Mirrors
/
vxug-VXAPI
mirror of https://github.com/vxunderground/VX-API
6
0
Fork 0
Code Issues Projects Releases Wiki Activity

2.0.633 

2.0.633
This commit is contained in:
vxunderground 2022-12-29 19:23:44 -06:00
parent bbae7ef435
commit 815430500d
18 changed files with 486 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
README.md
View File

@ -3,7 +3,7 @@ managed by [vx-underground](https://vx-underground.org) | follow us on [Twitter]
# VX-API
Version: 2.0.615
Version: 2.0.632
Developer: smelly__vx
@ -64,6 +64,18 @@ You're free to use this in any manner you please. You do not need to use this en
| CreatePseudoRandomString | smelly__vx | Cryptography Related |
| HashFileByMsiFileHashTable | smelly__vx | Cryptography Related |
| CreatePseudoRandomIntegerFromNtdll | smelly__vx | Cryptography Related |
| LzMaximumCompressBuffer | smelly__vx | Compression |
| LzMaximumDecompressBuffer | smelly__vx | Compression |
| LzStandardCompressBuffer | smelly__vx | Compression |
| LzStandardDecompressBuffer | smelly__vx | Compression |
| XpressHuffMaximumCompressBuffer | smelly__vx | Compression |
| XpressHuffMaximumDecompressBuffer | smelly__vx | Compression |
| XpressHuffStandardCompressBuffer | smelly__vx | Compression |
| XpressHuffStandardDecompressBuffer | smelly__vx | Compression |
| XpressMaximumCompressBuffer | smelly__vx | Compression |
| XpressMaximumDecompressBuffer | smelly__vx | Compression |
| XpressStandardCompressBuffer | smelly__vx | Compression |
| XpressStandardDecompressBuffer | smelly__vx | Compression |
| GetLastErrorFromTeb | smelly__vx | Error Handling |
| GetLastNtStatusFromTeb | smelly__vx | Error Handling |
| RtlNtStatusToDosErrorViaImport | ReactOS | Error Handling |

3
VX-API/FunctionDeclaration.h
View File

@ -40,6 +40,9 @@ typedef ULONG(NTAPI* RTLUNIFORM)(PULONG);
typedef NTSTATUS(NTAPI* RTLCREATEPROCESSREFLECTION)(HANDLE, ULONG, PVOID, PVOID, HANDLE, RTLP_PROCESS_REFLECTION_REFLECTION_INFORMATION*);
typedef NTSTATUS(NTAPI* RTLENCODEREMOTEPOINTER)(HANDLE, PVOID, PVOID*);
typedef NTSTATUS(NTAPI* NTQUEUEAPCTHREAD)(HANDLE, PVOID, PVOID, PVOID, PVOID);
typedef NTSTATUS(NTAPI* RTLCOMPRESSBUFFER)(USHORT, PUCHAR, ULONG, PUCHAR, ULONG, ULONG, PULONG, PVOID);
typedef NTSTATUS(NTAPI* RTLGETCOMPRESSIONWORKSPACESIZE)(USHORT, PULONG, PULONG);
typedef NTSTATUS(NTAPI* RTLDECOMPRESSBUFFER)(USHORT, PUCHAR, ULONG, PUCHAR, ULONG, PULONG);

46
VX-API/LzMaximumCompressBuffer.cpp Normal file
View File

@ -0,0 +1,46 @@
#include "Win32Helper.h"
ULONG LzMaximumCompressBuffer(_In_ PBYTE UncompressedBuffer, _In_ ULONG SizeOfUncompressedBufferInBytes, _Inout_ PBYTE CompressedBuffer, _In_ ULONG CompressedBufferSizeInBytes)
{
RTLCOMPRESSBUFFER RtlCompressBuffer = NULL;
RTLGETCOMPRESSIONWORKSPACESIZE RtlGetCompressionWorkSpaceSize = NULL;
HMODULE hMod = NULL;
NTSTATUS Status = STATUS_SUCCESS;
USHORT CompressionFormatAndEngine = COMPRESSION_FORMAT_LZNT1 | COMPRESSION_ENGINE_MAXIMUM;
ULONG CompressBufferWorkSpaceSize = 0;
ULONG CompressFragmentWorkSpaceSize = 0;
PVOID Workspace = NULL;
ULONG FinalCompressedSize = 0;
hMod = GetModuleHandleEx2W(L"ntdll.dll");
if (hMod == NULL)
goto EXIT_ROUTINE;
RtlCompressBuffer = (RTLCOMPRESSBUFFER)GetProcAddressA((DWORD64)hMod, "RtlCompressBuffer");
RtlGetCompressionWorkSpaceSize = (RTLGETCOMPRESSIONWORKSPACESIZE)GetProcAddressA((DWORD64)hMod, "RtlGetCompressionWorkSpaceSize");
if (!RtlCompressBuffer || !RtlGetCompressionWorkSpaceSize)
goto EXIT_ROUTINE;
Status = RtlGetCompressionWorkSpaceSize(CompressionFormatAndEngine, &CompressBufferWorkSpaceSize, &CompressFragmentWorkSpaceSize);
if (Status != STATUS_SUCCESS)
goto EXIT_ROUTINE;
if (CompressBufferWorkSpaceSize == 0)
goto EXIT_ROUTINE;
Workspace = HeapAlloc(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, CompressBufferWorkSpaceSize);
if (Workspace == NULL)
goto EXIT_ROUTINE;
Status = RtlCompressBuffer(CompressionFormatAndEngine, UncompressedBuffer, SizeOfUncompressedBufferInBytes, CompressedBuffer, CompressedBufferSizeInBytes, 4096, &FinalCompressedSize, Workspace);
if (Status != STATUS_SUCCESS)
goto EXIT_ROUTINE;
EXIT_ROUTINE:
if (Workspace)
HeapFree(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, Workspace);
return FinalCompressedSize;
}

26
VX-API/LzMaximumDecompressBuffer.cpp Normal file
View File

@ -0,0 +1,26 @@
#include "Win32Helper.h"
ULONG LzMaximumDecompressBuffer(_In_ PBYTE CompressedBuffer, _In_ ULONG SizeOfCompressedBufferInBytes, _Inout_ PBYTE DecompressedBuffer, _In_ ULONG DecompressedBufferSizeInBytes)
{
RTLDECOMPRESSBUFFER RtlDecompressBuffer = NULL;
HMODULE hMod = NULL;
NTSTATUS Status = STATUS_SUCCESS;
USHORT CompressionFormatAndEngine = COMPRESSION_FORMAT_LZNT1 | COMPRESSION_ENGINE_MAXIMUM;
ULONG FinalDecompressedSize = 0;
hMod = GetModuleHandleEx2W(L"ntdll.dll");
if (hMod == NULL)
goto EXIT_ROUTINE;
RtlDecompressBuffer = (RTLDECOMPRESSBUFFER)GetProcAddressA((DWORD64)hMod, "RtlDecompressBuffer");
if (!RtlDecompressBuffer)
goto EXIT_ROUTINE;
Status = RtlDecompressBuffer(CompressionFormatAndEngine, DecompressedBuffer, DecompressedBufferSizeInBytes, CompressedBuffer, SizeOfCompressedBufferInBytes, &FinalDecompressedSize);
if (Status != STATUS_SUCCESS)
goto EXIT_ROUTINE;
EXIT_ROUTINE:
return FinalDecompressedSize;
}

46
VX-API/LzStandardCompressBuffer.cpp Normal file
View File

@ -0,0 +1,46 @@
#include "Win32Helper.h"
ULONG LzStandardCompressBuffer(_In_ PBYTE UncompressedBuffer, _In_ ULONG SizeOfUncompressedBufferInBytes, _Inout_ PBYTE CompressedBuffer, _In_ ULONG CompressedBufferSizeInBytes)
{
RTLCOMPRESSBUFFER RtlCompressBuffer = NULL;
RTLGETCOMPRESSIONWORKSPACESIZE RtlGetCompressionWorkSpaceSize = NULL;
HMODULE hMod = NULL;
NTSTATUS Status = STATUS_SUCCESS;
USHORT CompressionFormatAndEngine = COMPRESSION_FORMAT_LZNT1 | COMPRESSION_ENGINE_STANDARD;
ULONG CompressBufferWorkSpaceSize = 0;
ULONG CompressFragmentWorkSpaceSize = 0;
PVOID Workspace = NULL;
ULONG FinalCompressedSize = 0;
hMod = GetModuleHandleEx2W(L"ntdll.dll");
if (hMod == NULL)
goto EXIT_ROUTINE;
RtlCompressBuffer = (RTLCOMPRESSBUFFER)GetProcAddressA((DWORD64)hMod, "RtlCompressBuffer");
RtlGetCompressionWorkSpaceSize = (RTLGETCOMPRESSIONWORKSPACESIZE)GetProcAddressA((DWORD64)hMod, "RtlGetCompressionWorkSpaceSize");
if (!RtlCompressBuffer || !RtlGetCompressionWorkSpaceSize)
goto EXIT_ROUTINE;
Status = RtlGetCompressionWorkSpaceSize(CompressionFormatAndEngine, &CompressBufferWorkSpaceSize, &CompressFragmentWorkSpaceSize);
if(Status != STATUS_SUCCESS)
goto EXIT_ROUTINE;
if (CompressBufferWorkSpaceSize == 0)
goto EXIT_ROUTINE;
Workspace = HeapAlloc(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, CompressBufferWorkSpaceSize);
if (Workspace == NULL)
goto EXIT_ROUTINE;
Status = RtlCompressBuffer(CompressionFormatAndEngine, UncompressedBuffer, SizeOfUncompressedBufferInBytes, CompressedBuffer, CompressedBufferSizeInBytes, 4096, &FinalCompressedSize, Workspace);
if (Status != STATUS_SUCCESS)
goto EXIT_ROUTINE;
EXIT_ROUTINE:
if (Workspace)
HeapFree(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, Workspace);
return FinalCompressedSize;
}

26
VX-API/LzStandardDecompressBuffer.cpp Normal file
View File

@ -0,0 +1,26 @@
#include "Win32Helper.h"
ULONG LzStandardDecompressBuffer(_In_ PBYTE CompressedBuffer, _In_ ULONG SizeOfCompressedBufferInBytes, _Inout_ PBYTE DecompressedBuffer, _In_ ULONG DecompressedBufferSizeInBytes)
{
RTLDECOMPRESSBUFFER RtlDecompressBuffer = NULL;
HMODULE hMod = NULL;
NTSTATUS Status = STATUS_SUCCESS;
USHORT CompressionFormatAndEngine = COMPRESSION_FORMAT_LZNT1 | COMPRESSION_ENGINE_STANDARD;
ULONG FinalDecompressedSize = 0;
hMod = GetModuleHandleEx2W(L"ntdll.dll");
if (hMod == NULL)
goto EXIT_ROUTINE;
RtlDecompressBuffer = (RTLDECOMPRESSBUFFER)GetProcAddressA((DWORD64)hMod, "RtlDecompressBuffer");
if (!RtlDecompressBuffer)
goto EXIT_ROUTINE;
Status = RtlDecompressBuffer(CompressionFormatAndEngine, DecompressedBuffer, DecompressedBufferSizeInBytes, CompressedBuffer, SizeOfCompressedBufferInBytes, &FinalDecompressedSize);
if (Status != STATUS_SUCCESS)
goto EXIT_ROUTINE;
EXIT_ROUTINE:
return FinalDecompressedSize;
}

9
VX-API/Main.cpp
View File

@ -5,12 +5,17 @@ INT main(VOID)
PCHAR Buffer = NULL;
DWORD dwSize = 0;
HMODULE hMod = NULL;
BYTE CompressedBuffer[512] = { 0 };
ULONG Size = 512;
ULONG Out = 0;
BYTE DecompressedBuffer[512] = { 0 };
Buffer = GenericShellcodeOpenCalcExitThread(&dwSize);
//MpfPiControlInjection((PBYTE)Buffer, dwSize, 19768);
Out = LzStandardCompressBuffer((PBYTE)Buffer, dwSize, CompressedBuffer, Size);
//MpfSceViaInitOnceExecuteOnce((PBYTE)Buffer, dwSize);
Out = LzStandardDecompressBuffer(CompressedBuffer, Out, DecompressedBuffer, Size);
if (Buffer)
HeapFree(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, Buffer);

4
VX-API/VX-API.vcxproj
View File

@ -171,6 +171,10 @@
<ClCompile Include="FastcallExecuteBinaryShellExecuteEx.cpp" />
<ClCompile Include="GetPeSectionSizeInBytes.cpp" />
<ClCompile Include="IsPeSection.cpp" />
<ClCompile Include="LzMaximumCompressBuffer.cpp" />
<ClCompile Include="LzMaximumDecompressBuffer.cpp" />
<ClCompile Include="LzStandardCompressBuffer.cpp" />
<ClCompile Include="LzStandardDecompressBuffer.cpp" />
<ClCompile Include="MiscGenericShellcodePayloads.cpp" />
<ClCompile Include="GetByteArrayFromFile.cpp" />
<ClCompile Include="GetCurrentDirectoryFromUserProcessParameters.cpp" />

15
VX-API/VX-API.vcxproj.filters
View File

@ -79,6 +79,9 @@
<Filter Include="Source Files\Windows API Helper Functions\Malicious Capabilities\LSASS Dumping">
<UniqueIdentifier>{182eb745-5d27-4728-bd5e-030c4df5b57a}</UniqueIdentifier>
</Filter>
<Filter Include="Source Files\Windows API Helper Functions\Cryptography Related\Compression">
<UniqueIdentifier>{7a06268b-3929-4e23-b09a-101861ee4807}</UniqueIdentifier>
</Filter>
</ItemGroup>
<ItemGroup>
<ClCompile Include="Main.cpp">
@ -693,6 +696,18 @@
<ClCompile Include="ReadDataFromPeSection.cpp">
<Filter>Source Files\Windows API Helper Functions\Helper Functions</Filter>
</ClCompile>
<ClCompile Include="LzStandardCompressBuffer.cpp">
<Filter>Source Files\Windows API Helper Functions\Cryptography Related\Compression</Filter>
</ClCompile>
<ClCompile Include="LzStandardDecompressBuffer.cpp">
<Filter>Source Files\Windows API Helper Functions\Cryptography Related\Compression</Filter>
</ClCompile>
<ClCompile Include="LzMaximumCompressBuffer.cpp">
<Filter>Source Files\Windows API Helper Functions\Cryptography Related\Compression</Filter>
</ClCompile>
<ClCompile Include="LzMaximumDecompressBuffer.cpp">
<Filter>Source Files\Windows API Helper Functions\Cryptography Related\Compression</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="Internal.h">

12
VX-API/Win32Helper.h
View File

@ -114,6 +114,18 @@ PCHAR CreatePseudoRandomStringA(_In_ SIZE_T dwLength, _In_ ULONG Seed);
BOOL HashFileByMsiFileHashTableW(_In_ LPCWSTR Path, _Inout_ PULONG FileHash);
BOOL HashFileByMsiFileHashTableA(_In_ LPCSTR Path, _Inout_ PULONG FileHash);
ULONG CreatePseudoRandomIntegerFromNtdll(_In_ ULONG Seed);
ULONG LzStandardCompressBuffer(_In_ PBYTE UncompressedBuffer, _In_ ULONG SizeOfUncompressedBufferInBytes, _Inout_ PBYTE CompressedBuffer, _In_ ULONG CompressedBufferSizeInBytes);
ULONG LzStandardDecompressBuffer(_In_ PBYTE CompressedBuffer, _In_ ULONG SizeOfCompressedBufferInBytes, _Inout_ PBYTE DecompressedBuffer, _In_ ULONG DecompressedBufferSizeInBytes);
ULONG LzMaximumCompressBuffer(_In_ PBYTE UncompressedBuffer, _In_ ULONG SizeOfUncompressedBufferInBytes, _Inout_ PBYTE CompressedBuffer, _In_ ULONG CompressedBufferSizeInBytes);
ULONG LzMaximumDecompressBuffer(_In_ PBYTE CompressedBuffer, _In_ ULONG SizeOfCompressedBufferInBytes, _Inout_ PBYTE DecompressedBuffer, _In_ ULONG DecompressedBufferSizeInBytes);
ULONG XpressStandardCompressBuffer(_In_ PBYTE UncompressedBuffer, _In_ ULONG SizeOfUncompressedBufferInBytes, _Inout_ PBYTE CompressedBuffer, _In_ ULONG CompressedBufferSizeInBytes);
ULONG XpressStandardDecompressBuffer(_In_ PBYTE CompressedBuffer, _In_ ULONG SizeOfCompressedBufferInBytes, _Inout_ PBYTE DecompressedBuffer, _In_ ULONG DecompressedBufferSizeInBytes);
ULONG XpressMaximumCompressBuffer(_In_ PBYTE UncompressedBuffer, _In_ ULONG SizeOfUncompressedBufferInBytes, _Inout_ PBYTE CompressedBuffer, _In_ ULONG CompressedBufferSizeInBytes);
ULONG XpressMaximumDecompressBuffer(_In_ PBYTE CompressedBuffer, _In_ ULONG SizeOfCompressedBufferInBytes, _Inout_ PBYTE DecompressedBuffer, _In_ ULONG DecompressedBufferSizeInBytes);
ULONG XpressHuffStandardCompressBuffer(_In_ PBYTE UncompressedBuffer, _In_ ULONG SizeOfUncompressedBufferInBytes, _Inout_ PBYTE CompressedBuffer, _In_ ULONG CompressedBufferSizeInBytes);
ULONG XpressHuffStandardDecompressBuffer(_In_ PBYTE CompressedBuffer, _In_ ULONG SizeOfCompressedBufferInBytes, _Inout_ PBYTE DecompressedBuffer, _In_ ULONG DecompressedBufferSizeInBytes);
ULONG XpressHuffMaximumCompressBuffer(_In_ PBYTE UncompressedBuffer, _In_ ULONG SizeOfUncompressedBufferInBytes, _Inout_ PBYTE CompressedBuffer, _In_ ULONG CompressedBufferSizeInBytes);
ULONG XpressHuffMaximumDecompressBuffer(_In_ PBYTE CompressedBuffer, _In_ ULONG SizeOfCompressedBufferInBytes, _Inout_ PBYTE DecompressedBuffer, _In_ ULONG DecompressedBufferSizeInBytes);

46
VX-API/XpressHuffMaximumCompressBuffer.cpp Normal file
View File

@ -0,0 +1,46 @@
#include "Win32Helper.h"
ULONG XpressHuffMaximumCompressBuffer(_In_ PBYTE UncompressedBuffer, _In_ ULONG SizeOfUncompressedBufferInBytes, _Inout_ PBYTE CompressedBuffer, _In_ ULONG CompressedBufferSizeInBytes)
{
RTLCOMPRESSBUFFER RtlCompressBuffer = NULL;
RTLGETCOMPRESSIONWORKSPACESIZE RtlGetCompressionWorkSpaceSize = NULL;
HMODULE hMod = NULL;
NTSTATUS Status = STATUS_SUCCESS;
USHORT CompressionFormatAndEngine = COMPRESSION_FORMAT_XPRESS_HUFF | COMPRESSION_ENGINE_MAXIMUM;
ULONG CompressBufferWorkSpaceSize = 0;
ULONG CompressFragmentWorkSpaceSize = 0;
PVOID Workspace = NULL;
ULONG FinalCompressedSize = 0;
hMod = GetModuleHandleEx2W(L"ntdll.dll");
if (hMod == NULL)
goto EXIT_ROUTINE;
RtlCompressBuffer = (RTLCOMPRESSBUFFER)GetProcAddressA((DWORD64)hMod, "RtlCompressBuffer");
RtlGetCompressionWorkSpaceSize = (RTLGETCOMPRESSIONWORKSPACESIZE)GetProcAddressA((DWORD64)hMod, "RtlGetCompressionWorkSpaceSize");
if (!RtlCompressBuffer || !RtlGetCompressionWorkSpaceSize)
goto EXIT_ROUTINE;
Status = RtlGetCompressionWorkSpaceSize(CompressionFormatAndEngine, &CompressBufferWorkSpaceSize, &CompressFragmentWorkSpaceSize);
if (Status != STATUS_SUCCESS)
goto EXIT_ROUTINE;
if (CompressBufferWorkSpaceSize == 0)
goto EXIT_ROUTINE;
Workspace = HeapAlloc(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, CompressBufferWorkSpaceSize);
if (Workspace == NULL)
goto EXIT_ROUTINE;
Status = RtlCompressBuffer(CompressionFormatAndEngine, UncompressedBuffer, SizeOfUncompressedBufferInBytes, CompressedBuffer, CompressedBufferSizeInBytes, 4096, &FinalCompressedSize, Workspace);
if (Status != STATUS_SUCCESS)
goto EXIT_ROUTINE;
EXIT_ROUTINE:
if (Workspace)
HeapFree(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, Workspace);
return FinalCompressedSize;
}

26
VX-API/XpressHuffMaximumDecompressBuffer.cpp Normal file
View File

@ -0,0 +1,26 @@
#include "Win32Helper.h"
ULONG XpressHuffMaximumDecompressBuffer(_In_ PBYTE CompressedBuffer, _In_ ULONG SizeOfCompressedBufferInBytes, _Inout_ PBYTE DecompressedBuffer, _In_ ULONG DecompressedBufferSizeInBytes)
{
RTLDECOMPRESSBUFFER RtlDecompressBuffer = NULL;
HMODULE hMod = NULL;
NTSTATUS Status = STATUS_SUCCESS;
USHORT CompressionFormatAndEngine = COMPRESSION_FORMAT_XPRESS_HUFF | COMPRESSION_ENGINE_MAXIMUM;
ULONG FinalDecompressedSize = 0;
hMod = GetModuleHandleEx2W(L"ntdll.dll");
if (hMod == NULL)
goto EXIT_ROUTINE;
RtlDecompressBuffer = (RTLDECOMPRESSBUFFER)GetProcAddressA((DWORD64)hMod, "RtlDecompressBuffer");
if (!RtlDecompressBuffer)
goto EXIT_ROUTINE;
Status = RtlDecompressBuffer(CompressionFormatAndEngine, DecompressedBuffer, DecompressedBufferSizeInBytes, CompressedBuffer, SizeOfCompressedBufferInBytes, &FinalDecompressedSize);
if (Status != STATUS_SUCCESS)
goto EXIT_ROUTINE;
EXIT_ROUTINE:
return FinalDecompressedSize;
}

46
VX-API/XpressHuffStandardCompressBuffer.cpp Normal file
View File

@ -0,0 +1,46 @@
#include "Win32Helper.h"
ULONG XpressHuffStandardCompressBuffer(_In_ PBYTE UncompressedBuffer, _In_ ULONG SizeOfUncompressedBufferInBytes, _Inout_ PBYTE CompressedBuffer, _In_ ULONG CompressedBufferSizeInBytes)
{
RTLCOMPRESSBUFFER RtlCompressBuffer = NULL;
RTLGETCOMPRESSIONWORKSPACESIZE RtlGetCompressionWorkSpaceSize = NULL;
HMODULE hMod = NULL;
NTSTATUS Status = STATUS_SUCCESS;
USHORT CompressionFormatAndEngine = COMPRESSION_FORMAT_XPRESS_HUFF | COMPRESSION_ENGINE_STANDARD;
ULONG CompressBufferWorkSpaceSize = 0;
ULONG CompressFragmentWorkSpaceSize = 0;
PVOID Workspace = NULL;
ULONG FinalCompressedSize = 0;
hMod = GetModuleHandleEx2W(L"ntdll.dll");
if (hMod == NULL)
goto EXIT_ROUTINE;
RtlCompressBuffer = (RTLCOMPRESSBUFFER)GetProcAddressA((DWORD64)hMod, "RtlCompressBuffer");
RtlGetCompressionWorkSpaceSize = (RTLGETCOMPRESSIONWORKSPACESIZE)GetProcAddressA((DWORD64)hMod, "RtlGetCompressionWorkSpaceSize");
if (!RtlCompressBuffer || !RtlGetCompressionWorkSpaceSize)
goto EXIT_ROUTINE;
Status = RtlGetCompressionWorkSpaceSize(CompressionFormatAndEngine, &CompressBufferWorkSpaceSize, &CompressFragmentWorkSpaceSize);
if (Status != STATUS_SUCCESS)
goto EXIT_ROUTINE;
if (CompressBufferWorkSpaceSize == 0)
goto EXIT_ROUTINE;
Workspace = HeapAlloc(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, CompressBufferWorkSpaceSize);
if (Workspace == NULL)
goto EXIT_ROUTINE;
Status = RtlCompressBuffer(CompressionFormatAndEngine, UncompressedBuffer, SizeOfUncompressedBufferInBytes, CompressedBuffer, CompressedBufferSizeInBytes, 4096, &FinalCompressedSize, Workspace);
if (Status != STATUS_SUCCESS)
goto EXIT_ROUTINE;
EXIT_ROUTINE:
if (Workspace)
HeapFree(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, Workspace);
return FinalCompressedSize;
}

26
VX-API/XpressHuffStandardDecompressBuffer.cpp Normal file
View File

@ -0,0 +1,26 @@
#include "Win32Helper.h"
ULONG XpressHuffStandardDecompressBuffer(_In_ PBYTE CompressedBuffer, _In_ ULONG SizeOfCompressedBufferInBytes, _Inout_ PBYTE DecompressedBuffer, _In_ ULONG DecompressedBufferSizeInBytes)
{
RTLDECOMPRESSBUFFER RtlDecompressBuffer = NULL;
HMODULE hMod = NULL;
NTSTATUS Status = STATUS_SUCCESS;
USHORT CompressionFormatAndEngine = COMPRESSION_FORMAT_XPRESS_HUFF | COMPRESSION_ENGINE_STANDARD;
ULONG FinalDecompressedSize = 0;
hMod = GetModuleHandleEx2W(L"ntdll.dll");
if (hMod == NULL)
goto EXIT_ROUTINE;
RtlDecompressBuffer = (RTLDECOMPRESSBUFFER)GetProcAddressA((DWORD64)hMod, "RtlDecompressBuffer");
if (!RtlDecompressBuffer)
goto EXIT_ROUTINE;
Status = RtlDecompressBuffer(CompressionFormatAndEngine, DecompressedBuffer, DecompressedBufferSizeInBytes, CompressedBuffer, SizeOfCompressedBufferInBytes, &FinalDecompressedSize);
if (Status != STATUS_SUCCESS)
goto EXIT_ROUTINE;
EXIT_ROUTINE:
return FinalDecompressedSize;
}

46
VX-API/XpressMaximumCompressBuffer.cpp Normal file
View File

@ -0,0 +1,46 @@
#include "Win32Helper.h"
ULONG XpressMaximumCompressBuffer(_In_ PBYTE UncompressedBuffer, _In_ ULONG SizeOfUncompressedBufferInBytes, _Inout_ PBYTE CompressedBuffer, _In_ ULONG CompressedBufferSizeInBytes)
{
RTLCOMPRESSBUFFER RtlCompressBuffer = NULL;
RTLGETCOMPRESSIONWORKSPACESIZE RtlGetCompressionWorkSpaceSize = NULL;
HMODULE hMod = NULL;
NTSTATUS Status = STATUS_SUCCESS;
USHORT CompressionFormatAndEngine = COMPRESSION_FORMAT_XPRESS | COMPRESSION_ENGINE_MAXIMUM;
ULONG CompressBufferWorkSpaceSize = 0;
ULONG CompressFragmentWorkSpaceSize = 0;
PVOID Workspace = NULL;
ULONG FinalCompressedSize = 0;
hMod = GetModuleHandleEx2W(L"ntdll.dll");
if (hMod == NULL)
goto EXIT_ROUTINE;
RtlCompressBuffer = (RTLCOMPRESSBUFFER)GetProcAddressA((DWORD64)hMod, "RtlCompressBuffer");
RtlGetCompressionWorkSpaceSize = (RTLGETCOMPRESSIONWORKSPACESIZE)GetProcAddressA((DWORD64)hMod, "RtlGetCompressionWorkSpaceSize");
if (!RtlCompressBuffer || !RtlGetCompressionWorkSpaceSize)
goto EXIT_ROUTINE;
Status = RtlGetCompressionWorkSpaceSize(CompressionFormatAndEngine, &CompressBufferWorkSpaceSize, &CompressFragmentWorkSpaceSize);
if (Status != STATUS_SUCCESS)
goto EXIT_ROUTINE;
if (CompressBufferWorkSpaceSize == 0)
goto EXIT_ROUTINE;
Workspace = HeapAlloc(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, CompressBufferWorkSpaceSize);
if (Workspace == NULL)
goto EXIT_ROUTINE;
Status = RtlCompressBuffer(CompressionFormatAndEngine, UncompressedBuffer, SizeOfUncompressedBufferInBytes, CompressedBuffer, CompressedBufferSizeInBytes, 4096, &FinalCompressedSize, Workspace);
if (Status != STATUS_SUCCESS)
goto EXIT_ROUTINE;
EXIT_ROUTINE:
if (Workspace)
HeapFree(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, Workspace);
return FinalCompressedSize;
}

26
VX-API/XpressMaximumDecompressBuffer.cpp Normal file
View File

@ -0,0 +1,26 @@
#include "Win32Helper.h"
ULONG XpressMaximumDecompressBuffer(_In_ PBYTE CompressedBuffer, _In_ ULONG SizeOfCompressedBufferInBytes, _Inout_ PBYTE DecompressedBuffer, _In_ ULONG DecompressedBufferSizeInBytes)
{
RTLDECOMPRESSBUFFER RtlDecompressBuffer = NULL;
HMODULE hMod = NULL;
NTSTATUS Status = STATUS_SUCCESS;
USHORT CompressionFormatAndEngine = COMPRESSION_FORMAT_XPRESS | COMPRESSION_ENGINE_MAXIMUM;
ULONG FinalDecompressedSize = 0;
hMod = GetModuleHandleEx2W(L"ntdll.dll");
if (hMod == NULL)
goto EXIT_ROUTINE;
RtlDecompressBuffer = (RTLDECOMPRESSBUFFER)GetProcAddressA((DWORD64)hMod, "RtlDecompressBuffer");
if (!RtlDecompressBuffer)
goto EXIT_ROUTINE;
Status = RtlDecompressBuffer(CompressionFormatAndEngine, DecompressedBuffer, DecompressedBufferSizeInBytes, CompressedBuffer, SizeOfCompressedBufferInBytes, &FinalDecompressedSize);
if (Status != STATUS_SUCCESS)
goto EXIT_ROUTINE;
EXIT_ROUTINE:
return FinalDecompressedSize;
}

46
VX-API/XpressStandardCompressBuffer.cpp Normal file
View File

@ -0,0 +1,46 @@
#include "Win32Helper.h"
ULONG XpressStandardCompressBuffer(_In_ PBYTE UncompressedBuffer, _In_ ULONG SizeOfUncompressedBufferInBytes, _Inout_ PBYTE CompressedBuffer, _In_ ULONG CompressedBufferSizeInBytes)
{
RTLCOMPRESSBUFFER RtlCompressBuffer = NULL;
RTLGETCOMPRESSIONWORKSPACESIZE RtlGetCompressionWorkSpaceSize = NULL;
HMODULE hMod = NULL;
NTSTATUS Status = STATUS_SUCCESS;
USHORT CompressionFormatAndEngine = COMPRESSION_FORMAT_XPRESS | COMPRESSION_ENGINE_STANDARD;
ULONG CompressBufferWorkSpaceSize = 0;
ULONG CompressFragmentWorkSpaceSize = 0;
PVOID Workspace = NULL;
ULONG FinalCompressedSize = 0;
hMod = GetModuleHandleEx2W(L"ntdll.dll");
if (hMod == NULL)
goto EXIT_ROUTINE;
RtlCompressBuffer = (RTLCOMPRESSBUFFER)GetProcAddressA((DWORD64)hMod, "RtlCompressBuffer");
RtlGetCompressionWorkSpaceSize = (RTLGETCOMPRESSIONWORKSPACESIZE)GetProcAddressA((DWORD64)hMod, "RtlGetCompressionWorkSpaceSize");
if (!RtlCompressBuffer || !RtlGetCompressionWorkSpaceSize)
goto EXIT_ROUTINE;
Status = RtlGetCompressionWorkSpaceSize(CompressionFormatAndEngine, &CompressBufferWorkSpaceSize, &CompressFragmentWorkSpaceSize);
if (Status != STATUS_SUCCESS)
goto EXIT_ROUTINE;
if (CompressBufferWorkSpaceSize == 0)
goto EXIT_ROUTINE;
Workspace = HeapAlloc(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, CompressBufferWorkSpaceSize);
if (Workspace == NULL)
goto EXIT_ROUTINE;
Status = RtlCompressBuffer(CompressionFormatAndEngine, UncompressedBuffer, SizeOfUncompressedBufferInBytes, CompressedBuffer, CompressedBufferSizeInBytes, 4096, &FinalCompressedSize, Workspace);
if (Status != STATUS_SUCCESS)
goto EXIT_ROUTINE;
EXIT_ROUTINE:
if (Workspace)
HeapFree(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, Workspace);
return FinalCompressedSize;
}

26
VX-API/XpressStandardDecompressBuffer.cpp Normal file
View File

@ -0,0 +1,26 @@
#include "Win32Helper.h"
ULONG XpressStandardDecompressBuffer(_In_ PBYTE CompressedBuffer, _In_ ULONG SizeOfCompressedBufferInBytes, _Inout_ PBYTE DecompressedBuffer, _In_ ULONG DecompressedBufferSizeInBytes)
{
RTLDECOMPRESSBUFFER RtlDecompressBuffer = NULL;
HMODULE hMod = NULL;
NTSTATUS Status = STATUS_SUCCESS;
USHORT CompressionFormatAndEngine = COMPRESSION_FORMAT_XPRESS | COMPRESSION_ENGINE_STANDARD;
ULONG FinalDecompressedSize = 0;
hMod = GetModuleHandleEx2W(L"ntdll.dll");
if (hMod == NULL)
goto EXIT_ROUTINE;
RtlDecompressBuffer = (RTLDECOMPRESSBUFFER)GetProcAddressA((DWORD64)hMod, "RtlDecompressBuffer");
if (!RtlDecompressBuffer)
goto EXIT_ROUTINE;
Status = RtlDecompressBuffer(CompressionFormatAndEngine, DecompressedBuffer, DecompressedBufferSizeInBytes, CompressedBuffer, SizeOfCompressedBufferInBytes, &FinalDecompressedSize);
if (Status != STATUS_SUCCESS)
goto EXIT_ROUTINE;
EXIT_ROUTINE:
return FinalDecompressedSize;
}