Vichingo455/wufuc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix crash on windows 7 x86 (still need to fix issue in windows 8.1)

Browse Source
This commit is contained in:
zeffy
2017-10-05 15:29:32 -07:00
parent 49416594e9
commit c8fa45f002
6 changed files with 27 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@@ -65,6 +65,6 @@ The installer packages are created with Advanced Installer using an [open source
## Special thanks ## Special thanks
- Alex Ionescu ([@ionescu007](https://github.com/ionescu007)) for his [_"Hooking Nirvana"_ presentation at REcon 2015](https://www.youtube.com/watch?v=bqU0y4FzvT0) and its corresponding [repository of example code](https://github.com/ionescu007/HookingNirvana). wufuc v0.8+ could not have been possible without his great work. - Alex Ionescu ([@ionescu007](https://github.com/ionescu007)) for his [_"Hooking Nirvana"_ presentation at REcon 2015](https://www.youtube.com/watch?v=bqU0y4FzvT0) and its corresponding [repository of example code](https://github.com/ionescu007/HookingNirvana).
- Wen Jia Liu ([@wj32](https://github.com/wj32)) for his awesome program [Process Hacker](https://github.com/processhacker2/processhacker) which has been absolutely instrumental in the development of wufuc, and also for his [`phnt`](https://github.com/processhacker2/processhacker/tree/master/phnt) headers. - Wen Jia Liu ([@wj32](https://github.com/wj32)) for his awesome program [Process Hacker](https://github.com/processhacker2/processhacker) which has been absolutely instrumental in the development of wufuc, and also for his [`phnt`](https://github.com/processhacker2/processhacker/tree/master/phnt) headers.
- Duncan Ogilvie ([@mrexodia](https://github.com/mrexodia)) for his [`patternfind.cpp`](https://github.com/x64dbg/x64dbg/blob/development/src/dbg/patternfind.cpp) algorithm from [x64dbg](https://github.com/x64dbg/x64dbg). - Duncan Ogilvie ([@mrexodia](https://github.com/mrexodia)) for his [`patternfind.cpp`](https://github.com/x64dbg/x64dbg/blob/development/src/dbg/patternfind.cpp) algorithm from [x64dbg](https://github.com/x64dbg/x64dbg).

13
wufuc/dllmain.c
View File

@@ -35,20 +35,21 @@ BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserv
if ( verify_winver(6, 1, 0, 0, 0, VER_EQUAL, VER_EQUAL, 0, 0, 0) if ( verify_winver(6, 1, 0, 0, 0, VER_EQUAL, VER_EQUAL, 0, 0, 0)
|| verify_winver(6, 3, 0, 0, 0, VER_EQUAL, VER_EQUAL, 0, 0, 0) ) { || verify_winver(6, 3, 0, 0, 0, VER_EQUAL, VER_EQUAL, 0, 0, 0) ) {
RTL_QUERY_REGISTRY_TABLE QueryTable; RTL_QUERY_REGISTRY_TABLE QueryTable[2];
RtlSecureZeroMemory(&QueryTable, sizeof(QueryTable)); RtlSecureZeroMemory(&QueryTable, sizeof(QueryTable));
QueryTable.Name = L"ImagePath"; QueryTable[0].Name = L"ImagePath";
QueryTable.Flags = RTL_QUERY_REGISTRY_DIRECT; QueryTable[0].Flags = RTL_QUERY_REGISTRY_DIRECT;
UNICODE_STRING ImagePath; UNICODE_STRING ImagePath;
RtlInitUnicodeString(&ImagePath, NULL); RtlInitUnicodeString(&ImagePath, NULL);
QueryTable.EntryContext = &ImagePath; QueryTable[0].EntryContext = &ImagePath;
//TODO: check status and maybe fix implementation? idk...
NTSTATUS Status = RtlQueryRegistryValues(RTL_REGISTRY_SERVICES, NTSTATUS Status = RtlQueryRegistryValues(RTL_REGISTRY_SERVICES,
L"wuauserv", L"wuauserv",
&QueryTable, QueryTable,
NULL, NULL,
NULL); NULL);
// TODO: check status and maybe fix implementation? idk...
if ( !RtlCompareUnicodeString(&NtCurrentPeb()->ProcessParameters->CommandLine, &ImagePath, TRUE) ) if ( !RtlCompareUnicodeString(&NtCurrentPeb()->ProcessParameters->CommandLine, &ImagePath, TRUE) )
g_vfProviderDescriptor.ProviderDlls = g_vfDllDescriptors; g_vfProviderDescriptor.ProviderDlls = g_vfDllDescriptors;
} }

1
wufuc/helpers.h
View File

@@ -22,4 +22,3 @@ BOOL file_exists(const wchar_t *path);
int compare_versions( int compare_versions(
WORD wMajorA, WORD wMinorA, WORD wBuildA, WORD wRevisionA, WORD wMajorA, WORD wMinorA, WORD wBuildA, WORD wRevisionA,
WORD wMajorB, WORD wMinorB, WORD wBuildB, WORD wRevisionB); WORD wMajorB, WORD wMinorB, WORD wBuildB, WORD wRevisionB);

30
wufuc/patternfind.c
View File

@@ -98,21 +98,6 @@ static inline bool patternmatchbyte(unsigned char byte, const PatternByte pbyte)
return (matched == 2); return (matched == 2);
} }
unsigned char *patternfind3(unsigned char *data, size_t datasize, const PatternByte *pattern, size_t searchpatternsize)
{
for ( size_t i = 0, pos = 0; i < datasize; i++ ) { //search for the pattern
if ( patternmatchbyte(data[i], pattern[pos]) ) { //check if our pattern matches the current byte
pos++;
if ( pos == searchpatternsize ) //everything matched
return &data[i - searchpatternsize + 1];
} else if ( pos > 0 ) { //fix by Computer_Angel
i -= pos;
pos = 0; //reset current pattern position
}
}
return NULL;
}
unsigned char *patternfind(unsigned char *data, size_t datasize, const char *pattern) unsigned char *patternfind(unsigned char *data, size_t datasize, const char *pattern)
{ {
size_t searchpatternsize = formathexpattern(pattern, NULL, 0) / 2; size_t searchpatternsize = formathexpattern(pattern, NULL, 0) / 2;
@@ -177,3 +162,18 @@ bool patternsnr(unsigned char *data, size_t datasize, const char *searchpattern,
patternwrite(found, datasize - (found - data), replacepattern); patternwrite(found, datasize - (found - data), replacepattern);
return true; return true;
} }
unsigned char *patternfind3(unsigned char *data, size_t datasize, const PatternByte *pattern, size_t searchpatternsize)
{
for ( size_t i = 0, pos = 0; i < datasize; i++ ) { //search for the pattern
if ( patternmatchbyte(data[i], pattern[pos]) ) { //check if our pattern matches the current byte
pos++;
if ( pos == searchpatternsize ) //everything matched
return &data[i - searchpatternsize + 1];
} else if ( pos > 0 ) { //fix by Computer_Angel
i -= pos;
pos = 0; //reset current pattern position
}
}
return NULL;
}