2.0.298

bug fixes

README.md

@@ -3,7 +3,7 @@ managed by [vx-underground](https://vx-underground.org) | follow us on [Twitter]
   
 # VX-API
 
-Version: 2.0.293
+Version: 2.0.298
 
 Developer: smelly__vx
   
@@ -153,14 +153,14 @@ You're free to use this in any manner you please. You do not need to use this en
 | Function Name | Note | Fixed |
 | ------------- | ---- | ----- |
 | StringToken | Needs revision, buggy | N/A |
-| CreateProcessFromIShellDispatchInvoke | TryDllMultiMethod | N/A |
 | UnusedSubroutineGetShellViewForDesktop | TryDllMultiMethod | N/A |
 | DelayedExecutionExecuteOnDisplayOff | TryDllMultiMethod | N/A |
 | GetPidFromWindowsTerminalService | TryDllMultiMethod | N/A |
-| GetCurrentUserSid | TryDllMultiMethod | N/A |
 | NtQueryOpenSubKeysEx | admin required | N/A |
-| GetProcessBinaryNameFromHwndW | make A variant | N/A |
 | MpfComMonitorChromeSessionOnce | Usability improvements needed | N/A |
+| ~~GetCurrentUserSid~~ | ~~TryDllMultiMethod~~ |October 29th, 2022 |
+| ~~GetProcessBinaryNameFromHwndW~~ | ~~make A variant~~ | October 29th, 2022 |
+| ~~CreateProcessFromIShellDispatchInvoke~~ | ~~TryDllMultiMethod~~ | October 29th, 2022 |
 | ~~ShellcodeExecViaCertFindChainInStore~~ | ~~Buggy, unstable~~ | October 23rd, 2022 |
 | ~~RecursiveFindFile~~ | ~~TryDllMultiMethod~~ | October 21th, 2022 |
 | ~~UrlDownloadToFileSynchronous~~ | ~~TryDllMultiMethod~~ | October 21th, 2022 |

VX-API/CreateProcessFromIShellDispatchInvoke.cpp

@@ -15,7 +15,7 @@ DWORD CreateProcessFromIShellDispatchInvokeW(_In_ PWCHAR BinaryPath)
 	DISPPARAMS DispatchParameters;
 	LPOLESTR MemberString = (PWCHAR)L"ShellExecute";
 
-	hModule = LoadLibraryW(L"Shell32.dll");
+	hModule = TryLoadDllMultiMethodW((PWCHAR)L"Shell32.dll");
 	if (hModule == NULL)
 		return GetLastErrorFromTeb();
 

VX-API/GetCurrentUserSid.cpp

@@ -21,7 +21,7 @@ LPWSTR GetCurrentUserSidW(VOID)
 	HMODULE hAdvapi = NULL;
 	HANDLE hToken = NULL;
 
-	hAdvapi = LoadLibraryW(L"Advapi32.dll");
+	hAdvapi = TryLoadDllMultiMethodW((PWCHAR)L"Advapi32.dll");
 	if (hAdvapi == NULL)
 		goto EXIT_ROUTINE;
 
@@ -99,7 +99,7 @@ LPSTR GetCurrentUserSidA(VOID)
 	HMODULE hAdvapi = NULL;
 	HANDLE hToken = NULL;
 
-	hAdvapi = LoadLibraryW(L"Advapi32.dll");
+	hAdvapi = TryLoadDllMultiMethodW((PWCHAR)L"Advapi32.dll");
 	if (hAdvapi == NULL)
 		goto EXIT_ROUTINE;
 

VX-API/GetProcessBinaryNameFromHwnd.cpp

@@ -26,6 +26,40 @@ BOOL GetProcessBinaryNameFromHwndW(_In_ HWND ProcessHwnd, _Inout_ PWCHAR BinaryN
 
 	bFlag = TRUE;
 
+EXIT_ROUTINE:
+
+	if (hHandle)
+		CloseHandle(hHandle);
+
+	return bFlag;
+}
+
+BOOL GetProcessBinaryNameFromHwndA(_In_ HWND ProcessHwnd, _Inout_ PCHAR BinaryName, _In_ DWORD BufferSize)
+{
+	CHAR Buffer[MAX_PATH * sizeof(WCHAR)] = { 0 };
+	DWORD ProcessId = ERROR_SUCCESS;
+	HANDLE hHandle = NULL;
+	BOOL bFlag = FALSE;
+	DWORD dwError = 0;
+	DWORD dwLength = MAX_PATH * sizeof(WCHAR);
+
+	GetWindowThreadProcessId(ProcessHwnd, &ProcessId);
+
+	hHandle = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, ProcessId);
+	if (hHandle == NULL)
+		return FALSE;
+
+	if (!QueryFullProcessImageNameA(hHandle, 0, Buffer, &dwLength))
+		goto EXIT_ROUTINE;
+
+	if (MAX_PATH * sizeof(WCHAR) > BufferSize)
+		goto EXIT_ROUTINE;
+
+	if (StringCopyA(BinaryName, Buffer) == NULL)
+		goto EXIT_ROUTINE;
+
+	bFlag = TRUE;
+
 EXIT_ROUTINE:
 
 	if (hHandle)

VX-API/Win32Helper.h

@@ -172,6 +172,7 @@ HMODULE TryLoadDllMultiMethodW(_In_ PWCHAR DllName);
 HMODULE TryLoadDllMultiMethodA(_In_ PCHAR DllName);
 DWORD CreateThreadAndWaitForCompletion(_In_ LPTHREAD_START_ROUTINE StartAddress, _In_ LPVOID Parameters, _In_ DWORD dwMilliseconds);
 BOOL GetProcessBinaryNameFromHwndW(_In_ HWND ProcessHwnd, _Inout_ PWCHAR BinaryName, _In_ DWORD BufferSize);
+BOOL GetProcessBinaryNameFromHwndA(_In_ HWND ProcessHwnd, _Inout_ PCHAR BinaryName, _In_ DWORD BufferSize)