2015-03-28 12:00:29 +00:00
|
|
|
/*******************************************************************************
|
|
|
|
|
*
|
2017-01-17 06:15:28 +00:00
|
|
|
* (C) COPYRIGHT AUTHORS, 2014 - 2017
|
2015-03-28 12:00:29 +00:00
|
|
|
*
|
|
|
|
|
* TITLE: GLOBAL.H
|
|
|
|
|
*
|
2017-01-18 07:45:50 +00:00
|
|
|
* VERSION: 2.53
|
2015-03-28 12:00:29 +00:00
|
|
|
*
|
2017-02-07 17:37:31 +00:00
|
|
|
* DATE: 20 Jan 2017
|
2015-03-28 12:00:29 +00:00
|
|
|
*
|
|
|
|
|
* Common header file for the program support routines.
|
|
|
|
|
*
|
|
|
|
|
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
|
|
|
|
|
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
|
|
|
|
|
* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
|
|
|
|
|
* PARTICULAR PURPOSE.
|
|
|
|
|
*
|
|
|
|
|
*******************************************************************************/
|
2015-11-16 15:22:39 +00:00
|
|
|
#pragma once
|
|
|
|
|
|
2016-04-16 03:46:41 +00:00
|
|
|
#if !defined UNICODE
|
|
|
|
|
#error ANSI build is not supported
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#if (_MSC_VER >= 1900)
|
|
|
|
|
#ifdef _DEBUG
|
|
|
|
|
#pragma comment(lib, "vcruntimed.lib")
|
|
|
|
|
#pragma comment(lib, "ucrtd.lib")
|
|
|
|
|
#else
|
|
|
|
|
#pragma comment(lib, "libvcruntime.lib")
|
|
|
|
|
#endif
|
|
|
|
|
#endif
|
|
|
|
|
|
2015-03-28 12:00:29 +00:00
|
|
|
//disable nonmeaningful warnings.
|
|
|
|
|
#pragma warning(disable: 4005) // macro redefinition
|
|
|
|
|
#pragma warning(disable: 4055) // %s : from data pointer %s to function pointer %s
|
|
|
|
|
#pragma warning(disable: 4152) // nonstandard extension, function/data pointer conversion in expression
|
|
|
|
|
#pragma warning(disable: 4201) // nonstandard extension used : nameless struct/union
|
|
|
|
|
#pragma warning(disable: 6102) // Using %s from failed function call at line %u
|
2016-04-16 03:46:41 +00:00
|
|
|
#pragma warning(disable: 6320) // exception-filter expression is the constant EXCEPTION_EXECUTE_HANDLER
|
2015-03-28 12:00:29 +00:00
|
|
|
|
2015-11-16 15:22:39 +00:00
|
|
|
#ifdef _WIN64
|
2016-04-16 03:46:41 +00:00
|
|
|
#include "bin64res.h"
|
|
|
|
|
#define FUBUKI_ID IDR_FUBUKI64
|
|
|
|
|
#define HIBIKI_ID IDR_HIBIKI64
|
|
|
|
|
#define KONGOU_ID IDR_KONGOU64
|
2016-07-07 14:16:12 +00:00
|
|
|
#define IKAZUCHI_ID IDR_IKAZUCHI64
|
2015-11-16 15:22:39 +00:00
|
|
|
#else
|
2016-04-16 03:46:41 +00:00
|
|
|
#include "bin32res.h"
|
|
|
|
|
#define FUBUKI_ID IDR_FUBUKI32
|
|
|
|
|
#define HIBIKI_ID IDR_HIBIKI32
|
|
|
|
|
#define KONGOU_ID IDR_KONGOU32
|
2016-07-07 14:16:12 +00:00
|
|
|
#define IKAZUCHI_ID IDR_IKAZUCHI32
|
2015-11-16 15:22:39 +00:00
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
typedef enum _UACBYPASSMETHOD {
|
2016-04-16 03:46:41 +00:00
|
|
|
UacMethodSysprep1 = 1,
|
|
|
|
|
UacMethodSysprep2,
|
|
|
|
|
UacMethodOobe,
|
|
|
|
|
UacMethodRedirectExe,
|
|
|
|
|
UacMethodSimda,
|
|
|
|
|
UacMethodCarberp1,
|
|
|
|
|
UacMethodCarberp2,
|
|
|
|
|
UacMethodTilon,
|
|
|
|
|
UacMethodAVrf,
|
|
|
|
|
UacMethodWinsat,
|
|
|
|
|
UacMethodShimPatch,
|
|
|
|
|
UacMethodSysprep3,
|
2016-07-05 08:28:44 +00:00
|
|
|
UacMethodMMC1,
|
2016-04-16 03:46:41 +00:00
|
|
|
UacMethodSirefef,
|
|
|
|
|
UacMethodGeneric,
|
|
|
|
|
UacMethodGWX,
|
|
|
|
|
UacMethodSysprep4,
|
2016-05-29 08:05:10 +00:00
|
|
|
UacMethodManifest,
|
2016-06-19 08:57:23 +00:00
|
|
|
UacMethodInetMgr,
|
2016-07-05 08:28:44 +00:00
|
|
|
UacMethodMMC2,
|
2016-07-07 14:16:12 +00:00
|
|
|
UacMethodSXS,
|
|
|
|
|
UacMethodSXSConsent,
|
2016-07-11 08:09:48 +00:00
|
|
|
UacMethodDISM,
|
2017-01-17 06:15:28 +00:00
|
|
|
UacMethodComet,
|
2017-01-18 07:45:50 +00:00
|
|
|
UacMethodEnigma0x3,
|
2017-02-07 17:37:31 +00:00
|
|
|
UacMethodEnigma0x3_2,
|
2016-04-16 03:46:41 +00:00
|
|
|
UacMethodMax
|
2015-11-16 15:22:39 +00:00
|
|
|
} UACBYPASSMETHOD;
|
|
|
|
|
|
2015-03-28 12:00:29 +00:00
|
|
|
#include <Windows.h>
|
|
|
|
|
#include <ntstatus.h>
|
2016-07-07 14:16:12 +00:00
|
|
|
#include <CommCtrl.h>
|
|
|
|
|
#include <shlobj.h>
|
2015-04-05 16:28:52 +00:00
|
|
|
#include "..\shared\ntos.h"
|
|
|
|
|
#include "..\shared\minirtl.h"
|
2016-04-16 03:46:41 +00:00
|
|
|
#include "..\Shared\cmdline.h"
|
|
|
|
|
#include "..\Shared\_filename.h"
|
2015-11-16 15:22:39 +00:00
|
|
|
#include "consts.h"
|
|
|
|
|
#include "compress.h"
|
2015-03-28 12:00:29 +00:00
|
|
|
#include "sup.h"
|
|
|
|
|
#include "pitou.h"
|
|
|
|
|
#include "gootkit.h"
|
|
|
|
|
#include "simda.h"
|
2015-03-29 08:12:55 +00:00
|
|
|
#include "carberp.h"
|
2015-04-05 16:28:52 +00:00
|
|
|
#include "hybrids.h"
|
2017-01-17 06:15:28 +00:00
|
|
|
#include "comet.h"
|
2017-01-18 07:45:50 +00:00
|
|
|
#include "enigma0x3.h"
|
2015-11-16 15:22:39 +00:00
|
|
|
|
2016-07-07 14:16:12 +00:00
|
|
|
//default execution flow
|
|
|
|
|
#define AKAGI_FLAG_KILO 0
|
|
|
|
|
|
|
|
|
|
//suppress all additional output
|
|
|
|
|
#define AKAGI_FLAG_TANGO 1
|
|
|
|
|
|
2015-11-16 15:22:39 +00:00
|
|
|
typedef struct _UACME_CONTEXT {
|
2016-04-16 03:46:41 +00:00
|
|
|
BOOL IsWow64;
|
|
|
|
|
UACBYPASSMETHOD Method;
|
|
|
|
|
PPEB Peb;
|
|
|
|
|
HINSTANCE hKernel32;
|
|
|
|
|
HINSTANCE hOle32;
|
|
|
|
|
HINSTANCE hShell32;
|
|
|
|
|
PVOID PayloadDll;
|
|
|
|
|
ULONG PayloadDllSize;
|
|
|
|
|
ULONG dwBuildNumber;
|
2016-07-07 14:16:12 +00:00
|
|
|
ULONG Flag;
|
2017-01-19 04:13:11 +00:00
|
|
|
ULONG IFileOperationFlags;
|
2016-04-16 03:46:41 +00:00
|
|
|
WCHAR szSystemDirectory[MAX_PATH + 1];//with end slash
|
|
|
|
|
WCHAR szTempDirectory[MAX_PATH + 1]; //with end slash
|
2015-11-16 15:22:39 +00:00
|
|
|
} UACMECONTEXT, *PUACMECONTEXT;
|
|
|
|
|
|
2017-02-07 17:37:31 +00:00
|
|
|
typedef UINT(WINAPI *pfnEntryPoint)();
|
|
|
|
|
|
|
|
|
|
typedef struct _UACME_THREAD_CONTEXT {
|
|
|
|
|
TEB_ACTIVE_FRAME Frame;
|
|
|
|
|
pfnEntryPoint ucmMain;
|
|
|
|
|
} UACME_THREAD_CONTEXT, *PUACME_THREAD_CONTEXT;
|
|
|
|
|
|
2015-11-16 15:22:39 +00:00
|
|
|
extern UACMECONTEXT g_ctx;
|
