Rooba
/
UACME
mirror of https://github.com/hfiref0x/UACME.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity
UACME/Source/Shared/util.h

155 lines
4.0 KiB
C
Raw Blame History

/*******************************************************************************
*
* (C) COPYRIGHT AUTHORS, 2017 - 2018
*
* TITLE: UTIL.H
*
* VERSION: 3.10
*
* DATE: 11 Nov 2018
*
* Global support routines header file shared between payload dlls.
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
* PARTICULAR PURPOSE.
*
*******************************************************************************/
#pragma once
typedef struct _UACME_PARAM_BLOCK {
ULONG Crc32;
ULONG SessionId;
ULONG AkagiFlag;
WCHAR szParameter[MAX_PATH + 1];
WCHAR szDesktop[MAX_PATH + 1];
WCHAR szWinstation[MAX_PATH + 1];
WCHAR szSignalObject[MAX_PATH + 1];
} UACME_PARAM_BLOCK, *PUACME_PARAM_BLOCK;
typedef BOOL(WINAPI* PFNCREATEPROCESSW)(
LPCWSTR lpApplicationName,
LPWSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes,
LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles,
DWORD dwCreationFlags,
LPVOID lpEnvironment,
LPCWSTR lpCurrentDirectory,
LPSTARTUPINFOW lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInformation);
typedef struct tagUCM_PROCESS_MITIGATION_POLICIES {
PROCESS_MITIGATION_EXTENSION_POINT_DISABLE_POLICY ExtensionPointDisablePolicy;
PROCESS_MITIGATION_DYNAMIC_CODE_POLICY_W10 DynamicCodePolicy;
PROCESS_MITIGATION_BINARY_SIGNATURE_POLICY_W10 SignaturePolicy;
PROCESS_MITIGATION_IMAGE_LOAD_POLICY_W10 ImageLoadPolicy;
PROCESS_MITIGATION_SYSTEM_CALL_FILTER_POLICY_W10 SystemCallFilterPolicy;
PROCESS_MITIGATION_PAYLOAD_RESTRICTION_POLICY_W10 PayloadRestrictionPolicy;
} UCM_PROCESS_MITIGATION_POLICIES, *PUCM_PROCESS_MITIGATION_POLICIES;
typedef struct _OBJSCANPARAM {
PWSTR Buffer;
SIZE_T BufferSize;
} OBJSCANPARAM, *POBJSCANPARAM;
typedef struct _SXS_SEARCH_CONTEXT {
LPWSTR DllName;
LPWSTR SxsKey;
LPWSTR FullDllPath;
} SXS_SEARCH_CONTEXT, *PSXS_SEARCH_CONTEXT;
VOID ucmPingBack(
VOID);
BOOLEAN ucmPrivilegeEnabled(
_In_ HANDLE hToken,
_In_ ULONG Privilege);
NTSTATUS ucmCreateSyncMutant(
_Out_ PHANDLE phMutant);
LPVOID ucmLdrGetProcAddress(
_In_ PCHAR ImageBase,
_In_ PCHAR RoutineName);
VOID ucmGetStartupInfo(
_In_ LPSTARTUPINFOW lpStartupInfo);
DWORD ucmExpandEnvironmentStrings(
_In_ LPCWSTR lpSrc,
_Out_writes_to_opt_(nSize, return) LPWSTR lpDst,
_In_ DWORD nSize);
PVOID ucmGetSystemInfo(
_In_ SYSTEM_INFORMATION_CLASS InfoClass);
BOOL ucmLaunchPayload(
_In_opt_ LPWSTR pszPayload,
_In_opt_ DWORD cbPayload);
BOOL ucmLaunchPayloadEx(
_In_ PFNCREATEPROCESSW pCreateProcess,
_In_opt_ LPWSTR pszPayload,
_In_opt_ DWORD cbPayload);
BOOL ucmLaunchPayload2(
_In_ BOOL bIsLocalSystem,
_In_ ULONG SessionId,
_In_opt_ LPWSTR pszPayload,
_In_opt_ DWORD cbPayload);
LPWSTR ucmQueryRuntimeInfo(
_In_ BOOL ReturnData);
BOOLEAN ucmDestroyRuntimeInfo(
_In_ LPWSTR RuntimeInfo);
BOOL ucmIsUserWinstaInteractive(
VOID);
NTSTATUS ucmIsUserHasInteractiveSid(
_In_ HANDLE hToken,
_Out_ PBOOL pbInteractiveSid);
NTSTATUS ucmIsLocalSystem(
_Out_ PBOOL pbResult);
wchar_t *sxsFilePathNoSlash(
_In_ const wchar_t *fname,
_In_ wchar_t *fpath);
BOOL sxsFindLoaderEntry(
_In_ PSXS_SEARCH_CONTEXT Context);
UCM_PROCESS_MITIGATION_POLICIES *ucmGetRemoteCodeExecPolicies(
_In_ HANDLE hProcess);
BOOL ucmGetProcessMitigationPolicy(
_In_ HANDLE hProcess,
_In_ PROCESS_MITIGATION_POLICY Policy,
_In_ SIZE_T Size,
_Out_writes_bytes_(Size) PVOID Buffer);
_Success_(return == TRUE)
BOOL ucmQueryProcessTokenIL(
_In_ HANDLE hProcess,
_Out_ PULONG IntegrityLevel);
HANDLE ucmOpenAkagiNamespace(
VOID);
_Success_(return == TRUE)
BOOL ucmReadSharedParameters(
_Out_ UACME_PARAM_BLOCK *SharedParameters);
VOID ucmSetCompletion(
_In_ LPWSTR lpEvent);
#ifdef _DEBUG
#define ucmDbgMsg(Message) OutputDebugString(Message)
#else
#define ucmDbgMsg(Message)
#endif
Reference in New Issue View Git Blame Copy Permalink