hfiref0x
diff --git a/‎LICENSE.md‎
Lines changed: 1 addition & 1 deletion b/‎LICENSE.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎README.md‎
Lines changed: 11 additions & 1 deletion b/‎README.md‎
Lines changed: 11 additions & 1 deletion
diff --git a/‎Source/Akagi/Resource.rc‎
0 Bytes b/‎Source/Akagi/Resource.rc‎
0 Bytes
diff --git a/‎Source/Akagi/console.c‎
Lines changed: 125 additions & 0 deletions b/‎Source/Akagi/console.c‎
Lines changed: 125 additions & 0 deletions
diff --git a/‎Source/Akagi/console.h‎
Lines changed: 52 additions & 0 deletions b/‎Source/Akagi/console.h‎
Lines changed: 52 additions & 0 deletions
diff --git a/‎Source/Akagi/global.h‎
Lines changed: 5 additions & 2 deletions b/‎Source/Akagi/global.h‎
Lines changed: 5 additions & 2 deletions
diff --git a/‎Source/Akagi/main.c‎
Lines changed: 14 additions & 36 deletions b/‎Source/Akagi/main.c‎
Lines changed: 14 additions & 36 deletions
diff --git a/‎Source/Akagi/methods/comsup.h‎
Lines changed: 2 additions & 2 deletions b/‎Source/Akagi/methods/comsup.h‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎Source/Akagi/methods/elvint.h‎
Lines changed: 3 additions & 3 deletions b/‎Source/Akagi/methods/elvint.h‎
Lines changed: 3 additions & 3 deletions
@@ -1,4 +1,4 @@
-Copyright (c) 2014 - 2022, UACMe authors
+Copyright (c) 2014 - 2022, UACMe Project
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are met:
 
@@ -758,11 +758,21 @@ First parameter is number of method to use, second is optional command (executab
      * Method: IElevatedFactoryServer
      * Target(s): Attacker defined
      * Component(s): Attacker defined
-     * Implementation: ucmVirtualFactoryServer
+     * Implementation: ucmVFServerTaskSchedMethod
      * Works from: Windows 8.1 (9600)
      * Fixed in: unfixed :see_no_evil:
         * How: -
       * Code status: added in v3.6.1
+75. Author: zcgonvh derivative by Wh04m1001
+     * Type: Elevated COM interface
+     * Method: IDiagnosticProfile
+     * Target(s): Attacker defined
+     * Component(s): Attacker defined
+     * Implementation: ucmVFServerDiagProfileMethod
+     * Works from: Windows 7 RTM (7600)
+     * Fixed in: unfixed :see_no_evil:
+        * How: -
+      * Code status: added in v3.6.2
 
 </details>
 
 
@@ -0,0 +1,125 @@
+/*******************************************************************************
+*
+*  (C) COPYRIGHT AUTHORS, 2022
+*
+*  TITLE:       CONSOLE.C
+*
+*  VERSION:     3.62
+*
+*  DATE:        08 Jul 2022
+*
+*  Debug console.
+*
+* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
+* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
+* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
+* PARTICULAR PURPOSE.
+*
+*******************************************************************************/
+
+#include "global.h"
+
+HANDLE StdOutputHandle = NULL;
+
+pswprintf_s _swprintf_s = NULL;
+
+VOID ConsolePrint(
+    _In_ LPCWSTR Message
+)
+{
+    WriteConsole(StdOutputHandle, Message, (ULONG)_strlen(Message), NULL, NULL);
+}
+
+VOID ConsolePrintValueUlong(
+    _In_ LPCWSTR Message,
+    _In_ ULONG Value,
+    _In_ BOOL Hexademical
+)
+{
+    WCHAR szText[200];
+
+    if (_swprintf_s) {
+
+        _swprintf_s(szText, RTL_NUMBER_OF(szText),
+            Hexademical ? TEXT("%ws 0x%lX\r\n") : TEXT("%ws %lu\r\n"),
+            Message,
+            Value);
+
+        ConsolePrint(szText);
+    }
+}
+
+VOID ConsolePrintStatus(
+    _In_ LPCWSTR Message,
+    _In_ NTSTATUS Status
+)
+{
+    ConsolePrintValueUlong(Message, Status, TRUE);
+}
+
+VOID ConsoleInit(
+    VOID
+)
+{
+    WCHAR szBuffer[100];
+    HMODULE hNtdll = GetModuleHandle(L"ntdll.dll");
+
+    if (hNtdll == NULL || !AllocConsole())
+        return;
+
+    _swprintf_s = (pswprintf_s)GetProcAddress(hNtdll, "swprintf_s");
+    if (_swprintf_s == NULL)
+        return;
+
+    StdOutputHandle = GetStdHandle(STD_OUTPUT_HANDLE);
+    SetConsoleMode(StdOutputHandle, ENABLE_PROCESSED_OUTPUT |
+        ENABLE_VIRTUAL_TERMINAL_PROCESSING);
+
+    _swprintf_s(szBuffer, RTL_NUMBER_OF(szBuffer), TEXT("[*] UACMe v%lu.%lu.%lu.%lu\r\n"),
+        UCM_VERSION_MAJOR,
+        UCM_VERSION_MINOR,
+        UCM_VERSION_REVISION,
+        UCM_VERSION_BUILD);
+
+    SetConsoleTitle(szBuffer);
+}
+
+BOOL ConsoleIsKeyPressed(
+    _In_ WORD VirtualKeyCode
+)
+{
+    BOOL bResult = FALSE;
+    DWORD numberOfEvents = 0;
+    INPUT_RECORD inp1;
+    HANDLE nStdHandle = GetStdHandle(STD_INPUT_HANDLE);
+
+    GetNumberOfConsoleInputEvents(nStdHandle, &numberOfEvents);
+
+    if (numberOfEvents) {
+
+        PeekConsoleInput(nStdHandle, &inp1, 1, &numberOfEvents);
+
+        bResult = (numberOfEvents != 0 &&
+            inp1.EventType == KEY_EVENT &&
+            inp1.Event.KeyEvent.bKeyDown &&
+            inp1.Event.KeyEvent.wVirtualKeyCode == VirtualKeyCode);
+
+        FlushConsoleInputBuffer(nStdHandle);
+    }
+
+    return bResult;
+}
+
+VOID ConsoleRelease(
+    VOID
+)
+{
+    DWORD dwStop = GetTickCount() + (10 * 1000);
+
+    ConsolePrint(TEXT("[+] Press Enter to exit or wait few seconds and it will close automatically\r\n"));
+
+    while (!ConsoleIsKeyPressed(VK_RETURN) && GetTickCount() < dwStop)
+        Sleep(50);
+
+    FreeConsole();
+}
@@ -0,0 +1,52 @@
+/*******************************************************************************
+*
+*  (C) COPYRIGHT AUTHORS, 2022
+*
+*  TITLE:       CONSOLE.H
+*
+*  VERSION:     3.62
+*
+*  DATE:        08 Jul 2022
+*
+*  Debug console header file.
+*
+* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
+* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
+* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
+* PARTICULAR PURPOSE.
+*
+*******************************************************************************/
+
+#pragma once
+
+VOID ConsoleInit(
+    VOID);
+
+VOID ConsoleRelease(
+    VOID);
+
+VOID ConsolePrintStatus(
+    _In_ LPCWSTR Message,
+    _In_ NTSTATUS Status);
+
+VOID ConsolePrint(
+    _In_ LPCWSTR Message);
+
+VOID ConsolePrintValueUlong(
+    _In_ LPCWSTR Message,
+    _In_ ULONG Value,
+    _In_ BOOL Hexademical);
+
+#ifdef _UCM_CONSOLE
+#define ucmConsoleInit ConsoleInit
+#define ucmConsoleRelease ConsoleRelease
+#define ucmConsolePrintStatus ConsolePrintStatus
+#define ucmConsolePrint ConsolePrint
+#define ucmConsolePrintValueUlong ConsolePrintValueUlong
+#else
+#define ucmConsoleInit()
+#define ucmConsoleRelease()
+#define ucmConsolePrintStatus(Message, Status)
+#define ucmConsolePrint(Message)
+#define ucmConsolePrintValueUlong(Message, Value, Hexademical)
+#endif
@@ -4,9 +4,9 @@
 *
 *  TITLE:       GLOBAL.H
 *
-*  VERSION:     3.61
+*  VERSION:     3.62
 *
-*  DATE:        22 Jun 2022
+*  DATE:        07 Jul 2022
 *
 *  Common header file for the program support routines.
 *
@@ -82,6 +82,7 @@
 #include "compress.h"
 #include "aic.h"
 #include "stub.h"
+#include "console.h"
 #include "methods\methods.h"
 
 //default execution flow
@@ -108,6 +109,8 @@ typedef struct _UACME_CONTEXT {
 
     PVOID                   ucmHeap;
     pfnDecompressPayload    DecompressRoutine;
+    pswprintf_s             swprintf_s;
+    
     UACME_FUSION_CONTEXT    FusionContext;
     UACME_SHARED_CONTEXT    SharedContext;
 
 
@@ -26,39 +26,6 @@ PUACMECONTEXT g_ctx;
 //Image Base Address global variable
 HINSTANCE g_hInstance;
 
-#define ENABLE_OUTPUT
-#undef ENABLE_OUTPUT
-
-#ifdef ENABLE_OUTPUT
-VOID ucmShowVersion(
-    VOID)
-{
-    DWORD bytesIO;
-    WCHAR szVersion[100];
-
-#ifdef _DEBUG
-    if (!AllocConsole()) {
-        return;
-    }
-#else
-    if (!AttachConsole(ATTACH_PARENT_PROCESS)) {
-        return;
-    }
-#endif
-
-    RtlSecureZeroMemory(&szVersion, sizeof(szVersion));
-    wsprintf(szVersion, TEXT("v%lu.%lu.%lu.%lu"),
-        UCM_VERSION_MAJOR,
-        UCM_VERSION_MINOR,
-        UCM_VERSION_REVISION,
-        UCM_VERSION_BUILD);
-
-    WriteConsole(GetStdHandle(STD_OUTPUT_HANDLE), &szVersion, _strlen(szVersion), &bytesIO, NULL);
-
-    FreeConsole();
-}
-#endif
-
 /*
 * ucmInit
 *
@@ -90,6 +57,8 @@ NTSTATUS ucmInit(
 
     wdCheckEmulatedVFS();
 
+    ucmConsoleInit();
+
     bytesIO = 0;
     RtlQueryElevationFlags(&bytesIO);
     if ((bytesIO & DBG_FLAG_ELEVATION_ENABLED) == 0)
@@ -109,9 +78,6 @@ NTSTATUS ucmInit(
         RtlSecureZeroMemory(szBuffer, sizeof(szBuffer));
         GetCommandLineParam(GetCommandLine(), 1, szBuffer, MAX_PATH, &bytesIO);
         if (bytesIO == 0) {
-#ifdef ENABLE_OUTPUT
-            ucmShowVersion();
-#endif
             return STATUS_INVALID_PARAMETER;
         }
 
@@ -193,6 +159,8 @@ NTSTATUS WINAPI ucmMain(
         OptionalParameter,
         OptionalParameterLength);
 
+    ucmConsolePrintStatus(TEXT("[*] ucmInit"), Status);
+
     if (!NT_SUCCESS(Status))
         return Status;
 
@@ -212,5 +180,15 @@ NTSTATUS WINAPI ucmMain(
 #pragma comment(linker, "/ENTRY:main")
 VOID __cdecl main()
 {
+#ifdef _UCM_CONSOLE
+    ULONG result;
+
+    result = StubInit(ucmMain);
+    ucmConsolePrintValueUlong(TEXT("[+] ucmMain"), result, TRUE);
+    ucmConsoleRelease();
+    ExitProcess(result);
+
+#else
     ExitProcess(StubInit(ucmMain));
+#endif
 }
@@ -4,9 +4,9 @@
 *
 *  TITLE:       COMSUP.H
 *
-*  VERSION:     3.61
+*  VERSION:     3.62
 *
-*  DATE:        22 Jun 2022
+*  DATE:        04 Jul 2022
 *
 *  Prototypes and definitions for COM interfaces and routines.
 *
 
@@ -4,9 +4,9 @@
 *
 *  TITLE:       ELVINT.H
 *
-*  VERSION:     3.61
+*  VERSION:     3.62
 *
-*  DATE:        22 Jun 2022
+*  DATE:        04 Jul 2022
 *
 *  Prototypes and definitions for elevated interface methods.
 *
@@ -481,7 +481,7 @@ typedef struct IElevatedFactoryServerVtbl {
 
     END_INTERFACE
 
-} *PIElevatedFactoryServerVtbll;
+} *PIElevatedFactoryServerVtbl;
 
 // INTERFACE DEF
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-Copyright (c) 2014 - 2022, UACMe authors`
	`1`	`+Copyright (c) 2014 - 2022, UACMe Project`
`2`	`2`
`3`	`3`	`Redistribution and use in source and binary forms, with or without`
`4`	`4`	`modification, are permitted provided that the following conditions are met:`
Original file line number	Diff line number	Diff line change
`@@ -4,9 +4,9 @@`
`4`	`4`	`*`
`5`	`5`	`* TITLE: GLOBAL.H`
`6`	`6`	`*`
`7`		`-* VERSION: 3.61`
	`7`	`+* VERSION: 3.62`
`8`	`8`	`*`
`9`		`-* DATE: 22 Jun 2022`
	`9`	`+* DATE: 07 Jul 2022`
`10`	`10`	`*`
`11`	`11`	`* Common header file for the program support routines.`
`12`	`12`	`*`
`@@ -82,6 +82,7 @@`
`82`	`82`	`#include "compress.h"`
`83`	`83`	`#include "aic.h"`
`84`	`84`	`#include "stub.h"`
	`85`	`+#include "console.h"`
`85`	`86`	`#include "methods\methods.h"`
`86`	`87`
`87`	`88`	`//default execution flow`
`@@ -108,6 +109,8 @@ typedef struct _UACME_CONTEXT {`
`108`	`109`
`109`	`110`	`PVOID ucmHeap;`
`110`	`111`	`pfnDecompressPayload DecompressRoutine;`
	`112`	`+ pswprintf_s swprintf_s;`
	`113`	`+`
`111`	`114`	`UACME_FUSION_CONTEXT FusionContext;`
`112`	`115`	`UACME_SHARED_CONTEXT SharedContext;`
`113`	`116`
Original file line number	Diff line number	Diff line change
`@@ -4,9 +4,9 @@`
`4`	`4`	`*`
`5`	`5`	`* TITLE: COMSUP.H`
`6`	`6`	`*`
`7`		`-* VERSION: 3.61`
	`7`	`+* VERSION: 3.62`
`8`	`8`	`*`
`9`		`-* DATE: 22 Jun 2022`
	`9`	`+* DATE: 04 Jul 2022`
`10`	`10`	`*`
`11`	`11`	`* Prototypes and definitions for COM interfaces and routines.`
`12`	`12`	`*`
Original file line number	Diff line number	Diff line change
`@@ -4,9 +4,9 @@`
`4`	`4`	`*`
`5`	`5`	`* TITLE: ELVINT.H`
`6`	`6`	`*`
`7`		`-* VERSION: 3.61`
	`7`	`+* VERSION: 3.62`
`8`	`8`	`*`
`9`		`-* DATE: 22 Jun 2022`
	`9`	`+* DATE: 04 Jul 2022`
`10`	`10`	`*`
`11`	`11`	`* Prototypes and definitions for elevated interface methods.`
`12`	`12`	`*`
`@@ -481,7 +481,7 @@ typedef struct IElevatedFactoryServerVtbl {`
`481`	`481`
`482`	`482`	`END_INTERFACE`
`483`	`483`
`484`		`-} *PIElevatedFactoryServerVtbll;`
	`484`	`+} *PIElevatedFactoryServerVtbl;`
`485`	`485`
`486`	`486`	`// INTERFACE DEF`
`487`	`487`