Hello guys
I’m still beginner in C language, I was wondering if there is a C Function or winapi function that compress and decompress a buffer , an example will be great
thank you
Hello guys
I’m still beginner in C language, I was wondering if there is a C Function or winapi function that compress and decompress a buffer , an example will be great
thank you
RtlCompressBuffer and related functions provided by ntdll.dll
. You’ll need to dynamically retrieve them:
Example using RtlCompressBuffer and RtlDecompressBuffer in C++:
bool CompressBuffer(std::vector<BYTE>& out, std::vector<BYTE>& in, PULONG puFinalCompressedSize) {
DWORD(WINAPI *fnRtlGetCompressionWorkSpaceSize)(USHORT, PULONG, PULONG)
= (DWORD(WINAPI *)(USHORT, PULONG, PULONG))
(::GetProcAddress(::GetModuleHandle(TEXT("ntdll.dll")), "RtlGetCompressionWorkSpaceSize"));
DWORD(WINAPI *fnRtlCompressBuffer)(USHORT, PUCHAR, ULONG, PUCHAR, ULONG, ULONG, PULONG, PVOID)
= (DWORD(WINAPI *)(USHORT, PUCHAR, ULONG, PUCHAR, ULONG, ULONG, PULONG, PVOID))
(::GetProcAddress(::GetModuleHandle(TEXT("ntdll.dll")), "RtlCompressBuffer"));
ULONG uCompressBufferWorkSpaceSize, uCompressFragmentWorkSpaceSize;
if (fnRtlGetCompressionWorkSpaceSize(
COMPRESSION_FORMAT_LZNT1 | COMPRESSION_ENGINE_MAXIMUM,
&uCompressBufferWorkSpaceSize,
&uCompressFragmentWorkSpaceSize)) {
return false;
}
PVOID pWorkSpace = new BYTE[uCompressBufferWorkSpaceSize];
std::vector<BYTE> outData(in.size());
if (fnRtlCompressBuffer(
COMPRESSION_FORMAT_LZNT1 | COMPRESSION_ENGINE_MAXIMUM,
in.data(),
in.size(),
out.data(),
out.size(),
4096,
puFinalCompressedSize,
pWorkSpace)) {
return false;
}
delete[] pWorkSpace;
return true;
}
bool DecompressBuffer(std::vector<BYTE>& out, std::vector<BYTE>& in, PULONG puFinalCompressedSize) {
DWORD(WINAPI *fnRtlDecompressBuffer)(USHORT, PUCHAR, ULONG, PUCHAR, ULONG, PULONG)
= (DWORD(WINAPI *)(USHORT, PUCHAR, ULONG, PUCHAR, ULONG, PULONG))
(::GetProcAddress(::GetModuleHandle(TEXT("ntdll.dll")), "RtlDecompressBuffer"));
if (fnRtlDecompressBuffer(
COMPRESSION_FORMAT_LZNT1,
out.data(),
out.size(),
in.data(),
in.size(),
puFinalCompressedSize)) {
return false;
}
return true;
}
Alternatively, you can use a third party library like QuickLZ or zlib.
thank you @dtm I used zlib .
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.