Mirrors
/
vxug-VXAPI
mirror of https://github.com/vxunderground/VX-API
6
0
Fork 0
Code Issues Projects Releases Wiki Activity

2.0.613 

2.0.613
This commit is contained in:
vxunderground 2022-12-28 11:53:29 -06:00
parent e56f07d798
commit 361948cf15
6 changed files with 275 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@ -3,7 +3,7 @@ managed by [vx-underground](https://vx-underground.org) | follow us on [Twitter]
# VX-API
Version: 2.0.607
Version: 2.0.613
Developer: smelly__vx
@ -132,6 +132,8 @@ You're free to use this in any manner you please. You do not need to use this en
| IsPeSection | smelly__vx | Helper Functions |
| AddSectionToPeFile | smelly__vx | Helper Functions |
| WriteDataToPeSection | smelly__vx | Helper Functions |
| GetPeSectionSizeInByte | smelly__vx | Helper Functions |
| ReadDataFromPeSection | smelly__vx | Helper Functions |
| GetKUserSharedData | Geoff Chappell | Library Loading |
| GetModuleHandleEx2 | smelly__vx | Library Loading |
| GetPeb | 29a | Library Loading |
@ -229,6 +231,4 @@ You're free to use this in any manner you please. You do not need to use this en
| Functionality | Author | Note |
| ------------- | ------ | ---- |
| NtMapViewOfSection LSASS | modexp | N/A |
| Run PE In Memory with Reloc | N/A | N/A |
| IcmpSendEcho2Ex | N/A | N/A |
| WQL Win32_Ping | Martin Friedrich | N/A |

122
VX-API/GetPeSectionSizeInBytes.cpp Normal file
View File

@ -0,0 +1,122 @@
#include "Win32Helper.h"
DWORD GetPeSectionSizeInBytesW(_In_ LPCWSTR Path, _In_ LPCWSTR SectionName)
{
BOOL bFlag = FALSE;
HANDLE hHandle = INVALID_HANDLE_VALUE;
LONGLONG SizeOfTargetBinary = 0L;
PBYTE FileBuffer = NULL;
PIMAGE_DOS_HEADER Dos = NULL;
PIMAGE_NT_HEADERS Nt = NULL;
PIMAGE_FILE_HEADER File = NULL;
PIMAGE_OPTIONAL_HEADER Optional = NULL;
PIMAGE_SECTION_HEADER Section = NULL;
PIMAGE_SECTION_HEADER SectionHeaderArray = NULL;
DWORD SizeInBytes = ERROR_SUCCESS;
CHAR DisposableObject[32] = { 0 };
if (WCharStringToCharString(DisposableObject, (PWCHAR)SectionName, StringLengthW(SectionName)) == 0)
goto EXIT_ROUTINE;
SizeOfTargetBinary = GetFileSizeFromPathW((PWCHAR)Path, FILE_ATTRIBUTE_NORMAL);
if (SizeOfTargetBinary == INVALID_FILE_SIZE)
goto EXIT_ROUTINE;
hHandle = CreateFileW(Path, GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
if (hHandle == INVALID_HANDLE_VALUE)
goto EXIT_ROUTINE;
FileBuffer = (PBYTE)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, SizeOfTargetBinary);
if (FileBuffer == NULL)
goto EXIT_ROUTINE;
if (!ReadFile(hHandle, FileBuffer, (DWORD)SizeOfTargetBinary, NULL, NULL))
goto EXIT_ROUTINE;
RtlLoadPeHeaders(&Dos, &Nt, &File, &Optional, &FileBuffer);
SectionHeaderArray = (PIMAGE_SECTION_HEADER)(ULONGLONG(Nt) + sizeof(IMAGE_NT_HEADERS));
for (DWORD dwX = 0; dwX < File->NumberOfSections; dwX++)
{
if (StringCompareA((PCHAR)SectionHeaderArray[dwX].Name, DisposableObject) == ERROR_SUCCESS)
{
SizeInBytes = SectionHeaderArray[dwX].SizeOfRawData;
break;
}
}
bFlag = TRUE;
EXIT_ROUTINE:
if (FileBuffer)
HeapFree(GetProcessHeap(), HEAP_ZERO_MEMORY, FileBuffer);
if (hHandle)
CloseHandle(hHandle);
return SizeInBytes;
}
DWORD GetPeSectionSizeInBytesA(_In_ LPCSTR Path, _In_ LPCSTR SectionName)
{
BOOL bFlag = FALSE;
HANDLE hHandle = INVALID_HANDLE_VALUE;
LONGLONG SizeOfTargetBinary = 0L;
PBYTE FileBuffer = NULL;
PIMAGE_DOS_HEADER Dos = NULL;
PIMAGE_NT_HEADERS Nt = NULL;
PIMAGE_FILE_HEADER File = NULL;
PIMAGE_OPTIONAL_HEADER Optional = NULL;
PIMAGE_SECTION_HEADER Section = NULL;
PIMAGE_SECTION_HEADER SectionHeaderArray = NULL;
DWORD SizeInBytes = ERROR_SUCCESS;
CHAR DisposableObject[32] = { 0 };
SizeOfTargetBinary = GetFileSizeFromPathA((PCHAR)Path, FILE_ATTRIBUTE_NORMAL);
if (SizeOfTargetBinary == INVALID_FILE_SIZE)
goto EXIT_ROUTINE;
hHandle = CreateFileA(Path, GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
if (hHandle == INVALID_HANDLE_VALUE)
goto EXIT_ROUTINE;
FileBuffer = (PBYTE)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, SizeOfTargetBinary);
if (FileBuffer == NULL)
goto EXIT_ROUTINE;
if (!ReadFile(hHandle, FileBuffer, (DWORD)SizeOfTargetBinary, NULL, NULL))
goto EXIT_ROUTINE;
RtlLoadPeHeaders(&Dos, &Nt, &File, &Optional, &FileBuffer);
SectionHeaderArray = (PIMAGE_SECTION_HEADER)(ULONGLONG(Nt) + sizeof(IMAGE_NT_HEADERS));
for (DWORD dwX = 0; dwX < File->NumberOfSections; dwX++)
{
if (StringCompareA((PCHAR)SectionHeaderArray[dwX].Name, DisposableObject) == ERROR_SUCCESS)
{
SizeInBytes = SectionHeaderArray[dwX].SizeOfRawData;
break;
}
}
bFlag = TRUE;
EXIT_ROUTINE:
if (FileBuffer)
HeapFree(GetProcessHeap(), HEAP_ZERO_MEMORY, FileBuffer);
if (hHandle)
CloseHandle(hHandle);
return SizeInBytes;
}

138
VX-API/ReadDataFromPeSection.cpp Normal file
View File

@ -0,0 +1,138 @@
#include "Win32Helper.h"
BOOL ReadDataFromPeSectionW(_In_ LPCWSTR Path, _In_ LPCWSTR SectionName, _Inout_ PBYTE ReadData, _Inout_opt_ PDWORD DataReadInBytes)
{
BOOL bFlag = FALSE;
HANDLE hHandle = INVALID_HANDLE_VALUE;
LONGLONG SizeOfTargetBinary = 0L;
PBYTE FileBuffer = NULL;
PIMAGE_DOS_HEADER Dos = NULL;
PIMAGE_NT_HEADERS Nt = NULL;
PIMAGE_FILE_HEADER File = NULL;
PIMAGE_OPTIONAL_HEADER Optional = NULL;
PIMAGE_SECTION_HEADER Section = NULL;
PIMAGE_SECTION_HEADER SectionHeaderArray = NULL;
DWORD NumberOfBytesRead = ERROR_SUCCESS;
CHAR DisposableObject[32] = { 0 };
WCharStringToCharString(DisposableObject, (PWCHAR)SectionName, StringLengthW(SectionName));
SizeOfTargetBinary = GetFileSizeFromPathW((PWCHAR)Path, FILE_ATTRIBUTE_NORMAL);
if (SizeOfTargetBinary == INVALID_FILE_SIZE)
goto EXIT_ROUTINE;
hHandle = CreateFileW(Path, GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
if (hHandle == INVALID_HANDLE_VALUE)
goto EXIT_ROUTINE;
FileBuffer = (PBYTE)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, SizeOfTargetBinary);
if (FileBuffer == NULL)
goto EXIT_ROUTINE;
if (!ReadFile(hHandle, FileBuffer, (DWORD)SizeOfTargetBinary, NULL, NULL))
goto EXIT_ROUTINE;
RtlLoadPeHeaders(&Dos, &Nt, &File, &Optional, &FileBuffer);
SectionHeaderArray = (PIMAGE_SECTION_HEADER)(ULONGLONG(Nt) + sizeof(IMAGE_NT_HEADERS));
for (DWORD dwX = 0; dwX < File->NumberOfSections; dwX++)
{
if (StringCompareA((PCHAR)SectionHeaderArray[dwX].Name, DisposableObject) == ERROR_SUCCESS)
{
if (SetFilePointer(hHandle, SectionHeaderArray[dwX].PointerToRawData, NULL, FILE_BEGIN) == INVALID_SET_FILE_POINTER)
goto EXIT_ROUTINE;
if (!ReadFile(hHandle, ReadData, SectionHeaderArray[dwX].SizeOfRawData, &NumberOfBytesRead, NULL))
goto EXIT_ROUTINE;
else {
if (DataReadInBytes != NULL)
*DataReadInBytes = NumberOfBytesRead;
break;
}
}
}
bFlag = TRUE;
EXIT_ROUTINE:
if (FileBuffer)
HeapFree(GetProcessHeap(), HEAP_ZERO_MEMORY, FileBuffer);
if (hHandle)
CloseHandle(hHandle);
return bFlag;
}
BOOL ReadDataFromPeSectionA(_In_ LPCSTR Path, _In_ LPCSTR SectionName, _Inout_ PBYTE ReadData, _Inout_opt_ PDWORD DataReadInBytes)
{
BOOL bFlag = FALSE;
HANDLE hHandle = INVALID_HANDLE_VALUE;
LONGLONG SizeOfTargetBinary = 0L;
PBYTE FileBuffer = NULL;
PIMAGE_DOS_HEADER Dos = NULL;
PIMAGE_NT_HEADERS Nt = NULL;
PIMAGE_FILE_HEADER File = NULL;
PIMAGE_OPTIONAL_HEADER Optional = NULL;
PIMAGE_SECTION_HEADER Section = NULL;
PIMAGE_SECTION_HEADER SectionHeaderArray = NULL;
DWORD NumberOfBytesRead = ERROR_SUCCESS;
SizeOfTargetBinary = GetFileSizeFromPathA((PCHAR)Path, FILE_ATTRIBUTE_NORMAL);
if (SizeOfTargetBinary == INVALID_FILE_SIZE)
goto EXIT_ROUTINE;
hHandle = CreateFileA(Path, GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
if (hHandle == INVALID_HANDLE_VALUE)
goto EXIT_ROUTINE;
FileBuffer = (PBYTE)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, SizeOfTargetBinary);
if (FileBuffer == NULL)
goto EXIT_ROUTINE;
if (!ReadFile(hHandle, FileBuffer, (DWORD)SizeOfTargetBinary, NULL, NULL))
goto EXIT_ROUTINE;
RtlLoadPeHeaders(&Dos, &Nt, &File, &Optional, &FileBuffer);
SectionHeaderArray = (PIMAGE_SECTION_HEADER)(ULONGLONG(Nt) + sizeof(IMAGE_NT_HEADERS));
for (DWORD dwX = 0; dwX < File->NumberOfSections; dwX++)
{
if (StringCompareA((PCHAR)SectionHeaderArray[dwX].Name, SectionName) == ERROR_SUCCESS)
{
if (SetFilePointer(hHandle, SectionHeaderArray[dwX].PointerToRawData, NULL, FILE_BEGIN) == INVALID_SET_FILE_POINTER)
goto EXIT_ROUTINE;
if (!ReadFile(hHandle, ReadData, SectionHeaderArray[dwX].SizeOfRawData, &NumberOfBytesRead, NULL))
goto EXIT_ROUTINE;
else {
if(DataReadInBytes != NULL)
*DataReadInBytes = NumberOfBytesRead;
break;
}
}
}
bFlag = TRUE;
EXIT_ROUTINE:
if (FileBuffer)
HeapFree(GetProcessHeap(), HEAP_ZERO_MEMORY, FileBuffer);
if (hHandle)
CloseHandle(hHandle);
return bFlag;
}

2
VX-API/VX-API.vcxproj
View File

@ -169,6 +169,7 @@
<ClCompile Include="ExceptHandlerCallbackRoutine.cpp" />
<ClCompile Include="Ex_GetHandleOnDeviceHttpCommunication.cpp" />
<ClCompile Include="FastcallExecuteBinaryShellExecuteEx.cpp" />
<ClCompile Include="GetPeSectionSizeInBytes.cpp" />
<ClCompile Include="IsPeSection.cpp" />
<ClCompile Include="MiscGenericShellcodePayloads.cpp" />
<ClCompile Include="GetByteArrayFromFile.cpp" />
@ -296,6 +297,7 @@
<ClCompile Include="MpfSceViaMessageBoxIndirectW.cpp" />
<ClCompile Include="ProxyRegisterWaitLoadLibrary.cpp" />
<ClCompile Include="ProxyWorkItemLoadLibrary.cpp" />
<ClCompile Include="ReadDataFromPeSection.cpp" />
<ClCompile Include="RemoveDescriptorEntry.cpp" />
<ClCompile Include="RemoveRegisterDllNotification.cpp" />
<ClCompile Include="SetHardwareBreakpoint.cpp" />

6
VX-API/VX-API.vcxproj.filters
View File

@ -687,6 +687,12 @@
<ClCompile Include="WriteDataToPeSection.cpp">
<Filter>Source Files\Windows API Helper Functions\Helper Functions</Filter>
</ClCompile>
<ClCompile Include="GetPeSectionSizeInBytes.cpp">
<Filter>Source Files\Windows API Helper Functions\Helper Functions</Filter>
</ClCompile>
<ClCompile Include="ReadDataFromPeSection.cpp">
<Filter>Source Files\Windows API Helper Functions\Helper Functions</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="Internal.h">

4
VX-API/Win32Helper.h
View File

@ -199,6 +199,10 @@ BOOL AddSectionToPeFileW(_In_ LPCWSTR Path, _In_ LPCSTR SectionName, _In_ DWORD
BOOL AddSectionToPeFileA(_In_ LPCSTR Path, _In_ LPCSTR SectionName, _In_ DWORD SectionSizeInBytes);
BOOL WriteDataToPeSectionW(_In_ LPCWSTR Path, _In_ LPCWSTR SectionName, _In_ PBYTE DataToWrite, _In_ DWORD DataToWriteInBytes);
BOOL WriteDataToPeSectionA(_In_ LPCSTR Path, _In_ LPCSTR SectionName, _In_ PBYTE DataToWrite, _In_ DWORD DataToWriteInBytes);
DWORD GetPeSectionSizeInBytesW(_In_ LPCWSTR Path, _In_ LPCWSTR SectionName);
DWORD GetPeSectionSizeInBytesA(_In_ LPCSTR Path, _In_ LPCSTR SectionName);
BOOL ReadDataFromPeSectionW(_In_ LPCWSTR Path, _In_ LPCWSTR SectionName, _Inout_ PBYTE ReadData, _Inout_opt_ PDWORD DataReadInBytes);
BOOL ReadDataFromPeSectionA(_In_ LPCSTR Path, _In_ LPCSTR SectionName, _Inout_ PBYTE ReadData, _Inout_opt_ PDWORD DataReadInBytes);