mirror of https://github.com/vxunderground/VX-API
parent
ec9581a288
commit
a41a461c6e
|
@ -112,6 +112,7 @@ You're free to use this in any manner you please. You do not need to use this en
|
|||
| CreateThreadAndWaitForCompletion | smelly__vx | Helper Functions |
|
||||
| GetProcessBinaryNameFromHwndW | smelly__vx | Helper Functions |
|
||||
| GetByteArrayFromFile | smelly__vx | Helper Functions |
|
||||
| Ex_GetHandleOnDeviceHttpCommunication | x86matthew | Helper Functions |
|
||||
| GetKUserSharedData | Geoff Chappell | Library Loading |
|
||||
| GetModuleHandleEx2 | smelly__vx | Library Loading |
|
||||
| GetPeb | 29a | Library Loading |
|
||||
|
|
|
@ -0,0 +1,47 @@
|
|||
#include "Win32Helper.h"
|
||||
|
||||
BOOL Ex_GetHandleOnDeviceHttpCommunication(_Out_ PHANDLE Handle)
|
||||
{
|
||||
typedef struct HTTPCOMMUNICATIONEXTENDEDATTRIBUTES {
|
||||
DWORD dwUnknown1;
|
||||
WORD wUnknown2;
|
||||
WORD wUnknown3;
|
||||
BYTE bStr[16];
|
||||
WORD wVersionMajor;
|
||||
WORD wVersionMinor;
|
||||
DWORD dwFlags;
|
||||
QWORD qwCommsHandle;
|
||||
BYTE bUnknown4[3];
|
||||
}HTTPCOMMUNICATIONEXTENDEDATTRIBUTES, * PHTTPCOMMUNICATIONEXTENDEDATTRIBUTES;
|
||||
|
||||
NTCREATEFILE NtCreateFile = NULL;
|
||||
HMODULE hModule = NULL;
|
||||
HTTPCOMMUNICATIONEXTENDEDATTRIBUTES Http = { 0 };
|
||||
UNICODE_STRING ObjectFilePath = { 0 };
|
||||
OBJECT_ATTRIBUTES Attributes = { 0 };
|
||||
IO_STATUS_BLOCK IoBlock = { 0 };
|
||||
NTSTATUS Status = ERROR_SUCCESS;
|
||||
HANDLE hHandle = NULL;
|
||||
|
||||
*Handle = NULL;
|
||||
|
||||
hModule = GetModuleHandleEx2W(L"ntdll.dll");
|
||||
if (hModule == NULL)
|
||||
return FALSE;
|
||||
|
||||
NtCreateFile = (NTCREATEFILE)GetProcAddressA((DWORD64)hModule, "NtCreateFile");
|
||||
if (!NtCreateFile)
|
||||
return FALSE;
|
||||
|
||||
Http.wUnknown2 = 0xF00;
|
||||
Http.wUnknown3 = 0x10;
|
||||
StringCopyA((PCHAR)Http.bStr, (PCHAR)"UlOpenPacket000");
|
||||
Http.wVersionMajor = 2;
|
||||
|
||||
RtlInitUnicodeString(&ObjectFilePath, L"\\Device\\Http\\Communication");
|
||||
InitializeObjectAttributes(&Attributes, &ObjectFilePath, OBJ_CASE_INSENSITIVE, 0, NULL);
|
||||
|
||||
Status = NtCreateFile(Handle, 0xC0100000, &Attributes, &IoBlock, NULL, 0, FILE_SHARE_READ | FILE_SHARE_WRITE, 2, 0, &Http, 0x2b);
|
||||
|
||||
if (NT_SUCCESS(Status)) return TRUE; else return FALSE;
|
||||
}
|
|
@ -1,12 +1,5 @@
|
|||
#include "Win32Helper.h"
|
||||
|
||||
/*
|
||||
TODO:
|
||||
- Ping with 'IcmpSendEcho2Ex'
|
||||
- https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/platform-apis/aa767757(v=vs.85)
|
||||
*/
|
||||
|
||||
|
||||
int main(VOID)
|
||||
{
|
||||
DWORD dwError = ERROR_SUCCESS;
|
||||
|
@ -40,11 +33,8 @@ int main(VOID)
|
|||
SHELLCODE_EXECUTION_INFORMATION Sei = { 0 };
|
||||
Sei.Payload = GlobalOpenCalcPayload;
|
||||
Sei.dwLengthOfPayloadInBytes = 277;
|
||||
Sei.MethodEnum = E_ENUMERATELOADEDMODULES;
|
||||
WCHAR IpAddress[32] = { 0 };
|
||||
Sei.MethodEnum = E_DNSQUERYEX;
|
||||
|
||||
DnsGetDomainNameIPv4AddressAsStringW((PWCHAR)L"google.com", (PWCHAR)IpAddress);
|
||||
|
||||
//ShellcodeExecutionViaFunctionCallbackMain(&Sei);
|
||||
|
||||
return dwError;
|
||||
|
|
|
@ -199,6 +199,26 @@ DWORD ShellcodeExecutionDispatchHandler(LPVOID Param)
|
|||
break;
|
||||
}
|
||||
|
||||
case E_DNSQUERYEX:
|
||||
{
|
||||
//needs to be debugged
|
||||
|
||||
/*
|
||||
DNS_QUERY_REQUEST Request = { 0 };
|
||||
DNS_QUERY_RESULT Result = { 0 };
|
||||
|
||||
Request.Version = DNS_QUERY_REQUEST_VERSION1;
|
||||
Request.QueryName = NULL;
|
||||
Request.QueryType = DNS_TYPE_A;
|
||||
Request.QueryOptions = DNS_QUERY_STANDARD;
|
||||
Request.InterfaceIndex = 0;
|
||||
Request.pQueryCompletionCallback = (PDNS_QUERY_COMPLETION_ROUTINE)BinAddress;
|
||||
|
||||
DnsQueryEx(&Request, &Result, NULL);
|
||||
*/
|
||||
|
||||
}
|
||||
|
||||
default:
|
||||
goto EXIT_ROUTINE;
|
||||
|
||||
|
|
|
@ -156,6 +156,7 @@
|
|||
<ClCompile Include="DeleteFileWithCreateFileFlag.cpp" />
|
||||
<ClCompile Include="DnsGetDomainNameIPv4AddressAsString.cpp" />
|
||||
<ClCompile Include="DnsGetDomainNameIPv4AddressUnsignedLong.cpp" />
|
||||
<ClCompile Include="Ex_GetHandleOnDeviceHttpCommunication.cpp" />
|
||||
<ClCompile Include="GetByteArrayFromFile.cpp" />
|
||||
<ClCompile Include="GetCurrentDirectoryFromUserProcessParameters.cpp" />
|
||||
<ClCompile Include="GetCurrentLocaleFromTeb.cpp" />
|
||||
|
|
|
@ -432,6 +432,9 @@
|
|||
<ClCompile Include="DnsGetDomainNameIPv4AddressUnsignedLong.cpp">
|
||||
<Filter>Source Files\Windows API Helper Functions\Network Connectivity</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="Ex_GetHandleOnDeviceHttpCommunication.cpp">
|
||||
<Filter>Source Files\Windows API Helper Functions\Helper Functions</Filter>
|
||||
</ClCompile>
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ClInclude Include="Internal.h">
|
||||
|
|
|
@ -84,7 +84,8 @@ typedef enum SHELLCODE_EXECUTION_METHOD {
|
|||
E_MINIDUMPWRITEDUMP, //29 UNSTABLE, FAILS
|
||||
E_ENUMERATELOADEDMODULES, //30
|
||||
E_ENUMPAGEFILESW, //31
|
||||
E_ENUMPWRSCHEMES //32
|
||||
E_ENUMPWRSCHEMES, //32
|
||||
E_DNSQUERYEX //33
|
||||
}SHELLCODE_EXECUTION_METHOD, *PSHELLCODE_EXECUTION_METHOD;
|
||||
|
||||
typedef struct __SHELLCODE_EXECUTION_INFORMATION {
|
||||
|
@ -198,6 +199,7 @@ BOOL GetProcessBinaryNameFromHwndW(_In_ HWND ProcessHwnd, _Inout_ PWCHAR BinaryN
|
|||
BOOL GetProcessBinaryNameFromHwndA(_In_ HWND ProcessHwnd, _Inout_ PCHAR BinaryName, _In_ DWORD BufferSize);
|
||||
BOOL GetByteArrayFromFileW(_Inout_ PBYTE Buffer, _In_ PWCHAR Path, _In_ ULONGLONG BytesToRead);
|
||||
BOOL GetByteArrayFromFileA(_Inout_ PBYTE Buffer, _In_ PCHAR Path, _In_ ULONGLONG BytesToRead);
|
||||
BOOL Ex_GetHandleOnDeviceHttpCommunication(_Out_ PHANDLE Handle);
|
||||
|
||||
|
||||
|
||||
|
|
Loading…
Reference in New Issue