mirror of https://github.com/vxunderground/VX-API
parent
2742be2f3c
commit
1fa897db4e
|
@ -22,5 +22,7 @@ BOOL AdfOpenProcessOnCsrss(VOID)
|
|||
if (hCsrHandle)
|
||||
CloseHandle(hCsrHandle);
|
||||
|
||||
CsrGetProcessId = NULL;
|
||||
|
||||
return TRUE;
|
||||
}
|
|
@ -34,5 +34,7 @@ BOOL CheckRemoteDebuggerPresent2(_In_ HANDLE hHandle, _Inout_ PBOOL pbDebuggerPr
|
|||
|
||||
*pbDebuggerPresent = TRUE;
|
||||
|
||||
NtQueryInformationProcess = NULL;
|
||||
|
||||
return TRUE;
|
||||
}
|
|
@ -23,7 +23,6 @@ BOOL CreateFileFromDsCopyFromSharedFileW(_In_ PWCHAR NewFileName, _In_ PWCHAR Fi
|
|||
|
||||
DATA_SHARE_CTRL Share; ZeroMemoryEx(&Share, sizeof(DATA_SHARE_CTRL));
|
||||
LPWSTR SidString = NULL;
|
||||
HANDLE hToken = NULL;
|
||||
DSCREATESHAREDFILETOKEN DsCreateSharedFileToken = NULL;
|
||||
DSCOPYFROMSHAREDFILE DsCopyFromSharedFile = NULL;
|
||||
DWORD dwError = ERROR_SUCCESS;
|
||||
|
@ -41,8 +40,11 @@ BOOL CreateFileFromDsCopyFromSharedFileW(_In_ PWCHAR NewFileName, _In_ PWCHAR Fi
|
|||
if (!DsCreateSharedFileToken || !DsCopyFromSharedFile)
|
||||
goto EXIT_ROUTINE;
|
||||
|
||||
if ((SidString = GetCurrentUserSidW(hToken, FALSE)) == NULL)
|
||||
#pragma warning( push )
|
||||
#pragma warning( disable : 6387)
|
||||
if ((SidString = GetCurrentUserSidW()) == NULL)
|
||||
goto EXIT_ROUTINE;
|
||||
#pragma warning( pop )
|
||||
|
||||
Share.SharePermission = 2;
|
||||
Share.ShareMode = 3;
|
||||
|
@ -67,8 +69,8 @@ EXIT_ROUTINE:
|
|||
if (SidString)
|
||||
HeapFree(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, SidString);
|
||||
|
||||
if (hToken)
|
||||
CloseHandle(hToken);
|
||||
DsCreateSharedFileToken = NULL;
|
||||
DsCopyFromSharedFile = NULL;
|
||||
|
||||
return bFlag;
|
||||
}
|
||||
|
@ -96,7 +98,6 @@ BOOL CreateFileFromDsCopyFromSharedFileA(_In_ PCHAR NewFileName, _In_ PCHAR File
|
|||
|
||||
DATA_SHARE_CTRL Share; ZeroMemoryEx(&Share, sizeof(DATA_SHARE_CTRL));
|
||||
LPWSTR SidString = NULL;
|
||||
HANDLE hToken = NULL;
|
||||
DSCREATESHAREDFILETOKEN DsCreateSharedFileToken = NULL;
|
||||
DSCOPYFROMSHAREDFILE DsCopyFromSharedFile = NULL;
|
||||
DWORD dwError = ERROR_SUCCESS;
|
||||
|
@ -123,8 +124,11 @@ BOOL CreateFileFromDsCopyFromSharedFileA(_In_ PCHAR NewFileName, _In_ PCHAR File
|
|||
if (!DsCreateSharedFileToken || !DsCopyFromSharedFile)
|
||||
goto EXIT_ROUTINE;
|
||||
|
||||
if ((SidString = GetCurrentUserSidW(hToken, FALSE)) == NULL)
|
||||
#pragma warning( push )
|
||||
#pragma warning( disable : 6387)
|
||||
if ((SidString = GetCurrentUserSidW()) == NULL)
|
||||
goto EXIT_ROUTINE;
|
||||
#pragma warning( pop )
|
||||
|
||||
Share.SharePermission = 2;
|
||||
Share.ShareMode = 3;
|
||||
|
@ -149,8 +153,8 @@ EXIT_ROUTINE:
|
|||
if (SidString)
|
||||
HeapFree(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, SidString);
|
||||
|
||||
if (hToken)
|
||||
CloseHandle(hToken);
|
||||
DsCreateSharedFileToken = NULL;
|
||||
DsCopyFromSharedFile = NULL;
|
||||
|
||||
return bFlag;
|
||||
}
|
|
@ -70,7 +70,7 @@ HRESULT CreateProcessFromIHxInteractiveUserA(_In_ PCHAR UriFile)
|
|||
if(wUriFile == NULL)
|
||||
goto EXIT_ROUTINE;
|
||||
|
||||
if (CharStringToWCharString(wUriFile, UriFile, dwLength + 1) == 0)
|
||||
if (CharStringToWCharString(wUriFile, UriFile, dwLength) == 0)
|
||||
goto EXIT_ROUTINE;
|
||||
|
||||
User->Execute(wUriFile);
|
||||
|
|
|
@ -108,7 +108,7 @@ EXIT_ROUTINE:
|
|||
return bFlag;
|
||||
}
|
||||
|
||||
BOOL CreateProcessWithCfGuardA(_Inout_ PPROCESS_INFORMATION Pi, PCHAR Path)
|
||||
BOOL CreateProcessWithCfGuardA(_Inout_ PPROCESS_INFORMATION Pi, _In_ PCHAR Path)
|
||||
{
|
||||
BOOL bFlag = FALSE;
|
||||
PPROC_THREAD_ATTRIBUTE_LIST ThreadAttributes = NULL;
|
||||
|
|
|
@ -10,7 +10,7 @@ DWORD GetTokenInformationBufferSize(HANDLE hToken)
|
|||
return dwReturn;
|
||||
}
|
||||
|
||||
LPWSTR GetCurrentUserSidW(_Inout_ HANDLE hToken, _In_ BOOL DisposeProcessHandle)
|
||||
LPWSTR GetCurrentUserSidW(VOID)
|
||||
{
|
||||
typedef BOOL(WINAPI* CONVERTSIDTOSTRINGSIDW)(PSID, LPWSTR*);
|
||||
CONVERTSIDTOSTRINGSIDW ConvertSidToStringSidW;
|
||||
|
@ -20,6 +20,7 @@ LPWSTR GetCurrentUserSidW(_Inout_ HANDLE hToken, _In_ BOOL DisposeProcessHandle)
|
|||
BOOL bFlag = FALSE;
|
||||
LPWSTR pSid = NULL;
|
||||
HMODULE hAdvapi = NULL;
|
||||
HANDLE hToken = NULL;
|
||||
|
||||
hAdvapi = LoadLibraryW(L"Advapi32.dll");
|
||||
if (hAdvapi == NULL)
|
||||
|
@ -82,16 +83,13 @@ EXIT_ROUTINE:
|
|||
if (hAdvapi)
|
||||
FreeLibrary(hAdvapi);
|
||||
|
||||
if (DisposeProcessHandle)
|
||||
{
|
||||
if (hToken)
|
||||
CloseHandle(hToken);
|
||||
}
|
||||
if (hToken)
|
||||
CloseHandle(hToken);
|
||||
|
||||
return (bFlag ? pSid : NULL);
|
||||
}
|
||||
|
||||
LPSTR GetCurrentUserSidA(_Inout_ HANDLE hToken, _In_ BOOL DisposeProcessHandle)
|
||||
LPSTR GetCurrentUserSidA(VOID)
|
||||
{
|
||||
typedef BOOL(WINAPI* CONVERTSIDTOSTRINGSIDA)(PSID, LPSTR*);
|
||||
CONVERTSIDTOSTRINGSIDA ConvertSidToStringSidA;
|
||||
|
@ -101,6 +99,7 @@ LPSTR GetCurrentUserSidA(_Inout_ HANDLE hToken, _In_ BOOL DisposeProcessHandle)
|
|||
BOOL bFlag = FALSE;
|
||||
LPSTR pSid = NULL;
|
||||
HMODULE hAdvapi = NULL;
|
||||
HANDLE hToken = NULL;
|
||||
|
||||
hAdvapi = LoadLibraryW(L"Advapi32.dll");
|
||||
if (hAdvapi == NULL)
|
||||
|
@ -163,11 +162,8 @@ EXIT_ROUTINE:
|
|||
if (hAdvapi)
|
||||
FreeLibrary(hAdvapi);
|
||||
|
||||
if (DisposeProcessHandle)
|
||||
{
|
||||
if (hToken)
|
||||
CloseHandle(hToken);
|
||||
}
|
||||
if (hToken)
|
||||
CloseHandle(hToken);
|
||||
|
||||
return (bFlag ? pSid : NULL);
|
||||
}
|
|
@ -20,7 +20,7 @@ BOOL HashFileByMsiFileHashTableW(_In_ PWCHAR Path, _Inout_ PULONG FileHash)
|
|||
if (hModule == NULL)
|
||||
return FALSE;
|
||||
|
||||
MsiGetFileHashW = (MSIGETFILEHASHW)GetProcAddressW((DWORD64)hModule, L"MsiGetFileHashW");
|
||||
MsiGetFileHashW = (MSIGETFILEHASHW)GetProcAddressA((DWORD64)hModule, "MsiGetFileHashW");
|
||||
if (MsiGetFileHashW == NULL)
|
||||
goto EXIT_ROUTINE;
|
||||
|
||||
|
@ -41,6 +41,8 @@ EXIT_ROUTINE:
|
|||
if (hModule)
|
||||
FreeLibrary(hModule);
|
||||
|
||||
MsiGetFileHashW = NULL;
|
||||
|
||||
return bFlag;
|
||||
}
|
||||
|
||||
|
@ -88,5 +90,7 @@ EXIT_ROUTINE:
|
|||
if (hModule)
|
||||
FreeLibrary(hModule);
|
||||
|
||||
MsiGetFileHashA = NULL;
|
||||
|
||||
return bFlag;
|
||||
}
|
|
@ -75,8 +75,8 @@ BOOL GetSystemWindowsDirectoryW(_In_ DWORD nBufferLength, _Inout_ PWCHAR lpBuffe
|
|||
BOOL CreateWindowsObjectPathW(_Inout_ PWCHAR pBuffer, _In_ PWCHAR Path, _In_ DWORD Size, _In_ BOOL bDoesObjectExist);
|
||||
BOOL CreateWindowsObjectPathA(_Inout_ PCHAR pBuffer, _In_ PCHAR Path, _In_ DWORD Size, _In_ BOOL bDoesObjectExist);
|
||||
HANDLE GetProcessHeapFromTeb(VOID);
|
||||
LPWSTR GetCurrentUserSidW(_Inout_ HANDLE hToken, _In_ BOOL DisposeProcessHandle);
|
||||
LPSTR GetCurrentUserSidA(_Inout_ HANDLE hToken, _In_ BOOL DisposeProcessHandle);
|
||||
LPWSTR GetCurrentUserSidW(VOID);
|
||||
LPSTR GetCurrentUserSidA(VOID);
|
||||
DWORD GetProcessPathFromLoaderLoadModuleA(_In_ DWORD nBufferLength, _Inout_ PCHAR lpBuffer);
|
||||
DWORD GetProcessPathFromLoaderLoadModuleW(_In_ DWORD nBufferLength, _Inout_ PWCHAR lpBuffer);
|
||||
DWORD GetProcessPathFromUserProcessParametersA(_In_ DWORD nBufferLength, _Inout_ PCHAR lpBuffer);
|
||||
|
|
Loading…
Reference in New Issue