Rooba
/
UACME
mirror of https://github.com/hfiref0x/UACME.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

v 3.6.4 

More gracefully revert
This commit is contained in:
hfiref0x 2023-02-16 18:39:49 +07:00
parent 5840d4106f
commit dbbcc714ee
No known key found for this signature in database
GPG Key ID: 5A20EE3C6F09AF95
6 changed files with 188 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
Source/Akagi/methods/methods.c
View File

@ -6,7 +6,7 @@
* *
* VERSION: 3.64 * VERSION: 3.64
* *
* DATE: 04 Feb 2023 * DATE: 15 Feb 2023
* *
* UAC bypass dispatch. * UAC bypass dispatch.
* *
@ -319,15 +319,26 @@ NTSTATUS MethodsManagerCall(
if (Entry->PayloadResourceId != PAYLOAD_ID_NONE) { if (Entry->PayloadResourceId != PAYLOAD_ID_NONE) {
Resource = supLdrQueryResourceData( Status = supLdrQueryResourceDataEx(
Entry->PayloadResourceId, Entry->PayloadResourceId,
ImageBaseAddress, ImageBaseAddress,
&DataSize); &DataSize,
&Resource);
if (Resource) { if (!NT_SUCCESS(Status)) {
PayloadCode = g_ctx->DecompressRoutine(Entry->PayloadResourceId, Resource, DataSize, &PayloadSize);
if (Status == STATUS_RESOURCE_TYPE_NOT_FOUND)
return STATUS_INVALID_IMAGE_FORMAT;
return Status;
} }
if (DataSize == 0 || Resource == NULL) {
return STATUS_INVALID_IMAGE_FORMAT;
}
PayloadCode = g_ctx->DecompressRoutine(Entry->PayloadResourceId, Resource, DataSize, &PayloadSize);
if ((PayloadCode == NULL) || (PayloadSize == 0)) { if ((PayloadCode == NULL) || (PayloadSize == 0)) {
return STATUS_DATA_ERROR; return STATUS_DATA_ERROR;
} }

129
Source/Akagi/sup.c
View File

@ -1,12 +1,12 @@
/******************************************************************************* /*******************************************************************************
* *
* (C) COPYRIGHT AUTHORS, 2015 - 2022 * (C) COPYRIGHT AUTHORS, 2015 - 2023
* *
* TITLE: SUP.C * TITLE: SUP.C
* *
* VERSION: 3.63 * VERSION: 3.64
* *
* DATE: 16 Jul 2022 * DATE: 15 Feb 2023
* *
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@ -912,6 +912,49 @@ BOOLEAN supSetCheckSumForMappedFile(
return FALSE; return FALSE;
} }
/*
* supLdrQueryResourceDataEx
*
* Purpose:
*
* Load resource by given id (win32 FindResource, SizeofResource, LockResource).
*
*/
NTSTATUS supLdrQueryResourceDataEx(
_In_ ULONG_PTR ResourceId,
_In_ PVOID DllHandle,
_Out_ PULONG DataSize,
_Out_ PVOID* Data
)
{
NTSTATUS status;
ULONG_PTR IdPath[3];
IMAGE_RESOURCE_DATA_ENTRY* DataEntry;
ULONG SizeOfData = 0;
*DataSize = 0;
if (DllHandle == NULL) {
return STATUS_INVALID_PARAMETER_2;
}
IdPath[0] = (ULONG_PTR)RT_RCDATA; //type
IdPath[1] = ResourceId; //id
IdPath[2] = 0; //lang
status = LdrFindResource_U(DllHandle, (ULONG_PTR*)&IdPath, 3, &DataEntry);
if (NT_SUCCESS(status)) {
status = LdrAccessResource(DllHandle, DataEntry, Data, &SizeOfData);
if (NT_SUCCESS(status)) {
if (DataSize) {
*DataSize = SizeOfData;
}
}
}
return status;
}
/* /*
* supLdrQueryResourceData * supLdrQueryResourceData
* *
@ -923,32 +966,21 @@ BOOLEAN supSetCheckSumForMappedFile(
PBYTE supLdrQueryResourceData( PBYTE supLdrQueryResourceData(
_In_ ULONG_PTR ResourceId, _In_ ULONG_PTR ResourceId,
_In_ PVOID DllHandle, _In_ PVOID DllHandle,
_In_ PULONG DataSize _Out_ PULONG DataSize
) )
{ {
NTSTATUS status; NTSTATUS status;
ULONG_PTR IdPath[3]; PBYTE Data = NULL;
IMAGE_RESOURCE_DATA_ENTRY* DataEntry;
PBYTE Data = NULL;
ULONG SizeOfData = 0;
if (DllHandle != NULL) { status = supLdrQueryResourceDataEx(ResourceId,
DllHandle,
DataSize,
&Data);
IdPath[0] = (ULONG_PTR)RT_RCDATA; //type if (NT_SUCCESS(status))
IdPath[1] = ResourceId; //id return Data;
IdPath[2] = 0; //lang
status = LdrFindResource_U(DllHandle, (ULONG_PTR*)&IdPath, 3, &DataEntry); return NULL;
if (NT_SUCCESS(status)) {
status = LdrAccessResource(DllHandle, DataEntry, (PVOID*)&Data, &SizeOfData);
if (NT_SUCCESS(status)) {
if (DataSize) {
*DataSize = SizeOfData;
}
}
}
}
return Data;
} }
/* /*
@ -4218,3 +4250,52 @@ ULONG supWaitForChildProcesses(
return dwCurrentWait; return dwCurrentWait;
} }
/*
* supRaiseHardError
*
* Purpose:
*
* Display UACMe hard error.
*
*/
VOID supRaiseHardError(
_In_ NTSTATUS HardErrorStatus
)
{
ULONG dwFlags;
HMODULE hModule = NULL;
WCHAR errorBuffer[1024];
UNICODE_STRING usText;
ULONG_PTR params[] = { (ULONG_PTR)&usText };
HARDERROR_RESPONSE heResponse;
if (HRESULT_FACILITY(HardErrorStatus) == FACILITY_WIN32) {
dwFlags = FORMAT_MESSAGE_IGNORE_INSERTS | FORMAT_MESSAGE_FROM_SYSTEM;
}
else {
dwFlags = FORMAT_MESSAGE_IGNORE_INSERTS | FORMAT_MESSAGE_FROM_HMODULE;
hModule = GetModuleHandle(RtlNtdllName);
}
errorBuffer[0] = 0;
if (FormatMessage(dwFlags,
hModule,
HardErrorStatus,
0,
errorBuffer,
RTL_NUMBER_OF(errorBuffer),
NULL))
{
RtlInitUnicodeString(&usText, errorBuffer);
NtRaiseHardError(STATUS_FATAL_APP_EXIT | HARDERROR_OVERRIDE_ERRORMODE,
RTL_NUMBER_OF(params),
1,
(PULONG_PTR)params,
OptionOk,
(PULONG)&heResponse);
}
}

17
Source/Akagi/sup.h
View File

@ -1,12 +1,12 @@
/******************************************************************************* /*******************************************************************************
* *
* (C) COPYRIGHT AUTHORS, 2014 - 2022 * (C) COPYRIGHT AUTHORS, 2014 - 2023
* *
* TITLE: SUP.H * TITLE: SUP.H
* *
* VERSION: 3.63 * VERSION: 3.64
* *
* DATE: 16 Jul 2022 * DATE: 15 Feb 2023
* *
* Common header file for the program support routines. * Common header file for the program support routines.
* *
@ -186,10 +186,16 @@ BOOLEAN supSetCheckSumForMappedFile(
_In_ PVOID BaseAddress, _In_ PVOID BaseAddress,
_In_ ULONG CheckSum); _In_ ULONG CheckSum);
NTSTATUS supLdrQueryResourceDataEx(
_In_ ULONG_PTR ResourceId,
_In_ PVOID DllHandle,
_Out_ PULONG DataSize,
_Out_ PVOID* Data);
PBYTE supLdrQueryResourceData( PBYTE supLdrQueryResourceData(
_In_ ULONG_PTR ResourceId, _In_ ULONG_PTR ResourceId,
_In_ PVOID DllHandle, _In_ PVOID DllHandle,
_In_ PULONG DataSize); _Out_ PULONG DataSize);
VOID supMasqueradeProcess( VOID supMasqueradeProcess(
_In_ BOOL Restore); _In_ BOOL Restore);
@ -467,6 +473,9 @@ ULONG supWaitForChildProcesses(
_In_ LPCWSTR lpProcessName, _In_ LPCWSTR lpProcessName,
_In_ DWORD dwWaitMiliseconds); _In_ DWORD dwWaitMiliseconds);
VOID supRaiseHardError(
_In_ NTSTATUS HardErrorStatus);
#ifdef _DEBUG #ifdef _DEBUG
#define supDbgMsg(Message) OutputDebugString(Message) #define supDbgMsg(Message) OutputDebugString(Message)
#else #else

BIN
Source/Fubuki/version.aps
View File

Binary file not shown.

53
Source/Shared/ntos/ntos.h
View File

@ -1,13 +1,13 @@
/************************************************************************************ /************************************************************************************
* *
* (C) COPYRIGHT AUTHORS, 2015 - 2022 * (C) COPYRIGHT AUTHORS, 2015 - 2023
* Translated from Microsoft sources/debugger or mentioned elsewhere. * Translated from Microsoft sources/debugger or mentioned elsewhere.
* *
* TITLE: NTOS.H * TITLE: NTOS.H
* *
* VERSION: 1.201 * VERSION: 1.205
* *
* DATE: 17 Aug 2022 * DATE: 15 Feb 2023
* *
* Common header file for the ntos API functions and definitions. * Common header file for the ntos API functions and definitions.
* *
@ -14490,6 +14490,53 @@ NtSystemDebugControl(
_In_ ULONG OutputBufferLength, _In_ ULONG OutputBufferLength,
_Out_opt_ PULONG ReturnLength); _Out_opt_ PULONG ReturnLength);
/************************************************************************************
*
* HardError API.
*
************************************************************************************/
#ifndef HARDERROR_OVERRIDE_ERRORMODE
#define HARDERROR_OVERRIDE_ERRORMODE 0x10000000
#endif
typedef enum _HARDERROR_RESPONSE_OPTION {
OptionAbortRetryIgnore,
OptionOk,
OptionOkCancel,
OptionRetryCancel,
OptionYesNo,
OptionYesNoCancel,
OptionShutdownSystem,
OptionOkNoWait,
OptionCancelTryContinue
} HARDERROR_RESPONSE_OPTION;
typedef enum _HARDERROR_RESPONSE {
ResponseReturnToCaller,
ResponseNotHandled,
ResponseAbort,
ResponseCancel,
ResponseIgnore,
ResponseNo,
ResponseOk,
ResponseRetry,
ResponseYes,
ResponseTryAgain,
ResponseContinue
} HARDERROR_RESPONSE;
NTSYSCALLAPI
NTSTATUS
NTAPI
NtRaiseHardError(
_In_ NTSTATUS ErrorStatus,
_In_ ULONG NumberOfParameters,
_In_ ULONG UnicodeStringParameterMask,
_In_reads_(NumberOfParameters) PULONG_PTR Parameters,
_In_ ULONG ValidResponseOptions,
_Out_ PULONG Response);
/************************************************************************************ /************************************************************************************
* *
* Application Verifier API and definitions. * Application Verifier API and definitions.

9
UACME.sha256
View File

@ -24,8 +24,8 @@ c90cec4c10cde815fd286d83601b4cd3738097e8e0b2e592dc28c1325c12918d *Source\Akagi\r
b289e30ce698eb0402babc2788ac7022b6a7db161296182e0e13fd021a3bee03 *Source\Akagi\Resource.rc b289e30ce698eb0402babc2788ac7022b6a7db161296182e0e13fd021a3bee03 *Source\Akagi\Resource.rc
7be72ada31cc042e7dea712308f59235516a6ae1d434b24645cd4726a12b5d64 *Source\Akagi\stub.c 7be72ada31cc042e7dea712308f59235516a6ae1d434b24645cd4726a12b5d64 *Source\Akagi\stub.c
b1b79e79880d60412e41d43b5e9ef936fdb3e66ad85e47fc0e1261ed07322d06 *Source\Akagi\stub.h b1b79e79880d60412e41d43b5e9ef936fdb3e66ad85e47fc0e1261ed07322d06 *Source\Akagi\stub.h
95fba77cb776a76a952de3b32dd3cf3fa6c396db5734f8b56799b8cc23ae3463 *Source\Akagi\sup.c 46d3b09bd585bf87f555b3c4249e586b267839319fee1b37026062fe0d9f23a1 *Source\Akagi\sup.c
0a8f87da972b812ba917fa5a172aebf5a9acdd7b8ee8e7fda3616f4eba7a4d20 *Source\Akagi\sup.h 695f6fc13c134fb9506720ff19b403a4cbeab39888c7eaaebc1adc51ed23881a *Source\Akagi\sup.h
e6b96e43c3a1a8de682f16086ea8639cfe4649092fc2f47e26fb5baa42a70caf *Source\Akagi\uacme.vcxproj e6b96e43c3a1a8de682f16086ea8639cfe4649092fc2f47e26fb5baa42a70caf *Source\Akagi\uacme.vcxproj
fa20d8ff56109734866c6baed5d8be316d4d24a5dbf074e0e90d7e458978de1c *Source\Akagi\uacme.vcxproj.filters fa20d8ff56109734866c6baed5d8be316d4d24a5dbf074e0e90d7e458978de1c *Source\Akagi\uacme.vcxproj.filters
6fd24772137188fc9afd29563f97b1a0255e6c79a8d23e1c7c164151bc9993da *Source\Akagi\uacme.vcxproj.user 6fd24772137188fc9afd29563f97b1a0255e6c79a8d23e1c7c164151bc9993da *Source\Akagi\uacme.vcxproj.user
@ -50,7 +50,7 @@ cb1bf87f2976eb49c5560b16a69c742b39706c48314bcc0bdeeaf545910bd380 *Source\Akagi\m
2e64396f0b5cc2f6e59f5d329ffbb1ef0e6dd5e0547bd6fff5567f72cca6ace9 *Source\Akagi\methods\elvint.h 2e64396f0b5cc2f6e59f5d329ffbb1ef0e6dd5e0547bd6fff5567f72cca6ace9 *Source\Akagi\methods\elvint.h
49d94561eee009acc25c36857bb0260dd8d8a38e6cdf0286a49463d90724b9b1 *Source\Akagi\methods\hakril.c 49d94561eee009acc25c36857bb0260dd8d8a38e6cdf0286a49463d90724b9b1 *Source\Akagi\methods\hakril.c
5c96d6754fab5329173536f2a4b29997c1661927f28b9ddcb091e4652e0bb014 *Source\Akagi\methods\hybrids.c 5c96d6754fab5329173536f2a4b29997c1661927f28b9ddcb091e4652e0bb014 *Source\Akagi\methods\hybrids.c
b2facd987d8573b1bcb25fb72309f64272610d3a159f20f9356399f886a91d5f *Source\Akagi\methods\methods.c 23af06a7987966a7e51336b3cdd33b411fa05778ec14179a50a60fa0f6aee1af *Source\Akagi\methods\methods.c
44c2e8c3e25b9d75d319a256eaaca3d195d789209a6491795696b5e33b142513 *Source\Akagi\methods\methods.h 44c2e8c3e25b9d75d319a256eaaca3d195d789209a6491795696b5e33b142513 *Source\Akagi\methods\methods.h
bbcd54496dca975abf6089526023446984238d464e2df7485230b76072ff2ea1 *Source\Akagi\methods\rinn.c bbcd54496dca975abf6089526023446984238d464e2df7485230b76072ff2ea1 *Source\Akagi\methods\rinn.c
8d41849fa260b5a4a6a05db8312b60b3f6f2b5efe4f4d4fdd05c70701c7aabed *Source\Akagi\methods\routines.h 8d41849fa260b5a4a6a05db8312b60b3f6f2b5efe4f4d4fdd05c70701c7aabed *Source\Akagi\methods\routines.h
@ -91,7 +91,6 @@ f0b8b0d1d5b85c4324c8cbb21d94dd8db69fd21bb5e37491bbd6aa2297fa0fc7 *Source\Fubuki\
785ca1f83eab4185774f140b74d30823a69dec01ca06ccba4bfd8d1ddd3255d9 *Source\Fubuki\resource.h 785ca1f83eab4185774f140b74d30823a69dec01ca06ccba4bfd8d1ddd3255d9 *Source\Fubuki\resource.h
4aa24c1115cc3ed71027f760c7564357c162a09de58d75b5e9037cd869fb2a8a *Source\Fubuki\uihacks.c 4aa24c1115cc3ed71027f760c7564357c162a09de58d75b5e9037cd869fb2a8a *Source\Fubuki\uihacks.c
73e735426c5fab97a7289a7a57bc8bb21bce7b2b1995ae076c41027780ed88c9 *Source\Fubuki\uihacks.h 73e735426c5fab97a7289a7a57bc8bb21bce7b2b1995ae076c41027780ed88c9 *Source\Fubuki\uihacks.h
148c6e77a257d2362eea4cee8864afa1aff400de2f4d46bffbd679410c8a1a75 *Source\Fubuki\version.aps
835798995e6df38e12ef18fdcfda6dd1bb8fdffb567a03da46ed1ab7b66a0194 *Source\Fubuki\version.rc 835798995e6df38e12ef18fdcfda6dd1bb8fdffb567a03da46ed1ab7b66a0194 *Source\Fubuki\version.rc
b419f6b7b8d24dc61e7473092a8326720ef54e1f65cc185da0c6e080c9debb94 *Source\Fubuki\winmm.h b419f6b7b8d24dc61e7473092a8326720ef54e1f65cc185da0c6e080c9debb94 *Source\Fubuki\winmm.h
f66280e29c2116d4b83f2c6899d8caf432f7a4d1ccc4e4cf4e72b05d0fbd1f25 *Source\Kamikaze\Kamikaze.msc f66280e29c2116d4b83f2c6899d8caf432f7a4d1ccc4e4cf4e72b05d0fbd1f25 *Source\Kamikaze\Kamikaze.msc
@ -137,7 +136,7 @@ e99aa4997bda14b534c614c3d8cb78a72c4aca91a1212c8b03ec605d1d75e36e *Source\Shared\
f8e6a0be357726bee35c7247b57408b54bb38d94e8324a6bb84b91c462b2be30 *Source\Shared\hde\pstdint.h f8e6a0be357726bee35c7247b57408b54bb38d94e8324a6bb84b91c462b2be30 *Source\Shared\hde\pstdint.h
b774446d2f110ce954fb0a710f4693c5562ddbd8d56fe84106f2ee80db8b50a2 *Source\Shared\hde\table64.h b774446d2f110ce954fb0a710f4693c5562ddbd8d56fe84106f2ee80db8b50a2 *Source\Shared\hde\table64.h
b8b228021a6f3ae2c364a433db66617b93e8e38fbfb0de5235d2b1b3c6612892 *Source\Shared\ntos\ntbuilds.h b8b228021a6f3ae2c364a433db66617b93e8e38fbfb0de5235d2b1b3c6612892 *Source\Shared\ntos\ntbuilds.h
0078fbdb03efa638ecf840f776afd4fc4f69e0e96c6bd48363a51350f4321266 *Source\Shared\ntos\ntos.h 420142163bee49efebc2fc99d7118e6e8e3f167c384113d46bc5bb7438db727e *Source\Shared\ntos\ntos.h
b61eb9474f593e61a241495f6c06c6c3c1afe03d45b1b23af33075ecc02f4ad1 *Source\Shared\ntos\ntsxs.h b61eb9474f593e61a241495f6c06c6c3c1afe03d45b1b23af33075ecc02f4ad1 *Source\Shared\ntos\ntsxs.h
fa0df73ca48d6e73c1e57b6630d09ec86f04f9a1f8cfaec88d7938b2d97403ef *Source\Yuubari\appinfo.c fa0df73ca48d6e73c1e57b6630d09ec86f04f9a1f8cfaec88d7938b2d97403ef *Source\Yuubari\appinfo.c
82928d0a1d3263a9676b6587feba86e1716c1a2c20294c6c2210d4557975ff69 *Source\Yuubari\appinfo.h 82928d0a1d3263a9676b6587feba86e1716c1a2c20294c6c2210d4557975ff69 *Source\Yuubari\appinfo.h