Vichingo455/wufuc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix pcbData assignment

Browse Source
This commit is contained in:
zeffy
2018-02-09 03:33:03 -08:00
parent d7504e1872
commit 9db762965f
3 changed files with 9 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/wufuc/hlpmisc.c
View File

@@ -93,7 +93,7 @@ LPBYTE RegQueryValueExAlloc(
if ( RegQueryValueExW(hSubKey, pValueName, NULL, pType, result, &cbData) != ERROR_SUCCESS ) if ( RegQueryValueExW(hSubKey, pValueName, NULL, pType, result, &cbData) != ERROR_SUCCESS )
return result; return result;
length = cbData + sizeof(WCHAR); // make sure it is null-terminated length = cbData + (sizeof UNICODE_NULL * 2);
result = malloc(length); result = malloc(length);
if ( !result ) return result; if ( !result ) return result;
@@ -132,9 +132,9 @@ PVOID NtQueryKeyAlloc(HANDLE KeyHandle, KEY_INFORMATION_CLASS KeyInformationClas
return result; return result;
} }
LPWSTR ExpandEnvironmentStringsAlloc(LPCWSTR src) LPWSTR ExpandEnvironmentStringsAlloc(LPCWSTR src, LPDWORD pcchLength)
{ {
wchar_t *result; LPWSTR result;
DWORD buffersize; DWORD buffersize;
DWORD size; DWORD size;
@@ -144,6 +144,8 @@ LPWSTR ExpandEnvironmentStringsAlloc(LPCWSTR src)
if ( !size || size > buffersize ) { if ( !size || size > buffersize ) {
free(result); free(result);
result = NULL; result = NULL;
} else if ( pcchLength ) {
*pcchLength = buffersize;
} }
return result; return result;
} }

2
src/wufuc/hlpmisc.h
View File

@@ -21,4 +21,4 @@ LPBYTE RegQueryValueExAlloc(
LPDWORD pType, LPDWORD pType,
LPDWORD pcbData); LPDWORD pcbData);
PVOID NtQueryKeyAlloc(HANDLE KeyHandle, KEY_INFORMATION_CLASS KeyInformationClass, PULONG pResultLength); PVOID NtQueryKeyAlloc(HANDLE KeyHandle, KEY_INFORMATION_CLASS KeyInformationClass, PULONG pResultLength);
LPWSTR ExpandEnvironmentStringsAlloc(LPCWSTR src); LPWSTR ExpandEnvironmentStringsAlloc(LPCWSTR src, LPDWORD pcchLength);

6
src/wufuc/hooks.c
View File

@@ -22,6 +22,7 @@ LSTATUS WINAPI RegQueryValueExW_hook(HKEY hKey, LPCWSTR lpValueName, LPDWORD lpR
LPWSTR fname; LPWSTR fname;
const WCHAR realpath[] = L"%systemroot%\\system32\\wuaueng.dll"; const WCHAR realpath[] = L"%systemroot%\\system32\\wuaueng.dll";
wchar_t *expandedpath; wchar_t *expandedpath;
DWORD cchLength;
// save original buffer size // save original buffer size
if ( lpData && lpcbData ) if ( lpData && lpcbData )
@@ -57,12 +58,11 @@ LSTATUS WINAPI RegQueryValueExW_hook(HKEY hKey, LPCWSTR lpValueName, LPDWORD lpR
|| !_wcsicmp(fname, L"WuaCpuFix64.dll") // WuaCpuFix || !_wcsicmp(fname, L"WuaCpuFix64.dll") // WuaCpuFix
|| !_wcsicmp(fname, L"WuaCpuFix.dll")) ) { || !_wcsicmp(fname, L"WuaCpuFix.dll")) ) {
expandedpath = ExpandEnvironmentStringsAlloc(realpath); expandedpath = ExpandEnvironmentStringsAlloc(realpath, &cchLength);
trace(L"Fixed path to wuauserv ServiceDll: %ls -> %ls", fname, PathFindFileNameW(expandedpath)); trace(L"Fixed path to wuauserv ServiceDll: %ls -> %ls", fname, PathFindFileNameW(expandedpath));
if ( SUCCEEDED(StringCbCopyW(pBuffer, MaximumLength, expandedpath)) ) if ( SUCCEEDED(StringCbCopyW(pBuffer, MaximumLength, expandedpath)) )
*lpcbData = sizeof realpath; *lpcbData = cchLength * (sizeof *expandedpath);
free(expandedpath); free(expandedpath);
} }
} }