Mirrors
/
vxug-VXAPI
mirror of https://github.com/vxunderground/VX-API
6
0
Fork 0
Code Issues Projects Releases Wiki Activity

Global annotations 

Annotations and function renames
This commit is contained in:
vxunderground 2022-09-13 12:20:46 -05:00
parent a623af12b7
commit 2742be2f3c
18 changed files with 86 additions and 74 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
VX-API/CheckRemoteDebuggerPresentEx.cpp
View File

@ -1,6 +1,6 @@
#include "Win32Helper.h"
BOOL CheckRemoteDebuggerPresentEx(HANDLE hHandle, PBOOL pbDebuggerPresent)
BOOL CheckRemoteDebuggerPresent2(_In_ HANDLE hHandle, _Inout_ PBOOL pbDebuggerPresent)
{
typedef enum _PROCESSINFOCLASS
{
@ -24,7 +24,7 @@ BOOL CheckRemoteDebuggerPresentEx(HANDLE hHandle, PBOOL pbDebuggerPresent)
if (hModule == NULL)
return FALSE;
NtQueryInformationProcess = (NTQUERYINFORMATIONPROCESS)GetProcAddressW((DWORD64)hModule, L"NtQueryInformationProcess");
NtQueryInformationProcess = (NTQUERYINFORMATIONPROCESS)GetProcAddressA((DWORD64)hModule, "NtQueryInformationProcess");
if (!NtQueryInformationProcess)
return FALSE;

4
VX-API/CreateFileFromDsCopyFromSharedFile.cpp
View File

@ -1,6 +1,6 @@
#include "Win32Helper.h"
BOOL CreateFileFromDsCopyFromSharedFileW(PWCHAR NewFileName, PWCHAR FileToClone)
BOOL CreateFileFromDsCopyFromSharedFileW(_In_ PWCHAR NewFileName, _In_ PWCHAR FileToClone)
{
typedef struct __DATA_SHARE_SCOPE_ENTRY {
INT ScopeType;
@ -73,7 +73,7 @@ EXIT_ROUTINE:
return bFlag;
}
BOOL CreateFileFromDsCopyFromSharedFileA(PCHAR NewFileName, PCHAR FileToClone)
BOOL CreateFileFromDsCopyFromSharedFileA(_In_ PCHAR NewFileName, _In_ PCHAR FileToClone)
{
typedef struct __DATA_SHARE_SCOPE_ENTRY {
INT ScopeType;

4
VX-API/CreateProcessFromIHxHelpPaneServer.cpp
View File

@ -21,7 +21,7 @@ HRESULT CoInitializeIHxHelpIds(LPGUID Clsid, LPGUID Iid)
return Result;
}
HRESULT CreateProcessFromIHxHelpPaneServerW(PWCHAR UriFile)
HRESULT CreateProcessFromIHxHelpPaneServerW(_In_ PWCHAR UriFile)
{
HRESULT Result = S_OK;
GUID CLSID_IHxHelpPaneServer;
@ -48,7 +48,7 @@ HRESULT CreateProcessFromIHxHelpPaneServerW(PWCHAR UriFile)
return Win32FromHResult(Result);
}
HRESULT CreateProcessFromIHxHelpPaneServerA(PCHAR UriFile)
HRESULT CreateProcessFromIHxHelpPaneServerA(_In_ PCHAR UriFile)
{
HRESULT Result = S_OK;
GUID CLSID_IHxHelpPaneServer;

4
VX-API/CreateProcessFromIHxInteractiveUser.cpp
View File

@ -18,7 +18,7 @@ HRESULT CoInitializeIHxInteractiveUserIds(LPGUID Clsid, LPGUID Iid)
return Result;
}
HRESULT CreateProcessFromIHxInteractiveUserW(PWCHAR UriFile)
HRESULT CreateProcessFromIHxInteractiveUserW(_In_ PWCHAR UriFile)
{
HRESULT Result = S_OK;
GUID CLSID_IHxInteractiveUser;
@ -44,7 +44,7 @@ HRESULT CreateProcessFromIHxInteractiveUserW(PWCHAR UriFile)
return Win32FromHResult(Result);
}
HRESULT CreateProcessFromIHxInteractiveUserA(PCHAR UriFile)
HRESULT CreateProcessFromIHxInteractiveUserA(_In_ PCHAR UriFile)
{
HRESULT Result = S_OK;
GUID CLSID_IHxInteractiveUser;

4
VX-API/CreateProcessWithCfGuard.cpp
View File

@ -67,7 +67,7 @@ VOID UnusedSubroutineUpdateProcThreadAttribute(LPPROC_THREAD_ATTRIBUTE_LIST Attr
return;
}
BOOL CreateProcessWithCfGuardW(PPROCESS_INFORMATION Pi, PWCHAR Path)
BOOL CreateProcessWithCfGuardW(_Inout_ PPROCESS_INFORMATION Pi, _In_ PWCHAR Path)
{
BOOL bFlag = FALSE;
PPROC_THREAD_ATTRIBUTE_LIST ThreadAttributes = NULL;
@ -108,7 +108,7 @@ EXIT_ROUTINE:
return bFlag;
}
BOOL CreateProcessWithCfGuardA(PPROCESS_INFORMATION Pi, PCHAR Path)
BOOL CreateProcessWithCfGuardA(_Inout_ PPROCESS_INFORMATION Pi, PCHAR Path)
{
BOOL bFlag = FALSE;
PPROC_THREAD_ATTRIBUTE_LIST ThreadAttributes = NULL;

27
VX-API/GetOSIdentificationData.cpp
View File

@ -1,27 +0,0 @@
#include "Win32Helper.h"
DWORD GetOSIdentificationData(DWORD Id)
{
PPEB Peb = GetPeb();
switch (Id)
{
case 0:
return Peb->OSMajorVersion;
case 1:
return Peb->OSMinorVersion;
case 2:
return Peb->OSBuildNumber;
case 3:
return Peb->OSPlatformId;
default:
return 0;
}
return 0;
}

6
VX-API/GetOsBuildNumberFromPeb.cpp Normal file
View File

@ -0,0 +1,6 @@
#include "Win32Helper.h"
ULONG GetOsBuildNumberFromPeb(VOID)
{
return GetPeb()->OSBuildNumber;
}

6
VX-API/GetOsMajorVersionFromPeb.cpp Normal file
View File

@ -0,0 +1,6 @@
#include "Win32Helper.h"
ULONG GetOsMajorVersionFromPeb(VOID)
{
return GetPeb()->OSMajorVersion;
}

6
VX-API/GetOsMinorVersionFromPeb.cpp Normal file
View File

@ -0,0 +1,6 @@
#include "Win32Helper.h"
ULONG GetOsMinorVersionFromPeb(VOID)
{
return GetPeb()->OSMinorVersion;
}

6
VX-API/GetOsPlatformIdFromPeb.cpp Normal file
View File

@ -0,0 +1,6 @@
#include "Win32Helper.h"
ULONG GetOsPlatformIdFromPeb(VOID)
{
return GetPeb()->OSPlatformId;
}

4
VX-API/IsProcessRunning.cpp
View File

@ -2,7 +2,7 @@
#include <psapi.h>
BOOL IsProcessRunningA(PCHAR ProcessNameWithExtension, BOOL IsCaseSensitive)
BOOL IsProcessRunningA(_In_ PCHAR ProcessNameWithExtension, _In_ BOOL IsCaseSensitive)
{
HANDLE hProcess = NULL;
@ -53,7 +53,7 @@ BOOL IsProcessRunningA(PCHAR ProcessNameWithExtension, BOOL IsCaseSensitive)
return FALSE;
}
BOOL IsProcessRunningW(PWCHAR ProcessNameWithExtension, BOOL IsCaseSensitive)
BOOL IsProcessRunningW(_In_ PWCHAR ProcessNameWithExtension, _In_ BOOL IsCaseSensitive)
{
HANDLE hProcess = NULL;

4
VX-API/MpfComModifyShortcutTarget.cpp
View File

@ -3,7 +3,7 @@
#include <shobjidl_core.h>
#include <shlguid.h>
BOOL MpfComModifyShortcutTargetW(PWCHAR LnkPath, PWCHAR LnkExecutionProperty)
BOOL MpfComModifyShortcutTargetW(_In_ PWCHAR LnkPath, _In_ PWCHAR LnkExecutionProperty)
{
HRESULT Result = S_OK;
IShellLinkW* Shell = NULL;
@ -56,7 +56,7 @@ EXIT_ROUTINE:
return bFlag;
}
BOOL MpfComModifyShortcutTargetA(PCHAR LnkPath, PCHAR LnkExecutionProperty)
BOOL MpfComModifyShortcutTargetA(_In_ PCHAR LnkPath, _In_ PCHAR LnkExecutionProperty)
{
HRESULT Result = S_OK;
IShellLinkW* Shell = NULL;

2
VX-API/MpfComVssDeleteShadowVolumeBackups.cpp
View File

@ -157,7 +157,7 @@ EXIT_ROUTINE:
return Win32FromHResult(Result);
}
DWORD MpfComVssDeleteShadowVolumeBackups(BOOL CoUninitializeAfterCompletion)
DWORD MpfComVssDeleteShadowVolumeBackups(_In_ BOOL CoUninitializeAfterCompletion)
{
HRESULT Result = S_OK;
IVssCoordinator* VssCoordinator = NULL;

4
VX-API/OleGetClipboardData.cpp
View File

@ -1,6 +1,6 @@
#include "Win32Helper.h"
DWORD OleGetClipboardDataA(PCHAR Buffer)
DWORD OleGetClipboardDataA(_Inout_ PCHAR Buffer)
{
DWORD dwError = ERROR_SUCCESS;
HRESULT Result = S_OK;
@ -53,7 +53,7 @@ EXIT_ROUTINE:
return dwError;
}
DWORD OleGetClipboardDataW(PWCHAR Buffer)
DWORD OleGetClipboardDataW(_Inout_ PWCHAR Buffer)
{
DWORD dwError = ERROR_SUCCESS;
HRESULT Result = S_OK;

4
VX-API/UacBypassFodHelperMethod.cpp
View File

@ -21,7 +21,7 @@ EXIT_ROUTINE:
return FALSE;
}
BOOL UacBypassFodHelperMethodW(PWCHAR PathToBinaryToExecute, PPROCESS_INFORMATION Pi)
BOOL UacBypassFodHelperMethodW(_In_ PWCHAR PathToBinaryToExecute, _Inout_ PPROCESS_INFORMATION Pi)
{
HKEY hKey = HKEY_CURRENT_USER, hkResult;
WCHAR pvData[MAX_PATH * sizeof(WCHAR)] = { 0 };
@ -75,7 +75,7 @@ EXIT_ROUTINE:
return dwError;
}
BOOL UacBypassFodHelperMethodA(PCHAR PathToBinaryToExecute, PPROCESS_INFORMATION Pi)
BOOL UacBypassFodHelperMethodA(_In_ PCHAR PathToBinaryToExecute, _Inout_ PPROCESS_INFORMATION Pi)
{
HKEY hKey = HKEY_CURRENT_USER, hkResult;
CHAR pvData[MAX_PATH] = { 0 };

5
VX-API/VX-API.vcxproj
View File

@ -160,7 +160,10 @@
<ClCompile Include="GetLastNtStatusEx.cpp" />
<ClCompile Include="GetNumberOfLinkedDlls.cpp" />
<ClCompile Include="GetModuleHandleEx2.cpp" />
<ClCompile Include="GetOSIdentificationData.cpp" />
<ClCompile Include="GetOsBuildNumberFromPeb.cpp" />
<ClCompile Include="GetOsMajorVersionFromPeb.cpp" />
<ClCompile Include="GetOsMinorVersionFromPeb.cpp" />
<ClCompile Include="GetOsPlatformIdFromPeb.cpp" />
<ClCompile Include="GetPeb.cpp" />
<ClCompile Include="GetProcAddress.cpp" />
<ClCompile Include="GetProcAddressDjb2.cpp" />

21
VX-API/VX-API.vcxproj.filters
View File

@ -249,15 +249,9 @@
<ClCompile Include="IsProcessRunning.cpp">
<Filter>Source Files\Windows API Helper Functions\Fingerprinting</Filter>
</ClCompile>
<ClCompile Include="GetOSIdentificationData.cpp">
<Filter>Source Files\Windows API Helper Functions\Fingerprinting</Filter>
</ClCompile>
<ClCompile Include="IsProcessRunningAsAdmin.cpp">
<Filter>Source Files\Windows API Helper Functions\Fingerprinting</Filter>
</ClCompile>
<ClCompile Include="RemoveDllFromPeb.cpp">
<Filter>Source Files\Windows API Helper Functions\Malicious Capabilities</Filter>
</ClCompile>
<ClCompile Include="SetProcessPrivilegeToken.cpp">
<Filter>Source Files\Windows API Helper Functions\Helper Functions</Filter>
</ClCompile>
@ -333,6 +327,21 @@
<ClCompile Include="CreateProcessViaNtCreateUserProcess.cpp">
<Filter>Source Files\Windows API Helper Functions\Evasion</Filter>
</ClCompile>
<ClCompile Include="GetOsMajorVersionFromPeb.cpp">
<Filter>Source Files\Windows API Helper Functions\Fingerprinting</Filter>
</ClCompile>
<ClCompile Include="GetOsMinorVersionFromPeb.cpp">
<Filter>Source Files\Windows API Helper Functions\Fingerprinting</Filter>
</ClCompile>
<ClCompile Include="GetOsBuildNumberFromPeb.cpp">
<Filter>Source Files\Windows API Helper Functions\Fingerprinting</Filter>
</ClCompile>
<ClCompile Include="GetOsPlatformIdFromPeb.cpp">
<Filter>Source Files\Windows API Helper Functions\Fingerprinting</Filter>
</ClCompile>
<ClCompile Include="RemoveDllFromPeb.cpp">
<Filter>Source Files\Windows API Helper Functions\Evasion</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="Internal.h">

45
VX-API/Win32Helper.h
View File

@ -92,40 +92,41 @@ DWORD GetCurrentWindowTextFromUserProcessParametersA(_In_ DWORD nBufferLength, _
DWORD GetCurrentWindowTextFromUserProcessParametersW(_In_ DWORD nBufferLength, _Inout_ PWCHAR lpBuffer);
LONGLONG GetFileSizeFromPathW(_In_ PWCHAR Path, _In_ DWORD dwFlagsAndAttributes);
LONGLONG GetFileSizeFromPathA(_In_ PCHAR Path, _In_ DWORD dwFlagsAndAttributes);
BOOL RemoveDllFromPebA(_In_ LPCSTR lpModuleName);
BOOL RemoveDllFromPebW(_In_ LPCWSTR lpModuleName);
DWORD UrlDownloadToFileSynchronousW(_In_ PWCHAR Url, _In_ PWCHAR SavePath);
DWORD UrlDownloadToFileSynchronousA(_In_ PCHAR Url, _In_ PCHAR SavePath);
BOOL SetProcessPrivilegeToken(_In_ DWORD PrivilegeEnum);
//fingerprinting
DWORD GetNumberOfLinkedDlls(VOID);
DWORD GetOSIdentificationData(DWORD Id);
BOOL IsNvidiaGraphicsCardPresentA(VOID);
BOOL IsNvidiaGraphicsCardPresentW(VOID);
BOOL IsProcessRunningA(PCHAR ProcessNameWithExtension, BOOL IsCaseSensitive);
BOOL IsProcessRunningW(PWCHAR ProcessNameWithExtension, BOOL IsCaseSensitive);
BOOL IsProcessRunningA(_In_ PCHAR ProcessNameWithExtension, _In_ BOOL IsCaseSensitive);
BOOL IsProcessRunningW(_In_ PWCHAR ProcessNameWithExtension, _In_ BOOL IsCaseSensitive);
BOOL IsProcessRunningAsAdmin(VOID);
ULONG GetOsMajorVersionFromPeb(VOID);
ULONG GetOsMinorVersionFromPeb(VOID);
ULONG GetOsBuildNumberFromPeb(VOID);
ULONG GetOsPlatformIdFromPeb(VOID);
//malicious capabilities
DWORD OleGetClipboardDataA(PCHAR Buffer);
DWORD OleGetClipboardDataW(PWCHAR Buffer);
DWORD MpfComVssDeleteShadowVolumeBackups(BOOL CoUninitializeAfterCompletion);
BOOL MpfComModifyShortcutTargetW(PWCHAR LnkPath, PWCHAR LnkExecutionProperty);
BOOL MpfComModifyShortcutTargetA(PCHAR LnkPath, PCHAR LnkExecutionProperty);
DWORD OleGetClipboardDataA(_Inout_ PCHAR Buffer);
DWORD OleGetClipboardDataW(_Inout_ PWCHAR Buffer);
DWORD MpfComVssDeleteShadowVolumeBackups(_In_ BOOL CoUninitializeAfterCompletion);
BOOL MpfComModifyShortcutTargetW(_In_ PWCHAR LnkPath, _In_ PWCHAR LnkExecutionProperty);
BOOL MpfComModifyShortcutTargetA(_In_ PCHAR LnkPath, _In_ PCHAR LnkExecutionProperty);
BOOL UacBypassFodHelperMethodA(_In_ PCHAR PathToBinaryToExecute, _Inout_ PPROCESS_INFORMATION Pi);
BOOL UacBypassFodHelperMethodW(_In_ PWCHAR PathToBinaryToExecute, _Inout_ PPROCESS_INFORMATION Pi);
//evasion
BOOL CreateProcessWithCfGuardW(PPROCESS_INFORMATION Pi, PWCHAR Path);
BOOL CreateProcessWithCfGuardA(PPROCESS_INFORMATION Pi, PCHAR Path);
HRESULT CreateProcessFromIHxInteractiveUserW(PWCHAR UriFile);
HRESULT CreateProcessFromIHxInteractiveUserA(PCHAR UriFile);
HRESULT CreateProcessFromIHxHelpPaneServerW(PWCHAR UriFile);
HRESULT CreateProcessFromIHxHelpPaneServerA(PCHAR UriFile);
BOOL CreateProcessWithCfGuardW(_Inout_ PPROCESS_INFORMATION Pi, _In_ PWCHAR Path);
BOOL CreateProcessWithCfGuardA(_Inout_ PPROCESS_INFORMATION Pi, _In_ PCHAR Path);
HRESULT CreateProcessFromIHxInteractiveUserW(_In_ PWCHAR UriFile);
HRESULT CreateProcessFromIHxInteractiveUserA(_In_ PCHAR UriFile);
HRESULT CreateProcessFromIHxHelpPaneServerW(_In_ PWCHAR UriFile);
HRESULT CreateProcessFromIHxHelpPaneServerA(_In_ PCHAR UriFile);
BOOL MasqueradePebAsExplorer(VOID);
BOOL CreateFileFromDsCopyFromSharedFileW(PWCHAR NewFileName, PWCHAR FileToClone);
BOOL CreateFileFromDsCopyFromSharedFileA(PCHAR NewFileName, PCHAR FileToClone);
BOOL UacBypassFodHelperMethodA(PCHAR PathToBinaryToExecute, PPROCESS_INFORMATION Pi);
BOOL UacBypassFodHelperMethodW(PWCHAR PathToBinaryToExecute, PPROCESS_INFORMATION Pi);
BOOL CreateFileFromDsCopyFromSharedFileW(_In_ PWCHAR NewFileName, _In_ PWCHAR FileToClone);
BOOL CreateFileFromDsCopyFromSharedFileA(_In_ PCHAR NewFileName, _In_ PCHAR FileToClone);
BOOL DelayedExecutionExecuteOnDisplayOff(VOID);
DWORD CreateProcessFromShellExecuteInExplorerProcessW(_In_ PWCHAR BinaryPath);
DWORD CreateProcessFromShellExecuteInExplorerProcessA(_In_ PCHAR BinaryPath);
@ -133,11 +134,13 @@ DWORD CreateProcessFromIShellDispatchInvokeW(_In_ PWCHAR BinaryPath);
DWORD CreateProcessFromIShellDispatchInvokeA(_In_ PCHAR BinaryPath);
DWORD CreateProcessViaNtCreateUserProcessW(PWCHAR FullBinaryPath);
DWORD CreateProcessViaNtCreateUserProcessA(PCHAR FullBinaryPath);
BOOL RemoveDllFromPebA(_In_ LPCSTR lpModuleName);
BOOL RemoveDllFromPebW(_In_ LPCWSTR lpModuleName);
//antidebug
BOOL AdfCloseHandleOnInvalidAddress(VOID);
BOOL AdfIsCreateProcessDebugEventCodeSet(VOID);
BOOL AdfOpenProcessOnCsrss(VOID);
BOOL IsIntelHardwareBreakpointPresent(VOID);
BOOL CheckRemoteDebuggerPresentEx(HANDLE hHandle, PBOOL pbDebuggerPresent);
BOOL CheckRemoteDebuggerPresent2(_In_ HANDLE hHandle, _Inout_ PBOOL pbDebuggerPresent);
BOOL IsDebuggerPresentEx(VOID);