UACME/Source/Akagi/global.h

120 lines
3.7 KiB
C
Raw Normal View History

2015-03-28 12:00:29 +00:00
/*******************************************************************************
*
* (C) COPYRIGHT AUTHORS, 2014 - 2018
2015-03-28 12:00:29 +00:00
*
* TITLE: GLOBAL.H
*
* VERSION: 2.88
2015-03-28 12:00:29 +00:00
*
* DATE: 11 May 2018
2015-03-28 12:00:29 +00:00
*
* Common header file for the program support routines.
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
* PARTICULAR PURPOSE.
*
*******************************************************************************/
#pragma once
#if !defined UNICODE
#error ANSI build is not supported
#endif
#if (_MSC_VER >= 1900)
#ifdef _DEBUG
#pragma comment(lib, "vcruntimed.lib")
#pragma comment(lib, "ucrtd.lib")
#else
#pragma comment(lib, "libvcruntime.lib")
#endif
#endif
2015-03-28 12:00:29 +00:00
//disable nonmeaningful warnings.
#pragma warning(disable: 4005) // macro redefinition
#pragma warning(disable: 4055) // %s : from data pointer %s to function pointer %s
#pragma warning(disable: 4152) // nonstandard extension, function/data pointer conversion in expression
#pragma warning(disable: 4201) // nonstandard extension used : nameless struct/union
#pragma warning(disable: 6102) // Using %s from failed function call at line %u
#pragma warning(disable: 6258) // Using TerminateThread does not allow proper thread clean up
#pragma warning(disable: 6320) // exception-filter expression is the constant EXCEPTION_EXECUTE_HANDLER
2015-03-28 12:00:29 +00:00
#define PAYLOAD_ID_NONE MAXDWORD
#ifdef _WIN64
#include "bin64res.h"
#define FUBUKI_ID IDR_FUBUKI64
#define HIBIKI_ID IDR_HIBIKI64
2016-07-07 14:16:12 +00:00
#define IKAZUCHI_ID IDR_IKAZUCHI64
#define AKATSUKI_ID IDR_AKATSUKI64
#define KAMIKAZE_ID IDR_KAMIKAZE
#define FUJINAMI_ID IDR_FUJINAMI
#else
#include "bin32res.h"
#define FUBUKI_ID IDR_FUBUKI32
#define HIBIKI_ID IDR_HIBIKI32
2016-07-07 14:16:12 +00:00
#define IKAZUCHI_ID IDR_IKAZUCHI32
#define AKATSUKI_ID PAYLOAD_ID_NONE //this module unavailable for 32 bit
#define KAMIKAZE_ID IDR_KAMIKAZE
#define FUJINAMI_ID IDR_FUJINAMI //this module is dotnet x86 for any supported platform
#endif
2015-03-28 12:00:29 +00:00
#include <Windows.h>
#include <ntstatus.h>
2016-07-07 14:16:12 +00:00
#include <CommCtrl.h>
#include <shlobj.h>
#include "shared\ntos.h"
#include "shared\minirtl.h"
#include "shared\cmdline.h"
#include "shared\_filename.h"
#include "shared\ldr.h"
#include "shared\lsa.h"
#include "consts.h"
#include "compress.h"
2015-03-28 12:00:29 +00:00
#include "sup.h"
#include "aic.h"
#include "minhook\MinHook.h"
#include "methods\methods.h"
#include "windefend.h"
//
// enable for test
//#pragma comment(lib, "libucrt.lib")
//#include <strsafe.h>
//
2016-07-07 14:16:12 +00:00
//default execution flow
#define AKAGI_FLAG_KILO 1
2016-07-07 14:16:12 +00:00
//suppress all additional output
#define AKAGI_FLAG_TANGO 2
2016-07-07 14:16:12 +00:00
typedef struct _UACME_CONTEXT {
BOOL IsWow64;
PVOID ucmHeap;
pfnDecompressPayload DecryptRoutine;
HINSTANCE hKernel32;
HINSTANCE hOle32;
HINSTANCE hShell32;
ULONG dwBuildNumber;
ULONG AkagiFlag;
ULONG IFileOperationFlags;
ULONG OptionalParameterLength; //count of characters
2017-12-17 03:58:48 +00:00
WCHAR szSystemRoot[MAX_PATH + 1]; //with end slash
WCHAR szSystemDirectory[MAX_PATH + 1];//with end slash
WCHAR szTempDirectory[MAX_PATH + 1]; //with end slash
WCHAR szOptionalParameter[MAX_PATH + 1]; //limited to MAX_PATH
2017-12-17 03:58:48 +00:00
WCHAR szDefaultPayload[MAX_PATH + 1]; //limited to MAX_PATH
} UACMECONTEXT, *PUACMECONTEXT;
typedef UINT(WINAPI *pfnEntryPoint)();
typedef struct _UACME_THREAD_CONTEXT {
TEB_ACTIVE_FRAME Frame;
pfnEntryPoint ucmMain;
DWORD ReturnedResult;
} UACME_THREAD_CONTEXT, *PUACME_THREAD_CONTEXT;
extern UACMECONTEXT g_ctx;