1.0

.github/ISSUE_TEMPLATE.md

@@ -0,0 +1,37 @@
+Before you create an issue, make sure it has not already been reported.
+
+Then, make sure the following things are included in your issue:
+
+- wufuc version (can be viewed in Add & Remove Programs).
+- Operating system version and Service Pack (including 32- or 64-bit).
+- Short description of the issue.
+- Elaborate steps to reproduce the bug/issue being reported.
+- Attach wufuc's log file (located at `C:\ProgramData\wufuc\wufuc.log`).
+- Any supporting information that could help solve/understand the issue.
+
+Any issues that do not include these, or go more than a week without a
+response from the original poster will be subject to closure at my discretion.
+
+If you have questions, be sure to check the FAQ: https://git.io/vASQg
+
+It is common for issues to go unanswered for several days or even weeks,
+so please do not take offense at this. 
+
+I read every issue and usually only reply if there is clarification needed,
+or if there is a new release pending that will solve the issue.
+
+Thank you for your interest in contributing to this project!
+
+<!--
+Translations of this document contributed by volunteers:
+
+- Deutsch: https://git.io/vASNs
+- Español: https://git.io/vASNG
+- Français: https://git.io/vASNZ
+- Italiano: https://git.io/vASN8
+- Magyar: https://git.io/vASN4
+- Português Brasileiro: https://git.io/vASNR
+- русский: https://git.io/vASN0
+- 简体中文: https://git.io/vASNg
+- 繁體中文: https://git.io/vASNa
+-->

.gitignore

@@ -1,5 +1,7 @@
 ## Ignore Visual Studio temporary files, build results, and
 ## files generated by popular Visual Studio add-ons.
+##
+## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore
 
 # User-specific files
 *.suo
@@ -22,11 +24,14 @@ bld/
 [Oo]bj/
 [Ll]og/
 
-# Visual Studio 2015 cache/options directory
+# Visual Studio 2015/2017 cache/options directory
 .vs/
 # Uncomment if you have tasks that create the project's static files in wwwroot
 #wwwroot/
 
+# Visual Studio 2017 auto generated files
+Generated\ Files/
+
 # MSTest test Results
 [Tt]est[Rr]esult*/
 [Bb]uild[Ll]og.*
@@ -40,10 +45,19 @@ TestResult.xml
 [Rr]eleasePS/
 dlldata.c
 
-# DNX
+# Benchmark Results
-project.lock.json
+BenchmarkDotNet.Artifacts/
-artifacts/
 
+# .NET Core
+project.lock.json
+project.fragment.lock.json
+artifacts/
+**/Properties/launchSettings.json
+
+# StyleCop
+StyleCopReport.xml
+
+# Files built by Visual Studio
 *_i.c
 *_p.c
 *_i.h
@@ -89,6 +103,9 @@ ipch/
 *.vspx
 *.sap
 
+# Visual Studio Trace Files
+*.e2e
+
 # TFS 2012 Local Workspace
 $tf/
 
@@ -109,6 +126,14 @@ _TeamCity*
 # DotCover is a Code Coverage Tool
 *.dotCover
 
+# AxoCover is a Code Coverage Tool
+.axoCover/*
+!.axoCover/settings.json
+
+# Visual Studio code coverage results
+*.coverage
+*.coveragexml
+
 # NCrunch
 _NCrunch_*
 .*crunch*.local.xml
@@ -140,7 +165,7 @@ publish/
 # Publish Web Output
 *.[Pp]ublish.xml
 *.azurePubxml
-# TODO: Comment the next line if you want to checkin your web deploy settings
+# Note: Comment the next line if you want to checkin your web deploy settings,
 # but database connection strings (with potential passwords) will be unencrypted
 *.pubxml
 *.publishproj
@@ -153,12 +178,12 @@ PublishScripts/
 # NuGet Packages
 *.nupkg
 # The packages folder can be ignored because of Package Restore
-**/packages/*
+**/[Pp]ackages/*
 # except build/, which is used as an MSBuild target.
-!**/packages/build/
+!**/[Pp]ackages/build/
 # Uncomment if necessary however generally it will be regenerated when needed
-#!**/packages/repositories.config
+#!**/[Pp]ackages/repositories.config
-# NuGet v3's project.json files produces more ignoreable files
+# NuGet v3's project.json files produces more ignorable files
 *.nuget.props
 *.nuget.targets
 
@@ -175,6 +200,7 @@ AppPackages/
 BundleArtifacts/
 Package.StoreAssociation.xml
 _pkginfo.txt
+*.appx
 
 # Visual Studio cache files
 # files ending in .cache can be ignored
@@ -188,11 +214,15 @@ ClientBin/
 *~
 *.dbmdl
 *.dbproj.schemaview
+*.jfm
 *.pfx
 *.publishsettings
-node_modules/
 orleans.codegen.cs
 
+# Including strong name files can present a security risk 
+# (https://github.com/github/gitignore/pull/2483#issue-259490424)
+#*.snk
+
 # Since there are multiple workflows, uncomment next line to ignore bower_components
 # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
 #bower_components/
@@ -211,6 +241,7 @@ UpgradeLog*.htm
 # SQL Server files
 *.mdf
 *.ldf
+*.ndf
 
 # Business Intelligence projects
 *.rdl.data
@@ -225,6 +256,10 @@ FakesAssemblies/
 
 # Node.js Tools for Visual Studio
 .ntvs_analysis.dat
+node_modules/
+
+# TypeScript v1 declaration files
+typings/
 
 # Visual Studio 6 build log
 *.plg
@@ -232,6 +267,9 @@ FakesAssemblies/
 # Visual Studio 6 workspace options file
 *.opt
 
+# Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
+*.vbw
+
 # Visual Studio LightSwitch build output
 **/*.HTMLClient/GeneratedArtifacts
 **/*.DesktopClient/GeneratedArtifacts
@@ -251,11 +289,34 @@ paket-files/
 .idea/
 *.sln.iml
 
-# Advanced Installer
+# CodeRush
-**/*-cache/
+.cr/
-**/*-SetupFiles/
-**/*.back.aip
 
-# Other
+# Python Tools for Visual Studio (PTVS)
-wufuc_setup_bat/*.dll
+__pycache__/
-wufuc_setup_bat/*.zip
+*.pyc
+
+# Cake - Uncomment if you are using it
+# tools/**
+# !tools/packages.config
+
+# Tabs Studio
+*.tss
+
+# Telerik's JustMock configuration file
+*.jmconfig
+
+# BizTalk build output
+*.btp.cs
+*.btm.cs
+*.odx.cs
+*.xsd.cs
+
+# OpenCover UI analysis results
+OpenCover/
+
+# Azure Stream Analytics local run output 
+ASALocalRun/
+
+# MSBuild Binary and Structured Log
+*.binlog

CONTRIBUTING.md

@@ -1,22 +0,0 @@
-# Contributing guidelines
-
-**English** | [русский](../../wiki/CONTRIBUTING-(русский)) | [Français](../../wiki/CONTRIBUTING-(Français)) | [Deutsch](../../wiki/CONTRIBUTING-(Deutsch)) | [Magyar](../../wiki/CONTRIBUTING-(Magyar)) | [Português Brasileiro](../../wiki/CONTRIBUTING-(Português-Brasileiro)) | [Italiano](../../wiki/CONTRIBUTING-(Italiano))
-
-## Reporting an issue [![](https://isitmaintained.com/badge/resolution/zeffy/wufuc.svg)](https://isitmaintained.com/project/zeffy/wufuc)
-
-#### Before you create an issue, please make sure of the following:
-
-- Are you using at least the [latest stable version](../../releases/latest)?
-- Have you tried restarting your computer?
-
-#### After you've confirmed those things, please create an issue and include the following information:
-
-- Navigate to where you installed wufuc, and attach all the `*.log` files to your issue.
-- What build are you using? Stable release or unstable AppVeyor builds?
-- What is the file version and/or SHA-1 hash of `C:\Windows\System32\wuaueng.dll`?
-- Any other information you feel is relevant to your issue.
-
-## Closure policy
-
-- Issues that don't have the information requested above (when applicable) will be closed immediately and the poster directed to the contributing guidelines.
-- Issues that go a week without a response from original poster are subject to closure at my discretion.

DONATE.md

@@ -0,0 +1,14 @@
+# Help support the development of wufuc
+
+Thanks for showing an interest in donating!
+
+While any support is very highly appreciated, please keep in mind that donations should be considered gifts for my past efforts towards this project, and not made with the assumption of continued support. All donations go to the project maintainer, [**@zeffy**](https://github.com/zeffy).
+
+## Donate Bitcoin
+
+- [**Donate Bitcoin on Mycelium Gear**](https://admin.gear.mycelium.com/gateways/3554/orders/new)
+
+## Other donation options
+
+Currently I'm only accepting Bitcoin, but I'm open to adding other ways of donating. 
+If you know of a good donation platform, feel free to [create an issue](https://github.com/zeffy/wufuc/issues/new) and I will look into it.

DONATIONS.md

@@ -1,6 +0,0 @@
-# Donations
-
-Thanks for showing an interest in donating to the development of wufuc!
-While any support is very highly appreciated please keep in mind that donating will not guarantee you better support or other perks, just a warm fuzzy feeling knowing you really helped me out. :)
-
-### Sorry, I'm currently in the process of moving to a new donation platform, please check back again in a few days!

FAQ.md

@@ -0,0 +1,40 @@
+# Frequently Asked Questions
+
+## How to deploy wufuc using Group Policy
+
+[There is a tutorial on the Advanced Installer website that explains how to do this](http://www.advancedinstaller.com/user-guide/tutorial-gpo.html).
+
+## How to use unattended feature in the batch setup scripts
+
+`install_wufuc.bat` and `uninstall_wufuc.bat` both support two command line parameters that can be used alone, or combined to change the behavior of the scripts:
+
+- `/NORESTART` - Automatically declines rebooting after the setup finishes.
+- `/UNATTENDED` - Skips all prompts for user interaction, and automatically restarts unless `/NORESTART` is also specified.
+
+These must be used from an elevated command line prompt.
+
+## How to restore Windows Update to its default configuration
+
+Windows Update by default is configured to run as `SERVICE_WIN32_SHARE_PROCESS`, which means it shares a single `svchost.exe` process with several other Windows services.
+It can also be configured as `SERVICE_WIN32_OWN_PROCESS`, which means it runs in its own process, which doesn't start until Windows Update does.
+
+Normally, either of these configurations is supported.
+
+However, if you have used another third-party solution for the CPU fix (such as UpdatePack7R2 or WuaCpuFix) either knowingly or unknowingly, wufuc will not function correctly if Windows Update is configured as `SERVICE_WIN32_OWN_PROCESS`.
+
+You have two ways to work around this limitation, either:
+
+- You can remove the other third-party solution yourself.
+- Alternatively, go to the directory that you installed wufuc to, open the `Troubleshooting` subdirectory, and merge the `Restore_wuauserv.reg` file with your registry by double-clicking it, and then restart your PC.
+
+## How to manually remove wufuc v0.8.0.143 when it is impossible to uninstall it normally
+
+This applies exclusively to a very buggy version of wufuc that was only available for download for a short period of time, other versions are unaffected.
+
+1. [Boot into Safe Mode with Command Prompt](https://support.microsoft.com/en-us/help/17419/windows-7-advanced-startup-options-safe-mode).
+2. In the command prompt type `regedit` and press enter.
+3. Navigate to the key `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options`
+4. Expand the `Image File Execution Options` tree.
+5. Locate the `svchost.exe` sub key, right-click it and press **Delete**.
+6. Reboot, and you should be able to log in normally again.
+7. Open Add and Remove Programs, locate and run the normal wufuc uninstaller to complete the removal process.

README.md

@@ -1,39 +1,52 @@
-# wufuc [![](https://ci.appveyor.com/api/projects/status/0s2unkpokttyslf0?svg=true)](https://ci.appveyor.com/project/zeffy/wufuc) [![](https://isitmaintained.com/badge/resolution/zeffy/wufuc.svg)](https://isitmaintained.com/project/zeffy/wufuc)
+# wufuc
+[![Donate Bitcoin](https://cdn.rawgit.com/zeffy/wufuc/badges/bitcoin.svg)](https://admin.gear.mycelium.com/gateways/3554/orders/new)
+[![AppVeyor Builds](https://img.shields.io/appveyor/ci/zeffy/wufuc.svg?logo=appveyor&style=flat-square)][AppVeyor]
+[![All Releases](https://img.shields.io/github/downloads/zeffy/wufuc/total.svg?style=flat-square)][Latest]
+[![Chat on Discord](https://img.shields.io/discord/421524706043101194.svg?label=discord&logo=discord&colorA=7078C2&colorB=7B81D8&style=flat-square)](https://discord.gg/G8PD2Wa)
 
-**English** | [русский](../../wiki/README-(русский)) | [Français](../../wiki/README-(Français)) | [Deutsch](../../wiki/README-(Deutsch)) | [Magyar](../../wiki/README-(Magyar)) | [Português Brasileiro](../../wiki/README-(Português-Brasileiro)) | [Italiano](../../wiki/README-(Italiano))
+[:de:] [:es:] [:fr:] [:it:] [:hungary:] [:brazil:] [:ru:] [:cn:] [:taiwan:]
 
 Disables the "Unsupported Hardware" message in Windows Update, and allows you to continue installing updates on Windows 7 and 8.1 systems with Intel Kaby Lake, AMD Ryzen, or other unsupported processors.
 
-## Downloads [![](https://img.shields.io/github/downloads/zeffy/wufuc/total.svg)](../../releases)
+## Downloads 
 
-- [**Click here for the latest stable version**](../../releases/latest)
+**[Latest stable build][Latest] - Most people will want this version.**
 
-- [~~Unstable builds~~](https://ci.appveyor.com/project/zeffy/wufuc) **Discontinued until AppVeyor adds WDK support for Visual Studio 2017 ([appveyor/ci#1554](https://github.com/appveyor/ci/issues/1554))**
+[Unstable builds][AppVeyor] - Probably contains bugs; do not report issues with these builds.
 
-## Preface
+## Donate :heart:
 
-The changelog for Windows updates KB4012218 and KB4012219 included the following:
+[**Click here for donation options!**](https://github.com/zeffy/wufuc/blob/master/DONATE.md)
+
+## Background
+
+The release notes for Windows updates KB4012218 and KB4012219 included the following:
 
 > Enabled detection of processor generation and hardware support when PC tries to scan or download updates through Windows Update.
 
 These updates marked the implementation of a [policy change](https://blogs.windows.com/windowsexperience/2016/01/15/windows-10-embracing-silicon-innovation/) they announced some time ago, where Microsoft stated that they would not be supporting Windows 7 or 8.1 on next-gen Intel, AMD and Qualcomm processors.
-This was essentially a big middle finger to anyone who decides to not "upgrade" to the steaming pile of :shit: known as Windows 10, especially considering the extended support periods for Windows 7 and 8.1 won't be ending until January 4, 2020 and January 10, 2023 respectively.
 
-## Some people with older Intel and AMD processors are also affected!
+This is essentially a big middle finger to anyone who decides to not "upgrade" to Windows 10,
+and it is especially unfortunate considering the extended support periods for Windows 7 and 8.1 won't be ending until January 4, 2020 and January 10, 2023 respectively.
 
-I've received user reports of the following CPUs all being blocked from receiving updates:
+Some people with older Intel and AMD processors are also affected! I've received user reports of the following CPUs all being blocked from receiving updates:
 
-- [Intel Atom Z530](../../issues/7)
+- [Intel Atom Z530](https://github.com/zeffy/wufuc/issues/7)
-- [Intel Atom D525](../../issues/34)
+- [Intel Atom D525](https://github.com/zeffy/wufuc/issues/34)
-- [Intel Core i5-M 560](../../issues/23)
+- [Intel Core i5-M 560](https://github.com/zeffy/wufuc/issues/23)
-- [Intel Core i5-4300M](../../issues/24)
+- [Intel Core i5-4300M](https://github.com/zeffy/wufuc/issues/24)
-- [Intel Pentium B940](../../issues/63)
+- [Intel Core i7-4930K](https://github.com/zeffy/wufuc/issues/126)
-- [AMD FX-8350](../../issues/32)
+- [Intel Pentium B940](https://github.com/zeffy/wufuc/issues/63)
-- [AMD Turion 64 Mobile Technology ML-34](../../issues/80)
+- [AMD FX-6300](https://github.com/zeffy/wufuc/issues/135#issuecomment-367054217)
+- [AMD FX-8350](https://github.com/zeffy/wufuc/issues/32)
+- [AMD Turion 64 Mobile Technology ML-34](https://github.com/zeffy/wufuc/issues/80)
 
 ## Bad Microsoft!
 
-If you are interested, you can read my original write up on discovering the CPU check [here](../../tree/old-kb4012218-19).
+If you are interested, you can read my original write-up on discovering the CPU check [here](https://github.com/zeffy/wufuc/tree/old-kb4012218-19).
+
+The tl;dr version is basically, inside a system file named `wuaueng.dll`, there are two functions responsible for the CPU check: `IsDeviceServiceable(void)` and `IsCPUSupported(void)`. 
+`IsDeviceServiceable` simply calls `IsCPUSupported` once, and then re-uses the result that it receives on subsequent calls.
 
 ## Features
 
@@ -42,60 +55,45 @@ If you are interested, you can read my original write up on discovering the CPU
 - Completely free (as in freedom) software.
 - Does not modify any system files.
 - Byte pattern-based patching, which means it will usually keep working even after new updates come out.
-- Absolutely zero dependencies.
+- No dependencies.
+
+## Frequently Asked Questions
+
+See [FAQ.md](https://github.com/zeffy/wufuc/blob/master/FAQ.md).
 
 ## How it works
 
-Basically, inside a system file called `wuaueng.dll` there are two functions responsible for the CPU check: `IsDeviceServiceable(void)` and `IsCPUSupported(void)`. 
+This is a basic run-down of what wufuc does when you install it:
-`IsDeviceServiceable` simply calls `IsCPUSupported` once, and then re-uses the result that it receives on subsequent calls.
-My patch takes advantage of this behavior by patching a couple of boolean values and basically making Windows Update think that it has already checked your processor, and the result was that it is indeed supported.
 
-- The installer registers wufuc as a custom Application Verifier provider.
+- The installer registers a scheduled task that automatically starts wufuc on system boot/user log on.
-- When a `svchost.exe` process starts, the Windows PE loader automatically loads wufuc into its virtual address space.
+- Depending on how the Windows Update service is configured to run, wufuc will:
-- After that, wufuc will then check the command line of the process it was loaded into, then install some API hooks when appropriate:
+    * **Shared process**: inject itself into the service host process that Windows Update will run in when it starts.
-    * `LoadLibraryExW` hook will automatically patch `wuaueng.dll` as soon as it is loaded.
+    * **Own process**: wait for the Windows Update service to start and then inject into it.
-    * `RegQueryValueExW` hook is necessary to provide compatibility with attempts by other third-parties at bypassing the CPU check. (see issue [#100](../../issues/100))
+- Once injected, wufuc will hook some functions where appropriate:
-- If wufuc gets loaded by a `svchost.exe` process that isn't related to Windows Update, it goes into a dormant state and no hooks are applied.
+    * `LoadLibraryExW` hook will automatically hook the `IsDeviceServiceable()` function inside `wuaueng.dll` when it is loaded.
-
+    * `RegQueryValueExW` hook is necessary to provide compatibility with [UpdatePack7R2](../../issues/100). This hook not applied when `wuauserv` is configured to run in its own process.
-## How to deploy wufuc using Group Policy
-
-[There is a tutorial on the Advanced Installer website that explains how to do this](http://www.advancedinstaller.com/user-guide/tutorial-gpo.html).
-
-## How to use unattended feature in the batch setup scripts
-
-`install_wufuc.bat` and `uninstall_wufuc.bat` both support two command line parameters that can be used alone, or combined to change the behavior of the scripts:
-
-- `/NORESTART` - Automatically declines rebooting after the setup finishes.
-- `/UNATTENDED` - Skips all prompts for user interaction, and automatically restarts unless `/NORESTART` is also specified.
-
-These must be used from an elevated command line prompt.
-
-## What to do if you get stuck on a black screen with just a cursor after the Windows boot animation
-
-This will happen if wufuc somehow manages to crash the `svchost.exe` process that is responsible for displaying the login screen.
-Normally this should **never ever** happen, because wufuc goes dormant in `svchost.exe` processes that are unrelated to Windows Update.
-I have only encountered this during development with very unstable code, or by causing it intentionally.
-
-However, just in case this does happen to someone, here is how to fix it:
-
-1. [Boot into Safe Mode with Command Prompt](https://support.microsoft.com/en-us/help/17419/windows-7-advanced-startup-options-safe-mode).
-2. In the command prompt type `regedit` and press enter.
-3. Navigate to the key `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options`
-4. Expand the `Image File Execution Options` tree.
-5. Locate the `svchost.exe` sub key, right-click it and press **Delete**.
-6. Reboot.
-7. You should be able to log in normally again.
-8. **If this happens to you, please report it in the issues tab so I can try to figure out what is causing the crash!**
 
 ## Sponsors
 
-### [Advanced Installer](http://www.advancedinstaller.com/)
+### [Advanced Installer](https://www.advancedinstaller.com/)
 
 The installer packages are created with Advanced Installer using an [open source license](http://www.advancedinstaller.com/free-license.html). 
-Advanced Installer's intuitive and friendly user interface allowed me to quickly create a feature complete installer with minimal effort. [Check it out!](http://www.advancedinstaller.com/)
+Advanced Installer's intuitive and friendly user interface allowed me to quickly create a feature complete installer with minimal effort. Check it out!
 
 ## Special thanks
 
-- Alex Ionescu ([@ionescu007](https://github.com/ionescu007)) for his [_"Hooking Nirvana"_ presentation at REcon 2015](https://www.youtube.com/watch?v=bqU0y4FzvT0) and its corresponding [repository of example code](https://github.com/ionescu007/HookingNirvana).
+- Wen Jia Liu ([@wj32](https://github.com/wj32)) for his awesome program [Process Hacker](https://github.com/processhacker2/processhacker), and also for his [phnt headers](https://github.com/processhacker2/processhacker/tree/master/phnt).
-- Wen Jia Liu ([@wj32](https://github.com/wj32)) for his awesome program [Process Hacker](https://github.com/processhacker2/processhacker) which has been absolutely instrumental in the development of wufuc, and also for his [`phnt`](https://github.com/processhacker2/processhacker/tree/master/phnt) headers.
+- Duncan Ogilvie ([@mrexodia](https://github.com/mrexodia)) for [x64dbg](https://github.com/x64dbg/x64dbg), its [`patternfind.cpp`](https://github.com/x64dbg/x64dbg/blob/development/src/dbg/patternfind.cpp) algorithm, and its issue template which I adapted for this project.
-- Duncan Ogilvie ([@mrexodia](https://github.com/mrexodia)) for his [`patternfind.cpp`](https://github.com/x64dbg/x64dbg/blob/development/src/dbg/patternfind.cpp) algorithm from [x64dbg](https://github.com/x64dbg/x64dbg).
+- Tsuda Kageyu ([@TsudaKageyu](https://github.com/TsudaKageyu)) for his excellent [minhook](https://github.com/TsudaKageyu/minhook) library.
+
+[Latest]: https://github.com/zeffy/wufuc/releases/latest
+[AppVeyor]: https://ci.appveyor.com/project/zeffy/wufuc
+[:de:]: https://github.com/zeffy/wufuc/wiki/README-(Deutsch)
+[:es:]: https://github.com/zeffy/wufuc/wiki/README-(Espa%C3%B1ol)
+[:fr:]: https://github.com/zeffy/wufuc/wiki/README-(Fran%C3%A7ais)
+[:it:]: https://github.com/zeffy/wufuc/wiki/README-(Italiano)
+[:hungary:]: https://github.com/zeffy/wufuc/wiki/README-(Magyar)
+[:brazil:]: https://github.com/zeffy/wufuc/wiki/README-(Portugu%C3%AAs-Brasileiro)
+[:ru:]: https://github.com/zeffy/wufuc/wiki/README-(%D1%80%D1%83%D1%81%D1%81%D0%BA%D0%B8%D0%B9)
+[:cn:]: https://github.com/zeffy/wufuc/wiki/README-(%E7%AE%80%E4%BD%93%E4%B8%AD%E6%96%87)
+[:taiwan:]: https://github.com/zeffy/wufuc/wiki/README-(%E7%B9%81%E9%AB%94%E4%B8%AD%E6%96%87)

appveyor.yml

@@ -1,4 +1,7 @@
-version: 0.8.0.{build}
+version: 1.0.0.{build}
+branches:
+  only:
+  - master
 skip_commits:
   files:
     - '**/*.md'
@@ -16,14 +19,14 @@ before_build:
 
     set "BUILD_VERSION_COMMA=%APPVEYOR_BUILD_VERSION:.=,%"
 
-    set "BUILD_ZIPFILE=%APPVEYOR_BUILD_FOLDER%\%APPVEYOR_PROJECT_NAME%_v%BUILD_COMMIT_VERSION%_%PLATFORM%.zip"
+    set "BUILD_ZIPFILE=%APPVEYOR_BUILD_FOLDER%\%APPVEYOR_PROJECT_NAME%_v%BUILD_COMMIT_VERSION%-%PLATFORM%.zip"
 after_build:
 - cmd: >-
-    copy /Y "wufuc\bin\%CONFIGURATION%\%PLATFORM%\wufuc*.dll" "wufuc_setup_bat\"
+    copy /Y "COPYING" "src\wufuc_setup_bat\COPYING.txt"
 
-    copy /Y "LICENSE" "wufuc_setup_bat\COPYING.txt"
+    cd "%APPVEYOR_BUILD_FOLDER%\src\wufuc_setup_bat"
 
-    cd "%APPVEYOR_BUILD_FOLDER%\wufuc_setup_bat"
+    echo v%BUILD_COMMIT_VERSION%>version.txt
 
     for /R %%i in (*.txt) do unix2dos "%%i"
 
@@ -32,5 +35,7 @@ after_build:
     7z a "%BUILD_ZIPFILE%" "..\wufuc_setup_bat"
 
     7z rn "%BUILD_ZIPFILE%" "wufuc_setup_bat" "%APPVEYOR_PROJECT_NAME%"
+
+    7z d "%BUILD_ZIPFILE%" "%APPVEYOR_PROJECT_NAME%\.gitignore"
 artifacts:
   - path: '*.zip'

inc/minhook/minhook.h

@@ -0,0 +1,184 @@
+/*
+ *  MinHook - The Minimalistic API Hooking Library for x64/x86
+ *  Copyright (C) 2009-2017 Tsuda Kageyu.
+ *  All rights reserved.
+ *
+ *  Redistribution and use in source and binary forms, with or without
+ *  modification, are permitted provided that the following conditions
+ *  are met:
+ *
+ *   1. Redistributions of source code must retain the above copyright
+ *      notice, this list of conditions and the following disclaimer.
+ *   2. Redistributions in binary form must reproduce the above copyright
+ *      notice, this list of conditions and the following disclaimer in the
+ *      documentation and/or other materials provided with the distribution.
+ *
+ *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ *  "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ *  TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ *  PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER
+ *  OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ *  EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ *  PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ *  PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ *  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ *  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#pragma once
+
+#if !(defined _M_IX86) && !(defined _M_X64) && !(defined __i386__) && !(defined __x86_64__)
+    #error MinHook supports only x86 and x64 systems.
+#endif
+
+// MinHook Error Codes.
+typedef enum MH_STATUS
+{
+    // Unknown error. Should not be returned.
+    MH_UNKNOWN = -1,
+
+    // Successful.
+    MH_OK = 0,
+
+    // MinHook is already initialized.
+    MH_ERROR_ALREADY_INITIALIZED,
+
+    // MinHook is not initialized yet, or already uninitialized.
+    MH_ERROR_NOT_INITIALIZED,
+
+    // The hook for the specified target function is already created.
+    MH_ERROR_ALREADY_CREATED,
+
+    // The hook for the specified target function is not created yet.
+    MH_ERROR_NOT_CREATED,
+
+    // The hook for the specified target function is already enabled.
+    MH_ERROR_ENABLED,
+
+    // The hook for the specified target function is not enabled yet, or already
+    // disabled.
+    MH_ERROR_DISABLED,
+
+    // The specified pointer is invalid. It points the address of non-allocated
+    // and/or non-executable region.
+    MH_ERROR_NOT_EXECUTABLE,
+
+    // The specified target function cannot be hooked.
+    MH_ERROR_UNSUPPORTED_FUNCTION,
+
+    // Failed to allocate memory.
+    MH_ERROR_MEMORY_ALLOC,
+
+    // Failed to change the memory protection.
+    MH_ERROR_MEMORY_PROTECT,
+
+    // The specified module is not loaded.
+    MH_ERROR_MODULE_NOT_FOUND,
+
+    // The specified function is not found.
+    MH_ERROR_FUNCTION_NOT_FOUND
+}
+MH_STATUS;
+
+// Can be passed as a parameter to MH_EnableHook, MH_DisableHook,
+// MH_QueueEnableHook or MH_QueueDisableHook.
+#define MH_ALL_HOOKS NULL
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+    // Initialize the MinHook library. You must call this function EXACTLY ONCE
+    // at the beginning of your program.
+    MH_STATUS WINAPI MH_Initialize(VOID);
+
+    // Uninitialize the MinHook library. You must call this function EXACTLY
+    // ONCE at the end of your program.
+    MH_STATUS WINAPI MH_Uninitialize(VOID);
+
+    // Creates a Hook for the specified target function, in disabled state.
+    // Parameters:
+    //   pTarget    [in]  A pointer to the target function, which will be
+    //                    overridden by the detour function.
+    //   pDetour    [in]  A pointer to the detour function, which will override
+    //                    the target function.
+    //   ppOriginal [out] A pointer to the trampoline function, which will be
+    //                    used to call the original target function.
+    //                    This parameter can be NULL.
+    MH_STATUS WINAPI MH_CreateHook(LPVOID pTarget, LPVOID pDetour, LPVOID *ppOriginal);
+
+    // Creates a Hook for the specified API function, in disabled state.
+    // Parameters:
+    //   pszModule  [in]  A pointer to the loaded module name which contains the
+    //                    target function.
+    //   pszTarget  [in]  A pointer to the target function name, which will be
+    //                    overridden by the detour function.
+    //   pDetour    [in]  A pointer to the detour function, which will override
+    //                    the target function.
+    //   ppOriginal [out] A pointer to the trampoline function, which will be
+    //                    used to call the original target function.
+    //                    This parameter can be NULL.
+    MH_STATUS WINAPI MH_CreateHookApi(
+        LPCWSTR pszModule, LPCSTR pszProcName, LPVOID pDetour, LPVOID *ppOriginal);
+
+    // Creates a Hook for the specified API function, in disabled state.
+    // Parameters:
+    //   pszModule  [in]  A pointer to the loaded module name which contains the
+    //                    target function.
+    //   pszTarget  [in]  A pointer to the target function name, which will be
+    //                    overridden by the detour function.
+    //   pDetour    [in]  A pointer to the detour function, which will override
+    //                    the target function.
+    //   ppOriginal [out] A pointer to the trampoline function, which will be
+    //                    used to call the original target function.
+    //                    This parameter can be NULL.
+    //   ppTarget   [out] A pointer to the target function, which will be used
+    //                    with other functions.
+    //                    This parameter can be NULL.
+    MH_STATUS WINAPI MH_CreateHookApiEx(
+        LPCWSTR pszModule, LPCSTR pszProcName, LPVOID pDetour, LPVOID *ppOriginal, LPVOID *ppTarget);
+
+    // Removes an already created hook.
+    // Parameters:
+    //   pTarget [in] A pointer to the target function.
+    MH_STATUS WINAPI MH_RemoveHook(LPVOID pTarget);
+
+    // Enables an already created hook.
+    // Parameters:
+    //   pTarget [in] A pointer to the target function.
+    //                If this parameter is MH_ALL_HOOKS, all created hooks are
+    //                enabled in one go.
+    MH_STATUS WINAPI MH_EnableHook(LPVOID pTarget);
+
+    // Disables an already created hook.
+    // Parameters:
+    //   pTarget [in] A pointer to the target function.
+    //                If this parameter is MH_ALL_HOOKS, all created hooks are
+    //                disabled in one go.
+    MH_STATUS WINAPI MH_DisableHook(LPVOID pTarget);
+
+    // Queues to enable an already created hook.
+    // Parameters:
+    //   pTarget [in] A pointer to the target function.
+    //                If this parameter is MH_ALL_HOOKS, all created hooks are
+    //                queued to be enabled.
+    MH_STATUS WINAPI MH_QueueEnableHook(LPVOID pTarget);
+
+    // Queues to disable an already created hook.
+    // Parameters:
+    //   pTarget [in] A pointer to the target function.
+    //                If this parameter is MH_ALL_HOOKS, all created hooks are
+    //                queued to be disabled.
+    MH_STATUS WINAPI MH_QueueDisableHook(LPVOID pTarget);
+
+    // Applies all queued changes in one go.
+    MH_STATUS WINAPI MH_ApplyQueued(VOID);
+
+    // Translates the MH_STATUS to its name as a string.
+    const char * WINAPI MH_StatusToString(MH_STATUS status);
+
+#ifdef __cplusplus
+}
+#endif
+

inc/phnt/LICENSE.txt

@@ -0,0 +1,685 @@
+Process Hacker is distributed under the GNU GPL version 3, with the
+following exception:
+
+    Permission is granted to dynamically (but not statically) link this
+    program with independent modules, regardless of the license terms of
+    these independent modules, provided that this program is not modified
+    in any way. An independent module is a module which is not derived
+    from or based on this program. If you modify this program, this
+    additional permission no longer applies unless authorized by the
+    copyright holders.
+
+                    GNU GENERAL PUBLIC LICENSE
+                       Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+                            Preamble
+
+  The GNU General Public License is a free, copyleft license for
+software and other kinds of works.
+
+  The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works.  By contrast,
+the GNU General Public License is intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users.  We, the Free Software Foundation, use the
+GNU General Public License for most of our software; it applies also to
+any other work released this way by its authors.  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+  To protect your rights, we need to prevent others from denying you
+these rights or asking you to surrender the rights.  Therefore, you have
+certain responsibilities if you distribute copies of the software, or if
+you modify it: responsibilities to respect the freedom of others.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must pass on to the recipients the same
+freedoms that you received.  You must make sure that they, too, receive
+or can get the source code.  And you must show them these terms so they
+know their rights.
+
+  Developers that use the GNU GPL protect your rights with two steps:
+(1) assert copyright on the software, and (2) offer you this License
+giving you legal permission to copy, distribute and/or modify it.
+
+  For the developers' and authors' protection, the GPL clearly explains
+that there is no warranty for this free software.  For both users' and
+authors' sake, the GPL requires that modified versions be marked as
+changed, so that their problems will not be attributed erroneously to
+authors of previous versions.
+
+  Some devices are designed to deny users access to install or run
+modified versions of the software inside them, although the manufacturer
+can do so.  This is fundamentally incompatible with the aim of
+protecting users' freedom to change the software.  The systematic
+pattern of such abuse occurs in the area of products for individuals to
+use, which is precisely where it is most unacceptable.  Therefore, we
+have designed this version of the GPL to prohibit the practice for those
+products.  If such problems arise substantially in other domains, we
+stand ready to extend this provision to those domains in future versions
+of the GPL, as needed to protect the freedom of users.
+
+  Finally, every program is threatened constantly by software patents.
+States should not allow patents to restrict development and use of
+software on general-purpose computers, but in those that do, we wish to
+avoid the special danger that patents applied to a free program could
+make it effectively proprietary.  To prevent this, the GPL assures that
+patents cannot be used to render the program non-free.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                       TERMS AND CONDITIONS
+
+  0. Definitions.
+
+  "This License" refers to version 3 of the GNU General Public License.
+
+  "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+  "The Program" refers to any copyrightable work licensed under this
+License.  Each licensee is addressed as "you".  "Licensees" and
+"recipients" may be individuals or organizations.
+
+  To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy.  The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+  A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+  To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy.  Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+  To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies.  Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+  An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License.  If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+  1. Source Code.
+
+  The "source code" for a work means the preferred form of the work
+for making modifications to it.  "Object code" means any non-source
+form of a work.
+
+  A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+  The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form.  A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+  The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities.  However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work.  For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+  The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+  The Corresponding Source for a work in source code form is that
+same work.
+
+  2. Basic Permissions.
+
+  All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met.  This License explicitly affirms your unlimited
+permission to run the unmodified Program.  The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work.  This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+  You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force.  You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright.  Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+  Conveying under any other circumstances is permitted solely under
+the conditions stated below.  Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+  No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+  When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+  4. Conveying Verbatim Copies.
+
+  You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+  You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+  5. Conveying Modified Source Versions.
+
+  You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+    a) The work must carry prominent notices stating that you modified
+    it, and giving a relevant date.
+
+    b) The work must carry prominent notices stating that it is
+    released under this License and any conditions added under section
+    7.  This requirement modifies the requirement in section 4 to
+    "keep intact all notices".
+
+    c) You must license the entire work, as a whole, under this
+    License to anyone who comes into possession of a copy.  This
+    License will therefore apply, along with any applicable section 7
+    additional terms, to the whole of the work, and all its parts,
+    regardless of how they are packaged.  This License gives no
+    permission to license the work in any other way, but it does not
+    invalidate such permission if you have separately received it.
+
+    d) If the work has interactive user interfaces, each must display
+    Appropriate Legal Notices; however, if the Program has interactive
+    interfaces that do not display Appropriate Legal Notices, your
+    work need not make them do so.
+
+  A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit.  Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+  6. Conveying Non-Source Forms.
+
+  You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+    a) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by the
+    Corresponding Source fixed on a durable physical medium
+    customarily used for software interchange.
+
+    b) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by a
+    written offer, valid for at least three years and valid for as
+    long as you offer spare parts or customer support for that product
+    model, to give anyone who possesses the object code either (1) a
+    copy of the Corresponding Source for all the software in the
+    product that is covered by this License, on a durable physical
+    medium customarily used for software interchange, for a price no
+    more than your reasonable cost of physically performing this
+    conveying of source, or (2) access to copy the
+    Corresponding Source from a network server at no charge.
+
+    c) Convey individual copies of the object code with a copy of the
+    written offer to provide the Corresponding Source.  This
+    alternative is allowed only occasionally and noncommercially, and
+    only if you received the object code with such an offer, in accord
+    with subsection 6b.
+
+    d) Convey the object code by offering access from a designated
+    place (gratis or for a charge), and offer equivalent access to the
+    Corresponding Source in the same way through the same place at no
+    further charge.  You need not require recipients to copy the
+    Corresponding Source along with the object code.  If the place to
+    copy the object code is a network server, the Corresponding Source
+    may be on a different server (operated by you or a third party)
+    that supports equivalent copying facilities, provided you maintain
+    clear directions next to the object code saying where to find the
+    Corresponding Source.  Regardless of what server hosts the
+    Corresponding Source, you remain obligated to ensure that it is
+    available for as long as needed to satisfy these requirements.
+
+    e) Convey the object code using peer-to-peer transmission, provided
+    you inform other peers where the object code and Corresponding
+    Source of the work are being offered to the general public at no
+    charge under subsection 6d.
+
+  A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+  A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling.  In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage.  For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product.  A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+  "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source.  The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+  If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information.  But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+  The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed.  Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+  Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+  7. Additional Terms.
+
+  "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law.  If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+  When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it.  (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.)  You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+  Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+    a) Disclaiming warranty or limiting liability differently from the
+    terms of sections 15 and 16 of this License; or
+
+    b) Requiring preservation of specified reasonable legal notices or
+    author attributions in that material or in the Appropriate Legal
+    Notices displayed by works containing it; or
+
+    c) Prohibiting misrepresentation of the origin of that material, or
+    requiring that modified versions of such material be marked in
+    reasonable ways as different from the original version; or
+
+    d) Limiting the use for publicity purposes of names of licensors or
+    authors of the material; or
+
+    e) Declining to grant rights under trademark law for use of some
+    trade names, trademarks, or service marks; or
+
+    f) Requiring indemnification of licensors and authors of that
+    material by anyone who conveys the material (or modified versions of
+    it) with contractual assumptions of liability to the recipient, for
+    any liability that these contractual assumptions directly impose on
+    those licensors and authors.
+
+  All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10.  If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term.  If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+  If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+  Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+  8. Termination.
+
+  You may not propagate or modify a covered work except as expressly
+provided under this License.  Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+  However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+  Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+  Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License.  If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+  9. Acceptance Not Required for Having Copies.
+
+  You are not required to accept this License in order to receive or
+run a copy of the Program.  Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance.  However,
+nothing other than this License grants you permission to propagate or
+modify any covered work.  These actions infringe copyright if you do
+not accept this License.  Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+  10. Automatic Licensing of Downstream Recipients.
+
+  Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License.  You are not responsible
+for enforcing compliance by third parties with this License.
+
+  An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations.  If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+  You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License.  For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+  11. Patents.
+
+  A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based.  The
+work thus licensed is called the contributor's "contributor version".
+
+  A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version.  For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+  Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+  In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement).  To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+  If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients.  "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+  If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+  A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License.  You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+  Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+  12. No Surrender of Others' Freedom.
+
+  If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all.  For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+  13. Use with the GNU Affero General Public License.
+
+  Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU Affero General Public License into a single
+combined work, and to convey the resulting work.  The terms of this
+License will continue to apply to the part which is the covered work,
+but the special requirements of the GNU Affero General Public License,
+section 13, concerning interaction through a network will apply to the
+combination as such.
+
+  14. Revised Versions of this License.
+
+  The Free Software Foundation may publish revised and/or new versions of
+the GNU General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+  Each version is given a distinguishing version number.  If the
+Program specifies that a certain numbered version of the GNU General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation.  If the Program does not specify a version number of the
+GNU General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+  If the Program specifies that a proxy can decide which future
+versions of the GNU General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+  Later license versions may give you additional or different
+permissions.  However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+  15. Disclaimer of Warranty.
+
+  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+  16. Limitation of Liability.
+
+  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+  17. Interpretation of Sections 15 and 16.
+
+  If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper mail.
+
+  If the program does terminal interaction, make it output a short
+notice like this when it starts in an interactive mode:
+
+    <program>  Copyright (C) <year>  <name of author>
+    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, your program's commands
+might be different; for a GUI interface, you would use an "about box".
+
+  You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU GPL, see
+<http://www.gnu.org/licenses/>.
+
+  The GNU General Public License does not permit incorporating your program
+into proprietary programs.  If your program is a subroutine library, you
+may consider it more useful to permit linking proprietary applications with
+the library.  If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.  But first, please read
+<http://www.gnu.org/philosophy/why-not-lgpl.html>.

inc/phnt/ntexapi.h

@@ -833,7 +833,8 @@ typedef enum _WNF_DATA_SCOPE
     WnfDataScopeSystem,
     WnfDataScopeSession,
     WnfDataScopeUser,
-    WnfDataScopeProcess
+    WnfDataScopeProcess,
+    WnfDataScopeMachine // REDSTONE3
 } WNF_DATA_SCOPE;
 
 typedef struct _WNF_TYPE_ID
@@ -1194,7 +1195,6 @@ NtAllocateUuids(
 
 // rev
 // private
-// source:http://www.microsoft.com/whdc/system/Sysinternals/MoreThan64proc.mspx
 typedef enum _SYSTEM_INFORMATION_CLASS
 {
     SystemBasicInformation, // q: SYSTEM_BASIC_INFORMATION
@@ -1241,12 +1241,12 @@ typedef enum _SYSTEM_INFORMATION_CLASS
     SystemVerifierRemoveDriverInformation, // s (requires SeDebugPrivilege)
     SystemProcessorIdleInformation, // q: SYSTEM_PROCESSOR_IDLE_INFORMATION
     SystemLegacyDriverInformation, // q: SYSTEM_LEGACY_DRIVER_INFORMATION
-    SystemCurrentTimeZoneInformation, // q
+    SystemCurrentTimeZoneInformation, // q; s: RTL_TIME_ZONE_INFORMATION
     SystemLookasideInformation, // q: SYSTEM_LOOKASIDE_INFORMATION
     SystemTimeSlipNotification, // s (requires SeSystemtimePrivilege)
     SystemSessionCreate, // not implemented
     SystemSessionDetach, // not implemented
-    SystemSessionInformation, // not implemented
+    SystemSessionInformation, // not implemented (SYSTEM_SESSION_INFORMATION)
     SystemRangeStartInformation, // q: SYSTEM_RANGE_START_INFORMATION // 50
     SystemVerifierInformation, // q: SYSTEM_VERIFIER_INFORMATION; s (requires SeDebugPrivilege)
     SystemVerifierThunkExtend, // s (kernel-mode only)
@@ -1266,8 +1266,8 @@ typedef enum _SYSTEM_INFORMATION_CLASS
     SystemBigPoolInformation, // q: SYSTEM_BIGPOOL_INFORMATION
     SystemSessionPoolTagInformation, // q: SYSTEM_SESSION_POOLTAG_INFORMATION
     SystemSessionMappedViewInformation, // q: SYSTEM_SESSION_MAPPED_VIEW_INFORMATION
-    SystemHotpatchInformation, // q; s
+    SystemHotpatchInformation, // q; s: SYSTEM_HOTPATCH_CODE_INFORMATION
-    SystemObjectSecurityMode, // q // 70
+    SystemObjectSecurityMode, // q: ULONG // 70
     SystemWatchdogTimerHandler, // s (kernel-mode only)
     SystemWatchdogTimerInformation, // q (kernel-mode only); s (kernel-mode only)
     SystemLogicalProcessorInformation, // q: SYSTEM_LOGICAL_PROCESSOR_INFORMATION
@@ -1390,6 +1390,17 @@ typedef enum _SYSTEM_INFORMATION_CLASS
     SystemCodeIntegrityUnlockInformation, // SYSTEM_CODEINTEGRITY_UNLOCK_INFORMATION // 190
     SystemIntegrityQuotaInformation,
     SystemFlushInformation, // q: SYSTEM_FLUSH_INFORMATION
+    SystemProcessorIdleMaskInformation, // since REDSTONE3
+    SystemSecureDumpEncryptionInformation,
+    SystemWriteConstraintInformation, // SYSTEM_WRITE_CONSTRAINT_INFORMATION
+    SystemKernelVaShadowInformation, // SYSTEM_KERNEL_VA_SHADOW_INFORMATION
+    SystemHypervisorSharedPageInformation, // REDSTONE4
+    SystemFirmwareBootPerformanceInformation,
+    SystemCodeIntegrityVerificationInformation,
+    SystemFirmwarePartitionInformation, // 200
+    SystemSpeculationControlInformation, // SYSTEM_SPECULATION_CONTROL_INFORMATION // (CVE-2017-5715) REDSTONE3 and above.
+    SystemDmaGuardPolicyInformation,
+    SystemEnclaveLaunchControlInformation,
     MaxSystemInfoClass
 } SYSTEM_INFORMATION_CLASS;
 
@@ -1576,7 +1587,9 @@ typedef struct _SYSTEM_PROCESS_INFORMATION
     LARGE_INTEGER ReadTransferCount;
     LARGE_INTEGER WriteTransferCount;
     LARGE_INTEGER OtherTransferCount;
-    SYSTEM_THREAD_INFORMATION Threads[1];
+    SYSTEM_THREAD_INFORMATION Threads[1]; // SystemProcessInformation
+    // SYSTEM_EXTENDED_THREAD_INFORMATION Threads[1]; // SystemExtendedProcessinformation
+    // SYSTEM_EXTENDED_THREAD_INFORMATION + SYSTEM_PROCESS_INFORMATION_EXTENSION // SystemFullProcessInformation
 } SYSTEM_PROCESS_INFORMATION, *PSYSTEM_PROCESS_INFORMATION;
 
 typedef struct _SYSTEM_CALL_COUNT_INFORMATION
@@ -1790,12 +1803,25 @@ typedef struct _SYSTEM_QUERY_TIME_ADJUST_INFORMATION
     BOOLEAN Enable;
 } SYSTEM_QUERY_TIME_ADJUST_INFORMATION, *PSYSTEM_QUERY_TIME_ADJUST_INFORMATION;
 
+typedef struct _SYSTEM_QUERY_TIME_ADJUST_INFORMATION_PRECISE
+{
+    ULONGLONG TimeAdjustment;
+    ULONGLONG TimeIncrement;
+    BOOLEAN Enable;
+} SYSTEM_QUERY_TIME_ADJUST_INFORMATION_PRECISE, *PSYSTEM_QUERY_TIME_ADJUST_INFORMATION_PRECISE;
+
 typedef struct _SYSTEM_SET_TIME_ADJUST_INFORMATION
 {
     ULONG TimeAdjustment;
     BOOLEAN Enable;
 } SYSTEM_SET_TIME_ADJUST_INFORMATION, *PSYSTEM_SET_TIME_ADJUST_INFORMATION;
 
+typedef struct _SYSTEM_SET_TIME_ADJUST_INFORMATION_PRECISE
+{
+    ULONGLONG TimeAdjustment;
+    BOOLEAN Enable;
+} SYSTEM_SET_TIME_ADJUST_INFORMATION_PRECISE, *PSYSTEM_SET_TIME_ADJUST_INFORMATION_PRECISE;
+
 typedef enum _EVENT_TRACE_INFORMATION_CLASS
 {
     EventTraceKernelVersionInformation, // EVENT_TRACE_VERSION_INFORMATION
@@ -1817,6 +1843,8 @@ typedef enum _EVENT_TRACE_INFORMATION_CLASS
     EventTraceStackCachingInformation, // EVENT_TRACE_STACK_CACHING_INFORMATION
     EventTraceObjectTypeFilterInformation, // EVENT_TRACE_TAG_FILTER_INFORMATION
     EventTraceSoftRestartInformation, // EVENT_TRACE_SOFT_RESTART_INFORMATION
+    EventTraceLastBranchConfigurationInformation, // REDSTONE3
+    EventTraceLastBranchEventListInformation,
     MaxEventTraceInfoClass
 } EVENT_TRACE_INFORMATION_CLASS;
 
@@ -2149,6 +2177,7 @@ typedef struct _SYSTEM_SESSION_MAPPED_VIEW_INFORMATION
     SIZE_T NumberOfBytesAvailableContiguous;
 } SYSTEM_SESSION_MAPPED_VIEW_INFORMATION, *PSYSTEM_SESSION_MAPPED_VIEW_INFORMATION;
 
+#if (PHNT_MODE != PHNT_MODE_KERNEL)
 // private
 typedef enum _SYSTEM_FIRMWARE_TABLE_ACTION
 {
@@ -2166,6 +2195,7 @@ typedef struct _SYSTEM_FIRMWARE_TABLE_INFORMATION
     ULONG TableBufferLength;
     UCHAR TableBuffer[1];
 } SYSTEM_FIRMWARE_TABLE_INFORMATION, *PSYSTEM_FIRMWARE_TABLE_INFORMATION;
+#endif
 
 // private
 typedef struct _SYSTEM_MEMORY_LIST_INFORMATION
@@ -2221,16 +2251,6 @@ typedef struct _SYSTEM_PROCESS_ID_INFORMATION
     UNICODE_STRING ImageName;
 } SYSTEM_PROCESS_ID_INFORMATION, *PSYSTEM_PROCESS_ID_INFORMATION;
 
-#if (PHNT_MODE == PHNT_MODE_KERNEL)
-typedef enum _FIRMWARE_TYPE
-{
-    FirmwareTypeUnknown,
-    FirmwareTypeBios,
-    FirmwareTypeUefi,
-    FirmwareTypeMax
-} FIRMWARE_TYPE, *PFIRMWARE_TYPE;
-#endif
-
 // private
 typedef struct _SYSTEM_BOOT_ENVIRONMENT_INFORMATION
 {
@@ -2273,13 +2293,20 @@ typedef struct _SYSTEM_SYSTEM_DISK_INFORMATION
     UNICODE_STRING SystemDisk;
 } SYSTEM_SYSTEM_DISK_INFORMATION, *PSYSTEM_SYSTEM_DISK_INFORMATION;
 
-// private
+// private (Windows 8.1 and above)
 typedef struct _SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT
 {
-    ULONGLONG Hits; // ULONG in WIN8
+    ULONGLONG Hits;
     UCHAR PercentFrequency;
 } SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT, *PSYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT;
 
+// private (Windows 7 and Windows 8)
+typedef struct _SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT_WIN8
+{
+    ULONG Hits;
+    UCHAR PercentFrequency;
+} SYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT_WIN8, *PSYSTEM_PROCESSOR_PERFORMANCE_HITCOUNT_WIN8;
+
 // private
 typedef struct _SYSTEM_PROCESSOR_PERFORMANCE_STATE_DISTRIBUTION
 {
@@ -2662,7 +2689,7 @@ typedef struct _PROCESS_DISK_COUNTERS
 } PROCESS_DISK_COUNTERS, *PPROCESS_DISK_COUNTERS;
 
 // private
-typedef struct _ENERGY_STATE_DURATION
+typedef union _ENERGY_STATE_DURATION
 {
     union
     {
@@ -2696,8 +2723,8 @@ typedef struct _PROCESS_ENERGY_VALUES
     ULONG CompositionDirtyGenerated;
     ULONG CompositionDirtyPropagated;
     ULONG Reserved1;
-    ULONGLONG AttributedCycles[2][4];
+    ULONGLONG AttributedCycles[4][2];
-    ULONGLONG WorkOnBehalfCycles[2][4];
+    ULONGLONG WorkOnBehalfCycles[4][2];
 } PROCESS_ENERGY_VALUES, *PPROCESS_ENERGY_VALUES;
 
 typedef struct _TIMELINE_BITMAP
@@ -2711,7 +2738,7 @@ typedef struct _PROCESS_ENERGY_VALUES_EXTENSION
 {
     union
     {
-        TIMELINE_BITMAP Timelines[9];
+        TIMELINE_BITMAP Timelines[14]; // 9 for REDSTONE2, 14 for REDSTONE3
         struct
         {
             TIMELINE_BITMAP CpuTimeline;
@@ -2723,8 +2750,29 @@ typedef struct _PROCESS_ENERGY_VALUES_EXTENSION
             TIMELINE_BITMAP CompositionRenderedTimeline;
             TIMELINE_BITMAP CompositionDirtyGeneratedTimeline;
             TIMELINE_BITMAP CompositionDirtyPropagatedTimeline;
+            TIMELINE_BITMAP InputTimeline; // REDSTONE3
+            TIMELINE_BITMAP AudioInTimeline;
+            TIMELINE_BITMAP AudioOutTimeline;
+            TIMELINE_BITMAP DisplayRequiredTimeline;
+            TIMELINE_BITMAP KeyboardInputTimeline;
         };
     };
+
+    union // REDSTONE3
+    {
+        ENERGY_STATE_DURATION Durations[5];
+        struct
+        {
+            ENERGY_STATE_DURATION InputDuration;
+            ENERGY_STATE_DURATION AudioInDuration;
+            ENERGY_STATE_DURATION AudioOutDuration;
+            ENERGY_STATE_DURATION DisplayRequiredDuration;
+            ENERGY_STATE_DURATION PSMBackgroundDuration;
+        };
+    };
+    
+    ULONG KeyboardInput;
+    ULONG MouseInput;
 } PROCESS_ENERGY_VALUES_EXTENSION, *PPROCESS_ENERGY_VALUES_EXTENSION;
 
 typedef struct _PROCESS_EXTENDED_ENERGY_VALUES
@@ -2733,6 +2781,16 @@ typedef struct _PROCESS_EXTENDED_ENERGY_VALUES
     PROCESS_ENERGY_VALUES_EXTENSION Extension;
 } PROCESS_EXTENDED_ENERGY_VALUES, *PPROCESS_EXTENDED_ENERGY_VALUES;
 
+// private
+typedef enum _SYSTEM_PROCESS_CLASSIFICATION
+{
+    SystemProcessClassificationNormal,
+    SystemProcessClassificationSystem,
+    SystemProcessClassificationSecureSystem,
+    SystemProcessClassificationMemCompression,
+    SystemProcessClassificationMaximum
+} SYSTEM_PROCESS_CLASSIFICATION;
+
 // private
 typedef struct _SYSTEM_PROCESS_INFORMATION_EXTENSION
 {
@@ -2744,7 +2802,7 @@ typedef struct _SYSTEM_PROCESS_INFORMATION_EXTENSION
         struct
         {
             ULONG HasStrongId : 1;
-            ULONG Classification : 4;
+            ULONG Classification : 4; // SYSTEM_PROCESS_CLASSIFICATION
             ULONG BackgroundActivityModerated : 1;
             ULONG Spare : 26;
         };
@@ -2887,7 +2945,7 @@ typedef struct _SYSTEM_SECUREBOOT_POLICY_FULL_INFORMATION
 typedef struct _SYSTEM_ROOT_SILO_INFORMATION
 {
     ULONG NumberOfSilos;
-    HANDLE SiloIdList[1];
+    ULONG SiloIdList[1];
 } SYSTEM_ROOT_SILO_INFORMATION, *PSYSTEM_ROOT_SILO_INFORMATION;
 
 // private
@@ -2968,13 +3026,28 @@ typedef enum _SYSTEM_ACTIVITY_MODERATION_STATE
     MaxSystemActivityModerationState
 } SYSTEM_ACTIVITY_MODERATION_STATE;
 
-// private
+// private - REDSTONE2
-typedef struct _SYSTEM_ACTIVITY_MODERATION_EXE_STATE
+typedef struct _SYSTEM_ACTIVITY_MODERATION_EXE_STATE // REDSTONE3: Renamed SYSTEM_ACTIVITY_MODERATION_INFO
 {
     UNICODE_STRING ExePathNt;
     SYSTEM_ACTIVITY_MODERATION_STATE ModerationState;
 } SYSTEM_ACTIVITY_MODERATION_EXE_STATE, *PSYSTEM_ACTIVITY_MODERATION_EXE_STATE;
 
+typedef enum _SYSTEM_ACTIVITY_MODERATION_APP_TYPE
+{
+    SystemActivityModerationAppTypeClassic,
+    SystemActivityModerationAppTypePackaged,
+    MaxSystemActivityModerationAppType
+} SYSTEM_ACTIVITY_MODERATION_APP_TYPE;
+
+// private - REDSTONE3
+typedef struct _SYSTEM_ACTIVITY_MODERATION_INFO
+{
+    UNICODE_STRING Identifier;
+    SYSTEM_ACTIVITY_MODERATION_STATE ModerationState;
+    SYSTEM_ACTIVITY_MODERATION_APP_TYPE AppType;
+} SYSTEM_ACTIVITY_MODERATION_INFO, *PSYSTEM_ACTIVITY_MODERATION_INFO;
+
 // private
 typedef struct _SYSTEM_ACTIVITY_MODERATION_USER_SETTINGS
 {
@@ -3006,6 +3079,51 @@ typedef struct _SYSTEM_FLUSH_INFORMATION
     ULONGLONG Reserved[2];
 } SYSTEM_FLUSH_INFORMATION, *PSYSTEM_FLUSH_INFORMATION;
 
+// private
+typedef struct _SYSTEM_WRITE_CONSTRAINT_INFORMATION
+{
+    ULONG WriteConstraintPolicy;
+    ULONG Reserved;
+} SYSTEM_WRITE_CONSTRAINT_INFORMATION, *PSYSTEM_WRITE_CONSTRAINT_INFORMATION;
+
+// private
+typedef struct _SYSTEM_KERNEL_VA_SHADOW_INFORMATION
+{
+    union
+    {
+        ULONG Flags;
+        struct
+        {
+            ULONG KvaShadowEnabled : 1;
+            ULONG KvaShadowUserGlobal : 1;
+            ULONG KvaShadowPcid : 1;
+            ULONG KvaShadowInvpcid : 1;
+            ULONG Reserved : 28;
+        };
+    };
+} SYSTEM_KERNEL_VA_SHADOW_INFORMATION, *PSYSTEM_KERNEL_VA_SHADOW_INFORMATION;
+
+// private
+typedef struct _SYSTEM_SPECULATION_CONTROL_INFORMATION
+{
+    union
+    {
+        ULONG Flags;
+        struct
+        {
+            ULONG BpbEnabled : 1;
+            ULONG BpbDisabledSystemPolicy : 1;
+            ULONG BpbDisabledNoHardwareSupport : 1;
+            ULONG SpecCtrlEnumerated : 1;
+            ULONG SpecCmdEnumerated : 1;
+            ULONG IbrsPresent : 1;
+            ULONG StibpPresent : 1;
+            ULONG SmepPresent : 1;
+            ULONG Reserved : 24;
+        };
+    };
+} SYSTEM_SPECULATION_CONTROL_INFORMATION, *PSYSTEM_SPECULATION_CONTROL_INFORMATION;
+
 #if (PHNT_MODE != PHNT_MODE_KERNEL)
 
 NTSYSCALLAPI
@@ -3153,25 +3271,20 @@ typedef struct _SYSDBG_TRIAGE_DUMP
 } SYSDBG_TRIAGE_DUMP, *PSYSDBG_TRIAGE_DUMP;
 
 // private
-typedef struct _SYSDBG_LIVEDUMP_CONTROL_FLAGS
+typedef union _SYSDBG_LIVEDUMP_CONTROL_FLAGS
-{
-    union
 {
     struct
     {
         ULONG UseDumpStorageStack : 1;
         ULONG CompressMemoryPagesData : 1;
         ULONG IncludeUserSpaceMemoryPages : 1;
-            ULONG Reserved : 28;
+        ULONG Reserved : 29;
     };
     ULONG AsUlong;
-    };
 } SYSDBG_LIVEDUMP_CONTROL_FLAGS, *PSYSDBG_LIVEDUMP_CONTROL_FLAGS;
 
 // private
-typedef struct _SYSDBG_LIVEDUMP_CONTROL_ADDPAGES
+typedef union _SYSDBG_LIVEDUMP_CONTROL_ADDPAGES
-{
-    union
 {
     struct
     {
@@ -3179,9 +3292,10 @@ typedef struct _SYSDBG_LIVEDUMP_CONTROL_ADDPAGES
         ULONG Reserved : 31;
     };
     ULONG AsUlong;
-    };
 } SYSDBG_LIVEDUMP_CONTROL_ADDPAGES, *PSYSDBG_LIVEDUMP_CONTROL_ADDPAGES;
 
+#define SYSDBG_LIVEDUMP_CONTROL_VERSION 1
+
 // private
 typedef struct _SYSDBG_LIVEDUMP_CONTROL
 {
@@ -3299,7 +3413,7 @@ typedef struct _KUSER_SHARED_DATA
     LONG TimeZoneBiasStamp;
 
     ULONG NtBuildNumber;
-    ULONG NtProductType;
+    NT_PRODUCT_TYPE NtProductType;
     BOOLEAN ProductTypeIsValid;
     UCHAR Reserved0[1];
     USHORT NativeProcessorArchitecture;
@@ -3364,7 +3478,8 @@ typedef struct _KUSER_SHARED_DATA
             ULONG DbgSecureBootEnabled : 1;
             ULONG DbgMultiSessionSku : 1;
             ULONG DbgMultiUsersInSessionSku : 1;
-            ULONG SpareBits : 22;
+            ULONG DbgStateSeparationEnabled : 1;
+            ULONG SpareBits : 21;
         };
     };
     ULONG DataFlagsPad[1];
@@ -3397,7 +3512,9 @@ typedef struct _KUSER_SHARED_DATA
 
     USHORT UnparkedProcessorCount;
     ULONG EnclaveFeatureMask[4];
-    ULONG Reserved8;
+    
+    ULONG TelemetryCoverageRound;
+    
     USHORT UserModeGlobalLogger[16];
     ULONG ImageFileExecutionOptions;
 
@@ -3459,7 +3576,7 @@ C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, SystemCallPad) == 0x310);
 C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, TickCount) == 0x320);
 C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, TickCountQuad) == 0x320);
 C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, XState) == 0x3d8);
-//C_ASSERT(sizeof(KUSER_SHARED_DATA) == 0x708); // Visual Studio has a problem with this
+C_ASSERT(sizeof(KUSER_SHARED_DATA) == 0x708);
 
 #define USER_SHARED_DATA ((KUSER_SHARED_DATA * const)0x7ffe0000)
 

inc/phnt/ntioapi.h

@@ -242,6 +242,7 @@ typedef enum _FILE_INFORMATION_CLASS
     FileRenameInformationExBypassAccessCheck,
     FileDesiredStorageClassInformation, // FILE_DESIRED_STORAGE_CLASS_INFORMATION // since REDSTONE2
     FileStatInformation, // FILE_STAT_INFORMATION
+    FileMemoryPartitionInformation, // FILE_MEMORY_PARTITION_INFORMATION // since REDSTONE3
     FileMaximumInformation
 } FILE_INFORMATION_CLASS, *PFILE_INFORMATION_CLASS;
 
@@ -679,6 +680,7 @@ typedef struct _FILE_ID_EXTD_BOTH_DIR_INFORMATION
     WCHAR FileName[1];
 } FILE_ID_EXTD_BOTH_DIR_INFORMATION, *PFILE_ID_EXTD_BOTH_DIR_INFORMATION;
 
+// private
 typedef struct _FILE_STAT_INFORMATION
 {
     LARGE_INTEGER FileId;
@@ -694,6 +696,21 @@ typedef struct _FILE_STAT_INFORMATION
     ULONG EffectiveAccess;
 } FILE_STAT_INFORMATION, *PFILE_STAT_INFORMATION;
 
+// private
+typedef struct _FILE_MEMORY_PARTITION_INFORMATION
+{
+    HANDLE OwnerPartitionHandle;
+    union
+    {
+        struct
+        {
+            UCHAR NoCrossPartitionAccess;
+            UCHAR Spare[3];
+        };
+        ULONG AllFlags;
+    } Flags;
+} FILE_MEMORY_PARTITION_INFORMATION, *PFILE_MEMORY_PARTITION_INFORMATION;
+
 // NtQueryDirectoryFile types
 
 typedef struct _FILE_DIRECTORY_INFORMATION

inc/phnt/ntldr.h

@@ -5,6 +5,12 @@
 
 // DLLs
 
+typedef BOOLEAN (NTAPI *PLDR_INIT_ROUTINE)(
+    _In_ PVOID DllHandle,
+    _In_ ULONG Reason,
+    _In_opt_ PVOID Context
+    );
+
 // symbols
 typedef struct _LDR_SERVICE_TAG_RECORD
 {
@@ -76,6 +82,8 @@ typedef enum _LDR_DLL_LOAD_REASON
     LoadReasonDynamicLoad,
     LoadReasonAsImageLoad,
     LoadReasonAsDataLoad,
+    LoadReasonEnclavePrimary, // REDSTONE3
+    LoadReasonEnclaveDependency,
     LoadReasonUnknown = -1
 } LDR_DLL_LOAD_REASON, *PLDR_DLL_LOAD_REASON;
 
@@ -96,6 +104,7 @@ typedef enum _LDR_DLL_LOAD_REASON
 #define LDR_DATA_TABLE_ENTRY_SIZE_WINXP FIELD_OFFSET(LDR_DATA_TABLE_ENTRY, DdagNode)
 #define LDR_DATA_TABLE_ENTRY_SIZE_WIN7 FIELD_OFFSET(LDR_DATA_TABLE_ENTRY, BaseNameHashValue)
 #define LDR_DATA_TABLE_ENTRY_SIZE_WIN8 FIELD_OFFSET(LDR_DATA_TABLE_ENTRY, ImplicitPathOptions)
+#define LDR_DATA_TABLE_ENTRY_SIZE sizeof(LDR_DATA_TABLE_ENTRY)
 
 // symbols
 typedef struct _LDR_DATA_TABLE_ENTRY
@@ -108,7 +117,7 @@ typedef struct _LDR_DATA_TABLE_ENTRY
         LIST_ENTRY InProgressLinks;
     };
     PVOID DllBase;
-    PVOID EntryPoint;
+    PLDR_INIT_ROUTINE EntryPoint;
     ULONG SizeOfImage;
     UNICODE_STRING FullDllName;
     UNICODE_STRING BaseDllName;
@@ -170,11 +179,9 @@ typedef struct _LDR_DATA_TABLE_ENTRY
     UCHAR SigningLevel; // since REDSTONE2
 } LDR_DATA_TABLE_ENTRY, *PLDR_DATA_TABLE_ENTRY;
 
-typedef BOOLEAN (NTAPI *PDLL_INIT_ROUTINE)(
+#define LDR_IS_DATAFILE(DllHandle)     (((ULONG_PTR)(DllHandle)) & (ULONG_PTR)1)
-    _In_ PVOID DllHandle,
+#define LDR_IS_IMAGEMAPPING(DllHandle) (((ULONG_PTR)(DllHandle)) & (ULONG_PTR)2)
-    _In_ ULONG Reason,
+#define LDR_IS_RESOURCE(DllHandle)     (LDR_IS_IMAGEMAPPING(DllHandle) || LDR_IS_DATAFILE(DllHandle))
-    _In_opt_ PCONTEXT Context
-    );
 
 NTSYSAPI
 NTSTATUS
@@ -471,9 +478,25 @@ LdrUnregisterDllNotification(
 // private
 typedef struct _PS_MITIGATION_OPTIONS_MAP
 {
-    ULONG_PTR Map[2];
+    union
+    {
+        ULONG_PTR Map[2]; // REDSTONE2
+        //struct
+        //{
+        //    ULONG_PTR Depth : 16; // REDSTONE3
+        //    ULONG_PTR Sequence : 48;
+        //    ULONG_PTR Reserved : 4;
+        //    ULONG_PTR NextEntry : 60;
+        //};
+    };
 } PS_MITIGATION_OPTIONS_MAP, *PPS_MITIGATION_OPTIONS_MAP;
 
+// private
+typedef struct _PS_MITIGATION_AUDIT_OPTIONS_MAP
+{
+    ULONG_PTR Map[2];
+} PS_MITIGATION_AUDIT_OPTIONS_MAP, *PPS_MITIGATION_AUDIT_OPTIONS_MAP;
+
 // private
 typedef struct _PS_SYSTEM_DLL_INIT_BLOCK
 {
@@ -496,6 +519,7 @@ typedef struct _PS_SYSTEM_DLL_INIT_BLOCK
     ULONG_PTR CfgBitMapSize;
     ULONG_PTR Wow64CfgBitMap;
     ULONG_PTR Wow64CfgBitMapSize;
+    PS_MITIGATION_AUDIT_OPTIONS_MAP MitigationAuditOptionsMap; // REDSTONE3
 } PS_SYSTEM_DLL_INIT_BLOCK, *PPS_SYSTEM_DLL_INIT_BLOCK;
 
 #if (PHNT_VERSION >= PHNT_THRESHOLD)
@@ -552,6 +576,90 @@ LdrDisableThreadCalloutsForDll(
     _In_ PVOID DllImageBase
     );
     
+// Resources
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+LdrAccessResource(
+    _In_ PVOID BaseAddress,
+    _In_ PIMAGE_RESOURCE_DATA_ENTRY ResourceDataEntry,
+    _Out_opt_ PVOID *ResourceBuffer,
+    _Out_opt_ ULONG *ResourceLength
+    );
+
+typedef struct _LDR_RESOURCE_INFO
+{
+    ULONG_PTR Type;
+    ULONG_PTR Name;
+    ULONG_PTR Language;
+} LDR_RESOURCE_INFO, *PLDR_RESOURCE_INFO;
+
+#define RESOURCE_TYPE_LEVEL 0
+#define RESOURCE_NAME_LEVEL 1
+#define RESOURCE_LANGUAGE_LEVEL 2
+#define RESOURCE_DATA_LEVEL 3
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+LdrFindResource_U(
+    _In_ PVOID BaseAddress,
+    _In_ PLDR_RESOURCE_INFO ResourceInfo,
+    _In_ ULONG Level,
+    _Out_ PIMAGE_RESOURCE_DATA_ENTRY *ResourceDataEntry
+    );
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+LdrFindResourceDirectory_U(
+    _In_ PVOID BaseAddress,
+    _In_ PLDR_RESOURCE_INFO ResourceInfo,
+    _In_ ULONG Level,
+    _Out_ PIMAGE_RESOURCE_DIRECTORY *ResourceDirectory
+    );
+
+// private 
+typedef struct _LDR_ENUM_RESOURCE_ENTRY
+{
+    union
+    {
+        ULONG_PTR NameOrId;
+        PIMAGE_RESOURCE_DIRECTORY_STRING Name;
+        struct
+        {
+            USHORT Id;
+            USHORT NameIsPresent;
+        };
+    } Path[3];
+    PVOID Data;
+    ULONG Size;
+    ULONG Reserved;
+} LDR_ENUM_RESOURCE_ENTRY, *PLDR_ENUM_RESOURCE_ENTRY;
+
+#define NAME_FROM_RESOURCE_ENTRY(RootDirectory, Entry) \
+    ((Entry)->NameIsString ? (ULONG_PTR)PTR_ADD_OFFSET((RootDirectory), (Entry)->NameOffset) : (Entry)->Id)
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+LdrEnumResources(
+    _In_ PVOID BaseAddress,
+    _In_ PLDR_RESOURCE_INFO ResourceInfo,
+    _In_ ULONG Level,
+    _Inout_ ULONG *ResourceCount,
+    _Out_writes_to_opt_(*ResourceCount, *ResourceCount) PLDR_ENUM_RESOURCE_ENTRY Resources
+    );
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+LdrFindEntryForAddress(
+    _In_ PVOID BaseAddress,
+    _Out_ PLDR_DATA_TABLE_ENTRY *Entry
+    );
+
 #endif // (PHNT_MODE != PHNT_MODE_KERNEL)
 
 // Module information
@@ -586,4 +694,62 @@ typedef struct _RTL_PROCESS_MODULE_INFORMATION_EX
     PVOID DefaultBase;
 } RTL_PROCESS_MODULE_INFORMATION_EX, *PRTL_PROCESS_MODULE_INFORMATION_EX;
 
+#if (PHNT_MODE != PHNT_MODE_KERNEL)
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+LdrQueryProcessModuleInformation(
+    _In_opt_ PRTL_PROCESS_MODULES ModuleInformation,
+    _In_opt_ ULONG Size,
+    _Out_ PULONG ReturnedSize
+    );
+
+typedef VOID (NTAPI *PLDR_ENUM_CALLBACK)(
+    _In_ PLDR_DATA_TABLE_ENTRY ModuleInformation, 
+    _In_ PVOID Parameter, 
+    _Out_ BOOLEAN *Stop
+    );
+
+NTSYSAPI
+NTSTATUS
+NTAPI
+LdrEnumerateLoadedModules(
+    _In_ BOOLEAN ReservedFlag,
+    _In_ PLDR_ENUM_CALLBACK EnumProc,
+    _In_ PVOID Context
+    );
+
+NTSTATUS
+NTAPI
+LdrOpenImageFileOptionsKey(
+    _In_ PUNICODE_STRING SubKey,
+    _In_ BOOLEAN Wow64,
+    _Out_ PHANDLE NewKeyHandle
+    );
+
+NTSTATUS
+NTAPI
+LdrQueryImageFileKeyOption(
+    _In_ HANDLE KeyHandle,
+    _In_ PCWSTR ValueName,
+    _In_ ULONG Type,
+    _Out_ PVOID Buffer,
+    _In_ ULONG BufferSize,
+    _Out_opt_ PULONG ReturnedLength
+    );
+
+NTSTATUS
+NTAPI
+LdrQueryImageFileExecutionOptions(
+    _In_ PUNICODE_STRING SubKey,
+    _In_ PCWSTR ValueName,
+    _In_ ULONG ValueSize,
+    _Out_ PVOID Buffer,
+    _In_ ULONG BufferSize,
+    _Out_opt_ PULONG RetunedLength
+    );
+
+#endif // (PHNT_MODE != PHNT_MODE_KERNEL)
+
 #endif

inc/phnt/ntmmapi.h

@@ -24,7 +24,7 @@
 #define PAGE_ENCLAVE_UNVALIDATED    0x20000000
 
 // Region and section constants
-
+#if (PHNT_MODE != PHNT_MODE_KERNEL)
 #define MEM_COMMIT 0x1000
 #define MEM_RESERVE 0x2000
 #define MEM_DECOMMIT 0x4000
@@ -34,19 +34,26 @@
 #define MEM_MAPPED 0x40000
 #define MEM_RESET 0x80000
 #define MEM_TOP_DOWN 0x100000
+#endif
 #define MEM_WRITE_WATCH 0x200000
 #define MEM_PHYSICAL 0x400000
 #define MEM_ROTATE 0x800000
 #define MEM_DIFFERENT_IMAGE_BASE_OK 0x800000
+#if (PHNT_MODE != PHNT_MODE_KERNEL)
 #define MEM_RESET_UNDO 0x1000000
+#endif
 #define MEM_LARGE_PAGES 0x20000000
 #define MEM_4MB_PAGES 0x80000000
 
+#if (PHNT_MODE != PHNT_MODE_KERNEL)
 #define SEC_FILE 0x800000
+#endif
 #define SEC_IMAGE 0x1000000
 #define SEC_PROTECTED_IMAGE 0x2000000
+#if (PHNT_MODE != PHNT_MODE_KERNEL)
 #define SEC_RESERVE 0x4000000
 #define SEC_COMMIT 0x8000000
+#endif
 #define SEC_NOCACHE 0x10000000
 #define SEC_WRITECOMBINE 0x40000000
 #define SEC_LARGE_PAGES 0x80000000
@@ -55,6 +62,7 @@
 
 #endif
 
+#if (PHNT_MODE != PHNT_MODE_KERNEL)
 // private
 typedef enum _MEMORY_INFORMATION_CLASS
 {
@@ -66,21 +74,22 @@ typedef enum _MEMORY_INFORMATION_CLASS
     MemorySharedCommitInformation, // MEMORY_SHARED_COMMIT_INFORMATION
     MemoryImageInformation, // MEMORY_IMAGE_INFORMATION
     MemoryRegionInformationEx,
-    MemoryPrivilegedBasicInformation
+    MemoryPrivilegedBasicInformation,
+    MemoryEnclaveImageInformation, // since REDSTONE3
+    MemoryBasicInformationCapped
 } MEMORY_INFORMATION_CLASS;
-
+#else
-#if (PHNT_MODE == PHNT_MODE_KERNEL)
+#define MemoryBasicInformation 0x0
-
+#define MemoryWorkingSetInformation 0x1
-typedef struct _MEMORY_BASIC_INFORMATION
+#define MemoryMappedFilenameInformation 0x2
-{
+#define MemoryRegionInformation 0x3
-    PVOID BaseAddress;
+#define MemoryWorkingSetExInformation 0x4
-    PVOID AllocationBase;
+#define MemorySharedCommitInformation 0x5
-    ULONG AllocationProtect;
+#define MemoryImageInformation 0x6
-    SIZE_T RegionSize;
+#define MemoryRegionInformationEx 0x7
-    ULONG State;
+#define MemoryPrivilegedBasicInformation 0x8
-    ULONG Protect;
+#define MemoryEnclaveImageInformation 0x9
-    ULONG Type;
+#define MemoryBasicInformationCapped 0xA
-} MEMORY_BASIC_INFORMATION, *PMEMORY_BASIC_INFORMATION;
 #endif
 
 typedef struct _MEMORY_WORKING_SET_BLOCK
@@ -118,7 +127,9 @@ typedef struct _MEMORY_REGION_INFORMATION
             ULONG MappedPageFile : 1;
             ULONG MappedPhysical : 1;
             ULONG DirectMapped : 1;
-            ULONG Reserved : 26;
+            ULONG SoftwareEnclave : 1; //REDSTONE3
+            ULONG PageSize64K : 1;
+            ULONG Reserved : 24;
         };
     };
     SIZE_T RegionSize;
@@ -196,6 +207,7 @@ typedef struct _MEMORY_IMAGE_INFORMATION
         {
             ULONG ImagePartialMap : 1;
             ULONG ImageNotExecutable : 1;
+            ULONG ImageSigningLevel : 1; // REDSTONE3
             ULONG Reserved : 30;
         };
     };
@@ -296,8 +308,8 @@ typedef struct _MMPFN_MEMSNAP_INFORMATION
 
 typedef enum _SECTION_INFORMATION_CLASS
 {
-    SectionBasicInformation,
+    SectionBasicInformation, // q; SECTION_BASIC_INFORMATION
-    SectionImageInformation,
+    SectionImageInformation, // q; SECTION_IMAGE_INFORMATION
     SectionRelocationInformation, // name:wow64:whNtQuerySection_SectionRelocationInformation
     SectionOriginalBaseInformation, // PVOID BaseAddress
     SectionInternalImageInformation, // SECTION_INTERNAL_IMAGE_INFORMATION // since REDSTONE2
@@ -369,10 +381,8 @@ typedef struct _SECTION_INTERNAL_IMAGE_INFORMATION
         ULONG ExtendedFlags;
         struct
         {
-            ULONG ImageReturnFlowGuardEnabled : 1;
-            ULONG ImageReturnFlowGuardStrict : 1;
             ULONG ImageExportSuppressionEnabled : 1;
-            ULONG Reserved : 29;
+            ULONG Reserved : 31;
         };
     };
 } SECTION_INTERNAL_IMAGE_INFORMATION, *PSECTION_INTERNAL_IMAGE_INFORMATION;
@@ -471,12 +481,13 @@ NtQueryVirtualMemory(
 #endif
 
 // begin_private
-
+#if (PHNT_MODE != PHNT_MODE_KERNEL)
 typedef enum _VIRTUAL_MEMORY_INFORMATION_CLASS
 {
-    VmPrefetchInformation,
+    VmPrefetchInformation, // ULONG
     VmPagePriorityInformation,
-    VmCfgCallTargetInformation
+    VmCfgCallTargetInformation, // CFG_CALL_TARGET_LIST_INFORMATION // REDSTONE2
+    VmPageDirtyStateInformation // REDSTONE3
 } VIRTUAL_MEMORY_INFORMATION_CLASS;
 
 typedef struct _MEMORY_RANGE_ENTRY
@@ -485,6 +496,14 @@ typedef struct _MEMORY_RANGE_ENTRY
     SIZE_T NumberOfBytes;
 } MEMORY_RANGE_ENTRY, *PMEMORY_RANGE_ENTRY;
 
+typedef struct _CFG_CALL_TARGET_LIST_INFORMATION
+{
+    ULONG NumberOfEntries;
+    ULONG Reserved;
+    PULONG NumberOfEntriesProcessed;
+    PCFG_CALL_TARGET_INFO CallTargetInfo;
+} CFG_CALL_TARGET_LIST_INFORMATION, *PCFG_CALL_TARGET_LIST_INFORMATION;
+#endif
 // end_private
 
 #if (PHNT_MODE != PHNT_MODE_KERNEL)
@@ -619,6 +638,14 @@ NtAreMappedFilesTheSame(
 
 // Partitions
 
+#ifndef MEMORY_PARTITION_QUERY_ACCESS
+#define MEMORY_PARTITION_QUERY_ACCESS 0x0001
+#define MEMORY_PARTITION_MODIFY_ACCESS 0x0002
+#define MEMORY_PARTITION_ALL_ACCESS \
+    (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | \
+     MEMORY_PARTITION_QUERY_ACCESS | MEMORY_PARTITION_MODIFY_ACCESS)
+#endif
+
 // private
 typedef enum _MEMORY_PARTITION_INFORMATION_CLASS
 {
@@ -646,10 +673,11 @@ typedef struct _MEMORY_PARTITION_CONFIGURATION_INFORMATION
     ULONG_PTR ZeroPages;
     ULONG_PTR FreePages;
     ULONG_PTR StandbyPages;
-    ULONG StandbyPageCountByPriority[8]; // since REDSTONE2
+    ULONG_PTR StandbyPageCountByPriority[8]; // since REDSTONE2
-    ULONG RepurposedPagesByPriority[8];
+    ULONG_PTR RepurposedPagesByPriority[8];
-    ULONG MaximumCommitLimit;
+    ULONG_PTR MaximumCommitLimit;
-    ULONG DonatedPagesToPartitions;
+    ULONG_PTR DonatedPagesToPartitions;
+    ULONG PartitionId; // since REDSTONE3
 } MEMORY_PARTITION_CONFIGURATION_INFORMATION, *PMEMORY_PARTITION_CONFIGURATION_INFORMATION;
 
 // private
@@ -704,7 +732,13 @@ typedef struct _MEMORY_PARTITION_MEMORY_EVENTS_INFORMATION
             ULONG Spare : 31;
         };
         ULONG AllFlags;
-    };
+    } Flags;
+    
+    ULONG HandleAttributes;
+    ULONG DesiredAccess;
+    HANDLE LowCommitCondition; // \KernelObjects\LowCommitCondition
+    HANDLE HighCommitCondition; // \KernelObjects\HighCommitCondition
+    HANDLE MaximumCommitCondition; // \KernelObjects\MaximumCommitCondition
 } MEMORY_PARTITION_MEMORY_EVENTS_INFORMATION, *PMEMORY_PARTITION_MEMORY_EVENTS_INFORMATION;
 
 #if (PHNT_MODE != PHNT_MODE_KERNEL)

inc/phnt/ntpebteb.h

@@ -4,6 +4,56 @@
 typedef struct _RTL_USER_PROCESS_PARAMETERS *PRTL_USER_PROCESS_PARAMETERS;
 typedef struct _RTL_CRITICAL_SECTION *PRTL_CRITICAL_SECTION;
 
+// private
+typedef struct _ACTIVATION_CONTEXT_STACK
+{
+    struct _RTL_ACTIVATION_CONTEXT_STACK_FRAME* ActiveFrame;
+    LIST_ENTRY FrameListCache;
+    ULONG Flags;
+    ULONG NextCookieSequenceNumber;
+    ULONG StackId;
+} ACTIVATION_CONTEXT_STACK, *PACTIVATION_CONTEXT_STACK;
+
+// private
+typedef struct _API_SET_NAMESPACE
+{
+    ULONG Version;
+    ULONG Size;
+    ULONG Flags;
+    ULONG Count;
+    ULONG EntryOffset;
+    ULONG HashOffset;
+    ULONG HashFactor;
+} API_SET_NAMESPACE, *PAPI_SET_NAMESPACE;
+
+// private
+typedef struct _API_SET_HASH_ENTRY
+{
+    ULONG Hash;
+    ULONG Index;
+} API_SET_HASH_ENTRY, *PAPI_SET_HASH_ENTRY;
+
+// private
+typedef struct _API_SET_NAMESPACE_ENTRY
+{
+    ULONG Flags;
+    ULONG NameOffset;
+    ULONG NameLength;
+    ULONG HashedLength;
+    ULONG ValueOffset;
+    ULONG ValueCount;
+} API_SET_NAMESPACE_ENTRY, *PAPI_SET_NAMESPACE_ENTRY;
+
+// private
+typedef struct _API_SET_VALUE_ENTRY 
+{
+    ULONG Flags;
+    ULONG NameOffset;
+    ULONG NameLength;
+    ULONG ValueOffset;
+    ULONG ValueLength;
+} API_SET_VALUE_ENTRY, *PAPI_SET_VALUE_ENTRY;
+
 // symbols
 typedef struct _PEB
 {
@@ -58,13 +108,15 @@ typedef struct _PEB
     };
     ULONG SystemReserved[1];
     ULONG AtlThunkSListPtr32;
-    PVOID ApiSetMap;
+    PAPI_SET_NAMESPACE ApiSetMap;
     ULONG TlsExpansionCounter;
     PVOID TlsBitmap;
     ULONG TlsBitmapBits[2];
+    
     PVOID ReadOnlySharedMemoryBase; 
-    PVOID HotpatchInformation;
+    PVOID SharedData; // HotpatchInformation
     PVOID *ReadOnlyStaticServerData;
+    
     PVOID AnsiCodePageData; // PCPTABLEINFO
     PVOID OemCodePageData; // PCPTABLEINFO
     PVOID UnicodeCaseTableData; // PNLSTABLEINFO
@@ -72,7 +124,7 @@ typedef struct _PEB
     ULONG NumberOfProcessors;
     ULONG NtGlobalFlag;
 
-    LARGE_INTEGER CriticalSectionTimeout;
+    ULARGE_INTEGER CriticalSectionTimeout;
     SIZE_T HeapSegmentReserve;
     SIZE_T HeapSegmentCommit;
     SIZE_T HeapDeCommitTotalFreeThreshold;
@@ -127,7 +179,7 @@ typedef struct _PEB
 
     PVOID WerRegistrationData;
     PVOID WerShipAssertPtr;
-    PVOID pContextData;
+    PVOID pUnused; // pContextData
     PVOID pImageHeaderHash;
     union
     {
@@ -144,8 +196,18 @@ typedef struct _PEB
     PVOID TppWorkerpListLock;
     LIST_ENTRY TppWorkerpList;
     PVOID WaitOnAddressHashTable[128];
+    PVOID TelemetryCoverageHeader; // REDSTONE3
+    ULONG CloudFileFlags;
 } PEB, *PPEB;
 
+#ifdef _WIN64
+C_ASSERT(FIELD_OFFSET(PEB, SessionId) == 0x2C0);
+C_ASSERT(sizeof(PEB) == 0x7B0);
+#else
+C_ASSERT(FIELD_OFFSET(PEB, SessionId) == 0x1D4);
+C_ASSERT(sizeof(PEB) == 0x468);
+#endif
+
 #define GDI_BATCH_BUFFER_SIZE 310
 
 typedef struct _GDI_TEB_BATCH
@@ -188,17 +250,33 @@ typedef struct _TEB
     LCID CurrentLocale;
     ULONG FpSoftwareStatusRegister;
     PVOID ReservedForDebuggerInstrumentation[16];
-    PVOID SystemReserved1[37];
+#ifdef _WIN64
+    PVOID SystemReserved1[30];
+#else
+    PVOID SystemReserved1[26];
+#endif
+    
+    CHAR PlaceholderCompatibilityMode;
+    CHAR PlaceholderReserved[11];
+    ULONG ProxiedProcessId;
+    ACTIVATION_CONTEXT_STACK ActivationStack;
+    
     UCHAR WorkingOnBehalfTicket[8];
     NTSTATUS ExceptionCode;
 
-    PVOID ActivationContextStackPointer;
+    PACTIVATION_CONTEXT_STACK ActivationContextStackPointer;
     ULONG_PTR InstrumentationCallbackSp;
     ULONG_PTR InstrumentationCallbackPreviousPc;
     ULONG_PTR InstrumentationCallbackPreviousSp;
+#ifdef _WIN64
     ULONG TxFsContext;
+#endif
 
     BOOLEAN InstrumentationCallbackDisabled;
+#ifndef _WIN64
+    UCHAR SpareBytes[23];
+    ULONG TxFsContext;
+#endif
     GDI_TEB_BATCH GdiTebBatch;
     CLIENT_ID RealClientId;
     HANDLE GdiCachedProcessHandle;

inc/phnt/ntpsapi.h

@@ -44,7 +44,7 @@
 #define GDI_HANDLE_BUFFER_SIZE32 34
 #define GDI_HANDLE_BUFFER_SIZE64 60
 
-#ifndef WIN64
+#ifndef _WIN64
 #define GDI_HANDLE_BUFFER_SIZE GDI_HANDLE_BUFFER_SIZE32
 #else
 #define GDI_HANDLE_BUFFER_SIZE GDI_HANDLE_BUFFER_SIZE64
@@ -180,6 +180,13 @@ typedef enum _PROCESSINFOCLASS
     ProcessDisableSystemAllowedCpuSets,
     ProcessWakeInformation, // PROCESS_WAKE_INFORMATION
     ProcessEnergyTrackingState, // PROCESS_ENERGY_TRACKING_STATE
+    ProcessManageWritesToExecutableMemory, // MANAGE_WRITES_TO_EXECUTABLE_MEMORY // since REDSTONE3
+    ProcessCaptureTrustletLiveDump,
+    ProcessTelemetryCoverage,
+    ProcessEnclaveInformation,
+    ProcessEnableReadWriteVmLogging, // PROCESS_READWRITEVM_LOGGING_INFORMATION
+    ProcessUptimeInformation, // PROCESS_UPTIME_INFORMATION
+    ProcessImageSection,
     MaxProcessInfoClass
 } PROCESSINFOCLASS;
 #endif
@@ -235,6 +242,8 @@ typedef enum _THREADINFOCLASS
     ThreadSubsystemInformation, // q: SUBSYSTEM_INFORMATION_TYPE // since REDSTONE2
     ThreadDbgkWerReportActive,
     ThreadAttachContainer,
+    ThreadManageWritesToExecutableMemory, // MANAGE_WRITES_TO_EXECUTABLE_MEMORY // since REDSTONE3
+    ThreadPowerThrottlingState, // THREAD_POWER_THROTTLING_STATE
     MaxThreadInfoClass
 } THREADINFOCLASS;
 #endif
@@ -578,6 +587,9 @@ typedef struct _PROCESS_MITIGATION_POLICY_INFORMATION
         PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY SignaturePolicy;
         PROCESS_MITIGATION_FONT_DISABLE_POLICY FontDisablePolicy;
         PROCESS_MITIGATION_IMAGE_LOAD_POLICY ImageLoadPolicy;
+        PROCESS_MITIGATION_SYSTEM_CALL_FILTER_POLICY SystemCallFilterPolicy;
+        PROCESS_MITIGATION_PAYLOAD_RESTRICTION_POLICY PayloadRestrictionPolicy;
+        PROCESS_MITIGATION_CHILD_PROCESS_POLICY ChildProcessPolicy;
     };
 } PROCESS_MITIGATION_POLICY_INFORMATION, *PPROCESS_MITIGATION_POLICY_INFORMATION;
 
@@ -716,7 +728,9 @@ typedef struct _PROCESS_JOB_MEMORY_INFO
 typedef struct _PROCESS_CHILD_PROCESS_INFORMATION
 {
     BOOLEAN ProhibitChildProcesses;
-    BOOLEAN EnableAutomaticOverride;
+    //BOOLEAN EnableAutomaticOverride; // REDSTONE2
+    BOOLEAN AlwaysAllowSecureChildProcess; // REDSTONE3
+    BOOLEAN AuditProhibitChildProcesses;
 } PROCESS_CHILD_PROCESS_INFORMATION, *PPROCESS_CHILD_PROCESS_INFORMATION;
 
 typedef struct _PROCESS_WAKE_INFORMATION
@@ -735,6 +749,45 @@ typedef struct _PROCESS_ENERGY_TRACKING_STATE
     WCHAR Tag[64];
 } PROCESS_ENERGY_TRACKING_STATE, *PPROCESS_ENERGY_TRACKING_STATE;
 
+typedef struct _MANAGE_WRITES_TO_EXECUTABLE_MEMORY
+{
+    ULONG Version : 8;
+    ULONG ProcessEnableWriteExceptions : 1;
+    ULONG ThreadAllowWrites : 1;
+    ULONG Spare : 22;
+} MANAGE_WRITES_TO_EXECUTABLE_MEMORY, *PMANAGE_WRITES_TO_EXECUTABLE_MEMORY;
+
+typedef struct _PROCESS_READWRITEVM_LOGGING_INFORMATION
+{
+    union
+    {
+        BOOLEAN Flags;
+        struct
+        {
+            BOOLEAN EnableReadVmLogging : 1;
+            BOOLEAN EnableWriteVmLogging : 1;
+            BOOLEAN Unused : 6;
+        };
+    };
+} PROCESS_READWRITEVM_LOGGING_INFORMATION, *PPROCESS_READWRITEVM_LOGGING_INFORMATION;
+
+typedef struct _PROCESS_UPTIME_INFORMATION
+{
+    ULONGLONG QueryInterruptTime;
+    ULONGLONG QueryUnbiasedTime;
+    ULONGLONG EndInterruptTime;
+    ULONGLONG TimeSinceCreation;
+    ULONGLONG Uptime;
+    ULONGLONG SuspendedTime;
+    union
+    {
+        ULONG HangCount : 4;
+        ULONG GhostCount : 4;
+        ULONG Crashed : 1;
+        ULONG Terminated : 1;       
+    };
+} PROCESS_UPTIME_INFORMATION, *PPROCESS_UPTIME_INFORMATION;
+
 // end_private
 
 #endif
@@ -756,8 +809,12 @@ typedef struct _THREAD_LAST_SYSCALL_INFORMATION
 {
     PVOID FirstArgument;
     USHORT SystemCallNumber;
-    //USHORT Reserved; // since REDSTONE2
+#ifdef WIN64
-    //ULONG64 WaitTime;
+    USHORT Pad[0x3]; // since REDSTONE2
+#else
+    USHORT Pad[0x1]; // since REDSTONE2
+#endif
+    ULONG64 WaitTime;
 } THREAD_LAST_SYSCALL_INFORMATION, *PTHREAD_LAST_SYSCALL_INFORMATION;
 
 // private
@@ -947,6 +1004,11 @@ NtResumeProcess(
 #define ZwCurrentSession() NtCurrentSession()
 #define NtCurrentPeb() (NtCurrentTeb()->ProcessEnvironmentBlock)
 
+// Windows 8 and above
+#define NtCurrentProcessToken() ((HANDLE)(LONG_PTR)-4)
+#define NtCurrentThreadToken() ((HANDLE)(LONG_PTR)-5)
+#define NtCurrentEffectiveToken() ((HANDLE)(LONG_PTR)-6)
+
 // Not NT, but useful.
 #define NtCurrentProcessId() (NtCurrentTeb()->ClientId.UniqueProcess)
 #define NtCurrentThreadId() (NtCurrentTeb()->ClientId.UniqueThread)
@@ -1249,6 +1311,7 @@ typedef enum _PS_ATTRIBUTE_NUM
     PsAttributeSafeOpenPromptOriginClaim,
     PsAttributeBnoIsolation, // PS_BNO_ISOLATION_PARAMETERS
     PsAttributeDesktopAppPolicy, // in ULONG
+    PsAttributeChpe, // since REDSTONE3
     PsAttributeMax
 } PS_ATTRIBUTE_NUM;
 
@@ -1400,7 +1463,15 @@ typedef enum _PS_MITIGATION_OPTION
     PS_MITIGATION_OPTION_RETURN_FLOW_GUARD,
     PS_MITIGATION_OPTION_LOADER_INTEGRITY_CONTINUITY,
     PS_MITIGATION_OPTION_STRICT_CONTROL_FLOW_GUARD,
-    PS_MITIGATION_OPTION_RESTRICT_SET_THREAD_CONTEXT
+    PS_MITIGATION_OPTION_RESTRICT_SET_THREAD_CONTEXT,
+    PS_MITIGATION_OPTION_ROP_STACKPIVOT, // since REDSTONE3
+    PS_MITIGATION_OPTION_ROP_CALLER_CHECK,
+    PS_MITIGATION_OPTION_ROP_SIMEXEC,
+    PS_MITIGATION_OPTION_EXPORT_ADDRESS_FILTER,
+    PS_MITIGATION_OPTION_EXPORT_ADDRESS_FILTER_PLUS,
+    PS_MITIGATION_OPTION_RESTRICT_CHILD_PROCESS_CREATION,
+    PS_MITIGATION_OPTION_IMPORT_ADDRESS_FILTER,
+    PS_MITIGATION_OPTION_MODULE_TAMPERING_PROTECTION
 } PS_MITIGATION_OPTION;
 
 // windows-internals-book:"Chapter 5"
@@ -1562,52 +1633,53 @@ NtCreateThreadEx(
 #if (PHNT_MODE != PHNT_MODE_KERNEL)
 
 // JOBOBJECTINFOCLASS
-#define JobObjectBasicAccountingInformation 1
+// Note: We don't use an enum since it conflicts with the Windows SDK.
-#define JobObjectBasicLimitInformation 2
+#define JobObjectBasicAccountingInformation 1 // JOBOBJECT_BASIC_ACCOUNTING_INFORMATION
-#define JobObjectBasicProcessIdList 3
+#define JobObjectBasicLimitInformation 2 // JOBOBJECT_BASIC_LIMIT_INFORMATION
-#define JobObjectBasicUIRestrictions 4
+#define JobObjectBasicProcessIdList 3 // JOBOBJECT_BASIC_PROCESS_ID_LIST
-#define JobObjectSecurityLimitInformation 5
+#define JobObjectBasicUIRestrictions 4 // JOBOBJECT_BASIC_UI_RESTRICTIONS
-#define JobObjectEndOfJobTimeInformation 6
+#define JobObjectSecurityLimitInformation 5 // JOBOBJECT_SECURITY_LIMIT_INFORMATION
-#define JobObjectAssociateCompletionPortInformation 7
+#define JobObjectEndOfJobTimeInformation 6 // JOBOBJECT_END_OF_JOB_TIME_INFORMATION
-#define JobObjectBasicAndIoAccountingInformation 8
+#define JobObjectAssociateCompletionPortInformation 7 // JOBOBJECT_ASSOCIATE_COMPLETION_PORT
-#define JobObjectExtendedLimitInformation 9
+#define JobObjectBasicAndIoAccountingInformation 8 // JOBOBJECT_BASIC_AND_IO_ACCOUNTING_INFORMATION
-#define JobObjectJobSetInformation 10
+#define JobObjectExtendedLimitInformation 9 // JOBOBJECT_EXTENDED_LIMIT_INFORMATION
-#define JobObjectGroupInformation 11
+#define JobObjectJobSetInformation 10 // JOBOBJECT_JOBSET_INFORMATION
-#define JobObjectNotificationLimitInformation 12
+#define JobObjectGroupInformation 11 // USHORT
-#define JobObjectLimitViolationInformation 13
+#define JobObjectNotificationLimitInformation 12 // JOBOBJECT_NOTIFICATION_LIMIT_INFORMATION
-#define JobObjectGroupInformationEx 14
+#define JobObjectLimitViolationInformation 13 // JOBOBJECT_LIMIT_VIOLATION_INFORMATION
-#define JobObjectCpuRateControlInformation 15
+#define JobObjectGroupInformationEx 14 // GROUP_AFFINITY (ARRAY)
+#define JobObjectCpuRateControlInformation 15 // JOBOBJECT_CPU_RATE_CONTROL_INFORMATION
 #define JobObjectCompletionFilter 16
 #define JobObjectCompletionCounter 17
-#define JobObjectFreezeInformation 18
+#define JobObjectFreezeInformation 18 // JOBOBJECT_FREEZE_INFORMATION
-#define JobObjectExtendedAccountingInformation 19
+#define JobObjectExtendedAccountingInformation 19 // JOBOBJECT_EXTENDED_ACCOUNTING_INFORMATION
-#define JobObjectWakeInformation 20
+#define JobObjectWakeInformation 20 // JOBOBJECT_WAKE_INFORMATION
 #define JobObjectBackgroundInformation 21
 #define JobObjectSchedulingRankBiasInformation 22
 #define JobObjectTimerVirtualizationInformation 23
 #define JobObjectCycleTimeNotification 24
 #define JobObjectClearEvent 25
-#define JobObjectInterferenceInformation 26
+#define JobObjectInterferenceInformation 26 // JOBOBJECT_INTERFERENCE_INFORMATION
 #define JobObjectClearPeakJobMemoryUsed 27
-#define JobObjectMemoryUsageInformation 28
+#define JobObjectMemoryUsageInformation 28 // JOBOBJECT_MEMORY_USAGE_INFORMATION // JOBOBJECT_MEMORY_USAGE_INFORMATION_V2
 #define JobObjectSharedCommit 29
 #define JobObjectContainerId 30
 #define JobObjectIoRateControlInformation 31
-#define JobObjectNetRateControlInformation 32
+#define JobObjectNetRateControlInformation 32 // JOBOBJECT_NET_RATE_CONTROL_INFORMATION
-#define JobObjectNotificationLimitInformation2 33
+#define JobObjectNotificationLimitInformation2 33 // JOBOBJECT_NOTIFICATION_LIMIT_INFORMATION_2
-#define JobObjectLimitViolationInformation2 34
+#define JobObjectLimitViolationInformation2 34 // JOBOBJECT_LIMIT_VIOLATION_INFORMATION_2
 #define JobObjectCreateSilo 35
-#define JobObjectSiloBasicInformation 36
+#define JobObjectSiloBasicInformation 36 // SILOOBJECT_BASIC_INFORMATION
-#define JobObjectSiloRootDirectory 37
+#define JobObjectSiloRootDirectory 37 // SILOOBJECT_ROOT_DIRECTORY
-#define JobObjectServerSiloBasicInformation 38
+#define JobObjectServerSiloBasicInformation 38 // SERVERSILO_BASIC_INFORMATION
-#define JobObjectServerSiloUserSharedData 39
+#define JobObjectServerSiloUserSharedData 39 // SILO_USER_SHARED_DATA
 #define JobObjectServerSiloInitialize 40
 #define JobObjectServerSiloRunningState 41
 #define JobObjectIoAttribution 42
 #define JobObjectMemoryPartitionInformation 43
 #define JobObjectContainerTelemetryId 44
 #define JobObjectSiloSystemRoot 45
-#define JobObjectEnergyTrackingState 46
+#define JobObjectEnergyTrackingState 46 // JOBOBJECT_ENERGY_TRACKING_STATE
 #define JobObjectThreadImpersonationInformation 47
 #define MaxJobObjectInfoClass 48
 

inc/phnt/ntregapi.h

@@ -120,6 +120,7 @@ typedef enum _KEY_SET_INFORMATION_CLASS
     KeySetVirtualizationInformation, // KEY_SET_VIRTUALIZATION_INFORMATION
     KeySetDebugInformation,
     KeySetHandleTagsInformation, // KEY_HANDLE_TAGS_INFORMATION
+    KeySetLayerInformation, // KEY_SET_LAYER_INFORMATION
     MaxKeySetInfoClass
 } KEY_SET_INFORMATION_CLASS;
 
@@ -138,6 +139,15 @@ typedef struct _KEY_HANDLE_TAGS_INFORMATION
     ULONG HandleTags;
 } KEY_HANDLE_TAGS_INFORMATION, *PKEY_HANDLE_TAGS_INFORMATION;
 
+typedef struct _KEY_SET_LAYER_INFORMATION
+{
+    ULONG IsTombstone : 1;
+    ULONG IsSupersedeLocal : 1;
+    ULONG IsSupersedeTree : 1;
+    ULONG ClassIsInherited : 1;
+    ULONG Reserved : 28;
+} KEY_SET_LAYER_INFORMATION, *PKEY_SET_LAYER_INFORMATION;
+
 typedef struct _KEY_CONTROL_FLAGS_INFORMATION
 {
     ULONG ControlFlags;
@@ -524,6 +534,12 @@ NtUnloadKey(
     _In_ POBJECT_ATTRIBUTES TargetKey
     );
 
+//
+// NtUnloadKey2 Flags (from winnt.h)
+//
+//#define REG_FORCE_UNLOAD            1
+//#define REG_UNLOAD_LEGAL_FLAGS      (REG_FORCE_UNLOAD)
+
 NTSYSCALLAPI
 NTSTATUS
 NTAPI

inc/phnt/ntrtl.h

@@ -1,6 +1,9 @@
 #ifndef _NTRTL_H
 #define _NTRTL_H
 
+#define RtlOffsetToPointer(Base, Offset) ((PCHAR)(((PCHAR)(Base)) + ((ULONG_PTR)(Offset))))
+#define RtlPointerToOffset(Base, Pointer) ((ULONG)(((PCHAR)(Pointer)) - ((PCHAR)(Base))))
+
 // Linked lists
 
 FORCEINLINE VOID InitializeListHead(
@@ -3209,7 +3212,7 @@ RtlDosSearchPath_U(
 
 #define RTL_DOS_SEARCH_PATH_FLAG_APPLY_ISOLATION_REDIRECTION 0x00000001
 #define RTL_DOS_SEARCH_PATH_FLAG_DISALLOW_DOT_RELATIVE_PATH_SEARCH 0x00000002
-#define RTL_DOS_SEARCH_PATH_FLAG_APPLY_DEFAULT_EXTENSION_WHEN_NOT_RELATIVE_PATH_EVEN_IF_FILE_HAS_EXTENSION 0x00000004)
+#define RTL_DOS_SEARCH_PATH_FLAG_APPLY_DEFAULT_EXTENSION_WHEN_NOT_RELATIVE_PATH_EVEN_IF_FILE_HAS_EXTENSION 0x00000004
 
 NTSYSAPI
 NTSTATUS
@@ -4562,6 +4565,12 @@ typedef struct _RTL_BITMAP
     PULONG Buffer;
 } RTL_BITMAP, *PRTL_BITMAP;
 
+typedef struct _RTL_BITMAP_EX
+{
+    ULONG64 SizeOfBitMap;
+    PULONG64 Buffer;
+} RTL_BITMAP_EX, *PRTL_BITMAP_EX;
+
 NTSYSAPI
 VOID
 NTAPI
@@ -6583,4 +6592,182 @@ RtlCrc64(
 
 #endif
 
+// Image Mitigation
+
+// rev
+typedef enum _IMAGE_MITIGATION_POLICY
+{
+    ImageDepPolicy, // RTL_IMAGE_MITIGATION_DEP_POLICY
+    ImageAslrPolicy, // RTL_IMAGE_MITIGATION_ASLR_POLICY
+    ImageDynamicCodePolicy, // RTL_IMAGE_MITIGATION_DYNAMIC_CODE_POLICY
+    ImageStrictHandleCheckPolicy, // RTL_IMAGE_MITIGATION_STRICT_HANDLE_CHECK_POLICY
+    ImageSystemCallDisablePolicy, // RTL_IMAGE_MITIGATION_SYSTEM_CALL_DISABLE_POLICY
+    ImageMitigationOptionsMask,
+    ImageExtensionPointDisablePolicy, // RTL_IMAGE_MITIGATION_EXTENSION_POINT_DISABLE_POLICY
+    ImageControlFlowGuardPolicy, // RTL_IMAGE_MITIGATION_CONTROL_FLOW_GUARD_POLICY
+    ImageSignaturePolicy, // RTL_IMAGE_MITIGATION_BINARY_SIGNATURE_POLICY
+    ImageFontDisablePolicy, // RTL_IMAGE_MITIGATION_FONT_DISABLE_POLICY
+    ImageImageLoadPolicy, // RTL_IMAGE_MITIGATION_IMAGE_LOAD_POLICY
+    ImagePayloadRestrictionPolicy, // RTL_IMAGE_MITIGATION_PAYLOAD_RESTRICTION_POLICY
+    ImageChildProcessPolicy, // RTL_IMAGE_MITIGATION_CHILD_PROCESS_POLICY
+    ImageSehopPolicy, // RTL_IMAGE_MITIGATION_SEHOP_POLICY
+    ImageHeapPolicy, // RTL_IMAGE_MITIGATION_HEAP_POLICY
+    MaxImageMitigationPolicy
+} IMAGE_MITIGATION_POLICY;
+
+// rev
+typedef union _RTL_IMAGE_MITIGATION_POLICY
+{
+    struct
+    {
+        ULONG64 AuditState : 2;
+        ULONG64 AuditFlag : 1;
+        ULONG64 EnableAdditionalAuditingOption : 1;
+        ULONG64 Reserved : 60;
+    };
+    struct
+    {
+        ULONG64 PolicyState : 2;
+        ULONG64 AlwaysInherit : 1;
+        ULONG64 EnableAdditionalPolicyOption : 1;
+        ULONG64 AuditReserved : 60;
+    };
+} RTL_IMAGE_MITIGATION_POLICY, *PRTL_IMAGE_MITIGATION_POLICY;
+
+// rev
+typedef struct _RTL_IMAGE_MITIGATION_DEP_POLICY
+{
+    RTL_IMAGE_MITIGATION_POLICY Dep;
+} RTL_IMAGE_MITIGATION_DEP_POLICY, *PRTL_IMAGE_MITIGATION_DEP_POLICY;
+
+// rev
+typedef struct _RTL_IMAGE_MITIGATION_ASLR_POLICY
+{
+    RTL_IMAGE_MITIGATION_POLICY ForceRelocateImages;
+    RTL_IMAGE_MITIGATION_POLICY BottomUpRandomization;
+    RTL_IMAGE_MITIGATION_POLICY HighEntropyRandomization;
+} RTL_IMAGE_MITIGATION_ASLR_POLICY, *PRTL_IMAGE_MITIGATION_ASLR_POLICY;
+
+// rev
+typedef struct _RTL_IMAGE_MITIGATION_DYNAMIC_CODE_POLICY
+{
+    RTL_IMAGE_MITIGATION_POLICY BlockDynamicCode;
+} RTL_IMAGE_MITIGATION_DYNAMIC_CODE_POLICY, *PRTL_IMAGE_MITIGATION_DYNAMIC_CODE_POLICY;
+
+// rev
+typedef struct _RTL_IMAGE_MITIGATION_STRICT_HANDLE_CHECK_POLICY
+{
+    RTL_IMAGE_MITIGATION_POLICY StrictHandleChecks;
+} RTL_IMAGE_MITIGATION_STRICT_HANDLE_CHECK_POLICY, *PRTL_IMAGE_MITIGATION_STRICT_HANDLE_CHECK_POLICY;
+
+// rev
+typedef struct _RTL_IMAGE_MITIGATION_SYSTEM_CALL_DISABLE_POLICY
+{
+    RTL_IMAGE_MITIGATION_POLICY BlockWin32kSystemCalls;
+} RTL_IMAGE_MITIGATION_SYSTEM_CALL_DISABLE_POLICY, *PRTL_IMAGE_MITIGATION_SYSTEM_CALL_DISABLE_POLICY;
+
+// rev
+typedef struct _RTL_IMAGE_MITIGATION_EXTENSION_POINT_DISABLE_POLICY
+{
+    RTL_IMAGE_MITIGATION_POLICY DisableExtensionPoints;
+} RTL_IMAGE_MITIGATION_EXTENSION_POINT_DISABLE_POLICY, *PRTL_IMAGE_MITIGATION_EXTENSION_POINT_DISABLE_POLICY;
+
+// rev
+typedef struct _RTL_IMAGE_MITIGATION_CONTROL_FLOW_GUARD_POLICY
+{
+    RTL_IMAGE_MITIGATION_POLICY ControlFlowGuard;
+    RTL_IMAGE_MITIGATION_POLICY StrictControlFlowGuard;
+} RTL_IMAGE_MITIGATION_CONTROL_FLOW_GUARD_POLICY, *PRTL_IMAGE_MITIGATION_CONTROL_FLOW_GUARD_POLICY;
+
+// rev
+typedef struct _RTL_IMAGE_MITIGATION_BINARY_SIGNATURE_POLICY
+{
+    RTL_IMAGE_MITIGATION_POLICY BlockNonMicrosoftSignedBinaries;
+    RTL_IMAGE_MITIGATION_POLICY EnforceSigningOnModuleDependencies;
+} RTL_IMAGE_MITIGATION_BINARY_SIGNATURE_POLICY, *PRTL_IMAGE_MITIGATION_BINARY_SIGNATURE_POLICY;
+
+// rev
+typedef struct _RTL_IMAGE_MITIGATION_FONT_DISABLE_POLICY
+{
+    RTL_IMAGE_MITIGATION_POLICY DisableNonSystemFonts;
+} RTL_IMAGE_MITIGATION_FONT_DISABLE_POLICY, *PRTL_IMAGE_MITIGATION_FONT_DISABLE_POLICY;
+
+// rev
+typedef struct _RTL_IMAGE_MITIGATION_IMAGE_LOAD_POLICY
+{
+    RTL_IMAGE_MITIGATION_POLICY BlockRemoteImageLoads;
+    RTL_IMAGE_MITIGATION_POLICY BlockLowLabelImageLoads;
+    RTL_IMAGE_MITIGATION_POLICY PreferSystem32;
+} RTL_IMAGE_MITIGATION_IMAGE_LOAD_POLICY, *PRTL_IMAGE_MITIGATION_IMAGE_LOAD_POLICY;
+
+// rev
+typedef struct _RTL_IMAGE_MITIGATION_PAYLOAD_RESTRICTION_POLICY
+{
+    RTL_IMAGE_MITIGATION_POLICY EnableExportAddressFilter;
+    RTL_IMAGE_MITIGATION_POLICY EnableExportAddressFilterPlus;
+    RTL_IMAGE_MITIGATION_POLICY EnableImportAddressFilter;
+    RTL_IMAGE_MITIGATION_POLICY EnableRopStackPivot;
+    RTL_IMAGE_MITIGATION_POLICY EnableRopCallerCheck;
+    RTL_IMAGE_MITIGATION_POLICY EnableRopSimExec;
+} RTL_IMAGE_MITIGATION_PAYLOAD_RESTRICTION_POLICY, *PRTL_IMAGE_MITIGATION_PAYLOAD_RESTRICTION_POLICY;
+
+// rev
+typedef struct _RTL_IMAGE_MITIGATION_CHILD_PROCESS_POLICY
+{
+    RTL_IMAGE_MITIGATION_POLICY DisallowChildProcessCreation;
+} RTL_IMAGE_MITIGATION_CHILD_PROCESS_POLICY, *PRTL_IMAGE_MITIGATION_CHILD_PROCESS_POLICY;
+
+// rev
+typedef struct _RTL_IMAGE_MITIGATION_SEHOP_POLICY
+{
+    RTL_IMAGE_MITIGATION_POLICY Sehop;
+} RTL_IMAGE_MITIGATION_SEHOP_POLICY, *PRTL_IMAGE_MITIGATION_SEHOP_POLICY;
+
+// rev
+typedef struct _RTL_IMAGE_MITIGATION_HEAP_POLICY
+{
+    RTL_IMAGE_MITIGATION_POLICY TerminateOnHeapErrors;
+} RTL_IMAGE_MITIGATION_HEAP_POLICY, *PRTL_IMAGE_MITIGATION_HEAP_POLICY;
+
+typedef enum _RTL_IMAGE_MITIGATION_OPTION_STATE
+{
+    RtlMitigationOptionStateNotConfigured,
+    RtlMitigationOptionStateOn,
+    RtlMitigationOptionStateOff
+} RTL_IMAGE_MITIGATION_OPTION_STATE;
+
+// rev from PROCESS_MITIGATION_FLAGS
+#define RTL_IMAGE_MITIGATION_FLAG_RESET 0x1
+#define RTL_IMAGE_MITIGATION_FLAG_REMOVE 0x2
+#define RTL_IMAGE_MITIGATION_FLAG_OSDEFAULT 0x4
+#define RTL_IMAGE_MITIGATION_FLAG_AUDIT 0x8
+
+#if (PHNT_VERSION >= PHNT_REDSTONE3)
+
+// rev
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlQueryImageMitigationPolicy(
+    _In_opt_ PWSTR ImagePath, // NULL for system-wide defaults
+    _In_ IMAGE_MITIGATION_POLICY Policy,
+    _In_ ULONG Flags,
+    _Inout_ PVOID Buffer,
+    _In_ ULONG BufferSize
+    );
+
+// rev
+NTSYSAPI
+NTSTATUS
+NTAPI
+RtlSetImageMitigationPolicy(
+    _In_opt_ PWSTR ImagePath, // NULL for system-wide defaults
+    _In_ IMAGE_MITIGATION_POLICY Policy,
+    _In_ ULONG Flags,
+    _Inout_ PVOID Buffer,
+    _In_ ULONG BufferSize
+    );
+
+#endif
+
 #endif

inc/phnt/ntwow64.h

@@ -167,6 +167,7 @@ typedef struct _LDR_DATA_TABLE_ENTRY32
     ULONG ImplicitPathOptions;
     ULONG ReferenceCount;
     ULONG DependentLoadFlags;
+    UCHAR SigningLevel; // since REDSTONE2
 } LDR_DATA_TABLE_ENTRY32, *PLDR_DATA_TABLE_ENTRY32;
 
 typedef struct _CURDIR32

inc/phnt/ntzwapi.h

@@ -1537,17 +1537,6 @@ ZwExtendSection(
     _Inout_ PLARGE_INTEGER NewSectionSize
     );
 
-NTSYSCALLAPI
-NTSTATUS
-NTAPI
-ZwFilterBootOption(
-    _In_ FILTER_BOOT_OPTION_OPERATION FilterOperation,
-    _In_ ULONG ObjectType,
-    _In_ ULONG ElementType,
-    _In_reads_bytes_opt_(DataSize) PVOID Data,
-    _In_ ULONG DataSize
-    );
-
 NTSYSCALLAPI
 NTSTATUS
 NTAPI

inc/phnt/phnt.h

@@ -35,6 +35,7 @@
 #define PHNT_THRESHOLD2 101
 #define PHNT_REDSTONE 102
 #define PHNT_REDSTONE2 103
+#define PHNT_REDSTONE3 104
 
 #ifndef PHNT_MODE
 #define PHNT_MODE PHNT_MODE_USER

phnt/zw_options.txt

@@ -1,5 +0,0 @@
-base=include
-in=ntdbg.h;ntexapi.h;ntgdi.h;ntioapi.h;ntkeapi.h;ntldr.h;ntlpcapi.h;ntmisc.h;ntmmapi.h;ntnls.h;ntobapi.h;ntpebteb.h;ntpfapi.h;ntpnpapi.h;ntpoapi.h;ntpsapi.h;ntregapi.h;ntrtl.h;ntsam.h;ntseapi.h;nttmapi.h;nttp.h;ntwow64.h;ntxcapi.h
-out=ntzwapi.h
-header=#ifndef _NTZWAPI_H\r\n#define _NTZWAPI_H\r\n\r\n// This file was automatically generated. Do not edit.\r\n\r\n
-footer=#endif\r\n

src/AdvancedInstallerHelper/AdvancedInstallerHelper.vcxproj

@@ -0,0 +1,118 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <VCProjectVersion>15.0</VCProjectVersion>
+    <ProjectGuid>{12498D61-02AF-4C13-925D-E130EEDE2543}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>AdvancedInstallerHelper</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.16299.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="Shared">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+    <GenerateManifest>false</GenerateManifest>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(ProjectDir)bin\$(Configuration)\$(PlatformShortName)\</OutDir>
+    <IntDir>$(ProjectDir)$(BaseIntermediateOutputPath)$(Configuration)\$(PlatformShortName)\</IntDir>
+    <GenerateManifest>false</GenerateManifest>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;_DEBUG;ADVANCEDINSTALLERHELPER_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
+      <ConformanceMode>true</ConformanceMode>
+      <CompileAs>CompileAsC</CompileAs>
+    </ClCompile>
+    <Link>
+      <SubSystem>Windows</SubSystem>
+      <ModuleDefinitionFile>exports.def</ModuleDefinitionFile>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;NDEBUG;ADVANCEDINSTALLERHELPER_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <DebugInformationFormat>None</DebugInformationFormat>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <CompileAs>CompileAsC</CompileAs>
+    </ClCompile>
+    <Link>
+      <SubSystem>Windows</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>false</GenerateDebugInformation>
+      <SetChecksum>true</SetChecksum>
+      <ModuleDefinitionFile>exports.def</ModuleDefinitionFile>
+    </Link>
+    <PostBuildEvent>
+      <Command>copy /Y "$(TargetPath)" "$(SolutionDir)wufuc_setup\"</Command>
+      <Message>Copy release binaries to the setup staging directory</Message>
+    </PostBuildEvent>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClInclude Include="stdafx.h" />
+    <ClInclude Include="targetver.h" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="dllmain.c" />
+    <ClCompile Include="stdafx.c">
+      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
+      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
+    </ClCompile>
+    <ClCompile Include="customactions.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="exports.def" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>

src/AdvancedInstallerHelper/AdvancedInstallerHelper.vcxproj.filters

@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Source Files">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Header Files">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Resource Files">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="stdafx.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="targetver.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="stdafx.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="dllmain.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="customactions.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="exports.def">
+      <Filter>Source Files</Filter>
+    </None>
+  </ItemGroup>
+</Project>

src/AdvancedInstallerHelper/exports.def

@@ -0,0 +1,3 @@
+LIBRARY
+EXPORTS
+		UnloadCustomAction @1

src/wufuc.sln

@@ -1,38 +1,37 @@
 
 Microsoft Visual Studio Solution File, Format Version 12.00
 # Visual Studio 15
-VisualStudioVersion = 15.0.26730.16
+VisualStudioVersion = 15.0.27130.2036
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wufuc", "wufuc\wufuc.vcxproj", "{00F96695-CE41-4C2F-A344-6219DFB4F887}"
 EndProject
-Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{8C2147FF-2B83-479B-813E-5ACB86F43042}"
-	ProjectSection(SolutionItems) = preProject
-		.gitignore = .gitignore
-		appveyor.yml = appveyor.yml
-	EndProjectSection
-EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "wufuc_setup_bat", "wufuc_setup_bat", "{97E33D3C-9AA1-4B84-803A-1A6AE2C6F361}"
 	ProjectSection(SolutionItems) = preProject
 		wufuc_setup_bat\install_wufuc.bat = wufuc_setup_bat\install_wufuc.bat
 		wufuc_setup_bat\uninstall_wufuc.bat = wufuc_setup_bat\uninstall_wufuc.bat
 	EndProjectSection
 EndProject
-Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Documentation", "Documentation", "{65210B26-9B74-4B7E-B777-7A2EE4162595}"
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "AdvancedInstallerHelper", "AdvancedInstallerHelper\AdvancedInstallerHelper.vcxproj", "{12498D61-02AF-4C13-925D-E130EEDE2543}"
+EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Repository Items", "Repository Items", "{E7EDB493-4D31-4646-8537-C515613689A6}"
 	ProjectSection(SolutionItems) = preProject
-		CONTRIBUTING.md = CONTRIBUTING.md
+		..\.gitignore = ..\.gitignore
-		DONATIONS.md = DONATIONS.md
+		..\appveyor.yml = ..\appveyor.yml
-		LICENSE = LICENSE
+		..\COPYING = ..\COPYING
-		README.md = README.md
+		..\DONATE.md = ..\DONATE.md
+		..\FAQ.md = ..\FAQ.md
+		..\README.md = ..\README.md
 	EndProjectSection
 EndProject
-Project("{840C416C-B8F3-42BC-B0DD-F6BB14C9F8CB}") = "wufuc_setup", "wufuc_setup\wufuc_setup.aiproj", "{8F75FC4A-22FF-4CDA-8A09-3BC547E7C29B}"
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = ".github", ".github", "{ACE23C8E-C137-4B93-9147-DCF126E1248E}"
+	ProjectSection(SolutionItems) = preProject
+		..\.github\ISSUE_TEMPLATE.md = ..\.github\ISSUE_TEMPLATE.md
+	EndProjectSection
 EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|x64 = Debug|x64
 		Debug|x86 = Debug|x86
-		DefaultBuild|x64 = DefaultBuild|x64
-		DefaultBuild|x86 = DefaultBuild|x86
 		Release|x64 = Release|x64
 		Release|x86 = Release|x86
 	EndGlobalSection
@@ -41,32 +40,22 @@ Global
 		{00F96695-CE41-4C2F-A344-6219DFB4F887}.Debug|x64.Build.0 = Debug|x64
 		{00F96695-CE41-4C2F-A344-6219DFB4F887}.Debug|x86.ActiveCfg = Debug|Win32
 		{00F96695-CE41-4C2F-A344-6219DFB4F887}.Debug|x86.Build.0 = Debug|Win32
-		{00F96695-CE41-4C2F-A344-6219DFB4F887}.DefaultBuild|x64.ActiveCfg = Debug|x64
-		{00F96695-CE41-4C2F-A344-6219DFB4F887}.DefaultBuild|x64.Build.0 = Debug|x64
-		{00F96695-CE41-4C2F-A344-6219DFB4F887}.DefaultBuild|x86.ActiveCfg = Debug|Win32
-		{00F96695-CE41-4C2F-A344-6219DFB4F887}.DefaultBuild|x86.Build.0 = Debug|Win32
 		{00F96695-CE41-4C2F-A344-6219DFB4F887}.Release|x64.ActiveCfg = Release|x64
 		{00F96695-CE41-4C2F-A344-6219DFB4F887}.Release|x64.Build.0 = Release|x64
 		{00F96695-CE41-4C2F-A344-6219DFB4F887}.Release|x86.ActiveCfg = Release|Win32
 		{00F96695-CE41-4C2F-A344-6219DFB4F887}.Release|x86.Build.0 = Release|Win32
-		{8F75FC4A-22FF-4CDA-8A09-3BC547E7C29B}.Debug|x64.ActiveCfg = All
+		{12498D61-02AF-4C13-925D-E130EEDE2543}.Debug|x64.ActiveCfg = Debug|Win32
-		{8F75FC4A-22FF-4CDA-8A09-3BC547E7C29B}.Debug|x64.Build.0 = All
+		{12498D61-02AF-4C13-925D-E130EEDE2543}.Debug|x86.ActiveCfg = Debug|Win32
-		{8F75FC4A-22FF-4CDA-8A09-3BC547E7C29B}.Debug|x86.ActiveCfg = All
+		{12498D61-02AF-4C13-925D-E130EEDE2543}.Debug|x86.Build.0 = Debug|Win32
-		{8F75FC4A-22FF-4CDA-8A09-3BC547E7C29B}.Debug|x86.Build.0 = All
+		{12498D61-02AF-4C13-925D-E130EEDE2543}.Release|x64.ActiveCfg = Release|Win32
-		{8F75FC4A-22FF-4CDA-8A09-3BC547E7C29B}.DefaultBuild|x64.ActiveCfg = All
+		{12498D61-02AF-4C13-925D-E130EEDE2543}.Release|x86.ActiveCfg = Release|Win32
-		{8F75FC4A-22FF-4CDA-8A09-3BC547E7C29B}.DefaultBuild|x64.Build.0 = All
+		{12498D61-02AF-4C13-925D-E130EEDE2543}.Release|x86.Build.0 = Release|Win32
-		{8F75FC4A-22FF-4CDA-8A09-3BC547E7C29B}.DefaultBuild|x86.ActiveCfg = All
-		{8F75FC4A-22FF-4CDA-8A09-3BC547E7C29B}.DefaultBuild|x86.Build.0 = All
-		{8F75FC4A-22FF-4CDA-8A09-3BC547E7C29B}.Release|x64.ActiveCfg = All
-		{8F75FC4A-22FF-4CDA-8A09-3BC547E7C29B}.Release|x64.Build.0 = All
-		{8F75FC4A-22FF-4CDA-8A09-3BC547E7C29B}.Release|x86.ActiveCfg = All
-		{8F75FC4A-22FF-4CDA-8A09-3BC547E7C29B}.Release|x86.Build.0 = All
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
 	EndGlobalSection
 	GlobalSection(NestedProjects) = preSolution
-		{65210B26-9B74-4B7E-B777-7A2EE4162595} = {8C2147FF-2B83-479B-813E-5ACB86F43042}
+		{ACE23C8E-C137-4B93-9147-DCF126E1248E} = {E7EDB493-4D31-4646-8537-C515613689A6}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {5070ABC4-3344-4D6E-B744-E3508B10A327}

src/wufuc/callbacks.c

@@ -0,0 +1,165 @@
+#include "stdafx.h"
+#include "callbacks.h"
+#include "hooks.h"
+#include "log.h"
+#include "modulehelper.h"
+#include "registryhelper.h"
+#include "servicehelper.h"
+#include "versionhelper.h"
+#include "ptrlist.h"
+#include "wufuc.h"
+
+#include <VersionHelpers.h>
+#include <minhook.h>
+
+VOID CALLBACK cb_service_notify(PSERVICE_NOTIFYW pNotifyBuffer)
+{
+        switch ( pNotifyBuffer->dwNotificationStatus ) {
+        case ERROR_SUCCESS:
+                if ( pNotifyBuffer->ServiceStatus.dwProcessId )
+                        wufuc_inject(
+                                pNotifyBuffer->ServiceStatus.dwProcessId,
+                                (LPTHREAD_START_ROUTINE)cb_start,
+                                (ptrlist_t *)pNotifyBuffer->pContext);
+                break;
+        case ERROR_SERVICE_MARKED_FOR_DELETE:
+                SetEvent(ptrlist_at((ptrlist_t *)pNotifyBuffer->pContext, 0, NULL));
+                break;
+        }
+        if ( pNotifyBuffer->pszServiceNames )
+                LocalFree((HLOCAL)pNotifyBuffer->pszServiceNames);
+}
+
+DWORD WINAPI cb_start(HANDLE *pParam)
+{
+        HANDLE handles[2];
+        HANDLE hCrashMutex;
+        HANDLE hProceedEvent;
+        SC_HANDLE hSCM;
+        SC_HANDLE hService;
+        DWORD dwProcessId;
+        LPQUERY_SERVICE_CONFIGW pServiceConfig;
+        DWORD dwServiceType;
+        const wchar_t szKernel32Dll[] = L"kernel32.dll";
+        const wchar_t szKernelBaseDll[] = L"KernelBase.dll";
+        const wchar_t *pszModule;
+        MH_STATUS status;
+        int tmp;
+        LPVOID pv1 = NULL;
+        LPVOID pv2 = NULL;
+        wchar_t *str;
+        HMODULE hModule;
+
+        if ( !pParam ) {
+                log_error(L"Parameter argument is null!");
+                goto unload;
+        }
+        handles[0] = pParam[0]; // main mutex
+        handles[1] = pParam[1]; // unload event
+        hCrashMutex = pParam[2]; // crash mutex
+        hProceedEvent = pParam[3]; // proceed event
+        if ( !VirtualFree(pParam, 0, MEM_RELEASE) )
+                log_warning(L"VirtualFree failed! (lpAddress=%p, GLE=%lu)", pParam, GetLastError());
+
+        // acquire child mutex, this should be immediate.
+        if ( WaitForSingleObject(hCrashMutex, 5000) != WAIT_OBJECT_0 ) {
+                log_error(L"Failed to acquire child mutex within five seconds. (%p)", hCrashMutex);
+                goto close_handles;
+        }
+        SetEvent(hProceedEvent);
+        CloseHandle(hProceedEvent);
+
+        hSCM = OpenSCManagerW(NULL, NULL, SC_MANAGER_CONNECT);
+        if ( !hSCM ) {
+                log_error(L"Failed to open SCM. (GetLastError=%lu)", GetLastError());
+                goto release;
+        }
+        hService = OpenServiceW(hSCM, L"wuauserv", SERVICE_QUERY_STATUS | SERVICE_QUERY_CONFIG);
+        dwProcessId = svc_heuristic_process_id(hSCM, hService);
+        pServiceConfig = svc_query_config_alloc(hSCM, hService, NULL);
+        dwServiceType = pServiceConfig->dwServiceType;
+        tmp = _wcsicmp(pServiceConfig->lpBinaryPathName, GetCommandLineW());
+        free(pServiceConfig);
+        CloseServiceHandle(hService);
+        CloseServiceHandle(hSCM);
+
+        if ( tmp || dwProcessId != GetCurrentProcessId() ) {
+                log_error(L"Injected into wrong process!");
+                goto release;
+        }
+        if ( !ver_verify_version_info(6, 1, 0) && !ver_verify_version_info(6, 3, 0) ) {
+                log_error(L"Unsupported operating system!");
+                goto release;
+        }
+        if ( dwServiceType == SERVICE_WIN32_SHARE_PROCESS ) {
+                // assume wuaueng.dll hasn't been loaded yet, apply
+                // RegQueryValueExW hook to fix incompatibility with
+                // UpdatePack7R2 and other patches that modify the
+                // Windows Update ServiceDll path in the registry.
+                pszModule = IsWindows8OrGreater()
+                        ? szKernelBaseDll
+                        : szKernel32Dll;
+                status = MH_CreateHookApiEx(pszModule,
+                        "RegQueryValueExW",
+                        RegQueryValueExW_hook,
+                        &(PVOID)g_pfnRegQueryValueExW,
+                        &pv1);
+                if ( status == MH_OK ) {
+                        status = MH_EnableHook(pv1);
+                        if ( status == MH_OK )
+                                log_info(L"Hooked RegQueryValueExW! (Module=%ls, Address=%p)", pszModule, pv1);
+                        else log_error(L"Failed to enable RegQueryValueExW hook! (Status=%hs)", MH_StatusToString(status));
+                } else log_error(L"Failed to create RegQueryValueExW hook! (Status=%hs)", MH_StatusToString(status));
+        }
+        // query the ServiceDll path after applying our compat hook so that it
+        // is correct
+        str = (wchar_t *)reg_query_value_alloc(HKEY_LOCAL_MACHINE,
+                L"SYSTEM\\CurrentControlSet\\services\\wuauserv\\Parameters",
+                L"ServiceDll", NULL, NULL);
+        if ( !str ) {
+abort_hook:
+                if ( pv1 )
+                        MH_RemoveHook(pv1);
+                goto release;
+        }
+        g_pszWUServiceDll = env_expand_strings_alloc(str, NULL);
+        free(str);
+        if ( !g_pszWUServiceDll ) goto abort_hook;
+
+        status = MH_CreateHookApiEx(szKernelBaseDll,
+                "LoadLibraryExW",
+                LoadLibraryExW_hook,
+                &(PVOID)g_pfnLoadLibraryExW,
+                &pv2);
+        if ( status == MH_OK ) {
+                status = MH_EnableHook(pv2);
+                if ( status == MH_OK )
+                        log_info(L"Hooked LoadLibraryExW! (Module=%ls, Address=%p)", szKernelBaseDll, pv2);
+                else log_error(L"Failed to enable LoadLibraryExW hook! (Status=%hs)", MH_StatusToString(status));
+        } else log_error(L"Failed to create LoadLibraryExW hook! (Status=%hs)", MH_StatusToString(status));
+
+        if ( GetModuleHandleExW(0, g_pszWUServiceDll, &hModule)
+                || GetModuleHandleExW(0, PathFindFileNameW(g_pszWUServiceDll), &hModule) ) {
+
+                // hook IsDeviceServiceable if wuaueng.dll is already loaded
+                wufuc_hook(hModule);
+                FreeLibrary(hModule);
+        }
+        // wait for unload event or the main mutex to be released or abandoned,
+        // for example if the user killed rundll32.exe with task manager.
+        WaitForMultipleObjects(_countof(handles), handles, FALSE, INFINITE);
+        log_info(L"Unload condition has been met.");
+
+        MH_DisableHook(MH_ALL_HOOKS);
+        free(g_pszWUServiceDll);
+release:
+        ReleaseMutex(hCrashMutex);
+close_handles:
+        CloseHandle(hCrashMutex);
+        CloseHandle(handles[0]);
+        CloseHandle(handles[1]);
+unload:
+        log_info(L"Unloading wufuc and exiting thread.");
+        FreeLibraryAndExitThread(PIMAGEBASE, 0);
+}
+

src/wufuc/callbacks.h

@@ -0,0 +1,4 @@
+#pragma once
+
+VOID CALLBACK cb_service_notify(PSERVICE_NOTIFYW pNotifyBuffer);
+DWORD WINAPI cb_start(HANDLE *pParam);

src/wufuc/dllmain.c

@@ -0,0 +1,23 @@
+#include "stdafx.h"
+#include "log.h"
+
+#include <minhook.h>
+
+BOOL APIENTRY DllMain(HMODULE hModule,
+        DWORD  ul_reason_for_call,
+        LPVOID lpReserved)
+{
+        switch ( ul_reason_for_call ) {
+        case DLL_PROCESS_ATTACH:
+                MH_Initialize();
+                break;
+        case DLL_THREAD_ATTACH:
+        case DLL_THREAD_DETACH:
+                break;
+        case DLL_PROCESS_DETACH:
+                MH_Uninitialize();
+                log_close();
+                break;
+        }
+        return TRUE;
+}

src/wufuc/eventhelper.c

@@ -0,0 +1,23 @@
+#include "stdafx.h"
+#include "eventhelper.h"
+
+#include <sddl.h>
+
+HANDLE event_create_with_string_security_descriptor(
+        bool ManualReset,
+        bool InitialState,
+        const wchar_t *Name,
+        const wchar_t *StringSecurityDescriptor)
+{
+        SECURITY_ATTRIBUTES sa = { sizeof sa };
+
+        if ( ConvertStringSecurityDescriptorToSecurityDescriptorW(
+                StringSecurityDescriptor,
+                SDDL_REVISION_1,
+                &sa.lpSecurityDescriptor,
+                NULL) ) {
+
+                return CreateEventW(&sa, ManualReset, InitialState, Name);
+        }
+        return NULL;
+}

src/wufuc/eventhelper.h

@@ -0,0 +1,7 @@
+#pragma once
+
+HANDLE event_create_with_string_security_descriptor(
+        bool ManualReset,
+        bool InitialState,
+        const wchar_t *Name,
+        const wchar_t *StringSecurityDescriptor);

src/wufuc/exports.def

@@ -0,0 +1,5 @@
+LIBRARY
+EXPORTS
+        RUNDLL32_StartW @1
+        RUNDLL32_UnloadW @2
+        RUNDLL32_DeleteFileW @3

src/wufuc/hooks.c

@@ -0,0 +1,100 @@
+#include "stdafx.h"
+#include "hooks.h"
+#include "log.h"
+#include "registryhelper.h"
+#include "ptrlist.h"
+#include "wufuc.h"
+
+wchar_t *g_pszWUServiceDll;
+
+LPFN_REGQUERYVALUEEXW g_pfnRegQueryValueExW;
+LPFN_LOADLIBRARYEXW g_pfnLoadLibraryExW;
+LPFN_ISDEVICESERVICEABLE g_pfnIsDeviceServiceable;
+
+LSTATUS WINAPI RegQueryValueExW_hook(HKEY hKey, LPCWSTR lpValueName, LPDWORD lpReserved, LPDWORD lpType, LPBYTE lpData, LPDWORD lpcbData)
+{
+        wchar_t *pBuffer;
+        DWORD MaximumLength = 0;
+        LSTATUS result;
+        ULONG ResultLength;
+        PKEY_NAME_INFORMATION pkni;
+        size_t NameCount;
+        unsigned int current;
+        int pos;
+        wchar_t *fname;
+        const wchar_t realpath[] = L"%systemroot%\\system32\\wuaueng.dll";
+        wchar_t *expandedpath;
+        DWORD cchLength;
+
+        // save original buffer size
+        if ( lpData && lpcbData )
+                MaximumLength = *lpcbData;
+        result = g_pfnRegQueryValueExW(hKey, lpValueName, lpReserved, lpType, lpData, lpcbData);
+
+        if ( result != ERROR_SUCCESS
+                || !MaximumLength
+                || !lpValueName
+                || (lpType && *lpType != REG_EXPAND_SZ)
+                || _wcsicmp(lpValueName, L"ServiceDll") )
+                return result;
+
+        pBuffer = (wchar_t *)lpData;
+
+        // get name of registry key being queried
+        pkni = reg_query_key_alloc((HANDLE)hKey, KeyNameInformation, &ResultLength);
+        if ( !pkni )
+                return result;
+        NameCount = pkni->NameLength / sizeof *pkni->Name;
+
+        // change key name to lower-case because there is no case-insensitive version of _snwscanf_s
+        for ( size_t i = 0; i < NameCount; i++ )
+                pkni->Name[i] = towlower(pkni->Name[i]);
+
+        if ( _snwscanf_s(pkni->Name, NameCount, L"\\registry\\machine\\system\\controlset%03u\\services\\wuauserv\\parameters%n", &current, &pos) == 1
+                && pos == NameCount ) {
+
+                fname = PathFindFileNameW(pBuffer);
+
+                if ( (!_wcsicmp(fname, L"wuaueng2.dll") // UpdatePack7R2
+                        || !_wcsicmp(fname, L"WuaCpuFix64.dll") // WuaCpuFix
+                        || !_wcsicmp(fname, L"WuaCpuFix.dll")) ) {
+
+                        expandedpath = env_expand_strings_alloc(realpath, &cchLength);
+                        if ( expandedpath ) {
+                                if ( PathFileExistsW(expandedpath)
+                                        && SUCCEEDED(StringCbCopyW(pBuffer, MaximumLength, expandedpath)) ) {
+                                        
+                                        *lpcbData = cchLength * (sizeof *expandedpath);
+                                        log_info(L"Fixed path to Windows Update service library.");
+                                }
+                                free(expandedpath);
+                        }
+                }
+        }
+        free(pkni);
+        return result;
+}
+
+HMODULE WINAPI LoadLibraryExW_hook(LPCWSTR lpFileName, HANDLE hFile, DWORD dwFlags)
+{
+        HMODULE result;
+
+        result = g_pfnLoadLibraryExW(lpFileName, hFile, dwFlags);
+        if ( !result ) return result;
+        log_debug(L"Loaded library: %ls (%p)", lpFileName, result);
+
+        if ( dwFlags == LOAD_WITH_ALTERED_SEARCH_PATH
+                && g_pszWUServiceDll
+                && (!_wcsicmp(lpFileName, g_pszWUServiceDll)
+                        || !_wcsicmp(lpFileName, PathFindFileNameW(g_pszWUServiceDll))) ) {
+
+                wufuc_hook(result);
+        }
+        return result;
+}
+
+BOOL WINAPI IsDeviceServiceable_hook(void)
+{
+        log_debug(L"Entered stub function.");
+        return TRUE;
+}

src/wufuc/hooks.h

@@ -0,0 +1,20 @@
+#pragma once
+
+
+typedef LSTATUS(WINAPI *LPFN_REGQUERYVALUEEXW)(HKEY, LPCWSTR, LPDWORD, LPDWORD, LPBYTE, LPDWORD);
+typedef HMODULE(WINAPI *LPFN_LOADLIBRARYEXW)(LPCWSTR, HANDLE, DWORD);
+typedef BOOL(WINAPI *LPFN_ISDEVICESERVICEABLE)(void);
+
+extern wchar_t *g_pszWUServiceDll;
+
+extern LPFN_REGQUERYVALUEEXW g_pfnRegQueryValueExW;
+extern LPFN_LOADLIBRARYEXW g_pfnLoadLibraryExW;
+extern LPFN_ISDEVICESERVICEABLE g_pfnIsDeviceServiceable;
+
+extern PVOID g_ptRegQueryValueExW;
+extern PVOID g_ptLoadLibraryExW;
+extern PVOID g_ptIsDeviceServiceable;
+
+LSTATUS WINAPI RegQueryValueExW_hook(HKEY hKey, LPCWSTR lpValueName, LPDWORD lpReserved, LPDWORD lpType, LPBYTE lpData, LPDWORD lpcbData);
+HMODULE WINAPI LoadLibraryExW_hook(LPCWSTR lpFileName, HANDLE hFile, DWORD dwFlags);
+BOOL WINAPI IsDeviceServiceable_hook(void);

src/wufuc/log.c

@@ -0,0 +1,153 @@
+#include "stdafx.h"
+#include "log.h"
+
+#include <ShlObj.h>
+
+HANDLE m_hFile = INVALID_HANDLE_VALUE;
+
+BOOL CALLBACK init_file_handle(
+        PINIT_ONCE pInitOnce,
+        ParamData *pParam,
+        PVOID *ppContext)
+{
+        BOOL result = FALSE;
+        HANDLE hFile;
+        HRESULT hr;
+        wchar_t *pszPath;
+        wchar_t szFilePath[MAX_PATH];
+        int ret;
+
+        pParam->dwProcessId = GetCurrentProcessId();
+        if ( !GetModuleFileNameW(NULL, pParam->szExeFilePath, _countof(pParam->szExeFilePath)) ) {
+                log_debug(L"GetModuleFileNameW failed! (GLE=%lu)", GetLastError());
+                return result;
+        }
+        pParam->pszExeName = PathFindFileNameW(pParam->szExeFilePath);
+
+        hr = SHGetKnownFolderPath(&FOLDERID_ProgramData, 0, NULL, &pszPath);
+        if ( hr != S_OK ) {
+                log_debug(L"SHGetKnownFolderPath failed! (HRESULT=0x%08X)", hr);
+                return result;
+        }
+        ret = wcscpy_s(szFilePath, _countof(szFilePath), pszPath);
+        CoTaskMemFree(pszPath);
+        if ( ret ) {
+                log_debug(L"wcscpy_s failed! (Return value=%d)", ret);
+                return result;
+        }
+
+        if ( !PathAppendW(szFilePath, L"wufuc") ) {
+append_fail:
+                log_debug(L"PathAppendW failed!");
+                return result;
+        }
+        if ( !CreateDirectoryW(szFilePath, NULL)
+                && GetLastError() != ERROR_ALREADY_EXISTS ) {
+
+                log_debug(L"CreateDirectoryW failed! (GLE=%lu)", GetLastError());
+                return result;
+        }
+        if ( !PathAppendW(szFilePath, L"wufuc.log") )
+                goto append_fail;
+
+        hFile = CreateFileW(szFilePath,
+                FILE_APPEND_DATA,
+                FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
+                NULL,
+                OPEN_ALWAYS,
+                FILE_ATTRIBUTE_NORMAL,
+                NULL);
+
+        if ( hFile != INVALID_HANDLE_VALUE ) {
+                *ppContext = (PVOID)hFile;
+                result = TRUE;
+        } else {
+                log_debug(L"CreateFileW failed! (GLE=%lu)", GetLastError());
+        }
+        return result;
+}
+
+void log_debug_(const wchar_t *const format, ...)
+{
+        va_list ap;
+        wchar_t *buf;
+        int ret;
+        int count;
+
+        va_start(ap, format);
+        count = _vscwprintf(format, ap);
+        va_end(ap);
+        if ( count == -1 ) return;
+
+        buf = calloc(count + 1, sizeof *buf);
+        if ( !buf ) return;
+
+        va_start(ap, format);
+        ret = vswprintf_s(buf, count + 1, format, ap);
+        va_end(ap);
+        if ( ret != -1 )
+                OutputDebugStringW(buf);
+        free(buf);
+}
+
+void log_trace_(const wchar_t *const format, ...)
+{
+        static INIT_ONCE InitOnce = INIT_ONCE_STATIC_INIT;
+        static ParamData data;
+        BOOL bStatus;
+        errno_t e;
+        wchar_t datebuf[9];
+        wchar_t timebuf[9];
+        va_list ap;
+        const wchar_t fmt[] = L"%ls %ls [%ls:%lu] %ls";
+        int count;
+        wchar_t *buf1;
+        int ret;
+        wchar_t *buf2;
+        DWORD written;
+
+        bStatus = InitOnceExecuteOnce(&InitOnce,
+                (PINIT_ONCE_FN)init_file_handle,
+                &data,
+                &(LPVOID)m_hFile);
+
+        e = _wstrdate_s(datebuf, _countof(datebuf));
+        if ( e ) return;
+        e = _wstrtime_s(timebuf, _countof(timebuf));
+        if ( e ) return;
+
+        va_start(ap, format);
+        count = _vscwprintf(format, ap);
+        va_end(ap);
+        if ( count == -1 ) return;
+
+        buf1 = calloc(count + 1, sizeof *buf1);
+        if ( !buf1 ) return;
+
+        va_start(ap, format);
+        ret = vswprintf_s(buf1, count + 1, format, ap);
+        va_end(ap);
+        if ( ret == -1 ) goto free_buf1;
+
+        count = _scwprintf(fmt, datebuf, timebuf, data.pszExeName, data.dwProcessId, buf1);
+        if ( count == -1 ) goto free_buf1;
+
+        buf2 = calloc(count + 1, sizeof *buf2);
+        if ( !buf2 ) goto free_buf1;
+
+        ret = swprintf_s(buf2, count + 1, fmt, datebuf, timebuf, data.pszExeName, data.dwProcessId, buf1);
+        if ( ret == -1 ) goto free_buf2;
+
+        if ( !bStatus || !WriteFile(m_hFile, buf2, count * (sizeof *buf2), &written, NULL) )
+                OutputDebugStringW(buf2);
+free_buf2:
+        free(buf2);
+free_buf1:
+        free(buf1);
+}
+
+void log_close(void)
+{
+        if ( m_hFile != INVALID_HANDLE_VALUE )
+                CloseHandle(m_hFile);
+}

src/wufuc/log.h

@@ -0,0 +1,17 @@
+#pragma once
+
+typedef struct
+{
+        DWORD dwProcessId;
+        wchar_t szExeFilePath[MAX_PATH];
+        wchar_t *pszExeName;
+} ParamData;
+
+void log_debug_(const wchar_t *const format, ...);
+void log_trace_(const wchar_t *const format, ...);
+void log_close(void);
+
+#define log_debug(format, ...) log_debug_(__FUNCTIONW__ L"(" _CRT_WIDE(_CRT_STRINGIZE(__LINE__)) L"): [DEBUG] " format L"\r\n", ##__VA_ARGS__)
+#define log_info(format, ...) log_trace_(__FUNCTIONW__ L"(" _CRT_WIDE(_CRT_STRINGIZE(__LINE__)) L"): [INFO] " format L"\r\n", ##__VA_ARGS__)
+#define log_warning(format, ...) log_trace_(__FUNCTIONW__ L"(" _CRT_WIDE(_CRT_STRINGIZE(__LINE__)) L"): [WARNING] " format L"\r\n", ##__VA_ARGS__)
+#define log_error(format, ...) log_trace_(__FUNCTIONW__ L"(" _CRT_WIDE(_CRT_STRINGIZE(__LINE__)) L"): [ERROR] " format L"\r\n", ##__VA_ARGS__)

src/wufuc/modulehelper.c

@@ -0,0 +1,157 @@
+#include "stdafx.h"
+#include "modulehelper.h"
+#include "log.h"
+
+HMODULE mod_get_from_th32_snapshot(HANDLE hSnapshot, const wchar_t *pLibFileName)
+{
+        MODULEENTRY32W me = { sizeof me };
+        if ( !Module32FirstW(hSnapshot, &me) )
+                return NULL;
+        do {
+                if ( !_wcsicmp(me.szExePath, pLibFileName) )
+                        return me.hModule;
+        } while ( Module32NextW(hSnapshot, &me) );
+        return NULL;
+}
+
+bool mod_inject_and_begin_thread(
+        HANDLE hProcess,
+        HMODULE hModule,
+        LPTHREAD_START_ROUTINE pStartAddress,
+        const void *pParam,
+        size_t cbParam)
+{
+        bool result = false;
+        NTSTATUS Status;
+        LPVOID pBaseAddress = NULL;
+        SIZE_T cb;
+        HMODULE hRemoteModule = NULL;
+        uintptr_t offset;
+        HANDLE hThread;
+
+        Status = NtSuspendProcess(hProcess);
+        if ( !NT_SUCCESS(Status) ) return result;
+
+        if ( pParam ) {
+                // this will be VirtualFree()'d by the function at pStartAddress
+                pBaseAddress = VirtualAllocEx(hProcess,
+                        NULL,
+                        cbParam,
+                        MEM_RESERVE | MEM_COMMIT,
+                        PAGE_READWRITE);
+                if ( !pBaseAddress ) goto resume_process;
+
+                if ( !WriteProcessMemory(hProcess, pBaseAddress, pParam, cbParam, &cb) )
+                        goto virt_free;
+        }
+        if ( mod_inject_by_hmodule(hProcess, hModule, &hRemoteModule) ) {
+                offset = (uintptr_t)pStartAddress - (uintptr_t)hModule;
+                hThread = CreateRemoteThread(hProcess,
+                        NULL,
+                        0,
+                        (LPTHREAD_START_ROUTINE)RtlOffsetToPointer(hRemoteModule, offset),
+                        pBaseAddress,
+                        0,
+                        NULL);
+
+                if ( hThread ) {
+                        CloseHandle(hThread);
+                        result = true;
+                }
+        }
+virt_free:
+        if ( !result && pBaseAddress )
+                VirtualFreeEx(hProcess, pBaseAddress, 0, MEM_RELEASE);
+resume_process:
+        NtResumeProcess(hProcess);
+        return result;
+}
+
+bool mod_inject_by_hmodule(HANDLE hProcess, HMODULE hModule, HMODULE *phRemoteModule)
+{
+        WCHAR Filename[MAX_PATH];
+        DWORD nLength;
+
+        nLength = GetModuleFileNameW(hModule, Filename, _countof(Filename));
+        if ( nLength ) {
+                return mod_inject(hProcess,
+                        Filename,
+                        nLength,
+                        phRemoteModule);
+        }
+        return false;
+}
+
+bool mod_inject(
+        HANDLE hProcess,
+        const wchar_t *pLibFilename,
+        size_t cchLibFilename,
+        HMODULE *phRemoteModule)
+{
+        bool result = false;
+        DWORD dwProcessId;
+        NTSTATUS Status;
+        HANDLE hSnapshot;
+        SIZE_T nSize;
+        LPVOID pBaseAddress;
+        HANDLE hThread;
+
+        Status = NtSuspendProcess(hProcess);
+        if ( !NT_SUCCESS(Status) ) return result;
+
+        dwProcessId = GetProcessId(hProcess);
+
+        hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwProcessId);
+        if ( !hSnapshot ) goto resume_process;
+
+        *phRemoteModule = mod_get_from_th32_snapshot(hSnapshot,
+                pLibFilename);
+
+        CloseHandle(hSnapshot);
+
+        // already injected... still sets *phRemoteModule
+        if ( *phRemoteModule ) goto resume_process;
+
+        nSize = (cchLibFilename + 1) * sizeof *pLibFilename;
+        pBaseAddress = VirtualAllocEx(hProcess,
+                NULL,
+                nSize,
+                MEM_RESERVE | MEM_COMMIT,
+                PAGE_READWRITE);
+
+        if ( !pBaseAddress ) goto resume_process;
+
+        if ( !WriteProcessMemory(hProcess, pBaseAddress, pLibFilename, nSize, NULL) )
+                goto virt_free;
+
+        hThread = CreateRemoteThread(hProcess,
+                NULL,
+                0,
+                (LPTHREAD_START_ROUTINE)LoadLibraryW,
+                pBaseAddress,
+                0,
+                NULL);
+        if ( !hThread ) goto virt_free;
+
+        WaitForSingleObject(hThread, INFINITE);
+
+        if ( sizeof *phRemoteModule > sizeof(DWORD) ) {
+                hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwProcessId);
+                if ( hSnapshot ) {
+                        *phRemoteModule = mod_get_from_th32_snapshot(
+                                hSnapshot,
+                                pLibFilename);
+
+                        CloseHandle(hSnapshot);
+                        result = *phRemoteModule != NULL;
+                }
+        } else {
+                result = GetExitCodeThread(hThread, (LPDWORD)phRemoteModule) != FALSE;
+        }
+        CloseHandle(hThread);
+virt_free:
+        VirtualFreeEx(hProcess, pBaseAddress, 0, MEM_RELEASE);
+resume_process:
+        NtResumeProcess(hProcess);
+        return result;
+}

src/wufuc/modulehelper.h

@@ -0,0 +1,15 @@
+#pragma once
+
+HMODULE mod_get_from_th32_snapshot(HANDLE hSnapshot, const wchar_t *pLibFileName);
+bool mod_inject_and_begin_thread(
+        HANDLE hProcess,
+        HMODULE hModule,
+        LPTHREAD_START_ROUTINE pStartAddress,
+        const void *pParam,
+        size_t cbParam);
+bool mod_inject_by_hmodule(HANDLE hProcess, HMODULE hModule, HMODULE *phRemoteModule);
+bool mod_inject(
+        HANDLE hProcess,
+        const wchar_t *pLibFilename,
+        size_t cchLibFilename,
+        HMODULE *phRemoteModule);

src/wufuc/mutexhelper.c

@@ -0,0 +1,41 @@
+#include "stdafx.h"
+#include "mutexhelper.h"
+
+#include <sddl.h>
+
+HANDLE mutex_create_new(bool InitialOwner, const wchar_t *MutexName)
+{
+        HANDLE hMutex;
+
+        hMutex = CreateMutexW(NULL, InitialOwner, MutexName);
+        if ( hMutex ) {
+                if ( GetLastError() == ERROR_ALREADY_EXISTS ) {
+                        CloseHandle(hMutex);
+                        return NULL;
+                }
+                return hMutex;
+        }
+        return NULL;
+}
+
+HANDLE mutex_create_new_fmt(bool InitialOwner, const wchar_t *const NameFormat, ...)
+{
+        HANDLE result = NULL;
+        va_list ap;
+        wchar_t *buffer;
+        int ret;
+
+        va_start(ap, NameFormat);
+        ret = _vscwprintf(NameFormat, ap) + 1;
+        va_end(ap);
+        buffer = calloc(ret, sizeof *buffer);
+        if ( buffer ) {
+                va_start(ap, NameFormat);
+                ret = vswprintf_s(buffer, ret, NameFormat, ap);
+                va_end(ap);
+                if (ret != -1) 
+                        result = mutex_create_new(InitialOwner, buffer);
+                free(buffer);
+        }
+        return result;
+}

src/wufuc/mutexhelper.h

@@ -0,0 +1,4 @@
+#pragma once
+
+HANDLE mutex_create_new(bool InitialOwner, const wchar_t *MutexName);
+HANDLE mutex_create_new_fmt(bool InitialOwner, const wchar_t *const NameFormat, ...);

src/wufuc/patternfind.CHANGES.txt

@@ -0,0 +1,12 @@
+Based on mrexodia's patternfind code originally written in C++
+Licensed under Lesser GNU Public License 3.0
+
+  https://bitbucket.org/mrexodia/patternfind
+
+Changes made:
+
+- Ported to C, removed dependency on C++ type vector<T>.
+- Uses stdint.h type uint8_t instead of unsigned char (for readability).
+- Renamed patternfind overloads to patternfind, patternfind_bytes, patternfind_pbyte.
+- Added VirtualProtect to patternwrite function to prevent access violation exceptions.
+- Added FlushInstructionCache to patternwrite function.

src/wufuc/patternfind.LICENSE

@@ -0,0 +1,165 @@
+                   GNU LESSER GENERAL PUBLIC LICENSE
+                       Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+
+  This version of the GNU Lesser General Public License incorporates
+the terms and conditions of version 3 of the GNU General Public
+License, supplemented by the additional permissions listed below.
+
+  0. Additional Definitions.
+
+  As used herein, "this License" refers to version 3 of the GNU Lesser
+General Public License, and the "GNU GPL" refers to version 3 of the GNU
+General Public License.
+
+  "The Library" refers to a covered work governed by this License,
+other than an Application or a Combined Work as defined below.
+
+  An "Application" is any work that makes use of an interface provided
+by the Library, but which is not otherwise based on the Library.
+Defining a subclass of a class defined by the Library is deemed a mode
+of using an interface provided by the Library.
+
+  A "Combined Work" is a work produced by combining or linking an
+Application with the Library.  The particular version of the Library
+with which the Combined Work was made is also called the "Linked
+Version".
+
+  The "Minimal Corresponding Source" for a Combined Work means the
+Corresponding Source for the Combined Work, excluding any source code
+for portions of the Combined Work that, considered in isolation, are
+based on the Application, and not on the Linked Version.
+
+  The "Corresponding Application Code" for a Combined Work means the
+object code and/or source code for the Application, including any data
+and utility programs needed for reproducing the Combined Work from the
+Application, but excluding the System Libraries of the Combined Work.
+
+  1. Exception to Section 3 of the GNU GPL.
+
+  You may convey a covered work under sections 3 and 4 of this License
+without being bound by section 3 of the GNU GPL.
+
+  2. Conveying Modified Versions.
+
+  If you modify a copy of the Library, and, in your modifications, a
+facility refers to a function or data to be supplied by an Application
+that uses the facility (other than as an argument passed when the
+facility is invoked), then you may convey a copy of the modified
+version:
+
+   a) under this License, provided that you make a good faith effort to
+   ensure that, in the event an Application does not supply the
+   function or data, the facility still operates, and performs
+   whatever part of its purpose remains meaningful, or
+
+   b) under the GNU GPL, with none of the additional permissions of
+   this License applicable to that copy.
+
+  3. Object Code Incorporating Material from Library Header Files.
+
+  The object code form of an Application may incorporate material from
+a header file that is part of the Library.  You may convey such object
+code under terms of your choice, provided that, if the incorporated
+material is not limited to numerical parameters, data structure
+layouts and accessors, or small macros, inline functions and templates
+(ten or fewer lines in length), you do both of the following:
+
+   a) Give prominent notice with each copy of the object code that the
+   Library is used in it and that the Library and its use are
+   covered by this License.
+
+   b) Accompany the object code with a copy of the GNU GPL and this license
+   document.
+
+  4. Combined Works.
+
+  You may convey a Combined Work under terms of your choice that,
+taken together, effectively do not restrict modification of the
+portions of the Library contained in the Combined Work and reverse
+engineering for debugging such modifications, if you also do each of
+the following:
+
+   a) Give prominent notice with each copy of the Combined Work that
+   the Library is used in it and that the Library and its use are
+   covered by this License.
+
+   b) Accompany the Combined Work with a copy of the GNU GPL and this license
+   document.
+
+   c) For a Combined Work that displays copyright notices during
+   execution, include the copyright notice for the Library among
+   these notices, as well as a reference directing the user to the
+   copies of the GNU GPL and this license document.
+
+   d) Do one of the following:
+
+       0) Convey the Minimal Corresponding Source under the terms of this
+       License, and the Corresponding Application Code in a form
+       suitable for, and under terms that permit, the user to
+       recombine or relink the Application with a modified version of
+       the Linked Version to produce a modified Combined Work, in the
+       manner specified by section 6 of the GNU GPL for conveying
+       Corresponding Source.
+
+       1) Use a suitable shared library mechanism for linking with the
+       Library.  A suitable mechanism is one that (a) uses at run time
+       a copy of the Library already present on the user's computer
+       system, and (b) will operate properly with a modified version
+       of the Library that is interface-compatible with the Linked
+       Version.
+
+   e) Provide Installation Information, but only if you would otherwise
+   be required to provide such information under section 6 of the
+   GNU GPL, and only to the extent that such information is
+   necessary to install and execute a modified version of the
+   Combined Work produced by recombining or relinking the
+   Application with a modified version of the Linked Version. (If
+   you use option 4d0, the Installation Information must accompany
+   the Minimal Corresponding Source and Corresponding Application
+   Code. If you use option 4d1, you must provide the Installation
+   Information in the manner specified by section 6 of the GNU GPL
+   for conveying Corresponding Source.)
+
+  5. Combined Libraries.
+
+  You may place library facilities that are a work based on the
+Library side by side in a single library together with other library
+facilities that are not Applications and are not covered by this
+License, and convey such a combined library under terms of your
+choice, if you do both of the following:
+
+   a) Accompany the combined library with a copy of the same work based
+   on the Library, uncombined with any other library facilities,
+   conveyed under the terms of this License.
+
+   b) Give prominent notice with the combined library that part of it
+   is a work based on the Library, and explaining where to find the
+   accompanying uncombined form of the same work.
+
+  6. Revised Versions of the GNU Lesser General Public License.
+
+  The Free Software Foundation may publish revised and/or new versions
+of the GNU Lesser General Public License from time to time. Such new
+versions will be similar in spirit to the present version, but may
+differ in detail to address new problems or concerns.
+
+  Each version is given a distinguishing version number. If the
+Library as you received it specifies that a certain numbered version
+of the GNU Lesser General Public License "or any later version"
+applies to it, you have the option of following the terms and
+conditions either of that published version or of any later version
+published by the Free Software Foundation. If the Library as you
+received it does not specify a version number of the GNU Lesser
+General Public License, you may choose any version of the GNU Lesser
+General Public License ever published by the Free Software Foundation.
+
+  If the Library as you received it specifies that a proxy can decide
+whether future versions of the GNU Lesser General Public License shall
+apply, that proxy's public statement of acceptance of any version is
+permanent authorization for you to choose that version for the
+Library.

src/wufuc/patternfind.c

@@ -1,11 +1,6 @@
+#include "stdafx.h"
 #include "patternfind.h"
 
-#include "rtl_malloc.h"
-
-#include <stddef.h>
-#include <stdbool.h>
-#include <string.h>
-
 static inline bool isHex(char ch)
 {
         return (ch >= '0' && ch <= '9') || (ch >= 'A' && ch <= 'F') || (ch >= 'a' && ch <= 'f');
@@ -51,14 +46,14 @@ static inline size_t formathexpattern(const char *patterntext, char *formattext,
 
 bool patterntransform(const char *patterntext, PatternByte *pattern, size_t patternsize)
 {
-        memset(pattern, 0, patternsize * sizeof(PatternByte));
+        memset(pattern, 0, patternsize * (sizeof *pattern));
         size_t len = formathexpattern(patterntext, NULL, 0);
 
         if ( !len || len / 2 > patternsize )
                 return false;
 
         size_t size = len + 1;
-        char *formattext = rtl_malloc(size);
+        char *formattext = malloc(size);
         formathexpattern(patterntext, formattext, size);
         PatternByte newByte;
 
@@ -76,20 +71,21 @@ bool patterntransform(const char *patterntext, PatternByte *pattern, size_t patt
                         pattern[k++] = newByte;
                 }
         }
+        free(formattext);
         return true;
 }
 
-static inline bool patternmatchbyte(unsigned char byte, const PatternByte pbyte)
+static inline bool patternmatchbyte(uint8_t byte, const PatternByte pbyte)
 {
         int matched = 0;
 
-        unsigned char n1 = (byte >> 4) & 0xF;
+        uint8_t n1 = (byte >> 4) & 0xF;
         if ( pbyte.nibble[0].wildcard )
                 matched++;
         else if ( pbyte.nibble[0].data == n1 )
                 matched++;
 
-        unsigned char n2 = byte & 0xF;
+        uint8_t n2 = byte & 0xF;
         if ( pbyte.nibble[1].wildcard )
                 matched++;
         else if ( pbyte.nibble[1].data == n2 )
@@ -98,20 +94,21 @@ static inline bool patternmatchbyte(unsigned char byte, const PatternByte pbyte)
         return (matched == 2);
 }
 
-unsigned char *patternfind(unsigned char *data, size_t datasize, const char *pattern)
+size_t patternfind(uint8_t *data, size_t datasize, const char *pattern)
 {
         size_t searchpatternsize = formathexpattern(pattern, NULL, 0) / 2;
-        PatternByte *searchpattern = rtl_calloc(searchpatternsize, sizeof(PatternByte));
+        PatternByte *searchpattern = calloc(searchpatternsize, sizeof(PatternByte));
 
-        unsigned char *result = NULL;
+        size_t result = -1;
         if ( patterntransform(pattern, searchpattern, searchpatternsize) )
-                result = patternfind3(data, datasize, searchpattern, searchpatternsize);
+                result = patternfind_pbyte(data, datasize, searchpattern, searchpatternsize);
 
-        rtl_free(searchpattern);
+        free(searchpattern);
         return result;
 }
 
-unsigned char *patternfind2(unsigned char *data, size_t datasize, unsigned char *pattern, size_t patternsize)
+__declspec(noinline)
+size_t patternfind_bytes(uint8_t *data, size_t datasize, const uint8_t *pattern, size_t patternsize)
 {
         if ( patternsize > datasize )
                 patternsize = datasize;
@@ -119,19 +116,20 @@ unsigned char *patternfind2(unsigned char *data, size_t datasize, unsigned char
                 if ( data[i] == pattern[pos] ) {
                         pos++;
                         if ( pos == patternsize )
-                                return &data[i - patternsize + 1];
+                                return i - patternsize + 1;
                 } else if ( pos > 0 ) {
                         i -= pos;
                         pos = 0; //reset current pattern position
                 }
         }
-        return NULL;
+        return -1;
 }
 
-static inline void patternwritebyte(unsigned char *byte, const PatternByte pbyte)
+static inline void patternwritebyte(uint8_t *byte, const PatternByte pbyte)
 {
-        unsigned char n1 = (*byte >> 4) & 0xF;
+        uint8_t n1 = (*byte >> 4) & 0xF;
-        unsigned char n2 = *byte & 0xF;
+        uint8_t n2 = *byte & 0xF;
+
         if ( !pbyte.nibble[0].wildcard )
                 n1 = pbyte.nibble[0].data;
         if ( !pbyte.nibble[1].wildcard )
@@ -139,41 +137,46 @@ static inline void patternwritebyte(unsigned char *byte, const PatternByte pbyte
         *byte = ((n1 << 4) & 0xF0) | (n2 & 0xF);
 }
 
-void patternwrite(unsigned char *data, size_t datasize, const char *pattern)
+void patternwrite(uint8_t *data, size_t datasize, const char *pattern)
 {
         size_t writepatternsize = formathexpattern(pattern, NULL, 0) / 2;
-        PatternByte *writepattern = rtl_calloc(writepatternsize, sizeof(PatternByte));
+        PatternByte *writepattern = calloc(writepatternsize, sizeof(PatternByte));
 
         if ( patterntransform(pattern, writepattern, writepatternsize) ) {
+                DWORD OldProtect;
+                BOOL result = VirtualProtect(data, writepatternsize, PAGE_EXECUTE_READWRITE, &OldProtect);
                 if ( writepatternsize > datasize )
                         writepatternsize = datasize;
                 for ( size_t i = 0; i < writepatternsize; i++ )
                         patternwritebyte(&data[i], writepattern[i]);
+                result = VirtualProtect(data, writepatternsize, OldProtect, &OldProtect);
+                FlushInstructionCache(GetCurrentProcess(), data, datasize);
         }
 
-        rtl_free(writepattern);
+        free(writepattern);
 }
 
-bool patternsnr(unsigned char *data, size_t datasize, const char *searchpattern, const char *replacepattern)
+bool patternsnr(uint8_t *data, size_t datasize, const char *searchpattern, const char *replacepattern)
 {
-        unsigned char *found = patternfind(data, datasize, searchpattern);
+        size_t found = patternfind(data, datasize, searchpattern);
-        if ( !found )
+        if ( found == -1 )
                 return false;
-        patternwrite(found, datasize - (found - data), replacepattern);
+        patternwrite(data + found, found - datasize, replacepattern);
         return true;
 }
 
-unsigned char *patternfind3(unsigned char *data, size_t datasize, const PatternByte *pattern, size_t searchpatternsize)
+__declspec(noinline)
+size_t patternfind_pbyte(uint8_t *data, size_t datasize, const PatternByte *pattern, size_t searchpatternsize)
 {
         for ( size_t i = 0, pos = 0; i < datasize; i++ ) { //search for the pattern
                 if ( patternmatchbyte(data[i], pattern[pos]) ) { //check if our pattern matches the current byte
                         pos++;
                         if ( pos == searchpatternsize ) //everything matched
-                                return &data[i - searchpatternsize + 1];
+                                return i - searchpatternsize + 1;
                 } else if ( pos > 0 ) { //fix by Computer_Angel
                         i -= pos;
                         pos = 0; //reset current pattern position
                 }
         }
-        return NULL;
+        return -1;
 }

src/wufuc/patternfind.h

@@ -1,42 +1,39 @@
 #pragma once
 
-#include <stddef.h>
+typedef struct
-#include <stdbool.h>
-
-typedef struct tagPatternByte
 {
-        struct PatternNibble
+        struct
         {
-                unsigned char data;
+                uint8_t data;
                 bool wildcard;
         } nibble[2];
 } PatternByte;
 
-//returns: pointer to data when found, NULL when not found
+//returns: offset to data when found, -1 when not found
-unsigned char *patternfind(
+size_t patternfind(
-        unsigned char *data, //data
+        uint8_t *data, //data
         size_t datasize, //size of data
         const char *pattern //pattern to search
 );
 
-//returns: pointer to data when found, NULL when not found
+//returns: offset to data when found, -1 when not found
-unsigned char *patternfind2(
+size_t patternfind_bytes(
-        unsigned char *data, //data
+        uint8_t *data, //data
         size_t datasize, //size of data
-        unsigned char *pattern, //bytes to search
+        const uint8_t *pattern, //bytes to search
         size_t patternsize //size of bytes to search
 );
 
 //returns: nothing
 void patternwrite(
-        unsigned char *data, //data
+        uint8_t *data, //data
         size_t datasize, //size of data
         const char *pattern //pattern to write
 );
 
 //returns: true on success, false on failure
 bool patternsnr(
-        unsigned char *data, //data
+        uint8_t *data, //data
         size_t datasize, //size of data
         const char *searchpattern, //pattern to search
         const char *replacepattern //pattern to write
@@ -49,9 +46,9 @@ bool patterntransform(
         size_t patternsize //size of pattern
 );
 
-//returns: pointer to data when found, NULL when not found
+//returns: offset to data when found, -1 when not found
-unsigned char *patternfind3(
+size_t patternfind_pbyte(
-        unsigned char *data, //data
+        uint8_t *data, //data
         size_t datasize, //size of data
         const PatternByte *pattern, //pattern to search
         size_t searchpatternsize //size of pattern to search

src/wufuc/ptrlist.c

@@ -0,0 +1,403 @@
+#include "stdafx.h"
+#include "ptrlist.h"
+
+void ptrlist_lock(ptrlist_t *list)
+{
+        EnterCriticalSection(&list->criticalSection);
+}
+
+void ptrlist_unlock(ptrlist_t *list)
+{
+        LeaveCriticalSection(&list->criticalSection);
+}
+
+void *ptrlist_at(ptrlist_t *list, size_t index, uint32_t *pTag)
+{
+        void *result;
+
+        ptrlist_lock(list);
+        result = list->values[index];
+        if ( pTag )
+                *pTag = list->tags[index];
+        ptrlist_unlock(list);
+        return result;
+}
+
+bool ptrlist_create(ptrlist_t *list, size_t capacity, size_t maxCapacity)
+{
+        bool result = false;
+        size_t c;
+        size_t vsize;
+        size_t tsize;
+        void *tmp;
+
+        if ( !list || capacity > maxCapacity )
+                return result;
+
+        c = capacity ? capacity :
+                (maxCapacity ? min(maxCapacity, 16) : 16);
+        vsize = c * (sizeof *list->values);
+        tsize = c * (sizeof *list->tags);
+
+        InitializeCriticalSection(&list->criticalSection);
+        ptrlist_lock(list);
+
+        tmp = malloc(vsize + tsize);
+        if ( tmp ) {
+                ZeroMemory(tmp, vsize + tsize);
+                list->values = tmp;
+                list->tags = (uint32_t *)RtlOffsetToPointer(tmp, vsize);
+                list->capacity = c;
+                list->maxCapacity = maxCapacity;
+                list->count = 0;
+                result = true;
+        }
+        ptrlist_unlock(list);
+        if ( !result )
+                DeleteCriticalSection(&list->criticalSection);
+        return result;
+}
+
+void ptrlist_destroy(ptrlist_t *list)
+{
+        if ( !list ) return;
+
+        ptrlist_lock(list);
+
+        free(list->values);
+        list->values = NULL;
+        list->tags = NULL;
+
+        list->count = 0;
+        list->capacity = 0;
+        list->maxCapacity = 0;
+
+        ptrlist_unlock(list);
+        DeleteCriticalSection(&list->criticalSection);
+}
+
+size_t ptrlist_index_of(ptrlist_t *list, void *value)
+{
+        size_t result = -1;
+
+        if ( !list || !value )
+                return result;
+
+        ptrlist_lock(list);
+        for ( size_t i = 0; i < list->count; i++ ) {
+                if ( list->values[i] == value ) {
+                        result = i;
+                        break;
+                }
+        }
+        ptrlist_unlock(list);
+        return result;
+}
+
+bool ptrlist_add(ptrlist_t *list, void *value, uint32_t tag)
+{
+        bool result = false;
+        size_t newCapacity;
+        size_t diff;
+        size_t vsize;
+        size_t tsize;
+        void **tmp1;
+        uint32_t *tmp2;
+
+        if ( !list || !value )
+                return result;
+
+        ptrlist_lock(list);
+
+        if ( list->count >= list->capacity ) {
+                newCapacity = list->count;
+                if ( list->maxCapacity ) {
+                        diff = list->maxCapacity - list->capacity;
+                        if ( !diff )
+                                goto leave;
+                        newCapacity += min(diff, 16);
+                } else {
+                        newCapacity += 16;
+                }
+                vsize = newCapacity * (sizeof *list->values);
+                tsize = newCapacity * (sizeof *list->tags);
+
+                tmp1 = malloc(vsize + tsize);
+
+                if ( !tmp1 )
+                        goto leave;
+
+                ZeroMemory(tmp1, vsize);
+
+                tmp2 = (uint32_t *)RtlOffsetToPointer(tmp1, vsize);
+                ZeroMemory(tmp2, tsize);
+
+                if ( memmove_s(tmp1, vsize, list->values, list->count * (sizeof *list->values))
+                        || memmove_s(tmp2, tsize, list->tags, list->count * (sizeof *list->tags)) ) {
+
+                        free(tmp1);
+                        goto leave;
+                }
+                list->values = tmp1;
+                list->tags = tmp2;
+                list->capacity = newCapacity;
+        }
+        list->values[list->count] = value;
+        list->tags[list->count] = tag;
+        list->count++;
+        result = true;
+leave:
+        ptrlist_unlock(list);
+        return result;
+}
+
+bool ptrlist_add_range(ptrlist_t *list, void **values, uint32_t *tags, size_t count)
+{
+        bool result = true;
+
+        if ( !list || !values || !count )
+                return false;
+
+        ptrlist_lock(list);
+        if ( list->count + count <= list->maxCapacity ) {
+                for ( size_t i = 0; result && i < count; i++ )
+                        result = ptrlist_add(list, values[i], tags ? tags[i] : 0);
+        } else {
+                result = false;
+        }
+        ptrlist_unlock(list);
+        return result;
+}
+
+bool ptrlist_remove_at(ptrlist_t *list, size_t index)
+{
+        bool result = false;
+
+        if ( !list ) return result;
+
+        ptrlist_lock(list);
+        if ( index <= list->count - 1 ) {
+                for ( size_t i = index; i < list->count - 1; i++ )
+                        list->values[i] = list->values[i + 1];
+
+                list->values[list->count--] = NULL;
+                result = true;
+        }
+        ptrlist_unlock(list);
+        return result;
+}
+
+bool ptrlist_remove(ptrlist_t *list, void *value)
+{
+        size_t index;
+        bool result = false;
+
+        if ( !list || !value )
+                return result;
+
+        ptrlist_lock(list);
+        index = ptrlist_index_of(list, value);
+        if ( index != -1 )
+                result = ptrlist_remove_at(list, index);
+        ptrlist_unlock(list);
+        return result;
+}
+
+bool ptrlist_remove_range(ptrlist_t *list, size_t index, size_t count)
+{
+        bool result = true;
+
+        if ( !list || !count )
+                return false;
+
+        ptrlist_lock(list);
+        if ( index <= list->count - 1
+                && index + count <= list->count ) {
+
+                for ( size_t i = 0; result && i < count; i++ )
+                        result = ptrlist_remove_at(list, index);
+        } else {
+                result = false;
+        }
+        ptrlist_unlock(list);
+        return result;
+}
+
+bool ptrlist_clear(ptrlist_t *list)
+{
+        bool result = false;
+
+        if ( !list ) return result;
+
+        ptrlist_lock(list);
+        result = ptrlist_remove_range(list, 0, list->count);
+        ptrlist_unlock(list);
+        return result;
+}
+
+size_t ptrlist_get_count(ptrlist_t *list)
+{
+        size_t result = -1;
+
+        if ( !list ) return result;
+
+        ptrlist_lock(list);
+        result = list->count;
+        ptrlist_unlock(list);
+        return result;
+}
+
+size_t ptrlist_get_capacity(ptrlist_t *list)
+{
+        size_t result = -1;
+
+        if ( !list ) return result;
+
+        ptrlist_lock(list);
+        result = list->capacity;
+        ptrlist_unlock(list);
+        return result;
+}
+
+size_t ptrlist_get_max_capacity(ptrlist_t *list)
+{
+        size_t result = -1;
+
+        if ( !list ) return result;
+
+        ptrlist_lock(list);
+        result = list->maxCapacity;
+        ptrlist_unlock(list);
+        return result;
+}
+
+bool ptrlist_contains(ptrlist_t *list, void *value)
+{
+        return ptrlist_index_of(list, value) != -1;
+}
+
+void **ptrlist_copy_values(ptrlist_t *list, size_t *count)
+{
+        void **result = NULL;
+        size_t size;
+        size_t c;
+
+        if ( !list || !count )
+                return result;
+
+        ptrlist_lock(list);
+        c = list->count;
+        if ( !c ) goto leave;
+
+        size = c * (sizeof *list->values);
+        result = malloc(c * (sizeof *list->values));
+        if ( result ) {
+                if ( !memcpy_s(result, size, list->values, size) ) {
+                        *count = c;
+                } else {
+                        free(result);
+                        result = NULL;
+                }
+        }
+leave:
+        ptrlist_unlock(list);
+        return result;
+}
+
+uint32_t *ptrlist_copy_tags(ptrlist_t *list, size_t *count)
+{
+        uint32_t *result = NULL;
+        size_t size;
+        size_t c;
+
+        if ( !list || !count )
+                return result;
+
+        ptrlist_lock(list);
+        c = list->count;
+        if ( !c ) goto leave;
+
+        size = c * (sizeof *list->tags);
+        result = malloc(c * (sizeof *list->tags));
+        if ( result ) {
+                if ( !memcpy_s(result, size, list->tags, size) ) {
+                        *count = c;
+                } else {
+                        free(result);
+                        result = NULL;
+                }
+        }
+leave:
+        ptrlist_unlock(list);
+        return result;
+}
+
+bool ptrlist_copy(ptrlist_t *list, void ***values, uint32_t **tags, size_t *count)
+{
+        bool result = false;
+        void **v;
+        uint32_t *t;
+        size_t c;
+
+        if ( !values || !tags || !count )
+                return result;
+
+        ptrlist_lock(list);
+        v = ptrlist_copy_values(list, &c);
+        if ( !v ) goto leave;
+
+        t = ptrlist_copy_tags(list, &c);
+        if ( !t ) {
+                free(v);
+                goto leave;
+        }
+        *values = v;
+        *tags = t;
+        *count = c;
+        result = true;
+leave:
+        ptrlist_unlock(list);
+        return result;
+}
+
+void ptrlist_for(ptrlist_t *list, size_t index, size_t count, void(__cdecl *f)(void *))
+{
+        if ( !list || !f ) return;
+
+        ptrlist_lock(list);
+        if ( index + count <= list->count ) {
+                for ( size_t i = index; i < count; i++ )
+                        f(list->values[i]);
+        }
+        ptrlist_unlock(list);
+}
+
+void ptrlist_for_each(ptrlist_t *list, void(__cdecl *f)(void *))
+{
+        if ( !list || !f ) return;
+
+        ptrlist_lock(list);
+        ptrlist_for(list, 0, list->count, f);
+        ptrlist_unlock(list);
+}
+
+void ptrlist_for_stdcall(ptrlist_t *list, size_t index, size_t count, void(__stdcall *f)(void *))
+{
+        if ( !list || !f ) return;
+
+        ptrlist_lock(list);
+        if ( index + count <= list->count ) {
+                for ( size_t i = index; i < count; i++ )
+                        f(list->values[i]);
+        }
+        ptrlist_unlock(list);
+}
+
+void ptrlist_for_each_stdcall(ptrlist_t *list, void(__stdcall *f)(void *))
+{
+        if ( !list || !f ) return;
+
+        ptrlist_lock(list);
+        ptrlist_for_stdcall(list, 0, list->count, f);
+        ptrlist_unlock(list);
+}

src/wufuc/ptrlist.h

@@ -0,0 +1,37 @@
+#pragma once
+
+#pragma pack(push, 1)
+typedef struct ptrlist_t_
+{
+        void **values;
+        uint32_t *tags;
+        size_t capacity;
+        size_t maxCapacity;
+        size_t count;
+        CRITICAL_SECTION criticalSection;
+} ptrlist_t;
+#pragma pack(pop)
+
+void ptrlist_lock(ptrlist_t *list);
+void ptrlist_unlock(ptrlist_t *list);
+void *ptrlist_at(ptrlist_t *list, size_t index, uint32_t *pTag);
+bool ptrlist_create(ptrlist_t *list, size_t capacity, size_t maxCapacity);
+void ptrlist_destroy(ptrlist_t *list);
+size_t ptrlist_index_of(ptrlist_t *list, void *value);
+bool ptrlist_add(ptrlist_t *list, void *value, uint32_t tag);
+bool ptrlist_add_range(ptrlist_t *list, void **values, uint32_t *tags, size_t count);
+bool ptrlist_remove_at(ptrlist_t *list, size_t index);
+bool ptrlist_remove(ptrlist_t *list, void *value);
+bool ptrlist_remove_range(ptrlist_t *list, size_t index, size_t count);
+bool ptrlist_clear(ptrlist_t *list);
+size_t ptrlist_get_count(ptrlist_t *list);
+size_t ptrlist_get_capacity(ptrlist_t *list);
+size_t ptrlist_get_max_capacity(ptrlist_t *list);
+bool ptrlist_contains(ptrlist_t *list, void *value);
+void **ptrlist_copy_values(ptrlist_t *list, size_t *count);
+uint32_t *ptrlist_copy_tags(ptrlist_t *list, size_t *count);
+bool ptrlist_copy(ptrlist_t *list, void ***values, uint32_t **tags, size_t *count);
+void ptrlist_for(ptrlist_t *list, size_t index, size_t count, void(__cdecl *f)(void *));
+void ptrlist_for_each(ptrlist_t *list, void(__cdecl *f)(void *));
+void ptrlist_for_stdcall(ptrlist_t *list, size_t index, size_t count, void(__stdcall *f)(void *));
+void ptrlist_for_each_stdcall(ptrlist_t *list, void(__stdcall *f)(void *));

src/wufuc/registryhelper.c

@@ -0,0 +1,118 @@
+#include "stdafx.h"
+#include "registryhelper.h"
+
+PVOID reg_get_value_alloc(
+        HKEY hKey,
+        LPCWSTR SubKey,
+        LPCWSTR Value,
+        DWORD dwFlags,
+        LPDWORD pdwType,
+        LPDWORD pcbData)
+{
+        DWORD cbData = 0;
+        PVOID result = NULL;
+
+        if ( RegGetValueW(hKey, SubKey, Value, dwFlags, pdwType, NULL, &cbData) != ERROR_SUCCESS )
+                return result;
+
+        result = malloc(cbData);
+        if ( !result ) return result;
+
+        if ( RegGetValueW(hKey, SubKey, Value, dwFlags, pdwType, result, &cbData) == ERROR_SUCCESS ) {
+                if ( pcbData )
+                        *pcbData = cbData;
+        } else {
+                free(result);
+                result = NULL;
+        }
+        return result;
+}
+
+LPBYTE reg_query_value_alloc(
+        HKEY hKey,
+        LPCWSTR SubKey,
+        LPCWSTR Value,
+        LPDWORD pdwType,
+        LPDWORD pcbData)
+{
+        HKEY hSubKey;
+        DWORD cbData = 0;
+        DWORD dwType;
+        LPBYTE result = NULL;
+
+        if ( SubKey && *SubKey ) {
+                if ( RegOpenKeyW(hKey, SubKey, &hSubKey) != ERROR_SUCCESS )
+                        return result;
+        } else {
+                hSubKey = hKey;
+        }
+        if ( RegQueryValueExW(hSubKey, Value, NULL, &dwType, result, &cbData) != ERROR_SUCCESS )
+                return result;
+
+        switch ( dwType ) {
+        case REG_SZ:
+        case REG_EXPAND_SZ:
+                cbData += sizeof UNICODE_NULL;
+                break;
+        case REG_MULTI_SZ:
+                cbData += (sizeof UNICODE_NULL) * 2;
+                break;
+        }
+        result = malloc(cbData);
+
+        if ( !result ) return result;
+        ZeroMemory(result, cbData);
+
+        if ( RegQueryValueExW(hSubKey, Value, NULL, pdwType, result, &cbData) == ERROR_SUCCESS ) {
+                if ( pcbData )
+                        *pcbData = cbData;
+        } else {
+                free(result);
+                result = NULL;
+        }
+        return result;
+}
+
+PVOID reg_query_key_alloc(
+        HANDLE KeyHandle,
+        KEY_INFORMATION_CLASS KeyInformationClass,
+        PULONG pResultLength)
+{
+        NTSTATUS Status;
+        ULONG ResultLength;
+        PVOID result = NULL;
+
+        Status = NtQueryKey(KeyHandle, KeyInformationClass, NULL, 0, &ResultLength);
+        if ( Status != STATUS_BUFFER_OVERFLOW && Status != STATUS_BUFFER_TOO_SMALL )
+                return result;
+
+        result = malloc(ResultLength);
+        if ( !result ) return result;
+
+        Status = NtQueryKey(KeyHandle, KeyInformationClass, result, ResultLength, &ResultLength);
+        if ( NT_SUCCESS(Status) ) {
+                *pResultLength = ResultLength;
+        } else {
+                free(result);
+                result = NULL;
+        }
+        return result;
+}
+
+LPWSTR env_expand_strings_alloc(LPCWSTR Src, LPDWORD pcchLength)
+{
+        LPWSTR result;
+        DWORD buffersize;
+        DWORD size;
+
+        buffersize = ExpandEnvironmentStringsW(Src, NULL, 0);
+        result = calloc(buffersize, sizeof *result);
+        size = ExpandEnvironmentStringsW(Src, result, buffersize);
+        if ( !size || size > buffersize ) {
+                free(result);
+                result = NULL;
+        } else if ( pcchLength ) {
+                *pcchLength = buffersize;
+        }
+        return result;
+}

src/wufuc/registryhelper.h

@@ -0,0 +1,20 @@
+#pragma once
+
+PVOID reg_get_value_alloc(
+        HKEY hkey,
+        LPCWSTR pSubKey,
+        LPCWSTR pValue,
+        DWORD dwFlags,
+        LPDWORD pdwType,
+        LPDWORD pcbData);
+LPBYTE reg_query_value_alloc(
+        HKEY hKey,
+        LPCWSTR pSubKey,
+        LPCWSTR pValueName,
+        LPDWORD pType,
+        LPDWORD pcbData);
+PVOID reg_query_key_alloc(
+        HANDLE KeyHandle,
+        KEY_INFORMATION_CLASS KeyInformationClass,
+        PULONG pResultLength);
+LPWSTR env_expand_strings_alloc(LPCWSTR Src, LPDWORD pcchLength);

src/wufuc/resource.h

@@ -0,0 +1,18 @@
+#pragma once
+
+#ifndef BUILD_COMMIT_VERSION
+#define BUILD_COMMIT_VERSION 1.0.0.0
+#endif
+
+#ifndef BUILD_VERSION_COMMA
+#define BUILD_VERSION_COMMA 1,0,0,0
+#endif
+
+#define S_(x) #x
+#define S(x) S_(x)
+
+#ifdef X64
+#define FILENAME "wufuc64.dll"
+#elif defined(X86)
+#define FILENAME "wufuc32.dll"
+#endif

src/wufuc/rundll32.c

@@ -0,0 +1,179 @@
+#include "stdafx.h"
+#include "callbacks.h"
+#include "eventhelper.h"
+#include "log.h"
+#include "modulehelper.h"
+#include "mutexhelper.h"
+#include "ptrlist.h"
+#include "registryhelper.h"
+#include "servicehelper.h"
+#include "wufuc.h"
+
+const wchar_t m_szUnloadEventName[] = L"Global\\wufuc_UnloadEvent";
+
+void CALLBACK RUNDLL32_StartW(HWND hwnd,
+        HINSTANCE hinst,
+        LPWSTR lpszCmdLine,
+        int nCmdShow)
+{
+        ptrlist_t list;
+        HANDLE hEvent;
+        DWORD dwDesiredAccess;
+        bool Lagging;
+        SC_HANDLE hSCM;
+        SC_HANDLE hService;
+        DWORD dwProcessId;
+        SERVICE_NOTIFYW NotifyBuffer;
+        bool Unloading = false;
+        DWORD e;
+        void **values;
+        uint32_t *tags;
+        size_t count;
+        DWORD r;
+        size_t index;
+        size_t crashes = 0;
+        bool Suspending = false;
+
+        g_hMainMutex = mutex_create_new(true,
+                L"Global\\25020063-b5a7-4227-9fdf-25cb75e8c645");
+        if ( !g_hMainMutex ) return;
+
+        if ( !ptrlist_create(&list, 0, MAXIMUM_WAIT_OBJECTS) ) goto release_mutex;
+
+        hEvent = event_create_with_string_security_descriptor(
+                true, false, m_szUnloadEventName, L"D:(A;;0x001F0003;;;BA)");
+        if ( !hEvent ) goto destroy_list;
+        if ( !ptrlist_add(&list, hEvent, 0) ) goto set_event;
+
+        dwDesiredAccess = SERVICE_QUERY_STATUS | SERVICE_QUERY_CONFIG;
+        do {
+                Lagging = false;
+                hSCM = OpenSCManagerW(NULL, NULL, SC_MANAGER_ENUMERATE_SERVICE);
+                if ( !hSCM ) goto set_event;
+
+                hService = OpenServiceW(hSCM, L"wuauserv", dwDesiredAccess);
+                if ( !hService ) goto close_scm;
+
+                if ( (dwDesiredAccess & SERVICE_QUERY_CONFIG) == SERVICE_QUERY_CONFIG ) {
+                        dwDesiredAccess &= ~SERVICE_QUERY_CONFIG;
+
+                        dwProcessId = svc_heuristic_process_id(hSCM, hService);
+                        if ( dwProcessId )
+                                wufuc_inject(dwProcessId, (LPTHREAD_START_ROUTINE)cb_start, &list);
+                }
+                ZeroMemory(&NotifyBuffer, sizeof NotifyBuffer);
+                NotifyBuffer.dwVersion = SERVICE_NOTIFY_STATUS_CHANGE;
+                NotifyBuffer.pfnNotifyCallback = (PFN_SC_NOTIFY_CALLBACK)cb_service_notify;
+                NotifyBuffer.pContext = (PVOID)&list;
+                while ( !Unloading && !Lagging ) {
+                        e = NotifyServiceStatusChangeW(hService,
+                                SERVICE_NOTIFY_START_PENDING | SERVICE_NOTIFY_RUNNING,
+                                &NotifyBuffer);
+                        switch ( e ) {
+                        case ERROR_SUCCESS:
+                                do {
+                                        if ( !ptrlist_copy(&list, &values, &tags, &count) ) {
+                                                Unloading = true;
+                                                break;
+                                        }
+                                        r = WaitForMultipleObjectsEx((DWORD)count,
+                                                values, FALSE, INFINITE, TRUE);
+
+                                        if ( r >= WAIT_OBJECT_0 && r < WAIT_OBJECT_0 + count ) {
+                                                // object signaled
+                                                index = r - WAIT_OBJECT_0;
+                                                if ( !index ) {
+                                                        // Unload event
+                                                        Unloading = true;
+                                                } else {
+                                                        // crash mutex was released cleanly
+                                                        ptrlist_remove(&list, values[index]);
+                                                        ReleaseMutex(values[index]);
+                                                        CloseHandle(values[index]);
+                                                }
+                                        } else if ( r >= WAIT_ABANDONED_0 && r < WAIT_ABANDONED_0 + count ) {
+                                                // object abandoned
+                                                // crash mutex was abandoned, process has most likely crashed.
+                                                index = r - WAIT_ABANDONED_0;
+
+                                                ptrlist_remove(&list, values[index]);
+                                                ReleaseMutex(values[index]);
+                                                CloseHandle(values[index]);
+
+                                                crashes++;
+                                                log_warning(L"A process wufuc injected into has crashed %Iu time%ls! (ProcessId=%lu)",
+                                                        crashes, crashes != 1 ? L"s" : L"", tags[index]);
+
+                                                if ( crashes >= SVCHOST_CRASH_THRESHOLD ) {
+                                                        log_error(L"Crash threshold has been reached, disabling wufuc until next reboot!");
+                                                        Unloading = true;
+                                                        Suspending = true;
+                                                }
+                                        } else if ( r == WAIT_FAILED ) {
+                                                log_error(L"Wait function failed!");
+                                                Unloading = true;
+                                        }
+                                        free(values);
+                                        free(tags);
+                                } while ( r != WAIT_IO_COMPLETION && !Unloading );
+                                break;
+                        case ERROR_SERVICE_NOTIFY_CLIENT_LAGGING:
+                                log_warning(L"Client lagging!");
+                                Lagging = true;
+                                break;
+                        default:
+                                log_error(L"NotifyServiceStatusChange failed! (Return value=%lu)", e);
+                                Unloading = true;
+                                break;
+                        }
+                }
+                CloseServiceHandle(hService);
+close_scm:
+                CloseServiceHandle(hSCM);
+        } while ( Lagging );
+set_event:
+        // signal event in case it is open in any other processes
+        SetEvent(hEvent);
+destroy_list:
+        ptrlist_for_each_stdcall(&list, CloseHandle);
+        ptrlist_destroy(&list);
+
+        if ( Suspending )
+                NtSuspendProcess(NtCurrentProcess());
+release_mutex:
+        ReleaseMutex(g_hMainMutex);
+        CloseHandle(g_hMainMutex);
+}
+
+void CALLBACK RUNDLL32_UnloadW(
+        HWND hwnd,
+        HINSTANCE hinst,
+        LPWSTR lpszCmdLine,
+        int nCmdShow)
+{
+        HANDLE hEvent;
+
+        hEvent = OpenEventW(EVENT_MODIFY_STATE, FALSE, m_szUnloadEventName);
+        if ( hEvent ) {
+                SetEvent(hEvent);
+                CloseHandle(hEvent);
+        }
+}
+
+void CALLBACK RUNDLL32_DeleteFileW(
+        HWND hwnd,
+        HINSTANCE hinst,
+        LPWSTR lpszCmdLine,
+        int nCmdShow)
+{
+        int argc;
+        wchar_t **argv;
+
+        argv = CommandLineToArgvW(lpszCmdLine, &argc);
+        if ( argv ) {
+                if ( !DeleteFileW(argv[0]) && GetLastError() == ERROR_ACCESS_DENIED )
+                        MoveFileExW(argv[0], NULL, MOVEFILE_DELAY_UNTIL_REBOOT);
+
+                LocalFree((HLOCAL)argv);
+        }
+}

src/wufuc/rundll32.h

@@ -0,0 +1,11 @@
+#pragma once
+
+#ifdef UNICODE
+#define RUNDLL32_Start       RUNDLL32_StartW
+#define RUNDLL32_Unload      RUNDLL32_UnloadW
+#define RUNDLL32_DeleteFile  RUNDLL32_DeleteFileW
+#else
+#define RUNDLL32_Start       RUNDLL32_StartA
+#define RUNDLL32_Unload      RUNDLL32_UnloadA
+#define RUNDLL32_DeleteFile  RUNDLL32_DeleteFileA
+#endif // !UNICODE

src/wufuc/servicehelper.c

@@ -0,0 +1,209 @@
+#include "stdafx.h"
+#include "servicehelper.h"
+#include "registryhelper.h"
+
+LPQUERY_SERVICE_CONFIGW svc_query_config_by_name_alloc(
+        SC_HANDLE hSCM,
+        const wchar_t *pServiceName,
+        LPDWORD pcbBufSize)
+{
+        SC_HANDLE hService;
+        LPQUERY_SERVICE_CONFIGW result = NULL;
+
+        hService = OpenServiceW(hSCM, pServiceName, SERVICE_QUERY_CONFIG);
+        if ( !hService ) return result;
+
+        result = svc_query_config_alloc(hSCM, hService, pcbBufSize);
+
+        CloseServiceHandle(hService);
+        return result;
+}
+
+LPQUERY_SERVICE_CONFIGW svc_query_config_alloc(
+        SC_HANDLE hSCM,
+        SC_HANDLE hService,
+        LPDWORD pcbBufSize)
+{
+        DWORD cbBytesNeeded;
+        LPQUERY_SERVICE_CONFIGW result = NULL;
+
+        if ( !QueryServiceConfigW(hService, NULL, 0, &cbBytesNeeded)
+                && GetLastError() == ERROR_INSUFFICIENT_BUFFER ) {
+
+                result = malloc(cbBytesNeeded);
+                if ( result ) {
+                        if ( QueryServiceConfigW(hService, result, cbBytesNeeded, &cbBytesNeeded) ) {
+                                if ( pcbBufSize )
+                                        *pcbBufSize = cbBytesNeeded;
+                        } else {
+                                free(result);
+                                result = NULL;
+                        }
+                }
+        }
+        return result;
+}
+
+bool svc_query_process_info_by_name(
+        SC_HANDLE hSCM,
+        const wchar_t *pServiceName,
+        LPSERVICE_STATUS_PROCESS pServiceStatus)
+{
+        bool result = false;
+        SC_HANDLE hService;
+        DWORD cbBytesNeeded;
+
+        hService = OpenServiceW(hSCM, pServiceName, SERVICE_QUERY_STATUS);
+        if ( !hService )
+                return result;
+
+        result = !!QueryServiceStatusEx(hService,
+                SC_STATUS_PROCESS_INFO,
+                (LPBYTE)pServiceStatus,
+                sizeof *pServiceStatus,
+                &cbBytesNeeded);
+        CloseServiceHandle(hService);
+        return result;
+}
+
+bool svc_query_group_name(
+        const LPQUERY_SERVICE_CONFIGW pServiceConfig,
+        wchar_t **pGroupName,
+        HLOCAL *hMem)
+{
+        bool result = false;
+        int NumArgs;
+        wchar_t **argv;
+
+        argv = CommandLineToArgvW(pServiceConfig->lpBinaryPathName, &NumArgs);
+        if ( argv ) {
+                if ( !_wcsicmp(PathFindFileNameW(argv[0]), L"svchost.exe") ) {
+
+                        for ( int i = 1; (i + 1) < NumArgs; i++ ) {
+                                if ( !_wcsicmp(argv[i], L"-k") ) {
+                                        *pGroupName = argv[++i];
+                                        *hMem = (HLOCAL)argv;
+                                        return true;
+                                }
+                        }
+                }
+                LocalFree((HLOCAL)argv);
+        }
+        return false;
+}
+
+DWORD svc_query_process_id(SC_HANDLE hSCM, SC_HANDLE hService)
+{
+        DWORD result = 0;
+        SERVICE_STATUS_PROCESS ServiceStatus;
+        DWORD cbBytesNeeded;
+
+        if ( QueryServiceStatusEx(hService,
+                SC_STATUS_PROCESS_INFO,
+                (LPBYTE)&ServiceStatus,
+                sizeof ServiceStatus,
+                &cbBytesNeeded) ) {
+
+                result = ServiceStatus.dwProcessId;
+        }
+        return result;
+}
+
+DWORD svc_query_process_id_by_name(SC_HANDLE hSCM, const wchar_t *pServiceName)
+{
+        SERVICE_STATUS_PROCESS ServiceStatusProcess;
+
+        if ( svc_query_process_info_by_name(hSCM, pServiceName, &ServiceStatusProcess) )
+                return ServiceStatusProcess.dwProcessId;
+        return 0;
+}
+
+DWORD svc_heuristic_group_process_id(SC_HANDLE hSCM, const wchar_t *pGroupNameSearch)
+{
+        wchar_t *pData;
+        DWORD result = 0;
+        DWORD dwProcessId;
+        DWORD cbBufSize;
+        LPQUERY_SERVICE_CONFIGW pServiceConfig;
+        bool success = false;
+        wchar_t *pGroupName;
+        HLOCAL hMem;
+
+        pData = reg_get_value_alloc(HKEY_LOCAL_MACHINE,
+                L"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Svchost",
+                pGroupNameSearch,
+                RRF_RT_REG_MULTI_SZ,
+                NULL,
+                NULL);
+
+        if ( !pData ) return result;
+
+        for ( wchar_t *pName = pData; *pName; pName += wcslen(pName) + 1 ) {
+                dwProcessId = svc_query_process_id_by_name(hSCM, pName);
+                if ( !dwProcessId ) continue;
+
+                pServiceConfig = svc_query_config_by_name_alloc(hSCM, pName, &cbBufSize);
+                if ( !pServiceConfig ) continue;
+
+                if ( pServiceConfig->dwServiceType == SERVICE_WIN32_SHARE_PROCESS
+                        && svc_query_group_name(pServiceConfig, &pGroupName, &hMem) ) {
+
+                        success = !_wcsicmp(pGroupNameSearch, pGroupName);
+                        LocalFree(hMem);
+                }
+                free(pServiceConfig);
+                if ( success ) {
+                        result = dwProcessId;
+                        break;
+                }
+        }
+        free(pData);
+        return result;
+}
+
+DWORD svc_heuristic_process_id(SC_HANDLE hSCM, SC_HANDLE hService)
+{
+        DWORD result = 0;
+        LPQUERY_SERVICE_CONFIGW pServiceConfig;
+        wchar_t *pGroupName;
+        HLOCAL hMem;
+
+        result = svc_query_process_id(hSCM, hService);
+        if ( result )
+                return result;
+
+        pServiceConfig = svc_query_config_alloc(hSCM, hService, NULL);
+        if ( pServiceConfig ) {
+                switch ( pServiceConfig->dwServiceType ) {
+                case SERVICE_WIN32_OWN_PROCESS:
+                        // if the service isn't already running there's no
+                        // way to accurately guess the PID when it is set to
+                        // run in its own process. returns 0
+                        break;
+                case SERVICE_WIN32_SHARE_PROCESS:
+                        // when the service is configured to run in a shared
+                        // process, it is possible to "guess" which svchost.exe
+                        // it will eventually be loaded into by finding other
+                        // services in the same group that are already running.
+                        if ( svc_query_group_name(pServiceConfig, &pGroupName, &hMem) ) {
+                                result = svc_heuristic_group_process_id(hSCM, pGroupName);
+                                LocalFree(hMem);
+                        }
+                        break;
+                }
+                free(pServiceConfig);
+        }
+        return result;
+}
+
+DWORD svc_heuristic_process_id_by_name(SC_HANDLE hSCM, const wchar_t *pServiceName)
+{
+        DWORD result = 0;
+        SC_HANDLE hService;
+
+        hService = OpenServiceW(hSCM, pServiceName, SERVICE_QUERY_STATUS | SERVICE_QUERY_CONFIG);
+        result = svc_heuristic_process_id(hSCM, hService);
+        CloseServiceHandle(hService);
+        return result;
+
+}

src/wufuc/servicehelper.h

@@ -0,0 +1,23 @@
+#pragma once
+
+LPQUERY_SERVICE_CONFIGW svc_query_config_by_name_alloc(
+        SC_HANDLE hSCM,
+        const wchar_t *pServiceName,
+        LPDWORD pcbBufSize);
+LPQUERY_SERVICE_CONFIGW svc_query_config_alloc(
+        SC_HANDLE hSCM,
+        SC_HANDLE hService,
+        LPDWORD pcbBufSize);
+bool svc_query_process_info_by_name(
+        SC_HANDLE hSCM,
+        const wchar_t *pServiceName,
+        LPSERVICE_STATUS_PROCESS pServiceStatus);
+bool svc_query_group_name(
+        const LPQUERY_SERVICE_CONFIGW pServiceConfig,
+        wchar_t **pGroupName,
+        HLOCAL *hMem);
+DWORD svc_query_process_id(SC_HANDLE hSCM, SC_HANDLE hService);
+DWORD svc_query_process_id_by_name(SC_HANDLE hSCM, const wchar_t *pServiceName);
+DWORD svc_heuristic_group_process_id(SC_HANDLE hSCM, const wchar_t *pGroupName);
+DWORD svc_heuristic_process_id(SC_HANDLE hSCM, SC_HANDLE hService);
+DWORD svc_heuristic_process_id_by_name(SC_HANDLE hSCM, const wchar_t *pServiceName);

src/wufuc/stdafx.c

@@ -0,0 +1,7 @@
+// stdafx.c : source file that includes just the standard includes
+// stdafx.obj will contain the pre-compiled type information
+
+#include "stdafx.h"
+
+// TODO: reference any additional headers you need in STDAFX.H
+// and not in this file

src/wufuc/stdafx.h

@@ -0,0 +1,32 @@
+// stdafx.h : include file for standard system include files,
+// or project specific include files that are used frequently, but
+// are changed infrequently
+//
+
+#pragma once
+
+#include "targetver.h"
+
+// Windows Header Files:
+#include <phnt_windows.h>
+#include <phnt.h>
+
+
+
+// TODO: reference additional headers your program requires here
+#include <stdlib.h>
+#include <stdio.h>
+#include <stdbool.h>
+#include <stdint.h>
+#include <time.h>
+#include <share.h>
+
+#include <strsafe.h>
+#include <shellapi.h>
+#include <Shlwapi.h>
+#include <Psapi.h>
+#include <TlHelp32.h>
+
+extern IMAGE_DOS_HEADER __ImageBase;
+#define PIMAGEBASE ((HMODULE)&__ImageBase)
+

src/wufuc/targetver.h

@@ -0,0 +1,9 @@
+#pragma once
+
+// Including SDKDDKVer.h defines the highest available Windows platform.
+
+// If you wish to build your application for a previous Windows platform, include WinSDKVer.h and
+// set the _WIN32_WINNT macro to the platform you wish to support before including SDKDDKVer.h.
+
+#define _WIN32_WINNT _WIN32_WINNT_WIN7
+#include <SDKDDKVer.h>

src/wufuc/versionhelper.c

@@ -0,0 +1,108 @@
+#include "stdafx.h"
+#include "versionhelper.h"
+
+int ver_compare_product_version(VS_FIXEDFILEINFO *pffi, WORD wMajor, WORD wMinor, WORD wBuild, WORD wRev)
+{
+        if ( HIWORD(pffi->dwProductVersionMS) < wMajor ) return -1;
+        if ( HIWORD(pffi->dwProductVersionMS) > wMajor ) return 1;
+        if ( LOWORD(pffi->dwProductVersionMS) < wMinor ) return -1;
+        if ( LOWORD(pffi->dwProductVersionMS) > wMinor ) return 1;
+        if ( HIWORD(pffi->dwProductVersionLS) < wBuild ) return -1;
+        if ( HIWORD(pffi->dwProductVersionLS) > wBuild ) return 1;
+        if ( LOWORD(pffi->dwProductVersionLS) < wRev ) return -1;
+        if ( LOWORD(pffi->dwProductVersionLS) > wRev ) return 1;
+        return 0;
+}
+
+bool ver_get_version_info_from_hmodule(HMODULE hModule, const wchar_t *pszSubBlock, LPVOID pData, PUINT pcbData)
+{
+        bool result = false;
+        UINT cbData;
+        HRSRC hResInfo;
+        DWORD dwSize;
+        HGLOBAL hResData;
+        LPVOID pRes;
+        LPVOID pCopy;
+        LPVOID pBuffer;
+        UINT uLen;
+
+        if ( !pcbData ) return result;
+        cbData = *pcbData;
+
+        hResInfo = FindResourceW(hModule,
+                MAKEINTRESOURCEW(VS_VERSION_INFO),
+                RT_VERSION);
+        if ( !hResInfo ) return result;
+
+        dwSize = SizeofResource(hModule, hResInfo);
+        if ( !dwSize ) return result;
+
+        hResData = LoadResource(hModule, hResInfo);
+        if ( !hResData ) return result;
+
+        pRes = LockResource(hResData);
+        if ( !pRes ) return result;
+
+        pCopy = malloc(dwSize);
+        if ( !pCopy ) return result;
+
+        if ( memcpy_s(pCopy, dwSize, pRes, dwSize)
+                || !VerQueryValueW(pCopy, pszSubBlock, &pBuffer, &uLen) )
+                goto cleanup;
+
+        if ( !_wcsnicmp(pszSubBlock, L"\\StringFileInfo\\", 16) )
+                *pcbData = uLen * sizeof(wchar_t);
+        else
+                *pcbData = uLen;
+
+        if ( !pData ) {
+                result = true;
+                goto cleanup;
+        }
+        if ( cbData < *pcbData
+                || memcpy_s(pData, cbData, pBuffer, *pcbData) )
+                goto cleanup;
+
+        result = true;
+cleanup:
+        free(pCopy);
+        return result;
+}
+
+LPVOID ver_get_version_info_from_hmodule_alloc(HMODULE hModule, const wchar_t *pszSubBlock, PUINT pcbData)
+{
+        UINT cbData = 0;
+        LPVOID result = NULL;
+
+        if ( !ver_get_version_info_from_hmodule(hModule, pszSubBlock, NULL, &cbData) )
+                return result;
+
+        result = malloc(cbData);
+        if ( !result ) return result;
+
+        if ( ver_get_version_info_from_hmodule(hModule, pszSubBlock, result, &cbData) ) {
+                *pcbData = cbData;
+        } else {
+                free(result);
+                result = NULL;
+        }
+        return result;
+}
+
+bool ver_verify_version_info(WORD wMajorVersion, WORD wMinorVersion, WORD wServicePackMajor)
+{
+        DWORDLONG dwlConditionMask = 0;
+        OSVERSIONINFOEXW osvi = { sizeof osvi };
+
+        VER_SET_CONDITION(dwlConditionMask, VER_MAJORVERSION, VER_EQUAL);
+        VER_SET_CONDITION(dwlConditionMask, VER_MINORVERSION, VER_EQUAL);
+        VER_SET_CONDITION(dwlConditionMask, VER_SERVICEPACKMAJOR, VER_GREATER_EQUAL);
+
+        osvi.dwMajorVersion = wMajorVersion;
+        osvi.dwMinorVersion = wMinorVersion;
+        osvi.wServicePackMajor = wServicePackMajor;
+
+        return VerifyVersionInfoW(&osvi,
+                VER_MAJORVERSION | VER_MINORVERSION | VER_SERVICEPACKMAJOR,
+                dwlConditionMask) != FALSE;
+}

src/wufuc/versionhelper.h

@@ -0,0 +1,6 @@
+#pragma once
+
+int ver_compare_product_version(VS_FIXEDFILEINFO *pffi, WORD wMajor, WORD wMinor, WORD wBuild, WORD wRev);
+bool ver_get_version_info_from_hmodule(HMODULE hModule, const wchar_t *pszSubBlock, LPVOID pData, PUINT pcbData);
+LPVOID ver_get_version_info_from_hmodule_alloc(HMODULE hModule, const wchar_t *pszSubBlock, PUINT pcbData);
+bool ver_verify_version_info(WORD wMajorVersion, WORD wMinorVersion, WORD wServicePackMajor);

src/wufuc/wufuc.c

@@ -0,0 +1,194 @@
+#include "stdafx.h"
+#include "ptrlist.h"
+#include "wufuc.h"
+#include "hooks.h"
+#include "log.h"
+#include "modulehelper.h"
+#include "mutexhelper.h"
+#include "patternfind.h"
+#include "versionhelper.h"
+
+#include <minhook.h>
+
+HANDLE g_hMainMutex;
+
+bool close_remote_handle(HANDLE hProcess, HANDLE hObject)
+{
+        bool result = false;
+        DWORD ExitCode;
+        HANDLE hThread;
+
+        hThread = CreateRemoteThread(hProcess,
+                NULL,
+                0,
+                (LPTHREAD_START_ROUTINE)CloseHandle,
+                (LPVOID)hObject,
+                0,
+                NULL);
+        if ( hThread ) {
+                if ( WaitForSingleObject(hThread, INFINITE) == WAIT_OBJECT_0
+                        && GetExitCodeThread(hThread, &ExitCode) ) {
+
+                        result = !!ExitCode;
+                }
+                CloseHandle(hThread);
+        }
+        return result;
+}
+
+bool wufuc_inject(DWORD dwProcessId,
+        LPTHREAD_START_ROUTINE pStartAddress,
+        ptrlist_t *list)
+{
+        bool result = false;
+        HANDLE hCrashMutex;
+        HANDLE hProcess;
+        HANDLE h;
+        HANDLE hProceedEvent;
+        HANDLE p[4];
+
+        hCrashMutex = mutex_create_new_fmt(false, L"Global\\wufuc_CrashMutex*%08x", dwProcessId);
+        if ( !hCrashMutex ) return result;
+        if ( !ptrlist_add(list, hCrashMutex, dwProcessId) )
+                goto close_mutex;
+
+        hProceedEvent = CreateEventW(NULL, TRUE, FALSE, NULL);
+        if ( !hProceedEvent ) goto close_mutex;
+
+        hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwProcessId);
+        if ( !hProcess ) goto close_pevent;
+
+        h = GetCurrentProcess();
+        if ( !DuplicateHandle(h, g_hMainMutex, hProcess, &p[0], SYNCHRONIZE, FALSE, 0) )
+                goto close_process;
+        if ( !DuplicateHandle(h, ptrlist_at(list, 0, NULL), hProcess, &p[1], SYNCHRONIZE, FALSE, 0) )
+                goto close_p0;
+        if ( !DuplicateHandle(h, hCrashMutex, hProcess, &p[2], 0, FALSE, DUPLICATE_SAME_ACCESS) )
+                goto close_p1;
+        if ( !DuplicateHandle(h, hProceedEvent, hProcess, &p[3], EVENT_MODIFY_STATE, FALSE, 0) )
+                goto close_p2;
+
+        result = mod_inject_and_begin_thread(hProcess, PIMAGEBASE, pStartAddress, p, sizeof p);
+
+        if ( result ) {
+                // wait for injected thread to signal that it has taken
+                // ownership of hCrashMutex before proceeding.
+                result = WaitForSingleObject(hProceedEvent, 5000) != WAIT_TIMEOUT;
+        } else {
+                close_remote_handle(hProcess, p[3]);
+close_p2:
+                close_remote_handle(hProcess, p[2]);
+close_p1:
+                close_remote_handle(hProcess, p[1]);
+close_p0:
+                close_remote_handle(hProcess, p[0]);
+        }
+close_process:
+        CloseHandle(hProcess);
+close_pevent:
+        CloseHandle(hProceedEvent);
+        if ( !result ) {
+close_mutex:
+                ptrlist_remove(list, hCrashMutex);
+                CloseHandle(hCrashMutex);
+        }
+        if ( result )
+                log_info(L"Successfully injected into process! (ProcessId=%lu)", dwProcessId);
+        else
+                log_warning(L"Failed to inject into process! (ProcessId=%lu)", dwProcessId);
+        return result;
+}
+
+bool wufuc_hook(HMODULE hModule)
+{
+        bool result = false;
+        PLANGANDCODEPAGE ptl;
+        HANDLE hProcess;
+        UINT cbtl;
+        wchar_t SubBlock[38];
+        wchar_t *pInternalName;
+        UINT cbInternalName;
+        VS_FIXEDFILEINFO *pffi;
+        UINT cbffi;
+        bool tmp;
+        MODULEINFO modinfo;
+        size_t offset;
+        LPVOID pTarget = NULL;
+        MH_STATUS status;
+
+        ptl = ver_get_version_info_from_hmodule_alloc(hModule, L"\\VarFileInfo\\Translation", &cbtl);
+        if ( !ptl ) {
+                log_error(L"ver_get_version_info_from_hmodule_alloc failed!");
+                return false;
+        }
+        hProcess = GetCurrentProcess();
+
+        for ( size_t i = 0, count = (cbtl / sizeof *ptl); i < count; i++ ) {
+                if ( swprintf_s(SubBlock,
+                        _countof(SubBlock),
+                        L"\\StringFileInfo\\%04x%04x\\InternalName",
+                        ptl[i].wLanguage,
+                        ptl[i].wCodePage) == -1 )
+                        continue;
+
+                pInternalName = ver_get_version_info_from_hmodule_alloc(hModule, SubBlock, &cbInternalName);
+                if ( !pInternalName ) {
+                        log_error(L"ver_get_version_info_from_hmodule_alloc failed!");
+                        continue;
+                }
+                // identify wuaueng.dll by its resource data
+                if ( _wcsicmp(pInternalName, L"wuaueng.dll") ) {
+                        log_error(L"Module internal name does not match! (InternalName=%ls)", pInternalName);
+                        goto free_iname;
+                }
+                pffi = ver_get_version_info_from_hmodule_alloc(hModule, L"\\", &cbffi);
+                if ( !pffi ) {
+                        log_error(L"ver_get_version_info_from_hmodule_alloc failed!");
+                        break;
+                }
+                // assure wuaueng.dll version is supported
+                tmp = ((ver_verify_version_info(6, 1, 0) && ver_compare_product_version(pffi, 7, 6, 7601, 23714) != -1)
+                        || (ver_verify_version_info(6, 3, 0) && ver_compare_product_version(pffi, 7, 9, 9600, 18621) != -1));
+
+                log_info(L"%ls Windows Update Agent version: %hu.%hu.%hu.%hu",
+                        tmp ? L"Supported" : L"Unsupported",
+                        HIWORD(pffi->dwProductVersionMS),
+                        LOWORD(pffi->dwProductVersionMS),
+                        HIWORD(pffi->dwProductVersionLS),
+                        LOWORD(pffi->dwProductVersionLS));
+                free(pffi);
+                if ( !tmp ) break;
+
+                if ( !GetModuleInformation(hProcess, hModule, &modinfo, sizeof modinfo) ) {
+                        log_error(L"GetModuleInformation failed! (hModule=%p, GLE=%lu)",
+                                hModule, GetLastError());
+                        break;
+                }
+                offset = patternfind(modinfo.lpBaseOfDll, modinfo.SizeOfImage,
+#ifdef _WIN64
+                        "FFF3 4883EC?? 33DB 391D???????? 7508 8B05????????"
+#else
+                        ver_verify_version_info(6, 1, 0)
+                        ? "833D????????00 743E E8???????? A3????????"
+                        : "8BFF 51 833D????????00 7507 A1????????"
+#endif
+                );
+                if ( offset != -1 ) {
+                        pTarget = (LPVOID)RtlOffsetToPointer(modinfo.lpBaseOfDll, offset);
+                        log_info(L"Matched IsDeviceServiceable function! (Offset=%IX, Address=%p)", offset, pTarget);
+
+                        status = MH_CreateHook(pTarget, IsDeviceServiceable_hook, NULL);
+                        if ( status == MH_OK ) {
+                                status = MH_EnableHook(pTarget);
+                                if ( status == MH_OK )
+                                        log_info(L"Hooked IsDeviceServiceable! (Address=%p)", pTarget);
+                                else log_error(L"Failed to enable IsDeviceServiceable hook! (Status=%hs)", MH_StatusToString(status));
+                        } else log_error(L"Failed to create IsDeviceServiceable hook! (Status=%hs)", MH_StatusToString(status));
+                } else log_info(L"Couldn't match IsDeviceServiceable function! (Already patched?)");
+free_iname:
+                free(pInternalName);
+                break;
+        }
+        free(ptl);
+        return result;
+}

src/wufuc/wufuc.h

@@ -0,0 +1,15 @@
+#pragma once
+
+typedef struct
+{
+        WORD wLanguage;
+        WORD wCodePage;
+} LANGANDCODEPAGE, *PLANGANDCODEPAGE;
+
+#define SVCHOST_CRASH_THRESHOLD 3
+extern HANDLE g_hMainMutex;
+
+bool wufuc_inject(DWORD dwProcessId,
+        LPTHREAD_START_ROUTINE pStartAddress,
+        ptrlist_t *list);
+bool wufuc_hook(HMODULE hModule);

src/wufuc/wufuc.vcxproj

@@ -19,41 +19,58 @@
     </ProjectConfiguration>
   </ItemGroup>
   <ItemGroup>
-    <ClInclude Include="appverifier.h" />
     <ClInclude Include="callbacks.h" />
-    <ClInclude Include="helpers.h" />
+    <ClInclude Include="eventhelper.h" />
+    <ClInclude Include="mutexhelper.h" />
+    <ClInclude Include="ptrlist.h" />
+    <ClInclude Include="log.h" />
+    <ClInclude Include="modulehelper.h" />
+    <ClInclude Include="registryhelper.h" />
+    <ClInclude Include="servicehelper.h" />
+    <ClInclude Include="versionhelper.h" />
     <ClInclude Include="hooks.h" />
-    <ClInclude Include="rtl_malloc.h" />
-    <ClInclude Include="tracing.h" />
-    <ClInclude Include="patchwua.h" />
     <ClInclude Include="patternfind.h" />
+    <ClInclude Include="stdafx.h" />
+    <ClInclude Include="targetver.h" />
+    <ClInclude Include="wufuc.h" />
   </ItemGroup>
   <ItemGroup>
     <ClCompile Include="callbacks.c" />
     <ClCompile Include="dllmain.c" />
-    <ClCompile Include="helpers.c" />
+    <ClCompile Include="eventhelper.c" />
+    <ClCompile Include="ptrlist.c" />
+    <ClCompile Include="modulehelper.c" />
+    <ClCompile Include="registryhelper.c" />
+    <ClCompile Include="servicehelper.c" />
+    <ClCompile Include="mutexhelper.c" />
+    <ClCompile Include="versionhelper.c" />
     <ClCompile Include="hooks.c" />
-    <ClCompile Include="rtl_malloc.c" />
+    <ClCompile Include="log.c" />
-    <ClCompile Include="rundll32.c" />
-    <ClCompile Include="tracing.c" />
-    <ClCompile Include="patchwua.c" />
     <ClCompile Include="patternfind.c" />
+    <ClCompile Include="stdafx.c">
+      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
+      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
+      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader>
+      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader>
+    </ClCompile>
+    <ClCompile Include="rundll32.c" />
+    <ClCompile Include="wufuc.c" />
   </ItemGroup>
   <ItemGroup>
     <None Include="exports.def" />
-    <None Include="wufuc.rch">
+    <None Include="resource.h">
       <FileType>Document</FileType>
     </None>
   </ItemGroup>
   <ItemGroup>
-    <ResourceCompile Include="wufuc.rc" />
+    <ResourceCompile Include="resource.rc" />
   </ItemGroup>
   <PropertyGroup Label="Globals">
     <VCProjectVersion>15.0</VCProjectVersion>
     <ProjectGuid>{00F96695-CE41-4C2F-A344-6219DFB4F887}</ProjectGuid>
     <Keyword>Win32Proj</Keyword>
     <RootNamespace>wufuc</RootNamespace>
-    <WindowsTargetPlatformVersion>10.0.15063.0</WindowsTargetPlatformVersion>
+    <WindowsTargetPlatformVersion>10.0.16299.0</WindowsTargetPlatformVersion>
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
@@ -106,7 +123,8 @@
     <IntDir>$(ProjectDir)$(BaseIntermediateOutputPath)$(Configuration)\$(PlatformShortName)\</IntDir>
     <TargetName>$(ProjectName)$(PlatformArchitecture)</TargetName>
     <GenerateManifest>false</GenerateManifest>
-    <IncludePath>$(SolutionDir)phnt\include;$(IncludePath)</IncludePath>
+    <IncludePath>$(SolutionDir)..\inc\phnt;$(SolutionDir)..\inc\minhook;$(IncludePath)</IncludePath>
+    <LibraryPath>$(SolutionDir)..\lib\minhook;$(LibraryPath)</LibraryPath>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <LinkIncremental>true</LinkIncremental>
@@ -114,42 +132,46 @@
     <IntDir>$(ProjectDir)$(BaseIntermediateOutputPath)$(Configuration)\$(PlatformShortName)\</IntDir>
     <TargetName>$(ProjectName)$(PlatformArchitecture)</TargetName>
     <GenerateManifest>false</GenerateManifest>
-    <IncludePath>$(SolutionDir)phnt\include;$(IncludePath)</IncludePath>
+    <IncludePath>$(SolutionDir)..\inc\phnt;$(SolutionDir)..\inc\minhook;$(IncludePath)</IncludePath>
+    <LibraryPath>$(SolutionDir)..\lib\minhook;$(LibraryPath)</LibraryPath>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <LinkIncremental>false</LinkIncremental>
     <OutDir>$(ProjectDir)bin\$(Configuration)\$(PlatformShortName)\</OutDir>
-    <IntDir>$(ProjectDir)$(BaseIntermediateOutputPath)$(Configuration)\$(PlatformShortName)\</IntDir>
+    <IntDir>$(ProjectDir)obj\$(Configuration)\$(PlatformShortName)\</IntDir>
     <TargetName>$(ProjectName)$(PlatformArchitecture)</TargetName>
     <GenerateManifest>false</GenerateManifest>
-    <IncludePath>$(SolutionDir)phnt\include;$(IncludePath)</IncludePath>
+    <IncludePath>$(SolutionDir)..\inc\phnt;$(SolutionDir)..\inc\minhook;$(IncludePath)</IncludePath>
+    <LibraryPath>$(SolutionDir)..\lib\minhook;$(LibraryPath)</LibraryPath>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <LinkIncremental>false</LinkIncremental>
     <OutDir>$(ProjectDir)bin\$(Configuration)\$(PlatformShortName)\</OutDir>
-    <IntDir>$(ProjectDir)$(BaseIntermediateOutputPath)$(Configuration)\$(PlatformShortName)\</IntDir>
+    <IntDir>$(ProjectDir)obj\$(Configuration)\$(PlatformShortName)\</IntDir>
     <TargetName>$(ProjectName)$(PlatformArchitecture)</TargetName>
     <GenerateManifest>false</GenerateManifest>
-    <IncludePath>$(SolutionDir)phnt\include;$(IncludePath)</IncludePath>
+    <IncludePath>$(SolutionDir)..\inc\phnt;$(SolutionDir)..\inc\minhook;$(IncludePath)</IncludePath>
+    <LibraryPath>$(SolutionDir)..\lib\minhook;$(LibraryPath)</LibraryPath>
   </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <ClCompile>
       <WarningLevel>Level3</WarningLevel>
       <Optimization>Disabled</Optimization>
-      <PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;_USRDLL;WUFUC_EXPORTS;_NO_CRT_STDIO_INLINE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>WIN32;_DEBUG;WUFUC_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <CompileAs>CompileAsC</CompileAs>
-      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <SDLCheck>true</SDLCheck>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <ConformanceMode>true</ConformanceMode>
     </ClCompile>
     <Link>
       <SubSystem>Windows</SubSystem>
       <ModuleDefinitionFile>exports.def</ModuleDefinitionFile>
-      <EntryPointSymbol>DllMain</EntryPointSymbol>
+      <EntryPointSymbol>
-      <AdditionalDependencies>ntdll.lib;ntdllp.lib;version.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      </EntryPointSymbol>
-      <AdditionalLibraryDirectories>
+      <AdditionalDependencies>version.lib;Shlwapi.lib;libMinHook.x86.MTd.lib;%(AdditionalDependencies);ntdll.lib</AdditionalDependencies>
-      </AdditionalLibraryDirectories>
-      <IgnoreAllDefaultLibraries>true</IgnoreAllDefaultLibraries>
     </Link>
-    <PreBuildEvent />
     <ResourceCompile>
       <PreprocessorDefinitions>X86;%(PreprocessorDefinitions)</PreprocessorDefinitions>
     </ResourceCompile>
@@ -158,20 +180,21 @@
     <ClCompile>
       <WarningLevel>Level3</WarningLevel>
       <Optimization>Disabled</Optimization>
-      <PreprocessorDefinitions>_DEBUG;_WINDOWS;_USRDLL;WUFUC_EXPORTS;_NO_CRT_STDIO_INLINE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>_DEBUG;WUFUC_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <CompileAs>CompileAsC</CompileAs>
-      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <SDLCheck>true</SDLCheck>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <ConformanceMode>true</ConformanceMode>
     </ClCompile>
     <Link>
       <SubSystem>Windows</SubSystem>
-      <AdditionalDependencies>ntdll.lib;ntdllp.lib;version.lib;%(AdditionalDependencies)</AdditionalDependencies>
       <ModuleDefinitionFile>exports.def</ModuleDefinitionFile>
-      <EntryPointSymbol>DllMain</EntryPointSymbol>
+      <EntryPointSymbol>
-      <AdditionalLibraryDirectories>
+      </EntryPointSymbol>
-      </AdditionalLibraryDirectories>
+      <AdditionalDependencies>version.lib;Shlwapi.lib;libMinHook.x64.MTd.lib;%(AdditionalDependencies);ntdll.lib</AdditionalDependencies>
-      <IgnoreAllDefaultLibraries>true</IgnoreAllDefaultLibraries>
     </Link>
-    <PreBuildEvent />
     <ResourceCompile>
       <PreprocessorDefinitions>X64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
     </ResourceCompile>
@@ -179,13 +202,16 @@
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <ClCompile>
       <WarningLevel>Level3</WarningLevel>
-      <Optimization>Full</Optimization>
+      <Optimization>MaxSpeed</Optimization>
       <FunctionLevelLinking>true</FunctionLevelLinking>
       <IntrinsicFunctions>true</IntrinsicFunctions>
-      <PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;WUFUC_EXPORTS;_NO_CRT_STDIO_INLINE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;WUFUC_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <CompileAs>CompileAsC</CompileAs>
-      <FavorSizeOrSpeed>Size</FavorSizeOrSpeed>
+      <SDLCheck>true</SDLCheck>
-      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <DebugInformationFormat>None</DebugInformationFormat>
+      <ConformanceMode>true</ConformanceMode>
     </ClCompile>
     <ResourceCompile Condition="'$(APPVEYOR)'=='True'">
       <PreprocessorDefinitions>BUILD_COMMIT_VERSION=$(BUILD_COMMIT_VERSION);BUILD_VERSION_COMMA=$(BUILD_VERSION_COMMA);$(PreprocessorDefinitions)</PreprocessorDefinitions>
@@ -196,31 +222,35 @@
       <OptimizeReferences>true</OptimizeReferences>
       <GenerateDebugInformation>false</GenerateDebugInformation>
       <ModuleDefinitionFile>exports.def</ModuleDefinitionFile>
-      <EntryPointSymbol>DllMain</EntryPointSymbol>
+      <EntryPointSymbol>
-      <AdditionalDependencies>ntdll.lib;ntdllp.lib;version.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      </EntryPointSymbol>
-      <AdditionalLibraryDirectories>
+      <AdditionalDependencies>version.lib;Shlwapi.lib;libMinHook.x86.MT.lib;%(AdditionalDependencies);ntdll.lib</AdditionalDependencies>
-      </AdditionalLibraryDirectories>
+      <SetChecksum>true</SetChecksum>
-      <IgnoreAllDefaultLibraries>true</IgnoreAllDefaultLibraries>
     </Link>
-    <PostBuildEvent>
-      <Command>
-      </Command>
-    </PostBuildEvent>
-    <PreBuildEvent />
     <ResourceCompile>
       <PreprocessorDefinitions>X86;%(PreprocessorDefinitions)</PreprocessorDefinitions>
     </ResourceCompile>
+    <PostBuildEvent>
+      <Command>copy /Y "$(TargetPath)" "$(SolutionDir)wufuc_setup_bat\"
+copy /Y "$(TargetPath)" "$(SolutionDir)wufuc_setup\"</Command>
+    </PostBuildEvent>
+    <PostBuildEvent>
+      <Message>Copy release binaries to the setup staging directories</Message>
+    </PostBuildEvent>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <ClCompile>
       <WarningLevel>Level3</WarningLevel>
-      <Optimization>Full</Optimization>
+      <Optimization>MaxSpeed</Optimization>
       <FunctionLevelLinking>true</FunctionLevelLinking>
       <IntrinsicFunctions>true</IntrinsicFunctions>
-      <PreprocessorDefinitions>NDEBUG;_WINDOWS;_USRDLL;WUFUC_EXPORTS;_NO_CRT_STDIO_INLINE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>NDEBUG;WUFUC_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <CompileAs>CompileAsC</CompileAs>
-      <FavorSizeOrSpeed>Size</FavorSizeOrSpeed>
+      <PrecompiledHeader>Use</PrecompiledHeader>
-      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <SDLCheck>true</SDLCheck>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <DebugInformationFormat>None</DebugInformationFormat>
+      <ConformanceMode>true</ConformanceMode>
     </ClCompile>
     <ResourceCompile Condition="'$(APPVEYOR)'=='True'">
       <PreprocessorDefinitions>BUILD_COMMIT_VERSION=$(BUILD_COMMIT_VERSION);BUILD_VERSION_COMMA=$(BUILD_VERSION_COMMA);$(PreprocessorDefinitions)</PreprocessorDefinitions>
@@ -230,21 +260,20 @@
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
       <OptimizeReferences>true</OptimizeReferences>
       <GenerateDebugInformation>false</GenerateDebugInformation>
-      <AdditionalDependencies>ntdll.lib;ntdllp.lib;version.lib;%(AdditionalDependencies)</AdditionalDependencies>
       <ModuleDefinitionFile>exports.def</ModuleDefinitionFile>
-      <EntryPointSymbol>DllMain</EntryPointSymbol>
+      <AdditionalDependencies>version.lib;Shlwapi.lib;libMinHook.x64.MT.lib;%(AdditionalDependencies);ntdll.lib</AdditionalDependencies>
-      <AdditionalLibraryDirectories>
+      <SetChecksum>true</SetChecksum>
-      </AdditionalLibraryDirectories>
-      <IgnoreAllDefaultLibraries>true</IgnoreAllDefaultLibraries>
     </Link>
-    <PostBuildEvent>
-      <Command>
-      </Command>
-    </PostBuildEvent>
-    <PreBuildEvent />
     <ResourceCompile>
       <PreprocessorDefinitions>X64;%(PreprocessorDefinitions)</PreprocessorDefinitions>
     </ResourceCompile>
+    <PostBuildEvent>
+      <Command>copy /Y "$(TargetPath)" "$(SolutionDir)wufuc_setup_bat\"
+copy /Y "$(TargetPath)" "$(SolutionDir)wufuc_setup\"</Command>
+    </PostBuildEvent>
+    <PostBuildEvent>
+      <Message>Copy release binaries to the setup staging directories</Message>
+    </PostBuildEvent>
   </ItemDefinitionGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
   <ImportGroup Label="ExtensionTargets">

src/wufuc/wufuc.vcxproj.filters

@@ -15,71 +15,107 @@
     </Filter>
   </ItemGroup>
   <ItemGroup>
-    <ClInclude Include="patchwua.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="patternfind.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
     <ClInclude Include="callbacks.h">
       <Filter>Header Files</Filter>
     </ClInclude>
-    <ClInclude Include="helpers.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
     <ClInclude Include="hooks.h">
       <Filter>Header Files</Filter>
     </ClInclude>
-    <ClInclude Include="tracing.h">
+    <ClInclude Include="targetver.h">
       <Filter>Header Files</Filter>
     </ClInclude>
-    <ClInclude Include="appverifier.h">
+    <ClInclude Include="stdafx.h">
       <Filter>Header Files</Filter>
     </ClInclude>
-    <ClInclude Include="rtl_malloc.h">
+    <ClInclude Include="patternfind.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="versionhelper.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="servicehelper.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="registryhelper.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="wufuc.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="modulehelper.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="log.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="ptrlist.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="eventhelper.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="mutexhelper.h">
       <Filter>Header Files</Filter>
     </ClInclude>
   </ItemGroup>
   <ItemGroup>
-    <ClCompile Include="patchwua.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="patternfind.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
     <ClCompile Include="callbacks.c">
       <Filter>Source Files</Filter>
     </ClCompile>
     <ClCompile Include="dllmain.c">
       <Filter>Source Files</Filter>
     </ClCompile>
-    <ClCompile Include="helpers.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
     <ClCompile Include="hooks.c">
       <Filter>Source Files</Filter>
     </ClCompile>
-    <ClCompile Include="tracing.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="rtl_malloc.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
     <ClCompile Include="rundll32.c">
       <Filter>Source Files</Filter>
     </ClCompile>
+    <ClCompile Include="stdafx.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="patternfind.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="servicehelper.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="versionhelper.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="registryhelper.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="wufuc.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="log.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="modulehelper.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="ptrlist.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="mutexhelper.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="eventhelper.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
   </ItemGroup>
   <ItemGroup>
-    <ResourceCompile Include="wufuc.rc">
-      <Filter>Resource Files</Filter>
-    </ResourceCompile>
-  </ItemGroup>
-  <ItemGroup>
-    <None Include="wufuc.rch">
-      <Filter>Resource Files</Filter>
-    </None>
     <None Include="exports.def">
       <Filter>Source Files</Filter>
     </None>
+    <None Include="resource.h">
+      <Filter>Header Files</Filter>
+    </None>
+  </ItemGroup>
+  <ItemGroup>
+    <ResourceCompile Include="resource.rc">
+      <Filter>Resource Files</Filter>
+    </ResourceCompile>
   </ItemGroup>
 </Project>

src/wufuc_setup/.gitignore

@@ -0,0 +1,7 @@
+# Advanced Installer
+*-cache/
+*-SetupFiles/
+*.back.aip
+
+# Other
+*.dll

src/wufuc_setup/wufuc_setup.aip

@@ -0,0 +1,417 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<DOCUMENT Type="Advanced Installer" CreateVersion="14.5.2" version="14.5.2" Modules="enterprise" RootPath="." Language="en" Id="{6464EF62-1DC3-46AF-A162-AA1057FBB517}">
+  <COMPONENT cid="caphyon.advinst.msicomp.ProjectOptionsComponent">
+    <ROW Name="HiddenItems" Value="AutorunComponent;AppXProductDetailsComponent;AppXDependenciesComponent;AppXAppDetailsComponent;AppXVisualAssetsComponent;AppXCapabilitiesComponent;AppXAppDeclarationsComponent;AppXUriRulesComponent;AnalyticsComponent;ActSyncAppComponent;GameUxComponent;FirewallExceptionComponent;WebApplicationsComponent;MsiOdbcDataSrcComponent;SqlConnectionComponent;SharePointSlnComponent;SilverlightSlnComponent"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiPropsComponent">
+    <ROW Property="AI_BITMAP_DISPLAY_MODE" Value="0"/>
+    <ROW Property="AI_CLEAN_RESOURCES_DISABLE_UPGRADE" Value="1"/>
+    <ROW Property="AI_CLEAN_RESOURCES_UNINSTALL" Value="1"/>
+    <ROW Property="AI_CLEAN_RESOURCES_USER_PROMPT_BASIC_UI" Value="1"/>
+    <ROW Property="AI_CLEAN_RESOURCES_USER_PROMPT_FULL_UI" Value="1"/>
+    <ROW Property="AI_ThemeStyle" Value="aero" MsiKey="AI_ThemeStyle"/>
+    <ROW Property="ALLUSERS" Value="1"/>
+    <ROW Property="ARPCOMMENTS" Value="Enables Windows Update on PCs with unsupported processors." ValueLocId="*"/>
+    <ROW Property="ARPCONTACT" Value="https://discord.gg/G8PD2Wa"/>
+    <ROW Property="ARPHELPLINK" Value="https://github.com/zeffy/wufuc/issues"/>
+    <ROW Property="ARPNOMODIFY" MultiBuildValue="x64Build:1#x86Build:1"/>
+    <ROW Property="ARPPRODUCTICON" Value="msiexec.exe" Type="8"/>
+    <ROW Property="ARPURLINFOABOUT" Value="https://github.com/zeffy/wufuc"/>
+    <ROW Property="ARPURLUPDATEINFO" Value="https://github.com/zeffy/wufuc/releases/latest"/>
+    <ROW Property="AiPreventAutoPin" Value="System.AppUserModel.ExcludeFromShowInNewInstall"/>
+    <ROW Property="MSIFASTINSTALL" MultiBuildValue="x64Build:6#x86Build:6"/>
+    <ROW Property="Manufacturer" Value="zeffy"/>
+    <ROW Property="ProductCode" Value="1027:{F4D292D2-CE8F-4908-80AF-CB48B3E560CF} 1028:{66D6B564-B289-4F83-98E0-4296CDE37CB9} 1031:{F4662CF2-7D9F-4370-B45F-ADB021733AF9} 1033:{0DAE2218-2FB5-4AD0-9558-FA2F1B1E5ABF} 1035:{7A1DE4CB-ED5F-4EA0-B262-137BB5CDF2BF} 1036:{B2D2636D-2170-457A-A876-051F227DEEA2} 1038:{9D2917A0-8F1E-4E0F-AE62-1938BD4CED0E} 1040:{3BD98571-9F20-44F8-9162-62D664860999} 1041:{64C167D2-432B-4B82-B5AF-AF795C78F4A1} 1042:{8EAAC0A1-89E3-46B8-B101-E149E87F04F4} 1043:{8AB22455-426B-4757-B640-30729411FD11} 1045:{1CC402B6-02FD-4E14-BE66-10A12FA99106} 1046:{9E7919D2-D6AF-4864-A6C3-028F759BF307} 1049:{8FA26981-B9FF-4505-B547-4EFA9B5241C8} 1060:{3992ECFB-F774-49FE-8B7A-9C2F7B52B271} 2052:{75CEB203-1CE4-4B6F-A9DF-18D8B902C6B8} 2070:{8B6326BE-B5FE-46F3-BD61-1AC95EB0C1CA} 3082:{D564C11C-4870-43C1-BD62-F71DFC45FBF2} " Type="16"/>
+    <ROW Property="ProductLanguage" Value="1033"/>
+    <ROW Property="ProductName" Value="wufuc"/>
+    <ROW Property="ProductVersion" Value="1.0.0.0" Type="32" TargetFile="wufuc64.dll"/>
+    <ROW Property="SecureCustomProperties" Value="OLDPRODUCTS;AI_NEWERPRODUCTFOUND"/>
+    <ROW Property="UpgradeCode" Value="{4C52972C-251E-4D1B-AD09-EAA765719DCC}"/>
+    <ROW Property="WindowsType9X" MultiBuildValue="x64Build:Windows 9x/ME#x86Build:Windows 9x/ME" ValueLocId="-"/>
+    <ROW Property="WindowsType9XDisplay" MultiBuildValue="x64Build:Windows 9x/ME#x86Build:Windows 9x/ME" ValueLocId="-"/>
+    <ROW Property="WindowsTypeNT" MultiBuildValue="x64Build:Windows 9x/ME/NT/2000/XP/Vista/Windows 7/Windows 8 x86/Windows 8.1 x86/Windows 10 x86#x86Build:Windows XP SP3 x86, Windows Server 2003 SP2 x86, Windows Vista x86, Windows Server 2008 x86, Windows 8 x86, Windows 10 x86" ValueLocId="-"/>
+    <ROW Property="WindowsTypeNT40" MultiBuildValue="x64Build:Windows NT 4.0#x86Build:Windows NT 4.0" ValueLocId="-"/>
+    <ROW Property="WindowsTypeNT40Display" MultiBuildValue="x64Build:Windows NT 4.0#x86Build:Windows NT 4.0" ValueLocId="-"/>
+    <ROW Property="WindowsTypeNT50" MultiBuildValue="x64Build:Windows 2000#x86Build:Windows 2000" ValueLocId="-"/>
+    <ROW Property="WindowsTypeNT50Display" MultiBuildValue="x64Build:Windows 2000#x86Build:Windows 2000" ValueLocId="-"/>
+    <ROW Property="WindowsTypeNT5X" MultiBuildValue="x64Build:Windows XP/2003 RTM, Windows XP/2003 SP1, Windows XP SP2 x86#x86Build:Windows XP/2003 RTM, Windows XP/2003 SP1, Windows XP SP2 x86" ValueLocId="-"/>
+    <ROW Property="WindowsTypeNT5XDisplay" MultiBuildValue="x64Build:Windows XP/2003 RTM, Windows XP/2003 SP1, Windows XP SP2 x86#x86Build:Windows XP/2003 RTM, Windows XP/2003 SP1, Windows XP SP2 x86" ValueLocId="-"/>
+    <ROW Property="WindowsTypeNT64" MultiBuildValue="x64Build:Windows XP SP2 x64, Windows Server 2003 SP2 x64, Windows Vista x64, Windows Server 2008 x64, Windows 8 x64, Windows Server 2012 x64, Windows 10 x64, Windows Server 2016 x64#x86Build:Windows XP/Vista/Windows 7/Windows 8 x64/Windows 8.1 x64/Windows 10 x64" ValueLocId="-"/>
+    <ROW Property="WindowsTypeNT64Display" MultiBuildValue="x64Build:Windows XP SP2 x64, Windows Server 2003 SP2 x64, Windows Vista x64, Windows Server 2008 x64, Windows 8 x64, Windows Server 2012 x64, Windows 10 x64, Windows Server 2016 x64#x86Build:64-bit Windows versions" ValueLocId="-"/>
+    <ROW Property="WindowsTypeNTDisplay" MultiBuildValue="x64Build:32-bit Windows versions#x86Build:Windows XP SP3 x86, Windows Server 2003 SP2 x86, Windows Vista x86, Windows Server 2008 x86, Windows 8 x86, Windows 10 x86" ValueLocId="-"/>
+    <ROW Property="wufuc_TaskName" Value="wufuc.{72EEE38B-9997-42BD-85D3-2DD96DA17307}"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiDirsComponent">
+    <ROW Directory="APPDIR" Directory_Parent="TARGETDIR" DefaultDir="APPDIR:." IsPseudoRoot="1"/>
+    <ROW Directory="CommonAppDataFolder" Directory_Parent="TARGETDIR" DefaultDir="COMMON~1|CommonAppDataFolder" IsPseudoRoot="1"/>
+    <ROW Directory="SHORTCUTDIR" Directory_Parent="TARGETDIR" DefaultDir="SHORTC~1|SHORTCUTDIR" IsPseudoRoot="1"/>
+    <ROW Directory="TARGETDIR" DefaultDir="SourceDir"/>
+    <ROW Directory="Troubleshooting_1_Dir" Directory_Parent="APPDIR" DefaultDir="TROUBL~1|Troubleshooting"/>
+    <ROW Directory="Troubleshooting_Dir" Directory_Parent="SHORTCUTDIR" DefaultDir="TROUBL~1|Troubleshooting"/>
+    <ROW Directory="X64FeatureItems_Dir" Directory_Parent="APPDIR" DefaultDir=".:X64FEA~1|X64FeatureItems"/>
+    <ROW Directory="X86FeatureItems_Dir" Directory_Parent="APPDIR" DefaultDir=".:X86FEA~1|X86FeatureItems"/>
+    <ROW Directory="wufuc_Dir" Directory_Parent="CommonAppDataFolder" DefaultDir="wufuc"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiCompsComponent">
+    <ROW Component="COPYING" ComponentId="{6CA1ECA7-4C30-4BD0-A5E8-6B3E5BCBE31D}" Directory_="APPDIR" Attributes="0" KeyPath="COPYING" Type="0"/>
+    <ROW Component="ProductInformation" ComponentId="{75030EAB-5C17-4F84-B529-28003271CA3F}" Directory_="APPDIR" Attributes="4" KeyPath="Version"/>
+    <ROW Component="Restore_wuauserv.reg" ComponentId="{5CE5C35B-6B0E-4EE4-B92C-7B1D9882DFC0}" Directory_="Troubleshooting_1_Dir" Attributes="0" KeyPath="Restore_wuauserv.reg" Type="0"/>
+    <ROW Component="SHORTCUTDIR" ComponentId="{910396A4-AFDD-4E57-BF00-2FDD4108AC61}" Directory_="SHORTCUTDIR" Attributes="0"/>
+    <ROW Component="Troubleshooting" ComponentId="{D4F7163C-0FD7-4862-BF97-F1693236500C}" Directory_="Troubleshooting_Dir" Attributes="0"/>
+    <ROW Component="X64FeatureItems" ComponentId="{0E189A37-1F40-4756-ACB9-6511067D5B47}" Directory_="X64FeatureItems_Dir" Attributes="0"/>
+    <ROW Component="X86FeatureItems" ComponentId="{CBB84726-9EC3-4570-9012-37BA98719022}" Directory_="X86FeatureItems_Dir" Attributes="0"/>
+    <ROW Component="wufuc" ComponentId="{331CB0F5-F6E7-4712-9F97-3609A0D5AFE6}" Directory_="wufuc_Dir" Attributes="0"/>
+    <ROW Component="wufuc32.dll" ComponentId="{7FBEF396-DCBC-4838-A4EB-336F74A836C7}" Directory_="APPDIR" Attributes="0" KeyPath="wufuc32.dll"/>
+    <ROW Component="wufuc64.dll" ComponentId="{0407D471-998A-4FD3-BC2D-72EE56FBEEF4}" Directory_="APPDIR" Attributes="256" KeyPath="wufuc64.dll"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiFeatsComponent">
+    <ROW Feature="MainFeature" Title="MainFeature" Description="Description" Display="1" Level="1" Directory_="APPDIR" Attributes="0" Components="COPYING ProductInformation Restore_wuauserv.reg SHORTCUTDIR Troubleshooting wufuc"/>
+    <ROW Feature="X64Feature" Feature_Parent="MainFeature" Title="X64Feature" Display="0" Level="1" Directory_="APPDIR" Attributes="0" Components="X64FeatureItems wufuc64.dll" Builds="x64Build"/>
+    <ROW Feature="X86Feature" Feature_Parent="MainFeature" Title="X86Feature" Display="0" Level="1" Directory_="APPDIR" Attributes="0" Components="X86FeatureItems wufuc32.dll" Builds="x86Build"/>
+    <ATTRIBUTE name="CurrentFeature" value="MainFeature"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiFilesComponent">
+    <ROW File="COPYING" Component_="COPYING" FileName="COPYING.txt" Attributes="0" SourcePath="..\..\COPYING" SelfReg="false" NextFile="Restore_wuauserv.reg"/>
+    <ROW File="Restore_wuauserv.reg" Component_="Restore_wuauserv.reg" FileName="RESTOR~1.REG|Restore_wuauserv.reg" Attributes="0" SourcePath="..\wufuc_setup_bat\Restore_wuauserv.reg" SelfReg="false"/>
+    <ROW File="wufuc32.dll" Component_="wufuc32.dll" FileName="wufuc32.dll" Attributes="0" SourcePath="wufuc32.dll" SelfReg="false" NextFile="wufuc64.dll"/>
+    <ROW File="wufuc64.dll" Component_="wufuc64.dll" FileName="wufuc64.dll" Attributes="0" SourcePath="wufuc64.dll" SelfReg="false" NextFile="COPYING"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.custcomp.MsiShortcutPropertyComponent">
+    <ROW MsiShortcutProperty="Uninstallwufuc1" Shortcut_="Uninstallwufuc" PropertyKey="[AiPreventAutoPin]" PropVariantValue="1"/>
+    <ROW MsiShortcutProperty="License1" Shortcut_="License" PropertyKey="[AiPreventAutoPin]" PropVariantValue="1"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.AiRemoveFileComponent">
+    <ROW RemoveFile="log" Condition="(AI_CLEAN_RESOURCES_UNINSTALL = &quot;1&quot;) AND (NOT UPGRADINGPRODUCTCODE)" Options="1"/>
+    <ROW RemoveFile="_" Condition="(AI_CLEAN_RESOURCES_UNINSTALL = &quot;1&quot;) AND (NOT UPGRADINGPRODUCTCODE)" Options="0"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.BootstrOptComponent">
+    <ROW BootstrOptKey="GlobalOptions" DownloadFolder="[AppDataFolder][|Manufacturer]\[|ProductName]\prerequisites" Options="2"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.BuildComponent">
+    <ROW BuildKey="x64Build" BuildName="x64" BuildOrder="1" BuildType="1" PackageFileName="wufuc_v[|ProductVersion]-[|AI_BUILD_NAME]" Languages="en;ca;zh;zh_TW;nl;fi;fr;de;hu;it;ja;ko;pl;pt;pt_BR;ru;sl;es" LangOpt="1" InstallationType="4" UseLargeSchema="true" MsiPackageType="x64"/>
+    <ROW BuildKey="x86Build" BuildName="x86" BuildOrder="2" BuildType="1" PackageFileName="wufuc_v[|ProductVersion]-[|AI_BUILD_NAME]" Languages="en;ca;zh;zh_TW;nl;fi;fr;de;hu;it;ja;ko;pl;pt;pt_BR;ru;sl;es" LangOpt="1" InstallationType="4" UseLargeSchema="true"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.DictionaryComponent">
+    <ROW Path="&lt;AI_DICTS&gt;ui.ail"/>
+    <ROW Path="&lt;AI_DICTS&gt;ui_en.ail"/>
+    <ROW Path="&lt;AI_DICTS&gt;ui_ca.ail"/>
+    <ROW Path="&lt;AI_DICTS&gt;ui_zh.ail"/>
+    <ROW Path="&lt;AI_DICTS&gt;ui_zh_TW.ail"/>
+    <ROW Path="&lt;AI_DICTS&gt;ui_nl.ail"/>
+    <ROW Path="&lt;AI_DICTS&gt;ui_fi.ail"/>
+    <ROW Path="&lt;AI_DICTS&gt;ui_fr.ail"/>
+    <ROW Path="&lt;AI_DICTS&gt;ui_de.ail"/>
+    <ROW Path="&lt;AI_DICTS&gt;ui_hu.ail"/>
+    <ROW Path="&lt;AI_DICTS&gt;ui_it.ail"/>
+    <ROW Path="&lt;AI_DICTS&gt;ui_ja.ail"/>
+    <ROW Path="&lt;AI_DICTS&gt;ui_ko.ail"/>
+    <ROW Path="&lt;AI_DICTS&gt;ui_pl.ail"/>
+    <ROW Path="&lt;AI_DICTS&gt;ui_pt.ail"/>
+    <ROW Path="&lt;AI_DICTS&gt;ui_pt_BR.ail"/>
+    <ROW Path="&lt;AI_DICTS&gt;ui_ru.ail"/>
+    <ROW Path="&lt;AI_DICTS&gt;ui_sl.ail"/>
+    <ROW Path="&lt;AI_DICTS&gt;ui_es.ail"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.FragmentComponent">
+    <ROW Fragment="CommonUI.aip" Path="&lt;AI_FRAGS&gt;CommonUI.aip"/>
+    <ROW Fragment="FolderDlg.aip" Path="&lt;AI_THEMES&gt;classic\fragments\FolderDlg.aip"/>
+    <ROW Fragment="LicenseAgreementDlg.aip" Path="&lt;AI_THEMES&gt;classic\fragments\LicenseAgreementDlg.aip"/>
+    <ROW Fragment="MaintenanceTypeDlg.aip" Path="&lt;AI_THEMES&gt;classic\fragments\MaintenanceTypeDlg.aip"/>
+    <ROW Fragment="MaintenanceWelcomeDlg.aip" Path="&lt;AI_THEMES&gt;classic\fragments\MaintenanceWelcomeDlg.aip"/>
+    <ROW Fragment="SequenceDialogs.aip" Path="&lt;AI_THEMES&gt;classic\fragments\SequenceDialogs.aip"/>
+    <ROW Fragment="Sequences.aip" Path="&lt;AI_FRAGS&gt;Sequences.aip"/>
+    <ROW Fragment="StaticUIStrings.aip" Path="&lt;AI_FRAGS&gt;StaticUIStrings.aip"/>
+    <ROW Fragment="UI.aip" Path="&lt;AI_THEMES&gt;classic\fragments\UI.aip"/>
+    <ROW Fragment="Validation.aip" Path="&lt;AI_FRAGS&gt;Validation.aip"/>
+    <ROW Fragment="VerifyRemoveDlg.aip" Path="&lt;AI_THEMES&gt;classic\fragments\VerifyRemoveDlg.aip"/>
+    <ROW Fragment="VerifyRepairDlg.aip" Path="&lt;AI_THEMES&gt;classic\fragments\VerifyRepairDlg.aip"/>
+    <ROW Fragment="WelcomeDlg.aip" Path="&lt;AI_THEMES&gt;classic\fragments\WelcomeDlg.aip"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiActionTextComponent">
+    <ROW Action="AI_AiRemoveFilesCommit" Description="Executing file removal operations" DescriptionLocId="ActionText.Description.AI_AiRemoveFilesCommit" Template="Executing file removal: [1]" TemplateLocId="ActionText.Template.AI_AiRemoveFilesCommit"/>
+    <ROW Action="AI_AiRemoveFilesDeferred_Permanent" Description="Preparing files for removal" DescriptionLocId="ActionText.Description.AI_AiRemoveFilesDeferred_Permanent" Template="Preparing file: [1]" TemplateLocId="ActionText.Template.AI_AiRemoveFilesDeferred_Permanent"/>
+    <ROW Action="AI_AiRemoveFilesDeferred_Undoable" Description="Preparing files for removal" DescriptionLocId="ActionText.Description.AI_AiRemoveFilesDeferred_Undoable" Template="Preparing file: [1]" TemplateLocId="ActionText.Template.AI_AiRemoveFilesDeferred_Undoable"/>
+    <ROW Action="AI_AiRemoveFilesImmediate" Description="Preparing files for removal" DescriptionLocId="ActionText.Description.AI_AiRemoveFilesImmediate" Template="Preparing file: [1]" TemplateLocId="ActionText.Template.AI_AiRemoveFilesImmediate"/>
+    <ROW Action="AI_AiRemoveFilesRollback" Description="Restoring removed files" DescriptionLocId="ActionText.Description.AI_AiRemoveFilesRollback" Template="Restoring file: [1]" TemplateLocId="ActionText.Template.AI_AiRemoveFilesRollback"/>
+    <ROW Action="AI_XmlCommit" Description="Committing XML file configurations." DescriptionLocId="ActionText.Description.AI_XmlCommit" Template="Committing XML file configurations." TemplateLocId="ActionText.Template.AI_XmlCommit"/>
+    <ROW Action="AI_XmlConfig" Description="Executing XML file configurations" DescriptionLocId="ActionText.Description.AI_XmlConfig" Template="Configuring XML file: &quot;[1]&quot;" TemplateLocId="ActionText.Template.AI_XmlConfig"/>
+    <ROW Action="AI_XmlInstall" Description="Generating actions to configure XML files" DescriptionLocId="ActionText.Description.AI_XmlInstall"/>
+    <ROW Action="AI_XmlRemove" Description="Executing XML file configurations" DescriptionLocId="ActionText.Description.AI_XmlRemove" Template="Configuring XML file: &quot;[1]&quot;" TemplateLocId="ActionText.Template.AI_XmlRemove"/>
+    <ROW Action="AI_XmlRollback" Description="Rolling back XML file configurations." DescriptionLocId="ActionText.Description.AI_XmlRollback" Template="Rolling back XML file configurations." TemplateLocId="ActionText.Template.AI_XmlRollback"/>
+    <ROW Action="AI_XmlUninstall" Description="Generating actions to configure XML files" DescriptionLocId="ActionText.Description.AI_XmlUninstall"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiBinaryComponent">
+    <ROW Name="AdvancedInstallerHelper.dll" SourcePath="AdvancedInstallerHelper.dll"/>
+    <ROW Name="Prereq.dll" SourcePath="&lt;AI_CUSTACTS&gt;Prereq.dll"/>
+    <ROW Name="ResourceCleaner.dll" SourcePath="&lt;AI_CUSTACTS&gt;ResourceCleaner.dll"/>
+    <ROW Name="ShortcutFlags.dll" SourcePath="&lt;AI_CUSTACTS&gt;ShortcutFlags.dll"/>
+    <ROW Name="aicustact.dll" SourcePath="&lt;AI_CUSTACTS&gt;aicustact.dll"/>
+    <ROW Name="viewer.exe" SourcePath="&lt;AI_CUSTACTS&gt;viewer.exe"/>
+    <ROW Name="xmlCfg.dll" SourcePath="&lt;AI_CUSTACTS&gt;xmlCfg.dll"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiCheckBoxComponent">
+    <ROW Property="AI_CLEAN_RESOURCES_UNINSTALL" Value="1"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiControlComponent">
+    <ROW Dialog_="LicenseAgreementDlg" Control="AgreementText" Type="ScrollableText" X="20" Y="60" Width="330" Height="120" Attributes="7" Text="LICENSE.rtf" Order="400" TextLocId="-" MsiKey="LicenseAgreementDlg#AgreementText"/>
+    <ROW Dialog_="VerifyRemoveDlg" Control="UnistallCleanupCheckBox" Type="CheckBox" X="25" Y="150" Width="320" Height="11" Attributes="3" Property="AI_CLEAN_RESOURCES_UNINSTALL" Text="Remove [ProductName] settings and temporary files." Order="1100"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiControlEventComponent">
+    <ROW Dialog_="WelcomeDlg" Control_="Next" Event="NewDialog" Argument="LicenseAgreementDlg" Condition="AI_INSTALL" Ordering="1"/>
+    <ROW Dialog_="FolderDlg" Control_="Next" Event="NewDialog" Argument="VerifyReadyDlg" Condition="AI_INSTALL" Ordering="201"/>
+    <ROW Dialog_="FolderDlg" Control_="Back" Event="NewDialog" Argument="LicenseAgreementDlg" Condition="AI_INSTALL" Ordering="1"/>
+    <ROW Dialog_="VerifyReadyDlg" Control_="Install" Event="EndDialog" Argument="Return" Condition="AI_INSTALL" Ordering="197"/>
+    <ROW Dialog_="VerifyReadyDlg" Control_="Back" Event="NewDialog" Argument="FolderDlg" Condition="AI_INSTALL" Ordering="201"/>
+    <ROW Dialog_="MaintenanceWelcomeDlg" Control_="Next" Event="NewDialog" Argument="MaintenanceTypeDlg" Condition="AI_MAINT" Ordering="99"/>
+    <ROW Dialog_="CustomizeDlg" Control_="Next" Event="NewDialog" Argument="VerifyReadyDlg" Condition="AI_MAINT" Ordering="101"/>
+    <ROW Dialog_="CustomizeDlg" Control_="Back" Event="NewDialog" Argument="MaintenanceTypeDlg" Condition="AI_MAINT" Ordering="1"/>
+    <ROW Dialog_="VerifyReadyDlg" Control_="Install" Event="EndDialog" Argument="Return" Condition="AI_MAINT" Ordering="198"/>
+    <ROW Dialog_="VerifyReadyDlg" Control_="Back" Event="NewDialog" Argument="CustomizeDlg" Condition="AI_MAINT" Ordering="202"/>
+    <ROW Dialog_="MaintenanceTypeDlg" Control_="ChangeButton" Event="NewDialog" Argument="CustomizeDlg" Condition="AI_MAINT" Ordering="501"/>
+    <ROW Dialog_="MaintenanceTypeDlg" Control_="Back" Event="NewDialog" Argument="MaintenanceWelcomeDlg" Condition="AI_MAINT" Ordering="1"/>
+    <ROW Dialog_="MaintenanceTypeDlg" Control_="RemoveButton" Event="NewDialog" Argument="VerifyRemoveDlg" Condition="AI_MAINT AND InstallMode=&quot;Remove&quot;" Ordering="601"/>
+    <ROW Dialog_="VerifyRemoveDlg" Control_="Back" Event="NewDialog" Argument="MaintenanceTypeDlg" Condition="AI_MAINT AND InstallMode=&quot;Remove&quot;" Ordering="1"/>
+    <ROW Dialog_="MaintenanceTypeDlg" Control_="RepairButton" Event="NewDialog" Argument="VerifyRepairDlg" Condition="AI_MAINT AND InstallMode=&quot;Repair&quot;" Ordering="601"/>
+    <ROW Dialog_="VerifyRepairDlg" Control_="Back" Event="NewDialog" Argument="MaintenanceTypeDlg" Condition="AI_MAINT AND InstallMode=&quot;Repair&quot;" Ordering="1"/>
+    <ROW Dialog_="VerifyRepairDlg" Control_="Repair" Event="EndDialog" Argument="Return" Condition="AI_MAINT AND InstallMode=&quot;Repair&quot;" Ordering="399" Options="1"/>
+    <ROW Dialog_="VerifyRemoveDlg" Control_="Remove" Event="EndDialog" Argument="Return" Condition="AI_MAINT AND InstallMode=&quot;Remove&quot;" Ordering="299" Options="1"/>
+    <ROW Dialog_="PatchWelcomeDlg" Control_="Next" Event="NewDialog" Argument="VerifyReadyDlg" Condition="AI_PATCH" Ordering="201"/>
+    <ROW Dialog_="ResumeDlg" Control_="Install" Event="EndDialog" Argument="Return" Condition="AI_RESUME" Ordering="299"/>
+    <ROW Dialog_="VerifyReadyDlg" Control_="Install" Event="EndDialog" Argument="Return" Condition="AI_PATCH" Ordering="199"/>
+    <ROW Dialog_="VerifyReadyDlg" Control_="Back" Event="NewDialog" Argument="PatchWelcomeDlg" Condition="AI_PATCH" Ordering="203"/>
+    <ROW Dialog_="LicenseAgreementDlg" Control_="Next" Event="NewDialog" Argument="FolderDlg" Condition="AI_INSTALL" Ordering="1"/>
+    <ROW Dialog_="LicenseAgreementDlg" Control_="Back" Event="NewDialog" Argument="WelcomeDlg" Condition="AI_INSTALL" Ordering="1"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiCreateFolderComponent">
+    <ROW Directory_="SHORTCUTDIR" Component_="SHORTCUTDIR" ManualDelete="false"/>
+    <ROW Directory_="X86FeatureItems_Dir" Component_="X86FeatureItems" ManualDelete="false"/>
+    <ROW Directory_="X64FeatureItems_Dir" Component_="X64FeatureItems" ManualDelete="false"/>
+    <ROW Directory_="Troubleshooting_Dir" Component_="Troubleshooting" ManualDelete="false"/>
+    <ROW Directory_="wufuc_Dir" Component_="wufuc" ManualDelete="true"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiCustActComponent">
+    <ROW Action="AI_AiRemoveFilesCommit" Type="11777" Source="ResourceCleaner.dll" Target="OnAiRemoveFilesCommit" WithoutSeq="true"/>
+    <ROW Action="AI_AiRemoveFilesDeferred_Permanent" Type="11265" Source="ResourceCleaner.dll" Target="OnAiRemoveFilesPermanent" WithoutSeq="true"/>
+    <ROW Action="AI_AiRemoveFilesDeferred_Undoable" Type="11265" Source="ResourceCleaner.dll" Target="OnAiRemoveFilesUndoable" WithoutSeq="true"/>
+    <ROW Action="AI_AiRemoveFilesImmediate" Type="1" Source="ResourceCleaner.dll" Target="OnAiRemoveFilesImmediate"/>
+    <ROW Action="AI_AiRemoveFilesRollback" Type="11521" Source="ResourceCleaner.dll" Target="OnAiUndoRemoveFiles"/>
+    <ROW Action="AI_AppSearchEx" Type="1" Source="Prereq.dll" Target="DoAppSearchEx"/>
+    <ROW Action="AI_ApplyShortcutFlags" Type="3073" Source="ShortcutFlags.dll" Target="UpdateShortcutFlags" WithoutSeq="true"/>
+    <ROW Action="AI_BACKUP_AI_SETUPEXEPATH" Type="51" Source="AI_SETUPEXEPATH_ORIGINAL" Target="[AI_SETUPEXEPATH]"/>
+    <ROW Action="AI_DATA_SETTER" Type="51" Source="CustomActionData" Target="[~]"/>
+    <ROW Action="AI_DATA_SETTER_1" Type="51" Source="CustomActionData" Target="[~]"/>
+    <ROW Action="AI_DATA_SETTER_2" Type="51" Source="StopWindowsUpdateService" Target="wuauserv"/>
+    <ROW Action="AI_DATA_SETTER_3" Type="51" Source="StartWindowsUpdateService" Target="wuauserv"/>
+    <ROW Action="AI_DOWNGRADE" Type="19" Target="4010"/>
+    <ROW Action="AI_DpiContentScale" Type="1" Source="aicustact.dll" Target="DpiContentScale"/>
+    <ROW Action="AI_EnableDebugLog" Type="321" Source="aicustact.dll" Target="EnableDebugLog"/>
+    <ROW Action="AI_InstallModeCheck" Type="1" Source="aicustact.dll" Target="UpdateInstallMode" WithoutSeq="true"/>
+    <ROW Action="AI_PREPARE_UPGRADE" Type="65" Source="aicustact.dll" Target="PrepareUpgrade"/>
+    <ROW Action="AI_PinShortcuts" Type="1" Source="ShortcutFlags.dll" Target="PinShortcuts"/>
+    <ROW Action="AI_PinToStartScreen" Type="1025" Source="ShortcutFlags.dll" Target="PinToStartScreen" WithoutSeq="true"/>
+    <ROW Action="AI_PinToTaskbar" Type="1025" Source="ShortcutFlags.dll" Target="PinToTaskbar" WithoutSeq="true"/>
+    <ROW Action="AI_PrepareShortcutFlags" Type="1" Source="ShortcutFlags.dll" Target="PrepareActionData"/>
+    <ROW Action="AI_PromptUserBasicUI" Type="1" Source="ResourceCleaner.dll" Target="OnPromptUserBasicUI"/>
+    <ROW Action="AI_RESTORE_AI_SETUPEXEPATH" Type="51" Source="AI_SETUPEXEPATH" Target="[AI_SETUPEXEPATH_ORIGINAL]"/>
+    <ROW Action="AI_RESTORE_LOCATION" Type="65" Source="aicustact.dll" Target="RestoreLocation"/>
+    <ROW Action="AI_ResolveKnownFolders" Type="1" Source="aicustact.dll" Target="AI_ResolveKnownFolders"/>
+    <ROW Action="AI_SHOW_LOG" Type="65" Source="aicustact.dll" Target="LaunchLogFile" WithoutSeq="true"/>
+    <ROW Action="AI_STORE_LOCATION" Type="51" Source="ARPINSTALLLOCATION" Target="[APPDIR]"/>
+    <ROW Action="AI_SelectAutoPinOption" Type="51" Source="AiPreventAutoPin" Target="System.AppUserModel.StartPinOption"/>
+    <ROW Action="AI_UnpinFromStartScreen" Type="1025" Source="ShortcutFlags.dll" Target="UnpinFromStartScreen" WithoutSeq="true"/>
+    <ROW Action="AI_UnpinFromTaskbar" Type="1025" Source="ShortcutFlags.dll" Target="UnpinFromTaskbar" WithoutSeq="true"/>
+    <ROW Action="AI_UnpinShortcuts" Type="1" Source="ShortcutFlags.dll" Target="UnpinShortcuts"/>
+    <ROW Action="AI_XmlCommit" Type="11777" Source="xmlCfg.dll" Target="OnXmlCommit" WithoutSeq="true"/>
+    <ROW Action="AI_XmlConfig" Type="11265" Source="xmlCfg.dll" Target="OnXmlConfig" WithoutSeq="true"/>
+    <ROW Action="AI_XmlInstall" Type="1" Source="xmlCfg.dll" Target="OnXmlInstall" AdditionalSeq="AI_DATA_SETTER"/>
+    <ROW Action="AI_XmlRemove" Type="11265" Source="xmlCfg.dll" Target="OnXmlRemove" WithoutSeq="true"/>
+    <ROW Action="AI_XmlRollback" Type="11521" Source="xmlCfg.dll" Target="OnXmlRollback" WithoutSeq="true"/>
+    <ROW Action="AI_XmlUninstall" Type="1" Source="xmlCfg.dll" Target="OnXmlUninstall" AdditionalSeq="AI_DATA_SETTER_1"/>
+    <ROW Action="AdvancedInstallerHelper.dll" Type="3073" Source="AdvancedInstallerHelper.dll" Target="UnloadCustomAction"/>
+    <ROW Action="CreateScheduledTask" Type="3074" Source="viewer.exe" Target="/HideWindow schtasks.exe /Create /XML &quot;[APPDIR]wufuc_ScheduledTask.xml&quot; /TN &quot;[wufuc_TaskName]&quot; /F" Options="1"/>
+    <ROW Action="DeleteScheduledTask" Type="3138" Source="viewer.exe" Target="/HideWindow schtasks.exe /Delete /TN &quot;[wufuc_TaskName]&quot; /F" Options="1"/>
+    <ROW Action="RunSFCScan" Type="3138" Source="viewer.exe" Target="/HideWindow sfc.exe /SCANFILE=c:\windows\system32\wuaueng.dll" Options="1"/>
+    <ROW Action="RunScheduledTask" Type="3074" Source="viewer.exe" Target="/HideWindow schtasks.exe /Run /TN &quot;[wufuc_TaskName]&quot;" Options="1"/>
+    <ROW Action="SET_APPDIR" Type="307" Source="APPDIR" Target="[ProgramFilesFolder][Manufacturer]\[ProductName]" MultiBuildTarget="x64Build:[ProgramFiles64Folder]\[ProductName]#x86Build:[ProgramFilesFolder]\[ProductName]"/>
+    <ROW Action="SET_SHORTCUTDIR" Type="307" Source="SHORTCUTDIR" Target="[ProgramMenuFolder][ProductName]"/>
+    <ROW Action="SET_TARGETDIR_TO_APPDIR" Type="51" Source="TARGETDIR" Target="[APPDIR]"/>
+    <ROW Action="SetRebootProperty" Type="51" Source="REBOOT" Target="Force"/>
+    <ROW Action="StartWindowsUpdateService" Type="3073" Source="aicustact.dll" Target="StartWinService" Options="1" AdditionalSeq="AI_DATA_SETTER_3"/>
+    <ROW Action="StopWindowsUpdateService" Type="3073" Source="aicustact.dll" Target="StopWinService" Options="1" AdditionalSeq="AI_DATA_SETTER_2"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiIconsComponent">
+    <ROW Name="msiexec.exe" SourcePath="..\..\..\..\..\..\..\Windows\System32\msiexec.exe" Index="0"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiIniFileComponent">
+    <ROW IniFile="URL" FileName="Donate.url" DirProperty="SHORTCUTDIR" Section="InternetShortcut" Key="URL" Value="https://github.com/zeffy/wufuc/blob/master/DONATE.md" Action="0" Component_="SHORTCUTDIR"/>
+    <ROW IniFile="URL_2" FileName="Readme.url" DirProperty="SHORTCUTDIR" Section="InternetShortcut" Key="URL" Value="https://github.com/zeffy/wufuc/blob/master/README.md" Action="0" Component_="SHORTCUTDIR"/>
+    <ROW IniFile="URL_6" FileName="LATEST~1.URL|Latest Release.url" DirProperty="SHORTCUTDIR" Section="InternetShortcut" Key="URL" Value="https://github.com/zeffy/wufuc/releases/latest" Action="0" Component_="SHORTCUTDIR"/>
+    <ROW IniFile="URL_7" FileName="REPORT~1.URL|Report an Issue.url" DirProperty="Troubleshooting_Dir" Section="InternetShortcut" Key="URL" Value="https://github.com/zeffy/wufuc/issues" Action="0" Component_="SHORTCUTDIR"/>
+    <ROW IniFile="URL_8" FileName="FAQ.url" DirProperty="Troubleshooting_Dir" Section="InternetShortcut" Key="URL" Value="https://github.com/zeffy/wufuc/blob/master/FAQ.md" Action="0" Component_="SHORTCUTDIR"/>
+    <ROW IniFile="WorkingDirectory" FileName="Donate.url" DirProperty="SHORTCUTDIR" Section="InternetShortcut" Key="WorkingDirectory" Value="[SHORTCUTDIR]" Action="0" Component_="SHORTCUTDIR"/>
+    <ROW IniFile="WorkingDirectory_2" FileName="Readme.url" DirProperty="SHORTCUTDIR" Section="InternetShortcut" Key="WorkingDirectory" Value="[SHORTCUTDIR]" Action="0" Component_="SHORTCUTDIR"/>
+    <ROW IniFile="WorkingDirectory_6" FileName="LATEST~1.URL|Latest Release.url" DirProperty="SHORTCUTDIR" Section="InternetShortcut" Key="WorkingDirectory" Value="[SHORTCUTDIR]" Action="0" Component_="SHORTCUTDIR"/>
+    <ROW IniFile="WorkingDirectory_7" FileName="REPORT~1.URL|Report an Issue.url" DirProperty="Troubleshooting_Dir" Section="InternetShortcut" Key="WorkingDirectory" Value="[Troubleshooting_Dir]" Action="0" Component_="SHORTCUTDIR"/>
+    <ROW IniFile="WorkingDirectory_8" FileName="FAQ.url" DirProperty="Troubleshooting_Dir" Section="InternetShortcut" Key="WorkingDirectory" Value="[Troubleshooting_Dir]" Action="0" Component_="SHORTCUTDIR"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiInstExSeqComponent">
+    <ROW Action="AI_DOWNGRADE" Condition="AI_NEWERPRODUCTFOUND AND (UILevel &lt;&gt; 5)" Sequence="210"/>
+    <ROW Action="AI_RESTORE_LOCATION" Condition="APPDIR=&quot;&quot;" Sequence="749"/>
+    <ROW Action="AI_STORE_LOCATION" Condition="(Not Installed) OR REINSTALL" Sequence="1501"/>
+    <ROW Action="AI_PREPARE_UPGRADE" Condition="AI_UPGRADE=&quot;No&quot; AND (Not Installed)" Sequence="1398"/>
+    <ROW Action="AI_ResolveKnownFolders" Sequence="53"/>
+    <ROW Action="AI_EnableDebugLog" Sequence="51"/>
+    <ROW Action="AI_SelectAutoPinOption" Condition="VersionNT &gt; 601" Sequence="1401"/>
+    <ROW Action="AI_PrepareShortcutFlags" Condition="(VersionNT &gt; 501) AND ((NOT Installed) OR (Installed AND (REMOVE&lt;&gt;&quot;ALL&quot;) AND (AI_INSTALL_MODE&lt;&gt;&quot;Remove&quot;)))" Sequence="4501"/>
+    <ROW Action="AI_PinShortcuts" Condition="(VersionNT &gt; 600) AND ((NOT Installed) OR (Installed AND (REMOVE&lt;&gt;&quot;ALL&quot;) AND (AI_INSTALL_MODE&lt;&gt;&quot;Remove&quot;)))" Sequence="6499"/>
+    <ROW Action="AI_UnpinShortcuts" Condition="(VersionNT &gt; 600) AND (REMOVE = &quot;ALL&quot;)" Sequence="3199"/>
+    <ROW Action="AI_XmlInstall" Condition="(REMOVE &lt;&gt; &quot;ALL&quot;)" Sequence="5102"/>
+    <ROW Action="AI_DATA_SETTER" Condition="(REMOVE &lt;&gt; &quot;ALL&quot;)" Sequence="5101"/>
+    <ROW Action="AI_XmlUninstall" Condition="(REMOVE)" Sequence="3102"/>
+    <ROW Action="AI_DATA_SETTER_1" Condition="(REMOVE)" Sequence="3101"/>
+    <ROW Action="CreateScheduledTask" Condition="( ( NOT Installed ) OR ( Installed AND REMOVE &lt;&gt; &quot;ALL&quot; AND AI_INSTALL_MODE &lt;&gt; &quot;Remove&quot; ) )" Sequence="5826"/>
+    <ROW Action="DeleteScheduledTask" Sequence="3604"/>
+    <ROW Action="AdvancedInstallerHelper.dll" Sequence="1601"/>
+    <ROW Action="StopWindowsUpdateService" Condition="( ( NOT Installed ) OR ( Installed AND REMOVE &lt;&gt; &quot;ALL&quot; AND AI_INSTALL_MODE &lt;&gt; &quot;Remove&quot; ) )" Sequence="3602"/>
+    <ROW Action="AI_DATA_SETTER_2" Condition="( ( NOT Installed ) OR ( Installed AND REMOVE &lt;&gt; &quot;ALL&quot; AND AI_INSTALL_MODE &lt;&gt; &quot;Remove&quot; ) )" Sequence="3601"/>
+    <ROW Action="RunScheduledTask" Condition="( ( NOT Installed ) OR ( Installed AND REMOVE &lt;&gt; &quot;ALL&quot; AND AI_INSTALL_MODE &lt;&gt; &quot;Remove&quot; ) )" Sequence="5827"/>
+    <ROW Action="RunSFCScan" Sequence="3603"/>
+    <ROW Action="AI_AppSearchEx" Sequence="101"/>
+    <ROW Action="SetRebootProperty" Condition="NONDEFAULT_SERVICEDLL" Sequence="201"/>
+    <ROW Action="StartWindowsUpdateService" Condition="( ( NOT Installed ) OR ( Installed AND REMOVE &lt;&gt; &quot;ALL&quot; AND AI_INSTALL_MODE &lt;&gt; &quot;Remove&quot; ) )" Sequence="6402"/>
+    <ROW Action="AI_DATA_SETTER_3" Condition="( ( NOT Installed ) OR ( Installed AND REMOVE &lt;&gt; &quot;ALL&quot; AND AI_INSTALL_MODE &lt;&gt; &quot;Remove&quot; ) )" Sequence="6401"/>
+    <ROW Action="AI_AiRemoveFilesImmediate" Sequence="3499"/>
+    <ROW Action="AI_AiRemoveFilesRollback" Sequence="3099"/>
+    <ROW Action="AI_PromptUserBasicUI" Condition="((REMOVE = &quot;ALL&quot;) AND (NOT UPGRADINGPRODUCTCODE))" Sequence="2501"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiInstallUISequenceComponent">
+    <ROW Action="AI_RESTORE_LOCATION" Condition="APPDIR=&quot;&quot;" Sequence="749"/>
+    <ROW Action="AI_ResolveKnownFolders" Sequence="53"/>
+    <ROW Action="AI_DpiContentScale" Sequence="52"/>
+    <ROW Action="AI_EnableDebugLog" Sequence="51"/>
+    <ROW Action="AI_BACKUP_AI_SETUPEXEPATH" Sequence="99"/>
+    <ROW Action="AI_RESTORE_AI_SETUPEXEPATH" Condition="AI_SETUPEXEPATH_ORIGINAL" Sequence="102"/>
+    <ROW Action="AI_AppSearchEx" Sequence="101"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiLaunchConditionsComponent">
+    <ROW Condition="( Version9X OR ( NOT VersionNT64 ) OR ( VersionNT64 AND ((VersionNT64 &lt;&gt; 502) OR (ServicePackLevel &lt;&gt; 2) OR (MsiNTProductType &lt;&gt; 1)) AND ((VersionNT64 &lt;&gt; 502) OR (ServicePackLevel &lt;&gt; 2) OR (MsiNTProductType = 1)) AND ((VersionNT64 &lt;&gt; 600) OR (MsiNTProductType &lt;&gt; 1)) AND ((VersionNT64 &lt;&gt; 600) OR (MsiNTProductType = 1)) AND ((VersionNT64 &lt;&gt; 602) OR (MsiNTProductType &lt;&gt; 1)) AND ((VersionNT64 &lt;&gt; 602) OR (MsiNTProductType = 1)) AND ((VersionNT64 &lt;&gt; 1000) OR (MsiNTProductType &lt;&gt; 1)) AND ((VersionNT64 &lt;&gt; 1000) OR (ServicePackLevel &lt;&gt; 0) OR (MsiNTProductType = 1)) ) )" Description="[ProductName] cannot be installed on the following Windows versions: [WindowsTypeNT64Display]." DescriptionLocId="AI.LaunchCondition.NoSpecificNT64" IsPredefined="true" Builds="x64Build"/>
+    <ROW Condition="( Version9X OR (VersionNT AND (NOT VersionNT64)) )" Description="[ProductName] cannot be installed on [WindowsTypeNT64Display]." DescriptionLocId="AI.LaunchCondition.NoNT64" IsPredefined="true" Builds="x86Build"/>
+    <ROW Condition="( Version9X OR VersionNT64 )" Description="[ProductName] cannot be installed on [WindowsTypeNTDisplay]." DescriptionLocId="AI.LaunchCondition.NoNT" IsPredefined="true" Builds="x64Build"/>
+    <ROW Condition="( Version9X OR VersionNT64 OR ( VersionNT AND ((VersionNT &lt;&gt; 501) OR (ServicePackLevel &lt;&gt; 3)) AND ((VersionNT &lt;&gt; 502) OR (ServicePackLevel &lt;&gt; 2)) AND ((VersionNT &lt;&gt; 600) OR (MsiNTProductType &lt;&gt; 1)) AND ((VersionNT &lt;&gt; 600) OR (MsiNTProductType = 1)) AND (VersionNT &lt;&gt; 602) AND (VersionNT &lt;&gt; 1000) ) )" Description="[ProductName] cannot be installed on the following Windows versions: [WindowsTypeNTDisplay]." DescriptionLocId="AI.LaunchCondition.NoSpecificNT" IsPredefined="true" Builds="x86Build"/>
+    <ROW Condition="(VersionNT &lt;&gt; 400)" Description="[ProductName] cannot be installed on [WindowsTypeNT40Display]." DescriptionLocId="AI.LaunchCondition.NoNT40" IsPredefined="true" Builds="x64Build;x86Build"/>
+    <ROW Condition="(VersionNT &lt;&gt; 500)" Description="[ProductName] cannot be installed on [WindowsTypeNT50Display]." DescriptionLocId="AI.LaunchCondition.NoNT50" IsPredefined="true" Builds="x64Build;x86Build"/>
+    <ROW Condition="(VersionNT64 OR ((VersionNT &lt;&gt; 501) OR (ServicePackLevel = 3))) AND ((VersionNT &lt;&gt; 502) OR (ServicePackLevel = 2))" Description="[ProductName] cannot be installed on [WindowsTypeNT5XDisplay]." DescriptionLocId="AI.LaunchCondition.NoNT5X" IsPredefined="true" Builds="x64Build;x86Build"/>
+    <ROW Condition="VersionNT" Description="[ProductName] cannot be installed on [WindowsType9XDisplay]." DescriptionLocId="AI.LaunchCondition.No9X" IsPredefined="true" Builds="x64Build;x86Build"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiRegsComponent">
+    <ROW Registry="Path" Root="-1" Key="Software\[ProductName]" Name="Path" Value="[APPDIR]" Component_="ProductInformation"/>
+    <ROW Registry="Version" Root="-1" Key="Software\[ProductName]" Name="Version" Value="[ProductVersion]" Component_="ProductInformation"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiRemoveFileComponent">
+    <ROW FileKey="_" Component_="ProductInformation" DirProperty="wufuc_Dir" InstallMode="2"/>
+    <ROW FileKey="log" Component_="ProductInformation" FileName="*.log" DirProperty="wufuc_Dir" InstallMode="2"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiShortsComponent">
+    <ROW Shortcut="License" Directory_="SHORTCUTDIR" Name="License" Component_="COPYING" Target="[#COPYING]" Hotkey="0" IconIndex="0" ShowCmd="1" WkDir="APPDIR"/>
+    <ROW Shortcut="Openwufuclogfile" Directory_="Troubleshooting_Dir" Name="OPENWU~1|Open wufuc log file" Component_="Restore_wuauserv.reg" Target="[CommonAppDataFolder]wufuc\wufuc.log" Hotkey="0" IconIndex="0" ShowCmd="1"/>
+    <ROW Shortcut="Uninstallwufuc" Directory_="SHORTCUTDIR" Name="UNINST~2|Uninstall [|ProductName]" Component_="ProductInformation" Target="[SystemFolder]msiexec.exe" Arguments="/x [ProductCode]" Hotkey="0" Icon_="msiexec.exe" IconIndex="0" ShowCmd="1" CustomFlags="1"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiThemeComponent">
+    <ATTRIBUTE name="UsedTheme" value="classic"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.MsiUpgradeComponent">
+    <ROW UpgradeCode="[|UpgradeCode]" VersionMin="0.0.1" VersionMax="[|ProductVersion]" Attributes="257" ActionProperty="OLDPRODUCTS"/>
+    <ROW UpgradeCode="[|UpgradeCode]" VersionMin="[|ProductVersion]" Attributes="2" ActionProperty="AI_NEWERPRODUCTFOUND"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.PreReqSearchComponent">
+    <ROW SearchKey="_" SearchType="9" SearchString="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv\Parameters\ServiceDll" RefContent="D%systemroot%\system32\wuaueng.dll" Order="1" Property="NONDEFAULT_SERVICEDLL"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.XmlAttributeComponent">
+    <ROW XmlAttribute="Context" XmlElement="Actions" Name="Context" Flags="14" Order="0" Value="Author"/>
+    <ROW XmlAttribute="Context_1" XmlElement="Actions_1" Name="Context" Flags="14" Order="0" Value="Author"/>
+    <ROW XmlAttribute="id" XmlElement="Principal" Name="id" Flags="15" Order="0" Value="Author"/>
+    <ROW XmlAttribute="id_1" XmlElement="Principal_1" Name="id" Flags="15" Order="0" Value="Author"/>
+    <ROW XmlAttribute="version" XmlElement="Task" Name="version" Flags="14" Order="0" Value="1.3"/>
+    <ROW XmlAttribute="version_1" XmlElement="Task_1" Name="version" Flags="14" Order="0" Value="1.3"/>
+    <ROW XmlAttribute="xmlns" XmlElement="Task" Name="xmlns" Flags="14" Order="1" Value="http://schemas.microsoft.com/windows/2004/02/mit/task"/>
+    <ROW XmlAttribute="xmlns_1" XmlElement="Task_1" Name="xmlns" Flags="14" Order="1" Value="http://schemas.microsoft.com/windows/2004/02/mit/task"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.XmlElementComponent">
+    <ROW XmlElement="Actions" ParentElement="Task" Name="Actions" Condition="1" Order="4" Flags="14"/>
+    <ROW XmlElement="Actions_1" ParentElement="Task_1" Name="Actions" Condition="1" Order="4" Flags="14"/>
+    <ROW XmlElement="AllowHardTerminate" ParentElement="Settings" Name="AllowHardTerminate" Condition="1" Order="3" Flags="14" Text="true"/>
+    <ROW XmlElement="AllowHardTerminate_1" ParentElement="Settings_1" Name="AllowHardTerminate" Condition="1" Order="3" Flags="14" Text="true"/>
+    <ROW XmlElement="AllowStartOnDemand" ParentElement="Settings" Name="AllowStartOnDemand" Condition="1" Order="7" Flags="14" Text="true"/>
+    <ROW XmlElement="AllowStartOnDemand_1" ParentElement="Settings_1" Name="AllowStartOnDemand" Condition="1" Order="7" Flags="14" Text="true"/>
+    <ROW XmlElement="Arguments" ParentElement="Exec" Name="Arguments" Condition="1" Order="1" Flags="14" Text="&quot;[#wufuc32.dll]&quot;,RUNDLL32_Start"/>
+    <ROW XmlElement="Arguments_1" ParentElement="Exec_1" Name="Arguments" Condition="1" Order="1" Flags="14" Text="&quot;[#wufuc64.dll]&quot;,RUNDLL32_Start"/>
+    <ROW XmlElement="Author" ParentElement="RegistrationInfo" Name="Author" Condition="1" Order="0" Flags="14" Text="zeffy &lt;https://github.com/zeffy&gt;"/>
+    <ROW XmlElement="Author_1" ParentElement="RegistrationInfo_1" Name="Author" Condition="1" Order="0" Flags="14" Text="zeffy &lt;https://github.com/zeffy&gt;"/>
+    <ROW XmlElement="BootTrigger" ParentElement="Triggers" Name="BootTrigger" Condition="1" Order="0" Flags="14"/>
+    <ROW XmlElement="BootTrigger_1" ParentElement="Triggers_1" Name="BootTrigger" Condition="1" Order="0" Flags="14"/>
+    <ROW XmlElement="Command" ParentElement="Exec" Name="Command" Condition="1" Order="0" Flags="14" Text="&quot;[SystemFolder]rundll32.exe&quot;"/>
+    <ROW XmlElement="Command_1" ParentElement="Exec_1" Name="Command" Condition="1" Order="0" Flags="14" Text="&quot;[System64Folder]rundll32.exe&quot;"/>
+    <ROW XmlElement="Description" ParentElement="RegistrationInfo" Name="Description" Condition="1" Order="1" Flags="14" Text="Enables Windows Update on PCs with unsupported processors.  https://github.com/zeffy/wufuc"/>
+    <ROW XmlElement="Description_1" ParentElement="RegistrationInfo_1" Name="Description" Condition="1" Order="1" Flags="14" Text="Enables Windows Update on PCs with unsupported processors.  https://github.com/zeffy/wufuc"/>
+    <ROW XmlElement="DisallowStartIfOnBatteries" ParentElement="Settings" Name="DisallowStartIfOnBatteries" Condition="1" Order="1" Flags="14" Text="false"/>
+    <ROW XmlElement="DisallowStartIfOnBatteries_1" ParentElement="Settings_1" Name="DisallowStartIfOnBatteries" Condition="1" Order="1" Flags="14" Text="false"/>
+    <ROW XmlElement="DisallowStartOnRemoteAppSession" ParentElement="Settings" Name="DisallowStartOnRemoteAppSession" Condition="1" Order="11" Flags="14" Text="false"/>
+    <ROW XmlElement="DisallowStartOnRemoteAppSession_1" ParentElement="Settings_1" Name="DisallowStartOnRemoteAppSession" Condition="1" Order="11" Flags="14" Text="false"/>
+    <ROW XmlElement="Enabled" ParentElement="BootTrigger" Name="Enabled" Condition="1" Order="0" Flags="14" Text="true"/>
+    <ROW XmlElement="Enabled_1" ParentElement="LogonTrigger" Name="Enabled" Condition="1" Order="0" Flags="14" Text="true"/>
+    <ROW XmlElement="Enabled_2" ParentElement="Settings" Name="Enabled" Condition="1" Order="8" Flags="14" Text="true"/>
+    <ROW XmlElement="Enabled_3" ParentElement="BootTrigger_1" Name="Enabled" Condition="1" Order="0" Flags="14" Text="true"/>
+    <ROW XmlElement="Enabled_4" ParentElement="LogonTrigger_1" Name="Enabled" Condition="1" Order="0" Flags="14" Text="true"/>
+    <ROW XmlElement="Enabled_5" ParentElement="Settings_1" Name="Enabled" Condition="1" Order="8" Flags="14" Text="true"/>
+    <ROW XmlElement="Exec" ParentElement="Actions" Name="Exec" Condition="1" Order="0" Flags="14"/>
+    <ROW XmlElement="Exec_1" ParentElement="Actions_1" Name="Exec" Condition="1" Order="0" Flags="14"/>
+    <ROW XmlElement="ExecutionTimeLimit" ParentElement="Settings" Name="ExecutionTimeLimit" Condition="1" Order="14" Flags="14" Text="PT0S"/>
+    <ROW XmlElement="ExecutionTimeLimit_1" ParentElement="Settings_1" Name="ExecutionTimeLimit" Condition="1" Order="14" Flags="14" Text="PT0S"/>
+    <ROW XmlElement="Hidden" ParentElement="Settings" Name="Hidden" Condition="1" Order="9" Flags="14" Text="false"/>
+    <ROW XmlElement="Hidden_1" ParentElement="Settings_1" Name="Hidden" Condition="1" Order="9" Flags="14" Text="false"/>
+    <ROW XmlElement="IdleSettings" ParentElement="Settings" Name="IdleSettings" Condition="1" Order="6" Flags="14"/>
+    <ROW XmlElement="IdleSettings_1" ParentElement="Settings_1" Name="IdleSettings" Condition="1" Order="6" Flags="14"/>
+    <ROW XmlElement="LogonTrigger" ParentElement="Triggers" Name="LogonTrigger" Condition="1" Order="1" Flags="14"/>
+    <ROW XmlElement="LogonTrigger_1" ParentElement="Triggers_1" Name="LogonTrigger" Condition="1" Order="1" Flags="14"/>
+    <ROW XmlElement="MultipleInstancesPolicy" ParentElement="Settings" Name="MultipleInstancesPolicy" Condition="1" Order="0" Flags="14" Text="IgnoreNew"/>
+    <ROW XmlElement="MultipleInstancesPolicy_1" ParentElement="Settings_1" Name="MultipleInstancesPolicy" Condition="1" Order="0" Flags="14" Text="IgnoreNew"/>
+    <ROW XmlElement="Principal" ParentElement="Principals" Name="Principal" Condition="1" Order="0" Flags="14"/>
+    <ROW XmlElement="Principal_1" ParentElement="Principals_1" Name="Principal" Condition="1" Order="0" Flags="14"/>
+    <ROW XmlElement="Principals" ParentElement="Task" Name="Principals" Condition="1" Order="2" Flags="14"/>
+    <ROW XmlElement="Principals_1" ParentElement="Task_1" Name="Principals" Condition="1" Order="2" Flags="14"/>
+    <ROW XmlElement="Priority" ParentElement="Settings" Name="Priority" Condition="1" Order="15" Flags="14" Text="7"/>
+    <ROW XmlElement="Priority_1" ParentElement="Settings_1" Name="Priority" Condition="1" Order="15" Flags="14" Text="7"/>
+    <ROW XmlElement="RegistrationInfo" ParentElement="Task" Name="RegistrationInfo" Condition="1" Order="0" Flags="14"/>
+    <ROW XmlElement="RegistrationInfo_1" ParentElement="Task_1" Name="RegistrationInfo" Condition="1" Order="0" Flags="14"/>
+    <ROW XmlElement="RestartOnIdle" ParentElement="IdleSettings" Name="RestartOnIdle" Condition="1" Order="1" Flags="14" Text="false"/>
+    <ROW XmlElement="RestartOnIdle_1" ParentElement="IdleSettings_1" Name="RestartOnIdle" Condition="1" Order="1" Flags="14" Text="false"/>
+    <ROW XmlElement="RunLevel" ParentElement="Principal" Name="RunLevel" Condition="1" Order="1" Flags="14" Text="HighestAvailable"/>
+    <ROW XmlElement="RunLevel_1" ParentElement="Principal_1" Name="RunLevel" Condition="1" Order="1" Flags="14" Text="HighestAvailable"/>
+    <ROW XmlElement="RunOnlyIfIdle" ParentElement="Settings" Name="RunOnlyIfIdle" Condition="1" Order="10" Flags="14" Text="false"/>
+    <ROW XmlElement="RunOnlyIfIdle_1" ParentElement="Settings_1" Name="RunOnlyIfIdle" Condition="1" Order="10" Flags="14" Text="false"/>
+    <ROW XmlElement="RunOnlyIfNetworkAvailable" ParentElement="Settings" Name="RunOnlyIfNetworkAvailable" Condition="1" Order="5" Flags="14" Text="false"/>
+    <ROW XmlElement="RunOnlyIfNetworkAvailable_1" ParentElement="Settings_1" Name="RunOnlyIfNetworkAvailable" Condition="1" Order="5" Flags="14" Text="false"/>
+    <ROW XmlElement="Settings" ParentElement="Task" Name="Settings" Condition="1" Order="3" Flags="14"/>
+    <ROW XmlElement="Settings_1" ParentElement="Task_1" Name="Settings" Condition="1" Order="3" Flags="14"/>
+    <ROW XmlElement="StartWhenAvailable" ParentElement="Settings" Name="StartWhenAvailable" Condition="1" Order="4" Flags="14" Text="true"/>
+    <ROW XmlElement="StartWhenAvailable_1" ParentElement="Settings_1" Name="StartWhenAvailable" Condition="1" Order="4" Flags="14" Text="true"/>
+    <ROW XmlElement="StopIfGoingOnBatteries" ParentElement="Settings" Name="StopIfGoingOnBatteries" Condition="1" Order="2" Flags="14" Text="true"/>
+    <ROW XmlElement="StopIfGoingOnBatteries_1" ParentElement="Settings_1" Name="StopIfGoingOnBatteries" Condition="1" Order="2" Flags="14" Text="true"/>
+    <ROW XmlElement="StopOnIdleEnd" ParentElement="IdleSettings" Name="StopOnIdleEnd" Condition="1" Order="0" Flags="14" Text="true"/>
+    <ROW XmlElement="StopOnIdleEnd_1" ParentElement="IdleSettings_1" Name="StopOnIdleEnd" Condition="1" Order="0" Flags="14" Text="true"/>
+    <ROW XmlElement="Task" Name="Task" Condition="1" Order="0" Flags="30"/>
+    <ROW XmlElement="Task_1" Name="Task" Condition="1" Order="0" Flags="30"/>
+    <ROW XmlElement="Triggers" ParentElement="Task" Name="Triggers" Condition="1" Order="1" Flags="14"/>
+    <ROW XmlElement="Triggers_1" ParentElement="Task_1" Name="Triggers" Condition="1" Order="1" Flags="14"/>
+    <ROW XmlElement="UseUnifiedSchedulingEngine" ParentElement="Settings" Name="UseUnifiedSchedulingEngine" Condition="1" Order="12" Flags="14" Text="false"/>
+    <ROW XmlElement="UseUnifiedSchedulingEngine_1" ParentElement="Settings_1" Name="UseUnifiedSchedulingEngine" Condition="1" Order="12" Flags="14" Text="false"/>
+    <ROW XmlElement="UserId" ParentElement="Principal" Name="UserId" Condition="1" Order="0" Flags="14" Text="S-1-5-18"/>
+    <ROW XmlElement="UserId_1" ParentElement="Principal_1" Name="UserId" Condition="1" Order="0" Flags="14" Text="S-1-5-18"/>
+    <ROW XmlElement="WakeToRun" ParentElement="Settings" Name="WakeToRun" Condition="1" Order="13" Flags="14" Text="false"/>
+    <ROW XmlElement="WakeToRun_1" ParentElement="Settings_1" Name="WakeToRun" Condition="1" Order="13" Flags="14" Text="false"/>
+  </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.msicomp.XmlFileComponent">
+    <ROW XmlFile="wufuc_ScheduledTask32.xml" FileName="WUFUC_~2.XML|wufuc_ScheduledTask.xml" DirProperty="X86FeatureItems_Dir" Component="wufuc32.dll" RootElement="Task" Flags="89" Version="1.0" Encoding="UTF-16" IndentUnits="2"/>
+    <ROW XmlFile="wufuc_ScheduledTask64.xml" FileName="WUFUC_~1.XML|wufuc_ScheduledTask.xml" DirProperty="X64FeatureItems_Dir" Component="wufuc64.dll" RootElement="Task_1" Flags="89" Version="1.0" Encoding="UTF-16" IndentUnits="2"/>
+  </COMPONENT>
+</DOCUMENT>

src/wufuc_setup_bat/.gitignore

@@ -0,0 +1,4 @@
+# Other
+*.dll
+*.exe
+*.zip

src/wufuc_setup_bat/COPYING.txt

@@ -0,0 +1,674 @@
+                    GNU GENERAL PUBLIC LICENSE
+                       Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+                            Preamble
+
+  The GNU General Public License is a free, copyleft license for
+software and other kinds of works.
+
+  The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works.  By contrast,
+the GNU General Public License is intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users.  We, the Free Software Foundation, use the
+GNU General Public License for most of our software; it applies also to
+any other work released this way by its authors.  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+  To protect your rights, we need to prevent others from denying you
+these rights or asking you to surrender the rights.  Therefore, you have
+certain responsibilities if you distribute copies of the software, or if
+you modify it: responsibilities to respect the freedom of others.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must pass on to the recipients the same
+freedoms that you received.  You must make sure that they, too, receive
+or can get the source code.  And you must show them these terms so they
+know their rights.
+
+  Developers that use the GNU GPL protect your rights with two steps:
+(1) assert copyright on the software, and (2) offer you this License
+giving you legal permission to copy, distribute and/or modify it.
+
+  For the developers' and authors' protection, the GPL clearly explains
+that there is no warranty for this free software.  For both users' and
+authors' sake, the GPL requires that modified versions be marked as
+changed, so that their problems will not be attributed erroneously to
+authors of previous versions.
+
+  Some devices are designed to deny users access to install or run
+modified versions of the software inside them, although the manufacturer
+can do so.  This is fundamentally incompatible with the aim of
+protecting users' freedom to change the software.  The systematic
+pattern of such abuse occurs in the area of products for individuals to
+use, which is precisely where it is most unacceptable.  Therefore, we
+have designed this version of the GPL to prohibit the practice for those
+products.  If such problems arise substantially in other domains, we
+stand ready to extend this provision to those domains in future versions
+of the GPL, as needed to protect the freedom of users.
+
+  Finally, every program is threatened constantly by software patents.
+States should not allow patents to restrict development and use of
+software on general-purpose computers, but in those that do, we wish to
+avoid the special danger that patents applied to a free program could
+make it effectively proprietary.  To prevent this, the GPL assures that
+patents cannot be used to render the program non-free.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                       TERMS AND CONDITIONS
+
+  0. Definitions.
+
+  "This License" refers to version 3 of the GNU General Public License.
+
+  "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+  "The Program" refers to any copyrightable work licensed under this
+License.  Each licensee is addressed as "you".  "Licensees" and
+"recipients" may be individuals or organizations.
+
+  To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy.  The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+  A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+  To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy.  Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+  To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies.  Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+  An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License.  If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+  1. Source Code.
+
+  The "source code" for a work means the preferred form of the work
+for making modifications to it.  "Object code" means any non-source
+form of a work.
+
+  A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+  The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form.  A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+  The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities.  However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work.  For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+  The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+  The Corresponding Source for a work in source code form is that
+same work.
+
+  2. Basic Permissions.
+
+  All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met.  This License explicitly affirms your unlimited
+permission to run the unmodified Program.  The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work.  This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+  You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force.  You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright.  Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+  Conveying under any other circumstances is permitted solely under
+the conditions stated below.  Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+  No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+  When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+  4. Conveying Verbatim Copies.
+
+  You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+  You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+  5. Conveying Modified Source Versions.
+
+  You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+    a) The work must carry prominent notices stating that you modified
+    it, and giving a relevant date.
+
+    b) The work must carry prominent notices stating that it is
+    released under this License and any conditions added under section
+    7.  This requirement modifies the requirement in section 4 to
+    "keep intact all notices".
+
+    c) You must license the entire work, as a whole, under this
+    License to anyone who comes into possession of a copy.  This
+    License will therefore apply, along with any applicable section 7
+    additional terms, to the whole of the work, and all its parts,
+    regardless of how they are packaged.  This License gives no
+    permission to license the work in any other way, but it does not
+    invalidate such permission if you have separately received it.
+
+    d) If the work has interactive user interfaces, each must display
+    Appropriate Legal Notices; however, if the Program has interactive
+    interfaces that do not display Appropriate Legal Notices, your
+    work need not make them do so.
+
+  A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit.  Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+  6. Conveying Non-Source Forms.
+
+  You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+    a) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by the
+    Corresponding Source fixed on a durable physical medium
+    customarily used for software interchange.
+
+    b) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by a
+    written offer, valid for at least three years and valid for as
+    long as you offer spare parts or customer support for that product
+    model, to give anyone who possesses the object code either (1) a
+    copy of the Corresponding Source for all the software in the
+    product that is covered by this License, on a durable physical
+    medium customarily used for software interchange, for a price no
+    more than your reasonable cost of physically performing this
+    conveying of source, or (2) access to copy the
+    Corresponding Source from a network server at no charge.
+
+    c) Convey individual copies of the object code with a copy of the
+    written offer to provide the Corresponding Source.  This
+    alternative is allowed only occasionally and noncommercially, and
+    only if you received the object code with such an offer, in accord
+    with subsection 6b.
+
+    d) Convey the object code by offering access from a designated
+    place (gratis or for a charge), and offer equivalent access to the
+    Corresponding Source in the same way through the same place at no
+    further charge.  You need not require recipients to copy the
+    Corresponding Source along with the object code.  If the place to
+    copy the object code is a network server, the Corresponding Source
+    may be on a different server (operated by you or a third party)
+    that supports equivalent copying facilities, provided you maintain
+    clear directions next to the object code saying where to find the
+    Corresponding Source.  Regardless of what server hosts the
+    Corresponding Source, you remain obligated to ensure that it is
+    available for as long as needed to satisfy these requirements.
+
+    e) Convey the object code using peer-to-peer transmission, provided
+    you inform other peers where the object code and Corresponding
+    Source of the work are being offered to the general public at no
+    charge under subsection 6d.
+
+  A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+  A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling.  In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage.  For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product.  A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+  "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source.  The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+  If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information.  But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+  The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed.  Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+  Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+  7. Additional Terms.
+
+  "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law.  If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+  When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it.  (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.)  You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+  Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+    a) Disclaiming warranty or limiting liability differently from the
+    terms of sections 15 and 16 of this License; or
+
+    b) Requiring preservation of specified reasonable legal notices or
+    author attributions in that material or in the Appropriate Legal
+    Notices displayed by works containing it; or
+
+    c) Prohibiting misrepresentation of the origin of that material, or
+    requiring that modified versions of such material be marked in
+    reasonable ways as different from the original version; or
+
+    d) Limiting the use for publicity purposes of names of licensors or
+    authors of the material; or
+
+    e) Declining to grant rights under trademark law for use of some
+    trade names, trademarks, or service marks; or
+
+    f) Requiring indemnification of licensors and authors of that
+    material by anyone who conveys the material (or modified versions of
+    it) with contractual assumptions of liability to the recipient, for
+    any liability that these contractual assumptions directly impose on
+    those licensors and authors.
+
+  All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10.  If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term.  If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+  If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+  Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+  8. Termination.
+
+  You may not propagate or modify a covered work except as expressly
+provided under this License.  Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+  However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+  Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+  Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License.  If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+  9. Acceptance Not Required for Having Copies.
+
+  You are not required to accept this License in order to receive or
+run a copy of the Program.  Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance.  However,
+nothing other than this License grants you permission to propagate or
+modify any covered work.  These actions infringe copyright if you do
+not accept this License.  Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+  10. Automatic Licensing of Downstream Recipients.
+
+  Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License.  You are not responsible
+for enforcing compliance by third parties with this License.
+
+  An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations.  If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+  You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License.  For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+  11. Patents.
+
+  A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based.  The
+work thus licensed is called the contributor's "contributor version".
+
+  A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version.  For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+  Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+  In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement).  To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+  If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients.  "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+  If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+  A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License.  You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+  Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+  12. No Surrender of Others' Freedom.
+
+  If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all.  For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+  13. Use with the GNU Affero General Public License.
+
+  Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU Affero General Public License into a single
+combined work, and to convey the resulting work.  The terms of this
+License will continue to apply to the part which is the covered work,
+but the special requirements of the GNU Affero General Public License,
+section 13, concerning interaction through a network will apply to the
+combination as such.
+
+  14. Revised Versions of this License.
+
+  The Free Software Foundation may publish revised and/or new versions of
+the GNU General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+  Each version is given a distinguishing version number.  If the
+Program specifies that a certain numbered version of the GNU General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation.  If the Program does not specify a version number of the
+GNU General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+  If the Program specifies that a proxy can decide which future
+versions of the GNU General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+  Later license versions may give you additional or different
+permissions.  However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+  15. Disclaimer of Warranty.
+
+  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+  16. Limitation of Liability.
+
+  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+  17. Interpretation of Sections 15 and 16.
+
+  If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    {one line to give the program's name and a brief idea of what it does.}
+    Copyright (C) {year}  {name of author}
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper mail.
+
+  If the program does terminal interaction, make it output a short
+notice like this when it starts in an interactive mode:
+
+    {project}  Copyright (C) {year}  {fullname}
+    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, your program's commands
+might be different; for a GUI interface, you would use an "about box".
+
+  You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU GPL, see
+<http://www.gnu.org/licenses/>.
+
+  The GNU General Public License does not permit incorporating your program
+into proprietary programs.  If your program is a subroutine library, you
+may consider it more useful to permit linking proprietary applications with
+the library.  If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.  But first, please read
+<http://www.gnu.org/philosophy/why-not-lgpl.html>.