UACME/Source/Akagi/methods/methods.h

/*******************************************************************************
*
*  (C) COPYRIGHT AUTHORS, 2014 - 2019
*
*  TITLE:       METHODS.H
*
*  VERSION:     3.18
*
*  DATE:        29 Mar 2019
*
*  Prototypes and definitions for UAC bypass methods table.
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
* PARTICULAR PURPOSE.
*
*******************************************************************************/
#pragma once

typedef enum _UCM_METHOD {
    UacMethodTest = 0,          //+
    UacMethodSysprep1 = 1,      //+
    UacMethodSysprep2,          //+
    UacMethodOobe,              //+
    UacMethodRedirectExe,       //+
    UacMethodSimda,             //+
    UacMethodCarberp1,          //+
    UacMethodCarberp2,          //+
    UacMethodTilon,             //+
    UacMethodAVrf,              //+
    UacMethodWinsat,            //+
    UacMethodShimPatch,         //+
    UacMethodSysprep3,          //+
    UacMethodMMC1,              //+
    UacMethodSirefef,           //+
    UacMethodGeneric,           //+
    UacMethodGWX,               //+
    UacMethodSysprep4,          //+
    UacMethodManifest,          //+
    UacMethodInetMgr,           //+
    UacMethodMMC2,              //+
    UacMethodSXS,               //+
    UacMethodSXSConsent,        //+
    UacMethodDISM,              //+
    UacMethodComet,             //+
    UacMethodEnigma0x3,         //+
    UacMethodEnigma0x3_2,       //+
    UacMethodExpLife,           //+
    UacMethodSandworm,          //+
    UacMethodEnigma0x3_3,       //+
    UacMethodWow64Logger,       //+
    UacMethodEnigma0x3_4,       //+
    UacMethodUiAccess,          //+
    UacMethodMsSettings,        //+
    UacMethodTyranid,           //+
    UacMethodTokenMod,          //+
    UacMethodJunction,          //+
    UacMethodSXSDccw,           //+
    UacMethodHakril,            //+
    UacMethodCorProfiler,       //+
    UacMethodCOMHandlers,       //+
    UacMethodCMLuaUtil,         //+
    UacMethodFwCplLua,          //+
    UacMethodDccwCOM,           //+
    UacMethodVolatileEnv,       //+
    UacMethodSluiHijack,        //+
    UacMethodBitlockerRC,       //+
    UacMethodCOMHandlers2,      //+
    UacMethodSPPLUAObject,      //+
    UacMethodCreateNewLink,     //+
    UacMethodDateTimeWriter,    //+
    UacMethodAcCplAdmin,        //+
    UacMethodDirectoryMock,     //+
    UacMethodShellSdclt,        //+
    UacMethodEgre55,            //+
    UacMethodTokenModUiAccess,  //+
    UacMethodShellWSReset,      //+
    UacMethodSysprep5,          //+
    //UacMethodReserved0,       //-
    UacMethodMax,
    UacMethodInvalid = 0xabcdef
} UCM_METHOD;

#define UCM_DISPATCH_ENTRY_MAX UacMethodMax

typedef struct _UCM_METHOD_AVAILABILITY {
    ULONG MinumumWindowsBuildRequired;             //if the current build less this value this method is not working here
    ULONG MinimumExpectedFixedWindowsBuild;        //if the current build equal or greater this value this method is not working here or fixed
} UCM_METHOD_AVAILABILITY;

typedef enum _UCM_METHOD_EXECUTE_TYPE {
    ucmExTypeDefault = 0,
    ucmExTypeRegSymlink = 1,
    ucmExTypeIndirectModification = 2,
    ucmExTypeDisableWDRuntime = 3,
    ucmExTypeMax
} UCM_METHOD_EXECUTE_TYPE;

typedef struct tagUCM_PARAMS_BLOCK {
    UCM_METHOD Method;
    PVOID PayloadCode;
    ULONG PayloadSize;
} UCM_PARAMS_BLOCK, *PUCM_PARAMS_BLOCK;

typedef NTSTATUS(CALLBACK *PUCM_EXTRA_ROUTINE)(
    PVOID Parameter
    );

typedef NTSTATUS(CALLBACK *PUCM_API_ROUTINE)(
    _In_ PUCM_PARAMS_BLOCK Parameter
    );

typedef struct _UCM_EXTRA_CONTEXT {
    PUCM_EXTRA_ROUTINE Routine;
    PVOID Parameter;
} UCM_EXTRA_CONTEXT, *PUCM_EXTRA_CONTEXT;
                  
#define UCM_API(n) NTSTATUS CALLBACK n(     \
    _In_ PUCM_PARAMS_BLOCK Parameter)  

typedef struct _UCM_API_DISPATCH_ENTRY {
    PUCM_API_ROUTINE Routine;               //method to execute
    PUCM_EXTRA_CONTEXT ExtraContext;        //extra context to be executed depending on method
    UCM_METHOD_AVAILABILITY Availability;   //min and max supported Windows builds
    ULONG PayloadResourceId;                //which payload dll must be used
    BOOL Win32OrWow64Required;
    BOOL DisallowWow64;
    BOOL SetParameters;                     //need shared parameters to be set
} UCM_API_DISPATCH_ENTRY, *PUCM_API_DISPATCH_ENTRY;

#include "elvint.h"
#include "api0cradle.h"
#include "apphelp.h"
#include "b33f.h"
#include "bytecode77.h"
#include "carberp.h"
#include "comet.h"
#include "comsup.h"
#include "deroko.h"
#include "dwells.h"
#include "enigma0x3.h"
#include "explife.h"
#include "gootkit.h"
#include "hakril.h"
#include "hybrids.h"
#include "rinn.h"
#include "pitou.h"
#include "sandworm.h"
#include "simda.h"
#include "wusa.h"
#include "tests\test.h"
#include "tyranid.h"

NTSTATUS MethodsManagerCall(
    _In_ UCM_METHOD Method);