mirror of https://github.com/hfiref0x/UACME.git
239 lines
5.5 KiB
C
239 lines
5.5 KiB
C
/*******************************************************************************
|
|
*
|
|
* (C) COPYRIGHT AUTHORS, 2014 - 2018
|
|
*
|
|
* TITLE: SUP.H
|
|
*
|
|
* VERSION: 2.88
|
|
*
|
|
* DATE: 11 May 2018
|
|
*
|
|
* Common header file for the program support routines.
|
|
*
|
|
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
|
|
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
|
|
* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
|
|
* PARTICULAR PURPOSE.
|
|
*
|
|
*******************************************************************************/
|
|
#pragma once
|
|
|
|
typedef BOOL(CALLBACK *UCM_FIND_FILE_CALLBACK)(
|
|
WIN32_FIND_DATA *fdata,
|
|
LPWSTR lpDirectory);
|
|
|
|
typedef struct _SXS_SEARCH_CONTEXT {
|
|
LPWSTR DllName;
|
|
LPWSTR PartialPath;
|
|
LPWSTR FullDllPath;
|
|
} SXS_SEARCH_CONTEXT, *PSXS_SEARCH_CONTEXT;
|
|
|
|
//ntifs.h
|
|
typedef struct _REPARSE_DATA_BUFFER {
|
|
ULONG ReparseTag;
|
|
USHORT ReparseDataLength;
|
|
USHORT Reserved;
|
|
union {
|
|
struct {
|
|
USHORT SubstituteNameOffset;
|
|
USHORT SubstituteNameLength;
|
|
USHORT PrintNameOffset;
|
|
USHORT PrintNameLength;
|
|
ULONG Flags;
|
|
WCHAR PathBuffer[1];
|
|
} SymbolicLinkReparseBuffer;
|
|
struct {
|
|
USHORT SubstituteNameOffset;
|
|
USHORT SubstituteNameLength;
|
|
USHORT PrintNameOffset;
|
|
USHORT PrintNameLength;
|
|
WCHAR PathBuffer[1];
|
|
} MountPointReparseBuffer;
|
|
struct {
|
|
UCHAR DataBuffer[1];
|
|
} GenericReparseBuffer;
|
|
} DUMMYUNIONNAME;
|
|
} REPARSE_DATA_BUFFER, *PREPARSE_DATA_BUFFER;
|
|
|
|
#define REPARSE_DATA_BUFFER_HEADER_LENGTH FIELD_OFFSET(REPARSE_DATA_BUFFER, GenericReparseBuffer.DataBuffer)
|
|
|
|
BOOLEAN supIsProcess32bit(
|
|
_In_ HANDLE hProcess);
|
|
|
|
BOOL supGetElevationType(
|
|
_Out_ TOKEN_ELEVATION_TYPE *lpType);
|
|
|
|
HANDLE supGetExplorerHandle(
|
|
VOID);
|
|
|
|
BOOL supWriteBufferToFile(
|
|
_In_ LPWSTR lpFileName,
|
|
_In_ PVOID Buffer,
|
|
_In_ DWORD BufferSize);
|
|
|
|
PBYTE supReadFileToBuffer(
|
|
_In_ LPWSTR lpFileName,
|
|
_Inout_opt_ LPDWORD lpBufferSize);
|
|
|
|
BOOL supRunProcess2(
|
|
_In_ LPWSTR lpszProcessName,
|
|
_In_opt_ LPWSTR lpszParameters,
|
|
_In_opt_ LPWSTR lpVerb,
|
|
_In_ BOOL fWait);
|
|
|
|
BOOL supRunProcess(
|
|
_In_ LPWSTR lpszProcessName,
|
|
_In_opt_ LPWSTR lpszParameters);
|
|
|
|
HANDLE NTAPI supRunProcessEx(
|
|
_In_ LPWSTR lpszParameters,
|
|
_In_opt_ LPWSTR lpCurrentDirectory,
|
|
_Out_opt_ HANDLE *PrimaryThread,
|
|
_Inout_opt_ LPWSTR lpApplicationName);
|
|
|
|
void supCopyMemory(
|
|
_Inout_ void *dest,
|
|
_In_ size_t cbdest,
|
|
_In_ const void *src,
|
|
_In_ size_t cbsrc);
|
|
|
|
DWORD supQueryEntryPointRVA(
|
|
_In_ LPWSTR lpImageFile);
|
|
|
|
LPWSTR supQueryEnvironmentVariableOffset(
|
|
_In_ PUNICODE_STRING Value);
|
|
|
|
BOOL supSetParameter(
|
|
_In_ LPWSTR lpParameter,
|
|
_In_ DWORD cbParameter);
|
|
|
|
BOOL supSaveAkagiParameters(
|
|
VOID);
|
|
|
|
DWORD supCalculateCheckSumForMappedFile(
|
|
_In_ PVOID BaseAddress,
|
|
_In_ ULONG FileLength);
|
|
|
|
BOOLEAN supVerifyMappedImageMatchesChecksum(
|
|
_In_ PVOID BaseAddress,
|
|
_In_ ULONG FileLength);
|
|
|
|
BOOLEAN supSetCheckSumForMappedFile(
|
|
_In_ PVOID BaseAddress,
|
|
_In_ ULONG CheckSum);
|
|
|
|
VOID ucmShowMessage(
|
|
_In_ LPWSTR lpszMsg);
|
|
|
|
INT ucmShowQuestion(
|
|
_In_ LPWSTR lpszMsg);
|
|
|
|
PBYTE supLdrQueryResourceData(
|
|
_In_ ULONG_PTR ResourceId,
|
|
_In_ PVOID DllHandle,
|
|
_In_ PULONG DataSize);
|
|
|
|
VOID supMasqueradeProcess(
|
|
VOID);
|
|
|
|
DWORD supExpandEnvironmentStrings(
|
|
_In_ LPCWSTR lpSrc,
|
|
_In_ LPWSTR lpDst,
|
|
_In_ DWORD nSize);
|
|
|
|
VOID NTAPI sxsFindDllCallback(
|
|
_In_ PCLDR_DATA_TABLE_ENTRY DataTableEntry,
|
|
_In_ PVOID Context,
|
|
_Inout_ BOOLEAN *StopEnumeration);
|
|
|
|
PVOID supFindPattern(
|
|
_In_ CONST PBYTE Buffer,
|
|
_In_ SIZE_T BufferSize,
|
|
_In_ CONST PBYTE Pattern,
|
|
_In_ SIZE_T PatternSize);
|
|
|
|
PVOID supNativeGetProcAddress(
|
|
_In_ WCHAR *Module,
|
|
_In_ CHAR *Routine);
|
|
|
|
VOID supDebugPrint(
|
|
_In_ LPWSTR ApiName,
|
|
_In_ DWORD status);
|
|
|
|
PVOID FORCEINLINE supHeapAlloc(
|
|
_In_ SIZE_T Size);
|
|
|
|
BOOL FORCEINLINE supHeapFree(
|
|
_In_ PVOID Memory);
|
|
|
|
BOOL supDeleteKeyRecursive(
|
|
_In_ HKEY hKeyRoot,
|
|
_In_ LPWSTR lpSubKey);
|
|
|
|
BOOL supSetEnvVariable(
|
|
_In_ BOOL fRemove,
|
|
_In_opt_ LPWSTR lpKeyName,
|
|
_In_ LPWSTR lpVariableName,
|
|
_In_opt_ LPWSTR lpVariableData);
|
|
|
|
BOOL supSetMountPoint(
|
|
_In_ HANDLE hDirectory,
|
|
_In_ LPWSTR lpTarget,
|
|
_In_ LPWSTR lpPrintName);
|
|
|
|
BOOL supDeleteMountPoint(
|
|
_In_ HANDLE hDirectory);
|
|
|
|
BOOL supDeleteSymlink(
|
|
_In_ HANDLE hDirectory);
|
|
|
|
BOOL supSetSymlink(
|
|
_In_ HANDLE hDirectory,
|
|
_In_ LPWSTR lpTarget,
|
|
_In_ LPWSTR lpPrintName);
|
|
|
|
HANDLE supOpenDirectoryForReparse(
|
|
_In_ LPWSTR lpDirectory);
|
|
|
|
BOOL supSetupIPCLinkData(
|
|
VOID);
|
|
|
|
BOOL supWinstationToName(
|
|
_In_opt_ HWINSTA hWinsta,
|
|
_In_ LPWSTR lpBuffer,
|
|
_In_ DWORD cbBuffer,
|
|
_Out_ PDWORD BytesNeeded);
|
|
|
|
BOOL supDesktopToName(
|
|
_In_opt_ HDESK hDesktop,
|
|
_In_ LPWSTR lpBuffer,
|
|
_In_ DWORD cbBuffer,
|
|
_Out_ PDWORD BytesNeeded);
|
|
|
|
BOOL supQueryNtBuildNumber(
|
|
_Inout_ PULONG BuildNumber);
|
|
|
|
BOOL supConvertDllToExeSetNewEP(
|
|
_In_ PVOID pvImage,
|
|
_In_ ULONG dwImageSize,
|
|
_In_ LPSTR lpszEntryPoint);
|
|
|
|
NTSTATUS supRegReadValue(
|
|
_In_ HANDLE hKey,
|
|
_In_ LPWSTR ValueName,
|
|
_In_ DWORD ValueType,
|
|
_Out_ PVOID *Buffer,
|
|
_Out_ ULONG *BufferSize,
|
|
_In_opt_ HANDLE hHeap);
|
|
|
|
BOOL supQuerySystemRoot(
|
|
VOID);
|
|
|
|
PVOID supGetSystemInfo(
|
|
_In_ SYSTEM_INFORMATION_CLASS InfoClass);
|
|
|
|
BOOL supIsCorImageFile(
|
|
PVOID ImageBase);
|
|
|
|
#define PathFileExists(lpszPath) (GetFileAttributes(lpszPath) != (DWORD)-1)
|