Vichingo455/wufuc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update README, new xdelta patches, new AIO script

Browse Source
This commit is contained in:
zeffy
2017-04-19 05:30:27 -07:00
parent de137f02e8
commit eaff1d2451
31 changed files with 186 additions and 467 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
README.md
View File

@@ -1,4 +1,4 @@
### [If you are looking for the latest xdelta patch files, you can find them here!](https://github.com/zeffy/kb4012218-kb4012219/releases)
### [If you are looking for the latest patch files, you can find them here!](https://github.com/zeffy/kb4012218-19/releases)
---
@@ -7,27 +7,33 @@
Title | Products | Classification | Last Updated | Version | Size
----- | -------- | -------------- | ------------ | ------- | ----
March, 2017 Preview of Monthly Quality Rollup for Windows 7 ([KB4012218]) | Windows 7 | Updates | 3/16/2017 | n/a | 93.4 MB
March, 2017 Preview of Monthly Quality Rollup for Windows 7 for x64-based Systems ([KB4012218]) | Windows 7 | Updates | 3/16/2017 | n/a | 153.9 MB
March, 2017 Preview of Monthly Quality Rollup for Windows 7 for x64-based Systems ([KB4012218]) | Windows 7 | Updates | 3/16/2017 | n/a | 153.9 MB
March, 2017 Preview of Monthly Quality Rollup for Windows Server 2008 R2 x64 Edition ([KB4012218]) | Windows Server 2008 R2 | Updates | 3/16/2017 | n/a | 153.9 MB
March, 2017 Preview of Monthly Quality Rollup for Windows 8.1 ([KB4012219]) | Windows 8.1 | Updates | 3/16/2017 | n/a | 121.2 MB
March, 2017 Preview of Monthly Quality Rollup for Windows 8.1 for x64-based Systems ([KB4012219]) | Windows 8.1 | Updates | 3/16/2017 | n/a | 218.0 MB
March, 2017 Preview of Monthly Quality Rollup for Windows 8.1 ([KB4012219]) | Windows 8.1 | Updates | 3/16/2017 | n/a | 121.2 MB
March, 2017 Preview of Monthly Quality Rollup for Windows 8.1 for x64-based Systems ([KB4012219]) | Windows 8.1 | Updates | 3/16/2017 | n/a | 218.0 MB
March, 2017 Preview of Monthly Quality Rollup for Windows Server 2012 R2 ([KB4012219]) | Windows Server 2012 R2 | Updates | 3/16/2017 | n/a | 218.0 MB
April, 2017 Security Monthly Quality Rollup for Windows 7 for x64-based Systems ([KB4015549]) | Windows 7 | Security Updates | 4/8/2017 | n/a | 159.9 MB
April, 2017 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems ([KB4015549]) | Windows Server 2008 R2 | Security Updates | 4/8/2017 | n/a | 159.9 MB
April, 2017 Security Monthly Quality Rollup for Windows 7 ([KB4015549]) | Windows 7 | Security Updates | 4/8/2017 | n/a | 97.6 MB
April, 2017 Security Monthly Quality Rollup for Windows 8.1 for x64-based Systems ([KB4015550]) | Windows 8.1 | Security Updates | 4/10/2017 | n/a | 220.9 MB
April, 2017 Security Monthly Quality Rollup for Windows Server 2012 R2 ([KB4015550]) | Windows Server 2012 R2 | Security Updates | 4/10/2017 | n/a | 220.9 MB
April, 2017 Security Monthly Quality Rollup for Windows 8.1 ([KB4015550]) | Windows 8.1 | Security Updates | 4/10/2017 | n/a | 122.4 MB
## About
## Preface
After reading [this article](https://www.ghacks.net/2017/03/22/kb4012218-kb4012219-windows-update-processor-generation-detection/) on gHacks, I was inspired to look into these new rollup updates that Microsoft released on March 16. Among other things included in these updates, the changelog mentions the following:
After reading [this article on gHacks](https://www.ghacks.net/2017/03/22/kb4012218-kb4012219-windows-update-processor-generation-detection/), I was inspired to look into these new rollup updates that Microsoft released on March 16. Among other things included in these updates, the changelog mentions the following:
> Enabled detection of processor generation and hardware support when PC tries to scan or download updates through Windows Update.
Which is just Microsoft's nice way of telling everyone who'd rather keep using Windows 7 or 8.1 on their Intel Kaby Lake or AMD Ryzen systems to screw themselves. _There have even been people with Intel and AMD systems from 2015 who have reportedly been locked out of Windows Update because of this!_
Which is essentially a giant middle finger to anyone who dare not "upgrade" to the steaming pile of garbage known as Windows 10.
There have even been people with Intel and AMD systems from 2015 who have allegedly been locked out of Windows Update because of these updates!
## Bad Microsoft!
Well then, time figure out how to fix this garbage.
I started by downloading the `.msu` package for my system (in my case, it was `windows6.1-kb4012218-x64_590943c04550a47c1ed02d3a040d325456f03663.msu`)
I extracted it using the command line `expand` tool, like this:
I extracted it using the command line `expand` tool:
```bat
md "windows6.1-kb4012218-x64"
@@ -37,33 +43,17 @@ md "Windows6.1-KB4012218-x64"
expand -f:* ".\Windows6.1-KB4012218-x64.cab" ".\Windows6.1-KB4012218-x64"
```
Great, now there's thousands of `.exe` and `.dll` files to sort through! Just kidding. Sort of. Maybe. :thinking:
Great, now there's thousands of files to sort through! Just kidding. Sort of. Maybe. :thinking:
I ended up using PowerShell to sort through all the binaries, like so:
I ended up using PowerShell to sort through and filter out all the binaries that weren't related to Windows Update, like so:
```powershell
Get-ChildItem -Filter "wu*" -Exclude "*.mui" -Recurse | ForEach-Object { $_.FullName }
```
That's narrowed it down quite a bit! This is now what we're looking at:
That narrowed it down to 14 files, excellent!
- `wu.upgrade.ps.dll`
- `wuapi.dll`
- `wudriver.dll`
- `wups.dll`
- `wuapp.exe`
- `wuwebv.dll`
- `wuauclt.exe`
- `wuaueng.dll`
- `wups2.dll`
- `wucltux.dll`
- `wuapi.dll`
- `wudriver.dll`
- `wups.dll`
- `wuapp.exe`
- `wuwebv.dll`
Next, I started comparing these binaries with the ones already on my system with [BinDiff] and [Diaphora], starting with `wuauclt.exe`. After turning up empty with that (the two binaries were nearly identical), I decided to take a look at `wuaueng.dll`, which turned up quite a few interesting new functions:
Next, I started comparing these binaries with the ones already on my system with [BinDiff] and [Diaphora]. I eventually got to `wuaueng.dll`, which turned up quite a few interesting new functions:
EA | Name | Basicblock | Instructions | Edges
-- | ---- | ---------- | ------------ | -----
@@ -104,21 +94,24 @@ EA | Name | Basicblock | Instructions | Edges
`00000600000832CC` | ``TraceLoggingEnableForTelemetry(_TlgProvider_t const *)`` | 16 | 86 | 23
`0000060000083210` | ``TraceLoggingSetInformation(_TlgProvider_t const *,_EVENT_INFO_CLASS,void *,ulong)`` | 6 | 50 | 8
We have found culprits, [`IsDeviceServiceable(void)`](https://gist.github.com/zeffy/e5ec266952932bc905eb0cbc6ed72185) and [`IsCPUSupported(void)`](https://gist.github.com/zeffy/1a8f8984d2bec97ae24af63a76278694)!
We have found culprits, [`IsDeviceServiceable(void)`](https://gist.github.com/zeffy/e5ec266952932bc905eb0cbc6ed72185) and [`IsCPUSupported(void)`](https://gist.github.com/zeffy/1a8f8984d2bec97ae24af63a76278694)!
## Solutions
`IsCPUSupported(void)` is only ever called by `IsDeviceServiceable(void)`, which is called by five other functions. Luckily, there are a couple easy ways to kill this CPU check.
`IsCPUSupported(void)` is only ever called by `IsDeviceServiceable(void)`, which is called by a few other functions. Luckily, there are a couple easy ways to kill this CPU check.
1. Patch `wuaueng.dll` and change `dword_600002EE948` (see [this line](https://gist.github.com/zeffy/e5ec266952932bc905eb0cbc6ed72185#file-isdeviceserviceable-c-L7)) which is at file offset `0x26C948`, from `0x01` to `0x00`. This makes `IsDeviceServiceable(void)` jump over its entire body and return 1 (supported CPU) immediately. This is my preferred method. **Note: these offsets are only for the Windows 7 x64 version.**
2. Patch `wuaueng.dll` and `nop` out all the instructions highlighted [here](https://gist.github.com/zeffy/e5ec266952932bc905eb0cbc6ed72185#file-isdeviceserviceable-asm-L24-L26) in `IsDeviceServiceable(void)`, this will enable the usage of the `ForceUnsupportedCPU` of type `REG_DWORD` under the registry key `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Test\Scan` (you will most likely have to create this registry key). Set this value to `0x00000001` to force unsupported CPUs, and back to `0x00000000` to change the behaviour back to default. You will probably need to restart your PC or restart the `wuauserv` service in order for changes to apply. **This behaviour is undocumented and could be removed in future updates.**
2. Patch `wuaueng.dll` and `nop` out all the instructions highlighted [here](https://gist.github.com/zeffy/e5ec266952932bc905eb0cbc6ed72185#file-isdeviceserviceable-asm-L24-L26) in `IsDeviceServiceable(void)`, this will enable the usage of the `ForceUnsupportedCPU` of type `REG_DWORD` under the registry key `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Test\Scan` (you will most likely have to create this registry key). Set this value to `0x00000001` to force unsupported CPUs, and back to `0x00000000` to change the behaviour back to default. You will probably need to restart your PC or restart the `wuauserv` service in order for changes to apply. **This behaviour is an internal test feature used by Microsoft and could be removed in future updates, so I will not be providing xdelta files for it.**
## Caveats
The only downside of these solutions is you have to apply a new patch whenever `wuaueng.dll` gets updated.
- You have to apply a new patch whenever `wuaueng.dll` gets updated.
- SFC scan errors will most likely occur as it will believe the integrity of the system has been compromised.
[KB4012218]: https://www.catalog.update.microsoft.com/search.aspx?q=kb4012218
[KB4012219]: https://www.catalog.update.microsoft.com/search.aspx?q=kb4012219
[KB4015549]: https://www.catalog.update.microsoft.com/search.aspx?q=KB4015549
[KB4015550]: https://www.catalog.update.microsoft.com/search.aspx?q=KB4015550
[BinDiff]: https://www.zynamics.com/software.html
[Diaphora]: http://diaphora.re