Run executable from command line: akagi32 [Key] [Param] or akagi64 [Key] [Param]. See "Run examples" below for more info.
First param is number of method to use, second is optional command (executable file name including full path) to run. Second param can be empty - in this case program will execute elevated cmd.exe from system32 folder.
Keys (watch debug ouput with dbgview or similar for more info):
* 10 - Hybrid method, abusing appinfo.dll way of whitelisting autoelevated applications and KnownDlls cache changes, works from Windows 7 up to 10.0.10532;
* 11* - WinNT/Gootkit second method based on the memory patching from MS "Fix it" patch shim (and as side effect - arbitrary dll injection), works from Windows 7 up to 8.1.9600 [See Important Note];
* 12 - Windows 10 sysprep method, abusing different dll dependency added in Windows 10 (works up to 10.0.10532);
* 13 - Hybrid method, abusing appinfo.dll way of whitelisting MMC console commands and EventViewer missing dependency, works from Windows 7 up to 10.0.10532.
* Methods (1), (2), (3), (5), (8), (9), (12), (13) require process injection, so they won't work from wow64, you need either Heavens gate or use x64 edition of this tool;
* Methods (4), (11) targeted by MS April patch by removing autoelevation from sdbinst. Install KB3045645 for Win7/8 and KB3048097 for Win8.1 to apply security fix. More info: https://support.microsoft.com/en-us/kb/3045645, https://support.microsoft.com/en-us/kb/3048097;
* Methods (5), (7), (9) based on Carberp(WUSA) and Simda(ISecurityEditor) no longer works in Windows 10 starting from build 10147.
* This tool shows ONLY popular UAC bypass method used by malware, and reimplement some of them in a different way improving original concepts. There are exists different, not yet known to general public methods, be aware of this;
* Using (5) method will permanently turn off UAC (after reboot), make sure to do this in test environment or don't forget to re-enable UAC after tool usage;
* Using (5), (9) methods will permanently compromise security of target keys (UAC Settings key for (5) and IFEO for (9)), if you do tests on your real machine - restore keys security manually after you complete this tool usage;
* This tool is not intended for AV tests and not tested to work in aggressive AV environment, if you still plan to use it with installed bloatware AV soft - you use it at your own risk;
* If you run this program on real computer remember to remove all program leftovers after usage, for more info about files it drops to system folders see source code.
* It is currently known that UACMe used by Adware/Multiplug (9) and by Win32/Dyre (3). We do not take any responsibility for this tool usage in the malicious purposes. It is free, open-source and provided AS-IS for everyone.
