v 3.6.4

More gracefully revert

Source/Akagi/methods/methods.c

@@ -6,7 +6,7 @@
 *
 *  VERSION:     3.64
 *
-*  DATE:        04 Feb 2023
+*  DATE:        15 Feb 2023
 *
 *  UAC bypass dispatch.
 *
@@ -319,15 +319,26 @@ NTSTATUS MethodsManagerCall(
 
     if (Entry->PayloadResourceId != PAYLOAD_ID_NONE) {
 
-        Resource = supLdrQueryResourceData(
+        Status = supLdrQueryResourceDataEx(
             Entry->PayloadResourceId,
             ImageBaseAddress,
-            &DataSize);
+            &DataSize,
+            &Resource);
 
-        if (Resource) {
-            PayloadCode = g_ctx->DecompressRoutine(Entry->PayloadResourceId, Resource, DataSize, &PayloadSize);
+        if (!NT_SUCCESS(Status)) {
+
+            if (Status == STATUS_RESOURCE_TYPE_NOT_FOUND)
+                return STATUS_INVALID_IMAGE_FORMAT;
+
+            return Status;
         }
 
+        if (DataSize == 0 || Resource == NULL) {
+            return STATUS_INVALID_IMAGE_FORMAT;
+        }
+
+        PayloadCode = g_ctx->DecompressRoutine(Entry->PayloadResourceId, Resource, DataSize, &PayloadSize);
+
         if ((PayloadCode == NULL) || (PayloadSize == 0)) {
             return STATUS_DATA_ERROR;
         }

Source/Akagi/sup.c

@@ -1,12 +1,12 @@
 /*******************************************************************************
 *
-*  (C) COPYRIGHT AUTHORS, 2015 - 2022
+*  (C) COPYRIGHT AUTHORS, 2015 - 2023
 *
 *  TITLE:       SUP.C
 *
-*  VERSION:     3.63
+*  VERSION:     3.64
 *
-*  DATE:        16 Jul 2022
+*  DATE:        15 Feb 2023
 *
 * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
 * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@@ -912,6 +912,49 @@ BOOLEAN supSetCheckSumForMappedFile(
     return FALSE;
 }
 
+/*
+* supLdrQueryResourceDataEx
+*
+* Purpose:
+*
+* Load resource by given id (win32 FindResource, SizeofResource, LockResource).
+*
+*/
+NTSTATUS supLdrQueryResourceDataEx(
+    _In_ ULONG_PTR ResourceId,
+    _In_ PVOID DllHandle,
+    _Out_ PULONG DataSize,
+    _Out_ PVOID* Data
+)
+{
+    NTSTATUS                   status;
+    ULONG_PTR                  IdPath[3];
+    IMAGE_RESOURCE_DATA_ENTRY* DataEntry;
+    ULONG                      SizeOfData = 0;
+
+    *DataSize = 0;
+
+    if (DllHandle == NULL) {
+        return STATUS_INVALID_PARAMETER_2;
+    }
+
+    IdPath[0] = (ULONG_PTR)RT_RCDATA; //type
+    IdPath[1] = ResourceId;           //id
+    IdPath[2] = 0;                    //lang
+
+    status = LdrFindResource_U(DllHandle, (ULONG_PTR*)&IdPath, 3, &DataEntry);
+    if (NT_SUCCESS(status)) {
+        status = LdrAccessResource(DllHandle, DataEntry, Data, &SizeOfData);
+        if (NT_SUCCESS(status)) {
+            if (DataSize) {
+                *DataSize = SizeOfData;
+            }
+        }
+    }
+
+    return status;
+}
+
 /*
 * supLdrQueryResourceData
 *
@@ -923,32 +966,21 @@ BOOLEAN supSetCheckSumForMappedFile(
 PBYTE supLdrQueryResourceData(
     _In_ ULONG_PTR ResourceId,
     _In_ PVOID DllHandle,
-    _In_ PULONG DataSize
+    _Out_ PULONG DataSize
 )
 {
     NTSTATUS status;
-    ULONG_PTR                  IdPath[3];
-    IMAGE_RESOURCE_DATA_ENTRY* DataEntry;
     PBYTE Data = NULL;
-    ULONG                      SizeOfData = 0;
 
-    if (DllHandle != NULL) {
+    status = supLdrQueryResourceDataEx(ResourceId,
+        DllHandle,
+        DataSize,
+        &Data);
 
-        IdPath[0] = (ULONG_PTR)RT_RCDATA; //type
-        IdPath[1] = ResourceId;           //id
-        IdPath[2] = 0;                    //lang
-
-        status = LdrFindResource_U(DllHandle, (ULONG_PTR*)&IdPath, 3, &DataEntry);
-        if (NT_SUCCESS(status)) {
-            status = LdrAccessResource(DllHandle, DataEntry, (PVOID*)&Data, &SizeOfData);
-            if (NT_SUCCESS(status)) {
-                if (DataSize) {
-                    *DataSize = SizeOfData;
-                }
-            }
-        }
-    }
+    if (NT_SUCCESS(status))
         return Data;
+
+    return NULL;
 }
 
 /*
@@ -4218,3 +4250,52 @@ ULONG supWaitForChildProcesses(
 
     return dwCurrentWait;
 }
+
+/*
+* supRaiseHardError
+*
+* Purpose:
+*
+* Display UACMe hard error.
+*
+*/
+VOID supRaiseHardError(
+    _In_ NTSTATUS HardErrorStatus
+)
+{
+    ULONG dwFlags;
+    HMODULE hModule = NULL;
+    WCHAR errorBuffer[1024];
+
+    UNICODE_STRING usText;
+    ULONG_PTR params[] = { (ULONG_PTR)&usText };
+    HARDERROR_RESPONSE heResponse;
+
+    if (HRESULT_FACILITY(HardErrorStatus) == FACILITY_WIN32) {
+        dwFlags = FORMAT_MESSAGE_IGNORE_INSERTS | FORMAT_MESSAGE_FROM_SYSTEM;
+    }
+    else {
+        dwFlags = FORMAT_MESSAGE_IGNORE_INSERTS | FORMAT_MESSAGE_FROM_HMODULE;
+        hModule = GetModuleHandle(RtlNtdllName);
+    }
+
+    errorBuffer[0] = 0;
+
+    if (FormatMessage(dwFlags,
+        hModule,
+        HardErrorStatus,
+        0,
+        errorBuffer,
+        RTL_NUMBER_OF(errorBuffer),
+        NULL))
+    {
+        RtlInitUnicodeString(&usText, errorBuffer);
+
+        NtRaiseHardError(STATUS_FATAL_APP_EXIT | HARDERROR_OVERRIDE_ERRORMODE,
+            RTL_NUMBER_OF(params),
+            1,
+            (PULONG_PTR)params,
+            OptionOk,
+            (PULONG)&heResponse);
+    }
+}

Source/Akagi/sup.h

@@ -1,12 +1,12 @@
 /*******************************************************************************
 *
-*  (C) COPYRIGHT AUTHORS, 2014 - 2022
+*  (C) COPYRIGHT AUTHORS, 2014 - 2023
 *
 *  TITLE:       SUP.H
 *
-*  VERSION:     3.63
+*  VERSION:     3.64
 *
-*  DATE:        16 Jul 2022
+*  DATE:        15 Feb 2023
 *
 *  Common header file for the program support routines.
 *
@@ -186,10 +186,16 @@ BOOLEAN supSetCheckSumForMappedFile(
     _In_ PVOID BaseAddress,
     _In_ ULONG CheckSum);
 
+NTSTATUS supLdrQueryResourceDataEx(
+    _In_ ULONG_PTR ResourceId,
+    _In_ PVOID DllHandle,
+    _Out_ PULONG DataSize,
+    _Out_ PVOID* Data);
+
 PBYTE supLdrQueryResourceData(
     _In_ ULONG_PTR ResourceId,
     _In_ PVOID DllHandle,
-    _In_ PULONG DataSize);
+    _Out_ PULONG DataSize);
 
 VOID supMasqueradeProcess(
     _In_ BOOL Restore);
@@ -467,6 +473,9 @@ ULONG supWaitForChildProcesses(
     _In_ LPCWSTR lpProcessName,
     _In_ DWORD dwWaitMiliseconds);
 
+VOID supRaiseHardError(
+    _In_ NTSTATUS HardErrorStatus);
+
 #ifdef _DEBUG
 #define supDbgMsg(Message)  OutputDebugString(Message)
 #else

Source/Shared/ntos/ntos.h

@@ -1,13 +1,13 @@
 /************************************************************************************
 *
-*  (C) COPYRIGHT AUTHORS, 2015 - 2022 
+*  (C) COPYRIGHT AUTHORS, 2015 - 2023 
 *  Translated from Microsoft sources/debugger or mentioned elsewhere.
 *
 *  TITLE:       NTOS.H
 *
-*  VERSION:     1.201
+*  VERSION:     1.205
 *
-*  DATE:        17 Aug 2022
+*  DATE:        15 Feb 2023
 *
 *  Common header file for the ntos API functions and definitions.
 *
@@ -14490,6 +14490,53 @@ NtSystemDebugControl(
     _In_ ULONG OutputBufferLength,
     _Out_opt_ PULONG ReturnLength);
 
+/************************************************************************************
+*
+* HardError API.
+*
+************************************************************************************/
+
+#ifndef HARDERROR_OVERRIDE_ERRORMODE
+#define HARDERROR_OVERRIDE_ERRORMODE 0x10000000
+#endif
+
+typedef enum _HARDERROR_RESPONSE_OPTION {
+    OptionAbortRetryIgnore,
+    OptionOk,
+    OptionOkCancel,
+    OptionRetryCancel,
+    OptionYesNo,
+    OptionYesNoCancel,
+    OptionShutdownSystem,
+    OptionOkNoWait,
+    OptionCancelTryContinue
+} HARDERROR_RESPONSE_OPTION;
+
+typedef enum _HARDERROR_RESPONSE {
+    ResponseReturnToCaller,
+    ResponseNotHandled,
+    ResponseAbort,
+    ResponseCancel,
+    ResponseIgnore,
+    ResponseNo,
+    ResponseOk,
+    ResponseRetry,
+    ResponseYes,
+    ResponseTryAgain,
+    ResponseContinue
+} HARDERROR_RESPONSE;
+
+NTSYSCALLAPI
+NTSTATUS
+NTAPI
+NtRaiseHardError(
+    _In_ NTSTATUS ErrorStatus,
+    _In_ ULONG NumberOfParameters,
+    _In_ ULONG UnicodeStringParameterMask,
+    _In_reads_(NumberOfParameters) PULONG_PTR Parameters,
+    _In_ ULONG ValidResponseOptions,
+    _Out_ PULONG Response);
+
 /************************************************************************************
 *
 * Application Verifier API and definitions.

UACME.sha256

@@ -24,8 +24,8 @@ c90cec4c10cde815fd286d83601b4cd3738097e8e0b2e592dc28c1325c12918d *Source\Akagi\r
 b289e30ce698eb0402babc2788ac7022b6a7db161296182e0e13fd021a3bee03 *Source\Akagi\Resource.rc
 7be72ada31cc042e7dea712308f59235516a6ae1d434b24645cd4726a12b5d64 *Source\Akagi\stub.c
 b1b79e79880d60412e41d43b5e9ef936fdb3e66ad85e47fc0e1261ed07322d06 *Source\Akagi\stub.h
-95fba77cb776a76a952de3b32dd3cf3fa6c396db5734f8b56799b8cc23ae3463 *Source\Akagi\sup.c
-0a8f87da972b812ba917fa5a172aebf5a9acdd7b8ee8e7fda3616f4eba7a4d20 *Source\Akagi\sup.h
+46d3b09bd585bf87f555b3c4249e586b267839319fee1b37026062fe0d9f23a1 *Source\Akagi\sup.c
+695f6fc13c134fb9506720ff19b403a4cbeab39888c7eaaebc1adc51ed23881a *Source\Akagi\sup.h
 e6b96e43c3a1a8de682f16086ea8639cfe4649092fc2f47e26fb5baa42a70caf *Source\Akagi\uacme.vcxproj
 fa20d8ff56109734866c6baed5d8be316d4d24a5dbf074e0e90d7e458978de1c *Source\Akagi\uacme.vcxproj.filters
 6fd24772137188fc9afd29563f97b1a0255e6c79a8d23e1c7c164151bc9993da *Source\Akagi\uacme.vcxproj.user
@@ -50,7 +50,7 @@ cb1bf87f2976eb49c5560b16a69c742b39706c48314bcc0bdeeaf545910bd380 *Source\Akagi\m
 2e64396f0b5cc2f6e59f5d329ffbb1ef0e6dd5e0547bd6fff5567f72cca6ace9 *Source\Akagi\methods\elvint.h
 49d94561eee009acc25c36857bb0260dd8d8a38e6cdf0286a49463d90724b9b1 *Source\Akagi\methods\hakril.c
 5c96d6754fab5329173536f2a4b29997c1661927f28b9ddcb091e4652e0bb014 *Source\Akagi\methods\hybrids.c
-b2facd987d8573b1bcb25fb72309f64272610d3a159f20f9356399f886a91d5f *Source\Akagi\methods\methods.c
+23af06a7987966a7e51336b3cdd33b411fa05778ec14179a50a60fa0f6aee1af *Source\Akagi\methods\methods.c
 44c2e8c3e25b9d75d319a256eaaca3d195d789209a6491795696b5e33b142513 *Source\Akagi\methods\methods.h
 bbcd54496dca975abf6089526023446984238d464e2df7485230b76072ff2ea1 *Source\Akagi\methods\rinn.c
 8d41849fa260b5a4a6a05db8312b60b3f6f2b5efe4f4d4fdd05c70701c7aabed *Source\Akagi\methods\routines.h
@@ -91,7 +91,6 @@ f0b8b0d1d5b85c4324c8cbb21d94dd8db69fd21bb5e37491bbd6aa2297fa0fc7 *Source\Fubuki\
 785ca1f83eab4185774f140b74d30823a69dec01ca06ccba4bfd8d1ddd3255d9 *Source\Fubuki\resource.h
 4aa24c1115cc3ed71027f760c7564357c162a09de58d75b5e9037cd869fb2a8a *Source\Fubuki\uihacks.c
 73e735426c5fab97a7289a7a57bc8bb21bce7b2b1995ae076c41027780ed88c9 *Source\Fubuki\uihacks.h
-148c6e77a257d2362eea4cee8864afa1aff400de2f4d46bffbd679410c8a1a75 *Source\Fubuki\version.aps
 835798995e6df38e12ef18fdcfda6dd1bb8fdffb567a03da46ed1ab7b66a0194 *Source\Fubuki\version.rc
 b419f6b7b8d24dc61e7473092a8326720ef54e1f65cc185da0c6e080c9debb94 *Source\Fubuki\winmm.h
 f66280e29c2116d4b83f2c6899d8caf432f7a4d1ccc4e4cf4e72b05d0fbd1f25 *Source\Kamikaze\Kamikaze.msc
@@ -137,7 +136,7 @@ e99aa4997bda14b534c614c3d8cb78a72c4aca91a1212c8b03ec605d1d75e36e *Source\Shared\
 f8e6a0be357726bee35c7247b57408b54bb38d94e8324a6bb84b91c462b2be30 *Source\Shared\hde\pstdint.h
 b774446d2f110ce954fb0a710f4693c5562ddbd8d56fe84106f2ee80db8b50a2 *Source\Shared\hde\table64.h
 b8b228021a6f3ae2c364a433db66617b93e8e38fbfb0de5235d2b1b3c6612892 *Source\Shared\ntos\ntbuilds.h
-0078fbdb03efa638ecf840f776afd4fc4f69e0e96c6bd48363a51350f4321266 *Source\Shared\ntos\ntos.h
+420142163bee49efebc2fc99d7118e6e8e3f167c384113d46bc5bb7438db727e *Source\Shared\ntos\ntos.h
 b61eb9474f593e61a241495f6c06c6c3c1afe03d45b1b23af33075ecc02f4ad1 *Source\Shared\ntos\ntsxs.h
 fa0df73ca48d6e73c1e57b6630d09ec86f04f9a1f8cfaec88d7938b2d97403ef *Source\Yuubari\appinfo.c
 82928d0a1d3263a9676b6587feba86e1716c1a2c20294c6c2210d4557975ff69 *Source\Yuubari\appinfo.h