Vichingo455/wufuc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

rename debug print method and split to ansi/unicode

Browse Source
This commit is contained in:
zeffy
2017-06-05 07:44:06 -07:00
parent 712ef4e38b
commit f74f30e3a9
6 changed files with 37 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
wufuc/core.c
View File

@@ -41,7 +41,7 @@ DWORD WINAPI NewThreadProc(LPVOID lpParam) {
DETOUR_IAT(hm, LoadLibraryExA); DETOUR_IAT(hm, LoadLibraryExA);
DETOUR_IAT(hm, LoadLibraryExW); DETOUR_IAT(hm, LoadLibraryExW);
DbgPrint("Applied LoadLibraryEx hooks."); _tdbgprintf(_T("Applied LoadLibraryEx hooks."));
HMODULE hwu = GetModuleHandle(_T("wuaueng.dll")); HMODULE hwu = GetModuleHandle(_T("wuaueng.dll"));
if (hwu) { if (hwu) {
@@ -52,14 +52,14 @@ DWORD WINAPI NewThreadProc(LPVOID lpParam) {
WaitForSingleObject(hEvent, INFINITE); WaitForSingleObject(hEvent, INFINITE);
CloseHandle(hEvent); CloseHandle(hEvent);
DbgPrint("Received wufuc_UnloadEvent, removing hooks."); _tdbgprintf(_T("Received wufuc_UnloadEvent, removing hooks."));
SuspendProcess(lphThreads, _countof(lphThreads), &cb); SuspendProcess(lphThreads, _countof(lphThreads), &cb);
RESTORE_IAT(hm, LoadLibraryExA); RESTORE_IAT(hm, LoadLibraryExA);
RESTORE_IAT(hm, LoadLibraryExW); RESTORE_IAT(hm, LoadLibraryExW);
ResumeAndCloseThreads(lphThreads, cb); ResumeAndCloseThreads(lphThreads, cb);
DbgPrint("Unloading library. Cya!"); _tdbgprintf(_T("Unloading library. Cya!"));
FreeLibraryAndExitThread(HINST_THISCOMPONENT, 0); FreeLibraryAndExitThread(HINST_THISCOMPONENT, 0);
return 0; return 0;
} }
@@ -118,20 +118,20 @@ BOOL PatchWUModule(HMODULE hModule) {
if (!FindPattern(modinfo.lpBaseOfDll, modinfo.SizeOfImage, lpszPattern, 0, &offset)) { if (!FindPattern(modinfo.lpBaseOfDll, modinfo.SizeOfImage, lpszPattern, 0, &offset)) {
return FALSE; return FALSE;
} }
DbgPrint("IsDeviceServiceable(void) matched at %p", (UINT_PTR)modinfo.lpBaseOfDll + offset); _tdbgprintf(_T("IsDeviceServiceable(void) matched at %p"), (UINT_PTR)modinfo.lpBaseOfDll + offset);
DWORD *lpdwResultIsNotCachedOffset = (DWORD *)((UINT_PTR)modinfo.lpBaseOfDll + offset + n1); DWORD *lpdwResultIsNotCachedOffset = (DWORD *)((UINT_PTR)modinfo.lpBaseOfDll + offset + n1);
BOOL *lpbResultIsNotCached = (BOOL *)((UINT_PTR)modinfo.lpBaseOfDll + offset + n1 + sizeof(DWORD) + *lpdwResultIsNotCachedOffset); BOOL *lpbResultIsNotCached = (BOOL *)((UINT_PTR)modinfo.lpBaseOfDll + offset + n1 + sizeof(DWORD) + *lpdwResultIsNotCachedOffset);
if (*lpbResultIsNotCached) { if (*lpbResultIsNotCached) {
*lpbResultIsNotCached = FALSE; *lpbResultIsNotCached = FALSE;
DbgPrint("Patched %p=%d", lpbResultIsNotCached, *lpbResultIsNotCached); _tdbgprintf(_T("Patched %p=%d"), lpbResultIsNotCached, *lpbResultIsNotCached);
} }
DWORD *lpdwCachedResultOffset = (DWORD *)((UINT_PTR)modinfo.lpBaseOfDll + offset + n2); DWORD *lpdwCachedResultOffset = (DWORD *)((UINT_PTR)modinfo.lpBaseOfDll + offset + n2);
BOOL *lpbCachedResult = (BOOL *)((UINT_PTR)modinfo.lpBaseOfDll + offset + n2 + sizeof(DWORD) + *lpdwCachedResultOffset); BOOL *lpbCachedResult = (BOOL *)((UINT_PTR)modinfo.lpBaseOfDll + offset + n2 + sizeof(DWORD) + *lpdwCachedResultOffset);
if (!*lpbCachedResult) { if (!*lpbCachedResult) {
*lpbCachedResult = TRUE; *lpbCachedResult = TRUE;
DbgPrint("Patched %p=%d", lpbCachedResult, *lpbCachedResult); _tdbgprintf(_T("Patched %p=%d"), lpbCachedResult, *lpbCachedResult);
} }
return TRUE; return TRUE;
} }

2
wufuc/entrypoint.c
View File

@@ -34,7 +34,7 @@ void CALLBACK Rundll32Entry(HWND hwnd, HINSTANCE hinst, LPSTR lpszCmdLine, int n
void CALLBACK Rundll32Unload(HWND hwnd, HINSTANCE hinst, LPSTR lpszCmdLine, int nCmdShow) { void CALLBACK Rundll32Unload(HWND hwnd, HINSTANCE hinst, LPSTR lpszCmdLine, int nCmdShow) {
HANDLE hEvent = OpenEvent(EVENT_MODIFY_STATE, FALSE, _T("Global\\wufuc_UnloadEvent")); HANDLE hEvent = OpenEvent(EVENT_MODIFY_STATE, FALSE, _T("Global\\wufuc_UnloadEvent"));
if (hEvent) { if (hEvent) {
DbgPrint("Setting wufuc_UnloadEvent..."); _tdbgprintf(_T("Setting wufuc_UnloadEvent..."));
SetEvent(hEvent); SetEvent(hEvent);
CloseHandle(hEvent); CloseHandle(hEvent);
} }

8
wufuc/process.c
View File

@@ -17,7 +17,7 @@ VOID DetourIAT(HMODULE hModule, LPSTR lpFuncName, LPVOID *lpOldAddress, LPVOID l
if (lpOldAddress) { if (lpOldAddress) {
*lpOldAddress = *lpAddress; *lpOldAddress = *lpAddress;
} }
DbgPrint("%S %p => %p", lpFuncName, *lpAddress, lpNewAddress); _tdbgprintf(_T("%S %p => %p"), lpFuncName, *lpAddress, lpNewAddress);
*lpAddress = lpNewAddress; *lpAddress = lpNewAddress;
VirtualProtect(lpAddress, sizeof(LPVOID), flOldProtect, &flNewProtect); VirtualProtect(lpAddress, sizeof(LPVOID), flOldProtect, &flNewProtect);
} }
@@ -99,7 +99,7 @@ BOOL InjectLibrary(HANDLE hProcess, LPCTSTR lpLibFileName, DWORD cb) {
} }
} while (Module32Next(hSnap, &me)); } while (Module32Next(hSnap, &me));
CloseHandle(hSnap); CloseHandle(hSnap);
DbgPrint("Injecting %s into process %d", lpLibFileName, dwProcessId); _tdbgprintf(_T("Injecting %s into process %d"), lpLibFileName, dwProcessId);
HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)GetProcAddress(me.hModule, _CRT_STRINGIZE(LoadLibrary)), lpBaseAddress, 0, NULL); HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)GetProcAddress(me.hModule, _CRT_STRINGIZE(LoadLibrary)), lpBaseAddress, 0, NULL);
CloseHandle(hThread); CloseHandle(hThread);
return TRUE; return TRUE;
@@ -127,7 +127,7 @@ VOID SuspendProcess(HANDLE *lphThreads, SIZE_T dwSize, SIZE_T *lpcb) {
CloseHandle(hSnap); CloseHandle(hSnap);
*lpcb = count; *lpcb = count;
DbgPrint("Suspended other threads."); _tdbgprintf(_T("Suspended other threads."));
} }
VOID ResumeAndCloseThreads(HANDLE *lphThreads, SIZE_T cb) { VOID ResumeAndCloseThreads(HANDLE *lphThreads, SIZE_T cb) {
@@ -135,5 +135,5 @@ VOID ResumeAndCloseThreads(HANDLE *lphThreads, SIZE_T cb) {
ResumeThread(lphThreads[i]); ResumeThread(lphThreads[i]);
CloseHandle(lphThreads[i]); CloseHandle(lphThreads[i]);
} }
DbgPrint("Resumed threads."); _tdbgprintf(_T("Resumed threads."));
} }

6
wufuc/service.c
View File

@@ -34,7 +34,7 @@ BOOL QueryServiceProcessId(SC_HANDLE hSCManager, LPCTSTR lpServiceName, DWORD *l
if (QueryServiceStatusEx(hService, SC_STATUS_PROCESS_INFO, (LPBYTE)&lpBuffer, sizeof(lpBuffer), &cbBytesNeeded) && lpBuffer.dwProcessId) { if (QueryServiceStatusEx(hService, SC_STATUS_PROCESS_INFO, (LPBYTE)&lpBuffer, sizeof(lpBuffer), &cbBytesNeeded) && lpBuffer.dwProcessId) {
*lpdwProcessId = lpBuffer.dwProcessId; *lpdwProcessId = lpBuffer.dwProcessId;
result = TRUE; result = TRUE;
DbgPrint("Found %s pid %d", lpServiceName, *lpdwProcessId); _tdbgprintf(_T("Found %s pid %d"), lpServiceName, *lpdwProcessId);
} }
CloseServiceHandle(hService); CloseServiceHandle(hService);
return result; return result;
@@ -61,7 +61,7 @@ BOOL GetServiceGroupName(SC_HANDLE hSCManager, LPCTSTR lpServiceName, LPTSTR lpG
if (!_tcsicmp(*(p++), _T("-k"))) { if (!_tcsicmp(*(p++), _T("-k"))) {
_tcscpy_s(lpGroupName, dwSize, *p); _tcscpy_s(lpGroupName, dwSize, *p);
result = TRUE; result = TRUE;
DbgPrint("Found %s svc group: %s", lpServiceName, lpGroupName); _tdbgprintf(_T("Found %s svc group: %s"), lpServiceName, lpGroupName);
break; break;
} }
} }
@@ -86,7 +86,7 @@ BOOL FindServiceGroupProcessId(SC_HANDLE hSCManager, LPTSTR lpServiceGroupName,
result = !_tcsicmp(group, lpServiceGroupName); result = !_tcsicmp(group, lpServiceGroupName);
} }
if (result) { if (result) {
DbgPrint("Found %s pid %d", lpServiceGroupName, dwProcessId); _tdbgprintf(_T("Found %s pid %d"), lpServiceGroupName, dwProcessId);
*lpdwProcessId = dwProcessId; *lpdwProcessId = dwProcessId;
break; break;
} }

20
wufuc/util.c
View File

@@ -1,4 +1,5 @@
#include <Windows.h> #include <Windows.h>
#include <stdio.h>
#include <VersionHelpers.h> #include <VersionHelpers.h>
#include <tchar.h> #include <tchar.h>
#include "util.h" #include "util.h"
@@ -15,13 +16,20 @@ BOOL IsWindows8Point1(void) {
return IsWindows8Point1OrGreater() && !IsWindows10OrGreater(); return IsWindows8Point1OrGreater() && !IsWindows10OrGreater();
} }
//#ifdef _DEBUG VOID _wdbgprintf(LPCWSTR format, ...) {
VOID _DbgPrint(LPCTSTR format, ...) { WCHAR buffer[0x1000];
TCHAR buffer[0x1000];
va_list argptr; va_list argptr;
va_start(argptr, format); va_start(argptr, format);
_vstprintf_s(buffer, _countof(buffer), format, argptr); vswprintf_s(buffer, _countof(buffer), format, argptr);
va_end(argptr); va_end(argptr);
OutputDebugString(buffer); OutputDebugStringW(buffer);
}
VOID _dbgprintf(LPCSTR format, ...) {
CHAR buffer[0x1000];
va_list argptr;
va_start(argptr, format);
vsprintf_s(buffer, _countof(buffer), format, argptr);
va_end(argptr);
OutputDebugStringA(buffer);
} }
//#endif

14
wufuc/util.h
View File

@@ -9,13 +9,17 @@ BOOL IsWindows7(void);
BOOL IsWindows8Point1(void); BOOL IsWindows8Point1(void);
VOID _wdbgprintf(LPCWSTR format, ...);
VOID _dbgprintf(LPCSTR format, ...);
//#ifdef _DEBUG //#ifdef _DEBUG
VOID _DbgPrint(LPCTSTR format, ...); #ifdef UNICODE
#define DbgPrint(format, ...) \ #define _tdbgprintf _wdbgprintf
_DbgPrint(_T(__FUNCTION__) _T(": ") _T(format), ##__VA_ARGS__) #else
#define _tdbgprintf _dbgprintf
#endif // !UNICODE
//#else //#else
//#define DbgPrint(format, ...) //#define _tdbgprintf(format, ...)
//#endif //#endif // !_DEBUG
#ifdef UNICODE #ifdef UNICODE
#define CommandLineToArgv CommandLineToArgvW #define CommandLineToArgv CommandLineToArgvW