1473531B13A} 3082:{EF04B4CE-48FD-4409-A855-437835A2E31F} " Type="16"/>
<ROW Property="ProductLanguage" Value="1033"/> <ROW Property="ProductLanguage" Value="1033"/>
<ROW Property="ProductName" Value="wufuc"/> <ROW Property="ProductName" Value="wufuc"/>
<ROW Property="ProductVersion" Value="0.7.1.81" Type="32" TargetFile="wufuc.dll"/> <ROW Property="ProductVersion" Value="0.7.2.0" Type="32" TargetFile="wufuc.dll"/>
<ROW Property="SecureCustomProperties" Value="OLDPRODUCTS;AI_NEWERPRODUCTFOUND"/> <ROW Property="SecureCustomProperties" Value="OLDPRODUCTS;AI_NEWERPRODUCTFOUND"/>
<ROW Property="SysnativeFolder" Value=" "/> <ROW Property="SysnativeFolder" Value=" "/>
<ROW Property="UpgradeCode" Value="{4C52972C-251E-4D1B-AD09-EAA765719DCC}"/> <ROW Property="UpgradeCode" Value="{4C52972C-251E-4D1B-AD09-EAA765719DCC}"/>
@@ -287,8 +287,8 @@
<ROW Condition="( Version9X OR VersionNT64 OR ( VersionNT AND ((VersionNT &lt;&gt; 501) OR (ServicePackLevel &lt;&gt; 3)) AND ((VersionNT &lt;&gt; 502) OR (ServicePackLevel &lt;&gt; 2)) AND ((VersionNT &lt;&gt; 600) OR (MsiNTProductType &lt;&gt; 1)) AND ((VersionNT &lt;&gt; 600) OR (MsiNTProductType = 1)) AND (VersionNT &lt;&gt; 602) AND (VersionNT &lt;&gt; 1000) ) )" Description="[ProductName] cannot be installed on the following Windows versions: [WindowsTypeNTDisplay]." DescriptionLocId="AI.LaunchCondition.NoSpecificNT" IsPredefined="true" Builds="MsiBuild"/> <ROW Condition="( Version9X OR VersionNT64 OR ( VersionNT AND ((VersionNT &lt;&gt; 501) OR (ServicePackLevel &lt;&gt; 3)) AND ((VersionNT &lt;&gt; 502) OR (ServicePackLevel &lt;&gt; 2)) AND ((VersionNT &lt;&gt; 600) OR (MsiNTProductType &lt;&gt; 1)) AND ((VersionNT &lt;&gt; 600) OR (MsiNTProductType = 1)) AND (VersionNT &lt;&gt; 602) AND (VersionNT &lt;&gt; 1000) ) )" Description="[ProductName] cannot be installed on the following Windows versions: [WindowsTypeNTDisplay]." DescriptionLocId="AI.LaunchCondition.NoSpecificNT" IsPredefined="true" Builds="MsiBuild"/>
<ROW Condition="(VersionNT &lt;&gt; 400)" Description="[ProductName] cannot be installed on [WindowsTypeNT40Display]." DescriptionLocId="AI.LaunchCondition.NoNT40" IsPredefined="true" Builds="DefaultBuild;MsiBuild"/> <ROW Condition="(VersionNT &lt;&gt; 400)" Description="[ProductName] cannot be installed on [WindowsTypeNT40Display]." DescriptionLocId="AI.LaunchCondition.NoNT40" IsPredefined="true" Builds="DefaultBuild;MsiBuild"/>
<ROW Condition="(VersionNT &lt;&gt; 500)" Description="[ProductName] cannot be installed on [WindowsTypeNT50Display]." DescriptionLocId="AI.LaunchCondition.NoNT50" IsPredefined="true" Builds="DefaultBuild;MsiBuild"/> <ROW Condition="(VersionNT &lt;&gt; 500)" Description="[ProductName] cannot be installed on [WindowsTypeNT50Display]." DescriptionLocId="AI.LaunchCondition.NoNT50" IsPredefined="true" Builds="DefaultBuild;MsiBuild"/>
<ROW Condition="(VersionNT = 601 AND RESULT_WUAUENG.DLL_WIN7) OR (VersionNT = 603 AND RESULT_WUAUENG.DLL_WIN81)" Description="File [System32Folder]wuaueng.dll is under the minimum supported version." Builds="MsiBuild"/> <ROW Condition="(VersionNT = 601 AND RESULT_WUAUENG.DLL_WIN7) OR (VersionNT = 603 AND RESULT_WUAUENG.DLL_WIN81)" Description="File wuaueng.dll is below the minimum supported version.&#13;&#10;&#13;&#10;You must first run Windows Update until the &quot;Unsupported Hardware&quot; window pops up, then try again." Builds="MsiBuild"/>
<ROW Condition="(VersionNT64 = 601 AND RESULT_WUAUENG.DLL_WIN7) OR (VersionNT64 = 603 AND RESULT_WUAUENG.DLL_WIN81)" Description="File [System32Folder]wuaueng.dll is under the minimum supported version." Builds="DefaultBuild"/> <ROW Condition="(VersionNT64 = 601 AND RESULT_WUAUENG.DLL_WIN7) OR (VersionNT64 = 603 AND RESULT_WUAUENG.DLL_WIN81)" Description="File wuaueng.dll is below the minimum supported version.&#13;&#10;&#13;&#10;You must first run Windows Update until the &quot;Unsupported Hardware&quot; window pops up, then try again." Builds="DefaultBuild"/>
<ROW Condition="(VersionNT64 OR ((VersionNT &lt;&gt; 501) OR (ServicePackLevel = 3))) AND ((VersionNT &lt;&gt; 502) OR (ServicePackLevel = 2))" Description="[ProductName] cannot be installed on [WindowsTypeNT5XDisplay]." DescriptionLocId="AI.LaunchCondition.NoNT5X" IsPredefined="true" Builds="DefaultBuild;MsiBuild"/> <ROW Condition="(VersionNT64 OR ((VersionNT &lt;&gt; 501) OR (ServicePackLevel = 3))) AND ((VersionNT &lt;&gt; 502) OR (ServicePackLevel = 2))" Description="[ProductName] cannot be installed on [WindowsTypeNT5XDisplay]." DescriptionLocId="AI.LaunchCondition.NoNT5X" IsPredefined="true" Builds="DefaultBuild;MsiBuild"/>
<ROW Condition="VersionNT" Description="[ProductName] cannot be installed on [WindowsType9XDisplay]." DescriptionLocId="AI.LaunchCondition.No9X" IsPredefined="true" Builds="DefaultBuild;MsiBuild"/> <ROW Condition="VersionNT" Description="[ProductName] cannot be installed on [WindowsType9XDisplay]." DescriptionLocId="AI.LaunchCondition.No9X" IsPredefined="true" Builds="DefaultBuild;MsiBuild"/>
</COMPONENT> </COMPONENT>

3
setup-batch/install_wufuc.bat
View File

@@ -124,6 +124,9 @@ if errorlevel 1 (
echo. echo.
echo ERROR - Detected that wuaueng.dll is below the minimum supported version. echo ERROR - Detected that wuaueng.dll is below the minimum supported version.
echo. echo.
echo You must first run Windows Update until the "Unsupported Hardware" window
echo pops up, then try again.
echo.
goto :die goto :die
) )
echo Detected supported Windows Update agent version: %Version% echo Detected supported Windows Update agent version: %Version%

2
CONTRIBUTING.fr-FR.md → translations/CONTRIBUTING.fr-FR.md
View File

@@ -1,6 +1,6 @@
# Directives de contribution # Directives de contribution
[English](CONTRIBUTING.md) | [русский](CONTRIBUTING.ru-RU.md) | **Français** | [Deutsch](CONTRIBUTING.de-DE.md) | [Magyar](CONTRIBUTING.hu-HU.md) | [Portuguese (Brazil)](CONTRIBUTING.pt-BR.md) [English](../CONTRIBUTING.md) | [русский](CONTRIBUTING.ru-RU.md) | **Français** | [Deutsch](CONTRIBUTING.de-DE.md) | [Magyar](CONTRIBUTING.hu-HU.md) | [Portuguese (Brazil)](CONTRIBUTING.pt-BR.md)
## Reporter un problème [![](https://isitmaintained.com/badge/resolution/zeffy/wufuc.svg)](https://isitmaintained.com/project/zeffy/wufuc) ## Reporter un problème [![](https://isitmaintained.com/badge/resolution/zeffy/wufuc.svg)](https://isitmaintained.com/project/zeffy/wufuc)

2
CONTRIBUTING.hu-HU.md → translations/CONTRIBUTING.hu-HU.md
View File

@@ -1,6 +1,6 @@
# Hozzájárulási irányelvek # Hozzájárulási irányelvek
[English](CONTRIBUTING.md) | [русский](CONTRIBUTING.ru-RU.md) | [Français](CONTRIBUTING.fr-FR.md) | [Deutsch](CONTRIBUTING.de-DE.md) | **Magyar** | [Portuguese (Brazil)](CONTRIBUTING.pt-BR.md) [English](../CONTRIBUTING.md) | [русский](CONTRIBUTING.ru-RU.md) | [Français](CONTRIBUTING.fr-FR.md) | [Deutsch](CONTRIBUTING.de-DE.md) | **Magyar** | [Portuguese (Brazil)](CONTRIBUTING.pt-BR.md)
## Hiba jelentése [![](https://isitmaintained.com/badge/resolution/zeffy/wufuc.svg)](https://isitmaintained.com/project/zeffy/wufuc) ## Hiba jelentése [![](https://isitmaintained.com/badge/resolution/zeffy/wufuc.svg)](https://isitmaintained.com/project/zeffy/wufuc)

2
CONTRIBUTING.pt-BR.md → translations/CONTRIBUTING.pt-BR.md
View File

@@ -1,6 +1,6 @@
# Contributing guidelines # Contributing guidelines
[English](CONTRIBUTING.md) | [русский](CONTRIBUTING.ru-RU.md) | [Français](CONTRIBUTING.fr-FR.md) | [Deutsch](CONTRIBUTING.de-DE.md) | [Magyar](CONTRIBUTING.de-HU.md) | **Portuguese (Brazil)** [English](../CONTRIBUTING.md) | [русский](CONTRIBUTING.ru-RU.md) | [Français](CONTRIBUTING.fr-FR.md) | [Deutsch](CONTRIBUTING.de-DE.md) | [Magyar](CONTRIBUTING.hu-HU.md) | **Portuguese (Brazil)**
## Reportando problemas [![](https://isitmaintained.com/badge/resolution/zeffy/wufuc.svg)](https://isitmaintained.com/project/zeffy/wufuc) ## Reportando problemas [![](https://isitmaintained.com/badge/resolution/zeffy/wufuc.svg)](https://isitmaintained.com/project/zeffy/wufuc)

2
CONTRIBUTING.ru-RU.md → translations/CONTRIBUTING.ru-RU.md
View File

@@ -1,6 +1,6 @@
# Инструкция для тех, кто желает помочь, внести вклад # Инструкция для тех, кто желает помочь, внести вклад
[English](CONTRIBUTING.md) | **русский** | [Français](CONTRIBUTING.fr-FR.md) | [Deutsch](CONTRIBUTING.de-DE.md) | [Magyar](CONTRIBUTING.de-HU.md) | [Portuguese (Brazil)](CONTRIBUTING.pt-BR.md) [English](../CONTRIBUTING.md) | **русский** | [Français](CONTRIBUTING.fr-FR.md) | [Deutsch](CONTRIBUTING.de-DE.md) | [Magyar](CONTRIBUTING.hu-HU.md) | [Portuguese (Brazil)](CONTRIBUTING.pt-BR.md)
## Сообщайте об ошибках [![](https://isitmaintained.com/badge/resolution/zeffy/wufuc.svg)](https://isitmaintained.com/project/zeffy/wufuc) ## Сообщайте об ошибках [![](https://isitmaintained.com/badge/resolution/zeffy/wufuc.svg)](https://isitmaintained.com/project/zeffy/wufuc)

2
README.de-DE.md → translations/README.de-DE.md
View File

@@ -1,6 +1,6 @@
# wufuc [![](https://ci.appveyor.com/api/projects/status/0s2unkpokttyslf0?svg=true)](https://ci.appveyor.com/project/zeffy/wufuc) # wufuc [![](https://ci.appveyor.com/api/projects/status/0s2unkpokttyslf0?svg=true)](https://ci.appveyor.com/project/zeffy/wufuc)
[English](README.md) | [русский](README.ru-RU.md) | [Français](README.fr-FR.md) | **Deutsch** | [Magyar](README.hu-HU.md) | [Portuguese (Brazil)](README.pt-BR.md) [English](../README.md) | [русский](README.ru-RU.md) | [Français](README.fr-FR.md) | **Deutsch** | [Magyar](README.hu-HU.md) | [Portuguese (Brazil)](README.pt-BR.md)
[![Klicke hier um wufuc zu unterstützen und um eine Spende zu tätigen - auf pledgie.com !](https://pledgie.com/campaigns/34055.png)](https://pledgie.com/campaigns/34055) <a href='https://gratipay.com/wufuc/'><img height=37 alt='Click here to tip wufuc on Gratipay!' src='https://cdn.rawgit.com/zeffy/gratipay-badge/master/dist/gratipay.svg' /></a> [![Klicke hier um wufuc zu unterstützen und um eine Spende zu tätigen - auf pledgie.com !](https://pledgie.com/campaigns/34055.png)](https://pledgie.com/campaigns/34055) <a href='https://gratipay.com/wufuc/'><img height=37 alt='Click here to tip wufuc on Gratipay!' src='https://cdn.rawgit.com/zeffy/gratipay-badge/master/dist/gratipay.svg' /></a>

2
README.fr-FR.md → translations/README.fr-FR.md
View File

@@ -1,6 +1,6 @@
# wufuc [![](https://ci.appveyor.com/api/projects/status/0s2unkpokttyslf0?svg=true)](https://ci.appveyor.com/project/zeffy/wufuc) # wufuc [![](https://ci.appveyor.com/api/projects/status/0s2unkpokttyslf0?svg=true)](https://ci.appveyor.com/project/zeffy/wufuc)
[English](README.md) | [русский](README.ru-RU.md) | **Français** | [Deutsch](README.de-DE.md) | [Magyar](README.hu-HU.md) | [Portuguese (Brazil)](README.pt-BR.md) [English](../README.md) | [русский](README.ru-RU.md) | **Français** | [Deutsch](README.de-DE.md) | [Magyar](README.hu-HU.md) | [Portuguese (Brazil)](README.pt-BR.md)
[![Cliquez ici pour témoigner votre support à wufuc et faire une donation sur pledgie.com !](https://pledgie.com/campaigns/34055.png)](https://pledgie.com/campaigns/34055) <a href='https://gratipay.com/wufuc/'><img height=37 alt='Cliquez pour laisser un pourboire à wufuc sur Gratipay!' src='https://cdn.rawgit.com/zeffy/gratipay-badge/master/dist/gratipay.svg' /></a> [![Cliquez ici pour témoigner votre support à wufuc et faire une donation sur pledgie.com !](https://pledgie.com/campaigns/34055.png)](https://pledgie.com/campaigns/34055) <a href='https://gratipay.com/wufuc/'><img height=37 alt='Cliquez pour laisser un pourboire à wufuc sur Gratipay!' src='https://cdn.rawgit.com/zeffy/gratipay-badge/master/dist/gratipay.svg' /></a>

2
README.hu-HU.md → translations/README.hu-HU.md
View File

@@ -1,6 +1,6 @@
# wufuc [![](https://ci.appveyor.com/api/projects/status/0s2unkpokttyslf0?svg=true)](https://ci.appveyor.com/project/zeffy/wufuc) # wufuc [![](https://ci.appveyor.com/api/projects/status/0s2unkpokttyslf0?svg=true)](https://ci.appveyor.com/project/zeffy/wufuc)
[English](README.md) | [русский](README.ru-RU.md) | [Français](README.fr-FR.md) | [Deutsch](README.de-DE.md) | **Magyar** | [Portuguese (Brazil)](README.pt-BR.md) [English](../README.md) | [русский](README.ru-RU.md) | [Français](README.fr-FR.md) | [Deutsch](README.de-DE.md) | **Magyar** | [Portuguese (Brazil)](README.pt-BR.md)
[![Kattints ide hogy támogassad a wufuc-ot a pledgie.com-on !](https://pledgie.com/campaigns/34055.png)](https://pledgie.com/campaigns/34055) <a href='https://gratipay.com/wufuc/'><img height=37 alt='Click here to tip wufuc on Gratipay!' src='https://cdn.rawgit.com/zeffy/gratipay-badge/master/dist/gratipay.svg' /></a> [![Kattints ide hogy támogassad a wufuc-ot a pledgie.com-on !](https://pledgie.com/campaigns/34055.png)](https://pledgie.com/campaigns/34055) <a href='https://gratipay.com/wufuc/'><img height=37 alt='Click here to tip wufuc on Gratipay!' src='https://cdn.rawgit.com/zeffy/gratipay-badge/master/dist/gratipay.svg' /></a>

2
README.pt-BR.md → translations/README.pt-BR.md
View File

@@ -1,6 +1,6 @@
# wufuc [![](https://ci.appveyor.com/api/projects/status/0s2unkpokttyslf0?svg=true)](https://ci.appveyor.com/project/zeffy/wufuc) # wufuc [![](https://ci.appveyor.com/api/projects/status/0s2unkpokttyslf0?svg=true)](https://ci.appveyor.com/project/zeffy/wufuc)
[English](README.md) | [русский](README.ru-RU.md) | [Français](README.fr-FR.md) | [Deutsch](README.de-DE.md) | [Magyar](README.hu-HU.md) | **Portuguese (Brazil)** [English](../README.md) | [русский](README.ru-RU.md) | [Français](README.fr-FR.md) | [Deutsch](README.de-DE.md) | [Magyar](README.hu-HU.md) | **Portuguese (Brazil)**
[![Click here to lend your support to wufuc and make a donation at pledgie.com !](https://pledgie.com/campaigns/34055.png)](https://pledgie.com/campaigns/34055) <a href='https://gratipay.com/wufuc/'><img height=37 alt='Click here to tip wufuc on Gratipay!' src='https://cdn.rawgit.com/zeffy/gratipay-badge/master/dist/gratipay.svg' /></a> [![Click here to lend your support to wufuc and make a donation at pledgie.com !](https://pledgie.com/campaigns/34055.png)](https://pledgie.com/campaigns/34055) <a href='https://gratipay.com/wufuc/'><img height=37 alt='Click here to tip wufuc on Gratipay!' src='https://cdn.rawgit.com/zeffy/gratipay-badge/master/dist/gratipay.svg' /></a>

2
README.ru-RU.md → translations/README.ru-RU.md
View File

@@ -1,6 +1,6 @@
# wufuc [![](https://ci.appveyor.com/api/projects/status/0s2unkpokttyslf0?svg=true)](https://ci.appveyor.com/project/zeffy/wufuc) # wufuc [![](https://ci.appveyor.com/api/projects/status/0s2unkpokttyslf0?svg=true)](https://ci.appveyor.com/project/zeffy/wufuc)
[English](README.md) | **русский** | [Français](README.fr-FR.md) | [Deutsch](README.de-DE.md) | [Magyar](README.hu-HU.md) | [Portuguese (Brazil)](README.pt-BR.md) [English](../README.md) | **русский** | [Français](README.fr-FR.md) | [Deutsch](README.de-DE.md) | [Magyar](README.hu-HU.md) | [Portuguese (Brazil)](README.pt-BR.md)
[![Нажмите сюда, чтоюы поддержать wufuc пожертвованием на pledgie.com !](https://pledgie.com/campaigns/34055.png)](https://pledgie.com/campaigns/34055) <a href='https://gratipay.com/wufuc/'><img height=37 alt='Click here to tip wufuc on Gratipay!' src='https://cdn.rawgit.com/zeffy/gratipay-badge/master/dist/gratipay.svg' /></a> [![Нажмите сюда, чтоюы поддержать wufuc пожертвованием на pledgie.com !](https://pledgie.com/campaigns/34055.png)](https://pledgie.com/campaigns/34055) <a href='https://gratipay.com/wufuc/'><img height=37 alt='Click here to tip wufuc on Gratipay!' src='https://cdn.rawgit.com/zeffy/gratipay-badge/master/dist/gratipay.svg' /></a>

151
wufuc/core.c
View File

@@ -1,151 +0,0 @@
#include <Windows.h>
#include <stdint.h>
#include <tchar.h>
#include <Psapi.h>
#include <sddl.h>
#include "service.h"
#include "patternfind.h"
#include "util.h"
#include "core.h"
DWORD WINAPI NewThreadProc(LPVOID lpParam) {
SC_HANDLE hSCManager = OpenSCManager(NULL, SERVICES_ACTIVE_DATABASE, SC_MANAGER_CONNECT);
TCHAR lpBinaryPathName[0x8000];
get_svcpath(hSCManager, _T("wuauserv"), lpBinaryPathName, _countof(lpBinaryPathName));
CloseServiceHandle(hSCManager);
BOOL result = _tcsicmp(GetCommandLine(), lpBinaryPathName);
if (result) {
return 0;
}
SECURITY_ATTRIBUTES sa;
ZeroMemory(&sa, sizeof(SECURITY_ATTRIBUTES));
sa.nLength = sizeof(SECURITY_ATTRIBUTES);
ConvertStringSecurityDescriptorToSecurityDescriptor(_T("D:PAI(A;;FA;;;BA)"), SDDL_REVISION_1, &sa.lpSecurityDescriptor, NULL);
sa.bInheritHandle = FALSE;
HANDLE hEvent = CreateEvent(&sa, TRUE, FALSE, _T("Global\\wufuc_UnloadEvent"));
if (!hEvent) {
return 0;
}
DWORD dwProcessId = GetCurrentProcessId();
DWORD dwThreadId = GetCurrentThreadId();
HANDLE lphThreads[0x1000];
SIZE_T cb;
SuspendProcessThreads(dwProcessId, dwThreadId, lphThreads, _countof(lphThreads), &cb);
HMODULE hm = GetModuleHandle(NULL);
DETOUR_IAT(hm, LoadLibraryExA);
DETOUR_IAT(hm, LoadLibraryExW);
HMODULE hwu = GetModuleHandle(get_wuauservdll());
if (hwu && PatchWU(hwu)) {
dwprintf(L"Patched previously loaded Windows Update module!");
}
ResumeAndCloseThreads(lphThreads, cb);
WaitForSingleObject(hEvent, INFINITE);
dwprintf(L"Unloading...");
SuspendProcessThreads(dwProcessId, dwThreadId, lphThreads, _countof(lphThreads), &cb);
RESTORE_IAT(hm, LoadLibraryExA);
RESTORE_IAT(hm, LoadLibraryExW);
ResumeAndCloseThreads(lphThreads, cb);
CloseHandle(hEvent);
dwprintf(L"Bye bye!");
close_log();
FreeLibraryAndExitThread(HINST_THISCOMPONENT, 0);
}
BOOL PatchWU(HMODULE hModule) {
LPSTR pattern;
SIZE_T offset00, offset01;
#ifdef _AMD64_
pattern = "FFF3 4883EC?? 33DB 391D???????? 7508 8B05????????";
offset00 = 10;
offset01 = 18;
#elif defined(_X86_)
if (IsWindows7()) {
pattern = "833D????????00 743E E8???????? A3????????";
offset00 = 2;
offset01 = 15;
} else if (IsWindows8Point1()) {
pattern = "8BFF 51 833D????????00 7507 A1????????";
offset00 = 5;
offset01 = 13;
} else {
return FALSE;
}
#endif
MODULEINFO modinfo;
GetModuleInformation(GetCurrentProcess(), hModule, &modinfo, sizeof(MODULEINFO));
SIZE_T rva = patternfind(modinfo.lpBaseOfDll, modinfo.SizeOfImage, 0, pattern);
if (rva == -1) {
dwprintf(L"No pattern match!");
return FALSE;
}
uintptr_t baseAddress = (uintptr_t)modinfo.lpBaseOfDll;
uintptr_t lpfnIsDeviceServiceable = baseAddress + rva;
dwprintf(L"Address of wuaueng.dll!IsDeviceServiceable: %p", lpfnIsDeviceServiceable);
BOOL result = FALSE;
LPBOOL lpbFirstRun, lpbIsCPUSupportedResult;
#ifdef _AMD64_
lpbFirstRun = (LPBOOL)(lpfnIsDeviceServiceable + offset00 + sizeof(uint32_t) + *(uint32_t *)(lpfnIsDeviceServiceable + offset00));
lpbIsCPUSupportedResult = (LPBOOL)(lpfnIsDeviceServiceable + offset01 + sizeof(uint32_t) + *(uint32_t *)(lpfnIsDeviceServiceable + offset01));
#elif defined(_X86_)
lpbFirstRun = (LPBOOL)(*(uintptr_t *)(lpfnIsDeviceServiceable + offset00));
lpbIsCPUSupportedResult = (LPBOOL)(*(uintptr_t *)(lpfnIsDeviceServiceable + offset01));
#endif
if (*lpbFirstRun) {
*lpbFirstRun = FALSE;
dwprintf(L"Patched FirstRun variable: %p = %08x", lpbFirstRun, *lpbFirstRun);
result = TRUE;
}
if (!*lpbIsCPUSupportedResult) {
*lpbIsCPUSupportedResult = TRUE;
dwprintf(L"Patched cached wuaueng.dll!IsCPUSupported result: %p = %08x", lpbIsCPUSupportedResult, *lpbIsCPUSupportedResult);
result = TRUE;
}
return result;
}
HMODULE WINAPI _LoadLibraryExA(
_In_ LPCSTR lpFileName,
_Reserved_ HANDLE hFile,
_In_ DWORD dwFlags
) {
HMODULE result = LoadLibraryExA(lpFileName, hFile, dwFlags);
if (result) {
dwprintf(L"Loaded library: %S", lpFileName);
if (!_stricmp(lpFileName, get_wuauservdllA()) && PatchWU(result)) {
dwprintf(L"Patched Windows Update module!");
}
}
return result;
}
HMODULE WINAPI _LoadLibraryExW(
_In_ LPCWSTR lpFileName,
_Reserved_ HANDLE hFile,
_In_ DWORD dwFlags
) {
HMODULE result = LoadLibraryExW(lpFileName, hFile, dwFlags);
if (result) {
dwprintf(L"Loaded library: %s", lpFileName);
if (!_wcsicmp(lpFileName, get_wuauservdllW()) && PatchWU(result)) {
dwprintf(L"Patched Windows Update module!");
}
}
return result;
};

16
wufuc/core.h
View File

@@ -1,16 +0,0 @@
#pragma once
DWORD WINAPI NewThreadProc(LPVOID lpParam);
BOOL PatchWU(HMODULE hModule);
HMODULE WINAPI _LoadLibraryExA(
_In_ LPCSTR lpFileName,
_Reserved_ HANDLE hFile,
_In_ DWORD dwFlags
);
HMODULE WINAPI _LoadLibraryExW(
_In_ LPCWSTR lpFileName,
_Reserved_ HANDLE hFile,
_In_ DWORD dwFlags
);

11
wufuc/dllmain.c
View File

@@ -1,20 +1,23 @@
#include <Windows.h> #include <Windows.h>
#include "core.h"
#include "util.h" #include "helpers.h"
#include "logging.h"
#include "hooks.h"
BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved) { BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved) {
switch (ul_reason_for_call) { switch (ul_reason_for_call) {
case DLL_PROCESS_ATTACH: case DLL_PROCESS_ATTACH:
{ {
if (!IsOperatingSystemSupported() || IsWow64()) { if (!IsOperatingSystemSupported() || IsWow64())
return FALSE; return FALSE;
}
DisableThreadLibraryCalls(hModule); DisableThreadLibraryCalls(hModule);
HANDLE hThread = CreateThread(NULL, 0, NewThreadProc, NULL, 0, NULL); HANDLE hThread = CreateThread(NULL, 0, NewThreadProc, NULL, 0, NULL);
CloseHandle(hThread); CloseHandle(hThread);
break; break;
} }
case DLL_PROCESS_DETACH: case DLL_PROCESS_DETACH:
logging_free();
break; break;
default: default:
break; break;

120
wufuc/helpers.c Normal file
View File

@@ -0,0 +1,120 @@
#include <Windows.h>
#include <stdint.h>
#include <tchar.h>
#include <TlHelp32.h>
#include <Psapi.h>
#include "logging.h"
#include "helpers.h"
static BOOL m_checkedIsWindows7 = FALSE;
static BOOL m_isWindows7 = FALSE;
static BOOL m_checkedIsWindows8Point1 = FALSE;
static BOOL m_isWindows8Point1 = FALSE;
static ISWOW64PROCESS fpIsWow64Process = NULL;
static BOOL m_checkedIsWow64 = FALSE;
static BOOL m_isWow64 = FALSE;
static TCHAR m_emod_basename[MAX_PATH];
BOOL CompareWindowsVersion(BYTE Operator, DWORD dwMajorVersion, DWORD dwMinorVersion, WORD wServicePackMajor, WORD wServicePackMinor, DWORD dwTypeMask) {
OSVERSIONINFOEX osvi;
ZeroMemory(&osvi, sizeof(OSVERSIONINFOEX));
osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFOEX);
osvi.dwMajorVersion = dwMajorVersion;
osvi.dwMinorVersion = dwMinorVersion;
osvi.wServicePackMajor = wServicePackMajor;
osvi.wServicePackMinor = wServicePackMinor;
DWORDLONG dwlConditionMask = 0;
VER_SET_CONDITION(dwlConditionMask, VER_MAJORVERSION, Operator);
VER_SET_CONDITION(dwlConditionMask, VER_MINORVERSION, Operator);
VER_SET_CONDITION(dwlConditionMask, VER_SERVICEPACKMAJOR, Operator);
VER_SET_CONDITION(dwlConditionMask, VER_SERVICEPACKMINOR, Operator);
return VerifyVersionInfo(&osvi, dwTypeMask, dwlConditionMask);
}
BOOL IsWindows7(void) {
if (!m_checkedIsWindows7) {
m_isWindows7 = CompareWindowsVersion(VER_EQUAL, 6, 1, 0, 0, VER_MAJORVERSION | VER_MINORVERSION);
m_checkedIsWindows7 = TRUE;
}
return m_isWindows7;
}
BOOL IsWindows8Point1(void) {
if (!m_checkedIsWindows8Point1) {
m_isWindows8Point1 = CompareWindowsVersion(VER_EQUAL, 6, 3, 0, 0, VER_MAJORVERSION | VER_MINORVERSION);
m_checkedIsWindows8Point1 = TRUE;
}
return m_isWindows8Point1;
}
BOOL IsOperatingSystemSupported(void) {
#if !defined(_AMD64_) && !defined(_X86_)
return FALSE;
#else
return IsWindows7() || IsWindows8Point1();
#endif
}
BOOL IsWow64(void) {
if (!m_checkedIsWow64) {
if (!fpIsWow64Process)
fpIsWow64Process = (ISWOW64PROCESS)GetProcAddress(GetModuleHandle(_T("kernel32.dll")), "IsWow64Process");
if (fpIsWow64Process && fpIsWow64Process(GetCurrentProcess(), &m_isWow64))
m_checkedIsWow64 = TRUE;
}
return m_isWow64;
}
VOID suspend_other_threads(DWORD dwProcessId, DWORD dwThreadId, HANDLE *lphThreads, SIZE_T dwSize, SIZE_T *lpcb) {
HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
THREADENTRY32 te;
ZeroMemory(&te, sizeof(THREADENTRY32));
te.dwSize = sizeof(te);
Thread32First(hSnap, &te);
SIZE_T count = 0;
do {
if (te.th32OwnerProcessID != dwProcessId || te.th32ThreadID == dwThreadId)
continue;
lphThreads[count] = OpenThread(THREAD_SUSPEND_RESUME, FALSE, te.th32ThreadID);
SuspendThread(lphThreads[count]);
count++;
} while (count < dwSize && Thread32Next(hSnap, &te));
CloseHandle(hSnap);
*lpcb = count;
trace(L"Suspended %d other threads", count);
}
VOID resume_and_close_threads(LPHANDLE lphThreads, SIZE_T cb) {
for (SIZE_T i = 0; i < cb; i++) {
ResumeThread(lphThreads[i]);
CloseHandle(lphThreads[i]);
}
trace(L"Resumed %d threads", cb);
}
void get_cpuid_brand(char *brand) {
int info[4];
__cpuidex(info, 0x80000000, 0);
if (info[0] < 0x80000004) {
brand[0] = '\0';
return;
}
uint32_t *char_as_int = (uint32_t *)brand;
for (int op = 0x80000002; op <= 0x80000004; op++) {
__cpuidex(info, op, 0);
*(char_as_int++) = info[0];
*(char_as_int++) = info[1];
*(char_as_int++) = info[2];
*(char_as_int++) = info[3];
}
}

20
wufuc/helpers.h Normal file
View File

@@ -0,0 +1,20 @@
#pragma once
EXTERN_C IMAGE_DOS_HEADER __ImageBase;
#define HINST_THISCOMPONENT ((HINSTANCE)&__ImageBase)
typedef BOOL(WINAPI *ISWOW64PROCESS)(HANDLE, PBOOL);
BOOL CompareWindowsVersion(BYTE Operator, DWORD dwMajorVersion, DWORD dwMinorVersion, WORD wServicePackMajor, WORD wServicePackMinor, DWORD dwTypeMask);
BOOL IsWindows7(void);
BOOL IsWindows8Point1(void);
BOOL IsOperatingSystemSupported(void);
BOOL IsWow64(void);
VOID suspend_other_threads(DWORD dwProcessId, DWORD dwThreadId, HANDLE *lphThreads, SIZE_T dwSize, SIZE_T *lpcb);
VOID resume_and_close_threads(LPHANDLE lphThreads, SIZE_T dwSize);
void get_cpuid_brand(char *brand);
#define STRINGIZE_(x) #x
#define STRINGIZE(x) STRINGIZE_(x)

192
wufuc/hooks.c Normal file
View File

@@ -0,0 +1,192 @@
#include <Windows.h>
#include <stdint.h>
#include <tchar.h>
#include <Psapi.h>
#include <sddl.h>
#include "helpers.h"
#include "logging.h"
#include "service.h"
#include "iathook.h"
#include "patternfind.h"
#include "hooks.h"
LOADLIBRARYEXW fpLoadLibraryExW = NULL;
LOADLIBRARYEXA fpLoadLibraryExA = NULL;
DWORD WINAPI NewThreadProc(LPVOID lpParam) {
SC_HANDLE hSCManager = OpenSCManager(NULL, SERVICES_ACTIVE_DATABASE, SC_MANAGER_CONNECT);
TCHAR lpBinaryPathName[0x8000];
get_svcpath(hSCManager, _T("wuauserv"), lpBinaryPathName, _countof(lpBinaryPathName));
CloseServiceHandle(hSCManager);
if (_tcsicmp(GetCommandLine(), lpBinaryPathName))
return 0;
SECURITY_ATTRIBUTES sa = { 0 };
sa.nLength = sizeof(SECURITY_ATTRIBUTES);
ConvertStringSecurityDescriptorToSecurityDescriptor(_T("D:PAI(A;;FA;;;BA)"), SDDL_REVISION_1, &sa.lpSecurityDescriptor, NULL);
sa.bInheritHandle = FALSE;
HANDLE hEvent = CreateEvent(&sa, TRUE, FALSE, _T("Global\\wufuc_UnloadEvent"));
if (!hEvent)
return 0;
DWORD dwProcessId = GetCurrentProcessId();
DWORD dwThreadId = GetCurrentThreadId();
HANDLE lphThreads[0x1000];
SIZE_T count;
suspend_other_threads(dwProcessId, dwThreadId, lphThreads, _countof(lphThreads), &count);
HMODULE hm = GetModuleHandle(NULL);
iat_hook(hm, "LoadLibraryExA", (LPVOID)&fpLoadLibraryExA, LoadLibraryExA_hook);
iat_hook(hm, "LoadLibraryExW", (LPVOID)&fpLoadLibraryExW, LoadLibraryExW_hook);
HMODULE hwu = GetModuleHandle(get_wuauservdll());
if (hwu && PatchWUA(hwu))
trace(L"Successfully patched previously loaded WUA module!");
resume_and_close_threads(lphThreads, count);
WaitForSingleObject(hEvent, INFINITE);
trace(L"Unloading...");
suspend_other_threads(dwProcessId, dwThreadId, lphThreads, _countof(lphThreads), &count);
iat_hook(hm, "LoadLibraryExA", NULL, fpLoadLibraryExA);
iat_hook(hm, "LoadLibraryExW", NULL, fpLoadLibraryExW);
resume_and_close_threads(lphThreads, count);
trace(L"Bye bye!");
CloseHandle(hEvent);
FreeLibraryAndExitThread(HINST_THISCOMPONENT, 0);
}
HMODULE WINAPI LoadLibraryExA_hook(
_In_ LPCSTR lpFileName,
_Reserved_ HANDLE hFile,
_In_ DWORD dwFlags
) {
CHAR buffer[MAX_PATH];
strcpy_s(buffer, _countof(buffer), lpFileName);
BOOL isWUA = !_stricmp(buffer, get_wuauservdllA());
if (isWUA) {
CHAR drive[_MAX_DRIVE], dir[_MAX_DIR], fname[_MAX_FNAME], ext[_MAX_EXT];
_splitpath_s(buffer, drive, _countof(drive), dir, _countof(dir), fname, _countof(fname), ext, _countof(ext));
if (!_stricmp(fname, "wuaueng2")) {
CHAR newpath[MAX_PATH];
_makepath_s(newpath, _countof(buffer), drive, dir, "wuaueng", ext);
if (GetFileAttributesA(newpath) != INVALID_FILE_ATTRIBUTES) {
strcpy_s(buffer, _countof(buffer), newpath);
trace(L"UpdatePack7R2 compatibility fix: redirecting %S -> %S", lpFileName, buffer);
}
}
}
HMODULE result = fpLoadLibraryExA(buffer, hFile, dwFlags);
trace(L"Loaded library: %S", buffer);
if (isWUA)
PatchWUA(result);
return result;
}
HMODULE WINAPI LoadLibraryExW_hook(
_In_ LPCWSTR lpFileName,
_Reserved_ HANDLE hFile,
_In_ DWORD dwFlags
) {
WCHAR buffer[MAX_PATH];
wcscpy_s(buffer, _countof(buffer), lpFileName);
BOOL isWUA = !_wcsicmp(buffer, get_wuauservdllW());
if (isWUA) {
WCHAR drive[_MAX_DRIVE], dir[_MAX_DIR], fname[_MAX_FNAME], ext[_MAX_EXT];
_wsplitpath_s(buffer, drive, _countof(drive), dir, _countof(dir), fname, _countof(fname), ext, _countof(ext));
if (!_wcsicmp(fname, L"wuaueng2")) {
WCHAR newpath[MAX_PATH];
_wmakepath_s(newpath, _countof(buffer), drive, dir, L"wuaueng", ext);
if (GetFileAttributesW(newpath) != INVALID_FILE_ATTRIBUTES) {
wcscpy_s(buffer, _countof(buffer), newpath);
trace(L"UpdatePack7R2 compatibility fix: redirecting %s -> %s", lpFileName, buffer);
}
}
}
HMODULE result = fpLoadLibraryExW(buffer, hFile, dwFlags);
trace(L"Loaded library: %s", buffer);
if (isWUA)
PatchWUA(result);
return result;
}
BOOL PatchWUA(HMODULE hModule) {
LPSTR pattern;
SIZE_T offset00, offset01;
#ifdef _AMD64_
pattern = "FFF3 4883EC?? 33DB 391D???????? 7508 8B05????????";
offset00 = 10;
offset01 = 18;
#elif defined(_X86_)
if (IsWindows7()) {
pattern = "833D????????00 743E E8???????? A3????????";
offset00 = 2;
offset01 = 15;
} else if (IsWindows8Point1()) {
pattern = "8BFF 51 833D????????00 7507 A1????????";
offset00 = 5;
offset01 = 13;
}
#endif
MODULEINFO modinfo;
GetModuleInformation(GetCurrentProcess(), hModule, &modinfo, sizeof(MODULEINFO));
LPBYTE ptr = patternfind(modinfo.lpBaseOfDll, modinfo.SizeOfImage, 0, pattern);
if (!ptr) {
trace(L"No pattern match!");
return FALSE;
}
trace(L"wuaueng!IsDeviceServiceable VA: %p", ptr);
BOOL result = FALSE;
LPBOOL lpbFirstRun, lpbIsCPUSupportedResult;
#ifdef _AMD64_
lpbFirstRun = (LPBOOL)(ptr + offset00 + sizeof(uint32_t) + *(uint32_t *)(ptr + offset00));
lpbIsCPUSupportedResult = (LPBOOL)(ptr + offset01 + sizeof(uint32_t) + *(uint32_t *)(ptr + offset01));
#elif defined(_X86_)
lpbFirstRun = (LPBOOL)(*(uintptr_t *)(ptr + offset00));
lpbIsCPUSupportedResult = (LPBOOL)(*(uintptr_t *)(ptr + offset01));
#endif
DWORD flNewProtect = PAGE_READWRITE;
DWORD flOldProtect;
if (*lpbFirstRun) {
VirtualProtect(lpbFirstRun, sizeof(BOOL), flNewProtect, &flOldProtect);
*lpbFirstRun = FALSE;
VirtualProtect(lpbFirstRun, sizeof(BOOL), flOldProtect, &flNewProtect);
trace(L"Patched boolean value #1: %p = %08x", lpbFirstRun, *lpbFirstRun);
result = TRUE;
}
if (!*lpbIsCPUSupportedResult) {
VirtualProtect(lpbIsCPUSupportedResult, sizeof(BOOL), flNewProtect, &flOldProtect);
*lpbIsCPUSupportedResult = TRUE;
VirtualProtect(lpbIsCPUSupportedResult, sizeof(BOOL), flOldProtect, &flNewProtect);
trace(L"Patched boolean value #2: %p = %08x", lpbIsCPUSupportedResult, *lpbIsCPUSupportedResult);
result = TRUE;
}
if (result)
trace(L"Successfully patched WUA module!");
return result;
}

23
wufuc/hooks.h Normal file
View File

@@ -0,0 +1,23 @@
#pragma once
typedef HMODULE(WINAPI *LOADLIBRARYEXA)(LPCSTR, HANDLE, DWORD);
typedef HMODULE(WINAPI *LOADLIBRARYEXW)(LPCWSTR, HANDLE, DWORD);
extern LOADLIBRARYEXW fpLoadLibraryExW;
extern LOADLIBRARYEXA fpLoadLibraryExA;
DWORD WINAPI NewThreadProc(LPVOID lpParam);
HMODULE WINAPI LoadLibraryExA_hook(
_In_ LPCSTR lpFileName,
_Reserved_ HANDLE hFile,
_In_ DWORD dwFlags
);
HMODULE WINAPI LoadLibraryExW_hook(
_In_ LPCWSTR lpFileName,
_Reserved_ HANDLE hFile,
_In_ DWORD dwFlags
);
BOOL PatchWUA(HMODULE hModule);

39
wufuc/iathook.c Normal file
View File

@@ -0,0 +1,39 @@
#include <Windows.h>
#include "logging.h"
#include "iathook.h"
VOID iat_hook(HMODULE hModule, LPCSTR lpFuncName, LPVOID *lpOldAddress, LPVOID lpNewAddress) {
LPVOID *lpAddress = iat_find(hModule, lpFuncName);
if (!lpAddress || *lpAddress == lpNewAddress)
return;
if (!hModule)
hModule = GetModuleHandle(NULL);
trace(L"Modified import address: hmod=%p, import=%S, old addr=%p, new addr=%p", hModule, lpFuncName, *lpAddress, lpNewAddress);
DWORD flOldProtect;
DWORD flNewProtect = PAGE_READWRITE;
VirtualProtect(lpAddress, sizeof(LPVOID), flNewProtect, &flOldProtect);
if (lpOldAddress)
*lpOldAddress = *lpAddress;
*lpAddress = lpNewAddress;
VirtualProtect(lpAddress, sizeof(LPVOID), flOldProtect, &flNewProtect);
}
static LPVOID *iat_find(HMODULE hModule, LPCSTR lpFunctionName) {
uintptr_t hm = (uintptr_t)hModule;
for (PIMAGE_IMPORT_DESCRIPTOR iid = (PIMAGE_IMPORT_DESCRIPTOR)(hm + ((PIMAGE_NT_HEADERS)(hm + ((PIMAGE_DOS_HEADER)hm)->e_lfanew))
->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress); iid->Name; iid++) {
LPVOID *pp;
for (SIZE_T i = 0; *(pp = i + (LPVOID *)(hm + iid->FirstThunk)); i++) {
LPSTR fn = (LPSTR)(hm + *(i + (SIZE_T *)(hm + iid->OriginalFirstThunk)) + 2);
if (!((uintptr_t)fn & IMAGE_ORDINAL_FLAG) && !_stricmp(lpFunctionName, fn))
return pp;
}
}
return NULL;
}

5
wufuc/iathook.h Normal file
View File

@@ -0,0 +1,5 @@
#pragma once
VOID iat_hook(HMODULE hModule, LPCSTR lpFuncName, LPVOID *lpOldAddress, LPVOID lpNewAddress);
static LPVOID *iat_find(HMODULE hModule, LPCSTR lpFunctionName);

53
wufuc/logging.c Normal file
View File

@@ -0,0 +1,53 @@
#include <Windows.h>
#include <stdio.h>
#include <time.h>
#include <tchar.h>
#include <Psapi.h>
#include "helpers.h"
#include "logging.h"
static FILE *fp;
static BOOL logging_enabled = FALSE;
BOOL logging_init(void) {
if (fp)
return TRUE;
WCHAR filename[MAX_PATH];
GetModuleFileNameW(HINST_THISCOMPONENT, filename, _countof(filename));
WCHAR drive[_MAX_DRIVE], dir[_MAX_DIR], fname[_MAX_FNAME];
_wsplitpath_s(filename, drive, _countof(drive), dir, _countof(dir), fname, _countof(fname), NULL, 0);
WCHAR basename[MAX_PATH];
GetModuleBaseNameW(GetCurrentProcess(), NULL, basename, _countof(basename));
wcscat_s(fname, _countof(fname), L".");
wcscat_s(fname, _countof(fname), basename);
_wmakepath_s(filename, _countof(filename), drive, dir, fname, L".log");
HANDLE hFile = CreateFileW(filename, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
LARGE_INTEGER size;
GetFileSizeEx(hFile, &size);
CloseHandle(hFile);
fp = _wfsopen(filename, size.QuadPart < (1 << 20) ? L"at" : L"wt", _SH_DENYWR);
return (fp != NULL);
}
VOID trace_(LPCWSTR format, ...) {
if (logging_init()) {
WCHAR datebuf[9], timebuf[9];
_wstrdate_s(datebuf, _countof(datebuf));
_wstrtime_s(timebuf, _countof(timebuf));
fwprintf_s(fp, L"%s %s [%d] ", datebuf, timebuf, GetCurrentProcessId());
va_list argptr;
va_start(argptr, format);
vfwprintf_s(fp, format, argptr);
va_end(argptr);
fflush(fp);
}
}
BOOL logging_free(void) {
return fp && !fclose(fp);
}

13
wufuc/logging.h Normal file
View File

@@ -0,0 +1,13 @@
#pragma once
BOOL logging_init(void);
VOID trace_(LPCWSTR format, ...);
BOOL logging_free(void);
#define STRINGIZE_(x) #x
#define STRINGIZE(x) STRINGIZE_(x)
#define STRINGIZEW_(x) L#x
#define STRINGIZEW(x) STRINGIZEW_(x)
#define __LINEWSTR__ STRINGIZEW(__LINE__)
#define trace(format, ...) trace_(__FILEW__ L":" __LINEWSTR__ L"(" __FUNCTIONW__ L"): " format L"\n", ##__VA_ARGS__)

96
wufuc/patternfind.c
View File

@@ -1,32 +1,32 @@
#include <Windows.h> #include <Windows.h>
#include "patternfind.h" #include "patternfind.h"
/* Ported to C from x64dbg's patternfind.cpp: /* Ported to C from x64dbg's patternfind.cpp:
<https://github.com/x64dbg/x64dbg/blob/development/src/dbg/patternfind.cpp> * https://github.com/x64dbg/x64dbg/blob/development/src/dbg/patternfind.cpp
* x64dbg license (GPL-3.0):
* https://github.com/x64dbg/x64dbg/blob/development/LICENSE>
*/
x64dbg license (GPL-3.0): int hexchtoint(CHAR c) {
<https://github.com/x64dbg/x64dbg/blob/development/LICENSE> */
static int hexchtoint(CHAR c) {
int result = -1; int result = -1;
if (c >= '0' && c <= '9') { if (c >= '0' && c <= '9')
result = c - '0'; result = c - '0';
} else if (c >= 'A' && c <= 'F') { else if (c >= 'A' && c <= 'F')
result = c - 'A' + 10; result = c - 'A' + 10;
} else if (c >= 'a' && c <= 'f') { else if (c >= 'a' && c <= 'f')
result = c - 'a' + 10; result = c - 'a' + 10;
}
return result; return result;
} }
static SIZE_T formathexpattern(LPCSTR patterntext, LPSTR formattext, SIZE_T formattextsize) { SIZE_T formathexpattern(LPCSTR patterntext, LPSTR formattext, SIZE_T formattextsize) {
SIZE_T len = strlen(patterntext); SIZE_T len = strlen(patterntext);
SIZE_T result = 0; SIZE_T result = 0;
for (SIZE_T i = 0; i < len && (!formattext || result < formattextsize); i++) { for (SIZE_T i = 0; i < len && (!formattext || result < formattextsize); i++) {
if (patterntext[i] == '?' || hexchtoint(patterntext[i]) != -1) { if (patterntext[i] == '?' || hexchtoint(patterntext[i]) != -1) {
if (formattext) { if (formattext)
formattext[result] = patterntext[i]; formattext[result] = patterntext[i];
}
result++; result++;
} }
} }
@@ -35,21 +35,21 @@ static SIZE_T formathexpattern(LPCSTR patterntext, LPSTR formattext, SIZE_T form
BOOL patterntransform(LPCSTR patterntext, LPPATTERNBYTE pattern, SIZE_T *patternsize) { BOOL patterntransform(LPCSTR patterntext, LPPATTERNBYTE pattern, SIZE_T *patternsize) {
SIZE_T cb = formathexpattern(patterntext, NULL, 0); SIZE_T cb = formathexpattern(patterntext, NULL, 0);
if (!cb || cb > *patternsize) { if (!cb || cb > *patternsize)
return FALSE; return FALSE;
}
LPSTR formattext = calloc(cb, sizeof(CHAR)); LPSTR formattext = calloc(cb, sizeof(CHAR));
cb = formathexpattern(patterntext, formattext, cb); cb = formathexpattern(patterntext, formattext, cb);
if (cb % 2) { if (cb % 2)
formattext[cb++] = '?'; formattext[cb++] = '?';
}
formattext[cb] = '\0'; formattext[cb] = '\0';
for (SIZE_T i = 0, j = 0, k = 0; i < cb; i++, j ^= 1, k = (i - j) >> 1) { for (SIZE_T i = 0, j = 0, k = 0; i < cb; i++, j ^= 1, k = (i - j) >> 1) {
if (formattext[i] == '?') { if (formattext[i] == '?')
pattern[k].nibble[j].wildcard = TRUE; pattern[k].nibble[j].wildcard = TRUE;
} else { else {
pattern[k].nibble[j].wildcard = FALSE; pattern[k].nibble[j].wildcard = FALSE;
pattern[k].nibble[j].data = hexchtoint(formattext[i]) & 0xf; pattern[k].nibble[j].data = hexchtoint(formattext[i]) & 0xf;
} }
@@ -59,19 +59,18 @@ BOOL patterntransform(LPCSTR patterntext, LPPATTERNBYTE pattern, SIZE_T *pattern
return TRUE; return TRUE;
} }
SIZE_T patternfind(LPCBYTE data, SIZE_T datasize, SIZE_T startindex, LPCSTR pattern) { LPBYTE patternfind(LPBYTE data, SIZE_T datasize, SIZE_T startindex, LPCSTR pattern) {
SIZE_T result = -1; LPBYTE result = NULL;
SIZE_T searchpatternsize = strlen(pattern); SIZE_T searchpatternsize = strlen(pattern);
LPPATTERNBYTE searchpattern = calloc(searchpatternsize, sizeof(PATTERNBYTE)); LPPATTERNBYTE searchpattern = calloc(searchpatternsize, sizeof(PATTERNBYTE));
if (patterntransform(pattern, searchpattern, &searchpatternsize)) { if (patterntransform(pattern, searchpattern, &searchpatternsize)) {
for (SIZE_T i = startindex, j = 0; i < datasize; i++) //search for the pattern for (SIZE_T i = startindex, j = 0; i < datasize; i++) { //search for the pattern
{
if ((searchpattern[j].nibble[0].wildcard || searchpattern[j].nibble[0].data == ((data[i] >> 4) & 0xf)) if ((searchpattern[j].nibble[0].wildcard || searchpattern[j].nibble[0].data == ((data[i] >> 4) & 0xf))
&& (searchpattern[j].nibble[1].wildcard || searchpattern[j].nibble[1].data == (data[i] & 0xf))) { //check if our pattern matches the current byte && (searchpattern[j].nibble[1].wildcard || searchpattern[j].nibble[1].data == (data[i] & 0xf))) { //check if our pattern matches the current byte
if (++j == searchpatternsize) { //everything matched if (++j == searchpatternsize) { //everything matched
result = i - searchpatternsize + 1; result = data + (i - searchpatternsize + 1);
break; break;
} }
} else if (j > 0) { //fix by Computer_Angel } else if (j > 0) { //fix by Computer_Angel
@@ -87,33 +86,50 @@ SIZE_T patternfind(LPCBYTE data, SIZE_T datasize, SIZE_T startindex, LPCSTR patt
VOID patternwritebyte(LPBYTE byte, LPPATTERNBYTE pbyte) { VOID patternwritebyte(LPBYTE byte, LPPATTERNBYTE pbyte) {
BYTE n1 = (*byte >> 4) & 0xf; BYTE n1 = (*byte >> 4) & 0xf;
BYTE n2 = *byte & 0xf; BYTE n2 = *byte & 0xf;
if (!pbyte->nibble[0].wildcard) { if (!pbyte->nibble[0].wildcard)
n1 = pbyte->nibble[0].data; n1 = pbyte->nibble[0].data;
}
if (!pbyte->nibble[1].wildcard) { if (!pbyte->nibble[1].wildcard)
n2 = pbyte->nibble[1].data; n2 = pbyte->nibble[1].data;
}
*byte = ((n1 << 4) & 0xf0) | (n2 & 0xf); *byte = ((n1 << 4) & 0xf0) | (n2 & 0xf);
} }
VOID patternwrite(LPBYTE data, SIZE_T datasize, LPCSTR pattern) { BOOL patternwrite(LPBYTE data, SIZE_T datasize, LPCSTR pattern) {
SIZE_T writepatternsize = strlen(pattern); SIZE_T writepatternsize = strlen(pattern);
if (writepatternsize > datasize) { if (writepatternsize > datasize)
writepatternsize = datasize; writepatternsize = datasize;
}
BOOL result = FALSE;
LPPATTERNBYTE writepattern = calloc(writepatternsize, sizeof(PATTERNBYTE)); LPPATTERNBYTE writepattern = calloc(writepatternsize, sizeof(PATTERNBYTE));
if (patterntransform(pattern, writepattern, &writepatternsize)) { if (patterntransform(pattern, writepattern, &writepatternsize)) {
for (size_t i = 0; i < writepatternsize; i++) { DWORD flNewProtect = PAGE_READWRITE;
patternwritebyte(&data[i], &writepattern[i]); DWORD flOldProtect;
if (VirtualProtect(data, writepatternsize, flNewProtect, &flOldProtect)) {
for (size_t i = 0; i < writepatternsize; i++) {
BYTE n1 = (data[i] >> 4) & 0xf;
BYTE n2 = data[i] & 0xf;
if (!writepattern[i].nibble[0].wildcard)
n1 = writepattern[i].nibble[0].data;
if (!writepattern[i].nibble[1].wildcard)
n2 = writepattern[i].nibble[1].data;
data[i] = ((n1 << 4) & 0xf0) | (n2 & 0xf);
}
result = VirtualProtect(data, writepatternsize, flOldProtect, &flNewProtect);
} }
} }
free(writepattern); free(writepattern);
} return result;
}
SIZE_T patternsnr(LPBYTE data, SIZE_T datasize, SIZE_T startindex, LPCSTR searchpattern, LPCSTR replacepattern) {
SIZE_T result = patternfind(data, datasize, startindex, searchpattern); LPBYTE patternsnr(LPBYTE data, SIZE_T datasize, SIZE_T startindex, LPCSTR searchpattern, LPCSTR replacepattern) {
if (result == -1) LPBYTE result = patternfind(data, datasize, startindex, searchpattern);
return result; if (result == NULL)
patternwrite(data + result, datasize - result, replacepattern); return result;
patternwrite(result, datasize, replacepattern);
return result; return result;
} }

6
wufuc/patternfind.h
View File

@@ -10,7 +10,7 @@ typedef struct _PATTERNBYTE {
int hexchtoint(CHAR ch); int hexchtoint(CHAR ch);
SIZE_T formathexpattern(LPCSTR patterntext, LPSTR formattext, SIZE_T formattextsize); SIZE_T formathexpattern(LPCSTR patterntext, LPSTR formattext, SIZE_T formattextsize);
BOOL patterntransform(LPCSTR patterntext, LPPATTERNBYTE pattern, SIZE_T *patternsize); BOOL patterntransform(LPCSTR patterntext, LPPATTERNBYTE pattern, SIZE_T *patternsize);
SIZE_T patternfind(LPCBYTE data, SIZE_T datasize, SIZE_T startindex, LPCSTR pattern); LPBYTE patternfind(LPBYTE data, SIZE_T datasize, SIZE_T startindex, LPCSTR pattern);
VOID patternwritebyte(LPBYTE byte, LPPATTERNBYTE pbyte); VOID patternwritebyte(LPBYTE byte, LPPATTERNBYTE pbyte);
VOID patternwrite(LPBYTE data, SIZE_T datasize, LPCSTR pattern); BOOL patternwrite(LPBYTE data, SIZE_T datasize, LPCSTR pattern);
SIZE_T patternsnr(LPBYTE data, SIZE_T datasize, SIZE_T startindex, LPCSTR searchpattern, LPCSTR replacepattern); LPBYTE patternsnr(LPBYTE data, SIZE_T datasize, SIZE_T startindex, LPCSTR searchpattern, LPCSTR replacepattern);

54
wufuc/rundll32.c
View File

@@ -2,8 +2,10 @@
#include <TlHelp32.h> #include <TlHelp32.h>
#include <tchar.h> #include <tchar.h>
#include <VersionHelpers.h> #include <VersionHelpers.h>
#include "helpers.h"
#include "logging.h"
#include "service.h" #include "service.h"
#include "util.h"
void CALLBACK Rundll32Entry(HWND hwnd, HINSTANCE hinst, LPSTR lpszCmdLine, int nCmdShow) { void CALLBACK Rundll32Entry(HWND hwnd, HINSTANCE hinst, LPSTR lpszCmdLine, int nCmdShow) {
HANDLE hEvent = OpenEvent(SYNCHRONIZE, FALSE, _T("Global\\wufuc_UnloadEvent")); HANDLE hEvent = OpenEvent(SYNCHRONIZE, FALSE, _T("Global\\wufuc_UnloadEvent"));
@@ -14,74 +16,72 @@ void CALLBACK Rundll32Entry(HWND hwnd, HINSTANCE hinst, LPSTR lpszCmdLine, int n
LPWSTR osname; LPWSTR osname;
if (IsWindows7()) { if (IsWindows7()) {
if (IsWindowsServer()) { if (IsWindowsServer())
osname = L"Windows Server 2008 R2"; osname = L"Windows Server 2008 R2";
} else { else
osname = L"Windows 7"; osname = L"Windows 7";
}
} else if (IsWindows8Point1()) { } else if (IsWindows8Point1()) {
if (IsWindowsServer()) { if (IsWindowsServer())
osname = L"Windows Server 2012 R2"; osname = L"Windows Server 2012 R2";
} else { else
osname = L"Windows 8.1"; osname = L"Windows 8.1";
}
} }
dwprintf(L"Operating System: %s %d-bit", osname, sizeof(uintptr_t) * 8); trace(L"Operating System: %s %d-bit", osname, sizeof(uintptr_t) * 8);
char brand[0x31]; char brand[0x31];
get_cpuid_brand(brand); get_cpuid_brand(brand);
SIZE_T i = 0; SIZE_T i = 0;
while (i < _countof(brand) && isspace(*(brand + i))) { while (i < _countof(brand) && isspace(*(brand + i)))
i++; i++;
}
dwprintf(L"Processor: %S", brand + i); trace(L"Processor: %S", brand + i);
SC_HANDLE hSCManager = OpenSCManager(NULL, SERVICES_ACTIVE_DATABASE, SC_MANAGER_CONNECT); SC_HANDLE hSCManager = OpenSCManager(NULL, SERVICES_ACTIVE_DATABASE, SC_MANAGER_CONNECT);
if (!hSCManager) { if (!hSCManager)
return; return;
}
TCHAR lpGroupName[256]; TCHAR lpGroupName[256];
DWORD dwProcessId; DWORD dwProcessId;
BOOL result = get_svcpid(hSCManager, _T("wuauserv"), &dwProcessId); BOOL result = get_svcpid(hSCManager, _T("wuauserv"), &dwProcessId);
if (!result && get_svcgname(hSCManager, _T("wuauserv"), lpGroupName, _countof(lpGroupName))) { if (!result && get_svcgname(hSCManager, _T("wuauserv"), lpGroupName, _countof(lpGroupName)))
result = get_svcgpid(hSCManager, lpGroupName, &dwProcessId); result = get_svcgpid(hSCManager, lpGroupName, &dwProcessId);
}
CloseServiceHandle(hSCManager); CloseServiceHandle(hSCManager);
if (!result) { if (!result)
return; return;
}
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwProcessId); HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwProcessId);
if (!hProcess) { if (!hProcess)
return; return;
}
TCHAR lpLibFileName[MAX_PATH]; TCHAR lpLibFileName[MAX_PATH];
GetModuleFileName(HINST_THISCOMPONENT, lpLibFileName, _countof(lpLibFileName)); GetModuleFileName(HINST_THISCOMPONENT, lpLibFileName, _countof(lpLibFileName));
SIZE_T size = (_tcslen(lpLibFileName) + 1) * sizeof(TCHAR); SIZE_T size = (_tcslen(lpLibFileName) + 1) * sizeof(TCHAR);
LPVOID lpBaseAddress = VirtualAllocEx(hProcess, NULL, size, MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE); LPVOID lpBaseAddress = VirtualAllocEx(hProcess, NULL, size, MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
if (lpBaseAddress && WriteProcessMemory(hProcess, lpBaseAddress, lpLibFileName, size, NULL)) { if (lpBaseAddress && WriteProcessMemory(hProcess, lpBaseAddress, lpLibFileName, size, NULL)) {
HANDLE hThread = CreateRemoteThread(
HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0, hProcess,
(LPTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandle(L"kernel32.dll"), NULL,
0,
(LPTHREAD_START_ROUTINE)GetProcAddress(GetModuleHandle(_T("kernel32.dll")),
STRINGIZE(LoadLibrary)), STRINGIZE(LoadLibrary)),
lpBaseAddress, 0, NULL lpBaseAddress,
0,
NULL
); );
WaitForSingleObject(hThread, INFINITE); WaitForSingleObject(hThread, INFINITE);
dwprintf(L"Injected into process: %d", dwProcessId); trace(L"Injected into process: %d", dwProcessId);
CloseHandle(hThread); CloseHandle(hThread);
} }
VirtualFreeEx(hProcess, lpBaseAddress, 0, MEM_RELEASE); VirtualFreeEx(hProcess, lpBaseAddress, 0, MEM_RELEASE);
CloseHandle(hProcess); CloseHandle(hProcess);
close_log();
} }
void CALLBACK Rundll32Unload(HWND hwnd, HINSTANCE hinst, LPSTR lpszCmdLine, int nCmdShow) { void CALLBACK Rundll32Unload(HWND hwnd, HINSTANCE hinst, LPSTR lpszCmdLine, int nCmdShow) {
HANDLE hEvent = OpenEvent(EVENT_MODIFY_STATE, FALSE, _T("Global\\wufuc_UnloadEvent")); HANDLE hEvent = OpenEvent(EVENT_MODIFY_STATE, FALSE, _T("Global\\wufuc_UnloadEvent"));
if (hEvent) { if (hEvent) {
dwprintf(L"Setting unload event..."); trace(L"Setting unload event...");
SetEvent(hEvent); SetEvent(hEvent);
CloseHandle(hEvent); CloseHandle(hEvent);
} }

52
wufuc/service.c
View File

@@ -1,8 +1,10 @@
#include <windows.h> #include <windows.h>
#include <stdio.h> #include <stdio.h>
#include <tchar.h> #include <tchar.h>
#include "util.h"
#include "helpers.h"
#include "shellapihelper.h" #include "shellapihelper.h"
#include "logging.h"
#include "service.h" #include "service.h"
static CHAR wuauservdllA[MAX_PATH]; static CHAR wuauservdllA[MAX_PATH];
@@ -12,10 +14,10 @@ BOOL get_svcdllA(LPCSTR lpServiceName, LPSTR lpServiceDll, DWORD dwSize) {
CHAR lpSubKey[257]; CHAR lpSubKey[257];
sprintf_s(lpSubKey, _countof(lpSubKey), "SYSTEM\\CurrentControlSet\\services\\%s\\Parameters", lpServiceName); sprintf_s(lpSubKey, _countof(lpSubKey), "SYSTEM\\CurrentControlSet\\services\\%s\\Parameters", lpServiceName);
DWORD cb = dwSize; DWORD cb = dwSize;
if (RegGetValueA(HKEY_LOCAL_MACHINE, lpSubKey, "ServiceDll", RRF_RT_REG_SZ, NULL, lpServiceDll, &cb)) { if (RegGetValueA(HKEY_LOCAL_MACHINE, lpSubKey, "ServiceDll", RRF_RT_REG_SZ, NULL, lpServiceDll, &cb))
return FALSE; return FALSE;
}
dwprintf(L"Service \"%S\" DLL path: %S", lpServiceName, lpServiceDll); trace(L"Service \"%S\" DLL path: %S", lpServiceName, lpServiceDll);
return TRUE; return TRUE;
} }
@@ -23,32 +25,31 @@ BOOL get_svcdllW(LPCWSTR lpServiceName, LPWSTR lpServiceDll, DWORD dwSize) {
WCHAR lpSubKey[257]; WCHAR lpSubKey[257];
swprintf_s(lpSubKey, _countof(lpSubKey), L"SYSTEM\\CurrentControlSet\\services\\%s\\Parameters", lpServiceName); swprintf_s(lpSubKey, _countof(lpSubKey), L"SYSTEM\\CurrentControlSet\\services\\%s\\Parameters", lpServiceName);
DWORD cb = dwSize; DWORD cb = dwSize;
if (RegGetValueW(HKEY_LOCAL_MACHINE, lpSubKey, L"ServiceDll", RRF_RT_REG_SZ, NULL, lpServiceDll, &cb)) { if (RegGetValueW(HKEY_LOCAL_MACHINE, lpSubKey, L"ServiceDll", RRF_RT_REG_SZ, NULL, lpServiceDll, &cb))
return FALSE; return FALSE;
}
dwprintf(L"Service \"%s\" DLL path: %s", lpServiceName, lpServiceDll); trace(L"Service \"%s\" DLL path: %s", lpServiceName, lpServiceDll);
return TRUE; return TRUE;
} }
LPSTR get_wuauservdllA(void) { LPSTR get_wuauservdllA(void) {
if (wuauservdllA[0] == '\0') { if (!*wuauservdllA)
get_svcdllA("wuauserv", wuauservdllA, _countof(wuauservdllA)); get_svcdllA("wuauserv", wuauservdllA, _countof(wuauservdllA));
}
return wuauservdllA; return wuauservdllA;
} }
LPWSTR get_wuauservdllW(void) { LPWSTR get_wuauservdllW(void) {
if (wuauservdllW[0] == L'\0') { if (!*wuauservdllW)
get_svcdllW(L"wuauserv", wuauservdllW, _countof(wuauservdllW)); get_svcdllW(L"wuauserv", wuauservdllW, _countof(wuauservdllW));
}
return wuauservdllW; return wuauservdllW;
} }
BOOL get_svcpid(SC_HANDLE hSCManager, LPCTSTR lpServiceName, DWORD *lpdwProcessId) { BOOL get_svcpid(SC_HANDLE hSCManager, LPCTSTR lpServiceName, DWORD *lpdwProcessId) {
SC_HANDLE hService = OpenService(hSCManager, lpServiceName, SERVICE_QUERY_STATUS); SC_HANDLE hService = OpenService(hSCManager, lpServiceName, SERVICE_QUERY_STATUS);
if (!hService) { if (!hService)
return FALSE; return FALSE;
}
SERVICE_STATUS_PROCESS lpBuffer; SERVICE_STATUS_PROCESS lpBuffer;
DWORD cbBytesNeeded; DWORD cbBytesNeeded;
@@ -58,9 +59,9 @@ BOOL get_svcpid(SC_HANDLE hSCManager, LPCTSTR lpServiceName, DWORD *lpdwProcessI
*lpdwProcessId = lpBuffer.dwProcessId; *lpdwProcessId = lpBuffer.dwProcessId;
#ifdef _UNICODE #ifdef _UNICODE
dwprintf(L"Service \"%s\" process ID: %d", lpServiceName, *lpdwProcessId); trace(L"Service \"%s\" process ID: %d", lpServiceName, *lpdwProcessId);
#else #else
dwprintf(L"Service \"%S\" process ID: %d", lpServiceName, *lpdwProcessId); trace(L"Service \"%S\" process ID: %d", lpServiceName, *lpdwProcessId);
#endif #endif
result = TRUE; result = TRUE;
} }
@@ -70,15 +71,13 @@ BOOL get_svcpid(SC_HANDLE hSCManager, LPCTSTR lpServiceName, DWORD *lpdwProcessI
BOOL get_svcgname(SC_HANDLE hSCManager, LPCTSTR lpServiceName, LPTSTR lpGroupName, SIZE_T dwSize) { BOOL get_svcgname(SC_HANDLE hSCManager, LPCTSTR lpServiceName, LPTSTR lpGroupName, SIZE_T dwSize) {
TCHAR lpBinaryPathName[0x8000]; TCHAR lpBinaryPathName[0x8000];
if (!get_svcpath(hSCManager, lpServiceName, lpBinaryPathName, _countof(lpBinaryPathName))) { if (!get_svcpath(hSCManager, lpServiceName, lpBinaryPathName, _countof(lpBinaryPathName)))
return FALSE; return FALSE;
}
int numArgs; int numArgs;
LPWSTR *argv = CommandLineToArgv(lpBinaryPathName, &numArgs); LPWSTR *argv = CommandLineToArgv(lpBinaryPathName, &numArgs);
if (numArgs < 3) { if (numArgs < 3)
return FALSE; return FALSE;
}
TCHAR fname[_MAX_FNAME]; TCHAR fname[_MAX_FNAME];
_tsplitpath_s(argv[0], NULL, 0, NULL, 0, fname, _countof(fname), NULL, 0); _tsplitpath_s(argv[0], NULL, 0, NULL, 0, fname, _countof(fname), NULL, 0);
@@ -90,9 +89,9 @@ BOOL get_svcgname(SC_HANDLE hSCManager, LPCTSTR lpServiceName, LPTSTR lpGroupNam
if (!_tcsicmp(*(p++), _T("-k")) && !_tcscpy_s(lpGroupName, dwSize, *p)) { if (!_tcsicmp(*(p++), _T("-k")) && !_tcscpy_s(lpGroupName, dwSize, *p)) {
result = TRUE; result = TRUE;
#ifdef _UNICODE #ifdef _UNICODE
dwprintf(L"Service \"%s\" group name: %s", lpServiceName, lpGroupName); trace(L"Service \"%s\" group name: %s", lpServiceName, lpGroupName);
#else #else
dwprintf(L"Service \"%S\" group name: %S", lpServiceName, lpGroupName); trace(L"Service \"%S\" group name: %S", lpServiceName, lpGroupName);
#endif #endif
break; break;
} }
@@ -103,16 +102,15 @@ BOOL get_svcgname(SC_HANDLE hSCManager, LPCTSTR lpServiceName, LPTSTR lpGroupNam
BOOL get_svcpath(SC_HANDLE hSCManager, LPCTSTR lpServiceName, LPTSTR lpBinaryPathName, SIZE_T dwSize) { BOOL get_svcpath(SC_HANDLE hSCManager, LPCTSTR lpServiceName, LPTSTR lpBinaryPathName, SIZE_T dwSize) {
HANDLE hService = OpenService(hSCManager, lpServiceName, SERVICE_QUERY_CONFIG); HANDLE hService = OpenService(hSCManager, lpServiceName, SERVICE_QUERY_CONFIG);
if (!hService) { if (!hService)
return FALSE; return FALSE;
}
DWORD cbBytesNeeded; DWORD cbBytesNeeded;
BOOL result = FALSE; BOOL result = FALSE;
if (!QueryServiceConfig(hService, NULL, 0, &cbBytesNeeded) && GetLastError() == ERROR_INSUFFICIENT_BUFFER) { if (!QueryServiceConfig(hService, NULL, 0, &cbBytesNeeded) && GetLastError() == ERROR_INSUFFICIENT_BUFFER) {
LPQUERY_SERVICE_CONFIG sc = malloc(cbBytesNeeded); LPQUERY_SERVICE_CONFIG sc = malloc(cbBytesNeeded);
if (QueryServiceConfig(hService, sc, cbBytesNeeded, &cbBytesNeeded) && !_tcscpy_s(lpBinaryPathName, dwSize, sc->lpBinaryPathName)) { if (QueryServiceConfig(hService, sc, cbBytesNeeded, &cbBytesNeeded) && !_tcscpy_s(lpBinaryPathName, dwSize, sc->lpBinaryPathName))
result = TRUE; result = TRUE;
}
free(sc); free(sc);
} }
CloseServiceHandle(hService); CloseServiceHandle(hService);
@@ -135,9 +133,9 @@ BOOL get_svcgpid(SC_HANDLE hSCManager, LPTSTR lpServiceGroupName, DWORD *lpdwPro
*lpdwProcessId = dwProcessId; *lpdwProcessId = dwProcessId;
result = TRUE; result = TRUE;
#ifdef _UNICODE #ifdef _UNICODE
dwprintf(L"Service group \"%s\" process ID: %d", lpServiceGroupName, *lpdwProcessId); trace(L"Service group \"%s\" process ID: %d", lpServiceGroupName, *lpdwProcessId);
#else #else
dwprintf(L"Service group \"%S\" process ID: %d", lpServiceGroupName, *lpdwProcessId); trace(L"Service group \"%S\" process ID: %d", lpServiceGroupName, *lpdwProcessId);
#endif #endif
break; break;
} }

202
wufuc/util.c
View File

@@ -1,202 +0,0 @@
#include <Windows.h>
#include <stdio.h>
#include <stdint.h>
#include <intrin.h>
#include <tchar.h>
#include <TlHelp32.h>
#include <Psapi.h>
#include "util.h"
static BOOL checkedIsWindows7 = FALSE;
static BOOL isWindows7 = FALSE;
static BOOL checkedIsWindows8Point1 = FALSE;
static BOOL isWindows8Point1 = FALSE;
static LPFN_ISWOW64PROCESS fnIsWow64Process = NULL;
static BOOL checkedIsWow64 = FALSE;
static BOOL isWow64 = FALSE;
static FILE *log_fp = NULL;
LPVOID *FindIAT(HMODULE hModule, LPSTR lpFunctionName) {
uintptr_t hm = (uintptr_t)hModule;
for (PIMAGE_IMPORT_DESCRIPTOR iid = (PIMAGE_IMPORT_DESCRIPTOR)(hm + ((PIMAGE_NT_HEADERS)(hm + ((PIMAGE_DOS_HEADER)hm)->e_lfanew))
->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress); iid->Name; iid++) {
LPVOID *p;
for (SIZE_T i = 0; *(p = i + (LPVOID *)(hm + iid->FirstThunk)); i++) {
LPSTR fn = (LPSTR)(hm + *(i + (SIZE_T *)(hm + iid->OriginalFirstThunk)) + 2);
if (!((uintptr_t)fn & IMAGE_ORDINAL_FLAG) && !_stricmp(lpFunctionName, fn)) {
return p;
}
}
}
return NULL;
}
VOID DetourIAT(HMODULE hModule, LPSTR lpFuncName, LPVOID *lpOldAddress, LPVOID lpNewAddress) {
LPVOID *lpAddress = FindIAT(hModule, lpFuncName);
if (!lpAddress || *lpAddress == lpNewAddress) {
return;
}
DWORD flOldProtect;
DWORD flNewProtect = PAGE_READWRITE;
VirtualProtect(lpAddress, sizeof(LPVOID), flNewProtect, &flOldProtect);
if (lpOldAddress) {
*lpOldAddress = *lpAddress;
}
dwprintf(L"Modified %S import address: %p => %p", lpFuncName, *lpAddress, lpNewAddress);
*lpAddress = lpNewAddress;
VirtualProtect(lpAddress, sizeof(LPVOID), flOldProtect, &flNewProtect);
}
VOID SuspendProcessThreads(DWORD dwProcessId, DWORD dwThreadId, HANDLE *lphThreads, SIZE_T dwSize, SIZE_T *lpcb) {
HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
THREADENTRY32 te;
ZeroMemory(&te, sizeof(THREADENTRY32));
te.dwSize = sizeof(te);
Thread32First(hSnap, &te);
SIZE_T count = 0;
do {
if (te.th32OwnerProcessID != dwProcessId || te.th32ThreadID == dwThreadId) {
continue;
}
lphThreads[count] = OpenThread(THREAD_SUSPEND_RESUME, FALSE, te.th32ThreadID);
SuspendThread(lphThreads[count]);
count++;
} while (count < dwSize && Thread32Next(hSnap, &te));
CloseHandle(hSnap);
*lpcb = count;
dwprintf(L"Suspended %d other threads", count);
}
VOID ResumeAndCloseThreads(HANDLE *lphThreads, SIZE_T cb) {
for (SIZE_T i = 0; i < cb; i++) {
ResumeThread(lphThreads[i]);
CloseHandle(lphThreads[i]);
}
dwprintf(L"Resumed %d other threads", cb);
}
BOOL CompareWindowsVersion(BYTE Operator, DWORD dwMajorVersion, DWORD dwMinorVersion, WORD wServicePackMajor, WORD wServicePackMinor, DWORD dwTypeMask) {
OSVERSIONINFOEX osvi;
ZeroMemory(&osvi, sizeof(OSVERSIONINFOEX));
osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFOEX);
osvi.dwMajorVersion = dwMajorVersion;
osvi.dwMinorVersion = dwMinorVersion;
osvi.wServicePackMajor = wServicePackMajor;
osvi.wServicePackMinor = wServicePackMinor;
DWORDLONG dwlConditionMask = 0;
VER_SET_CONDITION(dwlConditionMask, VER_MAJORVERSION, Operator);
VER_SET_CONDITION(dwlConditionMask, VER_MINORVERSION, Operator);
VER_SET_CONDITION(dwlConditionMask, VER_SERVICEPACKMAJOR, Operator);
VER_SET_CONDITION(dwlConditionMask, VER_SERVICEPACKMINOR, Operator);
return VerifyVersionInfo(&osvi, dwTypeMask, dwlConditionMask);
}
BOOL IsWindows7(void) {
if (!checkedIsWindows7) {
isWindows7 = CompareWindowsVersion(VER_EQUAL, 6, 1, 0, 0, VER_MAJORVERSION | VER_MINORVERSION);
checkedIsWindows7 = TRUE;
}
return isWindows7;
}
BOOL IsWindows8Point1(void) {
if (!checkedIsWindows8Point1) {
isWindows8Point1 = CompareWindowsVersion(VER_EQUAL, 6, 3, 0, 0, VER_MAJORVERSION | VER_MINORVERSION);
checkedIsWindows8Point1 = TRUE;
}
return isWindows8Point1;
}
BOOL IsOperatingSystemSupported(void) {
#if !defined(_AMD64_) && !defined(_X86_)
return FALSE;
#else
return IsWindows7() || IsWindows8Point1();
#endif
}
BOOL IsWow64(void) {
if (!checkedIsWow64) {
if (!fnIsWow64Process) {
fnIsWow64Process = (LPFN_ISWOW64PROCESS)GetProcAddress(GetModuleHandle(_T("kernel32.dll")), "IsWow64Process");
}
if (fnIsWow64Process && fnIsWow64Process(GetCurrentProcess(), &isWow64)) {
checkedIsWow64 = TRUE;
}
}
return isWow64;
}
void get_cpuid_brand(char* brand) {
int info[4];
__cpuidex(info, 0x80000000, 0);
if (info[0] < 0x80000004) {
brand[0] = '\0';
return;
}
uint32_t *char_as_int = (uint32_t *)brand;
for (int op = 0x80000002; op <= 0x80000004; op++) {
__cpuidex(info, op, 0);
*(char_as_int++) = info[0];
*(char_as_int++) = info[1];
*(char_as_int++) = info[2];
*(char_as_int++) = info[3];
}
}
BOOL init_log(void) {
if (log_fp) {
return TRUE;
}
WCHAR filename[MAX_PATH];
GetModuleFileNameW(HINST_THISCOMPONENT, filename, _countof(filename));
WCHAR drive[_MAX_DRIVE], dir[_MAX_DIR], fname[_MAX_FNAME];
_wsplitpath_s(filename, drive, _countof(drive), dir, _countof(dir), fname, _countof(fname), NULL, 0);
WCHAR basename[MAX_PATH];
GetModuleBaseNameW(GetCurrentProcess(), NULL, basename, _countof(basename));
wcscat_s(fname, _countof(fname), L".");
wcscat_s(fname, _countof(fname), basename);
_wmakepath_s(filename, _countof(filename), drive, dir, fname, L".log");
HANDLE hFile = CreateFileW(filename, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
LARGE_INTEGER size;
GetFileSizeEx(hFile, &size);
CloseHandle(hFile);
log_fp = _wfsopen(filename, size.QuadPart < (1 << 20) ? L"at" : L"wt", _SH_DENYWR);
if (!log_fp) {
return FALSE;
}
return TRUE;
}
VOID close_log(void) {
if (log_fp) {
fclose(log_fp);
}
}
VOID dwprintf_(LPCWSTR format, ...) {
if (init_log()) {
WCHAR datebuf[9], timebuf[9];
_wstrdate_s(datebuf, _countof(datebuf));
_wstrtime_s(timebuf, _countof(timebuf));
fwprintf_s(log_fp, L"%s %s [%d] ", datebuf, timebuf, GetCurrentProcessId());
va_list argptr;
va_start(argptr, format);
vfwprintf_s(log_fp, format, argptr);
va_end(argptr);
fflush(log_fp);
}
}

39
wufuc/util.h
View File

@@ -1,39 +0,0 @@
#pragma once
EXTERN_C IMAGE_DOS_HEADER __ImageBase;
#define HINST_THISCOMPONENT ((HINSTANCE)&__ImageBase)
typedef BOOL(WINAPI *LPFN_ISWOW64PROCESS) (HANDLE, PBOOL);
LPVOID *FindIAT(HMODULE hModule, LPSTR lpFuncName);
VOID DetourIAT(HMODULE hModule, LPSTR lpFuncName, LPVOID *lpOldAddress, LPVOID lpNewAddress);
VOID SuspendProcessThreads(DWORD dwProcessId, DWORD dwThreadId, HANDLE *lphThreads, SIZE_T dwSize, SIZE_T *lpcb);
VOID ResumeAndCloseThreads(HANDLE *lphThreads, SIZE_T dwSize);
BOOL CompareWindowsVersion(BYTE Operator, DWORD dwMajorVersion, DWORD dwMinorVersion, WORD wServicePackMajor, WORD wServicePackMinor, DWORD dwTypeMask);
BOOL IsWindows7(void);
BOOL IsWindows8Point1(void);
BOOL IsOperatingSystemSupported(void);
BOOL IsWow64(void);
void get_cpuid_brand(char *brand);
VOID dwprintf_(LPCWSTR format, ...);
#define DETOUR_IAT(x, y) \
LPVOID _LPORIGINAL##y; \
DetourIAT(x, #y, &_LPORIGINAL##y, &_##y)
#define RESTORE_IAT(x, y) \
DetourIAT(x, #y, NULL, _LPORIGINAL##y)
BOOL init_log(void);
VOID close_log(void);
#define STRINGIZE_(x) #x
#define STRINGIZE(x) STRINGIZE_(x)
#define STRINGIZEW_(x) L#x
#define STRINGIZEW(x) STRINGIZEW_(x)
#define __LINEWSTR__ STRINGIZEW(__LINE__)
#define dwprintf(format, ...) dwprintf_(__FILEW__ L"(" __LINEWSTR__ L"): " format L"\n", ##__VA_ARGS__)

BIN
wufuc/version.rc → wufuc/wufuc.rc
View File

Binary file not shown.

22
wufuc/wufuc.vcxproj
View File

@@ -108,7 +108,7 @@
<Link> <Link>
<SubSystem>Windows</SubSystem> <SubSystem>Windows</SubSystem>
<ModuleDefinitionFile>exports.def</ModuleDefinitionFile> <ModuleDefinitionFile>exports.def</ModuleDefinitionFile>
<AdditionalDependencies>Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies> <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
</Link> </Link>
</ItemDefinitionGroup> </ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
@@ -121,7 +121,7 @@
<Link> <Link>
<SubSystem>Windows</SubSystem> <SubSystem>Windows</SubSystem>
<ModuleDefinitionFile>exports.def</ModuleDefinitionFile> <ModuleDefinitionFile>exports.def</ModuleDefinitionFile>
<AdditionalDependencies>Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies> <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
</Link> </Link>
</ItemDefinitionGroup> </ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
@@ -142,7 +142,7 @@
<OptimizeReferences>true</OptimizeReferences> <OptimizeReferences>true</OptimizeReferences>
<ModuleDefinitionFile>exports.def</ModuleDefinitionFile> <ModuleDefinitionFile>exports.def</ModuleDefinitionFile>
<GenerateDebugInformation>false</GenerateDebugInformation> <GenerateDebugInformation>false</GenerateDebugInformation>
<AdditionalDependencies>Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies> <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
</Link> </Link>
<PostBuildEvent> <PostBuildEvent>
<Command> <Command>
@@ -167,7 +167,7 @@
<OptimizeReferences>true</OptimizeReferences> <OptimizeReferences>true</OptimizeReferences>
<ModuleDefinitionFile>exports.def</ModuleDefinitionFile> <ModuleDefinitionFile>exports.def</ModuleDefinitionFile>
<GenerateDebugInformation>false</GenerateDebugInformation> <GenerateDebugInformation>false</GenerateDebugInformation>
<AdditionalDependencies>Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies> <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
</Link> </Link>
<PostBuildEvent> <PostBuildEvent>
<Command> <Command>
@@ -175,25 +175,29 @@
</PostBuildEvent> </PostBuildEvent>
</ItemDefinitionGroup> </ItemDefinitionGroup>
<ItemGroup> <ItemGroup>
<ClCompile Include="core.c" /> <ClCompile Include="hooks.c" />
<ClCompile Include="dllmain.c" /> <ClCompile Include="dllmain.c" />
<ClCompile Include="iathook.c" />
<ClCompile Include="logging.c" />
<ClCompile Include="patternfind.c" /> <ClCompile Include="patternfind.c" />
<ClCompile Include="rundll32.c" /> <ClCompile Include="rundll32.c" />
<ClCompile Include="service.c" /> <ClCompile Include="service.c" />
<ClCompile Include="util.c" /> <ClCompile Include="helpers.c" />
</ItemGroup> </ItemGroup>
<ItemGroup> <ItemGroup>
<None Include="exports.def" /> <None Include="exports.def" />
</ItemGroup> </ItemGroup>
<ItemGroup> <ItemGroup>
<ClInclude Include="core.h" /> <ClInclude Include="hooks.h" />
<ClInclude Include="iathook.h" />
<ClInclude Include="logging.h" />
<ClInclude Include="patternfind.h" /> <ClInclude Include="patternfind.h" />
<ClInclude Include="service.h" /> <ClInclude Include="service.h" />
<ClInclude Include="shellapihelper.h" /> <ClInclude Include="shellapihelper.h" />
<ClInclude Include="util.h" /> <ClInclude Include="helpers.h" />
</ItemGroup> </ItemGroup>
<ItemGroup> <ItemGroup>
<ResourceCompile Include="version.rc" /> <ResourceCompile Include="wufuc.rc" />
</ItemGroup> </ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" /> <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets"> <ImportGroup Label="ExtensionTargets">