0.6.1

- fixed x86 support
- added june updates to supported updates
- minor changes

install/install_wufuc.bat

@@ -36,30 +36,34 @@ if /I "%PROCESSOR_ARCHITECTURE%"=="AMD64" (
         goto :is_x64
     )
     if /I "%PROCESSOR_ARCHITECTURE%"=="x86" (
-        set "WINDOWS_ARCHITECTURE=x86"
+        goto :is_x86
-        set "wufuc_dll=%~dp0wufuc32.dll"
-        goto :check_ver
     )
 )
 goto :unsupported_os
 
+:is_x86
+set "WINDOWS_ARCHITECTURE=x86"
+set "wufuc_dll=%~dp0wufuc32.dll"
+goto :get_ver
+
 :is_x64
 set "WINDOWS_ARCHITECTURE=x64"
 set "wufuc_dll=%~dp0wufuc64.dll"
 
+:get_ver
 for /f "tokens=*" %%i in ('wmic /output:stdout datafile where "name='%wufuc_dll:\=\\%'" get Version /value ^| find "="') do set "%%i"
 title wufuc installer - v%Version%
 
 :check_ver
 wmic /output:stdout os get version | findstr "^6\.1\." >nul && (
     set "WINDOWS_VER=6.1"
-    set "SUPPORTED_HOTFIXES=KB4019265 KB4019264 KB4015552 KB4015549 KB4015546 KB4012218"
+    set "SUPPORTED_HOTFIXES=KB4022722 KB4022719 KB4019265 KB4019264 KB4015552 KB4015549 KB4015546 KB4012218"
     echo Detected supported operating system: Windows 7 %WINDOWS_ARCHITECTURE%
     goto :check_hotfix
 )
 wmic /output:stdout os get version | findstr "^6\.3\." >nul && (
     set "WINDOWS_VER=8.1"
-    set "SUPPORTED_HOTFIXES=KB4019217 KB4019215 KB4015553 KB4015550 KB4015547 KB4012219"
+    set "SUPPORTED_HOTFIXES=KB4022726 KB4022717 KB4019217 KB4019215 KB4015553 KB4015550 KB4015547 KB4012219"
     echo Detected supported operating system: Windows 8.1 %WINDOWS_ARCHITECTURE%
     goto :check_hotfix
 )

install/uninstall_wufuc.bat

@@ -34,17 +34,21 @@ if /I "%PROCESSOR_ARCHITECTURE%"=="AMD64" (
         goto :is_x64
     )
     if /I "%PROCESSOR_ARCHITECTURE%"=="x86" (
-        set "WINDOWS_ARCHITECTURE=x86"
+        goto :is_x86
-        set "wufuc_dll=%~dp0wufuc32.dll"
-        goto :confirmation
     )
 )
 goto :die
 
+:is_x86
+set "WINDOWS_ARCHITECTURE=x86"
+set "wufuc_dll=%~dp0wufuc32.dll"
+goto :get_ver
+
 :is_x64
 set "WINDOWS_ARCHITECTURE=x64"
 set "wufuc_dll=%~dp0wufuc64.dll"
 
+:get_ver
 for /f "tokens=*" %%i in ('wmic /output:stdout datafile where "name='%wufuc_dll:\=\\%'" get Version /value ^| find "="') do set "%%i"
 title wufuc uninstaller - v%Version%
 

install/utility scripts/disable_wufuc.bat

@@ -34,17 +34,19 @@ if /I "%PROCESSOR_ARCHITECTURE%"=="AMD64" (
         goto :is_x64
     )
     if /I "%PROCESSOR_ARCHITECTURE%"=="x86" (
-        set "WINDOWS_ARCHITECTURE=x86"
+        goto :is_x86
-        set "wufuc_dll=%~dp0..\wufuc32.dll"
-        goto :confirmation
     )
 )
 goto :die
 
+:is_x86
+set "wufuc_dll=%~dp0..\wufuc32.dll"
+goto :disable
+
 :is_x64
-set "WINDOWS_ARCHITECTURE=x64"
 set "wufuc_dll=%~dp0..\wufuc64.dll"
 
+:disable
 set "wufuc_task=wufuc.{72EEE38B-9997-42BD-85D3-2DD96DA17307}"
 rundll32 "%wufuc_dll%",Rundll32Unload
 net start Schedule

wufuc.sln

@@ -15,20 +15,16 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution
 EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
-		Debug|Any CPU = Debug|Any CPU
 		Debug|x64 = Debug|x64
 		Debug|x86 = Debug|x86
-		Release|Any CPU = Release|Any CPU
 		Release|x64 = Release|x64
 		Release|x86 = Release|x86
 	EndGlobalSection
 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
-		{00F96695-CE41-4C2F-A344-6219DFB4F887}.Debug|Any CPU.ActiveCfg = Debug|Win32
 		{00F96695-CE41-4C2F-A344-6219DFB4F887}.Debug|x64.ActiveCfg = Debug|x64
 		{00F96695-CE41-4C2F-A344-6219DFB4F887}.Debug|x64.Build.0 = Debug|x64
 		{00F96695-CE41-4C2F-A344-6219DFB4F887}.Debug|x86.ActiveCfg = Debug|Win32
 		{00F96695-CE41-4C2F-A344-6219DFB4F887}.Debug|x86.Build.0 = Debug|Win32
-		{00F96695-CE41-4C2F-A344-6219DFB4F887}.Release|Any CPU.ActiveCfg = Release|Win32
 		{00F96695-CE41-4C2F-A344-6219DFB4F887}.Release|x64.ActiveCfg = Release|x64
 		{00F96695-CE41-4C2F-A344-6219DFB4F887}.Release|x64.Build.0 = Release|x64
 		{00F96695-CE41-4C2F-A344-6219DFB4F887}.Release|x86.ActiveCfg = Release|Win32

wufuc/core.c

@@ -1,3 +1,4 @@
+#include <stdint.h>
 #include <Windows.h>
 #include <Psapi.h>
 #include <TlHelp32.h>
@@ -64,61 +65,57 @@ DWORD WINAPI NewThreadProc(LPVOID lpParam) {
     CloseHandle(hEvent);
     _tdbgprintf(_T("See ya!"));
     FreeLibraryAndExitThread(HINST_THISCOMPONENT, 0);
-    return 0;
 }
 
 BOOL PatchWUAgentHMODULE(HMODULE hModule) {
-    LPSTR lpszPattern;
+    LPSTR pattern;
-    SIZE_T n1, n2;
+    SIZE_T offset00, offset01;
-#ifdef _WIN64
+    if (Is64BitWindows()) {
-    lpszPattern = "FFF3 4883EC?? 33DB 391D???????? 7508 8B05????????";
+        pattern = "FFF3 4883EC?? 33DB 391D???????? 7508 8B05????????";
-    n1 = 10;
+        offset00 = 10;
-    n2 = 18;
+        offset01 = 18;
-#elif defined(_WIN32)
+    } else if (WindowsVersionCompare(VER_EQUAL, 6, 1, 0, 0, VER_MAJORVERSION | VER_MINORVERSION)) {
-    if (WindowsVersionCompare(VER_EQUAL, 6, 1, 0, 0, VER_MAJORVERSION | VER_MINORVERSION)) {
+        pattern = "833D????????00 743E E8???????? A3????????";
-        lpszPattern = "833D????????00 743E E8???????? A3????????";
+        offset00 = 2;
-        n1 = 2;
+        offset01 = 15;
-        n2 = 15;
     } else if (WindowsVersionCompare(VER_EQUAL, 6, 3, 0, 0, VER_MAJORVERSION | VER_MINORVERSION)) {
-        lpszPattern = "8BFF 51 833D????????00 7507 A1????????";
+        pattern = "8BFF 51 833D????????00 7507 A1????????";
-        n1 = 5;
+        offset00 = 5;
-        n2 = 13;
+        offset01 = 13;
+    } else {
+        return FALSE;
     }
-#else
-    return FALSE;
-#endif
 
     MODULEINFO modinfo;
     GetModuleInformation(GetCurrentProcess(), hModule, &modinfo, sizeof(MODULEINFO));
 
-    SIZE_T rva = patternfind(modinfo.lpBaseOfDll, modinfo.SizeOfImage, 0, lpszPattern);
+    SIZE_T rva = patternfind(modinfo.lpBaseOfDll, modinfo.SizeOfImage, 0, pattern);
     if (rva == -1) {
         _tdbgprintf(_T("No pattern match!"));
         return FALSE;
     }
-    
+    uintptr_t baseAddress = (uintptr_t)modinfo.lpBaseOfDll;
-    SIZE_T fpIsDeviceServiceable = (SIZE_T)modinfo.lpBaseOfDll + rva;
+    uintptr_t fpIsDeviceServiceable = baseAddress + rva;
-    _tdbgprintf(_T("Pattern match at offset %p."), fpIsDeviceServiceable);
+    _tdbgprintf(_T("Found address of IsDeviceServiceable. (%p)"), fpIsDeviceServiceable);
-
     BOOL result = FALSE;
-
+    LPBOOL lpbFirstRun, lpbIsCPUSupportedResult;
-    DWORD flOldProtect;
+    if (Is64BitWindows()) {
-    DWORD flNewProtect = PAGE_READWRITE;
+        lpbFirstRun = (LPBOOL)(fpIsDeviceServiceable + offset00 + sizeof(uint32_t) + *(uint32_t *)(fpIsDeviceServiceable + offset00));
-    BOOL *lpbNotRunOnce = (BOOL *)(fpIsDeviceServiceable + n1 + sizeof(DWORD) + *(DWORD *)(fpIsDeviceServiceable + n1));
+        lpbIsCPUSupportedResult = (LPBOOL)(fpIsDeviceServiceable + offset01 + sizeof(uint32_t) + *(uint32_t *)(fpIsDeviceServiceable + offset01));
-    if (*lpbNotRunOnce) {
+    } else {
-        VirtualProtect(lpbNotRunOnce, sizeof(BOOL), flNewProtect, &flOldProtect);
+        lpbFirstRun = (LPBOOL)(*(uintptr_t *)(fpIsDeviceServiceable + offset00));
-        *lpbNotRunOnce = FALSE;
+        lpbIsCPUSupportedResult = (LPBOOL)(*(uintptr_t *)(fpIsDeviceServiceable + offset01));
-        VirtualProtect(lpbNotRunOnce, sizeof(BOOL), flOldProtect, &flNewProtect);
-        _tdbgprintf(_T("Wrote value %d to address %p."), *lpbNotRunOnce, lpbNotRunOnce);
-        result = TRUE;
     }
     
-    BOOL *lpbCachedResult = (BOOL *)(fpIsDeviceServiceable + n2 + sizeof(DWORD) + *(DWORD *)(fpIsDeviceServiceable + n2));
+    if (*lpbFirstRun) {
-    if (!*lpbCachedResult) {
+        *lpbFirstRun = FALSE;
-        VirtualProtect(lpbCachedResult, sizeof(BOOL), flNewProtect, &flOldProtect);
+        _tdbgprintf(_T("Changed first run to FALSE. (%p=%08x)"), lpbFirstRun, *lpbFirstRun);
-        *lpbCachedResult = TRUE;
+        result = TRUE;
-        VirtualProtect(lpbCachedResult, sizeof(BOOL), flOldProtect, &flNewProtect);
+    }
-        _tdbgprintf(_T("Wrote value %d to address %p."), *lpbCachedResult, lpbCachedResult);
+    if (!*lpbIsCPUSupportedResult) {
+        *lpbIsCPUSupportedResult = TRUE;
+        _tdbgprintf(_T("Changed cached result to TRUE. (%p=%08x)."), 
+            lpbIsCPUSupportedResult, *lpbIsCPUSupportedResult);
         result = TRUE;
     }
     return result;

wufuc/patternfind.c

@@ -1,21 +1,20 @@
 #include <Windows.h>
 #include "patternfind.h"
 
-/* 
+/*  Work in progress. Ported to C from x64dbg's patternfind.cpp:
-    Work in progress. Ported to C from x64dbg's patternfind.cpp:
+      <https://github.com/x64dbg/x64dbg/blob/development/src/dbg/patternfind.cpp>
-        https://github.com/x64dbg/x64dbg/blob/development/src/dbg/patternfind.cpp
-     x64dbg license (GPL-3.0):
-        https://github.com/x64dbg/x64dbg/blob/development/LICENSE 
-*/
 
-int hexchtoint(CHAR ch) {
+    x64dbg license (GPL-3.0):
+      <https://github.com/x64dbg/x64dbg/blob/development/LICENSE> */
+
+int hexchtoint(CHAR c) {
     int result = -1;
-    if (ch >= '0' && ch <= '9') {
+    if (c >= '0' && c <= '9') {
-        result = ch - '0';
+        result = c - '0';
-    } else if (ch >= 'A' && ch <= 'F') {
+    } else if (c >= 'A' && c <= 'F') {
-        result = ch - 'A' + 10;
+        result = c - 'A' + 10;
-    } else if (ch >= 'a' && ch <= 'f') {
+    } else if (c >= 'a' && c <= 'f') {
-        result = ch - 'a' + 10;
+        result = c - 'a' + 10;
     }
     return result;
 }
@@ -43,11 +42,11 @@ BOOL patterntransform(LPCSTR patterntext, LPPATTERNBYTE pattern, SIZE_T *pattern
     cb = formathexpattern(patterntext, formattext, cb);
 
     if (cb % 2) {
-        formattext[++cb] = '?';
+        formattext[cb++] = '?';
     }
     formattext[cb] = '\0';
 
-    for (SIZE_T i = 0, j = 0, k = 0; i < cb; i++, j ^= 1, k = (i - j) / 2) {
+    for (SIZE_T i = 0, j = 0, k = 0; i < cb; i++, j ^= 1, k = (i - j) >> 1) {
         if (formattext[i] == '?') {
             pattern[k].nibble[j].wildcard = TRUE;
         } else {
@@ -56,7 +55,7 @@ BOOL patterntransform(LPCSTR patterntext, LPPATTERNBYTE pattern, SIZE_T *pattern
         }
     }
     free(formattext);
-    *patternsize = cb / 2;
+    *patternsize = cb >> 1;
     return TRUE;
 }
 

wufuc/util.c

@@ -22,7 +22,7 @@ VOID DetourIAT(HMODULE hModule, LPSTR lpFuncName, LPVOID *lpOldAddress, LPVOID l
 }
 
 LPVOID *FindIAT(HMODULE hModule, LPSTR lpFunctionName) {
-    SIZE_T hm = (SIZE_T)hModule;
+    uintptr_t hm = (uintptr_t)hModule;
 
     for (PIMAGE_IMPORT_DESCRIPTOR iid = (PIMAGE_IMPORT_DESCRIPTOR)(hm + ((PIMAGE_NT_HEADERS)(hm + ((PIMAGE_DOS_HEADER)hm)->e_lfanew))
         ->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress); iid->Name; iid++) {