Vichingo455/wufuc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

0.8pre. installers are not finished [skip ci]

Browse Source
This commit is contained in:
zeffy
2017-10-03 15:34:52 -07:00
parent c7f44b3f2d
commit bd15048101
66 changed files with 29744 additions and 944 deletions
Download Patch File Download Diff File Expand all files Collapse all files

68
README.md
View File

@@ -1,25 +1,14 @@
# wufuc [![](https://ci.appveyor.com/api/projects/status/0s2unkpokttyslf0?svg=true)](https://ci.appveyor.com/project/zeffy/wufuc)
# wufuc [![](https://ci.appveyor.com/api/projects/status/0s2unkpokttyslf0?svg=true)](https://ci.appveyor.com/project/zeffy/wufuc) [![](https://isitmaintained.com/badge/resolution/zeffy/wufuc.svg)](https://isitmaintained.com/project/zeffy/wufuc)
**English** | [русский](translations/README.ru-RU.md) | [Français](translations/README.fr-FR.md) | [Deutsch](translations/README.de-DE.md) | [Magyar](translations/README.hu-HU.md) | [Portuguese (Brazil)](translations/README.pt-BR.md)
[![Click here to lend your support to wufuc and make a donation at pledgie.com !](https://pledgie.com/campaigns/34055.png)](https://pledgie.com/campaigns/34055)
Disables the "Unsupported Hardware" message in Windows Update, and allows you to continue installing updates on Windows 7 and 8.1 systems with Intel Kaby Lake, AMD Ryzen, or other unsupported processors.
## Downloads [![](https://img.shields.io/github/downloads/zeffy/wufuc/total.svg)](../../releases)
### You can get the latest stable version [here](../../releases/latest)!
- [**Click here for the latest stable version**](../../releases/latest)
If you are feeling brave, you can try the latest unstable builds [here](https://ci.appveyor.com/project/zeffy/wufuc). **Use these at your own risk!**
## Sponsors
### [Advanced Installer](http://www.advancedinstaller.com/)
The installer packages are created with Advanced Installer on an open source license. Advanced Installer's intuitive and friendly user interface allowed me to quickly create a feature complete installer with minimal effort. [Check it out!](http://www.advancedinstaller.com/)
## Reporting an issue [![](https://isitmaintained.com/badge/resolution/zeffy/wufuc.svg)](https://isitmaintained.com/project/zeffy/wufuc)
See [CONTRIBUTING.md](CONTRIBUTING.md).
- [Unstable builds](https://ci.appveyor.com/project/zeffy/wufuc) (Use these at your own risk!)
## Preface
@@ -28,29 +17,54 @@ The changelog for Windows updates KB4012218 and KB4012219 included the following
> Enabled detection of processor generation and hardware support when PC tries to scan or download updates through Windows Update.
These updates marked the implementation of a [policy change](https://blogs.windows.com/windowsexperience/2016/01/15/windows-10-embracing-silicon-innovation/) they announced some time ago, where Microsoft stated that they would not be supporting Windows 7 or 8.1 on next-gen Intel, AMD and Qualcomm processors.
This was essentially a big middle finger to anyone who decides to not "upgrade" to the steaming pile of :shit: known as Windows 10, especially considering the extended support periods for Windows 7 and 8.1 won't be ending until January 4, 2020 and January 10, 2023 respectively.
It is essentially a big middle finger to anyone who decides to not "upgrade" to the steaming pile of :shit: known as Windows 10, especially considering the extended support periods for Windows 7 and 8.1 won't be ending until January 4, 2020 and January 10, 2023 respectively.
## Some people with older Intel and AMD processors are also affected!
This has even affected people with older Intel and AMD processors! I've received user reports of the [Intel Atom Z530](../../issues/7), [Intel Core i5-M 560](../../issues/23), [Intel Core i5-4300M](../../issues/24), [Intel Atom D525](../../issues/34), [Intel Pentium B940](../../issues/63), [AMD FX-8350](../../issues/32), and [AMD Turion 64 Mobile Technology ML-34](../../issues/80) all being blocked from receiving updates.
I've received user reports of the following CPUs all being blocked from receiving updates:
- [Intel Atom Z530](../../issues/7)
- [Intel Atom D525](../../issues/34)
- [Intel Core i5-M 560](../../issues/23)
- [Intel Core i5-4300M](../../issues/24)
- [Intel Pentium B940](../../issues/63)
- [AMD FX-8350](../../issues/32)
- [AMD Turion 64 Mobile Technology ML-34](../../issues/80)
## Bad Microsoft!
If you are interested, you can read my original write up on discovering the CPU check [here](../../tree/old-kb4012218-19).
## Features
- Enables Windows Update on PCs with unsupported processors.
- Written in C, the best programming language. :sunglasses:
- Comepletely free software (as in freedom) ([GPL v3.0](LICENSE))
- Does not modify any system files.
- Byte pattern-based patching, which means it will usually keep working even after new updates come out.
- Absolutely zero dependencies.
## How it works
Basically, inside a file called `wuaueng.dll` there are two functions: [`IsDeviceServiceable(void)`](https://gist.github.com/zeffy/e5ec266952932bc905eb0cbc6ed72185) and [`IsCPUSupported(void)`](https://gist.github.com/zeffy/1a8f8984d2bec97ae24af63a76278694). `IsDeviceServiceable(void)` is essentially a wrapper around `IsCPUSupported(void)` that caches the result it receives and recycles it on subsequent calls.
Basically, inside a system file called `wuaueng.dll` there are two functions responsible for the CPU check: `IsDeviceServiceable(void)` and `IsCPUSupported(void)`.
`IsDeviceServiceable` simply calls `IsCPUSupported` once, and then re-uses the result that it receives on subsequent calls.
My patch takes advantage of this behavior by patching a couple of boolean values and basically making Windows Update think that it has already checked your processor, and the result was that it is indeed supported.
My patch takes advantage of this result caching behavior by setting the "first run" value to `FALSE` and the cached result to `TRUE`.
- The installer registers wufuc as a custom Application Verifier provider.
- When a `svchost.exe` process starts, the Windows PE loader automatically loads wufuc into its virtual address space.
- After that, wufuc will then check the command line of the process it was loaded into, then install some API hooks when appropriate:
* `LoadLibraryExW` hook will automatically patch `wuaueng.dll` as soon as it is loaded.
* `RegQueryValueExW` hook is necessary to provide compatibility with attempts by other third-parties at bypassing the CPU check. (see issue [#100](../../issues/100))
- If wufuc gets loaded by a `svchost.exe` process that isn't related to Windows Update, it goes into a dormant state and no hooks are applied.
- At system boot the wufuc scheduled task runs as the `NT AUTHORITY\SYSTEM` user.
- `wufuc` determines what service host group process the Windows Update service runs in (typically `netsvcs`), and injects itself into it.
- Once injected, it applies a hook to `LoadLibraryEx` that automatically patches `wuaueng.dll` when it is loaded.
- Any previously loaded `wuaueng.dll` is also patched.
## Sponsors
### Several improvements over my batchfile method:
### [Advanced Installer](http://www.advancedinstaller.com/)
- **No system files are modified!**
- Heuristic-based patching, which means it will usually keep working even after new updates come out.
- C is best language!
- No external dependencies.
The installer packages are created with Advanced Installer using an [open source license](http://www.advancedinstaller.com/free-license.html). Advanced Installer's intuitive and friendly user interface allowed me to quickly create a feature complete installer with minimal effort. [Check it out!](http://www.advancedinstaller.com/)
## Special thanks
- Alex Ionescu ([@ionescu007](https://github.com/ionescu007)) for his [_"Hooking Nirvana"_ presentation at REcon 2015](https://www.youtube.com/watch?v=bqU0y4FzvT0) and its corresponding [repository of example code](https://github.com/ionescu007/HookingNirvana). wufuc v0.8+ could not have been possible without his great work.
- Wen Jia Liu ([@wj32](https://github.com/wj32)) for his awesome program [Process Hacker](https://github.com/processhacker2/processhacker) which has been absolutely instrumental in the development of wufuc, and also for his [`phnt`](https://github.com/processhacker2/processhacker/tree/master/phnt) headers.
- Duncan Ogilvie ([@mrexodia](https://github.com/mrexodia)) for his [`patternfind.cpp`](https://github.com/x64dbg/x64dbg/blob/development/src/dbg/patternfind.cpp) algorithm from [x64dbg](https://github.com/x64dbg/x64dbg).