BOOL DecompressBuffer(PVOID pvInputBuffer,DWORD dwInputBufferSize,PVOID *ppvOutputBuffer,DWORD dwOutputBufferSize) { BOOL bRet = FALSE; PVOID pvOutputBuffer; DWORD dwDecompressedSize; NTSTATUS St; if (pvOutputBuffer = malloc(dwOutputBufferSize)) { St = RtlDecompressBuffer(COMPRESSION_FORMAT_LZNT1,pvOutputBuffer,dwOutputBufferSize,pvInputBuffer,dwInputBufferSize,&dwDecompressedSize); if (NT_SUCCESS(St)) { bRet = dwDecompressedSize == dwOutputBufferSize; if (bRet) *ppvOutputBuffer = pvOutputBuffer; } else { DbgPrint(__FUNCTION__"(): RtlDecompressBuffer failed with status %lx\n",St); } if (!bRet) free(pvOutputBuffer); } return bRet; }
/* * Decrypts the WLAN key structure */ int DecodeWLANKeys (WLANKEY **keys, int *numkeys){ unsigned char tmp[3]; unsigned long long *out; unsigned long long *in; unsigned char *wkspace; unsigned long wkspacelen; unsigned long outlen; int i; wkspacelen = 0; RtlGetCompressionWorkSpaceSize( COMPRESSION_FORMAT_LZNT1 | COMPRESSION_ENGINE_MAXIMUM, (ULONG *)&wkspacelen, (ULONG *)&outlen ); wkspace = malloc(wkspacelen); *keys = malloc (WLANKEYDATALEN); if (*keys == NULL || wkspacelen == 0 || wkspace == NULL){ return errno; } tmp[2] = 0; out = (unsigned long long *)(*keys); in = (unsigned long long *)encwlankeys; for (i=0; i < (WLANKEYDATACOMPRLEN + 7) / 8; i++){ in[i] ^= TEA_Rand(enckey, NULL); } outlen = 0; RtlDecompressBuffer( COMPRESSION_FORMAT_LZNT1 | COMPRESSION_ENGINE_MAXIMUM, (UCHAR *)out, WLANKEYDATALEN, (UCHAR *)in, WLANKEYDATACOMPRLEN, &outlen ); if (outlen != WLANKEYDATALEN){ return 1; } if (numkeys != NULL){ *numkeys = WLANKEYDATALEN / sizeof(WLANKEY) - 1; } return ERROR_SUCCESS; }
BOOL kull_m_memory_quick_decompress(IN PVOID data, IN DWORD size, IN OPTIONAL DWORD originalSize, IN OUT PVOID *decompressedData, IN OUT PDWORD decompressedSize) { BOOL status = FALSE; NTSTATUS ntStatus = STATUS_BAD_COMPRESSION_BUFFER; DWORD UncompressedBufferSize; for(UncompressedBufferSize = (originalSize ? originalSize : (size << 2)); ntStatus == STATUS_BAD_COMPRESSION_BUFFER; UncompressedBufferSize <<= 2) { if((*decompressedData) = LocalAlloc(LPTR, UncompressedBufferSize)) { ntStatus = RtlDecompressBuffer(COMPRESSION_FORMAT_LZNT1 | COMPRESSION_ENGINE_MAXIMUM, (PUCHAR) (*decompressedData), UncompressedBufferSize, (PUCHAR) data, size, decompressedSize); status = NT_SUCCESS(ntStatus); if(!status) LocalFree(*decompressedData); } else break; } return status; }