Vichingo455/wufuc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: Vichingo455:v0.5rc1
Branches Tags
Vichingo455:master Vichingo455:badges Vichingo455:micro Vichingo455:old-kb4012218-19
Vichingo455:v1.0.1.201 Vichingo455:v1.0.0.191 Vichingo455:v0.8.0.143 Vichingo455:v0.7.1.81 Vichingo455:v0.7.0.62 Vichingo455:v0.7.0.58 Vichingo455:v0.7.0.43 Vichingo455:v0.7.0.35 Vichingo455:v0.6.1.22 Vichingo455:v0.6.1 Vichingo455:v0.6.0.2 Vichingo455:v0.6.0.1 Vichingo455:v0.6-beta Vichingo455:v0.5rc2 Vichingo455:v0.5rc1 Vichingo455:v0.4c-alpha Vichingo455:v0.4b-alpha Vichingo455:v0.4a-alpha Vichingo455:v0.4-alpha Vichingo455:v0.3-alpha Vichingo455:v0.2-alpha Vichingo455:v0.1-alpha
..
compare: Vichingo455:v0.6.1.22
Branches Tags
Vichingo455:badges Vichingo455:micro Vichingo455:master Vichingo455:old-kb4012218-19
Vichingo455:v1.0.1.201 Vichingo455:v1.0.0.191 Vichingo455:v0.8.0.143 Vichingo455:v0.7.1.81 Vichingo455:v0.7.0.62 Vichingo455:v0.7.0.58 Vichingo455:v0.7.0.43 Vichingo455:v0.7.0.35 Vichingo455:v0.6.1.22 Vichingo455:v0.6.1 Vichingo455:v0.6.0.2 Vichingo455:v0.6.0.1 Vichingo455:v0.6-beta Vichingo455:v0.5rc2 Vichingo455:v0.5rc1 Vichingo455:v0.4c-alpha Vichingo455:v0.4b-alpha Vichingo455:v0.4a-alpha Vichingo455:v0.4-alpha Vichingo455:v0.3-alpha Vichingo455:v0.2-alpha Vichingo455:v0.1-alpha

83 Commits
v0.5rc1 ... v0.6.1.22

Author SHA1 Message Date
zeffy
7619e82041 Add debugview_helper.bat, update README.md 2017-06-20 04:23:48 -07:00
zeffy
0d29958560 new *dbgprintf macros that have fname(line): prefix 2017-06-20 03:48:43 -07:00
zeffy
ebe8b3e492 fix #ifdefs 2017-06-19 14:16:37 -07:00
zeffy
adc00b0f17 Update appveyor.yml [skip ci] 2017-06-17 01:50:58 -07:00
zeffy
05a17410ca Update version.rc 2017-06-17 01:47:41 -07:00
zeffy
d40b00ae72 Update version.rc 2017-06-17 01:44:05 -07:00
zeffy
8c33effee0 Delete .gitattributes 2017-06-17 01:42:13 -07:00
zeffy
3ab07569fe Revert "can't get it to work, back to static version number" 
This reverts commit d1ddef5392.
 2017-06-17 01:41:49 -07:00
zeffy
d1ddef5392 can't get it to work, back to static version number 2017-06-17 01:25:01 -07:00
zeffy
f90d761d84 cont...... 2017-06-17 00:53:20 -07:00
zeffy
a35fefb40b cont. (debug appveyor) 2017-06-17 00:37:15 -07:00
zeffy
97fdab874b cont. apply appveyor build version to artifacts 2017-06-17 00:25:03 -07:00
zeffy
5608ffe792 Update appveyor.yml 2017-06-16 22:01:33 -07:00
zeffy
4185a1acf3 Update appveyor.yml 2017-06-16 21:58:27 -07:00
zeffy
4747dc501b refactoring, update ci build scripts, etc 
- cache results of CompareWindowsVersion() to shared variables to cut
down on redundant calls
- apply appveyor build version to artifacts (wip, could be broken)
- add .gitattributes
- finish patternfind.c (snr funcs unused, untested)
- delete COPYING.txt (it is created from LICENSE during the build
process)
 2017-06-16 21:57:07 -07:00
zeffy
5c61cc63b1 Update README.md 2017-06-15 09:25:36 -07:00
zeffy
15ec83ceaa Update README.md 2017-06-15 05:05:20 -07:00
zeffy
91555209ea Update README.md 2017-06-15 04:58:17 -07:00
zeffy
e9a616a513 Update README.md 2017-06-14 13:40:14 -07:00
zeffy
5c7ef3f8de Update README.md 2017-06-14 04:38:41 -07:00
zeffy
2c31ea2fe4 Update appveyor.yml 2017-06-14 03:34:13 -07:00
zeffy
cda46fbc9f 0.6.1 
- fixed x86 support
- added june updates to supported updates
- minor changes
 2017-06-14 03:29:14 -07:00
zeffy
c4a78a3e24 improve batch script installers 
- remove annoying confirmations on disable/enable scripts
- fix disable script on x86
- make sure Schedule service is running before trying do anything with
schtasks
 2017-06-13 04:08:22 -07:00
zeffy
3d0b322f1e add is64bitwindows helper 2017-06-13 03:58:42 -07:00
zeffy
2be1785509 new byte pattern search alg 
Ported to C from @x64dbg's patternfind.cpp.
https://github.com/x64dbg/x64dbg/blob/development/src/dbg/patternfind.cpp

This one is much better than my previous implementation because now I
can use wildcards on single nibbles!
 2017-06-13 01:43:27 -07:00
zeffy
c837bfec2f better OS version detection 2017-06-10 14:25:46 -07:00
zeffy
4ad3642db6 more debug 2017-06-10 11:38:57 -07:00
zeffy
0b86b8e9ab more error checking 2017-06-10 11:30:25 -07:00
zeffy
4b85cb18a6 Update README.md 2017-06-10 02:40:47 -07:00
zeffy
9badc6257e ctrl s 2017-06-10 02:40:30 -07:00
zeffy
7d30ebd048 Rename entrypoint.c -> rundll32.c [skip ci] 2017-06-09 15:35:37 -07:00
zeffy
196f4465a9 Update README.md 2017-06-08 21:41:16 -07:00
zeffy
1d9b47e602 better installer 2017-06-08 14:54:38 -07:00
zeffy
ce7e6dd166 more error checking 2017-06-08 13:44:03 -07:00
zeffy
080242cec9 Update README.md 2017-06-07 14:04:27 -07:00
zeffy
b7cff16081 Update README.md 2017-06-07 14:00:15 -07:00
zeffy
7e42fc54f3 fix wrong debug message function 2017-06-07 07:31:43 -07:00
zeffy
c8538b8ec3 slightly more strict wu module detection 2017-06-07 07:18:41 -07:00
zeffy
309981829e better logging 2017-06-07 06:05:27 -07:00
zeffy
8a5ef20488 clean up 2017-06-07 05:34:00 -07:00
zeffy
0f41968610 Update README.md 2017-06-06 20:58:52 -07:00
zeffy
c7a1e606ef Update appveyor.yml 2017-06-06 20:50:27 -07:00
zeffy
7d6baf8aac Update appveyor.yml 2017-06-06 20:44:55 -07:00
zeffy
50182997f2 Add appveyor.yml 2017-06-06 20:39:42 -07:00
zeffy
37c8bd8ae3 ok now 0.6.0.2 2017-06-06 16:12:00 -07:00
zeffy
a1a1fc0bd1 ??? logic 2017-06-06 15:46:16 -07:00
zeffy
0ce2cbfbc0 0.6.0.2 2017-06-06 15:21:10 -07:00
zeffy
be33bfb2d5 finish making msvc a static import 2017-06-06 14:12:03 -07:00
zeffy
549459ff58 Merge pull request #44 from navossoc/master 
Remove MSVC run-time dependencies
 2017-06-06 13:40:27 -07:00
Rafael Cossovan
ae8d48d365 Remove MSVC run-time dependencies (Microsoft Visual C++ 2017 Redistributable). 2017-06-06 15:52:07 -03:00
zeffy
a584e3a3a7 Update README.md 2017-06-05 19:51:12 -07:00
zeffy
07da645253 Update README.md 2017-06-05 18:21:53 -07:00
zeffy
642ed502d7 Update README.md 2017-06-05 18:11:07 -07:00
zeffy
fce0772996 fix comment spacing, variable names 2017-06-05 18:01:37 -07:00
zeffy
af062f47d7 0.6.0.1 2017-06-05 16:27:35 -07:00
zeffy
7f0784424f spaces > tabs 2017-06-05 15:50:18 -07:00
zeffy
b02ad7a9d6 minor fixes, build events 2017-06-05 15:30:45 -07:00
zeffy
9d90abc0de refactoring 2017-06-05 15:17:39 -07:00
zeffy
2f4355e616 refactoring 2017-06-05 14:33:03 -07:00
zeffy
f74f30e3a9 rename debug print method and split to ansi/unicode 2017-06-05 07:44:06 -07:00
zeffy
712ef4e38b Update README.md 2017-06-04 18:16:05 -07:00
zeffy
a28e098cee current year 2017-06-04 18:01:48 -07:00
zeffy
66c10c4067 Update README.md 2017-06-04 17:59:35 -07:00
zeffy
1a69d35642 Update README.md 2017-06-04 17:59:22 -07:00
zeffy
0094d19358 add text about debugview 2017-06-04 17:44:24 -07:00
zeffy
3a3e195c6b minor changes 2017-06-04 17:28:30 -07:00
zeffy
2ff1e01cc8 Update README.md 2017-06-04 15:34:42 -07:00
zeffy
dfc7f82036 Update README.md 2017-06-04 15:11:20 -07:00
zeffy
490bc062b4 Update wufuc.sln 2017-06-04 15:04:03 -07:00
zeffy
3ce7f39269 Update README.md 2017-06-04 15:03:40 -07:00
zeffy
500eddf349 Update version.rc 2017-06-04 14:57:10 -07:00
zeffy
49d32db491 Update README.md 2017-06-04 14:57:01 -07:00
zeffy
fd984db033 Update README.md 2017-06-04 14:43:07 -07:00
zeffy
d1df067812 Update repair_wuaueng.dll.bat 2017-06-04 14:35:34 -07:00
zeffy
6e67f6de80 Update install_wufuc.bat 2017-06-04 14:34:11 -07:00
zeffy
45a2b915f9 Update README.md, delete stray wufuc.xml 2017-06-04 13:46:09 -07:00
zeffy
c5d8e91f8d Update repair_wuaueng.dll 2017-06-04 13:36:09 -07:00
zeffy
2276f86a04 include vc redist and wuaueng.dll repair script 2017-06-04 13:33:13 -07:00
zeffy
9ceec98964 move install folder 2017-06-04 12:31:48 -07:00
zeffy
f32ca65c54 0.6 2017-06-04 12:31:08 -07:00
zeffy
4cd80518e7 add support for kb4019265, kb4019217 2017-05-16 19:00:09 -07:00
zeffy
dbe7cce132 Update Supported_Updates.md 2017-05-09 14:07:19 -07:00
zeffy
bc1d7c7c47 update docs 2017-05-09 14:06:03 -07:00
70 changed files with 1764 additions and 394 deletions
Expand all files Collapse all files

256
.gitignore vendored
View File

@@ -1,4 +1,252 @@
*.exe
*.rar
*.zip
patch_scripts/aio/COPYING.txt
## Ignore Visual Studio temporary files, build results, and
## files generated by popular Visual Studio add-ons.
# User-specific files
*.suo
*.user
*.userosscache
*.sln.docstates
# User-specific files (MonoDevelop/Xamarin Studio)
*.userprefs
# Build results
[Dd]ebug/
[Dd]ebugPublic/
[Rr]elease/
[Rr]eleases/
x64/
x86/
bld/
[Bb]in/
[Oo]bj/
[Ll]og/
# Visual Studio 2015 cache/options directory
.vs/
# Uncomment if you have tasks that create the project's static files in wwwroot
#wwwroot/
# MSTest test Results
[Tt]est[Rr]esult*/
[Bb]uild[Ll]og.*
# NUNIT
*.VisualState.xml
TestResult.xml
# Build Results of an ATL Project
[Dd]ebugPS/
[Rr]eleasePS/
dlldata.c
# DNX
project.lock.json
artifacts/
*_i.c
*_p.c
*_i.h
*.ilk
*.meta
*.obj
*.pch
*.pdb
*.pgc
*.pgd
*.rsp
*.sbr
*.tlb
*.tli
*.tlh
*.tmp
*.tmp_proj
*.log
*.vspscc
*.vssscc
.builds
*.pidb
*.svclog
*.scc
# Chutzpah Test files
_Chutzpah*
# Visual C++ cache files
ipch/
*.aps
*.ncb
*.opendb
*.opensdf
*.sdf
*.cachefile
*.VC.db
*.VC.VC.opendb
# Visual Studio profiler
*.psess
*.vsp
*.vspx
*.sap
# TFS 2012 Local Workspace
$tf/
# Guidance Automation Toolkit
*.gpState
# ReSharper is a .NET coding add-in
_ReSharper*/
*.[Rr]e[Ss]harper
*.DotSettings.user
# JustCode is a .NET coding add-in
.JustCode
# TeamCity is a build add-in
_TeamCity*
# DotCover is a Code Coverage Tool
*.dotCover
# NCrunch
_NCrunch_*
.*crunch*.local.xml
nCrunchTemp_*
# MightyMoose
*.mm.*
AutoTest.Net/
# Web workbench (sass)
.sass-cache/
# Installshield output folder
[Ee]xpress/
# DocProject is a documentation generator add-in
DocProject/buildhelp/
DocProject/Help/*.HxT
DocProject/Help/*.HxC
DocProject/Help/*.hhc
DocProject/Help/*.hhk
DocProject/Help/*.hhp
DocProject/Help/Html2
DocProject/Help/html
# Click-Once directory
publish/
# Publish Web Output
*.[Pp]ublish.xml
*.azurePubxml
# TODO: Comment the next line if you want to checkin your web deploy settings
# but database connection strings (with potential passwords) will be unencrypted
*.pubxml
*.publishproj
# Microsoft Azure Web App publish settings. Comment the next line if you want to
# checkin your Azure Web App publish settings, but sensitive information contained
# in these scripts will be unencrypted
PublishScripts/
# NuGet Packages
*.nupkg
# The packages folder can be ignored because of Package Restore
**/packages/*
# except build/, which is used as an MSBuild target.
!**/packages/build/
# Uncomment if necessary however generally it will be regenerated when needed
#!**/packages/repositories.config
# NuGet v3's project.json files produces more ignoreable files
*.nuget.props
*.nuget.targets
# Microsoft Azure Build Output
csx/
*.build.csdef
# Microsoft Azure Emulator
ecf/
rcf/
# Windows Store app package directories and files
AppPackages/
BundleArtifacts/
Package.StoreAssociation.xml
_pkginfo.txt
# Visual Studio cache files
# files ending in .cache can be ignored
*.[Cc]ache
# but keep track of directories ending in .cache
!*.[Cc]ache/
# Others
ClientBin/
~$*
*~
*.dbmdl
*.dbproj.schemaview
*.pfx
*.publishsettings
node_modules/
orleans.codegen.cs
# Since there are multiple workflows, uncomment next line to ignore bower_components
# (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
#bower_components/
# RIA/Silverlight projects
Generated_Code/
# Backup & report files from converting an old project file
# to a newer Visual Studio version. Backup files are not needed,
# because we have git ;-)
_UpgradeReport_Files/
Backup*/
UpgradeLog*.XML
UpgradeLog*.htm
# SQL Server files
*.mdf
*.ldf
# Business Intelligence projects
*.rdl.data
*.bim.layout
*.bim_*.settings
# Microsoft Fakes
FakesAssemblies/
# GhostDoc plugin setting file
*.GhostDoc.xml
# Node.js Tools for Visual Studio
.ntvs_analysis.dat
# Visual Studio 6 build log
*.plg
# Visual Studio 6 workspace options file
*.opt
# Visual Studio LightSwitch build output
**/*.HTMLClient/GeneratedArtifacts
**/*.DesktopClient/GeneratedArtifacts
**/*.DesktopClient/ModelManifest.xml
**/*.Server/GeneratedArtifacts
**/*.Server/ModelManifest.xml
_Pvt_Extensions
# Paket dependency manager
.paket/paket.exe
paket-files/
# FAKE - F# Make
.fake/
# JetBrains Rider
.idea/
*.sln.iml

134
README.md
View File

@@ -1,102 +1,90 @@
### [Click here if you are looking for the latest patch files!](https://github.com/zeffy/kb4012218-19/releases) [<img src="https://img.shields.io/github/downloads/zeffy/kb4012218-19/total.svg"/>](https://github.com/zeffy/kb4012218-19/releases)
# wufuc [![](https://img.shields.io/badge/formerly-kb4012218--19-blue.svg)](../../tree/old-kb4012218-19 "formerly kb4012218-19") [![](https://ci.appveyor.com/api/projects/status/0s2unkpokttyslf0?svg=true)](https://ci.appveyor.com/project/zeffy/wufuc "AppVeyor build status")
---
<a href='https://pledgie.com/campaigns/34055'><img alt='Click here to lend your support to: wufuc - Help support development and make a donation at pledgie.com !' src='https://pledgie.com/campaigns/34055.png?skin_name=chrome' border='0' ></a>
### [Click here for a list of Windows updates supported by this patch](docs/Supported_Updates.md)
Disables the "Unsupported Hardware" message in Windows Update, and allows you to continue installing updates on Windows 7 and 8.1 systems with Intel Kaby Lake, AMD Ryzen, or other unsupported processors.
---
## Downloads [![](https://img.shields.io/github/downloads/zeffy/wufuc/total.svg)](../../releases "Total downloads")
### You can get the latest stable version [here](../../releases/latest)!
If you are feeling brave, you can try the latest unstable builds [here](https://ci.appveyor.com/project/zeffy/wufuc). **Use these at your own risk!**
## Reporting an issue [![](https://isitmaintained.com/badge/resolution/zeffy/wufuc.svg)](https://isitmaintained.com/project/zeffy/wufuc "Average time to resolve an issue")
#### Before you create an issue, please make sure of the following:
- Are you using the latest version?
- If you previously used the old batchfile patches, did you revert it by running `repair_wuaueng.dll.bat`?
- Have you tried restarting your computer?
There isn't really a way for wufuc to directly interact with your desktop, because it runs outside the context of a normal user session. Therefore you must first download and run another program called [DebugView](https://technet.microsoft.com/en-us/sysinternals/debugview.aspx) (from Microsoft) to display wufuc's debug messages. These logs are absolutely crucial if you want me to be able to resolve your issue as quickly as possible, so please include them if you can.
#### The best way to get a log of the entire life-cycle of wufuc is to do the following:
1. Start `Dbgview.exe` as administrator and check `Capture -> Capture Global Win32`.
2. Restart wufuc and `wuauserv` by running `debugview_helper.bat` as administrator.
3. Output will be shown in DebugView, copy/paste this text into your issue.
#### Other helpful information to include when reporting issues:
- What happened? What did you expect to happen instead?
- What build are you using? Stable release or unstable AppVeyor builds?
- What version of Windows are you using? Windows 7 or 8.1? x64 or x86?
- Were there any errors reporting during installation? What were they?
- What is the file version or SHA-1 hash of `C:\Windows\System32\wuaueng.dll`?
- Any other information you feel is relevant to your issue.
## Preface
After reading [this article on gHacks](https://www.ghacks.net/2017/03/22/kb4012218-kb4012219-windows-update-processor-generation-detection/), I was inspired to look into these new rollup updates that Microsoft released on March 16. Among other things, the changelog mentions the following:
The changelog for Windows updates KB4012218 and KB4012219 included the following:
> Enabled detection of processor generation and hardware support when PC tries to scan or download updates through Windows Update.
This update marked the implementation of a [policy change](https://blogs.windows.com/windowsexperience/2016/01/15/windows-10-embracing-silicon-innovation/) they announced some time ago, where Microsoft stated that they would not be supporting Windows 7 or 8.1 on next-gen Intel, AMD and Qualcomm processors.
These updates marked the implementation of a [policy change](https://blogs.windows.com/windowsexperience/2016/01/15/windows-10-embracing-silicon-innovation/) they announced some time ago, where Microsoft stated that they would not be supporting Windows 7 or 8.1 on next-gen Intel, AMD and Qualcomm processors.
That is essentially a giant middle finger to anyone who dare not "upgrade" to the steaming pile of garbage known as Windows 10. Especially considering the extended support periods for Windows 7 and 8.1 still have a few years left, and will be ending on January 4, 2020 and January 10, 2023 respectively.
It was essentially a big middle finger to anyone who decides to not "upgrade" to the steaming pile of :poop: known as Windows 10. Especially considering the extended support periods for Windows 7 and 8.1 won't be ending until January 4, 2020 and January 10, 2023 respectively.
There have even been people with older Intel and AMD systems who have been locked out of Windows Update because of these updates (see [#7](/../../issues/7) and [this](https://answers.microsoft.com/en-us/windows/forum/windows8_1-update/amd-carrizo-ddr4-unsupported-hardware-message-on/f3fb2326-f413-41c9-a24b-7c14e6d51b0c?tab=question&status=AllReplies)).
There have even been people with older Intel and AMD systems who have been locked out of Windows Update because of these updates (see [#7](../../issues/7) and [this](https://answers.microsoft.com/en-us/windows/forum/windows8_1-update/amd-carrizo-ddr4-unsupported-hardware-message-on/f3fb2326-f413-41c9-a24b-7c14e6d51b0c?tab=question&status=AllReplies)).
## Bad Microsoft!
I started by downloading the update package for my system (in my case, it was `windows6.1-kb4012218-x64_590943c04550a47c1ed02d3a040d325456f03663.msu`)
If you are interested, you can read my original write up on discovering the CPU check [here](../../tree/old-kb4012218-19).
I extracted it using the command line `expand` tool:
Basically, inside a file called `wuaueng.dll` there are two functions: [`IsDeviceServiceable(void)`](https://gist.github.com/zeffy/e5ec266952932bc905eb0cbc6ed72185) and [`IsCPUSupported(void)`](https://gist.github.com/zeffy/1a8f8984d2bec97ae24af63a76278694). `IsDeviceServiceable(void)` is essentially a wrapper around `IsCPUSupported(void)` that caches the result it recieves and recycles it on subsequent calls.
```bat
md "windows6.1-kb4012218-x64"
expand -f:* ".\windows6.1-kb4012218-x64_590943c04550a47c1ed02d3a040d325456f03663.msu" ".\windows6.1-kb4012218-x64"
cd ".\windows6.1-kb4012218-x64"
md "Windows6.1-KB4012218-x64"
expand -f:* ".\Windows6.1-KB4012218-x64.cab" ".\Windows6.1-KB4012218-x64"
```
My patch takes advantage of this result caching behavior by setting the "hasn't run once" value to `FALSE` and the cached result to `TRUE`.
Great, now there's thousands of files to sort through! Just kidding. Sort of. Maybe. :thinking:
## How it works
I ended up using PowerShell to sort through and filter out all the binaries that weren't related to Windows Update, like so:
- At system boot the wufuc scheduled task runs as the `NT AUTHORITY\SYSTEM` user.
- `wufuc` determines what service host group process the Windows Update service runs in (typically `netsvcs`), and injects itself into it.
- Once injected, it applies a hook to `LoadLibraryEx` that automatically patches `wuaueng.dll` when it is loaded.
- Any previously loaded `wuaueng.dll` is also patched.
```powershell
Get-ChildItem -Filter "wu*" -Exclude "*.mui" -Recurse | ForEach-Object { $_.FullName }
```
### Several improvements over my batchfile method:
That narrowed it down to 14 files, excellent!
- **No system files are modified!**
- Heuristic-based patching, which means it will usually keep working even after new updates come out.
- C is best language.
- No external dependencies.
Next, I started comparing these binaries with the ones already on my system with [BinDiff] and [Diaphora]. I eventually got to `wuaueng.dll`, which turned up quite a few interesting new functions:
## Q & A
EA | Name | Basicblock | Instructions | Edges
-- | ---- | ---------- | ------------ | -----
`00000600001DCB9C` | ``CWUTelemetryDownloadCanceledEvent::FireAsimovEvent(void)`` | 36 | 446 | 53
`00000600001D8F98` | ``CWUTelemetryDownloadCanceledEvent::`scalar deleting destructor'(uint)`` | 3 | 15 | 3
`00000600001D8FD0` | ``CWUTelemetryDownloadEvent::CWUTelemetryDownloadEvent(void)`` | 1 | 58 | 0
`00000600001DAEDC` | ``CWUTelemetryDownloadEvent::Init(CReporter *,long,long,ushort const *,long,_GUID,_GUID,CReportingOptionalValues &,AsimovDataInAddition *)`` | 6 | 50 | 8
`00000600001DAFB8` | ``CWUTelemetryDownloadEvent::InitializeMemebersFromOptionalData(tagOptionalData *)`` | 27 | 91 | 40
`00000600001D9100` | ``CWUTelemetryDownloadEvent::~CWUTelemetryDownloadEvent(void)`` | 2 | 60 | 1
`00000600001DC2C4` | ``CWUTelemetryDownloadFailedEvent::FireAsimovEvent(void)`` | 36 | 446 | 53
`00000600001DB114` | ``CWUTelemetryDownloadStartedEvent::FireAsimovEvent(void)`` | 36 | 446 | 53
`00000600001DB9EC` | ``CWUTelemetryDownloadSucceededEvent::FireAsimovEvent(void)`` | 36 | 446 | 53
`00000600001D8C48` | ``CWUTelemetryEventFactory::FireTelemetryEvent(CReporter *,long,long,ushort const *,long,_GUID,_GUID,CReportingOptionalValues &,AsimovDataInAddition *)`` | 11 | 76 | 17
`00000600001D8574` | ``CWUTelemetryEventFactory::GetTelemetryEvent(CReporter *,long,long,ushort const *,long,_GUID,_GUID,CReportingOptionalValues &,AsimovDataInAddition *,CWUTelemetryEvent * *)`` | 77 | 395 | 127
`00000600001DEE7C` | ``CWUTelemetryInstallCanceledEvent::FireAsimovEvent(void)`` | 34 | 409 | 50
`00000600001D8DD4` | ``CWUTelemetryInstallEvent::CWUTelemetryInstallEvent(void)`` | 1 | 57 | 0
`00000600001DD474` | ``CWUTelemetryInstallEvent::Init(CReporter *,long,long,ushort const *,long,_GUID,_GUID,CReportingOptionalValues &,AsimovDataInAddition *)`` | 6 | 50 | 8
`00000600001DD550` | ``CWUTelemetryInstallEvent::InitializeMemebersFromOptionalData(tagOptionalData *)`` | 23 | 81 | 34
`00000600001D8EFC` | ``CWUTelemetryInstallEvent::~CWUTelemetryInstallEvent(void)`` | 2 | 66 | 1
`00000600001DE67C` | ``CWUTelemetryInstallFailedEvent::FireAsimovEvent(void)`` | 34 | 409 | 50
`00000600001DF67C` | ``CWUTelemetryInstallRebootPendingEvent::FireAsimovEvent(void)`` | 34 | 409 | 50
`00000600001D8D9C` | ``CWUTelemetryInstallRebootPendingEvent::`scalar deleting destructor'(uint)`` | 3 | 15 | 3
`00000600001DD67C` | ``CWUTelemetryInstallStartedEvent::FireAsimovEvent(void)`` | 34 | 409 | 50
`00000600001DDE7C` | ``CWUTelemetryInstallSucceededEvent::FireAsimovEvent(void)`` | 34 | 409 | 50
`00000600001CAE68` | ``CWUTelemetryScanFailedEvent::FireAsimovEvent(void)`` | 31 | 416 | 46
`00000600001CA100` | ``CWUTelemetryScanRetryEvent::FireAsimovEvent(void)`` | 9 | 108 | 13
`00000600001CA588` | ``CWUTelemetryScanSucceededEvent::FireAsimovEvent(void)`` | 47 | 459 | 73
`00000600001CB790` | ``CWUTelemetryUnsupportedSystemClickSupportEvent::FireAsimovEvent(void)`` | 5 | 22 | 7
`00000600001CB9B0` | ``CWUTelemetryUnsupportedSystemClickSupportEvent::`scalar deleting destructor'(uint)`` | 3 | 17 | 3
`00000600001CB7FC` | ``CWUTelemetryUnsupportedSystemDetectionEvent::FireAsimovEvent(void)`` | 5 | 22 | 7
`00000600001CB970` | ``CWUTelemetryUnsupportedSystemDetectionEvent::`scalar deleting destructor'(uint)`` | 3 | 17 | 3
`00000600001CB724` | ``CWUTelemetryUnsupportedSystemNotificationDismissEvent::FireAsimovEvent(void)`` | 5 | 22 | 7
`00000600001CB9F0` | ``CWUTelemetryUnsupportedSystemNotificationDismissEvent::`scalar deleting destructor'(uint)`` | 3 | 17 | 3
`00000600001CB6B8` | ``CWUTelemetryUnsupportedSystemNotificationShowEvent::FireAsimovEvent(void)`` | 5 | 22 | 7
`00000600001CBA30` | ``CWUTelemetryUnsupportedSystemNotificationShowEvent::`scalar deleting destructor'(uint)`` | 3 | 17 | 3
**`0000060000102F08`** | **``IsCPUSupported(void)``** | **20** | **157** | **31**
**`00000600000AF3C0`** | **``IsDeviceServiceable(void)``** | **7** | **31** | **8**
`00000600000832CC` | ``TraceLoggingEnableForTelemetry(_TlgProvider_t const *)`` | 16 | 86 | 23
`0000060000083210` | ``TraceLoggingSetInformation(_TlgProvider_t const *,_EVENT_INFO_CLASS,void *,ulong)`` | 6 | 50 | 8
### How to install/uninstall?
We have found culprits, [`IsDeviceServiceable(void)`](https://gist.github.com/zeffy/e5ec266952932bc905eb0cbc6ed72185) and [`IsCPUSupported(void)`](https://gist.github.com/zeffy/1a8f8984d2bec97ae24af63a76278694)!
Just download the [latest release](../../releases/latest), and extract the `wufuc` folder to a permanent location (like `C:\Program Files\wufuc`) and then run `install_wufuc.bat` as administrator.
## Solutions
To uninstall run `uninstall_wufuc.bat` as administrator.
Luckily, there are a couple of different ways to kill this CPU check by patching `wuaueng.dll`.
### How to update when a new version comes out?
1. Change the value of `dword_600002EE948` (see [this line](https://gist.github.com/zeffy/e5ec266952932bc905eb0cbc6ed72185#file-isdeviceserviceable-c-L7)) which is at file offset `0x26C948`, from `0x01` to `0x00`. This makes `IsDeviceServiceable(void)` skip over the entire CPU check and immediately return the value stored at `dword_600002EE94C`, which by default is 1 (supported CPU). This is my preferred method, as it is a simple 1-byte change. **Note: this offset is only for the KB4012218-x64, for a list of all the patch offsets [click here](docs/Patch_Offsets.md).**
Unless otherwise noted, you should only have to:
2. Fill all the instructions highlighted [here](https://gist.github.com/zeffy/e5ec266952932bc905eb0cbc6ed72185#file-isdeviceserviceable-asm-L24-L26) in `IsDeviceServiceable(void)` with `nop`s. This will enabling using the `ForceUnsupportedCPU` value of type `REG_DWORD` under the registry key `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Test\Scan` (you will most likely have to create this registry key). You can set this value to `0x00000001` to force unsupported CPUs, or to `0x00000000` to use the default behaviour. You will probably need to restart your PC or restart the `wuauserv` service in order for changes to apply. **This is an internal testing feature used by Microsoft and could be removed in future updates, so I will not be providing xdelta files for it.**
- Run `uninstall_wufuc.bat` as administrator.
- Copy the new files into the install folder, overwriting the old ones.
- Run the new `install_wufuc.bat` as administrator.
## Caveats
### How do I remove your old patch and use this instead?
- You have to apply a new patch whenever `wuaueng.dll` gets updated.
- SFC scan errors will most likely occur as it will believe the integrity of the system has been compromised.
[BinDiff]: https://www.zynamics.com/software.html
[Diaphora]: http://diaphora.re
I've included a utility script called `repair_wuaueng.dll.bat`. When you run it, it will initiate an `sfc` scan and revert any changes made to `wuaueng.dll`.

33
appveyor.yml Normal file
View File

@@ -0,0 +1,33 @@
version: 0.6.1.{build}
skip_commits:
files:
- README.md
image: Visual Studio 2017
configuration: Release
platform:
- x86
- x64
build:
verbosity: minimal
before_build:
- cmd: >-
set "BUILD_VERSION=%APPVEYOR_BUILD_VERSION%-%APPVEYOR_REPO_COMMIT:~0,8%"
set "BUILD_VERSION_COMMA_SEP=%APPVEYOR_BUILD_VERSION:.=,%"
set "BUILD_ZIPFILE=%APPVEYOR_BUILD_FOLDER%\%APPVEYOR_PROJECT_NAME%_v%BUILD_VERSION%_%PLATFORM%.zip"
after_build:
- cmd: >-
copy /Y "LICENSE" "install\COPYING.txt"
cd "%APPVEYOR_BUILD_FOLDER%\install"
for /R %%G in (*.bat) do unix2dos "%%G"
7z a "%BUILD_ZIPFILE%" "..\install"
7z rn "%BUILD_ZIPFILE%" "install" "%APPVEYOR_PROJECT_NAME%"
artifacts:
- path: '*.zip'

44
docs/Patch_Offsets.md
View File

@@ -1,14 +1,34 @@
## Windows 7
Hotfix ID | Architecture | wuaueng.dll version | File offset | Original value | Patched value
--------- | ------------ | ------------------- | ----------- | -------------- | -------------
KB4012218 | x64 | 7.6.7601.23714 | `0x26C948` | `0x01` | `0x00`
KB4012218 | x86 | 7.6.7601.23714 | `0x1E4638` | `0x01` | `0x00`
KB4012219 | x64 | 7.9.9600.18621 | `0x34D3BC` | `0x01` | `0x00`
KB4012219 | x86 | 7.9.9600.18621 | `0x2BFA50` | `0x01` | `0x00`
KB4015546 and KB4015549 | x64 | 7.6.7601.23735 | `0x26C948` | `0x01` | `0x00`
KB4015546 and KB4015549 | x86 | 7.6.7601.23735 | `0x1E4838` | `0x01` | `0x00`
KB4015547 and KB4015550 | x64 | 7.9.9600.18628 | `0x34D5BC` | `0x01` | `0x00`
KB4015547 and KB4015550 | x86 | 7.9.9600.18628 | `0x2BFA50` | `0x01` | `0x00`
KB4015552 | x64 | 7.6.7601.23735 | `0x26C948` | `0x01` | `0x00`
KB4015552 | x86 | 7.6.7601.23735 | `0x1E4838` | `0x01` | `0x00`
KB4015553 | x64 | 7.9.9600.18628 | `0x34D5BC` | `0x01` | `0x00`
KB4015553 | x86 | 7.9.9600.18628 | `0x2BFA50` | `0x01` | `0x00`
[KB4012218] | x64 | 7.6.7601.23714 | `0x26C948` | `0x01` | `0x00`
[KB4012218] | x86 | 7.6.7601.23714 | `0x1E4638` | `0x01` | `0x00`
[KB4015546], [KB4015549], [KB4015552], [KB4019264] | x64 | 7.6.7601.23735 | `0x26C948` | `0x01` | `0x00`
[KB4015546], [KB4015549], [KB4015552], [KB4019264] | x86 | 7.6.7601.23735 | `0x1E4838` | `0x01` | `0x00`
[KB4019265] | x64 | 7.6.7601.23775 | `0x26C948` | `0x01` | `0x00`
[KB4019265] | x86 | 7.6.7601.23775 | `0x1E4838` | `0x01` | `0x00`
## Windows 8.1
Hotfix ID | Architecture | wuaueng.dll version | File offset | Original value | Patched value
--------- | ------------ | ------------------- | ----------- | -------------- | -------------
[KB4012219] | x64 | 7.9.9600.18621 | `0x34D3BC` | `0x01` | `0x00`
[KB4012219] | x86 | 7.9.9600.18621 | `0x2BFA50` | `0x01` | `0x00`
[KB4015547], [KB4015550], [KB4015553], [KB4019215], [KB4019217] | x64 | 7.9.9600.18628 | `0x34D5BC` | `0x01` | `0x00`
[KB4015547], [KB4015550], [KB4015553], [KB4019215], [KB4019217] | x86 | 7.9.9600.18628 | `0x2BFA50` | `0x01` | `0x00`
[KB4012218]: https://www.catalog.update.microsoft.com/search.aspx?q=KB4012218
[KB4015546]: https://www.catalog.update.microsoft.com/search.aspx?q=KB4015546
[KB4015549]: https://www.catalog.update.microsoft.com/search.aspx?q=KB4015549
[KB4015552]: https://www.catalog.update.microsoft.com/search.aspx?q=KB4015552
[KB4019264]: https://www.catalog.update.microsoft.com/search.aspx?q=KB4019264
[KB4019265]: https://www.catalog.update.microsoft.com/search.aspx?q=KB4019265
[KB4012219]: https://www.catalog.update.microsoft.com/search.aspx?q=kb4012219
[KB4015547]: https://www.catalog.update.microsoft.com/search.aspx?q=KB4015547
[KB4015550]: https://www.catalog.update.microsoft.com/search.aspx?q=KB4015550
[KB4015553]: https://www.catalog.update.microsoft.com/search.aspx?q=KB4015553
[KB4019215]: https://www.catalog.update.microsoft.com/search.aspx?q=KB4019215
[KB4019217]: https://www.catalog.update.microsoft.com/search.aspx?q=KB4019217

35
docs/Supported_Updates.md
View File

@@ -1,35 +0,0 @@
Title | Products | Classification | Last Updated | Version | Size
----- | -------- | -------------- | ------------ | ------- | ----
March, 2017 Preview of Monthly Quality Rollup for Windows 7 ([KB4012218]) | Windows 7 | Updates | 3/16/2017 | n/a | 93.4 MB
March, 2017 Preview of Monthly Quality Rollup for Windows 7 for x64-based Systems ([KB4012218]) | Windows 7 | Updates | 3/16/2017 | n/a | 153.9 MB
March, 2017 Preview of Monthly Quality Rollup for Windows Server 2008 R2 x64 Edition ([KB4012218]) | Windows Server 2008 R2 | Updates | 3/16/2017 | n/a | 153.9 MB
March, 2017 Preview of Monthly Quality Rollup for Windows 8.1 ([KB4012219]) | Windows 8.1 | Updates | 3/16/2017 | n/a | 121.2 MB
March, 2017 Preview of Monthly Quality Rollup for Windows 8.1 for x64-based Systems ([KB4012219]) | Windows 8.1 | Updates | 3/16/2017 | n/a | 218.0 MB
March, 2017 Preview of Monthly Quality Rollup for Windows Server 2012 R2 ([KB4012219]) | Windows Server 2012 R2 | Updates | 3/16/2017 | n/a | 218.0 MB
April, 2017 Security Only Quality Update for Windows 7 ([KB4015546]) | Windows 7 | Security Updates | 4/8/2017 | n/a | 23.2 MB
April, 2017 Security Only Quality Update for Windows 7 for x64-based Systems ([KB4015546]) | Windows 7 | Security Updates | 4/8/2017 | n/a | 37.5 MB
April, 2017 Security Only Quality Update for Windows Server 2008 R2 for x64-based Systems ([KB4015546]) | Windows Server 2008 R2 | Security Updates | 4/8/2017 | n/a | 37.5 MB
April, 2017 Security Only Quality Update for Windows 8.1 for x64-based Systems ([KB4015547]) | Windows 8.1 | Security Updates | 4/8/2017 | n/a | 15.6 MB
April, 2017 Security Only Quality Update for Windows 8.1 ([KB4015547]) | Windows 8.1 | Security Updates | 4/8/2017 | n/a | 10.1 MB
April, 2017 Security Only Quality Update for Windows Server 2012 R2 ([KB4015547]) | Windows Server 2012 R2 | Security Updates | 4/8/2017 | n/a | 15.6 MB
April, 2017 Security Monthly Quality Rollup for Windows 7 for x64-based Systems ([KB4015549]) | Windows 7 | Security Updates | 4/8/2017 | n/a | 159.9 MB
April, 2017 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems ([KB4015549]) | Windows Server 2008 R2 | Security Updates | 4/8/2017 | n/a | 159.9 MB
April, 2017 Security Monthly Quality Rollup for Windows 7 ([KB4015549]) | Windows 7 | Security Updates | 4/8/2017 | n/a | 97.6 MB
April, 2017 Security Monthly Quality Rollup for Windows 8.1 for x64-based Systems ([KB4015550]) | Windows 8.1 | Security Updates | 4/10/2017 | n/a | 220.9 MB
April, 2017 Security Monthly Quality Rollup for Windows Server 2012 R2 ([KB4015550]) | Windows Server 2012 R2 | Security Updates | 4/10/2017 | n/a | 220.9 MB
April, 2017 Security Monthly Quality Rollup for Windows 8.1 ([KB4015550]) | Windows 8.1 | Security Updates | 4/10/2017 | n/a | 122.4 MB
April, 2017 Preview of Monthly Quality Rollup for Windows Server 2008 R2 x64 Edition ([KB4015552]) | Windows Server 2008 R2 | Updates | 4/13/2017 | n/a | 160.9 MB
April, 2017 Preview of Monthly Quality Rollup for Windows 7 for x64-based Systems ([KB4015552]) | Windows 7 | Updates | 4/13/2017 | n/a | 160.9 MB
April, 2017 Preview of Monthly Quality Rollup for Windows 7 ([KB4015552]) | Windows 7 | Updates | 4/13/2017 | n/a | 98.1 MB
April, 2017 Preview of Monthly Quality Rollup for Windows Server 2012 R2 ([KB4015553]) | Windows Server 2012 R2 | Updates | 4/13/2017 | n/a | 224.0 MB
April, 2017 Preview of Monthly Quality Rollup for Windows 8.1 ([KB4015553]) | Windows 8.1 | Updates | 4/13/2017 | n/a | 124.6 MB
April, 2017 Preview of Monthly Quality Rollup for Windows 8.1 for x64-based Systems ([KB4015553]) | Windows 8.1 | Updates | 4/13/2017 | n/a | 224.0 MB
[KB4012218]: https://www.catalog.update.microsoft.com/search.aspx?q=kb4012218
[KB4012219]: https://www.catalog.update.microsoft.com/search.aspx?q=kb4012219
[KB4015546]: https://www.catalog.update.microsoft.com/search.aspx?q=KB4015546
[KB4015547]: https://www.catalog.update.microsoft.com/search.aspx?q=KB4015547
[KB4015549]: https://www.catalog.update.microsoft.com/search.aspx?q=KB4015549
[KB4015550]: https://www.catalog.update.microsoft.com/search.aspx?q=KB4015550
[KB4015552]: https://www.catalog.update.microsoft.com/search.aspx?q=KB4015552
[KB4015553]: https://www.catalog.update.microsoft.com/search.aspx?q=KB4015553

139
install/install_wufuc.bat Normal file
View File

@@ -0,0 +1,139 @@
@echo off
title wufuc installer
:: Copyright (C) 2017 zeffy
:: This program is free software: you can redistribute it and/or modify
:: it under the terms of the GNU General Public License as published by
:: the Free Software Foundation, either version 3 of the License, or
:: (at your option) any later version.
:: This program is distributed in the hope that it will be useful,
:: but WITHOUT ANY WARRANTY; without even the implied warranty of
:: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
:: GNU General Public License for more details.
:: You should have received a copy of the GNU General Public License
:: along with this program. If not, see <http://www.gnu.org/licenses/>.
echo Copyright ^(C^) 2017 zeffy
echo This program comes with ABSOLUTELY NO WARRANTY.
echo This is free software, and you are welcome to redistribute it
echo under certain conditions; see COPYING.txt for details.
echo.
fltmc >nul 2>&1 || (
echo This batch script requires administrator privileges. Right-click on
echo %~nx0 and select "Run as administrator".
goto :die
)
echo Checking system requirements...
if /I "%PROCESSOR_ARCHITECTURE%"=="AMD64" (
goto :is_x64
) else (
if /I "%PROCESSOR_ARCHITEW6432%"=="AMD64" (
goto :is_x64
)
if /I "%PROCESSOR_ARCHITECTURE%"=="x86" (
goto :is_x86
)
)
goto :unsupported_os
:is_x86
set "WINDOWS_ARCHITECTURE=x86"
set "wufuc_dll=%~dp0wufuc32.dll"
goto :get_ver
:is_x64
set "WINDOWS_ARCHITECTURE=x64"
set "wufuc_dll=%~dp0wufuc64.dll"
:get_ver
for /f "tokens=*" %%i in ('wmic /output:stdout datafile where "name='%wufuc_dll:\=\\%'" get Version /value ^| find "="') do set "%%i"
title wufuc installer - v%Version%
:check_ver
wmic /output:stdout os get version | findstr "^6\.1\." >nul && (
set "WINDOWS_VER=6.1"
set "SUPPORTED_HOTFIXES=KB4022722 KB4022719 KB4019265 KB4019264 KB4015552 KB4015549 KB4015546 KB4012218"
echo Detected supported operating system: Windows 7 %WINDOWS_ARCHITECTURE%
goto :check_hotfix
)
wmic /output:stdout os get version | findstr "^6\.3\." >nul && (
set "WINDOWS_VER=8.1"
set "SUPPORTED_HOTFIXES=KB4022726 KB4022717 KB4019217 KB4019215 KB4015553 KB4015550 KB4015547 KB4012219"
echo Detected supported operating system: Windows 8.1 %WINDOWS_ARCHITECTURE%
goto :check_hotfix
)
:unsupported_os
echo Detected that you are using an unsupported operating system.
echo.
echo This patch only works on the following versions of Windows:
echo.
echo - Windows 7 (x64 and x86)
echo - Windows 8.1 (x64 and x86)
echo - Windows Server 2008 R2
echo - Windows Server 2012 R2
goto :die
:check_hotfix
for %%a in (%SUPPORTED_HOTFIXES%) do (
wmic /output:stdout qfe get hotfixid | find "%%a" >nul && (
set "INSTALLED_HOTFIX=%%a"
echo Detected supported installed update: %%a
goto :confirmation
)
)
wmic /output:stdout qfe get /value 2>&1 | find "No Instance(s) Available" >nul && (
echo WARNING - wmic qfe is broken, can't check installed updates...
goto :confirmation
)
echo.
echo WARNING - Detected that no supported updates are installed.
echo.
echo This warning could also mean that a new update came out and the
echo wufuc installer script's list of updates hasn't been updated yet.
echo If this is definitely the case and you know which update it is,
echo feel free to create an issue. https://github.com/zeffy/wufuc/issues
:confirmation
echo.
echo wufuc disables the "Unsupported Hardware" message in Windows Update,
echo and allows you to continue installing updates on Windows 7 and 8.1
echo systems with Intel Kaby Lake, AMD Ryzen, or other unsupported processors.
echo.
echo Please be absolutely sure you really need wufuc before continuing.
echo.
set /p CONTINUE=Enter 'Y' if you want to install wufuc:
if /I not "%CONTINUE%"=="Y" goto :cancel
echo.
:install
set "wufuc_task=wufuc.{72EEE38B-9997-42BD-85D3-2DD96DA17307}"
net start Schedule
schtasks /Create /XML "%~dp0wufuc.xml" /TN "%wufuc_task%" /F
schtasks /Change /TN "%wufuc_task%" /TR "'%systemroot%\system32\rundll32.exe' """%wufuc_dll%""",Rundll32Entry"
schtasks /Change /TN "%wufuc_task%" /ENABLE
rundll32 "%wufuc_dll%",Rundll32Unload
schtasks /Run /TN "%wufuc_task%"
echo.
echo Installed and started wufuc, you can now continue installing updates! :^)
echo.
echo To uninstall, run uninstall_wufuc.bat as administrator.
goto :die
:die
echo.
echo Press any key to exit...
pause >nul
exit
:cancel
echo.
echo Canceled by user, press any key to exit...
pause >nul
exit

78
install/uninstall_wufuc.bat Normal file
View File

@@ -0,0 +1,78 @@
@echo off
title wufuc uninstaller
:: Copyright (C) 2017 zeffy
:: This program is free software: you can redistribute it and/or modify
:: it under the terms of the GNU General Public License as published by
:: the Free Software Foundation, either version 3 of the License, or
:: (at your option) any later version.
:: This program is distributed in the hope that it will be useful,
:: but WITHOUT ANY WARRANTY; without even the implied warranty of
:: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
:: GNU General Public License for more details.
:: You should have received a copy of the GNU General Public License
:: along with this program. If not, see <http://www.gnu.org/licenses/>.
echo Copyright ^(C^) 2017 zeffy
echo This program comes with ABSOLUTELY NO WARRANTY.
echo This is free software, and you are welcome to redistribute it
echo under certain conditions; see COPYING.txt for details.
echo.
fltmc >nul 2>&1 || (
echo This batch script requires administrator privileges. Right-click on
echo %~nx0 and select "Run as administrator".
goto :die
)
if /I "%PROCESSOR_ARCHITECTURE%"=="AMD64" (
goto :is_x64
) else (
if /I "%PROCESSOR_ARCHITEW6432%"=="AMD64" (
goto :is_x64
)
if /I "%PROCESSOR_ARCHITECTURE%"=="x86" (
goto :is_x86
)
)
goto :die
:is_x86
set "WINDOWS_ARCHITECTURE=x86"
set "wufuc_dll=%~dp0wufuc32.dll"
goto :get_ver
:is_x64
set "WINDOWS_ARCHITECTURE=x64"
set "wufuc_dll=%~dp0wufuc64.dll"
:get_ver
for /f "tokens=*" %%i in ('wmic /output:stdout datafile where "name='%wufuc_dll:\=\\%'" get Version /value ^| find "="') do set "%%i"
title wufuc uninstaller - v%Version%
:confirmation
set /p CONTINUE=Enter 'Y' if you want to uninstall wufuc:
if /I not "%CONTINUE%"=="Y" goto :cancel
echo.
set "wufuc_task=wufuc.{72EEE38B-9997-42BD-85D3-2DD96DA17307}"
rundll32 "%wufuc_dll%",Rundll32Unload
net start Schedule
schtasks /Delete /TN "%wufuc_task%" /F
echo.
echo Unloaded and uninstalled wufuc. :^(
:die
echo.
echo Press any key to exit...
pause >nul
exit
:cancel
echo.
echo Canceled by user, press any key to exit...
pause >nul
exit

66
install/utility scripts/debugview_helper.bat Normal file
View File

@@ -0,0 +1,66 @@
@echo off
title wufuc utility - debugview helper
:: Copyright (C) 2017 zeffy
:: This program is free software: you can redistribute it and/or modify
:: it under the terms of the GNU General Public License as published by
:: the Free Software Foundation, either version 3 of the License, or
:: (at your option) any later version.
:: This program is distributed in the hope that it will be useful,
:: but WITHOUT ANY WARRANTY; without even the implied warranty of
:: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
:: GNU General Public License for more details.
:: You should have received a copy of the GNU General Public License
:: along with this program. If not, see <http://www.gnu.org/licenses/>.
echo Copyright ^(C^) 2017 zeffy
echo This program comes with ABSOLUTELY NO WARRANTY.
echo This is free software, and you are welcome to redistribute it
echo under certain conditions; see COPYING.txt for details.
echo.
fltmc >nul 2>&1 || (
echo This batch script requires administrator privileges. Right-click on
echo %~nx0 and select "Run as administrator".
goto :die
)
if /I "%PROCESSOR_ARCHITECTURE%"=="AMD64" (
goto :is_x64
) else (
if /I "%PROCESSOR_ARCHITEW6432%"=="AMD64" (
goto :is_x64
)
if /I "%PROCESSOR_ARCHITECTURE%"=="x86" (
goto :is_x86
)
)
goto :die
:is_x86
set "wufuc_dll=%~dp0..\wufuc32.dll"
goto :unload
:is_x64
set "wufuc_dll=%~dp0..\wufuc64.dll"
:unload
rundll32 "%wufuc_dll%",Rundll32Unload
net stop wuauserv
set "wufuc_task=wufuc.{72EEE38B-9997-42BD-85D3-2DD96DA17307}"
net start Schedule
schtasks /Change /TN "%wufuc_task%" /ENABLE
schtasks /Run /TN "%wufuc_task%"
timeout /nobreak /t 3 >nul
net start wuauserv
echo Restarted wufuc and wuauserv.
:die
echo.
pause
exit

61
install/utility scripts/disable_wufuc.bat Normal file
View File

@@ -0,0 +1,61 @@
@echo off
title wufuc utility - disable task
:: Copyright (C) 2017 zeffy
:: This program is free software: you can redistribute it and/or modify
:: it under the terms of the GNU General Public License as published by
:: the Free Software Foundation, either version 3 of the License, or
:: (at your option) any later version.
:: This program is distributed in the hope that it will be useful,
:: but WITHOUT ANY WARRANTY; without even the implied warranty of
:: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
:: GNU General Public License for more details.
:: You should have received a copy of the GNU General Public License
:: along with this program. If not, see <http://www.gnu.org/licenses/>.
echo Copyright ^(C^) 2017 zeffy
echo This program comes with ABSOLUTELY NO WARRANTY.
echo This is free software, and you are welcome to redistribute it
echo under certain conditions; see COPYING.txt for details.
echo.
fltmc >nul 2>&1 || (
echo This batch script requires administrator privileges. Right-click on
echo %~nx0 and select "Run as administrator".
goto :die
)
if /I "%PROCESSOR_ARCHITECTURE%"=="AMD64" (
goto :is_x64
) else (
if /I "%PROCESSOR_ARCHITEW6432%"=="AMD64" (
goto :is_x64
)
if /I "%PROCESSOR_ARCHITECTURE%"=="x86" (
goto :is_x86
)
)
goto :die
:is_x86
set "wufuc_dll=%~dp0..\wufuc32.dll"
goto :disable
:is_x64
set "wufuc_dll=%~dp0..\wufuc64.dll"
:disable
set "wufuc_task=wufuc.{72EEE38B-9997-42BD-85D3-2DD96DA17307}"
rundll32 "%wufuc_dll%",Rundll32Unload
net start Schedule
schtasks /Change /TN "%wufuc_task%" /DISABLE
echo.
echo Disabled wufuc! You will still be able to check for updates until you restart.
:die
echo.
pause
exit

41
install/utility scripts/enable_wufuc.bat Normal file
View File

@@ -0,0 +1,41 @@
@echo off
title wufuc utility - enable task
:: Copyright (C) 2017 zeffy
:: This program is free software: you can redistribute it and/or modify
:: it under the terms of the GNU General Public License as published by
:: the Free Software Foundation, either version 3 of the License, or
:: (at your option) any later version.
:: This program is distributed in the hope that it will be useful,
:: but WITHOUT ANY WARRANTY; without even the implied warranty of
:: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
:: GNU General Public License for more details.
:: You should have received a copy of the GNU General Public License
:: along with this program. If not, see <http://www.gnu.org/licenses/>.
echo Copyright ^(C^) 2017 zeffy
echo This program comes with ABSOLUTELY NO WARRANTY.
echo This is free software, and you are welcome to redistribute it
echo under certain conditions; see COPYING.txt for details.
echo.
fltmc >nul 2>&1 || (
echo This batch script requires administrator privileges. Right-click on
echo %~nx0 and select "Run as administrator".
goto :die
)
set "wufuc_task=wufuc.{72EEE38B-9997-42BD-85D3-2DD96DA17307}"
net start Schedule
schtasks /Change /TN "%wufuc_task%" /ENABLE
schtasks /Run /TN "%wufuc_task%"
echo.
echo Enabled and started wufuc!
:die
echo.
pause
exit

51
install/utility scripts/repair_wuaueng.dll.bat Normal file
View File

@@ -0,0 +1,51 @@
@echo off
title wufuc utility - repair wuaueng.dll
:: Copyright (C) 2017 zeffy
:: This program is free software: you can redistribute it and/or modify
:: it under the terms of the GNU General Public License as published by
:: the Free Software Foundation, either version 3 of the License, or
:: (at your option) any later version.
:: This program is distributed in the hope that it will be useful,
:: but WITHOUT ANY WARRANTY; without even the implied warranty of
:: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
:: GNU General Public License for more details.
:: You should have received a copy of the GNU General Public License
:: along with this program. If not, see <http://www.gnu.org/licenses/>.
echo Copyright ^(C^) 2017 zeffy
echo This program comes with ABSOLUTELY NO WARRANTY.
echo This is free software, and you are welcome to redistribute it
echo under certain conditions; see COPYING.txt for details.
echo.
fltmc >nul 2>&1 || (
echo This batch script requires administrator privileges. Right-click on
echo %~nx0 and select "Run as administrator".
goto :die
)
echo You may want to use this script if you previously modified wuaueng.dll
echo with "aio-wuaueng.dll-patch.bat" or by other means.
echo.
echo This will run the sfc utility and it will restore any changes that were made.
echo.
set /p CONTINUE=Enter 'Y' if you want to repair wuaueng.dll:
if /I not "%CONTINUE%"=="Y" goto :cancel
sfc /SCANFILE="%systemroot%\System32\wuaueng.dll"
:die
echo.
echo Press any key to exit...
pause >nul
exit
:cancel
echo.
echo Canceled by user, press any key to exit...
pause >nul
exit

BIN
install/wufuc.xml Normal file
View File

Binary file not shown.

270
patch_scripts/aio/aio-wuaueng.dll-patch.bat
View File

@@ -1,270 +0,0 @@
@echo off
:: Copyright (C) 2017 zeffy <https://github.com/zeffy>
:: This program is free software: you can redistribute it and/or modify
:: it under the terms of the GNU General Public License as published by
:: the Free Software Foundation, either version 3 of the License, or
:: (at your option) any later version.
:: This program is distributed in the hope that it will be useful,
:: but WITHOUT ANY WARRANTY; without even the implied warranty of
:: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
:: GNU General Public License for more details.
:: You should have received a copy of the GNU General Public License
:: along with this program. If not, see <http://www.gnu.org/licenses/>.
echo Copyright (C) 2017 zeffy ^<https://github.com/zeffy^>
echo This program comes with ABSOLUTELY NO WARRANTY.
echo This is free software, and you are welcome to redistribute it
echo under certain conditions; see COPYING.txt for details.
echo.
net session >nul 2>&1 || (
echo This batch script requires administrator privileges. Right-click on
echo %~nx0 and select "Run as administrator".
goto :die
)
set "SYSTEM32_DIR=%systemroot%\System32"
set "WUAUENG_DLL=%SYSTEM32_DIR%\wuaueng.dll"
echo Checking system requirements...
:check_bitness
if /I "%PROCESSOR_ARCHITECTURE%"=="AMD64" (
goto :is_x64
) else (
if /I "%PROCESSOR_ARCHITEW6432%"=="AMD64" (
goto :is_x64
)
if /I "%PROCESSOR_ARCHITECTURE%"=="x86" (
set "WINDOWS_ARCHITECTURE=x86"
set "XDELTA3_EXE=%~dp0xdelta3-3.0.11-i686.exe"
goto :find_xdelta3
)
)
goto :unsupported_os
:is_x64
set "WINDOWS_ARCHITECTURE=x64"
set "XDELTA3_EXE=%~dp0xdelta3-3.0.11-x86_64.exe"
:find_xdelta3
echo.
if not exist "%XDELTA3_EXE%" (
call :file_not_found "%XDELTA3_EXE%"
goto :die
)
wmic /output:stdout os get version | findstr "^6\.1\." >nul && (
set "WINDOWS_VER=6.1"
set "SUPPORTED_HOTFIXES=KB4019264 KB4015552 KB4015549 KB4015546 KB4012218"
echo Detected supported operating system: Windows 7 %WINDOWS_ARCHITECTURE%
goto :check_hotfix
)
wmic /output:stdout os get version | findstr "^6\.3\." >nul && (
set "WINDOWS_VER=8.1"
set "SUPPORTED_HOTFIXES=KB4019215 KB4015553 KB4015550 KB4015547 KB4012219"
echo Detected supported operating system: Windows 8.1 %WINDOWS_ARCHITECTURE%
goto :check_hotfix
)
:unsupported_os
echo Detected that you are using an unsupported operating system.
echo.
echo This patch only works on the following versions of Windows:
echo.
echo - Windows 7 (x64 and x86)
echo - Windows 8.1 (x64 and x86)
echo - Windows Server 2008 R2 (reported as Windows 7 x64)
echo - Windows Server 2012 R2 (reported as Windows 8.1 x64)
goto :die
:check_hotfix
echo.
for %%a in (%SUPPORTED_HOTFIXES%) do (
wmic /output:stdout qfe get hotfixid | find "%%a" >nul && (
set "INSTALLED_HOTFIX=%%a"
echo Detected installed supported update: %%a
goto :confirmation
)
)
echo Detected that no supported updates are installed! If you are getting
echo unsupported hardware errors in Windows Update, please create an issue
echo and I will try to help you out.
echo.
echo https://github.com/zeffy/kb4012218-19/issues
echo.
call :show_debug_info
goto :die
:confirmation
echo.
echo This patch only works on the following versions of Windows:
echo.
echo - Windows 7 (x64 and x86)
echo - Windows 8.1 (x64 and x86)
echo - Windows Server 2008 R2 (reported as Windows 7 x64)
echo - Windows Server 2012 R2 (reported as Windows 8.1 x64)
echo.
echo If you have another version of Windows, please close this window immediately.
echo.
echo By continuing, you acknowledge that you want to modify wuaueng.dll.
echo.
echo I take no responsibility if you somehow ruin your PC with this script.
echo.
set /p CONTINUE=Enter 'Y' if you understand, and still want to continue:
if /I not "%CONTINUE%"=="Y" goto :cancel
:ask
echo.
echo Would you like to install the patch or uninstall it?
echo.
echo 1. Install
echo 2. Uninstall
echo.
set /p CHOICE=Enter your choice:
if "%CHOICE%"=="1" (
set "PATCH_TYPE=patch"
goto :begin
)
if "%CHOICE%"=="2" (
set "PATCH_TYPE=unpatch"
goto :begin
)
echo Invalid choice, please try again...
goto :ask
:begin
echo.
set "DELTA_FILE=%~dp0patches\Windows%WINDOWS_VER%-%INSTALLED_HOTFIX%-%WINDOWS_ARCHITECTURE%-%PATCH_TYPE%.xdelta"
if not exist "%DELTA_FILE%" (
call :file_not_found "%DELTA_FILE%"
goto :die
)
call :set_timestamp_var
set "BACKUP_FILE=%WUAUENG_DLL%_%TIMESTAMP%_before-%PATCH_TYPE%.bak"
set "ACL_TEMP_FILE=%temp%\wuaueng.dll_acl_%TIMESTAMP%.txt"
net stop wuauserv
takeown /F "%WUAUENG_DLL%" /A
icacls "%WUAUENG_DLL%" /save "%ACL_TEMP_FILE%"
:: Administrators group SID
icacls "%WUAUENG_DLL%" /grant *S-1-5-32-544:F
move "%WUAUENG_DLL%" "%BACKUP_FILE%"
"%XDELTA3_EXE%" -d -s "%BACKUP_FILE%" "%DELTA_FILE%" "%WUAUENG_DLL%"
if errorlevel 1 (
set "THERE_WAS_AN_ERROR=%errorlevel%"
move /Y "%BACKUP_FILE%" "%WUAUENG_DLL%"
)
:: "NT Service\TrustedInstaller" SID
icacls "%WUAUENG_DLL%" /setowner *S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464
icacls "%SYSTEM32_DIR%" /restore "%ACL_TEMP_FILE%"
net start wuauserv
echo.
if defined THERE_WAS_AN_ERROR (
echo There was an error while %PATCH_TYPE%ing. Nothing has been modified.
echo If you didn't screw with the script or anything like that and this
echo error was unexpected, please create an issue and include the output
echo of this window in your post.
echo.
echo https://github.com/zeffy/kb4012218-19/issues
echo.
call :show_debug_info
) else (
echo Successfully %PATCH_TYPE%ed!
echo If you want to revert the changes that have been made for whatever
echo reason, you can run this script again and pick the other option.
echo.
echo You can also manually restore the backup file located at
echo '%BACKUP_FILE%'
echo by renaming it back to wuaueng.dll, changing the owner back to
echo "NT Service\TrustedInstaller", and restoring the original permissions from
echo '%ACL_TEMP_FILE%'.
echo However, make absolutely sure you only restore the backup that is the same
echo version as the current wuaueng.dll, or you could corrupt the WinSxS component
echo store.
)
:die
echo.
echo Press any key to exit...
pause >nul
exit
:cancel
echo.
echo Canceled by user, press any key to exit...
pause >nul
exit
:show_debug_info
echo Gathering debugging information, please wait...
call :set_timestamp_var
set "DEBUG_LOG_FILE=%temp%\%~nx0-debuginfo_%TIMESTAMP%.log"
set "WMI_OS_VALUES=BuildNumber,Caption,MUILanguages,OSArchitecture,OSLanguage,Version"
set "WMI_CPU_VALUES=Description,Family,Manufacturer,Name,NumberOfCores,NumberOfLogicalProcessors,ProcessorId,Revision"
set "WMI_QFE_VALUES=HotFixID,InstalledOn"
set "WMI_DATAFILE_VALUES=CreationDate,FileSize,InstallDate,LastAccessed,LastModified,Version"
set "CERTUTIL_HASH_ALGS=MD5 SHA1 SHA256"
echo.>"%DEBUG_LOG_FILE%"
echo ^<details^>>>"%DEBUG_LOG_FILE%"
echo.>>"%DEBUG_LOG_FILE%"
echo ## Operating System>>"%DEBUG_LOG_FILE%"
echo.>>"%DEBUG_LOG_FILE%"
echo ```>>"%DEBUG_LOG_FILE%"
wmic /output:stdout os get %WMI_OS_VALUES% /value | findstr /V "^$" >>"%DEBUG_LOG_FILE%"
echo ```>>"%DEBUG_LOG_FILE%"
echo.>>"%DEBUG_LOG_FILE%"
echo ## Processor>>"%DEBUG_LOG_FILE%"
echo.>>"%DEBUG_LOG_FILE%"
echo ```>>"%DEBUG_LOG_FILE%"
wmic /output:stdout cpu get %WMI_CPU_VALUES% /value | findstr /V "^$" >>"%DEBUG_LOG_FILE%"
echo ```>>"%DEBUG_LOG_FILE%"
echo.>>"%DEBUG_LOG_FILE%"
echo ## Installed Hotfixes>>"%DEBUG_LOG_FILE%"
echo.>>"%DEBUG_LOG_FILE%"
echo ```>>"%DEBUG_LOG_FILE%"
wmic /output:stdout qfe get %WMI_QFE_VALUES% /value | findstr /V "^$" >>"%DEBUG_LOG_FILE%"
echo ```>>"%DEBUG_LOG_FILE%"
echo.>>"%DEBUG_LOG_FILE%"
echo ## wuaueng.dll Properties>>"%DEBUG_LOG_FILE%"
echo.>>"%DEBUG_LOG_FILE%"
echo ```>>"%DEBUG_LOG_FILE%"
for %%a in (%CERTUTIL_HASH_ALGS%) do (
certutil -hashfile "%WUAUENG_DLL%" "%%a" | find /V "CertUtil" >>"%DEBUG_LOG_FILE%"
echo.>>"%DEBUG_LOG_FILE%"
)
wmic /output:stdout datafile where "name='%WUAUENG_DLL:\=\\%'" get %WMI_DATAFILE_VALUES% /value | findstr /V "^$" >>"%DEBUG_LOG_FILE%"
echo ```>>"%DEBUG_LOG_FILE%"
echo ^</details^>>>"%DEBUG_LOG_FILE%"
echo.
echo Done! Please copy the text from Notepad into your GitHub issue.
echo Opening log file in 5 seconds...
timeout /t 5 /nobreak >nul
start "" notepad "%DEBUG_LOG_FILE%"
exit /b
:set_timestamp_var
for /f "delims=" %%a in ('wmic /output:stdout os get localdatetime ^| find "."') do set dt=%%a
set "TIMESTAMP=%dt:~0,4%-%dt:~4,2%-%dt:~6,2%_%dt:~8,2%-%dt:~10,2%-%dt:~12,2%_%dt:~15,6%"
exit /b
:file_not_found
echo File "%~1" not found!
echo Make sure you extracted all the files from the release .zip and try again.
exit /b

BIN
patch_scripts/aio/patches/Windows6.1-KB4012218-x64-patch.xdelta
View File

Binary file not shown.

BIN
patch_scripts/aio/patches/Windows6.1-KB4012218-x64-unpatch.xdelta
View File

Binary file not shown.

BIN
patch_scripts/aio/patches/Windows6.1-KB4012218-x86-patch.xdelta
View File

Binary file not shown.

BIN
patch_scripts/aio/patches/Windows6.1-KB4012218-x86-unpatch.xdelta
View File

Binary file not shown.

BIN
patch_scripts/aio/patches/Windows6.1-KB4015546-x64-patch.xdelta
View File

Binary file not shown.

BIN
patch_scripts/aio/patches/Windows6.1-KB4015546-x64-unpatch.xdelta
View File

Binary file not shown.

BIN
patch_scripts/aio/patches/Windows6.1-KB4015546-x86-patch.xdelta
View File

Binary file not shown.

BIN
patch_scripts/aio/patches/Windows6.1-KB4015546-x86-unpatch.xdelta
View File

Binary file not shown.

BIN
patch_scripts/aio/patches/Windows6.1-KB4015549-x64-patch.xdelta
View File

Binary file not shown.

BIN
patch_scripts/aio/patches/Windows6.1-KB4015549-x64-unpatch.xdelta
View File

Binary file not shown.

BIN
patch_scripts/aio/patches/Windows6.1-KB4015549-x86-patch.xdelta
View File

Binary file not shown.

BIN
patch_scripts/aio/patches/Windows6.1-KB4015549-x86-unpatch.xdelta
View File

Binary file not shown.

BIN
patch_scripts/aio/patches/Windows6.1-KB4015552-x64-patch.xdelta
View File

Binary file not shown.

BIN
patch_scripts/aio/patches/Windows6.1-KB4015552-x64-unpatch.xdelta
View File

Binary file not shown.

BIN
patch_scripts/aio/patches/Windows6.1-KB4015552-x86-patch.xdelta
View File

Binary file not shown.

BIN
patch_scripts/aio/patches/Windows6.1-KB4015552-x86-unpatch.xdelta
View File

Binary file not shown.

BIN
patch_scripts/aio/patches/Windows6.1-KB4019264-x64-patch.xdelta
View File

Binary file not shown.

BIN
patch_scripts/aio/patches/Windows6.1-KB4019264-x64-unpatch.xdelta
View File

Binary file not shown.

BIN
patch_scripts/aio/patches/Windows6.1-KB4019264-x86-patch.xdelta
View File

Binary file not shown.

BIN
patch_scripts/aio/patches/Windows6.1-KB4019264-x86-unpatch.xdelta
View File

Binary file not shown.

BIN
patch_scripts/aio/patches/Windows8.1-KB4012219-x64-patch.xdelta
View File

Binary file not shown.

BIN
patch_scripts/aio/patches/Windows8.1-KB4012219-x64-unpatch.xdelta
View File

Binary file not shown.

BIN
patch_scripts/aio/patches/Windows8.1-KB4012219-x86-patch.xdelta
View File

Binary file not shown.

BIN
patch_scripts/aio/patches/Windows8.1-KB4012219-x86-unpatch.xdelta
View File

Binary file not shown.

BIN
patch_scripts/aio/patches/Windows8.1-KB4015547-x64-patch.xdelta
View File

Binary file not shown.

BIN
patch_scripts/aio/patches/Windows8.1-KB4015547-x64-unpatch.xdelta
View File

Binary file not shown.

BIN
patch_scripts/aio/patches/Windows8.1-KB4015547-x86-patch.xdelta
View File

Binary file not shown.

BIN
patch_scripts/aio/patches/Windows8.1-KB4015547-x86-unpatch.xdelta
View File

Binary file not shown.

BIN
patch_scripts/aio/patches/Windows8.1-KB4015550-x64-patch.xdelta
View File

Binary file not shown.

BIN
patch_scripts/aio/patches/Windows8.1-KB4015550-x64-unpatch.xdelta
View File

Binary file not shown.

BIN
patch_scripts/aio/patches/Windows8.1-KB4015550-x86-patch.xdelta
View File

Binary file not shown.

BIN
patch_scripts/aio/patches/Windows8.1-KB4015550-x86-unpatch.xdelta
View File

Binary file not shown.

BIN
patch_scripts/aio/patches/Windows8.1-KB4015553-x64-patch.xdelta
View File

Binary file not shown.

BIN
patch_scripts/aio/patches/Windows8.1-KB4015553-x64-unpatch.xdelta
View File

Binary file not shown.

BIN
patch_scripts/aio/patches/Windows8.1-KB4015553-x86-patch.xdelta
View File

Binary file not shown.

BIN
patch_scripts/aio/patches/Windows8.1-KB4015553-x86-unpatch.xdelta
View File

Binary file not shown.

BIN
patch_scripts/aio/patches/Windows8.1-KB4019215-x64-patch.xdelta
View File

Binary file not shown.

BIN
patch_scripts/aio/patches/Windows8.1-KB4019215-x64-unpatch.xdelta
View File

Binary file not shown.

BIN
patch_scripts/aio/patches/Windows8.1-KB4019215-x86-patch.xdelta
View File

Binary file not shown.

BIN
patch_scripts/aio/patches/Windows8.1-KB4019215-x86-unpatch.xdelta
View File

Binary file not shown.

37
wufuc.sln Normal file
View File

@@ -0,0 +1,37 @@

Microsoft Visual Studio Solution File, Format Version 12.00
# Visual Studio 15
VisualStudioVersion = 15.0.26430.12
MinimumVisualStudioVersion = 10.0.40219.1
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wufuc", "wufuc\wufuc.vcxproj", "{00F96695-CE41-4C2F-A344-6219DFB4F887}"
EndProject
Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{8C2147FF-2B83-479B-813E-5ACB86F43042}"
ProjectSection(SolutionItems) = preProject
.gitattributes = .gitattributes
.gitignore = .gitignore
appveyor.yml = appveyor.yml
LICENSE = LICENSE
README.md = README.md
EndProjectSection
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|x64 = Debug|x64
Debug|x86 = Debug|x86
Release|x64 = Release|x64
Release|x86 = Release|x86
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{00F96695-CE41-4C2F-A344-6219DFB4F887}.Debug|x64.ActiveCfg = Debug|x64
{00F96695-CE41-4C2F-A344-6219DFB4F887}.Debug|x64.Build.0 = Debug|x64
{00F96695-CE41-4C2F-A344-6219DFB4F887}.Debug|x86.ActiveCfg = Debug|Win32
{00F96695-CE41-4C2F-A344-6219DFB4F887}.Debug|x86.Build.0 = Debug|Win32
{00F96695-CE41-4C2F-A344-6219DFB4F887}.Release|x64.ActiveCfg = Release|x64
{00F96695-CE41-4C2F-A344-6219DFB4F887}.Release|x64.Build.0 = Release|x64
{00F96695-CE41-4C2F-A344-6219DFB4F887}.Release|x86.ActiveCfg = Release|Win32
{00F96695-CE41-4C2F-A344-6219DFB4F887}.Release|x86.Build.0 = Release|Win32
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal

163
wufuc/core.c Normal file
View File

@@ -0,0 +1,163 @@
#include <Windows.h>
#include <stdint.h>
#include <tchar.h>
#include <Psapi.h>
#include <sddl.h>
#include "service.h"
#include "patternfind.h"
#include "util.h"
#include "shared.h"
#include "core.h"
DWORD WINAPI NewThreadProc(LPVOID lpParam) {
SC_HANDLE hSCManager = OpenSCManager(NULL, SERVICES_ACTIVE_DATABASE, SC_MANAGER_CONNECT);
TCHAR lpBinaryPathName[0x8000];
get_svcpath(hSCManager, _T("wuauserv"), lpBinaryPathName, _countof(lpBinaryPathName));
BOOL result = _tcsicmp(GetCommandLine(), lpBinaryPathName);
CloseServiceHandle(hSCManager);
if (result) {
return 0;
}
SECURITY_ATTRIBUTES sa;
sa.nLength = sizeof(SECURITY_ATTRIBUTES);
ConvertStringSecurityDescriptorToSecurityDescriptor(_T("D:PAI(A;;FA;;;BA)"), SDDL_REVISION_1, &sa.lpSecurityDescriptor, NULL);
sa.bInheritHandle = FALSE;
HANDLE hEvent = CreateEvent(&sa, TRUE, FALSE, _T("Global\\wufuc_UnloadEvent"));
if (!hEvent) {
return 0;
}
DWORD dwProcessId = GetCurrentProcessId();
DWORD dwThreadId = GetCurrentThreadId();
HANDLE lphThreads[0x1000];
SIZE_T cb;
SuspendProcessThreads(dwProcessId, dwThreadId, lphThreads, _countof(lphThreads), &cb);
HMODULE hm = GetModuleHandle(NULL);
DETOUR_IAT(hm, LoadLibraryExA);
DETOUR_IAT(hm, LoadLibraryExW);
TCHAR lpServiceDll[MAX_PATH + 1];
get_svcdll(_T("wuauserv"), lpServiceDll, _countof(lpServiceDll));
HMODULE hwu = GetModuleHandle(lpServiceDll);
if (hwu && PatchWUAgentHMODULE(hwu)) {
_tdbgprintf(_T("Patched previously loaded Windows Update module!"));
}
ResumeAndCloseThreads(lphThreads, cb);
WaitForSingleObject(hEvent, INFINITE);
_tdbgprintf(_T("Unload event was set."));
SuspendProcessThreads(dwProcessId, dwThreadId, lphThreads, _countof(lphThreads), &cb);
RESTORE_IAT(hm, LoadLibraryExA);
RESTORE_IAT(hm, LoadLibraryExW);
ResumeAndCloseThreads(lphThreads, cb);
CloseHandle(hEvent);
_tdbgprintf(_T("See ya!"));
FreeLibraryAndExitThread(HINST_THISCOMPONENT, 0);
}
BOOL PatchWUAgentHMODULE(HMODULE hModule) {
LPSTR pattern;
SIZE_T offset00, offset01;
#ifdef _AMD64_
pattern = "FFF3 4883EC?? 33DB 391D???????? 7508 8B05????????";
offset00 = 10;
offset01 = 18;
#elif defined(_X86_)
if (g_IsWindows7) {
pattern = "833D????????00 743E E8???????? A3????????";
offset00 = 2;
offset01 = 15;
} else if (g_IsWindows8Point1) {
pattern = "8BFF 51 833D????????00 7507 A1????????";
offset00 = 5;
offset01 = 13;
} else {
return FALSE;
}
#endif
MODULEINFO modinfo;
GetModuleInformation(GetCurrentProcess(), hModule, &modinfo, sizeof(MODULEINFO));
SIZE_T rva = patternfind(modinfo.lpBaseOfDll, modinfo.SizeOfImage, 0, pattern);
if (rva == -1) {
_tdbgprintf(_T("No pattern match!"));
return FALSE;
}
uintptr_t baseAddress = (uintptr_t)modinfo.lpBaseOfDll;
uintptr_t fpIsDeviceServiceable = baseAddress + rva;
_tdbgprintf(_T("Found address of IsDeviceServiceable. (%p)"), fpIsDeviceServiceable);
BOOL result = FALSE;
LPBOOL lpbFirstRun, lpbIsCPUSupportedResult;
#ifdef _AMD64_
lpbFirstRun = (LPBOOL)(fpIsDeviceServiceable + offset00 + sizeof(uint32_t) + *(uint32_t *)(fpIsDeviceServiceable + offset00));
lpbIsCPUSupportedResult = (LPBOOL)(fpIsDeviceServiceable + offset01 + sizeof(uint32_t) + *(uint32_t *)(fpIsDeviceServiceable + offset01));
#elif defined(_X86_)
lpbFirstRun = (LPBOOL)(*(uintptr_t *)(fpIsDeviceServiceable + offset00));
lpbIsCPUSupportedResult = (LPBOOL)(*(uintptr_t *)(fpIsDeviceServiceable + offset01));
#endif
if (*lpbFirstRun) {
*lpbFirstRun = FALSE;
_tdbgprintf(_T("Unset first run var. (%p=%08x)"), lpbFirstRun, *lpbFirstRun);
result = TRUE;
}
if (!*lpbIsCPUSupportedResult) {
*lpbIsCPUSupportedResult = TRUE;
_tdbgprintf(_T("Set cached result. (%p=%08x)"), lpbIsCPUSupportedResult, *lpbIsCPUSupportedResult);
result = TRUE;
}
return result;
}
HMODULE WINAPI _LoadLibraryExA(
_In_ LPCSTR lpFileName,
_Reserved_ HANDLE hFile,
_In_ DWORD dwFlags
) {
HMODULE result = LoadLibraryExA(lpFileName, hFile, dwFlags);
if (result) {
_dbgprintf("Loaded %s.", lpFileName);
CHAR path[MAX_PATH + 1];
if (!get_svcdllA("wuauserv", path, _countof(path))) {
return result;
}
if (!_stricmp(lpFileName, path) && PatchWUAgentHMODULE(result)) {
_dbgprintf("Patched Windows Update module!");
}
}
return result;
}
HMODULE WINAPI _LoadLibraryExW(
_In_ LPCWSTR lpFileName,
_Reserved_ HANDLE hFile,
_In_ DWORD dwFlags
) {
HMODULE result = LoadLibraryExW(lpFileName, hFile, dwFlags);
if (result) {
_wdbgprintf(L"Loaded library: %s.", lpFileName);
WCHAR path[MAX_PATH + 1];
if (!get_svcdllW(L"wuauserv", path, _countof(path))) {
return result;
}
if (!_wcsicmp(lpFileName, path) && PatchWUAgentHMODULE(result)) {
_wdbgprintf(L"Patched Windows Update module!");
}
}
return result;
};

16
wufuc/core.h Normal file
View File

@@ -0,0 +1,16 @@
#pragma once
DWORD WINAPI NewThreadProc(LPVOID lpParam);
BOOL PatchWUAgentHMODULE(HMODULE hModule);
HMODULE WINAPI _LoadLibraryExA(
_In_ LPCSTR lpFileName,
_Reserved_ HANDLE hFile,
_In_ DWORD dwFlags
);
HMODULE WINAPI _LoadLibraryExW(
_In_ LPCWSTR lpFileName,
_Reserved_ HANDLE hFile,
_In_ DWORD dwFlags
);

25
wufuc/dllmain.c Normal file
View File

@@ -0,0 +1,25 @@
#include <Windows.h>
#include "core.h"
#include "util.h"
#include "shared.h"
BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved) {
switch (ul_reason_for_call) {
case DLL_PROCESS_ATTACH:
{
if (!IsOperatingSystemSupported(&g_IsWindows7, &g_IsWindows8Point1)) {
return FALSE;
}
DisableThreadLibraryCalls(hModule);
HANDLE hThread = CreateThread(NULL, 0, NewThreadProc, NULL, 0, NULL);
CloseHandle(hThread);
break;
}
case DLL_PROCESS_DETACH:
break;
default:
break;
}
return TRUE;
}

3
wufuc/exports.def Normal file
View File

@@ -0,0 +1,3 @@
EXPORTS
Rundll32Entry
Rundll32Unload

117
wufuc/patternfind.c Normal file
View File

@@ -0,0 +1,117 @@
#include <Windows.h>
#include "patternfind.h"
/* Ported to C from x64dbg's patternfind.cpp:
<https://github.com/x64dbg/x64dbg/blob/development/src/dbg/patternfind.cpp>
x64dbg license (GPL-3.0):
<https://github.com/x64dbg/x64dbg/blob/development/LICENSE> */
int hexchtoint(CHAR c) {
int result = -1;
if (c >= '0' && c <= '9') {
result = c - '0';
} else if (c >= 'A' && c <= 'F') {
result = c - 'A' + 10;
} else if (c >= 'a' && c <= 'f') {
result = c - 'a' + 10;
}
return result;
}
SIZE_T formathexpattern(LPCSTR patterntext, LPSTR formattext, SIZE_T formattextsize) {
SIZE_T len = strlen(patterntext);
SIZE_T result = 0;
for (SIZE_T i = 0; i < len && (!formattext || result < formattextsize); i++) {
if (patterntext[i] == '?' || hexchtoint(patterntext[i]) != -1) {
if (formattext) {
formattext[result] = patterntext[i];
}
result++;
}
}
return result;
}
BOOL patterntransform(LPCSTR patterntext, LPPATTERNBYTE pattern, SIZE_T *patternsize) {
SIZE_T cb = formathexpattern(patterntext, NULL, 0);
if (!cb || cb > *patternsize) {
return FALSE;
}
LPSTR formattext = calloc(cb, sizeof(CHAR));
cb = formathexpattern(patterntext, formattext, cb);
if (cb % 2) {
formattext[cb++] = '?';
}
formattext[cb] = '\0';
for (SIZE_T i = 0, j = 0, k = 0; i < cb; i++, j ^= 1, k = (i - j) >> 1) {
if (formattext[i] == '?') {
pattern[k].nibble[j].wildcard = TRUE;
} else {
pattern[k].nibble[j].wildcard = FALSE;
pattern[k].nibble[j].data = hexchtoint(formattext[i]) & 0xf;
}
}
free(formattext);
*patternsize = cb >> 1;
return TRUE;
}
SIZE_T patternfind(LPCBYTE data, SIZE_T datasize, SIZE_T startindex, LPCSTR pattern) {
SIZE_T result = -1;
SIZE_T searchpatternsize = strlen(pattern);
LPPATTERNBYTE searchpattern = calloc(searchpatternsize, sizeof(PATTERNBYTE));
if (patterntransform(pattern, searchpattern, &searchpatternsize)) {
for (SIZE_T i = startindex, j = 0; i < datasize; i++) //search for the pattern
{
if ((searchpattern[j].nibble[0].wildcard || searchpattern[j].nibble[0].data == ((data[i] >> 4) & 0xf))
&& (searchpattern[j].nibble[1].wildcard || searchpattern[j].nibble[1].data == (data[i] & 0xf))) { //check if our pattern matches the current byte
if (++j == searchpatternsize) { //everything matched
result = i - searchpatternsize + 1;
break;
}
} else if (j > 0) { //fix by Computer_Angel
i -= j;
j = 0; //reset current pattern position
}
}
}
return result;
}
VOID patternwritebyte(LPBYTE byte, LPPATTERNBYTE pbyte) {
BYTE n1 = (*byte >> 4) & 0xf;
BYTE n2 = *byte & 0xf;
if (!pbyte->nibble[0].wildcard) {
n1 = pbyte->nibble[0].data;
}
if (!pbyte->nibble[1].wildcard) {
n2 = pbyte->nibble[1].data;
}
*byte = ((n1 << 4) & 0xf0) | (n2 & 0xf);
}
VOID patternwrite(LPBYTE data, SIZE_T datasize, LPCSTR pattern) {
SIZE_T writepatternsize = strlen(pattern);
if (writepatternsize > datasize) {
writepatternsize = datasize;
}
LPPATTERNBYTE writepattern = calloc(writepatternsize, sizeof(PATTERNBYTE));
if (!patterntransform(pattern, writepattern, &writepatternsize)) {
return;
}
for (size_t i = 0; i < writepatternsize; i++) {
patternwritebyte(&data[i], &writepattern[i]);
}
}
SIZE_T patternsnr(LPBYTE data, SIZE_T datasize, SIZE_T startindex, LPCSTR searchpattern, LPCSTR replacepattern) {
SIZE_T result = patternfind(data, datasize, startindex, searchpattern);
if (result == -1)
return result;
patternwrite(data + result, datasize - result, replacepattern);
return result;
}

16
wufuc/patternfind.h Normal file
View File

@@ -0,0 +1,16 @@
#pragma once
typedef struct _PATTERNBYTE {
struct _PATTERNNIBBLE {
BYTE data;
BOOL wildcard;
} nibble[2];
} PATTERNBYTE, *PPATTERNBYTE, *LPPATTERNBYTE;
int hexchtoint(CHAR ch);
SIZE_T formathexpattern(LPCSTR patterntext, LPSTR formattext, SIZE_T formattextsize);
BOOL patterntransform(LPCSTR patterntext, LPPATTERNBYTE pattern, SIZE_T *patternsize);
SIZE_T patternfind(LPCBYTE data, SIZE_T datasize, SIZE_T startindex, LPCSTR pattern);
VOID patternwritebyte(LPBYTE byte, LPPATTERNBYTE pbyte);
VOID patternwrite(LPBYTE data, SIZE_T datasize, LPCSTR pattern);
SIZE_T patternsnr(LPBYTE data, SIZE_T datasize, SIZE_T startindex, LPCSTR searchpattern, LPCSTR replacepattern);

70
wufuc/rundll32.c Normal file
View File

@@ -0,0 +1,70 @@
#include <Windows.h>
#include <TlHelp32.h>
#include <tchar.h>
#include "service.h"
#include "util.h"
#include "shared.h"
void CALLBACK Rundll32Entry(HWND hwnd, HINSTANCE hinst, LPSTR lpszCmdLine, int nCmdShow) {
if (!g_IsWindows7 && !g_IsWindows8Point1) {
return;
}
HANDLE hEvent = OpenEvent(SYNCHRONIZE, FALSE, _T("Global\\wufuc_UnloadEvent"));
if (hEvent) {
CloseHandle(hEvent);
return;
}
SC_HANDLE hSCManager = OpenSCManager(NULL, SERVICES_ACTIVE_DATABASE, SC_MANAGER_CONNECT);
if (!hSCManager) {
return;
}
TCHAR lpGroupName[256];
DWORD dwProcessId;
BOOL result = get_svcpid(hSCManager, _T("wuauserv"), &dwProcessId);
if (!result && get_svcgname(hSCManager, _T("wuauserv"), lpGroupName, _countof(lpGroupName))) {
result = get_svcgpid(hSCManager, lpGroupName, &dwProcessId);
}
CloseServiceHandle(hSCManager);
if (!result) {
return;
}
TCHAR lpLibFileName[MAX_PATH + 1];
GetModuleFileName(HINST_THISCOMPONENT, lpLibFileName, _countof(lpLibFileName));
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwProcessId);
if (!hProcess) {
return;
}
LPVOID lpBaseAddress = VirtualAllocEx(hProcess, NULL, _countof(lpLibFileName) + 1, MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
if (lpBaseAddress && WriteProcessMemory(hProcess, lpBaseAddress, lpLibFileName, _countof(lpLibFileName), NULL)) {
HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwProcessId);
if (hSnap) {
MODULEENTRY32 me;
me.dwSize = sizeof(me);
if (Module32First(hSnap, &me)) {
do {
if (!_tcsicmp(me.szModule, _T("kernel32.dll"))) {
break;
}
} while (Module32Next(hSnap, &me));
HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)GetProcAddress(me.hModule, STRINGIZE(LoadLibrary)), lpBaseAddress, 0, NULL);
CloseHandle(hThread);
}
CloseHandle(hSnap);
}
}
CloseHandle(hProcess);
}
void CALLBACK Rundll32Unload(HWND hwnd, HINSTANCE hinst, LPSTR lpszCmdLine, int nCmdShow) {
HANDLE hEvent = OpenEvent(EVENT_MODIFY_STATE, FALSE, _T("Global\\wufuc_UnloadEvent"));
if (hEvent) {
_tdbgprintf(_T("Setting unload event..."));
SetEvent(hEvent);
CloseHandle(hEvent);
}
}

120
wufuc/service.c Normal file
View File

@@ -0,0 +1,120 @@
#include <windows.h>
#include <stdio.h>
#include <tchar.h>
#include "util.h"
#include "shellapihelper.h"
#include "service.h"
BOOL get_svcdllA(LPCSTR lpServiceName, LPSTR lpServiceDll, DWORD dwSize) {
CHAR lpSubKey[MAX_PATH + 1];
sprintf_s(lpSubKey, _countof(lpSubKey), "SYSTEM\\CurrentControlSet\\services\\%s\\Parameters", lpServiceName);
DWORD uBytes = _MAX_PATH + 1;
LPBYTE pvData = malloc(uBytes);
RegGetValueA(HKEY_LOCAL_MACHINE, lpSubKey, "ServiceDll", RRF_RT_REG_EXPAND_SZ | RRF_NOEXPAND, NULL, pvData, &uBytes);
ExpandEnvironmentStringsA((LPSTR)pvData, lpServiceDll, dwSize);
return TRUE;
}
BOOL get_svcdllW(LPCWSTR lpServiceName, LPWSTR lpServiceDll, DWORD dwSize) {
WCHAR lpSubKey[MAX_PATH + 1];
swprintf_s(lpSubKey, _countof(lpSubKey), L"SYSTEM\\CurrentControlSet\\services\\%s\\Parameters", lpServiceName);
DWORD uBytes = _MAX_PATH + 1;
LPBYTE pvData = malloc(uBytes);
RegGetValueW(HKEY_LOCAL_MACHINE, lpSubKey, L"ServiceDll", RRF_RT_REG_EXPAND_SZ | RRF_NOEXPAND, NULL, pvData, &uBytes);
ExpandEnvironmentStringsW((LPWSTR)pvData, lpServiceDll, dwSize);
return TRUE;
}
BOOL get_svcpid(SC_HANDLE hSCManager, LPCTSTR lpServiceName, DWORD *lpdwProcessId) {
SC_HANDLE hService = OpenService(hSCManager, lpServiceName, SERVICE_QUERY_STATUS);
if (!hService) {
return FALSE;
}
SERVICE_STATUS_PROCESS lpBuffer;
DWORD cbBytesNeeded;
BOOL result = FALSE;
if (QueryServiceStatusEx(hService, SC_STATUS_PROCESS_INFO, (LPBYTE)&lpBuffer, sizeof(lpBuffer), &cbBytesNeeded)
&& lpBuffer.dwProcessId) {
*lpdwProcessId = lpBuffer.dwProcessId;
_tdbgprintf(_T("Got pid for service %s: %d."), lpServiceName, *lpdwProcessId);
result = TRUE;
}
CloseServiceHandle(hService);
return result;
}
BOOL get_svcgname(SC_HANDLE hSCManager, LPCTSTR lpServiceName, LPTSTR lpGroupName, SIZE_T dwSize) {
TCHAR lpBinaryPathName[0x8000];
if (!get_svcpath(hSCManager, lpServiceName, lpBinaryPathName, _countof(lpBinaryPathName))) {
return FALSE;
}
int numArgs;
LPWSTR *argv = CommandLineToArgv(lpBinaryPathName, &numArgs);
if (numArgs < 3) {
return FALSE;
}
TCHAR fname[_MAX_FNAME];
_tsplitpath_s(argv[0], NULL, 0, NULL, 0, fname, _countof(fname), NULL, 0);
BOOL result = FALSE;
if (!_tcsicmp(fname, _T("svchost"))) {
LPWSTR *p = argv;
for (int i = 1; i < numArgs; i++) {
if (!_tcsicmp(*(p++), _T("-k")) && !_tcscpy_s(lpGroupName, dwSize, *p)) {
result = TRUE;
_tdbgprintf(_T("Got group name of service %s: %s."), lpServiceName, lpGroupName);
break;
}
}
}
return result;
}
BOOL get_svcpath(SC_HANDLE hSCManager, LPCTSTR lpServiceName, LPTSTR lpBinaryPathName, SIZE_T dwSize) {
HANDLE hService = OpenService(hSCManager, lpServiceName, SERVICE_QUERY_CONFIG);
if (!hService) {
return FALSE;
}
DWORD cbBytesNeeded;
BOOL result = FALSE;
if (!QueryServiceConfig(hService, NULL, 0, &cbBytesNeeded) && GetLastError() == ERROR_INSUFFICIENT_BUFFER) {
LPQUERY_SERVICE_CONFIG sc = malloc(cbBytesNeeded);
if (QueryServiceConfig(hService, sc, cbBytesNeeded, &cbBytesNeeded) && !_tcscpy_s(lpBinaryPathName, dwSize, sc->lpBinaryPathName)) {
result = TRUE;
}
free(sc);
}
CloseServiceHandle(hService);
return result;
}
BOOL get_svcgpid(SC_HANDLE hSCManager, LPTSTR lpServiceGroupName, DWORD *lpdwProcessId) {
DWORD uBytes = 0x100000;
LPBYTE pvData = malloc(uBytes);
RegGetValue(HKEY_LOCAL_MACHINE, _T("SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Svchost"),
lpServiceGroupName, RRF_RT_REG_MULTI_SZ, NULL, pvData, &uBytes);
BOOL result = FALSE;
for (LPTSTR p = (LPTSTR)pvData; *p; p += _tcslen(p) + 1) {
DWORD dwProcessId;
TCHAR group[256];
if (get_svcpid(hSCManager, p, &dwProcessId)
&& (get_svcgname(hSCManager, p, group, _countof(group)) && !_tcsicmp(group, lpServiceGroupName))) {
*lpdwProcessId = dwProcessId;
result = TRUE;
_tdbgprintf(_T("Got pid for service group %s: %d."), lpServiceGroupName, *lpdwProcessId);
break;
}
}
free(pvData);
return result;
}

15
wufuc/service.h Normal file
View File

@@ -0,0 +1,15 @@
#pragma once
BOOL get_svcdllA(LPCSTR lpServiceName, LPSTR lpServiceDll, DWORD dwSize);
BOOL get_svcdllW(LPCWSTR lpServiceName, LPWSTR lpServiceDll, DWORD dwSize);
BOOL get_svcpid(SC_HANDLE hSCManager, LPCTSTR lpServiceName, DWORD *lpdwProcessId);
BOOL get_svcgname(SC_HANDLE hSCManager, LPCTSTR lpServiceName, LPTSTR lpGroupName, SIZE_T dwSize);
BOOL get_svcpath(SC_HANDLE hSCManager, LPCTSTR lpServiceName, LPTSTR lpBinaryPathName, SIZE_T dwSize);
BOOL get_svcgpid(SC_HANDLE hSCManager, LPTSTR lpServiceGroupName, DWORD *lpdwProcessId);
#ifdef UNICODE
#define get_svcdll get_svcdllW
#else
#define get_svcdll get_svcdllA
#endif

4
wufuc/shared.c Normal file
View File

@@ -0,0 +1,4 @@
#include <Windows.h>
BOOL g_IsWindows7 = FALSE;
BOOL g_IsWindows8Point1 = FALSE;

4
wufuc/shared.h Normal file
View File

@@ -0,0 +1,4 @@
#pragma once
extern BOOL g_IsWindows7;
extern BOOL g_IsWindows8Point1;

7
wufuc/shellapihelper.h Normal file
View File

@@ -0,0 +1,7 @@
#pragma once
#ifdef UNICODE
#define CommandLineToArgv CommandLineToArgvW
#else
#define CommandLineToArgv CommandLineToArgvA
#endif // !UNICODE

115
wufuc/util.c Normal file
View File

@@ -0,0 +1,115 @@
#include <Windows.h>
#include <stdio.h>
#include <tchar.h>
#include <TlHelp32.h>
#include "util.h"
#include "shared.h"
LPVOID *FindIAT(HMODULE hModule, LPSTR lpFunctionName) {
uintptr_t hm = (uintptr_t)hModule;
for (PIMAGE_IMPORT_DESCRIPTOR iid = (PIMAGE_IMPORT_DESCRIPTOR)(hm + ((PIMAGE_NT_HEADERS)(hm + ((PIMAGE_DOS_HEADER)hm)->e_lfanew))
->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress); iid->Name; iid++) {
LPVOID *p;
for (SIZE_T i = 0; *(p = i + (LPVOID *)(hm + iid->FirstThunk)); i++) {
LPSTR fn = (LPSTR)(hm + *(i + (SIZE_T *)(hm + iid->OriginalFirstThunk)) + 2);
if (!((uintptr_t)fn & IMAGE_ORDINAL_FLAG) && !_stricmp(lpFunctionName, fn)) {
return p;
}
}
}
return NULL;
}
VOID DetourIAT(HMODULE hModule, LPSTR lpFuncName, LPVOID *lpOldAddress, LPVOID lpNewAddress) {
LPVOID *lpAddress = FindIAT(hModule, lpFuncName);
if (!lpAddress || *lpAddress == lpNewAddress) {
return;
}
DWORD flOldProtect;
DWORD flNewProtect = PAGE_READWRITE;
VirtualProtect(lpAddress, sizeof(LPVOID), flNewProtect, &flOldProtect);
if (lpOldAddress) {
*lpOldAddress = *lpAddress;
}
_dbgprintf("Detoured %s from %p to %p.", lpFuncName, *lpAddress, lpNewAddress);
*lpAddress = lpNewAddress;
VirtualProtect(lpAddress, sizeof(LPVOID), flOldProtect, &flNewProtect);
}
VOID SuspendProcessThreads(DWORD dwProcessId, DWORD dwThreadId, HANDLE *lphThreads, SIZE_T dwSize, SIZE_T *lpcb) {
HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
THREADENTRY32 te;
te.dwSize = sizeof(te);
Thread32First(hSnap, &te);
SIZE_T count = 0;
do {
if (te.th32OwnerProcessID != dwProcessId || te.th32ThreadID == dwThreadId) {
continue;
}
lphThreads[count] = OpenThread(THREAD_SUSPEND_RESUME, FALSE, te.th32ThreadID);
SuspendThread(lphThreads[count]);
count++;
} while (count < dwSize && Thread32Next(hSnap, &te));
CloseHandle(hSnap);
*lpcb = count;
_tdbgprintf(_T("Suspended %d other threads."), count);
}
VOID ResumeAndCloseThreads(HANDLE *lphThreads, SIZE_T cb) {
for (SIZE_T i = 0; i < cb; i++) {
ResumeThread(lphThreads[i]);
CloseHandle(lphThreads[i]);
}
_tdbgprintf(_T("Resumed %d other threads."), cb);
}
BOOL CompareWindowsVersion(BYTE Operator, DWORD dwMajorVersion, DWORD dwMinorVersion, WORD wServicePackMajor, WORD wServicePackMinor, DWORD dwTypeMask) {
OSVERSIONINFOEX osvi;
ZeroMemory(&osvi, sizeof(OSVERSIONINFOEX));
osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFOEX);
osvi.dwMajorVersion = dwMajorVersion;
osvi.dwMinorVersion = dwMinorVersion;
osvi.wServicePackMajor = wServicePackMajor;
osvi.wServicePackMinor = wServicePackMinor;
DWORDLONG dwlConditionMask = 0;
VER_SET_CONDITION(dwlConditionMask, VER_MAJORVERSION, Operator);
VER_SET_CONDITION(dwlConditionMask, VER_MINORVERSION, Operator);
VER_SET_CONDITION(dwlConditionMask, VER_SERVICEPACKMAJOR, Operator);
VER_SET_CONDITION(dwlConditionMask, VER_SERVICEPACKMINOR, Operator);
return VerifyVersionInfo(&osvi, dwTypeMask, dwlConditionMask);
}
BOOL IsOperatingSystemSupported(LPBOOL lpbIsWindows7, LPBOOL lpbIsWindows8Point1) {
#if !defined(_AMD64_) && !defined(_X86_)
return FALSE;
#else
return (*lpbIsWindows7 = CompareWindowsVersion(VER_EQUAL, 6, 1, 0, 0, VER_MAJORVERSION | VER_MINORVERSION))
|| (*lpbIsWindows8Point1 = CompareWindowsVersion(VER_EQUAL, 6, 3, 0, 0, VER_MAJORVERSION | VER_MINORVERSION));
#endif
}
VOID wdbgprintf(LPCWSTR format, ...) {
WCHAR buffer[0x1000];
va_list argptr;
va_start(argptr, format);
vswprintf_s(buffer, _countof(buffer), format, argptr);
va_end(argptr);
OutputDebugStringW(buffer);
}
VOID dbgprintf(LPCSTR format, ...) {
CHAR buffer[0x1000];
va_list argptr;
va_start(argptr, format);
vsprintf_s(buffer, _countof(buffer), format, argptr);
va_end(argptr);
OutputDebugStringA(buffer);
}

37
wufuc/util.h Normal file
View File

@@ -0,0 +1,37 @@
#pragma once
EXTERN_C IMAGE_DOS_HEADER __ImageBase;
#define HINST_THISCOMPONENT ((HINSTANCE)&__ImageBase)
LPVOID *FindIAT(HMODULE hModule, LPSTR lpFuncName);
VOID DetourIAT(HMODULE hModule, LPSTR lpFuncName, LPVOID *lpOldAddress, LPVOID lpNewAddress);
VOID SuspendProcessThreads(DWORD dwProcessId, DWORD dwThreadId, HANDLE *lphThreads, SIZE_T dwSize, SIZE_T *lpcb);
VOID ResumeAndCloseThreads(HANDLE *lphThreads, SIZE_T dwSize);
BOOL CompareWindowsVersion(BYTE Operator, DWORD dwMajorVersion, DWORD dwMinorVersion, WORD wServicePackMajor, WORD wServicePackMinor, DWORD dwTypeMask);
BOOL IsOperatingSystemSupported(LPBOOL lpbIsWindows7, LPBOOL lpbIsWindows8Point1);
VOID wdbgprintf(LPCWSTR format, ...);
VOID dbgprintf(LPCSTR format, ...);
#define DETOUR_IAT(x, y) \
LPVOID _LPORIGINAL##y; \
DetourIAT(x, #y, &_LPORIGINAL##y, &_##y)
#define RESTORE_IAT(x, y) \
DetourIAT(x, #y, NULL, _LPORIGINAL##y)
#define STRINGIZEW_(x) L#x
#define STRINGIZEW(x) STRINGIZEW_(x)
#define __LINEWSTR__ STRINGIZEW(__LINE__)
#define _wdbgprintf(format, ...) wdbgprintf(__FILEW__ L"(" __LINEWSTR__ L"): " format, ##__VA_ARGS__)
#define STRINGIZE_(x) #x
#define STRINGIZE(x) STRINGIZE_(x)
#define __LINESTR__ STRINGIZE(__LINE__)
#define _dbgprintf(format, ...) dbgprintf(__FILE__ "(" __LINESTR__ "): " format, ##__VA_ARGS__)
#ifdef UNICODE
#define _tdbgprintf _wdbgprintf
#else
#define _tdbgprintf _dbgprintf
#endif // !UNICODE

BIN
wufuc/version.rc Normal file
View File

Binary file not shown.

201
wufuc/wufuc.vcxproj Normal file
View File

@@ -0,0 +1,201 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Debug|Win32">
<Configuration>Debug</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Debug|x64">
<Configuration>Debug</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|x64">
<Configuration>Release</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
</ItemGroup>
<PropertyGroup Label="Globals">
<VCProjectVersion>15.0</VCProjectVersion>
<ProjectGuid>{00F96695-CE41-4C2F-A344-6219DFB4F887}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
<RootNamespace>wufuc</RootNamespace>
<WindowsTargetPlatformVersion>10.0.15063.0</WindowsTargetPlatformVersion>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<ConfigurationType>DynamicLibrary</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<ConfigurationType>DynamicLibrary</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
<ConfigurationType>DynamicLibrary</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>DynamicLibrary</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v141</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
</ImportGroup>
<ImportGroup Label="Shared">
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<PropertyGroup Label="UserMacros" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<LinkIncremental>true</LinkIncremental>
<OutDir>$(ProjectDir)bin\$(Configuration)\$(PlatformShortName)\</OutDir>
<IntDir>$(ProjectDir)$(BaseIntermediateOutputPath)$(Configuration)\$(PlatformShortName)\</IntDir>
<TargetName>$(ProjectName)$(PlatformArchitecture)</TargetName>
<GenerateManifest>false</GenerateManifest>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<LinkIncremental>true</LinkIncremental>
<OutDir>$(ProjectDir)bin\$(Configuration)\$(PlatformShortName)\</OutDir>
<IntDir>$(ProjectDir)$(BaseIntermediateOutputPath)$(Configuration)\$(PlatformShortName)\</IntDir>
<TargetName>$(ProjectName)$(PlatformArchitecture)</TargetName>
<GenerateManifest>false</GenerateManifest>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<LinkIncremental>false</LinkIncremental>
<OutDir>$(ProjectDir)bin\$(Configuration)\$(PlatformShortName)\</OutDir>
<IntDir>$(ProjectDir)$(BaseIntermediateOutputPath)$(Configuration)\$(PlatformShortName)\</IntDir>
<TargetName>$(ProjectName)$(PlatformArchitecture)</TargetName>
<GenerateManifest>false</GenerateManifest>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<LinkIncremental>false</LinkIncremental>
<OutDir>$(ProjectDir)bin\$(Configuration)\$(PlatformShortName)\</OutDir>
<IntDir>$(ProjectDir)$(BaseIntermediateOutputPath)$(Configuration)\$(PlatformShortName)\</IntDir>
<TargetName>$(ProjectName)$(PlatformArchitecture)</TargetName>
<GenerateManifest>false</GenerateManifest>
</PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<ClCompile>
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;_USRDLL;WUFUC_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
<ModuleDefinitionFile>exports.def</ModuleDefinitionFile>
<AdditionalDependencies>Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<ClCompile>
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>_DEBUG;_WINDOWS;_USRDLL;WUFUC_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
<ModuleDefinitionFile>exports.def</ModuleDefinitionFile>
<AdditionalDependencies>Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<ClCompile>
<WarningLevel>Level3</WarningLevel>
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;WUFUC_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
</ClCompile>
<ResourceCompile Condition="'$(APPVEYOR)'=='True'">
<PreprocessorDefinitions>BUILD_VERSION=$(BUILD_VERSION);BUILD_VERSION_COMMA_SEP=$(BUILD_VERSION_COMMA_SEP);$(PreprocessorDefinitions)</PreprocessorDefinitions>
</ResourceCompile>
<Link>
<SubSystem>Windows</SubSystem>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<ModuleDefinitionFile>exports.def</ModuleDefinitionFile>
<GenerateDebugInformation>false</GenerateDebugInformation>
<AdditionalDependencies>Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
<PostBuildEvent>
<Command>copy /Y "$(TargetPath)" "$(SolutionDir)install\$(TargetFileName)"</Command>
</PostBuildEvent>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<ClCompile>
<WarningLevel>Level3</WarningLevel>
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>NDEBUG;_WINDOWS;_USRDLL;WUFUC_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
</ClCompile>
<ResourceCompile Condition="'$(APPVEYOR)'=='True'">
<PreprocessorDefinitions>BUILD_VERSION=$(BUILD_VERSION);BUILD_VERSION_COMMA_SEP=$(BUILD_VERSION_COMMA_SEP);$(PreprocessorDefinitions)</PreprocessorDefinitions>
</ResourceCompile>
<Link>
<SubSystem>Windows</SubSystem>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<ModuleDefinitionFile>exports.def</ModuleDefinitionFile>
<GenerateDebugInformation>false</GenerateDebugInformation>
<AdditionalDependencies>Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
<PostBuildEvent>
<Command>copy /Y "$(TargetPath)" "$(SolutionDir)install\$(TargetFileName)"</Command>
</PostBuildEvent>
</ItemDefinitionGroup>
<ItemGroup>
<ClCompile Include="core.c" />
<ClCompile Include="dllmain.c" />
<ClCompile Include="patternfind.c" />
<ClCompile Include="rundll32.c" />
<ClCompile Include="service.c" />
<ClCompile Include="shared.c" />
<ClCompile Include="util.c" />
</ItemGroup>
<ItemGroup>
<None Include="exports.def" />
</ItemGroup>
<ItemGroup>
<ClInclude Include="core.h" />
<ClInclude Include="shared.h" />
<ClInclude Include="patternfind.h" />
<ClInclude Include="service.h" />
<ClInclude Include="shellapihelper.h" />
<ClInclude Include="util.h" />
</ItemGroup>
<ItemGroup>
<ResourceCompile Include="version.rc" />
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
</ImportGroup>
</Project>