Rooba
/
UACME
mirror of https://github.com/hfiref0x/UACME.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity
UACME/Source/Yuubari/appinfo.h

125 lines
3.0 KiB
C
Raw Blame History

#/*******************************************************************************
*
* (C) COPYRIGHT AUTHORS, 2014 - 2018
*
* TITLE: APPINFO.H
*
* VERSION: 1.29
*
* DATE: 17 Apr 2018
*
* Header file for the AppInfo scan.
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
* PARTICULAR PURPOSE.
*
*******************************************************************************/
#pragma once
#include <DbgHelp.h>
typedef struct _SYMBOL_ENTRY {
struct _SYMBOL_ENTRY *Next;
LPWSTR Name;
DWORD64 Address;
} SYMBOL_ENTRY, *PSYMBOL_ENTRY;
typedef enum _AI_DATA_TYPE {
AiSnapinFile = 1,
AiManagementConsole,
AiAutoApproveEXE,
AiIncludedPFDirs,
AiIncludedSystemDirs,
AilpIncludedWindowsDirs,
AiExemptedAutoApproveExes,
AiExcludedWindowsDirs,
AiMax
} AI_DATA_TYPE;
typedef struct _UAC_AI_DATA {
LPWSTR Name;
SIZE_T Length;
AI_DATA_TYPE Type;
} UAC_AI_DATA, *PUAC_AI_DATA;
typedef struct _UAC_MMC_BLOCK {
LPWSTR lpManagementApplication;
PVOID ControlFiles;
ULONG ControlFilesCount;
ULONG Reserved;
} UAC_MMC_BLOCK, *PUAC_MMC_BLOCK;
typedef struct _UAC_PATTERN {
PVOID PatternData;
ULONG PatternSize;
ULONG SubtractBytes;
ULONG AppInfoBuildMin;
ULONG AppInfoBuildMax;
} UAC_PATTERN, *PUAC_PATTERN;
typedef struct _UAC_AI_GLOBALS {
ULONG AppInfoBuildNumber;
PVOID DllBase;
SIZE_T DllVirtualSize;
UAC_MMC_BLOCK *MmcBlock;
PVOID *lpIncludedWindowsDirs;
PVOID *lpIncludedPFDirs;
PVOID *lpAutoApproveEXEList;
PVOID *lpIncludedSystemDirs;
PVOID *lpExemptedAutoApproveExes;
PVOID *lpExcludedWindowsDirs;
} UAC_AI_GLOBALS, *PUAC_AI_GLOBALS;
typedef VOID(WINAPI *APPINFODATACALLBACK)(UAC_AI_DATA *Data);
typedef DWORD(WINAPI *pfnSymSetOptions)(
_In_ DWORD SymOptions
);
typedef BOOL(WINAPI *pfnSymInitializeW)(
_In_ HANDLE hProcess,
_In_opt_ PCWSTR UserSearchPath,
_In_ BOOL fInvadeProcess
);
typedef DWORD64(WINAPI *pfnSymLoadModuleExW)(
_In_ HANDLE hProcess,
_In_opt_ HANDLE hFile,
_In_opt_ PCWSTR ImageName,
_In_opt_ PCWSTR ModuleName,
_In_ DWORD64 BaseOfDll,
_In_ DWORD DllSize,
_In_opt_ PMODLOAD_DATA Data,
_In_opt_ DWORD Flags
);
typedef BOOL(WINAPI *pfnSymEnumSymbolsW)(
_In_ HANDLE hProcess,
_In_ ULONG64 BaseOfDll,
_In_opt_ PCWSTR Mask,
_In_ PSYM_ENUMERATESYMBOLS_CALLBACKW EnumSymbolsCallback,
_In_opt_ PVOID UserContext
);
typedef BOOL(WINAPI *pfnSymUnloadModule64)(
_In_ HANDLE hProcess,
_In_ DWORD64 BaseOfDll
);
typedef BOOL(WINAPI *pfnSymCleanup)(
_In_ HANDLE hProcess
);
typedef BOOL(WINAPI *pfnSymFromAddrW)(
_In_ HANDLE hProcess,
_In_ DWORD64 Address,
_Out_opt_ PDWORD64 Displacement,
_Inout_ PSYMBOL_INFOW Symbol
);
VOID ScanAppInfo(
LPWSTR lpFileName,
APPINFODATACALLBACK OutputCallback
);
Reference in New Issue View Git Blame Copy Permalink