Add debugview_helper.bat, update README.md

This reverts commit d1ddef5392.

.gitignore

@@ -1,4 +1,252 @@
-*.exe
+## Ignore Visual Studio temporary files, build results, and
-*.rar
+## files generated by popular Visual Studio add-ons.
-*.zip
+
-patch_scripts/*/COPYING.txt
+# User-specific files
+*.suo
+*.user
+*.userosscache
+*.sln.docstates
+
+# User-specific files (MonoDevelop/Xamarin Studio)
+*.userprefs
+
+# Build results
+[Dd]ebug/
+[Dd]ebugPublic/
+[Rr]elease/
+[Rr]eleases/
+x64/
+x86/
+bld/
+[Bb]in/
+[Oo]bj/
+[Ll]og/
+
+# Visual Studio 2015 cache/options directory
+.vs/
+# Uncomment if you have tasks that create the project's static files in wwwroot
+#wwwroot/
+
+# MSTest test Results
+[Tt]est[Rr]esult*/
+[Bb]uild[Ll]og.*
+
+# NUNIT
+*.VisualState.xml
+TestResult.xml
+
+# Build Results of an ATL Project
+[Dd]ebugPS/
+[Rr]eleasePS/
+dlldata.c
+
+# DNX
+project.lock.json
+artifacts/
+
+*_i.c
+*_p.c
+*_i.h
+*.ilk
+*.meta
+*.obj
+*.pch
+*.pdb
+*.pgc
+*.pgd
+*.rsp
+*.sbr
+*.tlb
+*.tli
+*.tlh
+*.tmp
+*.tmp_proj
+*.log
+*.vspscc
+*.vssscc
+.builds
+*.pidb
+*.svclog
+*.scc
+
+# Chutzpah Test files
+_Chutzpah*
+
+# Visual C++ cache files
+ipch/
+*.aps
+*.ncb
+*.opendb
+*.opensdf
+*.sdf
+*.cachefile
+*.VC.db
+*.VC.VC.opendb
+
+# Visual Studio profiler
+*.psess
+*.vsp
+*.vspx
+*.sap
+
+# TFS 2012 Local Workspace
+$tf/
+
+# Guidance Automation Toolkit
+*.gpState
+
+# ReSharper is a .NET coding add-in
+_ReSharper*/
+*.[Rr]e[Ss]harper
+*.DotSettings.user
+
+# JustCode is a .NET coding add-in
+.JustCode
+
+# TeamCity is a build add-in
+_TeamCity*
+
+# DotCover is a Code Coverage Tool
+*.dotCover
+
+# NCrunch
+_NCrunch_*
+.*crunch*.local.xml
+nCrunchTemp_*
+
+# MightyMoose
+*.mm.*
+AutoTest.Net/
+
+# Web workbench (sass)
+.sass-cache/
+
+# Installshield output folder
+[Ee]xpress/
+
+# DocProject is a documentation generator add-in
+DocProject/buildhelp/
+DocProject/Help/*.HxT
+DocProject/Help/*.HxC
+DocProject/Help/*.hhc
+DocProject/Help/*.hhk
+DocProject/Help/*.hhp
+DocProject/Help/Html2
+DocProject/Help/html
+
+# Click-Once directory
+publish/
+
+# Publish Web Output
+*.[Pp]ublish.xml
+*.azurePubxml
+# TODO: Comment the next line if you want to checkin your web deploy settings
+# but database connection strings (with potential passwords) will be unencrypted
+*.pubxml
+*.publishproj
+
+# Microsoft Azure Web App publish settings. Comment the next line if you want to
+# checkin your Azure Web App publish settings, but sensitive information contained
+# in these scripts will be unencrypted
+PublishScripts/
+
+# NuGet Packages
+*.nupkg
+# The packages folder can be ignored because of Package Restore
+**/packages/*
+# except build/, which is used as an MSBuild target.
+!**/packages/build/
+# Uncomment if necessary however generally it will be regenerated when needed
+#!**/packages/repositories.config
+# NuGet v3's project.json files produces more ignoreable files
+*.nuget.props
+*.nuget.targets
+
+# Microsoft Azure Build Output
+csx/
+*.build.csdef
+
+# Microsoft Azure Emulator
+ecf/
+rcf/
+
+# Windows Store app package directories and files
+AppPackages/
+BundleArtifacts/
+Package.StoreAssociation.xml
+_pkginfo.txt
+
+# Visual Studio cache files
+# files ending in .cache can be ignored
+*.[Cc]ache
+# but keep track of directories ending in .cache
+!*.[Cc]ache/
+
+# Others
+ClientBin/
+~$*
+*~
+*.dbmdl
+*.dbproj.schemaview
+*.pfx
+*.publishsettings
+node_modules/
+orleans.codegen.cs
+
+# Since there are multiple workflows, uncomment next line to ignore bower_components
+# (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
+#bower_components/
+
+# RIA/Silverlight projects
+Generated_Code/
+
+# Backup & report files from converting an old project file
+# to a newer Visual Studio version. Backup files are not needed,
+# because we have git ;-)
+_UpgradeReport_Files/
+Backup*/
+UpgradeLog*.XML
+UpgradeLog*.htm
+
+# SQL Server files
+*.mdf
+*.ldf
+
+# Business Intelligence projects
+*.rdl.data
+*.bim.layout
+*.bim_*.settings
+
+# Microsoft Fakes
+FakesAssemblies/
+
+# GhostDoc plugin setting file
+*.GhostDoc.xml
+
+# Node.js Tools for Visual Studio
+.ntvs_analysis.dat
+
+# Visual Studio 6 build log
+*.plg
+
+# Visual Studio 6 workspace options file
+*.opt
+
+# Visual Studio LightSwitch build output
+**/*.HTMLClient/GeneratedArtifacts
+**/*.DesktopClient/GeneratedArtifacts
+**/*.DesktopClient/ModelManifest.xml
+**/*.Server/GeneratedArtifacts
+**/*.Server/ModelManifest.xml
+_Pvt_Extensions
+
+# Paket dependency manager
+.paket/paket.exe
+paket-files/
+
+# FAKE - F# Make
+.fake/
+
+# JetBrains Rider
+.idea/
+*.sln.iml

README.md

@@ -1,102 +1,90 @@
-### [Click here if you are looking for the latest patch files!](https://github.com/zeffy/kb4012218-19/releases/latest)  [<img src="https://img.shields.io/github/downloads/zeffy/kb4012218-19/total.svg"/>](https://github.com/zeffy/kb4012218-19/releases/latest)
+# wufuc [![](https://img.shields.io/badge/formerly-kb4012218--19-blue.svg)](../../tree/old-kb4012218-19 "formerly kb4012218-19") [![](https://ci.appveyor.com/api/projects/status/0s2unkpokttyslf0?svg=true)](https://ci.appveyor.com/project/zeffy/wufuc "AppVeyor build status")
 
----
+<a href='https://pledgie.com/campaigns/34055'><img alt='Click here to lend your support to: wufuc - Help support development and make a donation at pledgie.com !' src='https://pledgie.com/campaigns/34055.png?skin_name=chrome' border='0' ></a>
 
-### [Click here for a list of Windows updates supported by this patch](docs/Patch_Offsets.md)
+Disables the "Unsupported Hardware" message in Windows Update, and allows you to continue installing updates on Windows 7 and 8.1 systems with Intel Kaby Lake, AMD Ryzen, or other unsupported processors.
 
----
+## Downloads [![](https://img.shields.io/github/downloads/zeffy/wufuc/total.svg)](../../releases "Total downloads")
+
+### You can get the latest stable version [here](../../releases/latest)!
+
+If you are feeling brave, you can try the latest unstable builds [here](https://ci.appveyor.com/project/zeffy/wufuc). **Use these at your own risk!**
+
+## Reporting an issue [![](https://isitmaintained.com/badge/resolution/zeffy/wufuc.svg)](https://isitmaintained.com/project/zeffy/wufuc "Average time to resolve an issue")
+
+#### Before you create an issue, please make sure of the following:
+
+- Are you using the latest version?
+- If you previously used the old batchfile patches, did you revert it by running `repair_wuaueng.dll.bat`?
+- Have you tried restarting your computer?
+
+There isn't really a way for wufuc to directly interact with your desktop, because it runs outside the context of a normal user session. Therefore you must first download and run another program called [DebugView](https://technet.microsoft.com/en-us/sysinternals/debugview.aspx) (from Microsoft) to display wufuc's debug messages. These logs are absolutely crucial if you want me to be able to resolve your issue as quickly as possible, so please include them if you can.
+
+#### The best way to get a log of the entire life-cycle of wufuc is to do the following:
+
+1. Start `Dbgview.exe` as administrator and check `Capture -> Capture Global Win32`.
+2. Restart wufuc and `wuauserv` by running `debugview_helper.bat` as administrator.
+3. Output will be shown in DebugView, copy/paste this text into your issue.
+
+#### Other helpful information to include when reporting issues:
+
+- What happened? What did you expect to happen instead?
+- What build are you using? Stable release or unstable AppVeyor builds?
+- What version of Windows are you using? Windows 7 or 8.1? x64 or x86?
+- Were there any errors reporting during installation? What were they?
+- What is the file version or SHA-1 hash of `C:\Windows\System32\wuaueng.dll`?
+- Any other information you feel is relevant to your issue.
 
 ## Preface
 
-After reading [this article on gHacks](https://www.ghacks.net/2017/03/22/kb4012218-kb4012219-windows-update-processor-generation-detection/), I was inspired to look into these new rollup updates that Microsoft released on March 16. Among other things, the changelog mentions the following:
+The changelog for Windows updates KB4012218 and KB4012219 included the following:
 
 > Enabled detection of processor generation and hardware support when PC tries to scan or download updates through Windows Update.
 
-This update marked the implementation of a [policy change](https://blogs.windows.com/windowsexperience/2016/01/15/windows-10-embracing-silicon-innovation/) they announced some time ago, where Microsoft stated that they would not be supporting Windows 7 or 8.1 on next-gen Intel, AMD and Qualcomm processors. 
+These updates marked the implementation of a [policy change](https://blogs.windows.com/windowsexperience/2016/01/15/windows-10-embracing-silicon-innovation/) they announced some time ago, where Microsoft stated that they would not be supporting Windows 7 or 8.1 on next-gen Intel, AMD and Qualcomm processors. 
 
-That is essentially a giant middle finger to anyone who dare not "upgrade" to the steaming pile of garbage known as Windows 10. Especially considering the extended support periods for Windows 7 and 8.1 still have a few years left, and will be ending on January 4, 2020 and January 10, 2023 respectively.
+It was essentially a big middle finger to anyone who decides to not "upgrade" to the steaming pile of :poop: known as Windows 10. Especially considering the extended support periods for Windows 7 and 8.1 won't be ending until January 4, 2020 and January 10, 2023 respectively.
 
-There have even been people with older Intel and AMD systems who have been locked out of Windows Update because of these updates (see [#7](/../../issues/7) and [this](https://answers.microsoft.com/en-us/windows/forum/windows8_1-update/amd-carrizo-ddr4-unsupported-hardware-message-on/f3fb2326-f413-41c9-a24b-7c14e6d51b0c?tab=question&status=AllReplies)).
+There have even been people with older Intel and AMD systems who have been locked out of Windows Update because of these updates (see [#7](../../issues/7) and [this](https://answers.microsoft.com/en-us/windows/forum/windows8_1-update/amd-carrizo-ddr4-unsupported-hardware-message-on/f3fb2326-f413-41c9-a24b-7c14e6d51b0c?tab=question&status=AllReplies)).
 
 ## Bad Microsoft!
 
-I started by downloading the update package for my system (in my case, it was `windows6.1-kb4012218-x64_590943c04550a47c1ed02d3a040d325456f03663.msu`)
+If you are interested, you can read my original write up on discovering the CPU check [here](../../tree/old-kb4012218-19).
 
-I extracted it using the command line `expand` tool:
+Basically, inside a file called `wuaueng.dll` there are two functions: [`IsDeviceServiceable(void)`](https://gist.github.com/zeffy/e5ec266952932bc905eb0cbc6ed72185) and [`IsCPUSupported(void)`](https://gist.github.com/zeffy/1a8f8984d2bec97ae24af63a76278694). `IsDeviceServiceable(void)` is essentially a wrapper around `IsCPUSupported(void)` that caches the result it recieves and recycles it on subsequent calls. 
 
-```bat
+My patch takes advantage of this result caching behavior by setting the "hasn't run once" value to `FALSE` and the cached result to `TRUE`.
-md "windows6.1-kb4012218-x64"
-expand -f:* ".\windows6.1-kb4012218-x64_590943c04550a47c1ed02d3a040d325456f03663.msu" ".\windows6.1-kb4012218-x64"
-cd ".\windows6.1-kb4012218-x64"
-md "Windows6.1-KB4012218-x64"
-expand -f:* ".\Windows6.1-KB4012218-x64.cab" ".\Windows6.1-KB4012218-x64"
-```
 
-Great, now there's thousands of files to sort through! Just kidding. Sort of. Maybe. :thinking:
+## How it works
 
-I ended up using PowerShell to sort through and filter out all the binaries that weren't related to Windows Update, like so:
+- At system boot the wufuc scheduled task runs as the `NT AUTHORITY\SYSTEM` user.
+- `wufuc` determines what service host group process the Windows Update service runs in (typically `netsvcs`), and injects itself into it.
+- Once injected, it applies a hook to `LoadLibraryEx` that automatically patches `wuaueng.dll` when it is loaded.
+- Any previously loaded `wuaueng.dll` is also patched.
 
-```powershell
+### Several improvements over my batchfile method:
-Get-ChildItem -Filter "wu*" -Exclude "*.mui" -Recurse | ForEach-Object { $_.FullName }
-```
 
-That narrowed it down to 14 files, excellent!
+- **No system files are modified!**
+- Heuristic-based patching, which means it will usually keep working even after new updates come out.		
+- C is best language.		
+- No external dependencies.
 
-Next, I started comparing these binaries with the ones already on my system with [BinDiff] and [Diaphora]. I eventually got to `wuaueng.dll`, which turned up quite a few interesting new functions:
+## Q & A
 
-EA | Name | Basicblock | Instructions | Edges 
+### How to install/uninstall?
--- | ---- | ---------- | ------------ | -----
-`00000600001DCB9C` | ``CWUTelemetryDownloadCanceledEvent::FireAsimovEvent(void)`` | 36 | 446 | 53
-`00000600001D8F98` | ``CWUTelemetryDownloadCanceledEvent::`scalar deleting destructor'(uint)`` | 3 | 15 | 3
-`00000600001D8FD0` | ``CWUTelemetryDownloadEvent::CWUTelemetryDownloadEvent(void)`` | 1 | 58 | 0
-`00000600001DAEDC` | ``CWUTelemetryDownloadEvent::Init(CReporter *,long,long,ushort const *,long,_GUID,_GUID,CReportingOptionalValues &,AsimovDataInAddition *)`` | 6 | 50 | 8
-`00000600001DAFB8` | ``CWUTelemetryDownloadEvent::InitializeMemebersFromOptionalData(tagOptionalData *)`` | 27 | 91 | 40
-`00000600001D9100` | ``CWUTelemetryDownloadEvent::~CWUTelemetryDownloadEvent(void)`` | 2 | 60 | 1
-`00000600001DC2C4` | ``CWUTelemetryDownloadFailedEvent::FireAsimovEvent(void)`` | 36 | 446 | 53
-`00000600001DB114` | ``CWUTelemetryDownloadStartedEvent::FireAsimovEvent(void)`` | 36 | 446 | 53
-`00000600001DB9EC` | ``CWUTelemetryDownloadSucceededEvent::FireAsimovEvent(void)`` | 36 | 446 | 53
-`00000600001D8C48` | ``CWUTelemetryEventFactory::FireTelemetryEvent(CReporter *,long,long,ushort const *,long,_GUID,_GUID,CReportingOptionalValues &,AsimovDataInAddition *)`` | 11 | 76 | 17
-`00000600001D8574` | ``CWUTelemetryEventFactory::GetTelemetryEvent(CReporter *,long,long,ushort const *,long,_GUID,_GUID,CReportingOptionalValues &,AsimovDataInAddition *,CWUTelemetryEvent * *)`` | 77 | 395 | 127
-`00000600001DEE7C` | ``CWUTelemetryInstallCanceledEvent::FireAsimovEvent(void)`` | 34 | 409 | 50
-`00000600001D8DD4` | ``CWUTelemetryInstallEvent::CWUTelemetryInstallEvent(void)`` | 1 | 57 | 0
-`00000600001DD474` | ``CWUTelemetryInstallEvent::Init(CReporter *,long,long,ushort const *,long,_GUID,_GUID,CReportingOptionalValues &,AsimovDataInAddition *)`` | 6 | 50 | 8
-`00000600001DD550` | ``CWUTelemetryInstallEvent::InitializeMemebersFromOptionalData(tagOptionalData *)`` | 23 | 81 | 34
-`00000600001D8EFC` | ``CWUTelemetryInstallEvent::~CWUTelemetryInstallEvent(void)`` | 2 | 66 | 1
-`00000600001DE67C` | ``CWUTelemetryInstallFailedEvent::FireAsimovEvent(void)`` | 34 | 409 | 50
-`00000600001DF67C` | ``CWUTelemetryInstallRebootPendingEvent::FireAsimovEvent(void)`` | 34 | 409 | 50
-`00000600001D8D9C` | ``CWUTelemetryInstallRebootPendingEvent::`scalar deleting destructor'(uint)`` | 3 | 15 | 3
-`00000600001DD67C` | ``CWUTelemetryInstallStartedEvent::FireAsimovEvent(void)`` | 34 | 409 | 50
-`00000600001DDE7C` | ``CWUTelemetryInstallSucceededEvent::FireAsimovEvent(void)`` | 34 | 409 | 50
-`00000600001CAE68` | ``CWUTelemetryScanFailedEvent::FireAsimovEvent(void)`` | 31 | 416 | 46
-`00000600001CA100` | ``CWUTelemetryScanRetryEvent::FireAsimovEvent(void)`` | 9 | 108 | 13
-`00000600001CA588` | ``CWUTelemetryScanSucceededEvent::FireAsimovEvent(void)`` | 47 | 459 | 73
-`00000600001CB790` | ``CWUTelemetryUnsupportedSystemClickSupportEvent::FireAsimovEvent(void)`` | 5 | 22 | 7
-`00000600001CB9B0` | ``CWUTelemetryUnsupportedSystemClickSupportEvent::`scalar deleting destructor'(uint)`` | 3 | 17 | 3
-`00000600001CB7FC` | ``CWUTelemetryUnsupportedSystemDetectionEvent::FireAsimovEvent(void)`` | 5 | 22 | 7
-`00000600001CB970` | ``CWUTelemetryUnsupportedSystemDetectionEvent::`scalar deleting destructor'(uint)`` | 3 | 17 | 3
-`00000600001CB724` | ``CWUTelemetryUnsupportedSystemNotificationDismissEvent::FireAsimovEvent(void)`` | 5 | 22 | 7
-`00000600001CB9F0` | ``CWUTelemetryUnsupportedSystemNotificationDismissEvent::`scalar deleting destructor'(uint)`` | 3 | 17 | 3
-`00000600001CB6B8` | ``CWUTelemetryUnsupportedSystemNotificationShowEvent::FireAsimovEvent(void)`` | 5 | 22 | 7
-`00000600001CBA30` | ``CWUTelemetryUnsupportedSystemNotificationShowEvent::`scalar deleting destructor'(uint)`` | 3 | 17 | 3
-**`0000060000102F08`** | **``IsCPUSupported(void)``** | **20** | **157** | **31**
-**`00000600000AF3C0`** | **``IsDeviceServiceable(void)``** | **7** | **31** | **8**
-`00000600000832CC` | ``TraceLoggingEnableForTelemetry(_TlgProvider_t const *)`` | 16 | 86 | 23
-`0000060000083210` | ``TraceLoggingSetInformation(_TlgProvider_t const *,_EVENT_INFO_CLASS,void *,ulong)`` | 6 | 50 | 8
 
-We have found culprits, [`IsDeviceServiceable(void)`](https://gist.github.com/zeffy/e5ec266952932bc905eb0cbc6ed72185) and [`IsCPUSupported(void)`](https://gist.github.com/zeffy/1a8f8984d2bec97ae24af63a76278694)!
+Just download the [latest release](../../releases/latest), and extract the `wufuc` folder to a permanent location (like `C:\Program Files\wufuc`) and then run `install_wufuc.bat` as administrator. 
 
-## Solutions
+To uninstall run `uninstall_wufuc.bat` as administrator.
 
-Luckily, there are a couple of different ways to kill this CPU check by patching `wuaueng.dll`.
+### How to update when a new version comes out?
 
-1. Change the value of `dword_600002EE948` (see [this line](https://gist.github.com/zeffy/e5ec266952932bc905eb0cbc6ed72185#file-isdeviceserviceable-c-L7)) which is at file offset `0x26C948`, from `0x01` to `0x00`. This makes `IsDeviceServiceable(void)` skip over the entire CPU check and immediately return the value stored at `dword_600002EE94C`, which by default is 1 (supported CPU). This is my preferred method, as it is a simple 1-byte change. **Note: this offset is only for the KB4012218-x64, for a list of all the patch offsets [click here](docs/Patch_Offsets.md).**
+Unless otherwise noted, you should only have to:
 
-2. Fill all the instructions highlighted [here](https://gist.github.com/zeffy/e5ec266952932bc905eb0cbc6ed72185#file-isdeviceserviceable-asm-L24-L26) in `IsDeviceServiceable(void)` with `nop`s. This will enabling using the `ForceUnsupportedCPU` value of type `REG_DWORD` under the registry key `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Test\Scan` (you will most likely have to create this registry key). You can set this value to `0x00000001` to force unsupported CPUs, or to `0x00000000` to use the default behaviour. You will probably need to restart your PC or restart the `wuauserv` service in order for changes to apply. **This is an internal testing feature used by Microsoft and could be removed in future updates, so I will not be providing xdelta files for it.**
+- Run `uninstall_wufuc.bat` as administrator.
+- Copy the new files into the install folder, overwriting the old ones.
+- Run the new `install_wufuc.bat` as administrator.
 
-## Caveats
+### How do I remove your old patch and use this instead?
 
-- You have to apply a new patch whenever `wuaueng.dll` gets updated.
+I've included a utility script called `repair_wuaueng.dll.bat`. When you run it, it will initiate an `sfc` scan and revert any changes made to `wuaueng.dll`.
-- SFC scan errors will most likely occur as it will believe the integrity of the system has been compromised.
-
-[BinDiff]: https://www.zynamics.com/software.html
-[Diaphora]: http://diaphora.re

appveyor.yml

@@ -0,0 +1,33 @@
+version: 0.6.1.{build}
+skip_commits:
+  files:
+    - README.md
+image: Visual Studio 2017
+configuration: Release
+platform:
+- x86
+- x64
+build:
+  verbosity: minimal
+before_build:
+- cmd: >-
+    set "BUILD_VERSION=%APPVEYOR_BUILD_VERSION%-%APPVEYOR_REPO_COMMIT:~0,8%"
+
+    set "BUILD_VERSION_COMMA_SEP=%APPVEYOR_BUILD_VERSION:.=,%"
+
+    set "BUILD_ZIPFILE=%APPVEYOR_BUILD_FOLDER%\%APPVEYOR_PROJECT_NAME%_v%BUILD_VERSION%_%PLATFORM%.zip"
+
+after_build:
+- cmd: >-
+    copy /Y "LICENSE" "install\COPYING.txt"
+    
+    cd "%APPVEYOR_BUILD_FOLDER%\install"
+    
+    for /R %%G in (*.bat) do unix2dos "%%G"
+    
+    7z a "%BUILD_ZIPFILE%" "..\install"
+    
+    7z rn "%BUILD_ZIPFILE%" "install" "%APPVEYOR_PROJECT_NAME%"
+
+artifacts:
+- path: '*.zip'

install/install_wufuc.bat

@@ -0,0 +1,139 @@
+@echo off
+title wufuc installer
+:: Copyright (C) 2017 zeffy
+
+:: This program is free software: you can redistribute it and/or modify
+:: it under the terms of the GNU General Public License as published by
+:: the Free Software Foundation, either version 3 of the License, or
+:: (at your option) any later version.
+
+:: This program is distributed in the hope that it will be useful,
+:: but WITHOUT ANY WARRANTY; without even the implied warranty of
+:: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+:: GNU General Public License for more details.
+
+:: You should have received a copy of the GNU General Public License
+:: along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+echo Copyright ^(C^) 2017 zeffy
+echo This program comes with ABSOLUTELY NO WARRANTY.
+echo This is free software, and you are welcome to redistribute it
+echo under certain conditions; see COPYING.txt for details.
+echo.
+
+fltmc >nul 2>&1 || (
+    echo This batch script requires administrator privileges. Right-click on
+    echo %~nx0 and select "Run as administrator".
+    goto :die
+)
+
+echo Checking system requirements...
+
+if /I "%PROCESSOR_ARCHITECTURE%"=="AMD64" (
+    goto :is_x64
+) else (
+    if /I "%PROCESSOR_ARCHITEW6432%"=="AMD64" (
+        goto :is_x64
+    )
+    if /I "%PROCESSOR_ARCHITECTURE%"=="x86" (
+        goto :is_x86
+    )
+)
+goto :unsupported_os
+
+:is_x86
+set "WINDOWS_ARCHITECTURE=x86"
+set "wufuc_dll=%~dp0wufuc32.dll"
+goto :get_ver
+
+:is_x64
+set "WINDOWS_ARCHITECTURE=x64"
+set "wufuc_dll=%~dp0wufuc64.dll"
+
+:get_ver
+for /f "tokens=*" %%i in ('wmic /output:stdout datafile where "name='%wufuc_dll:\=\\%'" get Version /value ^| find "="') do set "%%i"
+title wufuc installer - v%Version%
+
+:check_ver
+wmic /output:stdout os get version | findstr "^6\.1\." >nul && (
+    set "WINDOWS_VER=6.1"
+    set "SUPPORTED_HOTFIXES=KB4022722 KB4022719 KB4019265 KB4019264 KB4015552 KB4015549 KB4015546 KB4012218"
+    echo Detected supported operating system: Windows 7 %WINDOWS_ARCHITECTURE%
+    goto :check_hotfix
+)
+wmic /output:stdout os get version | findstr "^6\.3\." >nul && (
+    set "WINDOWS_VER=8.1"
+    set "SUPPORTED_HOTFIXES=KB4022726 KB4022717 KB4019217 KB4019215 KB4015553 KB4015550 KB4015547 KB4012219"
+    echo Detected supported operating system: Windows 8.1 %WINDOWS_ARCHITECTURE%
+    goto :check_hotfix
+)
+
+:unsupported_os
+echo Detected that you are using an unsupported operating system.
+echo.
+echo This patch only works on the following versions of Windows:
+echo.
+echo - Windows 7 (x64 and x86)
+echo - Windows 8.1 (x64 and x86)
+echo - Windows Server 2008 R2
+echo - Windows Server 2012 R2
+goto :die
+
+:check_hotfix
+for %%a in (%SUPPORTED_HOTFIXES%) do (
+    wmic /output:stdout qfe get hotfixid | find "%%a" >nul && (
+        set "INSTALLED_HOTFIX=%%a"
+        echo Detected supported installed update: %%a
+        goto :confirmation
+    )
+)
+wmic /output:stdout qfe get /value 2>&1 | find "No Instance(s) Available" >nul && (
+    echo WARNING - wmic qfe is broken, can't check installed updates...
+    goto :confirmation
+)
+echo.
+echo WARNING - Detected that no supported updates are installed.
+echo.
+echo   This warning could also mean that a new update came out and the
+echo   wufuc installer script's list of updates hasn't been updated yet. 
+echo   If this is definitely the case and you know which update it is,
+echo   feel free to create an issue.  https://github.com/zeffy/wufuc/issues
+
+:confirmation
+echo.
+echo wufuc disables the "Unsupported Hardware" message in Windows Update, 
+echo and allows you to continue installing updates on Windows 7 and 8.1
+echo systems with Intel Kaby Lake, AMD Ryzen, or other unsupported processors.
+echo.
+echo Please be absolutely sure you really need wufuc before continuing.
+echo.
+set /p CONTINUE=Enter 'Y' if you want to install wufuc: 
+if /I not "%CONTINUE%"=="Y" goto :cancel
+echo.
+
+:install
+set "wufuc_task=wufuc.{72EEE38B-9997-42BD-85D3-2DD96DA17307}"
+net start Schedule
+schtasks /Create /XML "%~dp0wufuc.xml" /TN "%wufuc_task%" /F
+schtasks /Change /TN "%wufuc_task%" /TR "'%systemroot%\system32\rundll32.exe' """%wufuc_dll%""",Rundll32Entry"
+schtasks /Change /TN "%wufuc_task%" /ENABLE
+rundll32 "%wufuc_dll%",Rundll32Unload
+schtasks /Run /TN "%wufuc_task%"
+
+echo.
+echo Installed and started wufuc, you can now continue installing updates! :^)
+echo.
+echo To uninstall, run uninstall_wufuc.bat as administrator.
+goto :die
+
+:die
+echo.
+echo Press any key to exit...
+pause >nul
+exit
+
+:cancel
+echo.
+echo Canceled by user, press any key to exit...
+pause >nul
+exit

install/uninstall_wufuc.bat

@@ -0,0 +1,78 @@
+@echo off
+title wufuc uninstaller
+:: Copyright (C) 2017 zeffy
+
+:: This program is free software: you can redistribute it and/or modify
+:: it under the terms of the GNU General Public License as published by
+:: the Free Software Foundation, either version 3 of the License, or
+:: (at your option) any later version.
+
+:: This program is distributed in the hope that it will be useful,
+:: but WITHOUT ANY WARRANTY; without even the implied warranty of
+:: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+:: GNU General Public License for more details.
+
+:: You should have received a copy of the GNU General Public License
+:: along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+echo Copyright ^(C^) 2017 zeffy
+echo This program comes with ABSOLUTELY NO WARRANTY.
+echo This is free software, and you are welcome to redistribute it
+echo under certain conditions; see COPYING.txt for details.
+echo.
+
+fltmc >nul 2>&1 || (
+    echo This batch script requires administrator privileges. Right-click on
+    echo %~nx0 and select "Run as administrator".
+    goto :die
+)
+
+if /I "%PROCESSOR_ARCHITECTURE%"=="AMD64" (
+    goto :is_x64
+) else (
+    if /I "%PROCESSOR_ARCHITEW6432%"=="AMD64" (
+        goto :is_x64
+    )
+    if /I "%PROCESSOR_ARCHITECTURE%"=="x86" (
+        goto :is_x86
+    )
+)
+goto :die
+
+:is_x86
+set "WINDOWS_ARCHITECTURE=x86"
+set "wufuc_dll=%~dp0wufuc32.dll"
+goto :get_ver
+
+:is_x64
+set "WINDOWS_ARCHITECTURE=x64"
+set "wufuc_dll=%~dp0wufuc64.dll"
+
+:get_ver
+for /f "tokens=*" %%i in ('wmic /output:stdout datafile where "name='%wufuc_dll:\=\\%'" get Version /value ^| find "="') do set "%%i"
+title wufuc uninstaller - v%Version%
+
+:confirmation
+set /p CONTINUE=Enter 'Y' if you want to uninstall wufuc: 
+if /I not "%CONTINUE%"=="Y" goto :cancel
+echo.
+
+set "wufuc_task=wufuc.{72EEE38B-9997-42BD-85D3-2DD96DA17307}"
+rundll32 "%wufuc_dll%",Rundll32Unload
+net start Schedule
+schtasks /Delete /TN "%wufuc_task%" /F
+
+echo.
+echo Unloaded and uninstalled wufuc. :^(
+
+:die
+echo.
+echo Press any key to exit...
+pause >nul
+exit
+
+:cancel
+echo.
+echo Canceled by user, press any key to exit...
+pause >nul
+exit

install/utility scripts/debugview_helper.bat

@@ -0,0 +1,66 @@
+@echo off
+title wufuc utility - debugview helper
+:: Copyright (C) 2017 zeffy
+
+:: This program is free software: you can redistribute it and/or modify
+:: it under the terms of the GNU General Public License as published by
+:: the Free Software Foundation, either version 3 of the License, or
+:: (at your option) any later version.
+
+:: This program is distributed in the hope that it will be useful,
+:: but WITHOUT ANY WARRANTY; without even the implied warranty of
+:: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+:: GNU General Public License for more details.
+
+:: You should have received a copy of the GNU General Public License
+:: along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+echo Copyright ^(C^) 2017 zeffy
+echo This program comes with ABSOLUTELY NO WARRANTY.
+echo This is free software, and you are welcome to redistribute it
+echo under certain conditions; see COPYING.txt for details.
+echo.
+
+fltmc >nul 2>&1 || (
+    echo This batch script requires administrator privileges. Right-click on
+    echo %~nx0 and select "Run as administrator".
+    goto :die
+)
+if /I "%PROCESSOR_ARCHITECTURE%"=="AMD64" (
+    goto :is_x64
+) else (
+    if /I "%PROCESSOR_ARCHITEW6432%"=="AMD64" (
+        goto :is_x64
+    )
+    if /I "%PROCESSOR_ARCHITECTURE%"=="x86" (
+        goto :is_x86
+    )
+)
+goto :die
+
+:is_x86
+set "wufuc_dll=%~dp0..\wufuc32.dll"
+goto :unload
+
+:is_x64
+set "wufuc_dll=%~dp0..\wufuc64.dll"
+
+:unload
+rundll32 "%wufuc_dll%",Rundll32Unload
+
+net stop wuauserv
+
+set "wufuc_task=wufuc.{72EEE38B-9997-42BD-85D3-2DD96DA17307}"
+net start Schedule
+schtasks /Change /TN "%wufuc_task%" /ENABLE
+schtasks /Run /TN "%wufuc_task%"
+
+timeout /nobreak /t 3 >nul
+net start wuauserv
+
+echo Restarted wufuc and wuauserv.
+
+:die
+echo.
+pause
+exit

install/utility scripts/disable_wufuc.bat

@@ -0,0 +1,61 @@
+@echo off
+title wufuc utility - disable task
+:: Copyright (C) 2017 zeffy
+
+:: This program is free software: you can redistribute it and/or modify
+:: it under the terms of the GNU General Public License as published by
+:: the Free Software Foundation, either version 3 of the License, or
+:: (at your option) any later version.
+
+:: This program is distributed in the hope that it will be useful,
+:: but WITHOUT ANY WARRANTY; without even the implied warranty of
+:: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+:: GNU General Public License for more details.
+
+:: You should have received a copy of the GNU General Public License
+:: along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+echo Copyright ^(C^) 2017 zeffy
+echo This program comes with ABSOLUTELY NO WARRANTY.
+echo This is free software, and you are welcome to redistribute it
+echo under certain conditions; see COPYING.txt for details.
+echo.
+
+fltmc >nul 2>&1 || (
+    echo This batch script requires administrator privileges. Right-click on
+    echo %~nx0 and select "Run as administrator".
+    goto :die
+)
+
+if /I "%PROCESSOR_ARCHITECTURE%"=="AMD64" (
+    goto :is_x64
+) else (
+    if /I "%PROCESSOR_ARCHITEW6432%"=="AMD64" (
+        goto :is_x64
+    )
+    if /I "%PROCESSOR_ARCHITECTURE%"=="x86" (
+        goto :is_x86
+    )
+)
+goto :die
+
+:is_x86
+set "wufuc_dll=%~dp0..\wufuc32.dll"
+goto :disable
+
+:is_x64
+set "wufuc_dll=%~dp0..\wufuc64.dll"
+
+:disable
+set "wufuc_task=wufuc.{72EEE38B-9997-42BD-85D3-2DD96DA17307}"
+rundll32 "%wufuc_dll%",Rundll32Unload
+net start Schedule
+schtasks /Change /TN "%wufuc_task%" /DISABLE
+
+echo.
+echo Disabled wufuc! You will still be able to check for updates until you restart.
+
+:die
+echo.
+pause
+exit

install/utility scripts/enable_wufuc.bat

@@ -0,0 +1,41 @@
+@echo off
+title wufuc utility - enable task
+:: Copyright (C) 2017 zeffy
+
+:: This program is free software: you can redistribute it and/or modify
+:: it under the terms of the GNU General Public License as published by
+:: the Free Software Foundation, either version 3 of the License, or
+:: (at your option) any later version.
+
+:: This program is distributed in the hope that it will be useful,
+:: but WITHOUT ANY WARRANTY; without even the implied warranty of
+:: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+:: GNU General Public License for more details.
+
+:: You should have received a copy of the GNU General Public License
+:: along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+echo Copyright ^(C^) 2017 zeffy
+echo This program comes with ABSOLUTELY NO WARRANTY.
+echo This is free software, and you are welcome to redistribute it
+echo under certain conditions; see COPYING.txt for details.
+echo.
+
+fltmc >nul 2>&1 || (
+    echo This batch script requires administrator privileges. Right-click on
+    echo %~nx0 and select "Run as administrator".
+    goto :die
+)
+
+set "wufuc_task=wufuc.{72EEE38B-9997-42BD-85D3-2DD96DA17307}"
+net start Schedule
+schtasks /Change /TN "%wufuc_task%" /ENABLE
+schtasks /Run /TN "%wufuc_task%"
+
+echo.
+echo Enabled and started wufuc!
+
+:die
+echo.
+pause
+exit

install/utility scripts/repair_wuaueng.dll.bat

@@ -0,0 +1,51 @@
+@echo off
+title wufuc utility - repair wuaueng.dll
+:: Copyright (C) 2017 zeffy
+
+:: This program is free software: you can redistribute it and/or modify
+:: it under the terms of the GNU General Public License as published by
+:: the Free Software Foundation, either version 3 of the License, or
+:: (at your option) any later version.
+
+:: This program is distributed in the hope that it will be useful,
+:: but WITHOUT ANY WARRANTY; without even the implied warranty of
+:: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+:: GNU General Public License for more details.
+
+:: You should have received a copy of the GNU General Public License
+:: along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+echo Copyright ^(C^) 2017 zeffy
+echo This program comes with ABSOLUTELY NO WARRANTY.
+echo This is free software, and you are welcome to redistribute it
+echo under certain conditions; see COPYING.txt for details.
+echo.
+
+fltmc >nul 2>&1 || (
+    echo This batch script requires administrator privileges. Right-click on
+    echo %~nx0 and select "Run as administrator".
+    goto :die
+)
+
+echo You may want to use this script if you previously modified wuaueng.dll
+echo with "aio-wuaueng.dll-patch.bat" or by other means.
+echo.
+echo This will run the sfc utility and it will restore any changes that were made.
+echo.
+
+set /p CONTINUE=Enter 'Y' if you want to repair wuaueng.dll: 
+if /I not "%CONTINUE%"=="Y" goto :cancel
+
+sfc /SCANFILE="%systemroot%\System32\wuaueng.dll"
+
+:die
+echo.
+echo Press any key to exit...
+pause >nul
+exit
+
+:cancel
+echo.
+echo Canceled by user, press any key to exit...
+pause >nul
+exit

patch_scripts/aio/aio-wuaueng.dll-patch.bat

@@ -1,270 +0,0 @@
-@echo off
-:: Copyright (C) 2017 zeffy <https://github.com/zeffy>
-
-:: This program is free software: you can redistribute it and/or modify
-:: it under the terms of the GNU General Public License as published by
-:: the Free Software Foundation, either version 3 of the License, or
-:: (at your option) any later version.
-
-:: This program is distributed in the hope that it will be useful,
-:: but WITHOUT ANY WARRANTY; without even the implied warranty of
-:: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-:: GNU General Public License for more details.
-
-:: You should have received a copy of the GNU General Public License
-:: along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-echo Copyright (C) 2017 zeffy ^<https://github.com/zeffy^>
-echo This program comes with ABSOLUTELY NO WARRANTY.
-echo This is free software, and you are welcome to redistribute it
-echo under certain conditions; see COPYING.txt for details.
-echo.
-
-net session >nul 2>&1 || (
-    echo This batch script requires administrator privileges. Right-click on
-    echo %~nx0 and select "Run as administrator".
-    goto :die
-)
-
-set "SYSTEM32_DIR=%systemroot%\System32"
-set "WUAUENG_DLL=%SYSTEM32_DIR%\wuaueng.dll"
-
-echo Checking system requirements...
-
-:check_bitness
-if /I "%PROCESSOR_ARCHITECTURE%"=="AMD64" (
-    goto :is_x64
-) else (
-    if /I "%PROCESSOR_ARCHITEW6432%"=="AMD64" (
-        goto :is_x64
-    )
-    if /I "%PROCESSOR_ARCHITECTURE%"=="x86" (
-        set "WINDOWS_ARCHITECTURE=x86"
-        set "XDELTA3_EXE=%~dp0xdelta3-3.0.11-i686.exe"
-        goto :find_xdelta3
-    )
-)
-goto :unsupported_os
-
-:is_x64
-set "WINDOWS_ARCHITECTURE=x64"
-set "XDELTA3_EXE=%~dp0xdelta3-3.0.11-x86_64.exe"
-
-:find_xdelta3
-echo.
-if not exist "%XDELTA3_EXE%" (
-    call :file_not_found "%XDELTA3_EXE%"
-    goto :die
-)
-
-wmic /output:stdout os get version | findstr "^6\.1\." >nul && (
-    set "WINDOWS_VER=6.1"
-    set "SUPPORTED_HOTFIXES=KB4019265 KB4019264 KB4015552 KB4015549 KB4015546 KB4012218"
-    echo Detected supported operating system: Windows 7 %WINDOWS_ARCHITECTURE%
-    goto :check_hotfix
-)
-wmic /output:stdout os get version | findstr "^6\.3\." >nul && (
-    set "WINDOWS_VER=8.1"
-    set "SUPPORTED_HOTFIXES=KB4019217 KB4019215 KB4015553 KB4015550 KB4015547 KB4012219"
-    echo Detected supported operating system: Windows 8.1 %WINDOWS_ARCHITECTURE%
-    goto :check_hotfix
-)
-
-:unsupported_os
-echo Detected that you are using an unsupported operating system.
-echo.
-echo This patch only works on the following versions of Windows:
-echo.
-echo - Windows 7 (x64 and x86)
-echo - Windows 8.1 (x64 and x86)
-echo - Windows Server 2008 R2 (reported as Windows 7 x64)
-echo - Windows Server 2012 R2 (reported as Windows 8.1 x64)
-goto :die
-
-:check_hotfix
-echo.
-for %%a in (%SUPPORTED_HOTFIXES%) do (
-    wmic /output:stdout qfe get hotfixid | find "%%a" >nul && (
-        set "INSTALLED_HOTFIX=%%a"
-        echo Detected installed supported update: %%a
-        goto :confirmation
-    )
-)
-
-echo Detected that no supported updates are installed! If you are getting 
-echo unsupported hardware errors in Windows Update, please create an issue
-echo and I will try to help you out.
-echo.
-echo https://github.com/zeffy/kb4012218-19/issues
-echo.
-call :show_debug_info
-goto :die
-
-:confirmation
-echo.
-echo This patch only works on the following versions of Windows:
-echo.
-echo - Windows 7 (x64 and x86)
-echo - Windows 8.1 (x64 and x86)
-echo - Windows Server 2008 R2 (reported as Windows 7 x64)
-echo - Windows Server 2012 R2 (reported as Windows 8.1 x64)
-echo.
-echo If you have another version of Windows, please close this window immediately.
-echo.
-echo By continuing, you acknowledge that you want to modify wuaueng.dll.
-echo.
-echo I take no responsibility if you somehow ruin your PC with this script.
-echo.
-set /p CONTINUE=Enter 'Y' if you understand, and still want to continue: 
-if /I not "%CONTINUE%"=="Y" goto :cancel
-
-:ask
-echo.
-echo Would you like to install the patch or uninstall it?
-echo.
-echo 1. Install
-echo 2. Uninstall
-echo.
-set /p CHOICE=Enter your choice: 
-if "%CHOICE%"=="1" (
-    set "PATCH_TYPE=patch"
-    goto :begin
-)
-if "%CHOICE%"=="2" (
-    set "PATCH_TYPE=unpatch"
-    goto :begin
-)
-echo Invalid choice, please try again...
-goto :ask
-
-:begin
-echo.
-set "DELTA_FILE=%~dp0patches\Windows%WINDOWS_VER%-%INSTALLED_HOTFIX%-%WINDOWS_ARCHITECTURE%-%PATCH_TYPE%.xdelta"
-if not exist "%DELTA_FILE%" (
-    call :file_not_found "%DELTA_FILE%"
-    goto :die
-)
-call :set_timestamp_var
-set "BACKUP_FILE=%WUAUENG_DLL%_%TIMESTAMP%_before-%PATCH_TYPE%.bak"
-set "ACL_TEMP_FILE=%temp%\wuaueng.dll_acl_%TIMESTAMP%.txt"
-
-net stop wuauserv
-
-takeown /F "%WUAUENG_DLL%" /A
-icacls "%WUAUENG_DLL%" /save "%ACL_TEMP_FILE%"
-
-:: Administrators group SID
-icacls "%WUAUENG_DLL%" /grant *S-1-5-32-544:F
-move "%WUAUENG_DLL%" "%BACKUP_FILE%"
-
-"%XDELTA3_EXE%" -d -s "%BACKUP_FILE%" "%DELTA_FILE%" "%WUAUENG_DLL%"
-if errorlevel 1 (
-    set "THERE_WAS_AN_ERROR=%errorlevel%"
-    move /Y "%BACKUP_FILE%" "%WUAUENG_DLL%"
-)
-
-:: "NT Service\TrustedInstaller" SID
-icacls "%WUAUENG_DLL%" /setowner *S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464
-icacls "%SYSTEM32_DIR%" /restore "%ACL_TEMP_FILE%"
-
-net start wuauserv
-
-echo.
-if defined THERE_WAS_AN_ERROR (
-    echo There was an error while %PATCH_TYPE%ing. Nothing has been modified. 
-    echo If you didn't screw with the script or anything like that and this
-    echo error was unexpected, please create an issue and include the output
-    echo of this window in your post.
-    echo.
-    echo https://github.com/zeffy/kb4012218-19/issues
-    echo.
-    call :show_debug_info
-) else (
-    echo Successfully %PATCH_TYPE%ed!
-    echo If you want to revert the changes that have been made for whatever
-    echo reason, you can run this script again and pick the other option.
-    echo.
-    echo You can also manually restore the backup file located at 
-    echo '%BACKUP_FILE%'
-    echo by renaming it back to wuaueng.dll, changing the owner back to 
-    echo "NT Service\TrustedInstaller", and restoring the original permissions from 
-    echo '%ACL_TEMP_FILE%'. 
-    echo However, make absolutely sure you only restore the backup that is the same 
-    echo version as the current wuaueng.dll, or you could corrupt the WinSxS component
-    echo store.
-)
-
-:die
-echo.
-echo Press any key to exit...
-pause >nul
-exit
-
-:cancel
-echo.
-echo Canceled by user, press any key to exit...
-pause >nul
-exit
-
-:show_debug_info
-echo Gathering debugging information, please wait...
-call :set_timestamp_var
-set "DEBUG_LOG_FILE=%temp%\%~nx0-debuginfo_%TIMESTAMP%.log"
-
-set "WMI_OS_VALUES=BuildNumber,Caption,MUILanguages,OSArchitecture,OSLanguage,Version"
-set "WMI_CPU_VALUES=Description,Family,Manufacturer,Name,NumberOfCores,NumberOfLogicalProcessors,ProcessorId,Revision"
-set "WMI_QFE_VALUES=HotFixID,InstalledOn"
-set "WMI_DATAFILE_VALUES=CreationDate,FileSize,InstallDate,LastAccessed,LastModified,Version"
-set "CERTUTIL_HASH_ALGS=MD5 SHA1 SHA256"
-
-echo.>"%DEBUG_LOG_FILE%"
-echo ^<details^>>>"%DEBUG_LOG_FILE%"
-echo.>>"%DEBUG_LOG_FILE%"
-echo ## Operating System>>"%DEBUG_LOG_FILE%"
-echo.>>"%DEBUG_LOG_FILE%"
-echo ```>>"%DEBUG_LOG_FILE%"
-wmic /output:stdout os get %WMI_OS_VALUES% /value | findstr /V "^$" >>"%DEBUG_LOG_FILE%"
-echo ```>>"%DEBUG_LOG_FILE%"
-echo.>>"%DEBUG_LOG_FILE%"
-
-echo ## Processor>>"%DEBUG_LOG_FILE%"
-echo.>>"%DEBUG_LOG_FILE%"
-echo ```>>"%DEBUG_LOG_FILE%"
-wmic /output:stdout cpu get %WMI_CPU_VALUES% /value | findstr /V "^$" >>"%DEBUG_LOG_FILE%"
-echo ```>>"%DEBUG_LOG_FILE%"
-echo.>>"%DEBUG_LOG_FILE%"
-
-echo ## Installed Hotfixes>>"%DEBUG_LOG_FILE%"
-echo.>>"%DEBUG_LOG_FILE%"
-echo ```>>"%DEBUG_LOG_FILE%"
-wmic /output:stdout qfe get %WMI_QFE_VALUES% /value | findstr /V "^$" >>"%DEBUG_LOG_FILE%"
-echo ```>>"%DEBUG_LOG_FILE%"
-echo.>>"%DEBUG_LOG_FILE%"
-
-echo ## wuaueng.dll Properties>>"%DEBUG_LOG_FILE%"
-echo.>>"%DEBUG_LOG_FILE%"
-echo ```>>"%DEBUG_LOG_FILE%"
-for %%a in (%CERTUTIL_HASH_ALGS%) do (
-    certutil -hashfile "%WUAUENG_DLL%" "%%a" | find /V "CertUtil" >>"%DEBUG_LOG_FILE%"
-    echo.>>"%DEBUG_LOG_FILE%"
-)
-wmic /output:stdout datafile where "name='%WUAUENG_DLL:\=\\%'" get %WMI_DATAFILE_VALUES% /value | findstr /V "^$" >>"%DEBUG_LOG_FILE%"
-echo ```>>"%DEBUG_LOG_FILE%"
-echo ^</details^>>>"%DEBUG_LOG_FILE%"
-
-echo.
-echo Done! Please copy the text from Notepad into your GitHub issue.
-echo Opening log file in 5 seconds...
-timeout /t 5 /nobreak >nul
-start "" notepad "%DEBUG_LOG_FILE%"
-exit /b
-
-:set_timestamp_var
-for /f "delims=" %%a in ('wmic /output:stdout os get localdatetime ^| find "."') do set dt=%%a
-set "TIMESTAMP=%dt:~0,4%-%dt:~4,2%-%dt:~6,2%_%dt:~8,2%-%dt:~10,2%-%dt:~12,2%_%dt:~15,6%"
-exit /b
-
-:file_not_found
-echo File "%~1" not found! 
-echo Make sure you extracted all the files from the release .zip and try again.
-exit /b

wufuc.sln

@@ -0,0 +1,37 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 15
+VisualStudioVersion = 15.0.26430.12
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wufuc", "wufuc\wufuc.vcxproj", "{00F96695-CE41-4C2F-A344-6219DFB4F887}"
+EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{8C2147FF-2B83-479B-813E-5ACB86F43042}"
+	ProjectSection(SolutionItems) = preProject
+		.gitattributes = .gitattributes
+		.gitignore = .gitignore
+		appveyor.yml = appveyor.yml
+		LICENSE = LICENSE
+		README.md = README.md
+	EndProjectSection
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|x64 = Debug|x64
+		Debug|x86 = Debug|x86
+		Release|x64 = Release|x64
+		Release|x86 = Release|x86
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{00F96695-CE41-4C2F-A344-6219DFB4F887}.Debug|x64.ActiveCfg = Debug|x64
+		{00F96695-CE41-4C2F-A344-6219DFB4F887}.Debug|x64.Build.0 = Debug|x64
+		{00F96695-CE41-4C2F-A344-6219DFB4F887}.Debug|x86.ActiveCfg = Debug|Win32
+		{00F96695-CE41-4C2F-A344-6219DFB4F887}.Debug|x86.Build.0 = Debug|Win32
+		{00F96695-CE41-4C2F-A344-6219DFB4F887}.Release|x64.ActiveCfg = Release|x64
+		{00F96695-CE41-4C2F-A344-6219DFB4F887}.Release|x64.Build.0 = Release|x64
+		{00F96695-CE41-4C2F-A344-6219DFB4F887}.Release|x86.ActiveCfg = Release|Win32
+		{00F96695-CE41-4C2F-A344-6219DFB4F887}.Release|x86.Build.0 = Release|Win32
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal

wufuc/core.c

@@ -0,0 +1,163 @@
+#include <Windows.h>
+#include <stdint.h>
+#include <tchar.h>
+#include <Psapi.h>
+#include <sddl.h>
+#include "service.h"
+#include "patternfind.h"
+#include "util.h"
+#include "shared.h"
+#include "core.h"
+
+DWORD WINAPI NewThreadProc(LPVOID lpParam) {
+    SC_HANDLE hSCManager = OpenSCManager(NULL, SERVICES_ACTIVE_DATABASE, SC_MANAGER_CONNECT);
+
+    TCHAR lpBinaryPathName[0x8000];
+    get_svcpath(hSCManager, _T("wuauserv"), lpBinaryPathName, _countof(lpBinaryPathName));
+
+    BOOL result = _tcsicmp(GetCommandLine(), lpBinaryPathName);
+    CloseServiceHandle(hSCManager);
+
+    if (result) {
+        return 0;
+    }
+
+    SECURITY_ATTRIBUTES sa;
+    sa.nLength = sizeof(SECURITY_ATTRIBUTES);
+    ConvertStringSecurityDescriptorToSecurityDescriptor(_T("D:PAI(A;;FA;;;BA)"), SDDL_REVISION_1, &sa.lpSecurityDescriptor, NULL);
+    sa.bInheritHandle = FALSE;
+
+    HANDLE hEvent = CreateEvent(&sa, TRUE, FALSE, _T("Global\\wufuc_UnloadEvent"));
+
+    if (!hEvent) {
+        return 0;
+    }
+
+    DWORD dwProcessId = GetCurrentProcessId();
+    DWORD dwThreadId = GetCurrentThreadId();
+    HANDLE lphThreads[0x1000];
+    SIZE_T cb;
+
+    SuspendProcessThreads(dwProcessId, dwThreadId, lphThreads, _countof(lphThreads), &cb);
+
+    HMODULE hm = GetModuleHandle(NULL);
+    DETOUR_IAT(hm, LoadLibraryExA);
+    DETOUR_IAT(hm, LoadLibraryExW);
+
+    TCHAR lpServiceDll[MAX_PATH + 1];
+    get_svcdll(_T("wuauserv"), lpServiceDll, _countof(lpServiceDll));
+
+    HMODULE hwu = GetModuleHandle(lpServiceDll);
+    if (hwu && PatchWUAgentHMODULE(hwu)) {
+        _tdbgprintf(_T("Patched previously loaded Windows Update module!"));
+    }
+    ResumeAndCloseThreads(lphThreads, cb);
+
+    WaitForSingleObject(hEvent, INFINITE);
+
+    _tdbgprintf(_T("Unload event was set."));
+
+    SuspendProcessThreads(dwProcessId, dwThreadId, lphThreads, _countof(lphThreads), &cb);
+    RESTORE_IAT(hm, LoadLibraryExA);
+    RESTORE_IAT(hm, LoadLibraryExW);
+    ResumeAndCloseThreads(lphThreads, cb);
+
+    CloseHandle(hEvent);
+    _tdbgprintf(_T("See ya!"));
+    FreeLibraryAndExitThread(HINST_THISCOMPONENT, 0);
+}
+
+BOOL PatchWUAgentHMODULE(HMODULE hModule) {
+    LPSTR pattern;
+    SIZE_T offset00, offset01;
+#ifdef _AMD64_
+        pattern = "FFF3 4883EC?? 33DB 391D???????? 7508 8B05????????";
+        offset00 = 10;
+        offset01 = 18;
+#elif defined(_X86_)
+    if (g_IsWindows7) {
+        pattern = "833D????????00 743E E8???????? A3????????";
+        offset00 = 2;
+        offset01 = 15;
+    } else if (g_IsWindows8Point1) {
+        pattern = "8BFF 51 833D????????00 7507 A1????????";
+        offset00 = 5;
+        offset01 = 13;
+    } else {
+        return FALSE;
+    }
+#endif
+
+    MODULEINFO modinfo;
+    GetModuleInformation(GetCurrentProcess(), hModule, &modinfo, sizeof(MODULEINFO));
+
+    SIZE_T rva = patternfind(modinfo.lpBaseOfDll, modinfo.SizeOfImage, 0, pattern);
+    if (rva == -1) {
+        _tdbgprintf(_T("No pattern match!"));
+        return FALSE;
+    }
+    uintptr_t baseAddress = (uintptr_t)modinfo.lpBaseOfDll;
+    uintptr_t fpIsDeviceServiceable = baseAddress + rva;
+    _tdbgprintf(_T("Found address of IsDeviceServiceable. (%p)"), fpIsDeviceServiceable);
+    BOOL result = FALSE;
+    LPBOOL lpbFirstRun, lpbIsCPUSupportedResult;
+#ifdef _AMD64_
+        lpbFirstRun = (LPBOOL)(fpIsDeviceServiceable + offset00 + sizeof(uint32_t) + *(uint32_t *)(fpIsDeviceServiceable + offset00));
+        lpbIsCPUSupportedResult = (LPBOOL)(fpIsDeviceServiceable + offset01 + sizeof(uint32_t) + *(uint32_t *)(fpIsDeviceServiceable + offset01));
+#elif defined(_X86_)
+        lpbFirstRun = (LPBOOL)(*(uintptr_t *)(fpIsDeviceServiceable + offset00));
+        lpbIsCPUSupportedResult = (LPBOOL)(*(uintptr_t *)(fpIsDeviceServiceable + offset01));
+#endif
+
+    if (*lpbFirstRun) {
+        *lpbFirstRun = FALSE;
+        _tdbgprintf(_T("Unset first run var. (%p=%08x)"), lpbFirstRun, *lpbFirstRun);
+        result = TRUE;
+    }
+    if (!*lpbIsCPUSupportedResult) {
+        *lpbIsCPUSupportedResult = TRUE;
+        _tdbgprintf(_T("Set cached result. (%p=%08x)"), lpbIsCPUSupportedResult, *lpbIsCPUSupportedResult);
+        result = TRUE;
+    }
+    return result;
+}
+
+HMODULE WINAPI _LoadLibraryExA(
+    _In_       LPCSTR  lpFileName,
+    _Reserved_ HANDLE  hFile,
+    _In_       DWORD   dwFlags
+) {
+    HMODULE result = LoadLibraryExA(lpFileName, hFile, dwFlags);
+    if (result) {
+        _dbgprintf("Loaded %s.", lpFileName);
+        CHAR path[MAX_PATH + 1];
+        if (!get_svcdllA("wuauserv", path, _countof(path))) {
+            return result;
+        }
+
+        if (!_stricmp(lpFileName, path) && PatchWUAgentHMODULE(result)) {
+            _dbgprintf("Patched Windows Update module!");
+        }
+    }
+    return result;
+}
+
+HMODULE WINAPI _LoadLibraryExW(
+    _In_       LPCWSTR lpFileName,
+    _Reserved_ HANDLE  hFile,
+    _In_       DWORD   dwFlags
+) {
+    HMODULE result = LoadLibraryExW(lpFileName, hFile, dwFlags);
+    if (result) {
+        _wdbgprintf(L"Loaded library: %s.", lpFileName);
+        WCHAR path[MAX_PATH + 1];
+        if (!get_svcdllW(L"wuauserv", path, _countof(path))) {
+            return result;
+        }
+
+        if (!_wcsicmp(lpFileName, path) && PatchWUAgentHMODULE(result)) {
+            _wdbgprintf(L"Patched Windows Update module!");
+        }
+    }
+    return result;
+};

wufuc/core.h

@@ -0,0 +1,16 @@
+#pragma once
+
+DWORD WINAPI NewThreadProc(LPVOID lpParam);
+BOOL PatchWUAgentHMODULE(HMODULE hModule);
+
+HMODULE WINAPI _LoadLibraryExA(
+    _In_       LPCSTR  lpFileName,
+    _Reserved_ HANDLE  hFile,
+    _In_       DWORD   dwFlags
+);
+
+HMODULE WINAPI _LoadLibraryExW(
+    _In_       LPCWSTR lpFileName,
+    _Reserved_ HANDLE  hFile,
+    _In_       DWORD   dwFlags
+);

wufuc/dllmain.c

@@ -0,0 +1,25 @@
+#include <Windows.h>
+#include "core.h"
+#include "util.h"
+#include "shared.h"
+
+BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved) {
+    switch (ul_reason_for_call) {
+    case DLL_PROCESS_ATTACH:
+    {
+        if (!IsOperatingSystemSupported(&g_IsWindows7, &g_IsWindows8Point1)) {
+            return FALSE;
+        }
+
+        DisableThreadLibraryCalls(hModule);
+        HANDLE hThread = CreateThread(NULL, 0, NewThreadProc, NULL, 0, NULL);
+        CloseHandle(hThread);
+        break;
+    }
+    case DLL_PROCESS_DETACH:
+        break;
+    default:
+        break;
+    }
+    return TRUE;
+}

wufuc/exports.def

@@ -0,0 +1,3 @@
+EXPORTS
+	Rundll32Entry
+	Rundll32Unload

wufuc/patternfind.c

@@ -0,0 +1,117 @@
+#include <Windows.h>
+#include "patternfind.h"
+
+/*  Ported to C from x64dbg's patternfind.cpp:
+      <https://github.com/x64dbg/x64dbg/blob/development/src/dbg/patternfind.cpp>
+
+    x64dbg license (GPL-3.0):
+      <https://github.com/x64dbg/x64dbg/blob/development/LICENSE> */
+
+int hexchtoint(CHAR c) {
+    int result = -1;
+    if (c >= '0' && c <= '9') {
+        result = c - '0';
+    } else if (c >= 'A' && c <= 'F') {
+        result = c - 'A' + 10;
+    } else if (c >= 'a' && c <= 'f') {
+        result = c - 'a' + 10;
+    }
+    return result;
+}
+
+SIZE_T formathexpattern(LPCSTR patterntext, LPSTR formattext, SIZE_T formattextsize) {
+    SIZE_T len = strlen(patterntext);
+    SIZE_T result = 0;
+    for (SIZE_T i = 0; i < len && (!formattext || result < formattextsize); i++) {
+        if (patterntext[i] == '?' || hexchtoint(patterntext[i]) != -1) {
+            if (formattext) {
+                formattext[result] = patterntext[i];
+            }
+            result++;
+        }
+    }
+    return result;
+}
+
+BOOL patterntransform(LPCSTR patterntext, LPPATTERNBYTE pattern, SIZE_T *patternsize) {
+    SIZE_T cb = formathexpattern(patterntext, NULL, 0);
+    if (!cb || cb > *patternsize) {
+        return FALSE;
+    }
+    LPSTR formattext = calloc(cb, sizeof(CHAR));
+    cb = formathexpattern(patterntext, formattext, cb);
+
+    if (cb % 2) {
+        formattext[cb++] = '?';
+    }
+    formattext[cb] = '\0';
+
+    for (SIZE_T i = 0, j = 0, k = 0; i < cb; i++, j ^= 1, k = (i - j) >> 1) {
+        if (formattext[i] == '?') {
+            pattern[k].nibble[j].wildcard = TRUE;
+        } else {
+            pattern[k].nibble[j].wildcard = FALSE;
+            pattern[k].nibble[j].data = hexchtoint(formattext[i]) & 0xf;
+        }
+    }
+    free(formattext);
+    *patternsize = cb >> 1;
+    return TRUE;
+}
+
+SIZE_T patternfind(LPCBYTE data, SIZE_T datasize, SIZE_T startindex, LPCSTR pattern) {
+    SIZE_T result = -1;
+    SIZE_T searchpatternsize = strlen(pattern);
+    LPPATTERNBYTE searchpattern = calloc(searchpatternsize, sizeof(PATTERNBYTE));
+    if (patterntransform(pattern, searchpattern, &searchpatternsize)) {
+        for (SIZE_T i = startindex, j = 0; i < datasize; i++) //search for the pattern
+        {
+            if ((searchpattern[j].nibble[0].wildcard || searchpattern[j].nibble[0].data == ((data[i] >> 4) & 0xf))
+                && (searchpattern[j].nibble[1].wildcard || searchpattern[j].nibble[1].data == (data[i] & 0xf))) { //check if our pattern matches the current byte
+
+                if (++j == searchpatternsize) { //everything matched
+                    result = i - searchpatternsize + 1;
+                    break;
+                }
+            } else if (j > 0) { //fix by Computer_Angel
+                i -= j;
+                j = 0; //reset current pattern position
+            }
+        }
+    }
+    return result;
+}
+
+VOID patternwritebyte(LPBYTE byte, LPPATTERNBYTE pbyte) {
+    BYTE n1 = (*byte >> 4) & 0xf;
+    BYTE n2 = *byte & 0xf;
+    if (!pbyte->nibble[0].wildcard) {
+        n1 = pbyte->nibble[0].data;
+    }
+    if (!pbyte->nibble[1].wildcard) {
+        n2 = pbyte->nibble[1].data;
+    }
+    *byte = ((n1 << 4) & 0xf0) | (n2 & 0xf);
+}
+
+VOID patternwrite(LPBYTE data, SIZE_T datasize, LPCSTR pattern) {
+    SIZE_T writepatternsize = strlen(pattern);
+    if (writepatternsize > datasize) {
+        writepatternsize = datasize;
+    }
+    LPPATTERNBYTE writepattern = calloc(writepatternsize, sizeof(PATTERNBYTE));
+    if (!patterntransform(pattern, writepattern, &writepatternsize)) {
+        return;
+    }
+    for (size_t i = 0; i < writepatternsize; i++) {
+        patternwritebyte(&data[i], &writepattern[i]);
+    }
+}
+
+SIZE_T patternsnr(LPBYTE data, SIZE_T datasize, SIZE_T startindex, LPCSTR searchpattern, LPCSTR replacepattern) {
+    SIZE_T result = patternfind(data, datasize, startindex, searchpattern);
+    if (result == -1)
+        return result;
+    patternwrite(data + result, datasize - result, replacepattern);
+    return result;
+}

wufuc/patternfind.h

@@ -0,0 +1,16 @@
+#pragma once
+
+typedef struct _PATTERNBYTE {
+    struct _PATTERNNIBBLE {
+        BYTE data;
+        BOOL wildcard;
+    } nibble[2];
+} PATTERNBYTE, *PPATTERNBYTE, *LPPATTERNBYTE;
+
+int hexchtoint(CHAR ch);
+SIZE_T formathexpattern(LPCSTR patterntext, LPSTR formattext, SIZE_T formattextsize);
+BOOL patterntransform(LPCSTR patterntext, LPPATTERNBYTE pattern, SIZE_T *patternsize);
+SIZE_T patternfind(LPCBYTE data, SIZE_T datasize, SIZE_T startindex, LPCSTR pattern);
+VOID patternwritebyte(LPBYTE byte, LPPATTERNBYTE pbyte);
+VOID patternwrite(LPBYTE data, SIZE_T datasize, LPCSTR pattern);
+SIZE_T patternsnr(LPBYTE data, SIZE_T datasize, SIZE_T startindex, LPCSTR searchpattern, LPCSTR replacepattern);

wufuc/rundll32.c

@@ -0,0 +1,70 @@
+#include <Windows.h>
+#include <TlHelp32.h>
+#include <tchar.h>
+#include "service.h"
+#include "util.h"
+#include "shared.h"
+
+void CALLBACK Rundll32Entry(HWND hwnd, HINSTANCE hinst, LPSTR lpszCmdLine, int nCmdShow) {
+    if (!g_IsWindows7 && !g_IsWindows8Point1) {
+        return;
+    }
+
+    HANDLE hEvent = OpenEvent(SYNCHRONIZE, FALSE, _T("Global\\wufuc_UnloadEvent"));
+    if (hEvent) {
+        CloseHandle(hEvent);
+        return;
+    }
+    SC_HANDLE hSCManager = OpenSCManager(NULL, SERVICES_ACTIVE_DATABASE, SC_MANAGER_CONNECT);
+    if (!hSCManager) {
+        return;
+    }
+    TCHAR lpGroupName[256];
+    DWORD dwProcessId;
+    BOOL result = get_svcpid(hSCManager, _T("wuauserv"), &dwProcessId);
+    if (!result && get_svcgname(hSCManager, _T("wuauserv"), lpGroupName, _countof(lpGroupName))) {
+        result = get_svcgpid(hSCManager, lpGroupName, &dwProcessId);
+    }
+    CloseServiceHandle(hSCManager);
+    if (!result) {
+        return;
+    }
+    TCHAR lpLibFileName[MAX_PATH + 1];
+    GetModuleFileName(HINST_THISCOMPONENT, lpLibFileName, _countof(lpLibFileName));
+
+    HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwProcessId);
+    if (!hProcess) {
+        return;
+    }
+    LPVOID lpBaseAddress = VirtualAllocEx(hProcess, NULL, _countof(lpLibFileName) + 1, MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
+    if (lpBaseAddress && WriteProcessMemory(hProcess, lpBaseAddress, lpLibFileName, _countof(lpLibFileName), NULL)) {
+
+        HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwProcessId);
+        if (hSnap) {
+            MODULEENTRY32 me;
+            me.dwSize = sizeof(me);
+
+            if (Module32First(hSnap, &me)) {
+                do {
+                    if (!_tcsicmp(me.szModule, _T("kernel32.dll"))) {
+                        break;
+                    }
+                } while (Module32Next(hSnap, &me));
+
+                HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)GetProcAddress(me.hModule, STRINGIZE(LoadLibrary)), lpBaseAddress, 0, NULL);
+                CloseHandle(hThread);
+            }
+            CloseHandle(hSnap);
+        }
+    }
+    CloseHandle(hProcess);
+}
+
+void CALLBACK Rundll32Unload(HWND hwnd, HINSTANCE hinst, LPSTR lpszCmdLine, int nCmdShow) {
+    HANDLE hEvent = OpenEvent(EVENT_MODIFY_STATE, FALSE, _T("Global\\wufuc_UnloadEvent"));
+    if (hEvent) {
+        _tdbgprintf(_T("Setting unload event..."));
+        SetEvent(hEvent);
+        CloseHandle(hEvent);
+    }
+}

wufuc/service.c

@@ -0,0 +1,120 @@
+#include <windows.h>
+#include <stdio.h>
+#include <tchar.h>
+#include "util.h"
+#include "shellapihelper.h"
+#include "service.h"
+
+BOOL get_svcdllA(LPCSTR lpServiceName, LPSTR lpServiceDll, DWORD dwSize) {
+    CHAR lpSubKey[MAX_PATH + 1];
+    sprintf_s(lpSubKey, _countof(lpSubKey), "SYSTEM\\CurrentControlSet\\services\\%s\\Parameters", lpServiceName);
+
+    DWORD uBytes = _MAX_PATH + 1;
+    LPBYTE pvData = malloc(uBytes);
+
+    RegGetValueA(HKEY_LOCAL_MACHINE, lpSubKey, "ServiceDll", RRF_RT_REG_EXPAND_SZ | RRF_NOEXPAND, NULL, pvData, &uBytes);
+
+    ExpandEnvironmentStringsA((LPSTR)pvData, lpServiceDll, dwSize);
+    return TRUE;
+}
+
+BOOL get_svcdllW(LPCWSTR lpServiceName, LPWSTR lpServiceDll, DWORD dwSize) {
+    WCHAR lpSubKey[MAX_PATH + 1];
+    swprintf_s(lpSubKey, _countof(lpSubKey), L"SYSTEM\\CurrentControlSet\\services\\%s\\Parameters", lpServiceName);
+
+    DWORD uBytes = _MAX_PATH + 1;
+    LPBYTE pvData = malloc(uBytes);
+    RegGetValueW(HKEY_LOCAL_MACHINE, lpSubKey, L"ServiceDll", RRF_RT_REG_EXPAND_SZ | RRF_NOEXPAND, NULL, pvData, &uBytes);
+
+    ExpandEnvironmentStringsW((LPWSTR)pvData, lpServiceDll, dwSize);
+    return TRUE;
+}
+
+BOOL get_svcpid(SC_HANDLE hSCManager, LPCTSTR lpServiceName, DWORD *lpdwProcessId) {
+    SC_HANDLE hService = OpenService(hSCManager, lpServiceName, SERVICE_QUERY_STATUS);
+    if (!hService) {
+        return FALSE;
+    }
+
+    SERVICE_STATUS_PROCESS lpBuffer;
+    DWORD cbBytesNeeded;
+    BOOL result = FALSE;
+    if (QueryServiceStatusEx(hService, SC_STATUS_PROCESS_INFO, (LPBYTE)&lpBuffer, sizeof(lpBuffer), &cbBytesNeeded)
+        && lpBuffer.dwProcessId) {
+
+        *lpdwProcessId = lpBuffer.dwProcessId;
+        _tdbgprintf(_T("Got pid for service %s: %d."), lpServiceName, *lpdwProcessId);
+        result = TRUE;
+    }
+    CloseServiceHandle(hService);
+    return result;
+}
+
+BOOL get_svcgname(SC_HANDLE hSCManager, LPCTSTR lpServiceName, LPTSTR lpGroupName, SIZE_T dwSize) {
+    TCHAR lpBinaryPathName[0x8000];
+    if (!get_svcpath(hSCManager, lpServiceName, lpBinaryPathName, _countof(lpBinaryPathName))) {
+        return FALSE;
+    }
+    int numArgs;
+    LPWSTR *argv = CommandLineToArgv(lpBinaryPathName, &numArgs);
+    if (numArgs < 3) {
+        return FALSE;
+    }
+
+    TCHAR fname[_MAX_FNAME];
+    _tsplitpath_s(argv[0], NULL, 0, NULL, 0, fname, _countof(fname), NULL, 0);
+
+    BOOL result = FALSE;
+    if (!_tcsicmp(fname, _T("svchost"))) {
+        LPWSTR *p = argv;
+        for (int i = 1; i < numArgs; i++) {
+            if (!_tcsicmp(*(p++), _T("-k")) && !_tcscpy_s(lpGroupName, dwSize, *p)) {
+                result = TRUE;
+                _tdbgprintf(_T("Got group name of service %s: %s."), lpServiceName, lpGroupName);
+                break;
+            }
+        }
+    }
+    return result;
+}
+
+BOOL get_svcpath(SC_HANDLE hSCManager, LPCTSTR lpServiceName, LPTSTR lpBinaryPathName, SIZE_T dwSize) {
+    HANDLE hService = OpenService(hSCManager, lpServiceName, SERVICE_QUERY_CONFIG);
+    if (!hService) {
+        return FALSE;
+    }
+    DWORD cbBytesNeeded;
+    BOOL result = FALSE;
+    if (!QueryServiceConfig(hService, NULL, 0, &cbBytesNeeded) && GetLastError() == ERROR_INSUFFICIENT_BUFFER) {
+        LPQUERY_SERVICE_CONFIG sc = malloc(cbBytesNeeded);
+        if (QueryServiceConfig(hService, sc, cbBytesNeeded, &cbBytesNeeded) && !_tcscpy_s(lpBinaryPathName, dwSize, sc->lpBinaryPathName)) {
+            result = TRUE;
+        }
+        free(sc);
+    }
+    CloseServiceHandle(hService);
+    return result;
+}
+
+BOOL get_svcgpid(SC_HANDLE hSCManager, LPTSTR lpServiceGroupName, DWORD *lpdwProcessId) {
+    DWORD uBytes = 0x100000;
+    LPBYTE pvData = malloc(uBytes);
+    RegGetValue(HKEY_LOCAL_MACHINE, _T("SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Svchost"),
+        lpServiceGroupName, RRF_RT_REG_MULTI_SZ, NULL, pvData, &uBytes);
+
+    BOOL result = FALSE;
+    for (LPTSTR p = (LPTSTR)pvData; *p; p += _tcslen(p) + 1) {
+        DWORD dwProcessId;
+        TCHAR group[256];
+        if (get_svcpid(hSCManager, p, &dwProcessId)
+            && (get_svcgname(hSCManager, p, group, _countof(group)) && !_tcsicmp(group, lpServiceGroupName))) {
+
+            *lpdwProcessId = dwProcessId;
+            result = TRUE;
+            _tdbgprintf(_T("Got pid for service group %s: %d."), lpServiceGroupName, *lpdwProcessId);
+            break;
+        }
+    }
+    free(pvData);
+    return result;
+}

wufuc/service.h

@@ -0,0 +1,15 @@
+#pragma once
+
+
+BOOL get_svcdllA(LPCSTR lpServiceName, LPSTR lpServiceDll, DWORD dwSize);
+BOOL get_svcdllW(LPCWSTR lpServiceName, LPWSTR lpServiceDll, DWORD dwSize);
+BOOL get_svcpid(SC_HANDLE hSCManager, LPCTSTR lpServiceName, DWORD *lpdwProcessId);
+BOOL get_svcgname(SC_HANDLE hSCManager, LPCTSTR lpServiceName, LPTSTR lpGroupName, SIZE_T dwSize);
+BOOL get_svcpath(SC_HANDLE hSCManager, LPCTSTR lpServiceName, LPTSTR lpBinaryPathName, SIZE_T dwSize);
+BOOL get_svcgpid(SC_HANDLE hSCManager, LPTSTR lpServiceGroupName, DWORD *lpdwProcessId);
+
+#ifdef UNICODE
+#define get_svcdll get_svcdllW
+#else
+#define get_svcdll get_svcdllA
+#endif

wufuc/shared.c

@@ -0,0 +1,4 @@
+#include <Windows.h>
+
+BOOL g_IsWindows7 = FALSE;
+BOOL g_IsWindows8Point1 = FALSE;

wufuc/shared.h

@@ -0,0 +1,4 @@
+#pragma once
+
+extern BOOL g_IsWindows7;
+extern BOOL g_IsWindows8Point1;

wufuc/shellapihelper.h

@@ -0,0 +1,7 @@
+#pragma once
+
+#ifdef UNICODE
+#define CommandLineToArgv  CommandLineToArgvW
+#else
+#define CommandLineToArgv  CommandLineToArgvA
+#endif // !UNICODE

wufuc/util.c

@@ -0,0 +1,115 @@
+#include <Windows.h>
+#include <stdio.h>
+#include <tchar.h>
+#include <TlHelp32.h>
+#include "util.h"
+#include "shared.h"
+
+LPVOID *FindIAT(HMODULE hModule, LPSTR lpFunctionName) {
+    uintptr_t hm = (uintptr_t)hModule;
+
+    for (PIMAGE_IMPORT_DESCRIPTOR iid = (PIMAGE_IMPORT_DESCRIPTOR)(hm + ((PIMAGE_NT_HEADERS)(hm + ((PIMAGE_DOS_HEADER)hm)->e_lfanew))
+        ->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress); iid->Name; iid++) {
+
+        LPVOID *p;
+        for (SIZE_T i = 0; *(p = i + (LPVOID *)(hm + iid->FirstThunk)); i++) {
+            LPSTR fn = (LPSTR)(hm + *(i + (SIZE_T *)(hm + iid->OriginalFirstThunk)) + 2);
+            if (!((uintptr_t)fn & IMAGE_ORDINAL_FLAG) && !_stricmp(lpFunctionName, fn)) {
+                return p;
+            }
+        }
+    }
+    return NULL;
+}
+
+VOID DetourIAT(HMODULE hModule, LPSTR lpFuncName, LPVOID *lpOldAddress, LPVOID lpNewAddress) {
+    LPVOID *lpAddress = FindIAT(hModule, lpFuncName);
+    if (!lpAddress || *lpAddress == lpNewAddress) {
+        return;
+    }
+
+    DWORD flOldProtect;
+    DWORD flNewProtect = PAGE_READWRITE;
+    VirtualProtect(lpAddress, sizeof(LPVOID), flNewProtect, &flOldProtect);
+    if (lpOldAddress) {
+        *lpOldAddress = *lpAddress;
+    }
+    _dbgprintf("Detoured %s from %p to %p.", lpFuncName, *lpAddress, lpNewAddress);
+    *lpAddress = lpNewAddress;
+    VirtualProtect(lpAddress, sizeof(LPVOID), flOldProtect, &flNewProtect);
+}
+
+VOID SuspendProcessThreads(DWORD dwProcessId, DWORD dwThreadId, HANDLE *lphThreads, SIZE_T dwSize, SIZE_T *lpcb) {
+    HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
+    THREADENTRY32 te;
+    te.dwSize = sizeof(te);
+    Thread32First(hSnap, &te);
+
+    SIZE_T count = 0;
+
+    do {
+        if (te.th32OwnerProcessID != dwProcessId || te.th32ThreadID == dwThreadId) {
+            continue;
+        }
+        lphThreads[count] = OpenThread(THREAD_SUSPEND_RESUME, FALSE, te.th32ThreadID);
+        SuspendThread(lphThreads[count]);
+        count++;
+    } while (count < dwSize && Thread32Next(hSnap, &te));
+    CloseHandle(hSnap);
+
+    *lpcb = count;
+    _tdbgprintf(_T("Suspended %d other threads."), count);
+}
+
+VOID ResumeAndCloseThreads(HANDLE *lphThreads, SIZE_T cb) {
+    for (SIZE_T i = 0; i < cb; i++) {
+        ResumeThread(lphThreads[i]);
+        CloseHandle(lphThreads[i]);
+    }
+    _tdbgprintf(_T("Resumed %d other threads."), cb);
+}
+
+BOOL CompareWindowsVersion(BYTE Operator, DWORD dwMajorVersion, DWORD dwMinorVersion, WORD wServicePackMajor, WORD wServicePackMinor, DWORD dwTypeMask) {
+    OSVERSIONINFOEX osvi;
+    ZeroMemory(&osvi, sizeof(OSVERSIONINFOEX));
+    osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFOEX);
+    osvi.dwMajorVersion = dwMajorVersion;
+    osvi.dwMinorVersion = dwMinorVersion;
+    osvi.wServicePackMajor = wServicePackMajor;
+    osvi.wServicePackMinor = wServicePackMinor;
+
+    DWORDLONG dwlConditionMask = 0;
+    VER_SET_CONDITION(dwlConditionMask, VER_MAJORVERSION, Operator);
+    VER_SET_CONDITION(dwlConditionMask, VER_MINORVERSION, Operator);
+    VER_SET_CONDITION(dwlConditionMask, VER_SERVICEPACKMAJOR, Operator);
+    VER_SET_CONDITION(dwlConditionMask, VER_SERVICEPACKMINOR, Operator);
+
+    return VerifyVersionInfo(&osvi, dwTypeMask, dwlConditionMask);
+}
+
+BOOL IsOperatingSystemSupported(LPBOOL lpbIsWindows7, LPBOOL lpbIsWindows8Point1) {
+#if !defined(_AMD64_) && !defined(_X86_)
+    return FALSE;
+#else
+    return (*lpbIsWindows7 = CompareWindowsVersion(VER_EQUAL, 6, 1, 0, 0, VER_MAJORVERSION | VER_MINORVERSION))
+        || (*lpbIsWindows8Point1 = CompareWindowsVersion(VER_EQUAL, 6, 3, 0, 0, VER_MAJORVERSION | VER_MINORVERSION));
+#endif
+}
+
+VOID wdbgprintf(LPCWSTR format, ...) {
+    WCHAR buffer[0x1000];
+    va_list argptr;
+    va_start(argptr, format);
+    vswprintf_s(buffer, _countof(buffer), format, argptr);
+    va_end(argptr);
+    OutputDebugStringW(buffer);
+}
+
+VOID dbgprintf(LPCSTR format, ...) {
+    CHAR buffer[0x1000];
+    va_list argptr;
+    va_start(argptr, format);
+    vsprintf_s(buffer, _countof(buffer), format, argptr);
+    va_end(argptr);
+    OutputDebugStringA(buffer);
+}

wufuc/util.h

@@ -0,0 +1,37 @@
+#pragma once
+
+EXTERN_C IMAGE_DOS_HEADER __ImageBase;
+#define HINST_THISCOMPONENT ((HINSTANCE)&__ImageBase)
+
+LPVOID *FindIAT(HMODULE hModule, LPSTR lpFuncName);
+VOID DetourIAT(HMODULE hModule, LPSTR lpFuncName, LPVOID *lpOldAddress, LPVOID lpNewAddress);
+
+VOID SuspendProcessThreads(DWORD dwProcessId, DWORD dwThreadId, HANDLE *lphThreads, SIZE_T dwSize, SIZE_T *lpcb);
+VOID ResumeAndCloseThreads(HANDLE *lphThreads, SIZE_T dwSize);
+
+BOOL CompareWindowsVersion(BYTE Operator, DWORD dwMajorVersion, DWORD dwMinorVersion, WORD wServicePackMajor, WORD wServicePackMinor, DWORD dwTypeMask);
+BOOL IsOperatingSystemSupported(LPBOOL lpbIsWindows7, LPBOOL lpbIsWindows8Point1);
+
+VOID wdbgprintf(LPCWSTR format, ...);
+VOID dbgprintf(LPCSTR format, ...);
+
+#define DETOUR_IAT(x, y) \
+    LPVOID _LPORIGINAL##y; \
+    DetourIAT(x, #y, &_LPORIGINAL##y, &_##y)
+#define RESTORE_IAT(x, y) \
+    DetourIAT(x, #y, NULL, _LPORIGINAL##y)
+
+#define STRINGIZEW_(x) L#x
+#define STRINGIZEW(x) STRINGIZEW_(x)
+#define __LINEWSTR__ STRINGIZEW(__LINE__)
+#define _wdbgprintf(format, ...) wdbgprintf(__FILEW__ L"(" __LINEWSTR__ L"): " format, ##__VA_ARGS__)
+
+#define STRINGIZE_(x) #x
+#define STRINGIZE(x) STRINGIZE_(x)
+#define __LINESTR__ STRINGIZE(__LINE__)
+#define _dbgprintf(format, ...) dbgprintf(__FILE__ "(" __LINESTR__ "): " format, ##__VA_ARGS__)
+#ifdef UNICODE
+#define _tdbgprintf  _wdbgprintf
+#else
+#define _tdbgprintf  _dbgprintf
+#endif // !UNICODE

wufuc/wufuc.vcxproj

@@ -0,0 +1,201 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+    <ItemGroup Label="ProjectConfigurations">
+        <ProjectConfiguration Include="Debug|Win32">
+            <Configuration>Debug</Configuration>
+            <Platform>Win32</Platform>
+        </ProjectConfiguration>
+        <ProjectConfiguration Include="Release|Win32">
+            <Configuration>Release</Configuration>
+            <Platform>Win32</Platform>
+        </ProjectConfiguration>
+        <ProjectConfiguration Include="Debug|x64">
+            <Configuration>Debug</Configuration>
+            <Platform>x64</Platform>
+        </ProjectConfiguration>
+        <ProjectConfiguration Include="Release|x64">
+            <Configuration>Release</Configuration>
+            <Platform>x64</Platform>
+        </ProjectConfiguration>
+    </ItemGroup>
+    <PropertyGroup Label="Globals">
+        <VCProjectVersion>15.0</VCProjectVersion>
+        <ProjectGuid>{00F96695-CE41-4C2F-A344-6219DFB4F887}</ProjectGuid>
+        <Keyword>Win32Proj</Keyword>
+        <RootNamespace>wufuc</RootNamespace>
+        <WindowsTargetPlatformVersion>10.0.15063.0</WindowsTargetPlatformVersion>
+    </PropertyGroup>
+    <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+    <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+        <ConfigurationType>DynamicLibrary</ConfigurationType>
+        <UseDebugLibraries>true</UseDebugLibraries>
+        <PlatformToolset>v141</PlatformToolset>
+        <CharacterSet>Unicode</CharacterSet>
+    </PropertyGroup>
+    <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+        <ConfigurationType>DynamicLibrary</ConfigurationType>
+        <UseDebugLibraries>false</UseDebugLibraries>
+        <PlatformToolset>v141</PlatformToolset>
+        <WholeProgramOptimization>true</WholeProgramOptimization>
+        <CharacterSet>Unicode</CharacterSet>
+    </PropertyGroup>
+    <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+        <ConfigurationType>DynamicLibrary</ConfigurationType>
+        <UseDebugLibraries>true</UseDebugLibraries>
+        <PlatformToolset>v141</PlatformToolset>
+        <CharacterSet>Unicode</CharacterSet>
+    </PropertyGroup>
+    <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+        <ConfigurationType>DynamicLibrary</ConfigurationType>
+        <UseDebugLibraries>false</UseDebugLibraries>
+        <PlatformToolset>v141</PlatformToolset>
+        <WholeProgramOptimization>true</WholeProgramOptimization>
+        <CharacterSet>Unicode</CharacterSet>
+    </PropertyGroup>
+    <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+    <ImportGroup Label="ExtensionSettings">
+    </ImportGroup>
+    <ImportGroup Label="Shared">
+    </ImportGroup>
+    <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+        <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+    </ImportGroup>
+    <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+        <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+    </ImportGroup>
+    <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+        <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+    </ImportGroup>
+    <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+        <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+    </ImportGroup>
+    <PropertyGroup Label="UserMacros" />
+    <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+        <LinkIncremental>true</LinkIncremental>
+        <OutDir>$(ProjectDir)bin\$(Configuration)\$(PlatformShortName)\</OutDir>
+        <IntDir>$(ProjectDir)$(BaseIntermediateOutputPath)$(Configuration)\$(PlatformShortName)\</IntDir>
+        <TargetName>$(ProjectName)$(PlatformArchitecture)</TargetName>
+        <GenerateManifest>false</GenerateManifest>
+    </PropertyGroup>
+    <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+        <LinkIncremental>true</LinkIncremental>
+        <OutDir>$(ProjectDir)bin\$(Configuration)\$(PlatformShortName)\</OutDir>
+        <IntDir>$(ProjectDir)$(BaseIntermediateOutputPath)$(Configuration)\$(PlatformShortName)\</IntDir>
+        <TargetName>$(ProjectName)$(PlatformArchitecture)</TargetName>
+        <GenerateManifest>false</GenerateManifest>
+    </PropertyGroup>
+    <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+        <LinkIncremental>false</LinkIncremental>
+        <OutDir>$(ProjectDir)bin\$(Configuration)\$(PlatformShortName)\</OutDir>
+        <IntDir>$(ProjectDir)$(BaseIntermediateOutputPath)$(Configuration)\$(PlatformShortName)\</IntDir>
+        <TargetName>$(ProjectName)$(PlatformArchitecture)</TargetName>
+        <GenerateManifest>false</GenerateManifest>
+    </PropertyGroup>
+    <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+        <LinkIncremental>false</LinkIncremental>
+        <OutDir>$(ProjectDir)bin\$(Configuration)\$(PlatformShortName)\</OutDir>
+        <IntDir>$(ProjectDir)$(BaseIntermediateOutputPath)$(Configuration)\$(PlatformShortName)\</IntDir>
+        <TargetName>$(ProjectName)$(PlatformArchitecture)</TargetName>
+        <GenerateManifest>false</GenerateManifest>
+    </PropertyGroup>
+    <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+        <ClCompile>
+            <WarningLevel>Level3</WarningLevel>
+            <Optimization>Disabled</Optimization>
+            <PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;_USRDLL;WUFUC_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+            <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
+        </ClCompile>
+        <Link>
+            <SubSystem>Windows</SubSystem>
+            <ModuleDefinitionFile>exports.def</ModuleDefinitionFile>
+            <AdditionalDependencies>Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+        </Link>
+    </ItemDefinitionGroup>
+    <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+        <ClCompile>
+            <WarningLevel>Level3</WarningLevel>
+            <Optimization>Disabled</Optimization>
+            <PreprocessorDefinitions>_DEBUG;_WINDOWS;_USRDLL;WUFUC_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+            <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
+        </ClCompile>
+        <Link>
+            <SubSystem>Windows</SubSystem>
+            <ModuleDefinitionFile>exports.def</ModuleDefinitionFile>
+            <AdditionalDependencies>Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+        </Link>
+    </ItemDefinitionGroup>
+    <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+        <ClCompile>
+            <WarningLevel>Level3</WarningLevel>
+            <Optimization>MaxSpeed</Optimization>
+            <FunctionLevelLinking>true</FunctionLevelLinking>
+            <IntrinsicFunctions>true</IntrinsicFunctions>
+            <PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;WUFUC_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+            <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+        </ClCompile>
+        <ResourceCompile Condition="'$(APPVEYOR)'=='True'">
+            <PreprocessorDefinitions>BUILD_VERSION=$(BUILD_VERSION);BUILD_VERSION_COMMA_SEP=$(BUILD_VERSION_COMMA_SEP);$(PreprocessorDefinitions)</PreprocessorDefinitions>
+        </ResourceCompile>
+        <Link>
+            <SubSystem>Windows</SubSystem>
+            <EnableCOMDATFolding>true</EnableCOMDATFolding>
+            <OptimizeReferences>true</OptimizeReferences>
+            <ModuleDefinitionFile>exports.def</ModuleDefinitionFile>
+            <GenerateDebugInformation>false</GenerateDebugInformation>
+            <AdditionalDependencies>Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+        </Link>
+        <PostBuildEvent>
+            <Command>copy /Y "$(TargetPath)" "$(SolutionDir)install\$(TargetFileName)"</Command>
+        </PostBuildEvent>
+    </ItemDefinitionGroup>
+    <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+        <ClCompile>
+            <WarningLevel>Level3</WarningLevel>
+            <Optimization>MaxSpeed</Optimization>
+            <FunctionLevelLinking>true</FunctionLevelLinking>
+            <IntrinsicFunctions>true</IntrinsicFunctions>
+            <PreprocessorDefinitions>NDEBUG;_WINDOWS;_USRDLL;WUFUC_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+            <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+        </ClCompile>
+        <ResourceCompile Condition="'$(APPVEYOR)'=='True'">
+            <PreprocessorDefinitions>BUILD_VERSION=$(BUILD_VERSION);BUILD_VERSION_COMMA_SEP=$(BUILD_VERSION_COMMA_SEP);$(PreprocessorDefinitions)</PreprocessorDefinitions>
+        </ResourceCompile>
+        <Link>
+            <SubSystem>Windows</SubSystem>
+            <EnableCOMDATFolding>true</EnableCOMDATFolding>
+            <OptimizeReferences>true</OptimizeReferences>
+            <ModuleDefinitionFile>exports.def</ModuleDefinitionFile>
+            <GenerateDebugInformation>false</GenerateDebugInformation>
+            <AdditionalDependencies>Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
+        </Link>
+        <PostBuildEvent>
+            <Command>copy /Y "$(TargetPath)" "$(SolutionDir)install\$(TargetFileName)"</Command>
+        </PostBuildEvent>
+    </ItemDefinitionGroup>
+    <ItemGroup>
+        <ClCompile Include="core.c" />
+        <ClCompile Include="dllmain.c" />
+        <ClCompile Include="patternfind.c" />
+        <ClCompile Include="rundll32.c" />
+        <ClCompile Include="service.c" />
+        <ClCompile Include="shared.c" />
+        <ClCompile Include="util.c" />
+    </ItemGroup>
+    <ItemGroup>
+        <None Include="exports.def" />
+    </ItemGroup>
+    <ItemGroup>
+        <ClInclude Include="core.h" />
+        <ClInclude Include="shared.h" />
+        <ClInclude Include="patternfind.h" />
+        <ClInclude Include="service.h" />
+        <ClInclude Include="shellapihelper.h" />
+        <ClInclude Include="util.h" />
+    </ItemGroup>
+    <ItemGroup>
+        <ResourceCompile Include="version.rc" />
+    </ItemGroup>
+    <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+    <ImportGroup Label="ExtensionTargets">
+    </ImportGroup>
+</Project>