UACME/Source/Yuubari/basic.c

/*******************************************************************************
*
*  (C) COPYRIGHT AUTHORS, 2014 - 2019
*
*  TITLE:       BASIC.C
*
*  VERSION:     1.40
*
*  DATE:        19 Mar 2019
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
* PARTICULAR PURPOSE.
*
*******************************************************************************/
#include "global.h"

/*
* ScanBasicUacData
*
* Purpose:
*
* Query UserSharedData flags, UAC registry values.
*
*/
VOID ScanBasicUacData(
    OUTPUTCALLBACK OutputCallback
)
{
    ULONG       Flags = 0;
    LRESULT     lRet;
    HKEY        hKey = NULL;

    UAC_BASIC_DATA Data;

    if (OutputCallback == NULL)
        return;

    if (!NT_SUCCESS(RtlQueryElevationFlags(&Flags)))
        return;

    RtlSecureZeroMemory(&Data, sizeof(Data));

    Data.Name = T_FLAG_ELEVATION_ENABLED;
    Data.IsValueBool = TRUE;
    Data.Value = ((Flags & DBG_FLAG_ELEVATION_ENABLED) > 0);
    OutputCallback((PVOID)&Data);

    Data.Name = T_FLAG_VIRTUALIZATION_ENABLED;
    Data.IsValueBool = TRUE;
    Data.Value = ((Flags & DBG_FLAG_VIRTUALIZATION_ENABLED) > 0);
    OutputCallback((PVOID)&Data);

    Data.Name = T_FLAG_INSTALLERDETECT_ENABLED;
    Data.IsValueBool = TRUE;
    Data.Value = ((Flags & DBG_FLAG_INSTALLER_DETECT_ENABLED) > 0);
    OutputCallback((PVOID)&Data);

    lRet = RegOpenKeyEx(HKEY_LOCAL_MACHINE, T_UAC_SETTINGS_KEY, 0, KEY_READ, &hKey);
    if (lRet == ERROR_SUCCESS) {

        RtlSecureZeroMemory(&Data, sizeof(Data));
        lRet = supRegReadDword(hKey, T_UAC_PROMPT_BEHAVIOR, &Data.Value);
        if (lRet == ERROR_SUCCESS) {
            Data.Name = T_UAC_PROMPT_BEHAVIOR;
            OutputCallback((PVOID)&Data);
        }

        Data.Value = 0;
        lRet = supRegReadDword(hKey, T_UAC_RESTRICTED_AUTOAPPROVE, &Data.Value);
        if (lRet == ERROR_SUCCESS) {
            Data.Name = T_UAC_RESTRICTED_AUTOAPPROVE;
            OutputCallback((PVOID)&Data);
        }

        Data.Value = 0;
        lRet = supRegReadDword(hKey, T_UAC_AUTOAPPROVEIC, &Data.Value);
        if (lRet == ERROR_SUCCESS) {
            Data.Name = T_UAC_AUTOAPPROVEIC;
            OutputCallback((PVOID)&Data);
        }

        Data.Value = 0;
        lRet = supRegReadDword(hKey, T_UAC_AUTOAPPROVEMP, &Data.Value);
        if (lRet == ERROR_SUCCESS) {
            Data.Name = T_UAC_AUTOAPPROVEMP;
            OutputCallback((PVOID)&Data);
        }

        Data.Value = 0;
        lRet = supRegReadDword(hKey, T_UAC_AUTOAPPROVEHARDCLAIMS, &Data.Value);
        if (lRet == ERROR_SUCCESS) {
            Data.Name = T_UAC_AUTOAPPROVEHARDCLAIMS;
            OutputCallback((PVOID)&Data);
        }

        Data.Value = 0;
        lRet = supRegReadDword(hKey, T_UAC_ENABLESECUREUIPATHS, &Data.Value);
        if (lRet == ERROR_SUCCESS) {
            Data.Name = T_UAC_ENABLESECUREUIPATHS;
            OutputCallback((PVOID)&Data);
        }

        Data.Value = 0;
        lRet = supRegReadDword(hKey, T_UAC_SECURE_DESKTOP, &Data.Value);
        if (lRet == ERROR_SUCCESS) {
            Data.Name = T_UAC_SECURE_DESKTOP;
            Data.IsValueBool = TRUE;
            OutputCallback((PVOID)&Data);
        }

        RegCloseKey(hKey);
    }
}
v 2.5.6 Kongou removed from main executable, see ucmGWX function description for more info, made Yuubari module public, rearranged readme file. 2017-02-19 05:48:36 +00:00			`/*******************************************************************************`
			`*`
v 3.1.7 Unused broken code removed from shared Yuubari to v1.4.0 ntos to v1.108 2019-03-21 05:12:02 +00:00			`* (C) COPYRIGHT AUTHORS, 2014 - 2019`
v 2.5.6 Kongou removed from main executable, see ucmGWX function description for more info, made Yuubari module public, rearranged readme file. 2017-02-19 05:48:36 +00:00			`*`
			`* TITLE: BASIC.C`
			`*`
v 3.1.7 Unused broken code removed from shared Yuubari to v1.4.0 ntos to v1.108 2019-03-21 05:12:02 +00:00			`* VERSION: 1.40`
v 2.5.6 Kongou removed from main executable, see ucmGWX function description for more info, made Yuubari module public, rearranged readme file. 2017-02-19 05:48:36 +00:00			`*`
v 3.1.7 Unused broken code removed from shared Yuubari to v1.4.0 ntos to v1.108 2019-03-21 05:12:02 +00:00			`* DATE: 19 Mar 2019`
v 2.5.6 Kongou removed from main executable, see ucmGWX function description for more info, made Yuubari module public, rearranged readme file. 2017-02-19 05:48:36 +00:00			`*`
			`* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF`
			`* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED`
			`* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A`
			`* PARTICULAR PURPOSE.`
			`*`
			`*******************************************************************************/`
			`#include "global.h"`

			`/*`
			`* ScanBasicUacData`
			`*`
			`* Purpose:`
			`*`
			`* Query UserSharedData flags, UAC registry values.`
			`*`
			`*/`
			`VOID ScanBasicUacData(`
v 3.1.7 Unused broken code removed from shared Yuubari to v1.4.0 ntos to v1.108 2019-03-21 05:12:02 +00:00			`OUTPUTCALLBACK OutputCallback`
v 2.5.6 Kongou removed from main executable, see ucmGWX function description for more info, made Yuubari module public, rearranged readme file. 2017-02-19 05:48:36 +00:00			`)`
			`{`
Yuubari update COMAutoApprovalList dumping for RS1+, verbose mode (/v), more appinfo settings display,15046 appinfo support, some corrections 2017-03-02 04:19:49 +00:00			`ULONG Flags = 0;`
v 2.5.6 Kongou removed from main executable, see ucmGWX function description for more info, made Yuubari module public, rearranged readme file. 2017-02-19 05:48:36 +00:00			`LRESULT lRet;`
			`HKEY hKey = NULL;`

			`UAC_BASIC_DATA Data;`

			`if (OutputCallback == NULL)`
			`return;`

v 2.9.0 Maintenance - various updates for RS5. 2018-07-14 17:15:02 +00:00			`if (!NT_SUCCESS(RtlQueryElevationFlags(&Flags)))`
			`return;`
v 2.5.6 Kongou removed from main executable, see ucmGWX function description for more info, made Yuubari module public, rearranged readme file. 2017-02-19 05:48:36 +00:00
			`RtlSecureZeroMemory(&Data, sizeof(Data));`

Yuubari update COMAutoApprovalList dumping for RS1+, verbose mode (/v), more appinfo settings display,15046 appinfo support, some corrections 2017-03-02 04:19:49 +00:00			`Data.Name = T_FLAG_ELEVATION_ENABLED;`
v 2.5.6 Kongou removed from main executable, see ucmGWX function description for more info, made Yuubari module public, rearranged readme file. 2017-02-19 05:48:36 +00:00			`Data.IsValueBool = TRUE;`
			`Data.Value = ((Flags & DBG_FLAG_ELEVATION_ENABLED) > 0);`
v 3.1.7 Unused broken code removed from shared Yuubari to v1.4.0 ntos to v1.108 2019-03-21 05:12:02 +00:00			`OutputCallback((PVOID)&Data);`
v 2.5.6 Kongou removed from main executable, see ucmGWX function description for more info, made Yuubari module public, rearranged readme file. 2017-02-19 05:48:36 +00:00
Yuubari update COMAutoApprovalList dumping for RS1+, verbose mode (/v), more appinfo settings display,15046 appinfo support, some corrections 2017-03-02 04:19:49 +00:00			`Data.Name = T_FLAG_VIRTUALIZATION_ENABLED;`
v 2.5.6 Kongou removed from main executable, see ucmGWX function description for more info, made Yuubari module public, rearranged readme file. 2017-02-19 05:48:36 +00:00			`Data.IsValueBool = TRUE;`
			`Data.Value = ((Flags & DBG_FLAG_VIRTUALIZATION_ENABLED) > 0);`
v 3.1.7 Unused broken code removed from shared Yuubari to v1.4.0 ntos to v1.108 2019-03-21 05:12:02 +00:00			`OutputCallback((PVOID)&Data);`
v 2.5.6 Kongou removed from main executable, see ucmGWX function description for more info, made Yuubari module public, rearranged readme file. 2017-02-19 05:48:36 +00:00
Yuubari update COMAutoApprovalList dumping for RS1+, verbose mode (/v), more appinfo settings display,15046 appinfo support, some corrections 2017-03-02 04:19:49 +00:00			`Data.Name = T_FLAG_INSTALLERDETECT_ENABLED;`
v 2.5.6 Kongou removed from main executable, see ucmGWX function description for more info, made Yuubari module public, rearranged readme file. 2017-02-19 05:48:36 +00:00			`Data.IsValueBool = TRUE;`
			`Data.Value = ((Flags & DBG_FLAG_INSTALLER_DETECT_ENABLED) > 0);`
v 3.1.7 Unused broken code removed from shared Yuubari to v1.4.0 ntos to v1.108 2019-03-21 05:12:02 +00:00			`OutputCallback((PVOID)&Data);`
v 2.5.6 Kongou removed from main executable, see ucmGWX function description for more info, made Yuubari module public, rearranged readme file. 2017-02-19 05:48:36 +00:00
Yuubari update COMAutoApprovalList dumping for RS1+, verbose mode (/v), more appinfo settings display,15046 appinfo support, some corrections 2017-03-02 04:19:49 +00:00			`lRet = RegOpenKeyEx(HKEY_LOCAL_MACHINE, T_UAC_SETTINGS_KEY, 0, KEY_READ, &hKey);`
v 2.5.6 Kongou removed from main executable, see ucmGWX function description for more info, made Yuubari module public, rearranged readme file. 2017-02-19 05:48:36 +00:00			`if (lRet == ERROR_SUCCESS) {`

Yuubari update COMAutoApprovalList dumping for RS1+, verbose mode (/v), more appinfo settings display,15046 appinfo support, some corrections 2017-03-02 04:19:49 +00:00			`RtlSecureZeroMemory(&Data, sizeof(Data));`
			`lRet = supRegReadDword(hKey, T_UAC_PROMPT_BEHAVIOR, &Data.Value);`
v 2.5.6 Kongou removed from main executable, see ucmGWX function description for more info, made Yuubari module public, rearranged readme file. 2017-02-19 05:48:36 +00:00			`if (lRet == ERROR_SUCCESS) {`
Yuubari update COMAutoApprovalList dumping for RS1+, verbose mode (/v), more appinfo settings display,15046 appinfo support, some corrections 2017-03-02 04:19:49 +00:00			`Data.Name = T_UAC_PROMPT_BEHAVIOR;`
v 3.1.7 Unused broken code removed from shared Yuubari to v1.4.0 ntos to v1.108 2019-03-21 05:12:02 +00:00			`OutputCallback((PVOID)&Data);`
v 2.5.6 Kongou removed from main executable, see ucmGWX function description for more info, made Yuubari module public, rearranged readme file. 2017-02-19 05:48:36 +00:00			`}`

Yuubari update COMAutoApprovalList dumping for RS1+, verbose mode (/v), more appinfo settings display,15046 appinfo support, some corrections 2017-03-02 04:19:49 +00:00			`Data.Value = 0;`
			`lRet = supRegReadDword(hKey, T_UAC_RESTRICTED_AUTOAPPROVE, &Data.Value);`
			`if (lRet == ERROR_SUCCESS) {`
			`Data.Name = T_UAC_RESTRICTED_AUTOAPPROVE;`
v 3.1.7 Unused broken code removed from shared Yuubari to v1.4.0 ntos to v1.108 2019-03-21 05:12:02 +00:00			`OutputCallback((PVOID)&Data);`
Yuubari update COMAutoApprovalList dumping for RS1+, verbose mode (/v), more appinfo settings display,15046 appinfo support, some corrections 2017-03-02 04:19:49 +00:00			`}`
v 2.5.6 Kongou removed from main executable, see ucmGWX function description for more info, made Yuubari module public, rearranged readme file. 2017-02-19 05:48:36 +00:00
Yuubari update COMAutoApprovalList dumping for RS1+, verbose mode (/v), more appinfo settings display,15046 appinfo support, some corrections 2017-03-02 04:19:49 +00:00			`Data.Value = 0;`
			`lRet = supRegReadDword(hKey, T_UAC_AUTOAPPROVEIC, &Data.Value);`
v 2.5.6 Kongou removed from main executable, see ucmGWX function description for more info, made Yuubari module public, rearranged readme file. 2017-02-19 05:48:36 +00:00			`if (lRet == ERROR_SUCCESS) {`
Yuubari update COMAutoApprovalList dumping for RS1+, verbose mode (/v), more appinfo settings display,15046 appinfo support, some corrections 2017-03-02 04:19:49 +00:00			`Data.Name = T_UAC_AUTOAPPROVEIC;`
v 3.1.7 Unused broken code removed from shared Yuubari to v1.4.0 ntos to v1.108 2019-03-21 05:12:02 +00:00			`OutputCallback((PVOID)&Data);`
v 2.5.6 Kongou removed from main executable, see ucmGWX function description for more info, made Yuubari module public, rearranged readme file. 2017-02-19 05:48:36 +00:00			`}`

v 2.9.0 Maintenance - various updates for RS5. 2018-07-14 17:15:02 +00:00			`Data.Value = 0;`
			`lRet = supRegReadDword(hKey, T_UAC_AUTOAPPROVEMP, &Data.Value);`
			`if (lRet == ERROR_SUCCESS) {`
			`Data.Name = T_UAC_AUTOAPPROVEMP;`
v 3.1.7 Unused broken code removed from shared Yuubari to v1.4.0 ntos to v1.108 2019-03-21 05:12:02 +00:00			`OutputCallback((PVOID)&Data);`
v 2.9.0 Maintenance - various updates for RS5. 2018-07-14 17:15:02 +00:00			`}`

			`Data.Value = 0;`
			`lRet = supRegReadDword(hKey, T_UAC_AUTOAPPROVEHARDCLAIMS, &Data.Value);`
			`if (lRet == ERROR_SUCCESS) {`
			`Data.Name = T_UAC_AUTOAPPROVEHARDCLAIMS;`
v 3.1.7 Unused broken code removed from shared Yuubari to v1.4.0 ntos to v1.108 2019-03-21 05:12:02 +00:00			`OutputCallback((PVOID)&Data);`
v 2.9.0 Maintenance - various updates for RS5. 2018-07-14 17:15:02 +00:00			`}`

			`Data.Value = 0;`
			`lRet = supRegReadDword(hKey, T_UAC_ENABLESECUREUIPATHS, &Data.Value);`
			`if (lRet == ERROR_SUCCESS) {`
			`Data.Name = T_UAC_ENABLESECUREUIPATHS;`
v 3.1.7 Unused broken code removed from shared Yuubari to v1.4.0 ntos to v1.108 2019-03-21 05:12:02 +00:00			`OutputCallback((PVOID)&Data);`
v 2.9.0 Maintenance - various updates for RS5. 2018-07-14 17:15:02 +00:00			`}`

Yuubari update COMAutoApprovalList dumping for RS1+, verbose mode (/v), more appinfo settings display,15046 appinfo support, some corrections 2017-03-02 04:19:49 +00:00			`Data.Value = 0;`
			`lRet = supRegReadDword(hKey, T_UAC_SECURE_DESKTOP, &Data.Value);`
v 2.5.6 Kongou removed from main executable, see ucmGWX function description for more info, made Yuubari module public, rearranged readme file. 2017-02-19 05:48:36 +00:00			`if (lRet == ERROR_SUCCESS) {`
Yuubari update COMAutoApprovalList dumping for RS1+, verbose mode (/v), more appinfo settings display,15046 appinfo support, some corrections 2017-03-02 04:19:49 +00:00			`Data.Name = T_UAC_SECURE_DESKTOP;`
v 2.5.6 Kongou removed from main executable, see ucmGWX function description for more info, made Yuubari module public, rearranged readme file. 2017-02-19 05:48:36 +00:00			`Data.IsValueBool = TRUE;`
v 3.1.7 Unused broken code removed from shared Yuubari to v1.4.0 ntos to v1.108 2019-03-21 05:12:02 +00:00			`OutputCallback((PVOID)&Data);`
v 2.5.6 Kongou removed from main executable, see ucmGWX function description for more info, made Yuubari module public, rearranged readme file. 2017-02-19 05:48:36 +00:00			`}`
Yuubari update COMAutoApprovalList dumping for RS1+, verbose mode (/v), more appinfo settings display,15046 appinfo support, some corrections 2017-03-02 04:19:49 +00:00
v 2.5.6 Kongou removed from main executable, see ucmGWX function description for more info, made Yuubari module public, rearranged readme file. 2017-02-19 05:48:36 +00:00			`RegCloseKey(hKey);`
			`}`
			`}`