diff --git a/leechagent/version.h b/leechagent/version.h index 2ccc808..b67a167 100644 --- a/leechagent/version.h +++ b/leechagent/version.h @@ -3,8 +3,8 @@ #define VERSION_MAJOR 2 #define VERSION_MINOR 18 -#define VERSION_REVISION 0 -#define VERSION_BUILD 69 +#define VERSION_REVISION 1 +#define VERSION_BUILD 70 #define VER_FILE_DESCRIPTION_STR "LeechAgent Memory Acquisition Service" #define VER_FILE_VERSION VERSION_MAJOR, VERSION_MINOR, VERSION_REVISION, VERSION_BUILD diff --git a/leechcore/device_hibr.c b/leechcore/device_hibr.c index e970291..312d17c 100644 --- a/leechcore/device_hibr.c +++ b/leechcore/device_hibr.c @@ -168,6 +168,7 @@ NTSTATUS OSCOMPAT_RtlDecompressBufferEx(USHORT CompressionFormat, PUCHAR Uncompr static BOOL fFirst = TRUE; static SRWLOCK LockSRW = SRWLOCK_INIT; static int(*pfn_xpress_decompress)(PBYTE pbIn, SIZE_T cbIn, PBYTE pbOut, SIZE_T *pcbOut) = NULL; + static int(*pfn_xpress_decompress_huff)(PBYTE pbIn, SIZE_T cbIn, PBYTE pbOut, SIZE_T * pcbOut) = NULL; CHAR szPathLib[MAX_PATH] = { 0 }; Util_GetPathLib(szPathLib); strncat_s(szPathLib, sizeof(szPathLib), "libMSCompression.so", _TRUNCATE); @@ -178,20 +179,18 @@ NTSTATUS OSCOMPAT_RtlDecompressBufferEx(USHORT CompressionFormat, PUCHAR Uncompr fFirst = FALSE; lib_mscompress = dlopen(szPathLib, RTLD_NOW); if(lib_mscompress) { - if(CompressionFormat == 3) { // COMPRESS_ALGORITHM_XPRESS - pfn_xpress_decompress = (int(*)(PBYTE, SIZE_T, PBYTE, SIZE_T *))dlsym(lib_mscompress, "xpress_decompress"); - } - if(CompressionFormat == 4) { // COMPRESS_ALGORITHM_XPRESS_HUFF - pfn_xpress_decompress = (int(*)(PBYTE, SIZE_T, PBYTE, SIZE_T *))dlsym(lib_mscompress, "xpress_huff_decompress"); - } + pfn_xpress_decompress = (int(*)(PBYTE, SIZE_T, PBYTE, SIZE_T *))dlsym(lib_mscompress, "xpress_decompress"); + pfn_xpress_decompress_huff = (int(*)(PBYTE, SIZE_T, PBYTE, SIZE_T *))dlsym(lib_mscompress, "xpress_huff_decompress"); } } ReleaseSRWLockExclusive(&LockSRW); } *FinalUncompressedSize = 0; - if(pfn_xpress_decompress) { + if(pfn_xpress_decompress && pfn_xpress_decompress_huff) { cbOut = UncompressedBufferSize; - rc = pfn_xpress_decompress(CompressedBuffer, CompressedBufferSize, UncompressedBuffer, &cbOut); + rc = (CompressionFormat == 4) ? + pfn_xpress_decompress_huff(CompressedBuffer, CompressedBufferSize, UncompressedBuffer, &cbOut) : + pfn_xpress_decompress(CompressedBuffer, CompressedBufferSize, UncompressedBuffer, &cbOut); if(rc == 0) { *FinalUncompressedSize = cbOut; return HIBR_STATUS_SUCCESS; diff --git a/leechcore/version.h b/leechcore/version.h index 8672bf8..5352f63 100644 --- a/leechcore/version.h +++ b/leechcore/version.h @@ -3,8 +3,8 @@ #define VERSION_MAJOR 2 #define VERSION_MINOR 18 -#define VERSION_REVISION 0 -#define VERSION_BUILD 69 +#define VERSION_REVISION 1 +#define VERSION_BUILD 70 #define VER_FILE_DESCRIPTION_STR "LeechCore Memory Acquisition Library" #define VER_FILE_VERSION VERSION_MAJOR, VERSION_MINOR, VERSION_REVISION, VERSION_BUILD diff --git a/leechcorepyc/pkggen_linux.sh b/leechcorepyc/pkggen_linux.sh index 356ab6c..9daaaab 100644 --- a/leechcorepyc/pkggen_linux.sh +++ b/leechcorepyc/pkggen_linux.sh @@ -43,7 +43,7 @@ leechcorepyc = Extension( setup( name='leechcorepyc', - version='2.18.0', # VERSION_END + version='2.18.1', # VERSION_END description='LeechCore for Python', long_description='LeechCore for Python : native extension for physical memory access', url='https://github.com/ufrisk/LeechCore', diff --git a/leechcorepyc/version.h b/leechcorepyc/version.h index ef022a8..3bbe22f 100644 --- a/leechcorepyc/version.h +++ b/leechcorepyc/version.h @@ -3,8 +3,8 @@ #define VERSION_MAJOR 2 #define VERSION_MINOR 18 -#define VERSION_REVISION 0 -#define VERSION_BUILD 69 +#define VERSION_REVISION 1 +#define VERSION_BUILD 70 #define VER_FILE_DESCRIPTION_STR "LeechCore Memory Acquisition Library : Python API" #define VER_FILE_VERSION VERSION_MAJOR, VERSION_MINOR, VERSION_REVISION, VERSION_BUILD