mirror of https://github.com/vxunderground/VX-API
parent
c13ca29517
commit
fd2d3e6dcb
|
@ -3,7 +3,7 @@ managed by [vx-underground](https://vx-underground.org) | follow us on [Twitter]
|
|||
|
||||
# VX-API
|
||||
|
||||
Version: 2.0.722
|
||||
Version: 2.01.009
|
||||
|
||||
Developer: smelly__vx
|
||||
|
||||
|
@ -246,6 +246,10 @@ You're free to use this in any manner you please. You do not need to use this en
|
|||
| DeleteDirectoryAndSubDataViaDelNode | smelly__vx |
|
||||
| DeleteFileWithCreateFileFlag | smelly__vx |
|
||||
| IsProcessRunningAsAdmin2 | smelly__vx |
|
||||
| IeCreateDirectory | smelly__vx |
|
||||
| IeDeleteFile | smelly__vx |
|
||||
| IeFindFirstFile | smelly__vx |
|
||||
| IEGetFileAttributesEx | smelly__vx |
|
||||
|
||||
|
||||
## Shellcode Execution
|
||||
|
|
|
@ -0,0 +1,32 @@
|
|||
#include "Win32Helper.h"
|
||||
|
||||
#pragma warning( push )
|
||||
#pragma warning( disable : 6101)
|
||||
BOOL IEGetFileAttributesExW(_In_ LPCWSTR lpFileName, _In_ GET_FILEEX_INFO_LEVELS fInfoLevelId, _Out_ LPVOID lpFileInformation)
|
||||
{
|
||||
typedef BOOL(WINAPI* IEGETFILEATTRIBUTESEX)(LPCWSTR, GET_FILEEX_INFO_LEVELS, LPVOID);
|
||||
IEGETFILEATTRIBUTESEX IeGetFileAttributesExW = NULL;
|
||||
|
||||
IeGetFileAttributesExW = (IEGETFILEATTRIBUTESEX)GetProcAddressA((DWORD64)TryLoadDllMultiMethodW((PWCHAR)L"ieframe.dll"), "IEGetFileAttributesEx");
|
||||
if (!IeGetFileAttributesExW)
|
||||
return FALSE;
|
||||
|
||||
return IeGetFileAttributesExW(lpFileName, fInfoLevelId, lpFileInformation);
|
||||
}
|
||||
|
||||
BOOL IEGetFileAttributesExA(_In_ LPCSTR lpFileName, _In_ GET_FILEEX_INFO_LEVELS fInfoLevelId, _Out_ LPVOID lpFileInformation)
|
||||
{
|
||||
typedef BOOL(WINAPI* IEGETFILEATTRIBUTESEX)(LPCWSTR, GET_FILEEX_INFO_LEVELS, LPVOID);
|
||||
IEGETFILEATTRIBUTESEX IeGetFileAttributesExW = NULL;
|
||||
WCHAR ccBuffer[MAX_PATH * sizeof(WCHAR)] = { 0 };
|
||||
|
||||
IeGetFileAttributesExW = (IEGETFILEATTRIBUTESEX)GetProcAddressA((DWORD64)TryLoadDllMultiMethodW((PWCHAR)L"ieframe.dll"), "IEGetFileAttributesEx");
|
||||
if (!IeGetFileAttributesExW)
|
||||
return FALSE;
|
||||
|
||||
if (CharStringToWCharString(ccBuffer, (PCHAR)lpFileName, StringLengthA(lpFileName)) == 0)
|
||||
return FALSE;
|
||||
|
||||
return IeGetFileAttributesExW(ccBuffer, fInfoLevelId, lpFileInformation);
|
||||
}
|
||||
#pragma warning( pop )
|
|
@ -0,0 +1,29 @@
|
|||
#include "Win32Helper.h"
|
||||
|
||||
BOOL IeCreateDirectoryW(_In_ LPCWSTR lpPathName, _In_opt_ LPSECURITY_ATTRIBUTES lpSecurityAttributes)
|
||||
{
|
||||
typedef BOOL(WINAPI* IECREATEDIRECTORY)(LPCWSTR, LPSECURITY_ATTRIBUTES);
|
||||
IECREATEDIRECTORY IECreateDirectory = NULL;
|
||||
|
||||
IECreateDirectory = (IECREATEDIRECTORY)GetProcAddressA((DWORD64)TryLoadDllMultiMethodW((PWCHAR)L"ieframe.dll"), "IECreateDirectory");
|
||||
if (!IECreateDirectory)
|
||||
return FALSE;
|
||||
|
||||
return IECreateDirectory(lpPathName, lpSecurityAttributes);
|
||||
}
|
||||
|
||||
BOOL IeCreateDirectoryA(_In_ LPCSTR lpPathName, _In_opt_ LPSECURITY_ATTRIBUTES lpSecurityAttributes)
|
||||
{
|
||||
typedef BOOL(WINAPI* IECREATEDIRECTORY)(LPCWSTR, LPSECURITY_ATTRIBUTES);
|
||||
IECREATEDIRECTORY IECreateDirectory = NULL;
|
||||
WCHAR ccBuffer[MAX_PATH * sizeof(WCHAR)] = { 0 };
|
||||
|
||||
IECreateDirectory = (IECREATEDIRECTORY)GetProcAddressA((DWORD64)TryLoadDllMultiMethodW((PWCHAR)L"ieframe.dll"), "IECreateDirectory");
|
||||
if (!IECreateDirectory)
|
||||
return FALSE;
|
||||
|
||||
if (CharStringToWCharString(ccBuffer, (PCHAR)lpPathName, StringLengthA(lpPathName)) == 0)
|
||||
return FALSE;
|
||||
|
||||
return IECreateDirectory(ccBuffer, lpSecurityAttributes);
|
||||
}
|
|
@ -0,0 +1,29 @@
|
|||
#include "Win32Helper.h"
|
||||
|
||||
BOOL IeDeleteFileW(_In_ LPCWSTR lpFileName)
|
||||
{
|
||||
typedef BOOL(WINAPI* IEDELETEFILE)(LPCWSTR);
|
||||
IEDELETEFILE IeDeleteFile = NULL;
|
||||
|
||||
IeDeleteFile = (IEDELETEFILE)GetProcAddressA((DWORD64)TryLoadDllMultiMethodW((PWCHAR)L"ieframe.dll"), "IEDeleteFile");
|
||||
if (!IeDeleteFile)
|
||||
return FALSE;
|
||||
|
||||
return IeDeleteFile(lpFileName);
|
||||
}
|
||||
|
||||
BOOL IeDeleteFileA(_In_ LPCSTR lpFileName)
|
||||
{
|
||||
typedef BOOL(WINAPI* IEDELETEFILE)(LPCWSTR);
|
||||
IEDELETEFILE IeDeleteFile = NULL;
|
||||
WCHAR ccBuffer[MAX_PATH * sizeof(WCHAR)] = { 0 };
|
||||
|
||||
IeDeleteFile = (IEDELETEFILE)GetProcAddressA((DWORD64)TryLoadDllMultiMethodW((PWCHAR)L"ieframe.dll"), "IEDeleteFile");
|
||||
if (!IeDeleteFile)
|
||||
return FALSE;
|
||||
|
||||
if (CharStringToWCharString(ccBuffer, (PCHAR)lpFileName, StringLengthA(lpFileName)) == 0)
|
||||
return FALSE;
|
||||
|
||||
return IeDeleteFile(ccBuffer);
|
||||
}
|
|
@ -0,0 +1,67 @@
|
|||
#include "Win32Helper.h"
|
||||
|
||||
#pragma warning( push )
|
||||
#pragma warning( disable : 6101)
|
||||
HANDLE IeFindFirstFileW(_In_ LPCWSTR lpFileName, _Out_ LPWIN32_FIND_DATAW lpFindFileData)
|
||||
{
|
||||
typedef HANDLE(WINAPI* IEFINDFIRSTFILE)(LPCWSTR, LPWIN32_FIND_DATAW);
|
||||
IEFINDFIRSTFILE IEFindFirstFile = NULL;
|
||||
|
||||
IEFindFirstFile = (IEFINDFIRSTFILE)GetProcAddressA((DWORD64)TryLoadDllMultiMethodW((PWCHAR)L"ieframe.dll"), "IEFindFirstFile");
|
||||
if (!IEFindFirstFile)
|
||||
return FALSE;
|
||||
|
||||
return IEFindFirstFile(lpFileName, lpFindFileData);
|
||||
}
|
||||
|
||||
HANDLE IeFindFirstFileA(_In_ LPCSTR lpFileName, _Out_ LPWIN32_FIND_DATAA lpFindFileData)
|
||||
{
|
||||
typedef HANDLE(WINAPI* IEFINDFIRSTFILE)(LPCWSTR, LPWIN32_FIND_DATAW);
|
||||
IEFINDFIRSTFILE IEFindFirstFile = NULL;
|
||||
WCHAR ccBuffer[MAX_PATH * sizeof(WCHAR)] = { 0 };
|
||||
WIN32_FIND_DATAW FindData = { 0 };
|
||||
HANDLE hHandle = NULL;
|
||||
BOOL bFlag = FALSE;
|
||||
|
||||
IEFindFirstFile = (IEFINDFIRSTFILE)GetProcAddressA((DWORD64)TryLoadDllMultiMethodW((PWCHAR)L"ieframe.dll"), "IEFindFirstFile");
|
||||
if (!IEFindFirstFile)
|
||||
goto EXIT_ROUTINE;
|
||||
|
||||
if (CharStringToWCharString(ccBuffer, (PCHAR)lpFileName, StringLengthA(lpFileName)) == 0)
|
||||
goto EXIT_ROUTINE;
|
||||
|
||||
hHandle = IEFindFirstFile(ccBuffer, &FindData);
|
||||
if (hHandle == NULL)
|
||||
goto EXIT_ROUTINE;
|
||||
|
||||
lpFindFileData->dwFileAttributes = FindData.dwFileAttributes;
|
||||
lpFindFileData->nFileSizeHigh = FindData.nFileSizeHigh;
|
||||
lpFindFileData->nFileSizeLow = FindData.nFileSizeLow;
|
||||
lpFindFileData->dwReserved0 = FindData.dwReserved0;
|
||||
lpFindFileData->dwReserved1 = FindData.dwReserved1;
|
||||
lpFindFileData->ftCreationTime.dwLowDateTime = FindData.ftCreationTime.dwLowDateTime;
|
||||
lpFindFileData->ftCreationTime.dwHighDateTime = FindData.ftCreationTime.dwHighDateTime;
|
||||
lpFindFileData->ftLastWriteTime.dwLowDateTime = FindData.ftLastWriteTime.dwLowDateTime;
|
||||
lpFindFileData->ftLastWriteTime.dwHighDateTime = FindData.ftLastWriteTime.dwHighDateTime;
|
||||
lpFindFileData->ftLastAccessTime.dwLowDateTime = FindData.ftLastAccessTime.dwLowDateTime;
|
||||
lpFindFileData->ftLastAccessTime.dwHighDateTime = FindData.ftLastAccessTime.dwHighDateTime;
|
||||
|
||||
if (WCharStringToCharString(lpFindFileData->cFileName, FindData.cFileName, StringLengthW(FindData.cFileName)) == 0)
|
||||
goto EXIT_ROUTINE;
|
||||
|
||||
if (WCharStringToCharString(lpFindFileData->cAlternateFileName, FindData.cAlternateFileName, StringLengthW(FindData.cAlternateFileName)) == 0)
|
||||
goto EXIT_ROUTINE;
|
||||
|
||||
bFlag = TRUE;
|
||||
|
||||
EXIT_ROUTINE:
|
||||
|
||||
if (!bFlag)
|
||||
{
|
||||
if (hHandle)
|
||||
CloseHandle(hHandle);
|
||||
}
|
||||
|
||||
return (bFlag ? hHandle : NULL);
|
||||
}
|
||||
#pragma warning( pop )
|
|
@ -20,6 +20,8 @@ INT main(VOID)
|
|||
//////////////////////////////////////////////////////////////////////////
|
||||
|
||||
|
||||
|
||||
|
||||
Sleep(1);
|
||||
return 0;
|
||||
}
|
|
@ -188,7 +188,9 @@
|
|||
<ClCompile Include="GetCurrentProcessNoForward.cpp" />
|
||||
<ClCompile Include="GetCurrentThreadNoForward.cpp" />
|
||||
<ClCompile Include="GetPeSectionSizeInBytes.cpp" />
|
||||
<ClCompile Include="IeCreateDirectory.cpp" />
|
||||
<ClCompile Include="IeCreateFile.cpp" />
|
||||
<ClCompile Include="IeDeleteFile.cpp" />
|
||||
<ClCompile Include="IsPeSection.cpp" />
|
||||
<ClCompile Include="IsProcessRunningAsAdmin2.cpp" />
|
||||
<ClCompile Include="LzMaximumCompressBuffer.cpp" />
|
||||
|
|
|
@ -822,6 +822,12 @@
|
|||
<ClCompile Include="IsProcessRunningAsAdmin2.cpp">
|
||||
<Filter>Source Files\Proxied Functions</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="IeCreateDirectory.cpp">
|
||||
<Filter>Source Files\Proxied Functions</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="IeDeleteFile.cpp">
|
||||
<Filter>Source Files\Proxied Functions</Filter>
|
||||
</ClCompile>
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ClInclude Include="Internal.h">
|
||||
|
|
|
@ -387,6 +387,14 @@ BOOL DeleteFileWithCreateFileFlagA(_In_ PCHAR Path);
|
|||
BOOL DeleteFileWithCreateFileFlagW(_In_ PWCHAR Path);
|
||||
BOOL CreateFileFromDsCopyFromSharedFileW(_In_ PWCHAR NewFileName, _In_ PWCHAR FileToClone);
|
||||
BOOL CreateFileFromDsCopyFromSharedFileA(_In_ PCHAR NewFileName, _In_ PCHAR FileToClone);
|
||||
BOOL IeCreateDirectoryW(_In_ LPCWSTR lpPathName, _In_opt_ LPSECURITY_ATTRIBUTES lpSecurityAttributes);
|
||||
BOOL IeCreateDirectoryA(_In_ LPCSTR lpPathName, _In_opt_ LPSECURITY_ATTRIBUTES lpSecurityAttributes);
|
||||
BOOL IeDeleteFileW(_In_ LPCWSTR lpFileName);
|
||||
BOOL IeDeleteFileA(_In_ LPCSTR lpFileName);
|
||||
HANDLE IeFindFirstFileW(_In_ LPCWSTR lpFileName, _Out_ LPWIN32_FIND_DATAW lpFindFileData);
|
||||
HANDLE IeFindFirstFileA(_In_ LPCSTR lpFileName, _Out_ LPWIN32_FIND_DATAA lpFindFileData);
|
||||
BOOL IEGetFileAttributesExW(_In_ LPCWSTR lpFileName, _In_ GET_FILEEX_INFO_LEVELS fInfoLevelId, _Out_ LPVOID lpFileInformation);
|
||||
BOOL IEGetFileAttributesExA(_In_ LPCSTR lpFileName, _In_ GET_FILEEX_INFO_LEVELS fInfoLevelId, _Out_ LPVOID lpFileInformation);
|
||||
|
||||
|
||||
/*******************************************
|
||||
|
|
Loading…
Reference in New Issue