mirror of https://github.com/hfiref0x/UACME.git
111 lines
3.2 KiB
C
111 lines
3.2 KiB
C
/*******************************************************************************
|
|
*
|
|
* (C) COPYRIGHT AUTHORS, 2015 - 2017
|
|
*
|
|
* TITLE: SIREFEF.H
|
|
*
|
|
* VERSION: 2.71
|
|
*
|
|
* DATE: 19 Apr 2017
|
|
*
|
|
* Prototypes and definitions for Sirefef/ZeroAccess method.
|
|
*
|
|
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
|
|
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
|
|
* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
|
|
* PARTICULAR PURPOSE.
|
|
*
|
|
*******************************************************************************/
|
|
#pragma once
|
|
|
|
typedef BOOL(NTAPI *pfnSfCopyFileElevated)(
|
|
LPWSTR SourceFileName,
|
|
LPWSTR DestinationDir);
|
|
|
|
typedef BOOL(NTAPI *pfnCopyFileW)(
|
|
_In_ LPCWSTR lpExistingFileName,
|
|
_In_ LPCWSTR lpNewFileName,
|
|
_In_ BOOL bFailIfExists);
|
|
|
|
typedef NTSTATUS(NTAPI *pfnNtAllocateVirtualMemory)(
|
|
_In_ HANDLE ProcessHandle,
|
|
_Inout_ PVOID *BaseAddress,
|
|
_In_ ULONG_PTR ZeroBits,
|
|
_Inout_ PSIZE_T RegionSize,
|
|
_In_ ULONG AllocationType,
|
|
_In_ ULONG Protect);
|
|
|
|
typedef NTSTATUS(NTAPI *pfnNtTerminateProcess)(
|
|
_In_opt_ HANDLE ProcessHandle,
|
|
_In_ NTSTATUS ExitStatus);
|
|
|
|
typedef NTSTATUS(NTAPI *pfnNtClose)(
|
|
_In_ HANDLE Handle);
|
|
|
|
typedef HANDLE(NTAPI *pfnCreateRemoteThread)(
|
|
_In_ HANDLE hProcess,
|
|
_In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes,
|
|
_In_ SIZE_T dwStackSize,
|
|
_In_ LPTHREAD_START_ROUTINE lpStartAddress,
|
|
_In_opt_ LPVOID lpParameter,
|
|
_In_ DWORD dwCreationFlags,
|
|
_Out_opt_ LPDWORD lpThreadId);
|
|
|
|
#pragma warning(suppress: 28301)
|
|
typedef DWORD(WINAPI *pfnWaitForSingleObject)(
|
|
_In_ HANDLE hHandle,
|
|
_In_ DWORD dwMilliseconds);
|
|
|
|
typedef BOOL(WINAPI *pfnCreateProcessW)(
|
|
_In_opt_ LPCWSTR lpApplicationName,
|
|
_Inout_opt_ LPWSTR lpCommandLine,
|
|
_In_opt_ LPSECURITY_ATTRIBUTES lpProcessAttributes,
|
|
_In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes,
|
|
_In_ BOOL bInheritHandles,
|
|
_In_ DWORD dwCreationFlags,
|
|
_In_opt_ LPVOID lpEnvironment,
|
|
_In_opt_ LPCWSTR lpCurrentDirectory,
|
|
_In_ LPSTARTUPINFOW lpStartupInfo,
|
|
_Out_ LPPROCESS_INFORMATION lpProcessInformation);
|
|
|
|
typedef BOOL(WINAPI *pfnWriteProcessMemory)(
|
|
_In_ HANDLE hProcess,
|
|
_In_ LPVOID lpBaseAddress,
|
|
_In_reads_bytes_(nSize) LPCVOID lpBuffer,
|
|
_In_ SIZE_T nSize,
|
|
_Out_opt_ SIZE_T * lpNumberOfBytesWritten);
|
|
|
|
typedef HANDLE(NTAPI *pfnRunProcessEx)(
|
|
_In_ LPWSTR lpszParameters,
|
|
_In_opt_ LPWSTR lpCurrentDirectory,
|
|
_Out_opt_ HANDLE *PrimaryThread,
|
|
_Inout_opt_ LPWSTR lpApplicationName);
|
|
|
|
|
|
typedef struct _ZA_CONTROL_CONTEXT {
|
|
|
|
//encoded pointers
|
|
pfnSfCopyFileElevated SfCopyFile;
|
|
|
|
pfnNtAllocateVirtualMemory pNtAllocateVirtualMemory;
|
|
pfnNtClose pNtClose;
|
|
pfnNtTerminateProcess pNtTerminateProcess;
|
|
|
|
pfnCopyFileW pCopyFileW;
|
|
pfnCreateRemoteThread pCreateRemoteThread;
|
|
pfnWaitForSingleObject pWaitForSingleObject;
|
|
pfnWriteProcessMemory pWriteProcessMemory;
|
|
|
|
LPVOID ElevatedProcedure;
|
|
pfnRunProcessEx RunProcessEx;
|
|
|
|
//parameters
|
|
ELOAD_PARAMETERS_SIREFEF *ElevatedParameters;
|
|
|
|
//data buffers
|
|
WCHAR szBuffer[MAX_PATH * 2];
|
|
WCHAR szDest[MAX_PATH * 2];
|
|
WCHAR szSource[MAX_PATH * 2];
|
|
|
|
} ZA_CONTROL_CONTEXT, *PZA_CONTROL_CONTEXT;
|