Mirrors
/
vxug-VXAPI
mirror of https://github.com/vxunderground/VX-API
6
0
Fork 0
Code Issues Projects Releases Wiki Activity

2.0.409 

2.0.409
This commit is contained in:
vxunderground 2022-11-24 01:08:28 -06:00
parent 12ce9b9e5b
commit 1aed815bd8
6 changed files with 12 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
README.md
View File

@ -55,6 +55,8 @@ You're free to use this in any manner you please. You do not need to use this en
| HashStringSdbm | Ozan Yigit | String Hashing |
| HashStringSuperFastHash | Paul Hsieh | String Hashing |
| HashStringUnknownGenericHash1A | Unknown | String Hashing |
| HashStringSipHash | RistBS | String Hashing |
| HashStringMurmur | RistBS | String Hashing |
| CreateMd5HashFromFilePath | Microsoft | Cryptography Related |
| CreatePseudoRandomInteger | Apple (c) 1999 | Cryptography Related |
| CreatePseudoRandomString | smelly__vx | Cryptography Related |
@ -114,7 +116,8 @@ You're free to use this in any manner you please. You do not need to use this en
| GetByteArrayFromFile | smelly__vx | Helper Functions |
| Ex_GetHandleOnDeviceHttpCommunication | x86matthew | Helper Functions |
| IsRegistryKeyValid | smelly__vx | Helper Functions |
FastcallExecuteBinaryShellExecuteEx | smelly__vx | Helper Functions |
| FastcallExecuteBinaryShellExecuteEx | smelly__vx | Helper Functions |
| GetCurrentProcessIdFromOffset | RistBS | Helper Functions |
| GetKUserSharedData | Geoff Chappell | Library Loading |
| GetModuleHandleEx2 | smelly__vx | Library Loading |
| GetPeb | 29a | Library Loading |
@ -128,6 +131,8 @@ FastcallExecuteBinaryShellExecuteEx | smelly__vx | Helper Functions |
| GetProcAddressSdbm | smelly__vx | Library Loading |
| GetProcAddressSuperFastHash | smelly__vx | Library Loading |
| GetProcAddressUnknownGenericHash1 | smelly__vx | Library Loading |
| GetProcAddressSipHash | RistBS | Library Loading |
| GetProcAddressMurmur | RistBS | Library Loading |
| GetRtlUserProcessParameters | ReactOS | Library Loading |
| GetTeb | ReactOS | Library Loading |
| RtlLoadPeHeaders | smelly__vx | Library Loading |

2
VX-API/GetCurrentPid.cpp → VX-API/GetCurrentProcessIdFromOffset.cpp
View File

@ -1,6 +1,6 @@
#include "Win32Helper.h"
DWORD GetCurrentPid(VOID)
DWORD GetCurrentProcessIdFromOffset(VOID)
{
#if defined(_WIN64)
return (UINT32)__readgsqword(0x40);

2
VX-API/ProcessInjectFiberData.cpp
View File

@ -2,7 +2,7 @@
typedef int(WINAPI* RtlUserFiberStart)();
DWORD ProcessInjectFiberData(_In_ PCHAR Shellcode, _In_ DWORD Length)
DWORD __revision_required_ProcessInjectFiberData(_In_ PCHAR Shellcode, _In_ DWORD Length)
{
NTSTATUS status;
DWORD OldProt = 0;

1
VX-API/VX-API.vcxproj
View File

@ -228,7 +228,6 @@
<ClCompile Include="MpfGetLsaPidFromNamedPipe.cpp" />
<ClCompile Include="MpfGetLsaPidFromRegistry.cpp" />
<ClCompile Include="MpfGetLsaPidFromServiceManager.cpp" />
<ClCompile Include="MpfLolScheduledPersistenceByAt.cpp" />
<ClCompile Include="__unstable__preview__MpfSilentInstallGoogleChromePlugin.cpp" />
<ClCompile Include="SendIcmpEchoMessageToIPv4Host.cpp" />
<ClCompile Include="OleGetClipboardData.cpp" />

3
VX-API/VX-API.vcxproj.filters
View File

@ -456,9 +456,6 @@
<ClCompile Include="MpfLolExecuteRemoteBinaryByAppInstaller.cpp">
<Filter>Source Files\Windows API Helper Functions\Malicious Capabilities\Lolbins</Filter>
</ClCompile>
<ClCompile Include="MpfLolScheduledPersistenceByAt.cpp">
<Filter>Source Files\Windows API Helper Functions\Malicious Capabilities\Lolbins</Filter>
</ClCompile>
<ClCompile Include="FastcallExecuteBinaryShellExecuteEx.cpp">
<Filter>Source Files\Windows API Helper Functions\Helper Functions</Filter>
</ClCompile>

6
VX-API/Win32Helper.h
View File

@ -211,7 +211,7 @@ BOOL Ex_GetHandleOnDeviceHttpCommunication(_Out_ PHANDLE Handle);
DWORD IsRegistryKeyValidW(_In_ HKEY PredefinedKey, _In_ PWCHAR Path);
BOOL FastcallExecuteBinaryShellExecuteExW(_In_ PWCHAR FullPathToBinary, _In_ PWCHAR OptionalParameters);
BOOL FastcallExecuteBinaryShellExecuteExA(_In_ PCHAR FullPathToBinary, _In_ PCHAR OptionalParameters);
DWORD GetCurrentPid(VOID);
DWORD GetCurrentProcessIdFromOffset(VOID);
/*******************************************
FINGERPRINTING
@ -264,7 +264,9 @@ BOOL __unstable__preview__MpfSilentInstallGoogleChromePluginW(_In_ PWCHAR Extens
BOOL __unstable__preview__MpfSilentInstallGoogleChromePluginA(_In_ PCHAR ExtensionIdentifier);
BOOL MpfLolExecuteRemoteBinaryByAppInstallerW(_In_ PWCHAR RemoteUrlTextFile, _In_ DWORD RemoteUrlLengthInBytes);
BOOL MpfLolExecuteRemoteBinaryByAppInstallerA(_In_ PCHAR RemoteUrlTextFile, _In_ DWORD RemoteUrlLengthInBytes);
DWORD ProcessInjectFiberData(_In_ PCHAR Shellcode, _In_ DWORD Length);
DWORD __revision_required_ProcessInjectFiberData(_In_ PCHAR Shellcode, _In_ DWORD Length);
/*******************************************
EVASION