UACME/Source/Yuubari/fusion.h

#/*******************************************************************************
*
*  (C) COPYRIGHT AUTHORS, 2014 - 2017
*
*  TITLE:       FUSION.H
*
*  VERSION:     1.20
*
*  DATE:        01 Mar 2017
*
*  Header file for the autoelevated applications scan.
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
* PARTICULAR PURPOSE.
*
*******************************************************************************/
#pragma once

#define UacFusionDataCommonType         0
#define UacFusionDataRedirectedDllType  1

typedef enum {
    AutoElevateUnspecified = 0,
    AutoElevateDisabled = 1,
    AutoElevateEnabled = 2
} AUTOELEVATESTATE;

typedef struct _UAC_FUSION_DATA {
    DWORD DataType;
    LPWSTR Name;
    ACTCTX_REQUESTED_RUN_LEVEL RunLevel;
    AUTOELEVATESTATE AutoElevateState;
    BOOL IsFusion;
    BOOL IsDotNet;
    BOOL IsOSBinary;
    BOOL IsSignatureValidOrTrusted;
} UAC_FUSION_DATA, *PUAC_FUSION_DATA;

typedef struct _UAC_FUSION_DATA_DLL {
    DWORD DataType;
    LPWSTR FileName;
    LPWSTR DllName;
} UAC_FUSION_DATA_DLL, *PUAC_FUSION_DATA_DLL;

typedef struct _DLL_REDIRECTION_LIST_ENTRY {
    SLIST_ENTRY ListEntry;
    UNICODE_STRING DllName; //For release RtlFreeUnicodeString used, Buffer allocated in Process Heap
} DLL_REDIRECTION_LIST_ENTRY, *PDLL_REDIRECTION_ENTRY;

typedef struct _DLL_REDIRECTION_LIST {
    SLIST_HEADER Header;
    ULONG Depth;
} DLL_REDIRECTION_LIST, *PDLL_REDIRECTION_LIST;

typedef VOID(WINAPI *FUSIONCALLBACK)(UAC_FUSION_DATA *Data);

NTSTATUS SxsGetDllRedirectionFromActivationContext(
    _In_ PACTIVATION_CONTEXT ActivationContext,
    _In_ PDLL_REDIRECTION_LIST DllList
);

VOID FusionScanDirectory(
    LPWSTR lpDirectory,
    FUSIONCALLBACK OutputCallback
    );

extern ptrWTGetSignatureInfo WTGetSignatureInfo;
v 2.5.6 Kongou removed from main executable, see ucmGWX function description for more info, made Yuubari module public, rearranged readme file. 2017-02-19 05:48:36 +00:00			`#/*******************************************************************************`
			`*`
			`* (C) COPYRIGHT AUTHORS, 2014 - 2017`
			`*`
			`* TITLE: FUSION.H`
			`*`
Yuubari update COMAutoApprovalList dumping for RS1+, verbose mode (/v), more appinfo settings display,15046 appinfo support, some corrections 2017-03-02 04:19:49 +00:00			`* VERSION: 1.20`
v 2.5.6 Kongou removed from main executable, see ucmGWX function description for more info, made Yuubari module public, rearranged readme file. 2017-02-19 05:48:36 +00:00			`*`
Yuubari update COMAutoApprovalList dumping for RS1+, verbose mode (/v), more appinfo settings display,15046 appinfo support, some corrections 2017-03-02 04:19:49 +00:00			`* DATE: 01 Mar 2017`
v 2.5.6 Kongou removed from main executable, see ucmGWX function description for more info, made Yuubari module public, rearranged readme file. 2017-02-19 05:48:36 +00:00			`*`
			`* Header file for the autoelevated applications scan.`
			`*`
			`* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF`
			`* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED`
			`* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A`
			`* PARTICULAR PURPOSE.`
			`*`
			`*******************************************************************************/`
			`#pragma once`

Yuubari update Now report dll redirections (if found) from activation context, output rearranged, no skip files. 2017-02-22 07:53:39 +00:00			`#define UacFusionDataCommonType 0`
			`#define UacFusionDataRedirectedDllType 1`

			`typedef enum {`
			`AutoElevateUnspecified = 0,`
			`AutoElevateDisabled = 1,`
			`AutoElevateEnabled = 2`
			`} AUTOELEVATESTATE;`

v 2.5.6 Kongou removed from main executable, see ucmGWX function description for more info, made Yuubari module public, rearranged readme file. 2017-02-19 05:48:36 +00:00			`typedef struct _UAC_FUSION_DATA {`
Yuubari update Now report dll redirections (if found) from activation context, output rearranged, no skip files. 2017-02-22 07:53:39 +00:00			`DWORD DataType;`
v 2.5.6 Kongou removed from main executable, see ucmGWX function description for more info, made Yuubari module public, rearranged readme file. 2017-02-19 05:48:36 +00:00			`LPWSTR Name;`
Yuubari update Now report dll redirections (if found) from activation context, output rearranged, no skip files. 2017-02-22 07:53:39 +00:00			`ACTCTX_REQUESTED_RUN_LEVEL RunLevel;`
			`AUTOELEVATESTATE AutoElevateState;`
v 2.5.6 Kongou removed from main executable, see ucmGWX function description for more info, made Yuubari module public, rearranged readme file. 2017-02-19 05:48:36 +00:00			`BOOL IsFusion;`
			`BOOL IsDotNet;`
			`BOOL IsOSBinary;`
			`BOOL IsSignatureValidOrTrusted;`
			`} UAC_FUSION_DATA, *PUAC_FUSION_DATA;`

Yuubari update Now report dll redirections (if found) from activation context, output rearranged, no skip files. 2017-02-22 07:53:39 +00:00			`typedef struct _UAC_FUSION_DATA_DLL {`
			`DWORD DataType;`
Yuubari update COMAutoApprovalList dumping for RS1+, verbose mode (/v), more appinfo settings display,15046 appinfo support, some corrections 2017-03-02 04:19:49 +00:00			`LPWSTR FileName;`
			`LPWSTR DllName;`
Yuubari update Now report dll redirections (if found) from activation context, output rearranged, no skip files. 2017-02-22 07:53:39 +00:00			`} UAC_FUSION_DATA_DLL, *PUAC_FUSION_DATA_DLL;`

			`typedef struct _DLL_REDIRECTION_LIST_ENTRY {`
			`SLIST_ENTRY ListEntry;`
			`UNICODE_STRING DllName; //For release RtlFreeUnicodeString used, Buffer allocated in Process Heap`
			`} DLL_REDIRECTION_LIST_ENTRY, *PDLL_REDIRECTION_ENTRY;`

			`typedef struct _DLL_REDIRECTION_LIST {`
			`SLIST_HEADER Header;`
			`ULONG Depth;`
			`} DLL_REDIRECTION_LIST, *PDLL_REDIRECTION_LIST;`

v 2.5.6 Kongou removed from main executable, see ucmGWX function description for more info, made Yuubari module public, rearranged readme file. 2017-02-19 05:48:36 +00:00			`typedef VOID(WINAPI FUSIONCALLBACK)(UAC_FUSION_DATA Data);`

Yuubari update Now report dll redirections (if found) from activation context, output rearranged, no skip files. 2017-02-22 07:53:39 +00:00			`NTSTATUS SxsGetDllRedirectionFromActivationContext(`
			`_In_ PACTIVATION_CONTEXT ActivationContext,`
			`_In_ PDLL_REDIRECTION_LIST DllList`
			`);`

			`VOID FusionScanDirectory(`
v 2.5.6 Kongou removed from main executable, see ucmGWX function description for more info, made Yuubari module public, rearranged readme file. 2017-02-19 05:48:36 +00:00			`LPWSTR lpDirectory,`
			`FUSIONCALLBACK OutputCallback`
			`);`

			`extern ptrWTGetSignatureInfo WTGetSignatureInfo;`