fix crash on windows 7 x86 (still need to fix issue in windows 8.1)

README.md

@@ -65,6 +65,6 @@ The installer packages are created with Advanced Installer using an [open source
 
 ## Special thanks
 
-- Alex Ionescu ([@ionescu007](https://github.com/ionescu007)) for his [_"Hooking Nirvana"_ presentation at REcon 2015](https://www.youtube.com/watch?v=bqU0y4FzvT0) and its corresponding [repository of example code](https://github.com/ionescu007/HookingNirvana). wufuc v0.8+ could not have been possible without his great work.
+- Alex Ionescu ([@ionescu007](https://github.com/ionescu007)) for his [_"Hooking Nirvana"_ presentation at REcon 2015](https://www.youtube.com/watch?v=bqU0y4FzvT0) and its corresponding [repository of example code](https://github.com/ionescu007/HookingNirvana).
 - Wen Jia Liu ([@wj32](https://github.com/wj32)) for his awesome program [Process Hacker](https://github.com/processhacker2/processhacker) which has been absolutely instrumental in the development of wufuc, and also for his [`phnt`](https://github.com/processhacker2/processhacker/tree/master/phnt) headers.
-- Duncan Ogilvie ([@mrexodia](https://github.com/mrexodia)) for his [`patternfind.cpp`](https://github.com/x64dbg/x64dbg/blob/development/src/dbg/patternfind.cpp) algorithm from [x64dbg](https://github.com/x64dbg/x64dbg).
+- Duncan Ogilvie ([@mrexodia](https://github.com/mrexodia)) for his [`patternfind.cpp`](https://github.com/x64dbg/x64dbg/blob/development/src/dbg/patternfind.cpp) algorithm from [x64dbg](https://github.com/x64dbg/x64dbg).

wufuc/appverifier.h

@@ -41,4 +41,4 @@ typedef struct tagRTL_VERIFIER_PROVIDER_DESCRIPTOR
 extern RTL_VERIFIER_THUNK_DESCRIPTOR g_vfADVAPIThunkDescriptors[];
 extern RTL_VERIFIER_THUNK_DESCRIPTOR g_vfK32ThunkDescriptors[];
 extern RTL_VERIFIER_DLL_DESCRIPTOR g_vfDllDescriptors[];
-extern RTL_VERIFIER_PROVIDER_DESCRIPTOR g_vfProviderDescriptor;
+extern RTL_VERIFIER_PROVIDER_DESCRIPTOR g_vfProviderDescriptor;

wufuc/dllmain.c

@@ -35,20 +35,21 @@ BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserv
                 if ( verify_winver(6, 1, 0, 0, 0, VER_EQUAL, VER_EQUAL, 0, 0, 0)
                         || verify_winver(6, 3, 0, 0, 0, VER_EQUAL, VER_EQUAL, 0, 0, 0) ) {
 
-                        RTL_QUERY_REGISTRY_TABLE QueryTable;
+                        RTL_QUERY_REGISTRY_TABLE QueryTable[2];
                         RtlSecureZeroMemory(&QueryTable, sizeof(QueryTable));
-                        QueryTable.Name = L"ImagePath";
-                        QueryTable.Flags = RTL_QUERY_REGISTRY_DIRECT;
+                        QueryTable[0].Name = L"ImagePath";
+                        QueryTable[0].Flags = RTL_QUERY_REGISTRY_DIRECT;
                         UNICODE_STRING ImagePath;
                         RtlInitUnicodeString(&ImagePath, NULL);
-                        QueryTable.EntryContext = &ImagePath;
+                        QueryTable[0].EntryContext = &ImagePath;
+
+                        //TODO: check status and maybe fix implementation? idk...
                         NTSTATUS Status = RtlQueryRegistryValues(RTL_REGISTRY_SERVICES,
                                 L"wuauserv",
-                                &QueryTable,
+                                QueryTable,
                                 NULL,
                                 NULL);
                         
-                        // TODO: check status and maybe fix implementation? idk...
                         if ( !RtlCompareUnicodeString(&NtCurrentPeb()->ProcessParameters->CommandLine, &ImagePath, TRUE) )
                                 g_vfProviderDescriptor.ProviderDlls = g_vfDllDescriptors;
                 }

wufuc/helpers.h

@@ -22,4 +22,3 @@ BOOL file_exists(const wchar_t *path);
 int compare_versions(
         WORD wMajorA, WORD wMinorA, WORD wBuildA, WORD wRevisionA,
         WORD wMajorB, WORD wMinorB, WORD wBuildB, WORD wRevisionB);
-

wufuc/patchwua.c

@@ -74,4 +74,4 @@ bool patch_wua(void *lpBaseOfDll, size_t SizeOfImage, wchar_t *fname)
         }
 L_ret:
         return result;
-}
+}

wufuc/patternfind.c

@@ -98,21 +98,6 @@ static inline bool patternmatchbyte(unsigned char byte, const PatternByte pbyte)
         return (matched == 2);
 }
 
-unsigned char *patternfind3(unsigned char *data, size_t datasize, const PatternByte *pattern, size_t searchpatternsize)
-{
-        for ( size_t i = 0, pos = 0; i < datasize; i++ ) { //search for the pattern
-                if ( patternmatchbyte(data[i], pattern[pos]) ) { //check if our pattern matches the current byte
-                        pos++;
-                        if ( pos == searchpatternsize ) //everything matched
-                                return &data[i - searchpatternsize + 1];
-                } else if ( pos > 0 ) { //fix by Computer_Angel
-                        i -= pos;
-                        pos = 0; //reset current pattern position
-                }
-        }
-        return NULL;
-}
-
 unsigned char *patternfind(unsigned char *data, size_t datasize, const char *pattern)
 {
         size_t searchpatternsize = formathexpattern(pattern, NULL, 0) / 2;
@@ -176,4 +161,19 @@ bool patternsnr(unsigned char *data, size_t datasize, const char *searchpattern,
                 return false;
         patternwrite(found, datasize - (found - data), replacepattern);
         return true;
-}
+}
+
+unsigned char *patternfind3(unsigned char *data, size_t datasize, const PatternByte *pattern, size_t searchpatternsize)
+{
+        for ( size_t i = 0, pos = 0; i < datasize; i++ ) { //search for the pattern
+                if ( patternmatchbyte(data[i], pattern[pos]) ) { //check if our pattern matches the current byte
+                        pos++;
+                        if ( pos == searchpatternsize ) //everything matched
+                                return &data[i - searchpatternsize + 1];
+                } else if ( pos > 0 ) { //fix by Computer_Angel
+                        i -= pos;
+                        pos = 0; //reset current pattern position
+                }
+        }
+        return NULL;
+}