organize includes, fix possible null pointer, update patternfind.c, change some types

src/wufuc/callbacks.c

@@ -1,5 +1,4 @@
 #include "stdafx.h"
-
 #include "context.h"
 #include "callbacks.h"
 #include "hooks.h"
@@ -89,7 +88,13 @@ DWORD WINAPI cb_start(context *ctx)
         str = (wchar_t *)reg_query_value_alloc(HKEY_LOCAL_MACHINE,
                 L"SYSTEM\\CurrentControlSet\\services\\wuauserv\\Parameters",
                 L"ServiceDll", NULL, NULL);
+        if ( !str ) {
+abort_hook:
+                MH_RemoveHook(g_pfnRegQueryValueExW);
+                goto release;
+        }
         g_pszWUServiceDll = env_expand_strings_alloc(str, NULL);
+        if ( !g_pszWUServiceDll ) goto abort_hook;
         free(str);
 
         MH_CreateHookApi(L"kernel32.dll",
@@ -97,9 +102,8 @@ DWORD WINAPI cb_start(context *ctx)
                 LoadLibraryExW_hook,
                 &(PVOID)g_pfnLoadLibraryExW);
 
-        if ( g_pszWUServiceDll
-                && (GetModuleHandleExW(0, g_pszWUServiceDll, &hModule)
-                        || GetModuleHandleExW(0, PathFindFileNameW(g_pszWUServiceDll), &hModule))) {
+        if ( GetModuleHandleExW(0, g_pszWUServiceDll, &hModule)
+                || GetModuleHandleExW(0, PathFindFileNameW(g_pszWUServiceDll), &hModule) ) {
 
                 // hook IsDeviceServiceable if wuaueng.dll is already loaded
                 wufuc_hook(hModule);
@@ -110,7 +114,7 @@ DWORD WINAPI cb_start(context *ctx)
 
         // wait for unload event or parent mutex to be abandoned.
         // for example if the user killed rundll32.exe with task manager.
-        result = WaitForMultipleObjects(_countof(ctx->handles), ctx->handles, FALSE, INFINITE);
+        result = WaitForMultipleObjects(ctx->count, ctx->handles, FALSE, INFINITE);
         trace(L"Unload condition has been met.");
 
         switch ( result ) {

src/wufuc/context.c

@@ -1,5 +1,6 @@
 #include "stdafx.h"
 #include "context.h"
+
 #include <sddl.h>
 
 static bool ctxp_remove_handle(context *ctx, unsigned Index)

src/wufuc/dllmain.c

@@ -1,4 +1,5 @@
 #include "stdafx.h"
+
 #include <minhook.h>
 
 BOOL APIENTRY DllMain(HMODULE hModule,

src/wufuc/hooks.c

@@ -1,9 +1,8 @@
 #include "stdafx.h"
-
+#include "context.h"
 #include "hooks.h"
 #include "log.h"
 #include "registryhelper.h"
-#include "context.h"
 #include "wufuc.h"
 
 wchar_t *g_pszWUServiceDll;

src/wufuc/log.c

@@ -1,4 +1,5 @@
 #include "stdafx.h"
+
 #include "log.h"
 
 void logp_debug_write(const wchar_t *const format, ...)

src/wufuc/patternfind.c

@@ -144,7 +144,7 @@ void patternwrite(uint8_t *data, size_t datasize, const char *pattern)
 
         if ( patterntransform(pattern, writepattern, writepatternsize) ) {
                 DWORD OldProtect;
-                BOOL result = VirtualProtect(data, writepatternsize, PAGE_READWRITE, &OldProtect);
+                BOOL result = VirtualProtect(data, writepatternsize, PAGE_EXECUTE_READWRITE, &OldProtect);
                 if ( writepatternsize > datasize )
                         writepatternsize = datasize;
                 for ( size_t i = 0; i < writepatternsize; i++ )

src/wufuc/registryhelper.c

@@ -1,11 +1,10 @@
 #include "stdafx.h"
 #include "registryhelper.h"
-#include <sddl.h>
 
 PVOID reg_get_value_alloc(
         HKEY hKey,
-        const wchar_t *SubKey,
-        const wchar_t *Value,
+        LPCWSTR SubKey,
+        LPCWSTR Value,
         DWORD dwFlags,
         LPDWORD pdwType,
         LPDWORD pcbData)
@@ -31,8 +30,8 @@ PVOID reg_get_value_alloc(
 
 LPBYTE reg_query_value_alloc(
         HKEY hKey,
-        const wchar_t *SubKey,
-        const wchar_t *Value,
+        LPCWSTR SubKey,
+        LPCWSTR Value,
         LPDWORD pdwType,
         LPDWORD pcbData)
 {
@@ -100,15 +99,15 @@ PVOID reg_query_key_alloc(
         return result;
 }
 
-wchar_t *env_expand_strings_alloc(const wchar_t *src, LPDWORD pcchLength)
+LPWSTR env_expand_strings_alloc(LPCWSTR Src, LPDWORD pcchLength)
 {
-        wchar_t *result;
+        LPWSTR result;
         DWORD buffersize;
         DWORD size;
 
-        buffersize = ExpandEnvironmentStringsW(src, NULL, 0);
+        buffersize = ExpandEnvironmentStringsW(Src, NULL, 0);
         result = calloc(buffersize, sizeof *result);
-        size = ExpandEnvironmentStringsW(src, result, buffersize);
+        size = ExpandEnvironmentStringsW(Src, result, buffersize);
         if ( !size || size > buffersize ) {
                 free(result);
                 result = NULL;

src/wufuc/registryhelper.h

@@ -2,19 +2,19 @@
 
 PVOID reg_get_value_alloc(
         HKEY hkey,
-        const wchar_t *pSubKey,
-        const wchar_t *pValue,
+        LPCWSTR pSubKey,
+        LPCWSTR pValue,
         DWORD dwFlags,
         LPDWORD pdwType,
         LPDWORD pcbData);
 LPBYTE reg_query_value_alloc(
         HKEY hKey,
-        const wchar_t *pSubKey,
-        const wchar_t *pValueName,
+        LPCWSTR pSubKey,
+        LPCWSTR pValueName,
         LPDWORD pType,
         LPDWORD pcbData);
 PVOID reg_query_key_alloc(
         HANDLE KeyHandle,
         KEY_INFORMATION_CLASS KeyInformationClass,
         PULONG pResultLength);
-wchar_t *env_expand_strings_alloc(const wchar_t *src, LPDWORD pcchLength);
+LPWSTR env_expand_strings_alloc(LPCWSTR Src, LPDWORD pcchLength);

src/wufuc/rundll32.c

@@ -1,10 +1,10 @@
 #include "stdafx.h"
 #include "context.h"
 #include "callbacks.h"
+#include "log.h"
 #include "modulehelper.h"
 #include "registryhelper.h"
 #include "servicehelper.h"
-#include "log.h"
 #include "wufuc.h"
 
 void CALLBACK RUNDLL32_StartW(HWND hwnd, HINSTANCE hinst, LPWSTR lpszCmdLine, int nCmdShow)

src/wufuc/wufuc.c

@@ -1,12 +1,11 @@
 #include "stdafx.h"
-
 #include "context.h"
 #include "wufuc.h"
-#include "modulehelper.h"
-#include "versionhelper.h"
 #include "hooks.h"
 #include "log.h"
+#include "modulehelper.h"
 #include "patternfind.h"
+#include "versionhelper.h"
 
 #include <minhook.h>