2.0.364

2022-11-05 09:45:41 -05:00 · 2022-11-05 09:45:41 -05:00 · 5ad9483048
parent 2f24a9c5e3
commit 5ad9483048
10 changed files with 110 additions and 10 deletions
--- a/README.md
+++ b/README.md
@ -143,6 +143,8 @@ You're free to use this in any manner you please. You do not need to use this en
 | ConvertIPv4StringToUnsignedLong | smelly__vx | Networking |
 | SendIcmpEchoMessageToIPv4Host | smelly__vx | Networking |
 | ConvertIPv4IpAddressUnsignedLongToString | smelly__vx | Networking |
+| DnsGetDomainNameIPv4AddressAsString | smelly__vx | Networking |
+| DnsGetDomainNameIPv4AddressUnsignedLong | smelly__vx | Networking |


 # Todo list
@ -152,7 +154,6 @@ You're free to use this in any manner you please. You do not need to use this en
 | Run PE In Memory with Reloc | N/A | N/A |
 | IcmpSendEcho2Ex | N/A | N/A |
 | WQL Win32_Ping | Martin Friedrich | N/A |
-| Resolve DNS to IP | N/A | N/A |
 | Process Injection | N/A | N/A |
 | More String Manipulation code | N/A | Continuous Improvement |
 | More hashing algorithms | N/A | Continuous Improvement |
--- a/VX-API/DnsGetDomainNameIPv4AddressAsString.cpp
+++ b/VX-API/DnsGetDomainNameIPv4AddressAsString.cpp
@ -0,0 +1,33 @@
+#include "Win32Helper.h"
+
+DWORD DnsGetDomainNameIPv4AddressAsStringW(_In_ PWCHAR DomainName, _Inout_ PWCHAR IPv4IPAddress)
+{
+	DNS_STATUS Status = ERROR_SUCCESS;
+	PDNS_RECORD DnsRecord = NULL;
+
+	Status = DnsQuery_W(DomainName, DNS_TYPE_A, DNS_QUERY_BYPASS_CACHE, NULL, &DnsRecord, NULL);
+	
+	if (DnsRecord && DnsRecord->Data.A.IpAddress != 0)
+		ConvertIPv4IpAddressUnsignedLongToStringW(DnsRecord->Data.A.IpAddress, IPv4IPAddress);
+
+	if (DnsRecord)
+		DnsRecordListFree(DnsRecord, DnsFreeRecordListDeep);
+
+	return Status;
+}
+
+DWORD DnsGetDomainNameIPv4AddressAsStringA(_In_ PCHAR DomainName, _Inout_ PCHAR IPv4IPAddress)
+{
+	DNS_STATUS Status = ERROR_SUCCESS;
+	PDNS_RECORD DnsRecord = NULL;
+
+	Status = DnsQuery_A(DomainName, DNS_TYPE_A, DNS_QUERY_BYPASS_CACHE, NULL, &DnsRecord, NULL);
+
+	if (DnsRecord && DnsRecord->Data.A.IpAddress != 0)
+		ConvertIPv4IpAddressUnsignedLongToStringA(DnsRecord->Data.A.IpAddress, IPv4IPAddress);
+
+	if (DnsRecord)
+		DnsRecordListFree(DnsRecord, DnsFreeRecordListDeep);
+
+	return Status;
+}
--- a/VX-API/DnsGetDomainNameIPv4AddressUnsignedLong.cpp
+++ b/VX-API/DnsGetDomainNameIPv4AddressUnsignedLong.cpp
@ -0,0 +1,35 @@
+#include "Win32Helper.h"
+
+ULONG DnsGetDomainNameIPv4AddressUnsignedLongW(_In_ PWCHAR DomainName)
+{
+	DNS_STATUS Status = ERROR_SUCCESS;
+	PDNS_RECORD DnsRecord = NULL;
+	ULONG ReturnValue = ERROR_SUCCESS;
+
+	DnsQuery_W(DomainName, DNS_TYPE_A, DNS_QUERY_BYPASS_CACHE, NULL, &DnsRecord, NULL);
+
+	if (DnsRecord && DnsRecord->Data.A.IpAddress != 0)
+		ReturnValue = DnsRecord->Data.A.IpAddress;
+
+	if (DnsRecord)
+		DnsRecordListFree(DnsRecord, DnsFreeRecordListDeep);
+
+	return ReturnValue;
+}
+
+ULONG DnsGetDomainNameIPv4AddressUnsignedLongA(_In_ PCHAR DomainName)
+{
+	DNS_STATUS Status = ERROR_SUCCESS;
+	PDNS_RECORD DnsRecord = NULL;
+	ULONG ReturnValue = ERROR_SUCCESS;
+
+	DnsQuery_A(DomainName, DNS_TYPE_A, DNS_QUERY_BYPASS_CACHE, NULL, &DnsRecord, NULL);
+
+	if (DnsRecord && DnsRecord->Data.A.IpAddress != 0)
+		ReturnValue = DnsRecord->Data.A.IpAddress;
+
+	if (DnsRecord)
+		DnsRecordListFree(DnsRecord, DnsFreeRecordListDeep);
+
+	return ReturnValue;
+}
--- a/VX-API/GetByteArrayFromFile.cpp
+++ b/VX-API/GetByteArrayFromFile.cpp
@ -9,7 +9,7 @@ BOOL GetByteArrayFromFileW(_Inout_ PBYTE Buffer, _In_ PWCHAR Path, _In_ ULONGLON
 	if (hHandle == INVALID_HANDLE_VALUE)
 		goto EXIT_ROUTINE;

-	if (!ReadFile(hHandle, Buffer, BytesToRead, NULL, NULL))
+	if (!ReadFile(hHandle, Buffer, (DWORD)BytesToRead, NULL, NULL))
 		goto EXIT_ROUTINE;

 	bFlag = TRUE;
@ -31,7 +31,7 @@ BOOL GetByteArrayFromFileA(_Inout_ PBYTE Buffer, _In_ PCHAR Path, _In_ ULONGLONG
 	if (hHandle == INVALID_HANDLE_VALUE)
 		goto EXIT_ROUTINE;

-	if (!ReadFile(hHandle, Buffer, BytesToRead, NULL, NULL))
+	if (!ReadFile(hHandle, Buffer, (DWORD)BytesToRead, NULL, NULL))
 		goto EXIT_ROUTINE;

 	bFlag = TRUE;
--- a/VX-API/GetPeb.cpp
+++ b/VX-API/GetPeb.cpp
@ -18,4 +18,23 @@ PPEB GetPebFromTeb(VOID)
 	Teb = (PTEB)__readfsdword(0x18);
 #endif
 	return (PPEB)Teb->ProcessEnvironmentBlock;
-}
+}
+
+/*
+
+#if defined(_M_X64) || defined(__amd64__)
+			return reinterpret_cast<const win::PEB_T*>(__readgsqword(0x60));
+#elif defined(_M_IX86) || defined(__i386__)
+			return reinterpret_cast<const win::PEB_T*>(__readfsdword(0x30));
+#elif defined(_M_ARM) || defined(__arm__)
+			return *reinterpret_cast<const win::PEB_T**>(_MoveFromCoprocessor(15, 0, 13, 0, 2) + 0x30);
+#elif defined(_M_ARM64) || defined(__aarch64__)
+			return *reinterpret_cast<const win::PEB_T**>(__getReg(18) + 0x60);
+#elif defined(_M_IA64) || defined(__ia64__)
+			return *reinterpret_cast<const win::PEB_T**>(static_cast<char*>(_rdteb()) + 0x60);
+#else
+#error Unsupported platform.
+#endif
+
+
+*/
--- a/VX-API/Main.cpp
+++ b/VX-API/Main.cpp
@ -1,9 +1,5 @@
-#include <Windows.h>
-#include "Internal.h"
-#include "StringManipulation.h"
 #include "Win32Helper.h"

-
 /*
 TODO:
 	- Ping with 'IcmpSendEcho2Ex'
@ -45,10 +41,12 @@ int main(VOID)
 	Sei.Payload = GlobalOpenCalcPayload;
 	Sei.dwLengthOfPayloadInBytes = 277;
 	Sei.MethodEnum = E_ENUMERATELOADEDMODULES;
+	WCHAR IpAddress[32] = { 0 };

+	DnsGetDomainNameIPv4AddressAsStringW((PWCHAR)L"google.com", (PWCHAR)IpAddress);
+	
 	//ShellcodeExecutionViaFunctionCallbackMain(&Sei);

-	
 	return dwError;
 }

--- a/VX-API/VX-API.vcxproj
+++ b/VX-API/VX-API.vcxproj
@ -154,6 +154,8 @@
    <ClCompile Include="CreateWindowsObjectPath.cpp" />
    <ClCompile Include="DelayedExecutionExecuteOnDisplayOff.cpp" />
    <ClCompile Include="DeleteFileWithCreateFileFlag.cpp" />
+    <ClCompile Include="DnsGetDomainNameIPv4AddressAsString.cpp" />
+    <ClCompile Include="DnsGetDomainNameIPv4AddressUnsignedLong.cpp" />
    <ClCompile Include="GetByteArrayFromFile.cpp" />
    <ClCompile Include="GetCurrentDirectoryFromUserProcessParameters.cpp" />
    <ClCompile Include="GetCurrentLocaleFromTeb.cpp" />
--- a/VX-API/VX-API.vcxproj.filters
+++ b/VX-API/VX-API.vcxproj.filters
@ -426,6 +426,12 @@
    <ClCompile Include="GetByteArrayFromFile.cpp">
      <Filter>Source Files\Windows API Helper Functions\Helper Functions</Filter>
    </ClCompile>
+    <ClCompile Include="DnsGetDomainNameIPv4AddressAsString.cpp">
+      <Filter>Source Files\Windows API Helper Functions\Network Connectivity</Filter>
+    </ClCompile>
+    <ClCompile Include="DnsGetDomainNameIPv4AddressUnsignedLong.cpp">
+      <Filter>Source Files\Windows API Helper Functions\Network Connectivity</Filter>
+    </ClCompile>
  </ItemGroup>
  <ItemGroup>
    <ClInclude Include="Internal.h">
--- a/VX-API/Win32Helper.h
+++ b/VX-API/Win32Helper.h
@ -12,8 +12,10 @@
 #include <powrprof.h>
 #include <Iphlpapi.h>
 #include <icmpapi.h>
+#include <windns.h>


+#pragma comment(lib, "Dnsapi.lib")
 #pragma comment(lib, "Iphlpapi.lib")
 #pragma comment(lib, "Crypt32.lib")
 #pragma comment(lib, "Dbghelp.lib")
@ -297,4 +299,8 @@ ULONG ConvertIPv4StringToUnsignedLongA(_In_ PCHAR IpAddress);
 BOOL ConvertIPv4IpAddressStructureToStringW(_In_ PIN_ADDR Address, _Out_ PWCHAR Buffer);
 BOOL ConvertIPv4IpAddressStructureToStringA(_In_ PIN_ADDR Address, _Out_ PCHAR Buffer);
 BOOL ConvertIPv4IpAddressUnsignedLongToStringW(_In_ ULONG Address, _Out_ PWCHAR Buffer);
-BOOL ConvertIPv4IpAddressUnsignedLongToStringA(_In_ ULONG Address, _Out_ PWCHAR Buffer);
+BOOL ConvertIPv4IpAddressUnsignedLongToStringA(_In_ ULONG Address, _Out_ PCHAR Buffer);
+DWORD DnsGetDomainNameIPv4AddressAsStringW(_In_ PWCHAR DomainName, _Inout_ PWCHAR IPv4IPAddress);
+DWORD DnsGetDomainNameIPv4AddressAsStringA(_In_ PCHAR DomainName, _Inout_ PCHAR IPv4IPAddress);
+ULONG DnsGetDomainNameIPv4AddressUnsignedLongW(_In_ PWCHAR DomainName);
+ULONG DnsGetDomainNameIPv4AddressUnsignedLongA(_In_ PCHAR DomainName);
--- a/VX-API/x64/Debug/Inline.inl.obj.dt.module.json.command
+++ b/VX-API/x64/Debug/Inline.inl.obj.dt.module.json.command