Vichingo455/wufuc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
4747dc501ba55c106130f8511cf8230fdb7112c9
wufuc/wufuc/rundll32.c
zeffy 4747dc501b refactoring, update ci build scripts, etc 
- cache results of CompareWindowsVersion() to shared variables to cut
down on redundant calls
- apply appveyor build version to artifacts (wip, could be broken)
- add .gitattributes
- finish patternfind.c (snr funcs unused, untested)
- delete COPYING.txt (it is created from LICENSE during the build
process)
2017-06-16 21:57:07 -07:00

71 lines
2.4 KiB
C
Raw Blame History

#include <Windows.h>
#include <TlHelp32.h>
#include <tchar.h>
#include "service.h"
#include "util.h"
#include "shared.h"
void CALLBACK Rundll32Entry(HWND hwnd, HINSTANCE hinst, LPSTR lpszCmdLine, int nCmdShow) {
if (!g_IsWindows7 && !g_IsWindows8Point1) {
return;
}
HANDLE hEvent = OpenEvent(SYNCHRONIZE, FALSE, _T("Global\\wufuc_UnloadEvent"));
if (hEvent) {
CloseHandle(hEvent);
return;
}
SC_HANDLE hSCManager = OpenSCManager(NULL, SERVICES_ACTIVE_DATABASE, SC_MANAGER_CONNECT);
if (!hSCManager) {
return;
}
TCHAR lpGroupName[256];
DWORD dwProcessId;
BOOL result = get_svcpid(hSCManager, _T("wuauserv"), &dwProcessId);
if (!result && get_svcgname(hSCManager, _T("wuauserv"), lpGroupName, _countof(lpGroupName))) {
result = get_svcgpid(hSCManager, lpGroupName, &dwProcessId);
}
CloseServiceHandle(hSCManager);
if (!result) {
return;
}
TCHAR lpLibFileName[MAX_PATH + 1];
GetModuleFileName(HINST_THISCOMPONENT, lpLibFileName, _countof(lpLibFileName));
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwProcessId);
if (!hProcess) {
return;
}
LPVOID lpBaseAddress = VirtualAllocEx(hProcess, NULL, _countof(lpLibFileName) + 1, MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
if (lpBaseAddress && WriteProcessMemory(hProcess, lpBaseAddress, lpLibFileName, _countof(lpLibFileName), NULL)) {
HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwProcessId);
if (hSnap) {
MODULEENTRY32 me;
me.dwSize = sizeof(me);
if (Module32First(hSnap, &me)) {
do {
if (!_tcsicmp(me.szModule, _T("kernel32.dll"))) {
break;
}
} while (Module32Next(hSnap, &me));
HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)GetProcAddress(me.hModule, _CRT_STRINGIZE(LoadLibrary)), lpBaseAddress, 0, NULL);
CloseHandle(hThread);
}
CloseHandle(hSnap);
}
}
CloseHandle(hProcess);
}
void CALLBACK Rundll32Unload(HWND hwnd, HINSTANCE hinst, LPSTR lpszCmdLine, int nCmdShow) {
HANDLE hEvent = OpenEvent(EVENT_MODIFY_STATE, FALSE, _T("Global\\wufuc_UnloadEvent"));
if (hEvent) {
_tdbgprintf(_T("Setting unload event..."));
SetEvent(hEvent);
CloseHandle(hEvent);
}
}
Reference in New Issue View Git Blame Copy Permalink