mirror of https://github.com/hfiref0x/UACME.git
hfiref0x
parent
769ade07ba
commit
2eaaa0bee2
Binary file not shown.
Binary file not shown.
|
|
@ -60,7 +60,7 @@ Run examples:
|
|||
* This tool is not intended for AV tests and not tested to work in aggressive AV environment, if you still plan to use it with installed bloatware AV soft - you use it at your own risk;
|
||||
* Some AV may flag this tool as HackTool, MSE/WinDefender constantly marks it as malware, nope;
|
||||
* If you run this program on real computer remember to remove all program leftovers after usage, for more info about files it drops to system folders see source code;
|
||||
* Since 2.4 all added methods/code will be strictly x64. I don't see any sense in supporting 32 bit versions of Windows in 2016 year.
|
||||
* Since 2.4 all added methods/code will be strictly x64. I don't see any sense in supporting 32 bit versions of Windows.
|
||||
|
||||
# Microsoft countermeasures
|
||||
Methods fixed:
|
||||
|
|
@ -103,8 +103,8 @@ https://blogs.msdn.microsoft.com/oldnewthing/20160816-00/?p=94105
|
|||
|
||||
# VirusTotal reference report
|
||||
|
||||
* Akagi32 https://www.virustotal.com/en/file/8100847e1066b04615a7ab2c2b919b70d75e96d1900b2f7a03896579f5f1982b/analysis/
|
||||
* Akagi64 https://www.virustotal.com/en/file/5e453253add4e1b2a0a63c3a2ea2a45631f99e45d2e1dce96159766a30c73333/analysis/
|
||||
* Akagi32 https://www.virustotal.com/en/file/bc76b81567cdf3ead8e57164d466212849c4965fa6fa832ed10e5bb571e8d58b/analysis/
|
||||
* Akagi64 https://www.virustotal.com/en/file/6eb88048b0b9a0e195a8cfe4b9832761f76cab238f6bf62c5c6ac3a3c27fcf3c/analysis/
|
||||
|
||||
# Build
|
||||
|
||||
|
|
|
|||
|
|
@ -164,11 +164,13 @@ DWORD ucmDiskCleanupWorkerThread(
|
|||
do {
|
||||
|
||||
status = NtNotifyChangeDirectoryFile(hDirectory, hEvent, NULL, NULL,
|
||||
&IoStatusBlock, Buffer, (ULONG)sz, FILE_NOTIFY_CHANGE_DIR_NAME | FILE_NOTIFY_CHANGE_FILE_NAME, TRUE);
|
||||
&IoStatusBlock, Buffer, (ULONG)sz, FILE_NOTIFY_CHANGE_FILE_NAME, TRUE);
|
||||
|
||||
if (status == STATUS_PENDING)
|
||||
NtWaitForSingleObject(hEvent, TRUE, NULL);
|
||||
|
||||
NtSetEvent(hEvent, NULL);
|
||||
|
||||
pInfo = (FILE_NOTIFY_INFORMATION*)Buffer;
|
||||
for (;;) {
|
||||
|
||||
|
|
@ -204,8 +206,6 @@ DWORD ucmDiskCleanupWorkerThread(
|
|||
pInfo = (FILE_NOTIFY_INFORMATION*)(((LPBYTE)pInfo) + pInfo->NextEntryOffset);
|
||||
if (pInfo->NextEntryOffset == 0)
|
||||
break;
|
||||
|
||||
NtSetEvent(hEvent, NULL);
|
||||
}
|
||||
|
||||
} while (NT_SUCCESS(status));
|
||||
|
|
|
|||
|
|
@ -532,6 +532,11 @@ UINT ucmMain()
|
|||
return ERROR_UNSUPPORTED_TYPE;
|
||||
}
|
||||
#endif
|
||||
//ban usage under wow64 (dismhost is x64 and x64 dlls are not present in 32bit version of this tool).
|
||||
if (g_ctx.IsWow64) {
|
||||
ucmShowMessage(WOW64STRING);
|
||||
return ERROR_UNSUPPORTED_TYPE;
|
||||
}
|
||||
break;
|
||||
|
||||
}
|
||||
|
|
@ -547,8 +552,7 @@ UINT ucmMain()
|
|||
{
|
||||
supSetParameter((LPWSTR)&szBuffer, paramLen * sizeof(WCHAR));
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
//check environment and execute method if it met requirements
|
||||
switch (g_ctx.Method) {
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
8100847e1066b04615a7ab2c2b919b70d75e96d1900b2f7a03896579f5f1982b *Compiled\Akagi32.exe
|
||||
5e453253add4e1b2a0a63c3a2ea2a45631f99e45d2e1dce96159766a30c73333 *Compiled\Akagi64.exe
|
||||
bc76b81567cdf3ead8e57164d466212849c4965fa6fa832ed10e5bb571e8d58b *Compiled\Akagi32.exe
|
||||
6eb88048b0b9a0e195a8cfe4b9832761f76cab238f6bf62c5c6ac3a3c27fcf3c *Compiled\Akagi64.exe
|
||||
098e6b9ca3c24b8d3dc8c2eb1a8ed8a07ca7248de1395e0ab4b515ff55a6eae4 *Source\uacme.sln
|
||||
8172069709954a5616b75306e565cbc5cd5baada00c15cba084420e61bebcdaf *Source\Akagi\akagi.ico
|
||||
02238b1720b8514de36ae80fa3d07c377d22e6befe99a7b87d4da9d60d23be02 *Source\Akagi\akagi.manifest
|
||||
|
|
@ -15,14 +15,14 @@ ba15ec03e68f87b0e1b86ff826b1b42886aac497d0bc7aca8753e5d3ffdb1693 *Source\Akagi\c
|
|||
fce0f9f17b98675ea322c9f1729c73c56467fbb68335e86417517e6fd549f630 *Source\Akagi\compress.c
|
||||
be3ecc4805c0c88ef53364c54448b13d19ddd1a31562602dbdca2457237a9e81 *Source\Akagi\compress.h
|
||||
6371bbc89d908cef5ee47fc436227cfa8f7d2dd026436832fb23fcde6eb18a17 *Source\Akagi\consts.h
|
||||
bb21e48947918f6c73659f2987fbb59740e341beee1266973bb12786eefa6b16 *Source\Akagi\enigma0x3.c
|
||||
e8d614e8bb275daebfe3e6407c1dd4e2be1541113ebac04e7fe0ee8dba227544 *Source\Akagi\enigma0x3.c
|
||||
362c2c8c0aeb6ed6396fffb1d06f5b83ac03b74c75845da0cab4702311863520 *Source\Akagi\enigma0x3.h
|
||||
069d647a1453a78d20c8ae7f0d0b45554a0df26bdb4b4df3ba6ec964cc0b5df3 *Source\Akagi\global.h
|
||||
5d17ed805de8f280c2430e3deb20acd4fa1dc8e43560773186707974cbf3a9eb *Source\Akagi\gootkit.c
|
||||
c37113f14c181533280441de1199cc511c7b35a42ceea3b9c0e671da7140d6fa *Source\Akagi\gootkit.h
|
||||
8761ed178e2a91e89bc1421a903f82f10364bbb598fa519178a4f324b6b97f65 *Source\Akagi\hybrids.c
|
||||
81f2108849fb85fbd2e8ee6b2ea35fe383446bdd218d3ed628c75f17352afabd *Source\Akagi\hybrids.h
|
||||
4999f2124a97ddd4bd4535a4bf8367b38c381c8452b7bb51a7465eb7ce676697 *Source\Akagi\main.c
|
||||
5859f19397408a1eef01c0a2debee43b0f0906064b7cc40c7bc0761691259d90 *Source\Akagi\main.c
|
||||
dab08cd614d03456a3310ca1e6d7718028d45fedd88c2b516f67d2655238e0d0 *Source\Akagi\makecab.c
|
||||
67a5f4f8d7aee49d7c1e029ddf50520d56f6081917a2cc2904764336857382a0 *Source\Akagi\makecab.h
|
||||
d2e73e697dc427dadf0902fa3b18a71dbb1e482ab57daf9c1bb4051bff717fba *Source\Akagi\manifest.h
|
||||
|
|
|
|||
Loading…
Reference in New Issue