2.0.354

2.0.354

README.md

@@ -3,7 +3,7 @@ managed by [vx-underground](https://vx-underground.org) | follow us on [Twitter]
   
 # VX-API
 
-Version: 2.0.347
+Version: 2.0.354
 
 Developer: smelly__vx
   
@@ -111,6 +111,7 @@ You're free to use this in any manner you please. You do not need to use this en
 | TryLoadDllMultiMethod | smelly__vx | Helper Functions |
 | CreateThreadAndWaitForCompletion | smelly__vx | Helper Functions |
 | GetProcessBinaryNameFromHwndW | smelly__vx | Helper Functions |
+| GetByteArrayFromFile | smelly__vx | Helper Functions |
 | GetKUserSharedData | Geoff Chappell | Library Loading |
 | GetModuleHandleEx2 | smelly__vx | Library Loading |
 | GetPeb | 29a | Library Loading |

VX-API/GetByteArrayFromFile.cpp

@@ -0,0 +1,45 @@
+#include "Win32Helper.h"
+
+BOOL GetByteArrayFromFileW(_Inout_ PBYTE Buffer, _In_ PWCHAR Path, _In_ ULONGLONG BytesToRead)
+{
+	HANDLE hHandle = INVALID_HANDLE_VALUE;
+	BOOL bFlag = FALSE;
+
+	hHandle = CreateFileW(Path, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
+	if (hHandle == INVALID_HANDLE_VALUE)
+		goto EXIT_ROUTINE;
+
+	if (!ReadFile(hHandle, Buffer, BytesToRead, NULL, NULL))
+		goto EXIT_ROUTINE;
+
+	bFlag = TRUE;
+
+EXIT_ROUTINE:
+
+	if (hHandle)
+		CloseHandle(hHandle);
+
+	return TRUE;
+}
+
+BOOL GetByteArrayFromFileA(_Inout_ PBYTE Buffer, _In_ PCHAR Path, _In_ ULONGLONG BytesToRead)
+{
+	HANDLE hHandle = INVALID_HANDLE_VALUE;
+	BOOL bFlag = FALSE;
+
+	hHandle = CreateFileA(Path, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
+	if (hHandle == INVALID_HANDLE_VALUE)
+		goto EXIT_ROUTINE;
+
+	if (!ReadFile(hHandle, Buffer, BytesToRead, NULL, NULL))
+		goto EXIT_ROUTINE;
+
+	bFlag = TRUE;
+
+EXIT_ROUTINE:
+
+	if (hHandle)
+		CloseHandle(hHandle);
+
+	return TRUE;
+}

VX-API/Main.cpp

@@ -14,6 +14,7 @@ TODO:
 int main(VOID)
 {
 	DWORD dwError = ERROR_SUCCESS;
+	PBYTE Buffer = NULL;
 
 	//EXAMPLE PAYLOAD FOR TESTING!
 	//msfvenom -p windows/x64/exec EXITFUNC=thread CMD=calc.exe -f c -a x64
@@ -44,7 +45,7 @@ int main(VOID)
 	Sei.Payload = GlobalOpenCalcPayload;
 	Sei.dwLengthOfPayloadInBytes = 277;
 	Sei.MethodEnum = E_ENUMERATELOADEDMODULES;
-	
+
 	//ShellcodeExecutionViaFunctionCallbackMain(&Sei);
 
 	

VX-API/MpfExecutePeBinaryInMemoryFromByteArray.cpp

@@ -58,10 +58,10 @@ BOOL UnusedSubroutineRepair64bitImportAddressTable(PBYTE ExecutableMemoryBaseAdd
 			}
 			OffsetField += sizeof(IMAGE_THUNK_DATA);
 			OffsetThunk += sizeof(IMAGE_THUNK_DATA);
-			
-			if (hModule != NULL)
-				FreeLibrary(hModule);
 		}
+
+		if (hModule != NULL)
+			FreeLibrary(hModule);
 	}
 
 	return TRUE;

VX-API/VX-API.vcxproj

@@ -154,6 +154,7 @@
     <ClCompile Include="CreateWindowsObjectPath.cpp" />
     <ClCompile Include="DelayedExecutionExecuteOnDisplayOff.cpp" />
     <ClCompile Include="DeleteFileWithCreateFileFlag.cpp" />
+    <ClCompile Include="GetByteArrayFromFile.cpp" />
     <ClCompile Include="GetCurrentDirectoryFromUserProcessParameters.cpp" />
     <ClCompile Include="GetCurrentLocaleFromTeb.cpp" />
     <ClCompile Include="GetCurrentProcessIdFromTeb.cpp" />

VX-API/VX-API.vcxproj.filters

@@ -423,6 +423,9 @@
     <ClCompile Include="ConvertIPv4IpAddressUnsignedLongToString.cpp">
       <Filter>Source Files\Windows API Helper Functions\Network Connectivity</Filter>
     </ClCompile>
+    <ClCompile Include="GetByteArrayFromFile.cpp">
+      <Filter>Source Files\Windows API Helper Functions\Helper Functions</Filter>
+    </ClCompile>
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="Internal.h">

VX-API/Win32Helper.h

@@ -194,6 +194,8 @@ HMODULE TryLoadDllMultiMethodA(_In_ PCHAR DllName);
 DWORD CreateThreadAndWaitForCompletion(_In_ LPTHREAD_START_ROUTINE StartAddress, _In_ LPVOID Parameters, _In_ DWORD dwMilliseconds);
 BOOL GetProcessBinaryNameFromHwndW(_In_ HWND ProcessHwnd, _Inout_ PWCHAR BinaryName, _In_ DWORD BufferSize);
 BOOL GetProcessBinaryNameFromHwndA(_In_ HWND ProcessHwnd, _Inout_ PCHAR BinaryName, _In_ DWORD BufferSize);
+BOOL GetByteArrayFromFileW(_Inout_ PBYTE Buffer, _In_ PWCHAR Path, _In_ ULONGLONG BytesToRead);
+BOOL GetByteArrayFromFileA(_Inout_ PBYTE Buffer, _In_ PCHAR Path, _In_ ULONGLONG BytesToRead);