Vichingo455/wufuc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

slightly more strict wu module detection

Browse Source
This commit is contained in:
zeffy
2017-06-07 07:18:41 -07:00
parent 309981829e
commit c8538b8ec3
2 changed files with 17 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
wufuc/core.c
View File

@@ -44,22 +44,27 @@ DWORD WINAPI NewThreadProc(LPVOID lpParam) {
DETOUR_IAT(hm, LoadLibraryExA);
DETOUR_IAT(hm, LoadLibraryExW);
HMODULE hwu = GetModuleHandle(_T("wuaueng.dll"));
TCHAR lpServiceDll[MAX_PATH + 1];
get_svcdll(_T("wuauserv"), lpServiceDll, _countof(lpServiceDll));
HMODULE hwu = GetModuleHandle(lpServiceDll);
if (hwu) {
_dbgprintf("Found previously loaded wu module %s, applying patch...", lpServiceDll);
PatchWUModule(hwu);
}
ResumeAndCloseThreads(lphThreads, cb);
WaitForSingleObject(hEvent, INFINITE);
_tdbgprintf(_T("Unload event was set, removing hooks."));
_tdbgprintf(_T("Unload event was set, removing hooks..."));
SuspendProcessThreads(dwProcessId, dwThreadId, lphThreads, _countof(lphThreads), &cb);
RESTORE_IAT(hm, LoadLibraryExA);
RESTORE_IAT(hm, LoadLibraryExW);
ResumeAndCloseThreads(lphThreads, cb);
_tdbgprintf(_T("Unloading library. Cya!"));
_tdbgprintf(_T("Unloading library. See ya!"));
CloseHandle(hEvent);
FreeLibraryAndExitThread(HINST_THISCOMPONENT, 0);
return 0;
@@ -114,7 +119,7 @@ BOOL PatchWUModule(HMODULE hModule) {
return FALSE;
}
SIZE_T fpIsDeviceServiceable = (SIZE_T)modinfo.lpBaseOfDll + rva;
_tdbgprintf(_T("Matched pattern at %p"), fpIsDeviceServiceable);
_tdbgprintf(_T("Matched pattern at %p."), fpIsDeviceServiceable);
BOOL *lpbNotRunOnce = (BOOL *)(fpIsDeviceServiceable + n1 + sizeof(DWORD) + *(DWORD *)(fpIsDeviceServiceable + n1));
if (*lpbNotRunOnce) {
@@ -123,7 +128,7 @@ BOOL PatchWUModule(HMODULE hModule) {
VirtualProtect(lpbNotRunOnce, sizeof(BOOL), flNewProtect, &flOldProtect);
*lpbNotRunOnce = FALSE;
VirtualProtect(lpbNotRunOnce, sizeof(BOOL), flOldProtect, &flNewProtect);
_tdbgprintf(_T("Patched value at %p = %d"), lpbNotRunOnce, *lpbNotRunOnce);
_tdbgprintf(_T("Patched value at %p = %d."), lpbNotRunOnce, *lpbNotRunOnce);
}
BOOL *lpbCachedResult = (BOOL *)(fpIsDeviceServiceable + n2 + sizeof(DWORD) + *(DWORD *)(fpIsDeviceServiceable + n2));
@@ -133,7 +138,7 @@ BOOL PatchWUModule(HMODULE hModule) {
VirtualProtect(lpbCachedResult, sizeof(BOOL), flNewProtect, &flOldProtect);
*lpbCachedResult = TRUE;
VirtualProtect(lpbCachedResult, sizeof(BOOL), flOldProtect, &flNewProtect);
_tdbgprintf(_T("Patched value at %p = %d"), lpbCachedResult, *lpbCachedResult);
_tdbgprintf(_T("Patched value at %p = %d."), lpbCachedResult, *lpbCachedResult);
}
return TRUE;
}

6
wufuc/service.h
View File

@@ -5,6 +5,12 @@ BOOL get_svcdllA(LPCSTR lpServiceName, LPSTR lpServiceDll, DWORD dwSize);
BOOL get_svcdllW(LPCWSTR lpServiceName, LPWSTR lpServiceDll, DWORD dwSize);
#ifdef UNICODE
#define get_svcdll get_svcdllW
#else
#define get_svcdll get_svcdllA
#endif
BOOL get_svcpid(SC_HANDLE hSCManager, LPCTSTR lpServiceName, DWORD *lpdwProcessId);
BOOL get_svcgname(SC_HANDLE hSCManager, LPCTSTR lpServiceName, LPTSTR lpGroupName, SIZE_T dwSize);