UACME/Source/Akagi/global.h

/*******************************************************************************
*
*  (C) COPYRIGHT AUTHORS, 2014 - 2016
*
*  TITLE:       GLOBAL.H
*
*  VERSION:     2.10
*
*  DATE:        16 Apr 2016
*
*  Common header file for the program support routines.
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
* PARTICULAR PURPOSE.
*
*******************************************************************************/
#pragma once

#if !defined UNICODE
#error ANSI build is not supported
#endif

#if (_MSC_VER >= 1900) 
#ifdef _DEBUG
#pragma comment(lib, "vcruntimed.lib")
#pragma comment(lib, "ucrtd.lib")
#else
#pragma comment(lib, "libvcruntime.lib")
#endif
#endif

//disable nonmeaningful warnings.
#pragma warning(disable: 4005) // macro redefinition
#pragma warning(disable: 4055) // %s : from data pointer %s to function pointer %s
#pragma warning(disable: 4152) // nonstandard extension, function/data pointer conversion in expression
#pragma warning(disable: 4201) // nonstandard extension used : nameless struct/union
#pragma warning(disable: 6102) // Using %s from failed function call at line %u
#pragma warning(disable: 6320) // exception-filter expression is the constant EXCEPTION_EXECUTE_HANDLER

#define GENERATE_COMPRESSED_PAYLOAD
#ifndef _DEBUG
#undef GENERATE_COMPRESSED_PAYLOAD
#endif

#ifdef _WIN64
#include "bin64res.h"
#define FUBUKI_ID IDR_FUBUKI64
#define HIBIKI_ID IDR_HIBIKI64
#define KONGOU_ID IDR_KONGOU64
#else
#include "bin32res.h"
#define FUBUKI_ID IDR_FUBUKI32
#define HIBIKI_ID IDR_HIBIKI32
#define KONGOU_ID IDR_KONGOU32
#endif


typedef enum _UACBYPASSMETHOD {
    UacMethodSysprep1 = 1,
    UacMethodSysprep2,
    UacMethodOobe,
    UacMethodRedirectExe,
    UacMethodSimda,
    UacMethodCarberp1,
    UacMethodCarberp2,
    UacMethodTilon,
    UacMethodAVrf,
    UacMethodWinsat,
    UacMethodShimPatch,
    UacMethodSysprep3,
    UacMethodMMC,
    UacMethodSirefef,
    UacMethodGeneric,
    UacMethodGWX,
    UacMethodSysprep4,
    UacMethodMax
} UACBYPASSMETHOD;

#include <Windows.h>
#include <ntstatus.h>
#include "..\shared\ntos.h"
#include "..\shared\minirtl.h"
#include "..\Shared\cmdline.h"
#include "..\Shared\_filename.h"
#include "consts.h"
#include "compress.h"
#include "sup.h"
#include "pitou.h"
#include "gootkit.h"
#include "simda.h"
#include "carberp.h"
#include "hybrids.h"

typedef struct _UACME_CONTEXT {
    BOOL                IsWow64;
    UACBYPASSMETHOD     Method;
    PPEB                Peb;
    HINSTANCE           hKernel32;
    HINSTANCE           hOle32;
    HINSTANCE           hShell32;
    PVOID               PayloadDll;
    ULONG               PayloadDllSize;
    ULONG               dwBuildNumber;
    WCHAR               szSystemDirectory[MAX_PATH + 1];//with end slash
    WCHAR               szTempDirectory[MAX_PATH + 1]; //with end slash
} UACMECONTEXT, *PUACMECONTEXT;

extern UACMECONTEXT g_ctx;
Initial commit v 1.1.0 2015-03-28 12:00:29 +00:00			`/*******************************************************************************`
			`*`
v 2.0.0 GWX method added, MS detection removed, some revision. 2015-11-16 15:22:39 +00:00			`* (C) COPYRIGHT AUTHORS, 2014 - 2016`
Initial commit v 1.1.0 2015-03-28 12:00:29 +00:00			`*`
			`* TITLE: GLOBAL.H`
			`*`
v 2.1.0 Method 17 added (14316 support), COM methods improved, various fixes. 2016-04-16 03:46:41 +00:00			`* VERSION: 2.10`
Initial commit v 1.1.0 2015-03-28 12:00:29 +00:00			`*`
v 2.1.0 Method 17 added (14316 support), COM methods improved, various fixes. 2016-04-16 03:46:41 +00:00			`* DATE: 16 Apr 2016`
Initial commit v 1.1.0 2015-03-28 12:00:29 +00:00			`*`
			`* Common header file for the program support routines.`
			`*`
			`* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF`
			`* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED`
			`* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A`
			`* PARTICULAR PURPOSE.`
			`*`
			`*******************************************************************************/`
v 2.0.0 GWX method added, MS detection removed, some revision. 2015-11-16 15:22:39 +00:00			`#pragma once`

v 2.1.0 Method 17 added (14316 support), COM methods improved, various fixes. 2016-04-16 03:46:41 +00:00			`#if !defined UNICODE`
			`#error ANSI build is not supported`
			`#endif`

			`#if (_MSC_VER >= 1900)`
			`#ifdef _DEBUG`
			`#pragma comment(lib, "vcruntimed.lib")`
			`#pragma comment(lib, "ucrtd.lib")`
			`#else`
			`#pragma comment(lib, "libvcruntime.lib")`
			`#endif`
			`#endif`

Initial commit v 1.1.0 2015-03-28 12:00:29 +00:00			`//disable nonmeaningful warnings.`
			`#pragma warning(disable: 4005) // macro redefinition`
			`#pragma warning(disable: 4055) // %s : from data pointer %s to function pointer %s`
			`#pragma warning(disable: 4152) // nonstandard extension, function/data pointer conversion in expression`
			`#pragma warning(disable: 4201) // nonstandard extension used : nameless struct/union`
			`#pragma warning(disable: 6102) // Using %s from failed function call at line %u`
v 2.1.0 Method 17 added (14316 support), COM methods improved, various fixes. 2016-04-16 03:46:41 +00:00			`#pragma warning(disable: 6320) // exception-filter expression is the constant EXCEPTION_EXECUTE_HANDLER`
Initial commit v 1.1.0 2015-03-28 12:00:29 +00:00
v 2.0.0 GWX method added, MS detection removed, some revision. 2015-11-16 15:22:39 +00:00			`#define GENERATE_COMPRESSED_PAYLOAD`
			`#ifndef _DEBUG`
			`#undef GENERATE_COMPRESSED_PAYLOAD`
			`#endif`

			`#ifdef _WIN64`
v 2.1.0 Method 17 added (14316 support), COM methods improved, various fixes. 2016-04-16 03:46:41 +00:00			`#include "bin64res.h"`
			`#define FUBUKI_ID IDR_FUBUKI64`
			`#define HIBIKI_ID IDR_HIBIKI64`
			`#define KONGOU_ID IDR_KONGOU64`
v 2.0.0 GWX method added, MS detection removed, some revision. 2015-11-16 15:22:39 +00:00			`#else`
v 2.1.0 Method 17 added (14316 support), COM methods improved, various fixes. 2016-04-16 03:46:41 +00:00			`#include "bin32res.h"`
			`#define FUBUKI_ID IDR_FUBUKI32`
			`#define HIBIKI_ID IDR_HIBIKI32`
			`#define KONGOU_ID IDR_KONGOU32`
v 2.0.0 GWX method added, MS detection removed, some revision. 2015-11-16 15:22:39 +00:00			`#endif`

v 2.1.0 Method 17 added (14316 support), COM methods improved, various fixes. 2016-04-16 03:46:41 +00:00
v 2.0.0 GWX method added, MS detection removed, some revision. 2015-11-16 15:22:39 +00:00			`typedef enum _UACBYPASSMETHOD {`
v 2.1.0 Method 17 added (14316 support), COM methods improved, various fixes. 2016-04-16 03:46:41 +00:00			`UacMethodSysprep1 = 1,`
			`UacMethodSysprep2,`
			`UacMethodOobe,`
			`UacMethodRedirectExe,`
			`UacMethodSimda,`
			`UacMethodCarberp1,`
			`UacMethodCarberp2,`
			`UacMethodTilon,`
			`UacMethodAVrf,`
			`UacMethodWinsat,`
			`UacMethodShimPatch,`
			`UacMethodSysprep3,`
			`UacMethodMMC,`
			`UacMethodSirefef,`
			`UacMethodGeneric,`
			`UacMethodGWX,`
			`UacMethodSysprep4,`
			`UacMethodMax`
v 2.0.0 GWX method added, MS detection removed, some revision. 2015-11-16 15:22:39 +00:00			`} UACBYPASSMETHOD;`

Initial commit v 1.1.0 2015-03-28 12:00:29 +00:00			`#include <Windows.h>`
			`#include <ntstatus.h>`
v 1.5.0 Hybrid Simda/Carberp with AppVerif added. 2015-04-05 16:28:52 +00:00			`#include "..\shared\ntos.h"`
			`#include "..\shared\minirtl.h"`
v 2.1.0 Method 17 added (14316 support), COM methods improved, various fixes. 2016-04-16 03:46:41 +00:00			`#include "..\Shared\cmdline.h"`
			`#include "..\Shared\_filename.h"`
v 2.0.0 GWX method added, MS detection removed, some revision. 2015-11-16 15:22:39 +00:00			`#include "consts.h"`
			`#include "compress.h"`
Initial commit v 1.1.0 2015-03-28 12:00:29 +00:00			`#include "sup.h"`
			`#include "pitou.h"`
			`#include "gootkit.h"`
			`#include "simda.h"`
v 1.2.0 Tweaked Win32/Carberp method added 2015-03-29 08:12:55 +00:00			`#include "carberp.h"`
v 1.5.0 Hybrid Simda/Carberp with AppVerif added. 2015-04-05 16:28:52 +00:00			`#include "hybrids.h"`
v 2.0.0 GWX method added, MS detection removed, some revision. 2015-11-16 15:22:39 +00:00
			`typedef struct _UACME_CONTEXT {`
v 2.1.0 Method 17 added (14316 support), COM methods improved, various fixes. 2016-04-16 03:46:41 +00:00			`BOOL IsWow64;`
			`UACBYPASSMETHOD Method;`
			`PPEB Peb;`
			`HINSTANCE hKernel32;`
			`HINSTANCE hOle32;`
			`HINSTANCE hShell32;`
			`PVOID PayloadDll;`
			`ULONG PayloadDllSize;`
			`ULONG dwBuildNumber;`
			`WCHAR szSystemDirectory[MAX_PATH + 1];//with end slash`
			`WCHAR szTempDirectory[MAX_PATH + 1]; //with end slash`
v 2.0.0 GWX method added, MS detection removed, some revision. 2015-11-16 15:22:39 +00:00			`} UACMECONTEXT, *PUACMECONTEXT;`

			`extern UACMECONTEXT g_ctx;`