fix crash on windows 7 x86 (still need to fix issue in windows 8.1)

2017-10-05 15:29:32 -07:00
parent 49416594e9
commit c8fa45f002
6 changed files with 27 additions and 27 deletions
--- a/README.md
+++ b/README.md
@@ -65,6 +65,6 @@ The installer packages are created with Advanced Installer using an [open source

 ## Special thanks

- Alex Ionescu ([@ionescu007](https://github.com/ionescu007)) for his [_"Hooking Nirvana"_ presentation at REcon 2015](https://www.youtube.com/watch?v=bqU0y4FzvT0) and its corresponding [repository of example code](https://github.com/ionescu007/HookingNirvana). wufuc v0.8+ could not have been possible without his great work.
+- Alex Ionescu ([@ionescu007](https://github.com/ionescu007)) for his [_"Hooking Nirvana"_ presentation at REcon 2015](https://www.youtube.com/watch?v=bqU0y4FzvT0) and its corresponding [repository of example code](https://github.com/ionescu007/HookingNirvana).
 - Wen Jia Liu ([@wj32](https://github.com/wj32)) for his awesome program [Process Hacker](https://github.com/processhacker2/processhacker) which has been absolutely instrumental in the development of wufuc, and also for his [`phnt`](https://github.com/processhacker2/processhacker/tree/master/phnt) headers.
 - Duncan Ogilvie ([@mrexodia](https://github.com/mrexodia)) for his [`patternfind.cpp`](https://github.com/x64dbg/x64dbg/blob/development/src/dbg/patternfind.cpp) algorithm from [x64dbg](https://github.com/x64dbg/x64dbg).
--- a/wufuc/dllmain.c
+++ b/wufuc/dllmain.c
@@ -35,20 +35,21 @@ BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserv
                if ( verify_winver(6, 1, 0, 0, 0, VER_EQUAL, VER_EQUAL, 0, 0, 0)
                        || verify_winver(6, 3, 0, 0, 0, VER_EQUAL, VER_EQUAL, 0, 0, 0) ) {

-                        RTL_QUERY_REGISTRY_TABLE QueryTable;
+                        RTL_QUERY_REGISTRY_TABLE QueryTable[2];
                        RtlSecureZeroMemory(&QueryTable, sizeof(QueryTable));
-                        QueryTable.Name = L"ImagePath";
-                        QueryTable.Flags = RTL_QUERY_REGISTRY_DIRECT;
+                        QueryTable[0].Name = L"ImagePath";
+                        QueryTable[0].Flags = RTL_QUERY_REGISTRY_DIRECT;
                        UNICODE_STRING ImagePath;
                        RtlInitUnicodeString(&ImagePath, NULL);
-                        QueryTable.EntryContext = &ImagePath;
+                        QueryTable[0].EntryContext = &ImagePath;
+
+                        //TODO: check status and maybe fix implementation? idk...
                        NTSTATUS Status = RtlQueryRegistryValues(RTL_REGISTRY_SERVICES,
                                L"wuauserv",
-                                &QueryTable,
+                                QueryTable,
                                NULL,
                                NULL);
                        
-                        // TODO: check status and maybe fix implementation? idk...
                        if ( !RtlCompareUnicodeString(&NtCurrentPeb()->ProcessParameters->CommandLine, &ImagePath, TRUE) )
                                g_vfProviderDescriptor.ProviderDlls = g_vfDllDescriptors;
                }
--- a/wufuc/helpers.h
+++ b/wufuc/helpers.h
@@ -22,4 +22,3 @@ BOOL file_exists(const wchar_t *path);
 int compare_versions(
        WORD wMajorA, WORD wMinorA, WORD wBuildA, WORD wRevisionA,
        WORD wMajorB, WORD wMinorB, WORD wBuildB, WORD wRevisionB);
-
--- a/wufuc/patternfind.c
+++ b/wufuc/patternfind.c
@@ -98,21 +98,6 @@ static inline bool patternmatchbyte(unsigned char byte, const PatternByte pbyte)
        return (matched == 2);
 }

-unsigned char *patternfind3(unsigned char *data, size_t datasize, const PatternByte *pattern, size_t searchpatternsize)
-{
-        for ( size_t i = 0, pos = 0; i < datasize; i++ ) { //search for the pattern
-                if ( patternmatchbyte(data[i], pattern[pos]) ) { //check if our pattern matches the current byte
-                        pos++;
-                        if ( pos == searchpatternsize ) //everything matched
-                                return &data[i - searchpatternsize + 1];
-                } else if ( pos > 0 ) { //fix by Computer_Angel
-                        i -= pos;
-                        pos = 0; //reset current pattern position
-                }
-        }
-        return NULL;
-}
-
 unsigned char *patternfind(unsigned char *data, size_t datasize, const char *pattern)
 {
        size_t searchpatternsize = formathexpattern(pattern, NULL, 0) / 2;
@@ -177,3 +162,18 @@ bool patternsnr(unsigned char *data, size_t datasize, const char *searchpattern,
        patternwrite(found, datasize - (found - data), replacepattern);
        return true;
 }
+
+unsigned char *patternfind3(unsigned char *data, size_t datasize, const PatternByte *pattern, size_t searchpatternsize)
+{
+        for ( size_t i = 0, pos = 0; i < datasize; i++ ) { //search for the pattern
+                if ( patternmatchbyte(data[i], pattern[pos]) ) { //check if our pattern matches the current byte
+                        pos++;
+                        if ( pos == searchpatternsize ) //everything matched
+                                return &data[i - searchpatternsize + 1];
+                } else if ( pos > 0 ) { //fix by Computer_Angel
+                        i -= pos;
+                        pos = 0; //reset current pattern position
+                }
+        }
+        return NULL;
+}