UACME/Source/Shared/util.h

/*******************************************************************************
*
*  (C) COPYRIGHT AUTHORS, 2017 - 2019
*
*  TITLE:       UTIL.H
*
*  VERSION:     3.17
*
*  DATE:        19 Mar 2019
*
*  Global support routines header file shared between payload dlls.
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
* PARTICULAR PURPOSE.
*
*******************************************************************************/
#pragma once

typedef struct _UACME_PARAM_BLOCK {
    ULONG Crc32;
    ULONG SessionId;
    ULONG AkagiFlag;
    WCHAR szParameter[MAX_PATH + 1];
    WCHAR szDesktop[MAX_PATH + 1];
    WCHAR szWinstation[MAX_PATH + 1];
    WCHAR szSignalObject[MAX_PATH + 1];
} UACME_PARAM_BLOCK, *PUACME_PARAM_BLOCK;

typedef BOOL(WINAPI* PFNCREATEPROCESSW)(
    LPCWSTR lpApplicationName,
    LPWSTR lpCommandLine,
    LPSECURITY_ATTRIBUTES lpProcessAttributes,
    LPSECURITY_ATTRIBUTES lpThreadAttributes,
    BOOL bInheritHandles,
    DWORD dwCreationFlags,
    LPVOID lpEnvironment,
    LPCWSTR lpCurrentDirectory,
    LPSTARTUPINFOW lpStartupInfo,
    LPPROCESS_INFORMATION lpProcessInformation);

typedef struct _OBJSCANPARAM {
    PWSTR Buffer;
    SIZE_T BufferSize;
} OBJSCANPARAM, *POBJSCANPARAM;

typedef struct _SXS_SEARCH_CONTEXT {
    LPWSTR DllName;
    LPWSTR SxsKey;
    LPWSTR FullDllPath;
} SXS_SEARCH_CONTEXT, *PSXS_SEARCH_CONTEXT;

VOID ucmPingBack(
    VOID);

BOOLEAN ucmPrivilegeEnabled(
    _In_ HANDLE hToken,
    _In_ ULONG Privilege);

NTSTATUS ucmCreateSyncMutant(
    _Out_ PHANDLE phMutant);

LPVOID ucmLdrGetProcAddress(
    _In_ PCHAR ImageBase,
    _In_ PCHAR RoutineName);

VOID ucmGetStartupInfo(
    _In_ LPSTARTUPINFOW lpStartupInfo);

DWORD ucmExpandEnvironmentStrings(
    _In_ LPCWSTR lpSrc,
    _Out_writes_to_opt_(nSize, return) LPWSTR lpDst,
    _In_ DWORD nSize);

PVOID ucmGetSystemInfo(
    _In_ SYSTEM_INFORMATION_CLASS InfoClass);

BOOL ucmLaunchPayload(
    _In_opt_ LPWSTR pszPayload,
    _In_opt_ DWORD cbPayload);

BOOL ucmLaunchPayloadEx(
    _In_ PFNCREATEPROCESSW pCreateProcess,
    _In_opt_ LPWSTR pszPayload,
    _In_opt_ DWORD cbPayload);

BOOL ucmLaunchPayload2(
    _In_ BOOL bIsLocalSystem,
    _In_ ULONG SessionId,
    _In_opt_ LPWSTR pszPayload,
    _In_opt_ DWORD cbPayload);

LPWSTR ucmQueryRuntimeInfo(
    _In_ BOOL ReturnData);

BOOLEAN ucmDestroyRuntimeInfo(
    _In_ LPWSTR RuntimeInfo);

BOOL ucmIsUserWinstaInteractive(
    VOID);

NTSTATUS ucmIsUserHasInteractiveSid(
    _In_ HANDLE hToken,
    _Out_ PBOOL pbInteractiveSid);

NTSTATUS ucmIsLocalSystem(
    _Out_ PBOOL pbResult);

wchar_t *sxsFilePathNoSlash(
    _In_ const wchar_t *fname,
    _In_ wchar_t *fpath);

BOOL sxsFindLoaderEntry(
    _In_ PSXS_SEARCH_CONTEXT Context);

HANDLE ucmOpenAkagiNamespace(
    VOID);

_Success_(return == TRUE)
BOOL ucmReadSharedParameters(
    _Out_ UACME_PARAM_BLOCK *SharedParameters);

VOID ucmSetCompletion(
    _In_ LPWSTR lpEvent);

BOOL ucmGetProcessElevationType(
    _In_opt_ HANDLE ProcessHandle,
    _Out_ TOKEN_ELEVATION_TYPE *lpType);

NTSTATUS ucmIsProcessElevated(
    _In_ ULONG ProcessId,
    _Out_ PBOOL Elevated);

#ifdef _DEBUG
#define ucmDbgMsg(Message)  OutputDebugString(Message)
#else
#define ucmDbgMsg(Message)  
#endif
v 2.8.0 Dynamic link libraries unification update, workaround for Windows 10 RS3 bugfest. 2017-09-08 12:20:05 +00:00			`/*******************************************************************************`
			`*`
v 3.1.5 Method 55 added, readme updated. 2019-02-17 05:01:05 +00:00			`* (C) COPYRIGHT AUTHORS, 2017 - 2019`
v 2.8.0 Dynamic link libraries unification update, workaround for Windows 10 RS3 bugfest. 2017-09-08 12:20:05 +00:00			`*`
			`* TITLE: UTIL.H`
			`*`
v 3.1.7 Unused broken code removed from shared Yuubari to v1.4.0 ntos to v1.108 2019-03-21 05:12:02 +00:00			`* VERSION: 3.17`
v 2.8.0 Dynamic link libraries unification update, workaround for Windows 10 RS3 bugfest. 2017-09-08 12:20:05 +00:00			`*`
v 3.1.7 Unused broken code removed from shared Yuubari to v1.4.0 ntos to v1.108 2019-03-21 05:12:02 +00:00			`* DATE: 19 Mar 2019`
v 2.8.0 Dynamic link libraries unification update, workaround for Windows 10 RS3 bugfest. 2017-09-08 12:20:05 +00:00			`*`
			`* Global support routines header file shared between payload dlls.`
			`*`
			`* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF`
			`* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED`
			`* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A`
			`* PARTICULAR PURPOSE.`
			`*`
			`*******************************************************************************/`
			`#pragma once`

v 3.1.0 Internal units rearrange, updates for 19H1 18272. 2018-11-13 09:58:29 +00:00			`typedef struct _UACME_PARAM_BLOCK {`
			`ULONG Crc32;`
			`ULONG SessionId;`
			`ULONG AkagiFlag;`
			`WCHAR szParameter[MAX_PATH + 1];`
			`WCHAR szDesktop[MAX_PATH + 1];`
			`WCHAR szWinstation[MAX_PATH + 1];`
			`WCHAR szSignalObject[MAX_PATH + 1];`
			`} UACME_PARAM_BLOCK, *PUACME_PARAM_BLOCK;`
v 2.8.0 Dynamic link libraries unification update, workaround for Windows 10 RS3 bugfest. 2017-09-08 12:20:05 +00:00
			`typedef BOOL(WINAPI* PFNCREATEPROCESSW)(`
			`LPCWSTR lpApplicationName,`
			`LPWSTR lpCommandLine,`
			`LPSECURITY_ATTRIBUTES lpProcessAttributes,`
			`LPSECURITY_ATTRIBUTES lpThreadAttributes,`
			`BOOL bInheritHandles,`
			`DWORD dwCreationFlags,`
			`LPVOID lpEnvironment,`
			`LPCWSTR lpCurrentDirectory,`
			`LPSTARTUPINFOW lpStartupInfo,`
			`LPPROCESS_INFORMATION lpProcessInformation);`

			`typedef struct _OBJSCANPARAM {`
			`PWSTR Buffer;`
			`SIZE_T BufferSize;`
			`} OBJSCANPARAM, *POBJSCANPARAM;`

			`typedef struct _SXS_SEARCH_CONTEXT {`
			`LPWSTR DllName;`
v 3.0.0 Internal redesign, methods 49, 50, 51 added, readme updated. 2018-09-02 07:28:59 +00:00			`LPWSTR SxsKey;`
v 2.8.0 Dynamic link libraries unification update, workaround for Windows 10 RS3 bugfest. 2017-09-08 12:20:05 +00:00			`LPWSTR FullDllPath;`
			`} SXS_SEARCH_CONTEXT, *PSXS_SEARCH_CONTEXT;`

v 3.0.0 Internal redesign, methods 49, 50, 51 added, readme updated. 2018-09-02 07:28:59 +00:00			`VOID ucmPingBack(`
			`VOID);`

v 2.8.0 Dynamic link libraries unification update, workaround for Windows 10 RS3 bugfest. 2017-09-08 12:20:05 +00:00			`BOOLEAN ucmPrivilegeEnabled(`
			`_In_ HANDLE hToken,`
			`_In_ ULONG Privilege);`

			`NTSTATUS ucmCreateSyncMutant(`
			`_Out_ PHANDLE phMutant);`

			`LPVOID ucmLdrGetProcAddress(`
			`_In_ PCHAR ImageBase,`
			`_In_ PCHAR RoutineName);`

			`VOID ucmGetStartupInfo(`
			`_In_ LPSTARTUPINFOW lpStartupInfo);`

			`DWORD ucmExpandEnvironmentStrings(`
			`_In_ LPCWSTR lpSrc,`
			`_Out_writes_to_opt_(nSize, return) LPWSTR lpDst,`
			`_In_ DWORD nSize);`

			`PVOID ucmGetSystemInfo(`
			`_In_ SYSTEM_INFORMATION_CLASS InfoClass);`

			`BOOL ucmLaunchPayload(`
			`_In_opt_ LPWSTR pszPayload,`
			`_In_opt_ DWORD cbPayload);`

			`BOOL ucmLaunchPayloadEx(`
			`_In_ PFNCREATEPROCESSW pCreateProcess,`
			`_In_opt_ LPWSTR pszPayload,`
			`_In_opt_ DWORD cbPayload);`

			`BOOL ucmLaunchPayload2(`
			`_In_ BOOL bIsLocalSystem,`
			`_In_ ULONG SessionId,`
			`_In_opt_ LPWSTR pszPayload,`
			`_In_opt_ DWORD cbPayload);`

			`LPWSTR ucmQueryRuntimeInfo(`
			`_In_ BOOL ReturnData);`

			`BOOLEAN ucmDestroyRuntimeInfo(`
			`_In_ LPWSTR RuntimeInfo);`

			`BOOL ucmIsUserWinstaInteractive(`
			`VOID);`

			`NTSTATUS ucmIsUserHasInteractiveSid(`
			`_In_ HANDLE hToken,`
			`_Out_ PBOOL pbInteractiveSid);`

			`NTSTATUS ucmIsLocalSystem(`
			`_Out_ PBOOL pbResult);`

			`wchar_t *sxsFilePathNoSlash(`
			`_In_ const wchar_t *fname,`
			`_In_ wchar_t *fpath);`

v 3.0.0 Internal redesign, methods 49, 50, 51 added, readme updated. 2018-09-02 07:28:59 +00:00			`BOOL sxsFindLoaderEntry(`
			`_In_ PSXS_SEARCH_CONTEXT Context);`

v 3.1.0 Internal units rearrange, updates for 19H1 18272. 2018-11-13 09:58:29 +00:00			`HANDLE ucmOpenAkagiNamespace(`
			`VOID);`

			`_Success_(return == TRUE)`
			`BOOL ucmReadSharedParameters(`
			`_Out_ UACME_PARAM_BLOCK *SharedParameters);`

			`VOID ucmSetCompletion(`
			`_In_ LPWSTR lpEvent);`

v 3.1.5 Method 55 added, readme updated. 2019-02-17 05:01:05 +00:00			`BOOL ucmGetProcessElevationType(`
			`_In_opt_ HANDLE ProcessHandle,`
			`_Out_ TOKEN_ELEVATION_TYPE *lpType);`

			`NTSTATUS ucmIsProcessElevated(`
			`_In_ ULONG ProcessId,`
			`_Out_ PBOOL Elevated);`

v 3.0.3 Visual Studio 2017 build support, readme file updated. 2018-10-11 08:42:35 +00:00			`#ifdef _DEBUG`
			`#define ucmDbgMsg(Message) OutputDebugString(Message)`
			`#else`
			`#define ucmDbgMsg(Message)`
			`#endif`