mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-19 09:56:10 +00:00
139 lines
5.0 KiB
C#
139 lines
5.0 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
// Type: Microsoft.InfoCards.UIAgentRequest
|
|||
|
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
|
|||
|
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
|
|||
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
|
|||
|
|
|||
|
using Microsoft.InfoCards.Diagnostics;
|
|||
|
using Microsoft.Win32.SafeHandles;
|
|||
|
using System;
|
|||
|
using System.ComponentModel;
|
|||
|
using System.IO;
|
|||
|
using System.Runtime.InteropServices;
|
|||
|
using System.Security;
|
|||
|
using System.Security.Principal;
|
|||
|
|
|||
|
namespace Microsoft.InfoCards
|
|||
|
{
|
|||
|
internal abstract class UIAgentRequest : Request
|
|||
|
{
|
|||
|
private ClientUIRequest m_parentRequest;
|
|||
|
|
|||
|
public UIAgentRequest(IntPtr rpcHandle, Stream inArgs, Stream outArgs, ClientUIRequest parent)
|
|||
|
: this(rpcHandle, inArgs, outArgs, parent, ExceptionList.Empty)
|
|||
|
{
|
|||
|
}
|
|||
|
|
|||
|
public UIAgentRequest(
|
|||
|
IntPtr rpcHandle,
|
|||
|
Stream inArgs,
|
|||
|
Stream outArgs,
|
|||
|
ClientUIRequest parent,
|
|||
|
ExceptionList exceptionList)
|
|||
|
: base(rpcHandle, inArgs, outArgs, exceptionList)
|
|||
|
{
|
|||
|
this.m_parentRequest = parent;
|
|||
|
}
|
|||
|
|
|||
|
public ClientUIRequest ParentRequest => this.m_parentRequest;
|
|||
|
|
|||
|
protected InfoCardUIAgent UIAgent => this.ParentRequest != null ? this.ParentRequest.UIAgent : (InfoCardUIAgent) null;
|
|||
|
|
|||
|
public static uint Authorize(IntPtr rpcIfHandle, IntPtr context)
|
|||
|
{
|
|||
|
uint num = 5;
|
|||
|
if (IntPtr.Zero == rpcIfHandle)
|
|||
|
throw InfoCardTrace.ThrowHelperArgumentNull(nameof (rpcIfHandle));
|
|||
|
if (IntPtr.Zero == context)
|
|||
|
throw InfoCardTrace.ThrowHelperArgumentNull(nameof (context));
|
|||
|
try
|
|||
|
{
|
|||
|
WindowsIdentity windowsIdentity = Utility.GetWindowsIdentity(context);
|
|||
|
try
|
|||
|
{
|
|||
|
NativeMcppMethods.CheckSIDAgainstCurrentRpcUser((InfoCardUIAgent.FindByPid(Utility.GetRpcClientPid(context)) ?? throw InfoCardTrace.ThrowHelperError((Exception) new SecurityException())).TrustedUserSid);
|
|||
|
num = 0U;
|
|||
|
}
|
|||
|
finally
|
|||
|
{
|
|||
|
windowsIdentity.Dispose();
|
|||
|
}
|
|||
|
}
|
|||
|
catch (SecurityException ex)
|
|||
|
{
|
|||
|
InfoCardTrace.Assert(5U == num, "Unexpected value for err!");
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
InfoCardService.Crash(ex);
|
|||
|
}
|
|||
|
return num;
|
|||
|
}
|
|||
|
|
|||
|
public static void BindToService(
|
|||
|
IntPtr uiagentRpcHandle,
|
|||
|
IntPtr nativeDesktopName,
|
|||
|
int cbUserSid,
|
|||
|
IntPtr pUserSid,
|
|||
|
int cbTrustedSid,
|
|||
|
IntPtr pTrustedSid,
|
|||
|
out IntPtr nativeStartEventHandle,
|
|||
|
out IntPtr nativeCompleteEventHandle,
|
|||
|
out RpcUIAgentGetWorkCallback callback)
|
|||
|
{
|
|||
|
string stringUni = Marshal.PtrToStringUni(nativeDesktopName);
|
|||
|
callback = (RpcUIAgentGetWorkCallback) null;
|
|||
|
nativeStartEventHandle = IntPtr.Zero;
|
|||
|
nativeCompleteEventHandle = IntPtr.Zero;
|
|||
|
using (WindowsIdentity windowsIdentity = Utility.GetWindowsIdentity(uiagentRpcHandle))
|
|||
|
{
|
|||
|
WindowsImpersonationContext impersonationContext = windowsIdentity.Impersonate();
|
|||
|
try
|
|||
|
{
|
|||
|
uint pid;
|
|||
|
if (NativeMethods.I_RpcBindingInqLocalClientPID(uiagentRpcHandle, out pid) != 0U)
|
|||
|
throw InfoCardTrace.ThrowHelperError((Exception) new CommunicationException(SR.GetString("FailedToBindToService")));
|
|||
|
InfoCardUIAgent byPid = InfoCardUIAgent.FindByPid(pid);
|
|||
|
if (byPid == null)
|
|||
|
return;
|
|||
|
SecurityIdentifier userSid;
|
|||
|
SafeWaitHandle hStartEvent;
|
|||
|
SafeWaitHandle hCompleteEvent;
|
|||
|
callback = byPid.Bind(stringUni, out userSid, out hStartEvent, out hCompleteEvent);
|
|||
|
byte[] numArray = new byte[Math.Max(cbUserSid, cbTrustedSid)];
|
|||
|
windowsIdentity.User.GetBinaryForm(numArray, 0);
|
|||
|
Marshal.Copy(numArray, 0, pUserSid, cbUserSid);
|
|||
|
userSid.GetBinaryForm(numArray, 0);
|
|||
|
Marshal.Copy(numArray, 0, pTrustedSid, cbTrustedSid);
|
|||
|
nativeStartEventHandle = hStartEvent.DangerousGetHandle();
|
|||
|
nativeCompleteEventHandle = hCompleteEvent.DangerousGetHandle();
|
|||
|
}
|
|||
|
finally
|
|||
|
{
|
|||
|
impersonationContext.Undo();
|
|||
|
}
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
public override WindowsIdentity RequestorIdentity => this.ParentRequest.RequestorIdentity;
|
|||
|
|
|||
|
protected override void OnInitializeAsSystem()
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
NativeMcppMethods.CheckSIDAgainstCurrentRpcUser(this.ParentRequest.UIAgentLogonSid);
|
|||
|
}
|
|||
|
catch (Win32Exception ex)
|
|||
|
{
|
|||
|
throw InfoCardTrace.ThrowHelperError((Exception) new InfoCardArgumentException(SR.GetString("UnableToAuthenticateUIAgent"), (Exception) ex));
|
|||
|
}
|
|||
|
catch (SecurityException ex)
|
|||
|
{
|
|||
|
throw InfoCardTrace.ThrowHelperError((Exception) new InfoCardArgumentException(SR.GetString("UnableToAuthenticateUIAgent"), (Exception) ex));
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
protected InfoCardPolicy GetPolicy() => !(this.ParentRequest is GetTokenRequest parentRequest) ? (InfoCardPolicy) null : parentRequest.Policy;
|
|||
|
}
|
|||
|
}
|