Skip to content

Instantly share code, notes, and snippets.

@odzhan
Last active June 5, 2021 20:16
Show Gist options
  • Save odzhan/d10d8a7170539bfe372b4cd046712a2b to your computer and use it in GitHub Desktop.
Save odzhan/d10d8a7170539bfe372b4cd046712a2b to your computer and use it in GitHub Desktop.
Compression using NT Layer DLL API
/**
BSD 3-Clause License
Copyright (c) 2019 Odzhan. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
* Neither the name of the copyright holder nor the names of its
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include <Windows.h>
#include <stdio.h>
#include <inttypes.h>
#include <limits.h>
#define RTLZX_NONE 0
#define RTLZX_PACK 1
#define RTLZX_UNPACK 2
#pragma comment(lib, "cabinet.lib")
static uint32_t file_diff(uint32_t new_len, uint32_t old_len) {
if (new_len <= UINT_MAX / 100) {
new_len *= 100;
} else {
old_len /= 100;
}
if (old_len == 0) {
old_len = 1;
}
return (100 - (new_len / old_len));
}
VOID xstrerror (PCHAR fmt, ...){
PCHAR error=NULL;
va_list arglist;
CHAR buffer[1024];
DWORD dwError=GetLastError();
va_start(arglist, fmt);
_vsnprintf(buffer, ARRAYSIZE(buffer), fmt, arglist);
va_end (arglist);
if (FormatMessage (
FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM,
NULL, dwError, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
(LPSTR)&error, 0, NULL))
{
printf(" [ %s : %s\n", buffer, error);
LocalFree (error);
} else {
printf(" [ %s error : %08lX\n", buffer, dwError);
}
}
typedef NTSTATUS (WINAPI *RtlGetCompressionWorkSpaceSize_t)(
USHORT CompressionFormatAndEngine,
PULONG CompressBufferWorkSpaceSize,
PULONG CompressFragmentWorkSpaceSize);
typedef NTSTATUS (WINAPI *RtlCompressBuffer_t)(
USHORT CompressionFormatAndEngine,
PUCHAR UncompressedBuffer,
ULONG UncompressedBufferSize,
PUCHAR CompressedBuffer,
ULONG CompressedBufferSize,
ULONG UncompressedChunkSize,
PULONG FinalCompressedSize,
PVOID WorkSpace);
DWORD CompressBuffer(DWORD engine, LPVOID inbuf, DWORD inlen, HANDLE outfile) {
ULONG wspace, fspace;
SIZE_T outlen;
DWORD len;
NTSTATUS nts;
PVOID ws, outbuf;
HMODULE m;
RtlGetCompressionWorkSpaceSize_t RtlGetCompressionWorkSpaceSize;
RtlCompressBuffer_t RtlCompressBuffer;
m = GetModuleHandle("ntdll");
RtlGetCompressionWorkSpaceSize = (RtlGetCompressionWorkSpaceSize_t)GetProcAddress(m, "RtlGetCompressionWorkSpaceSize");
RtlCompressBuffer = (RtlCompressBuffer_t)GetProcAddress(m, "RtlCompressBuffer");
if(RtlGetCompressionWorkSpaceSize == NULL || RtlCompressBuffer == NULL) {
printf("Unable to resolve RTL API\n");
return 0;
}
// 1. obtain the size of workspace
nts = RtlGetCompressionWorkSpaceSize(
engine | COMPRESSION_ENGINE_MAXIMUM,
&wspace, &fspace);
if(nts == 0) {
// 2. allocate memory for workspace
ws = malloc(wspace);
if(ws != NULL) {
// 3. allocate memory for output
outbuf = malloc(inlen);
if(outbuf != NULL) {
// 4. compress data
nts = RtlCompressBuffer(
engine | COMPRESSION_ENGINE_MAXIMUM,
inbuf, inlen, outbuf, inlen, 0,
(PULONG)&outlen, ws);
if(nts == 0) {
// 5. write the original length
WriteFile(outfile, &inlen, sizeof(DWORD), &len, 0);
// 6. write compressed data to file
WriteFile(outfile, outbuf, outlen, &len, 0);
}
// 7. free output buffer
free(outbuf);
}
// 8. free workspace
free(ws);
}
}
return outlen;
}
typedef NTSTATUS (WINAPI *RtlDecompressBufferEx_t)(
USHORT CompressionFormatAndEngine,
PUCHAR UncompressedBuffer,
ULONG UncompressedBufferSize,
PUCHAR CompressedBuffer,
ULONG CompressedBufferSize,
PULONG FinalUncompressedSize,
PVOID WorkSpace);
DWORD DecompressBuffer(DWORD engine, LPVOID inbuf, DWORD inlen, HANDLE outfile) {
ULONG wspace, fspace;
SIZE_T outlen = 0;
DWORD len;
NTSTATUS nts;
PVOID ws, outbuf;
HMODULE m;
RtlGetCompressionWorkSpaceSize_t RtlGetCompressionWorkSpaceSize;
RtlDecompressBufferEx_t RtlDecompressBufferEx;
m = GetModuleHandle("ntdll");
RtlGetCompressionWorkSpaceSize = (RtlGetCompressionWorkSpaceSize_t)GetProcAddress(m, "RtlGetCompressionWorkSpaceSize");
RtlDecompressBufferEx = (RtlDecompressBufferEx_t)GetProcAddress(m, "RtlDecompressBufferEx");
if(RtlGetCompressionWorkSpaceSize == NULL || RtlDecompressBufferEx == NULL) {
printf("Unable to resolve RTL API\n");
return 0;
}
// 1. obtain the size of workspace
nts = RtlGetCompressionWorkSpaceSize(
engine | COMPRESSION_ENGINE_MAXIMUM,
&wspace, &fspace);
if(nts == 0) {
// 2. allocate memory for workspace
ws = malloc(wspace);
if(ws != NULL) {
// 3. allocate memory for output
outlen = *(DWORD*)inbuf;
outbuf = malloc(outlen);
if(outbuf != NULL) {
// 4. decompress data
nts = RtlDecompressBufferEx(
engine | COMPRESSION_ENGINE_MAXIMUM,
outbuf, outlen,
(PBYTE)inbuf + sizeof(DWORD), inlen - sizeof(DWORD),
(PULONG)&outlen, ws);
if(nts == 0) {
// 5. write decompressed data to file
WriteFile(outfile, outbuf, outlen, &len, 0);
} else {
printf("RtlDecompressBufferEx failed with %08lx\n", nts);
}
// 6. free output buffer
free(outbuf);
} else {
printf("malloc() failed\n");
}
// 7. free workspace
free(ws);
}
}
return outlen;
}
// map a file for reading
DWORD CompressOrDecompress(DWORD engine, BOOL compress, const char *infile, const char *outfile) {
HANDLE fin, fout, map;
LPVOID inbuf;
DWORD inlen, outlen, err;
LARGE_INTEGER fs;
// open input file for reading
fin = CreateFile(infile, GENERIC_READ,
FILE_SHARE_READ, NULL, OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL, NULL);
// error? exit
if(fin == INVALID_HANDLE_VALUE) {
xstrerror("CreateFile");
return 0;
}
// read the file size
GetFileSizeEx(fin, &fs);
if(fs.QuadPart == 0) {
printf("file is empty\n");
return 0;
}
inlen = fs.LowPart;
// create file mapping
map = CreateFileMapping(fin, NULL, PAGE_READONLY, 0, 0, NULL);
if(map != NULL) {
// map a view of the file
inbuf = MapViewOfFile(map, FILE_MAP_READ, 0, 0, 0);
if(inbuf != NULL) {
// open output file for writing
fout = CreateFile(outfile, GENERIC_WRITE,
FILE_SHARE_WRITE, NULL, CREATE_ALWAYS,
FILE_ATTRIBUTE_NORMAL, NULL);
// if file opened
if(fout != INVALID_HANDLE_VALUE) {
// compress?
if(compress == RTLZX_PACK) {
err = CompressBuffer(engine, inbuf, inlen, fout);
} else {
err = DecompressBuffer(engine, inbuf, inlen, fout);
}
GetFileSizeEx(fout, &fs);
outlen = fs.LowPart;
CloseHandle(fout);
} else {
xstrerror("CreateFile");
}
// unmap view
UnmapViewOfFile(inbuf);
} else {
xstrerror("MapViewOfFile");
}
// close mapping
CloseHandle(map);
} else {
xstrerror("CreateFileMapping");
}
// close input file
CloseHandle(fin);
// return the ratio
return (compress == RTLZX_PACK) ? file_diff(outlen, inlen) : file_diff(inlen, outlen);
}
static char* get_param (int argc, char *argv[], int *i) {
int n = *i;
if (argv[n][2] != 0) {
return &argv[n][2];
}
if ((n+1) < argc) {
*i = n + 1;
return argv[n+1];
}
printf(" [ %c%c requires parameter\n", argv[n][0], argv[n][1]);
exit (0);
}
void usage(void) {
printf(" usage: rtlcompress [options] -i <infile> -o <outfile>\n");
printf(" -c Compress\n");
printf(" -d Decompress\n");
printf(" -i <infile> Input file\n");
printf(" -o <outfile> Output file\n");
printf(" -e <engine> Compression engine. 2=LZNT1, 3=Xpress, 4=Xpress Huffman\n\n");
exit(-1);
}
int main(int argc, char *argv[]) {
DWORD engine = COMPRESSION_FORMAT_XPRESS_HUFF;
DWORD ratio, i, compress = RTLZX_NONE;
PCHAR infile = NULL, outfile = NULL;
printf("\n");
printf(" [ RtlCompress compression utility v0.1\n");
printf(" [ Copyright (c) 2019 Odzhan\n\n");
if(argc < 3) {
usage();
}
// for each argument
for(i=1; i<argc; i++) {
// is this a switch?
if(argv[i][0] == '/' || argv[i][0] == '-') {
switch(argv[i][1]) {
// compress?
case 'c':
compress = RTLZX_PACK;
break;
// decompress?
case 'd':
compress = RTLZX_UNPACK;
break;
// input file
case 'i':
infile = get_param(argc, argv, &i);
break;
// output file
case 'o':
outfile = get_param(argc, argv, &i);
break;
// compression engine
case 'e':
engine = atoi(get_param(argc, argv, &i));
break;
default:
usage();
}
} else {
usage();
}
}
// no input?
if(infile == NULL) {
printf(" [ no input file specified.\n");
return 0;
}
// no output?
if(outfile == NULL) {
printf(" [ no output file specified.\n");
return 0;
}
// invalid engine?
if(engine != COMPRESSION_FORMAT_LZNT1 &&
engine != COMPRESSION_FORMAT_XPRESS &&
engine != COMPRESSION_FORMAT_XPRESS_HUFF)
{
printf(" [ invalid engine specified.\n");
return 0;
}
// no mode selected?
if(compress == 0) {
printf(" [ use -c for compression or -d for decompression.\n");
return 0;
}
printf(" [ %s %s to %s using %s\n",
compress == RTLZX_PACK ? "compressing" : "decompressing",
infile, outfile,
engine == COMPRESSION_FORMAT_LZNT1 ? "LZNT1" :
engine == COMPRESSION_FORMAT_XPRESS ? "Xpress" : "Xpress Huffman");
// 1=compress, 2=decompress
ratio = CompressOrDecompress(engine, compress, infile, outfile);
if(ratio != 0) {
printf(" [ file size %s by %"PRId32"%%\n",
compress == RTLZX_PACK ? "reduced" : "increased", ratio);
}
return 0;
}
@otofoto
Copy link

otofoto commented Feb 8, 2021

Doesn't compile for me

Warning W8065 rtlcompress.c 66: Call to function 'ARRAYSIZE' with no prototype in function xstrerror
Warning W8004 rtlcompress.c 281: 'err' is assigned a value that is never used in function CompressOrDecompress
Warning W8070 rtlcompress.c 294: Function should return a value in function get_param
Warning W8012 rtlcompress.c 320: Comparing signed and unsigned values in function main
Warning W8075 rtlcompress.c 334: Suspicious pointer conversion in function main
Warning W8075 rtlcompress.c 338: Suspicious pointer conversion in function main
Warning W8075 rtlcompress.c 342: Suspicious pointer conversion in function main
Fatal: Unable to open file 'CABINET.LIB'
Error: Unresolved external '_ARRAYSIZE'

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment