mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-19 09:56:10 +00:00
112 lines
4.4 KiB
C#
112 lines
4.4 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
// Type: Microsoft.InfoCards.InfoCardService
|
|||
|
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
|
|||
|
// MVID: 516D8B44-4448-4D2C-8B8E-FFBB3FFE472B
|
|||
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Virus.Win32.Expiro.w-69bb73081eac86b8cf86f45e33515d0095855636967076e2b593d7a30cd80a07.exe
|
|||
|
|
|||
|
using Microsoft.InfoCards.Diagnostics;
|
|||
|
using System;
|
|||
|
using System.ComponentModel;
|
|||
|
using System.Net;
|
|||
|
using System.Net.Security;
|
|||
|
using System.Runtime.InteropServices;
|
|||
|
using System.Security.Principal;
|
|||
|
using System.ServiceProcess;
|
|||
|
|
|||
|
namespace Microsoft.InfoCards
|
|||
|
{
|
|||
|
internal class InfoCardService : ServiceBase
|
|||
|
{
|
|||
|
public const int WindowsVistaMajorVersion = 6;
|
|||
|
public const string FullServiceName = "idsvc";
|
|||
|
private RpcCallbacks m_rpcCallbacks;
|
|||
|
public static LifeTimeMonitor LifeTimeMonitor = (LifeTimeMonitor) null;
|
|||
|
|
|||
|
public static event EventHandler Stopping;
|
|||
|
|
|||
|
public InfoCardService()
|
|||
|
{
|
|||
|
bool flag1 = 0 != NativeMethods.GetSystemMetrics(86);
|
|||
|
bool flag2 = Environment.OSVersion.Version.Major < 6;
|
|||
|
if (NativeMcppMethods.AdjustPrivilegesWrapper(flag1 && flag2) != 0U)
|
|||
|
InfoCardService.Crash((Exception) new Win32Exception());
|
|||
|
try
|
|||
|
{
|
|||
|
NativeMcppMethods.AdjustServiceProcessSecurity();
|
|||
|
}
|
|||
|
catch (Win32Exception ex)
|
|||
|
{
|
|||
|
InfoCardService.Crash((Exception) ex);
|
|||
|
}
|
|||
|
this.ServiceName = "idsvc";
|
|||
|
this.CanStop = true;
|
|||
|
this.CanShutdown = true;
|
|||
|
this.CanPauseAndContinue = false;
|
|||
|
this.CanHandleSessionChangeEvent = true;
|
|||
|
this.CanHandlePowerEvent = false;
|
|||
|
this.AutoLog = true;
|
|||
|
this.m_rpcCallbacks.uiAgentRequestAuthorize = new RpcAuthorizeCallback(UIAgentRequest.Authorize);
|
|||
|
this.m_rpcCallbacks.uiAgentRequestBindToService = new RpcUIAgentBindToServiceCallback(UIAgentRequest.BindToService);
|
|||
|
this.m_rpcCallbacks.clientRequestAuthorize = new RpcAuthorizeCallback(ClientRequest.Authorize);
|
|||
|
this.m_rpcCallbacks.clientRequestBindToService = new RpcClientBindToServiceCallback(ClientUIRequest.BindToService);
|
|||
|
this.m_rpcCallbacks.requestFactoryProcessNewRequest = new RpcProcessNewRequestCallback(RequestFactory.ProcessNewRequest);
|
|||
|
this.m_rpcCallbacks.allocMem = new RpcAllocMemCallback(Marshal.AllocHGlobal);
|
|||
|
this.m_rpcCallbacks.freeMem = new RpcFreeMemCallback(Marshal.FreeHGlobal);
|
|||
|
this.m_rpcCallbacks.rundownClientContext = new RpcRundownClientContextHandle(ClientUIRequest.RemoveAndDisposeContextMapping);
|
|||
|
InfoCardService.LifeTimeMonitor = new LifeTimeMonitor();
|
|||
|
ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(InfoCardX509Validator.ValidateChainOrPeerCallback);
|
|||
|
}
|
|||
|
|
|||
|
protected override void Dispose(bool disposing) => base.Dispose(disposing);
|
|||
|
|
|||
|
protected override void OnStart(string[] args)
|
|||
|
{
|
|||
|
base.OnStart(args);
|
|||
|
AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);
|
|||
|
using (HGlobalSafeHandle hglobalSafeHandle = HGlobalSafeHandle.Construct(Marshal.SizeOf((object) this.m_rpcCallbacks)))
|
|||
|
{
|
|||
|
Marshal.StructureToPtr((object) this.m_rpcCallbacks, hglobalSafeHandle.DangerousGetHandle(), false);
|
|||
|
uint error = NativeMcppMethods.InfoCardStartRpcServerWrapper(InfoCardUIAgent.UiAgentFullPath, hglobalSafeHandle.DangerousGetHandle());
|
|||
|
if (error != 0U)
|
|||
|
throw InfoCardTrace.ThrowHelperError((Exception) new Win32Exception((int) error));
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
protected override void OnStop()
|
|||
|
{
|
|||
|
try
|
|||
|
{
|
|||
|
InfoCardUIAgent.DoShutdown();
|
|||
|
int num = (int) NativeMcppMethods.InfoCardStopRpcServerWrapper();
|
|||
|
this.OnStopping();
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
InfoCardTrace.TraceAndLogException(ex);
|
|||
|
}
|
|||
|
finally
|
|||
|
{
|
|||
|
base.OnStop();
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
protected virtual void OnStopping()
|
|||
|
{
|
|||
|
if (InfoCardService.Stopping == null)
|
|||
|
return;
|
|||
|
InfoCardService.Stopping((object) this, new EventArgs());
|
|||
|
}
|
|||
|
|
|||
|
protected override void OnSessionChange(SessionChangeDescription changeDescription)
|
|||
|
{
|
|||
|
if (SessionChangeReason.SessionLogoff != changeDescription.Reason)
|
|||
|
return;
|
|||
|
InfoCardUIAgent.OnLogout((uint) changeDescription.SessionId);
|
|||
|
}
|
|||
|
|
|||
|
public static void Crash() => InfoCardService.Crash((Exception) null);
|
|||
|
|
|||
|
public static void Crash(Exception e) => InfoCardTrace.FailFast(e.Message);
|
|||
|
}
|
|||
|
}
|