Vichingo455/wufuc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

0.6.1

Browse Source 
- fixed x86 support
- added june updates to supported updates
- minor changes
This commit is contained in:
zeffy
2017-06-14 03:29:14 -07:00
parent c4a78a3e24
commit cda46fbc9f
8 changed files with 74 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
install/install_wufuc.bat
View File

@@ -36,30 +36,34 @@ if /I "%PROCESSOR_ARCHITECTURE%"=="AMD64" (
goto :is_x64
)
if /I "%PROCESSOR_ARCHITECTURE%"=="x86" (
set "WINDOWS_ARCHITECTURE=x86"
set "wufuc_dll=%~dp0wufuc32.dll"
goto :check_ver
goto :is_x86
)
)
goto :unsupported_os
:is_x86
set "WINDOWS_ARCHITECTURE=x86"
set "wufuc_dll=%~dp0wufuc32.dll"
goto :get_ver
:is_x64
set "WINDOWS_ARCHITECTURE=x64"
set "wufuc_dll=%~dp0wufuc64.dll"
:get_ver
for /f "tokens=*" %%i in ('wmic /output:stdout datafile where "name='%wufuc_dll:\=\\%'" get Version /value ^| find "="') do set "%%i"
title wufuc installer - v%Version%
:check_ver
wmic /output:stdout os get version | findstr "^6\.1\." >nul && (
set "WINDOWS_VER=6.1"
set "SUPPORTED_HOTFIXES=KB4019265 KB4019264 KB4015552 KB4015549 KB4015546 KB4012218"
set "SUPPORTED_HOTFIXES=KB4022722 KB4022719 KB4019265 KB4019264 KB4015552 KB4015549 KB4015546 KB4012218"
echo Detected supported operating system: Windows 7 %WINDOWS_ARCHITECTURE%
goto :check_hotfix
)
wmic /output:stdout os get version | findstr "^6\.3\." >nul && (
set "WINDOWS_VER=8.1"
set "SUPPORTED_HOTFIXES=KB4019217 KB4019215 KB4015553 KB4015550 KB4015547 KB4012219"
set "SUPPORTED_HOTFIXES=KB4022726 KB4022717 KB4019217 KB4019215 KB4015553 KB4015550 KB4015547 KB4012219"
echo Detected supported operating system: Windows 8.1 %WINDOWS_ARCHITECTURE%
goto :check_hotfix
)

10
install/uninstall_wufuc.bat
View File

@@ -34,17 +34,21 @@ if /I "%PROCESSOR_ARCHITECTURE%"=="AMD64" (
goto :is_x64
)
if /I "%PROCESSOR_ARCHITECTURE%"=="x86" (
set "WINDOWS_ARCHITECTURE=x86"
set "wufuc_dll=%~dp0wufuc32.dll"
goto :confirmation
goto :is_x86
)
)
goto :die
:is_x86
set "WINDOWS_ARCHITECTURE=x86"
set "wufuc_dll=%~dp0wufuc32.dll"
goto :get_ver
:is_x64
set "WINDOWS_ARCHITECTURE=x64"
set "wufuc_dll=%~dp0wufuc64.dll"
:get_ver
for /f "tokens=*" %%i in ('wmic /output:stdout datafile where "name='%wufuc_dll:\=\\%'" get Version /value ^| find "="') do set "%%i"
title wufuc uninstaller - v%Version%

10
install/utility scripts/disable_wufuc.bat
View File

@@ -34,17 +34,19 @@ if /I "%PROCESSOR_ARCHITECTURE%"=="AMD64" (
goto :is_x64
)
if /I "%PROCESSOR_ARCHITECTURE%"=="x86" (
set "WINDOWS_ARCHITECTURE=x86"
set "wufuc_dll=%~dp0..\wufuc32.dll"
goto :confirmation
goto :is_x86
)
)
goto :die
:is_x86
set "wufuc_dll=%~dp0..\wufuc32.dll"
goto :disable
:is_x64
set "WINDOWS_ARCHITECTURE=x64"
set "wufuc_dll=%~dp0..\wufuc64.dll"
:disable
set "wufuc_task=wufuc.{72EEE38B-9997-42BD-85D3-2DD96DA17307}"
rundll32 "%wufuc_dll%",Rundll32Unload
net start Schedule

4
wufuc.sln
View File

@@ -15,20 +15,16 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Debug|x64 = Debug|x64
Debug|x86 = Debug|x86
Release|Any CPU = Release|Any CPU
Release|x64 = Release|x64
Release|x86 = Release|x86
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{00F96695-CE41-4C2F-A344-6219DFB4F887}.Debug|Any CPU.ActiveCfg = Debug|Win32
{00F96695-CE41-4C2F-A344-6219DFB4F887}.Debug|x64.ActiveCfg = Debug|x64
{00F96695-CE41-4C2F-A344-6219DFB4F887}.Debug|x64.Build.0 = Debug|x64
{00F96695-CE41-4C2F-A344-6219DFB4F887}.Debug|x86.ActiveCfg = Debug|Win32
{00F96695-CE41-4C2F-A344-6219DFB4F887}.Debug|x86.Build.0 = Debug|Win32
{00F96695-CE41-4C2F-A344-6219DFB4F887}.Release|Any CPU.ActiveCfg = Release|Win32
{00F96695-CE41-4C2F-A344-6219DFB4F887}.Release|x64.ActiveCfg = Release|x64
{00F96695-CE41-4C2F-A344-6219DFB4F887}.Release|x64.Build.0 = Release|x64
{00F96695-CE41-4C2F-A344-6219DFB4F887}.Release|x86.ActiveCfg = Release|Win32

75
wufuc/core.c
View File

@@ -1,3 +1,4 @@
#include <stdint.h>
#include <Windows.h>
#include <Psapi.h>
#include <TlHelp32.h>
@@ -64,61 +65,57 @@ DWORD WINAPI NewThreadProc(LPVOID lpParam) {
CloseHandle(hEvent);
_tdbgprintf(_T("See ya!"));
FreeLibraryAndExitThread(HINST_THISCOMPONENT, 0);
return 0;
}
BOOL PatchWUAgentHMODULE(HMODULE hModule) {
LPSTR lpszPattern;
SIZE_T n1, n2;
#ifdef _WIN64
lpszPattern = "FFF3 4883EC?? 33DB 391D???????? 7508 8B05????????";
n1 = 10;
n2 = 18;
#elif defined(_WIN32)
if (WindowsVersionCompare(VER_EQUAL, 6, 1, 0, 0, VER_MAJORVERSION | VER_MINORVERSION)) {
lpszPattern = "833D????????00 743E E8???????? A3????????";
n1 = 2;
n2 = 15;
LPSTR pattern;
SIZE_T offset00, offset01;
if (Is64BitWindows()) {
pattern = "FFF3 4883EC?? 33DB 391D???????? 7508 8B05????????";
offset00 = 10;
offset01 = 18;
} else if (WindowsVersionCompare(VER_EQUAL, 6, 1, 0, 0, VER_MAJORVERSION | VER_MINORVERSION)) {
pattern = "833D????????00 743E E8???????? A3????????";
offset00 = 2;
offset01 = 15;
} else if (WindowsVersionCompare(VER_EQUAL, 6, 3, 0, 0, VER_MAJORVERSION | VER_MINORVERSION)) {
lpszPattern = "8BFF 51 833D????????00 7507 A1????????";
n1 = 5;
n2 = 13;
}
#else
pattern = "8BFF 51 833D????????00 7507 A1????????";
offset00 = 5;
offset01 = 13;
} else {
return FALSE;
#endif
}
MODULEINFO modinfo;
GetModuleInformation(GetCurrentProcess(), hModule, &modinfo, sizeof(MODULEINFO));
SIZE_T rva = patternfind(modinfo.lpBaseOfDll, modinfo.SizeOfImage, 0, lpszPattern);
SIZE_T rva = patternfind(modinfo.lpBaseOfDll, modinfo.SizeOfImage, 0, pattern);
if (rva == -1) {
_tdbgprintf(_T("No pattern match!"));
return FALSE;
}
SIZE_T fpIsDeviceServiceable = (SIZE_T)modinfo.lpBaseOfDll + rva;
_tdbgprintf(_T("Pattern match at offset %p."), fpIsDeviceServiceable);
uintptr_t baseAddress = (uintptr_t)modinfo.lpBaseOfDll;
uintptr_t fpIsDeviceServiceable = baseAddress + rva;
_tdbgprintf(_T("Found address of IsDeviceServiceable. (%p)"), fpIsDeviceServiceable);
BOOL result = FALSE;
DWORD flOldProtect;
DWORD flNewProtect = PAGE_READWRITE;
BOOL *lpbNotRunOnce = (BOOL *)(fpIsDeviceServiceable + n1 + sizeof(DWORD) + *(DWORD *)(fpIsDeviceServiceable + n1));
if (*lpbNotRunOnce) {
VirtualProtect(lpbNotRunOnce, sizeof(BOOL), flNewProtect, &flOldProtect);
*lpbNotRunOnce = FALSE;
VirtualProtect(lpbNotRunOnce, sizeof(BOOL), flOldProtect, &flNewProtect);
_tdbgprintf(_T("Wrote value %d to address %p."), *lpbNotRunOnce, lpbNotRunOnce);
result = TRUE;
LPBOOL lpbFirstRun, lpbIsCPUSupportedResult;
if (Is64BitWindows()) {
lpbFirstRun = (LPBOOL)(fpIsDeviceServiceable + offset00 + sizeof(uint32_t) + *(uint32_t *)(fpIsDeviceServiceable + offset00));
lpbIsCPUSupportedResult = (LPBOOL)(fpIsDeviceServiceable + offset01 + sizeof(uint32_t) + *(uint32_t *)(fpIsDeviceServiceable + offset01));
} else {
lpbFirstRun = (LPBOOL)(*(uintptr_t *)(fpIsDeviceServiceable + offset00));
lpbIsCPUSupportedResult = (LPBOOL)(*(uintptr_t *)(fpIsDeviceServiceable + offset01));
}
BOOL *lpbCachedResult = (BOOL *)(fpIsDeviceServiceable + n2 + sizeof(DWORD) + *(DWORD *)(fpIsDeviceServiceable + n2));
if (!*lpbCachedResult) {
VirtualProtect(lpbCachedResult, sizeof(BOOL), flNewProtect, &flOldProtect);
*lpbCachedResult = TRUE;
VirtualProtect(lpbCachedResult, sizeof(BOOL), flOldProtect, &flNewProtect);
_tdbgprintf(_T("Wrote value %d to address %p."), *lpbCachedResult, lpbCachedResult);
if (*lpbFirstRun) {
*lpbFirstRun = FALSE;
_tdbgprintf(_T("Changed first run to FALSE. (%p=%08x)"), lpbFirstRun, *lpbFirstRun);
result = TRUE;
}
if (!*lpbIsCPUSupportedResult) {
*lpbIsCPUSupportedResult = TRUE;
_tdbgprintf(_T("Changed cached result to TRUE. (%p=%08x)."),
lpbIsCPUSupportedResult, *lpbIsCPUSupportedResult);
result = TRUE;
}
return result;

31
wufuc/patternfind.c
View File

@@ -1,21 +1,20 @@
#include <Windows.h>
#include "patternfind.h"
/*
Work in progress. Ported to C from x64dbg's patternfind.cpp:
https://github.com/x64dbg/x64dbg/blob/development/src/dbg/patternfind.cpp
x64dbg license (GPL-3.0):
https://github.com/x64dbg/x64dbg/blob/development/LICENSE
*/
/* Work in progress. Ported to C from x64dbg's patternfind.cpp:
<https://github.com/x64dbg/x64dbg/blob/development/src/dbg/patternfind.cpp>
int hexchtoint(CHAR ch) {
x64dbg license (GPL-3.0):
<https://github.com/x64dbg/x64dbg/blob/development/LICENSE> */
int hexchtoint(CHAR c) {
int result = -1;
if (ch >= '0' && ch <= '9') {
result = ch - '0';
} else if (ch >= 'A' && ch <= 'F') {
result = ch - 'A' + 10;
} else if (ch >= 'a' && ch <= 'f') {
result = ch - 'a' + 10;
if (c >= '0' && c <= '9') {
result = c - '0';
} else if (c >= 'A' && c <= 'F') {
result = c - 'A' + 10;
} else if (c >= 'a' && c <= 'f') {
result = c - 'a' + 10;
}
return result;
}
@@ -43,11 +42,11 @@ BOOL patterntransform(LPCSTR patterntext, LPPATTERNBYTE pattern, SIZE_T *pattern
cb = formathexpattern(patterntext, formattext, cb);
if (cb % 2) {
formattext[++cb] = '?';
formattext[cb++] = '?';
}
formattext[cb] = '\0';
for (SIZE_T i = 0, j = 0, k = 0; i < cb; i++, j ^= 1, k = (i - j) / 2) {
for (SIZE_T i = 0, j = 0, k = 0; i < cb; i++, j ^= 1, k = (i - j) >> 1) {
if (formattext[i] == '?') {
pattern[k].nibble[j].wildcard = TRUE;
} else {
@@ -56,7 +55,7 @@ BOOL patterntransform(LPCSTR patterntext, LPPATTERNBYTE pattern, SIZE_T *pattern
}
}
free(formattext);
*patternsize = cb / 2;
*patternsize = cb >> 1;
return TRUE;
}

2
wufuc/util.c
View File

@@ -22,7 +22,7 @@ VOID DetourIAT(HMODULE hModule, LPSTR lpFuncName, LPVOID *lpOldAddress, LPVOID l
}
LPVOID *FindIAT(HMODULE hModule, LPSTR lpFunctionName) {
SIZE_T hm = (SIZE_T)hModule;
uintptr_t hm = (uintptr_t)hModule;
for (PIMAGE_IMPORT_DESCRIPTOR iid = (PIMAGE_IMPORT_DESCRIPTOR)(hm + ((PIMAGE_NT_HEADERS)(hm + ((PIMAGE_DOS_HEADER)hm)->e_lfanew))
->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress); iid->Name; iid++) {

BIN
wufuc/version.rc
View File

Binary file not shown.