ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-19 09:56:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4b9382ddbc
MalwareSourceCode/MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-69bb73081eac86b8cf86f45e33515d0095855636967076e2b593d7a30cd80a07/Microsoft/InfoCards/Utility.cs

451 lines
16 KiB
C#
Raw Normal View History

auto-decompiled msil via petikvx add
2022-08-18 11:28:56 +00:00
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.Utility
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: 516D8B44-4448-4D2C-8B8E-FFBB3FFE472B
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Virus.Win32.Expiro.w-69bb73081eac86b8cf86f45e33515d0095855636967076e2b593d7a30cd80a07.exe
using Microsoft.InfoCards.Diagnostics;
using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.Collections.Generic;
using System.Collections.ObjectModel;
using System.ComponentModel;
using System.Diagnostics;
using System.IdentityModel.Tokens;
using System.IO;
using System.Net;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.Security.Principal;
using System.ServiceModel;
using System.ServiceModel.Channels;
using System.ServiceModel.Description;
using System.Text;
using System.Threading;
using System.Xml;
namespace Microsoft.InfoCards
{
internal static class Utility
{
public static WindowsIdentity GetWindowsIdentity(IntPtr rpcBindingHandle)
{
InfoCardTrace.ThrowInvalidArgumentConditional(IntPtr.Zero == rpcBindingHandle, nameof (rpcBindingHandle));
uint error = NativeMethods.RpcImpersonateClient(rpcBindingHandle);
if (error != 0U)
throw InfoCardTrace.ThrowHelperError((Exception) new CommunicationException(SR.GetString("ServiceInvalidCallerToken"), (Exception) new Win32Exception((int) error)));
try
{
return WindowsIdentity.GetCurrent(true);
}
finally
{
InfoCardTrace.Assert(0U == NativeMethods.RpcRevertToSelfEx(rpcBindingHandle), "rpcIdentity");
}
}
public static uint GetRpcClientPid(IntPtr rpcBindingHandle)
{
uint pid;
uint error = NativeMethods.I_RpcBindingInqLocalClientPID(rpcBindingHandle, out pid);
if (error != 0U)
throw InfoCardTrace.ThrowHelperError((Exception) new Win32Exception((int) error));
return pid;
}
public static void ClearUnsafeMemory(IntPtr ptr, int count) => NativeMethods.ZeroMemory(ptr, count);
public static void ThrowIfProcessExited(SafeWaitHandle processHandle)
{
using (AutoResetEvent autoResetEvent = new AutoResetEvent(false))
{
autoResetEvent.SafeWaitHandle = processHandle;
if (autoResetEvent.WaitOne(0, false))
throw InfoCardTrace.ThrowHelperError((Exception) new InvalidOperationException(SR.GetString("ServiceProcessHasExited")));
}
}
public static void SerializeString(BinaryWriter writer, string str)
{
int num = 0;
if (string.IsNullOrEmpty(str))
{
writer.Write(num);
}
else
{
writer.Write(str.Length);
writer.Write(str.ToCharArray());
}
}
public static void SerializeUri(BinaryWriter writer, Uri uri)
{
if ((Uri) null == uri)
Utility.SerializeString(writer, (string) null);
else
Utility.SerializeString(writer, uri.ToString());
}
public static void SerializeBytes(BinaryWriter writer, byte[] bytes)
{
int count = 0;
if (bytes != null)
count = bytes.Length;
Utility.SerializeBytes(writer, bytes, 0, count);
}
public static void SerializeBytes(
BinaryWriter writer,
byte[] bytes,
int startOffset,
int count)
{
int num = 0;
if (bytes == null)
{
writer.Write(num);
}
else
{
writer.Write(count);
writer.Write(bytes, startOffset, count);
}
}
public static string DeserializeString(BinaryReader reader) => new string(reader.ReadChars(reader.ReadInt32()));
public static Uri DeserializeUri(BinaryReader reader) => new Uri(Utility.DeserializeString(reader));
public static bool CompareUri(string first, string second)
{
try
{
return Utility.CompareUri(new Uri(first), new Uri(second));
}
catch (UriFormatException ex)
{
throw InfoCardTrace.ThrowHelperError((Exception) new InfoCardArgumentException(SR.GetString("InvalidUriFormat"), (Exception) ex));
}
}
public static bool CompareUri(Uri first, Uri second) => first == second;
public static bool ArrayIsNullOrEmpty(Array inArray) => inArray == null || inArray.Length == 0;
public static SafeWaitHandle GetLocalHandleFromRemoteHandle(
SafeWaitHandle hRemote,
int remotePid)
{
SafeWaitHandle targetHandle;
using (new SystemIdentity(false))
{
using (SafeNativeHandle sourceProcessHandle = NativeMethods.OpenProcess(64, false, remotePid))
{
if (sourceProcessHandle == null || sourceProcessHandle.IsInvalid)
throw InfoCardTrace.ThrowHelperError((Exception) new Win32Exception(Marshal.GetLastWin32Error()));
if (!NativeMethods.DuplicateHandle(sourceProcessHandle, hRemote, new SafeNativeHandle(NativeMethods.GetCurrentProcess(), false), out targetHandle, 2, false, 0))
{
int lastWin32Error = Marshal.GetLastWin32Error();
InfoCardTrace.CloseInvalidOutSafeHandle((SafeHandle) targetHandle);
throw InfoCardTrace.ThrowHelperError((Exception) new Win32Exception(lastWin32Error));
}
}
}
return targetHandle;
}
public static SafeWaitHandle GetRemoteHandleFromLocalHandle(
SafeWaitHandle hLocal,
Process remoteProcess)
{
SafeWaitHandle targetHandle = (SafeWaitHandle) null;
using (new SystemIdentity(false))
{
try
{
if (!NativeMethods.DuplicateHandle(new SafeNativeHandle(NativeMethods.GetCurrentProcess(), false), hLocal, new SafeNativeHandle(remoteProcess.Handle, false), out targetHandle, 1048578, false, 0))
throw InfoCardTrace.ThrowHelperError((Exception) new Win32Exception(Marshal.GetLastWin32Error()));
bool success = false;
targetHandle.DangerousAddRef(ref success);
}
catch (Exception ex)
{
if (InfoCardTrace.IsFatal(ex))
throw;
}
}
return targetHandle;
}
public static SafeJobHandle CreateJobObjectWithSdHelper(string trustedUserSid)
{
SafeJobHandle objectWithSdHelper = new SafeJobHandle();
RuntimeHelpers.PrepareConstrainedRegions();
try
{
}
finally
{
IntPtr zero = IntPtr.Zero;
uint jobObjectWithSd = NativeMcppMethods.CreateJobObjectWithSD(ref zero, trustedUserSid);
if (jobObjectWithSd != 0U)
throw InfoCardTrace.ThrowHelperError((Exception) new Win32Exception((int) jobObjectWithSd));
objectWithSdHelper.UpdateHandle(zero);
}
return objectWithSdHelper;
}
public static IntPtr ReadHandle(BinaryReader br)
{
IntPtr zero = IntPtr.Zero;
return 4 != IntPtr.Size ? (IntPtr) br.ReadInt64() : (IntPtr) br.ReadInt32();
}
public static byte[] CreateHash(byte[] firstArray, Uri cardId)
{
using (SHA256 shA256 = (SHA256) new SHA256Managed())
{
byte[] hash = shA256.ComputeHash(Encoding.Unicode.GetBytes(cardId.ToString()));
byte[] numArray = new byte[firstArray.Length + hash.Length];
Array.Copy((Array) firstArray, 0, (Array) numArray, 0, firstArray.Length);
Array.Copy((Array) hash, 0, (Array) numArray, firstArray.Length, hash.Length);
return shA256.ComputeHash(numArray);
}
}
public static byte[] CreateHash(byte[] firstArray, byte[] secondArray, byte[] thirdArray)
{
byte[] numArray = new byte[firstArray.Length + secondArray.Length + thirdArray.Length];
Array.Copy((Array) firstArray, 0, (Array) numArray, 0, firstArray.Length);
Array.Copy((Array) secondArray, 0, (Array) numArray, firstArray.Length, secondArray.Length);
Array.Copy((Array) thirdArray, 0, (Array) numArray, firstArray.Length + secondArray.Length, thirdArray.Length);
using (SHA256 shA256 = SHA256.Create())
return shA256.ComputeHash(numArray);
}
public static bool CompareByteArrays(byte[] arr1, byte[] arr2)
{
bool flag = true;
if (arr1 == null && arr2 == null)
return true;
if (arr1 == null || arr2 == null || arr1.Length != arr2.Length)
return false;
for (int index = 0; index < arr2.Length; ++index)
{
if ((int) arr1[index] != (int) arr2[index])
{
flag = false;
break;
}
}
return flag;
}
public static string ResolvePPID(
string input,
byte[] issuerIdentiferAsBytes,
StoreConnection connection)
{
string empty = string.Empty;
byte[] arr2 = Convert.FromBase64String(input);
ICollection collection = (ICollection) connection.Query(QueryDetails.FullRow, new List<QueryParameter>()
{
new QueryParameter("ix_objecttype", new object[1]
{
(object) 1
}),
new QueryParameter("ix_production_svc_uri", new object[1]
{
(object) "http://schemas.xmlsoap.org/ws/2005/05/identity/issuer/self"
})
}.ToArray());
if (collection != null && collection.Count > 0)
{
foreach (DataRow dataRow in (IEnumerable) collection)
{
byte[] dataField = dataRow.GetDataField();
try
{
using (MemoryStream memoryStream = new MemoryStream(dataField))
{
InfoCard infoCard = new InfoCard((Stream) memoryStream);
if (Utility.CompareByteArrays(Utility.CreateHash(issuerIdentiferAsBytes, infoCard.Id), arr2))
{
empty = infoCard.Id.ToString();
break;
}
}
}
finally
{
Array.Clear((Array) dataField, 0, dataField.Length);
}
}
}
return empty;
}
public static bool GetCertHAFlags(
X509Certificate2 certificate,
X509Certificate2Collection supportingCertificates,
ref Utility.SubjectAtrributeHAFlags certFlags)
{
int haFlags = 0;
X509Chain chain;
try
{
InfoCardX509Validator.ValidateChain(certificate, supportingCertificates, out chain);
}
catch (SecurityTokenValidationException ex)
{
InfoCardTrace.TraceAndLogException((Exception) ex);
return false;
}
InfoCardTrace.Assert(null != chain, "Should have been populated by ValidateChain");
bool highAssuranceFlags = NativeMcppMethods.GetHighAssuranceFlags(chain.ChainContext, ref haFlags);
certFlags = (Utility.SubjectAtrributeHAFlags) haFlags;
return !highAssuranceFlags || Utility.IsSubjectAtrributeHAFlagsSet(certFlags, Utility.SubjectAtrributeHAFlags.Enabled) ? highAssuranceFlags : throw InfoCardTrace.ThrowHelperError((Exception) new UntrustedRecipientException(SR.GetString("InvalidHACertificateStructure")));
}
public static bool IsSubjectAtrributeHAFlagsSet(
Utility.SubjectAtrributeHAFlags currentValue,
Utility.SubjectAtrributeHAFlags testFlag)
{
return (testFlag & currentValue) == testFlag;
}
public static int CalculateIncreaseByPercent(
int oldSize,
int alignToByteBoundary,
int percentIncrease)
{
uint uint32 = Convert.ToUInt32(alignToByteBoundary);
uint num = Convert.ToUInt32((1.0 + (double) percentIncrease / 100.0) * (double) oldSize);
if (num == 0U)
num = uint32;
else if (num % uint32 > 0U)
num += uint32 - num % uint32;
return Convert.ToInt32(num);
}
public static string CreatePpid(byte[] certIdentifierAsBytes, Uri cardId) => Convert.ToBase64String(Utility.CreateHash(certIdentifierAsBytes, cardId));
public static EndpointAddress DeriveMexAddress(EndpointAddress epr)
{
EndpointAddress endpointAddress = (EndpointAddress) null;
try
{
if ((XmlReader) epr.GetReaderAtMetadata() != null)
{
foreach (MetadataSection metadataSection in MetadataSet.ReadFrom((XmlReader) epr.GetReaderAtMetadata()).MetadataSections)
{
if (metadataSection.Metadata is MetadataReference && (EndpointAddress) null != ((MetadataReference) metadataSection.Metadata).Address && string.Compare(((MetadataReference) metadataSection.Metadata).Address.Uri.Scheme, "https", StringComparison.OrdinalIgnoreCase) == 0)
{
endpointAddress = ((MetadataReference) metadataSection.Metadata).Address;
break;
}
}
}
}
catch (Exception ex)
{
if (InfoCardTrace.IsFatal(ex))
throw;
}
return endpointAddress;
}
public static XmlDictionaryReader CreateReaderWithQuotas(string root)
{
byte[] bytes = new UTF8Encoding().GetBytes(root);
return XmlDictionaryReader.CreateTextReader(bytes, 0, bytes.GetLength(0), (Encoding) null, InfoCardConstants.DefaultQuotas, (OnXmlDictionaryReaderClose) null);
}
public static XmlDictionaryReader CreateReaderWithQuotas(Stream input) => XmlDictionaryReader.CreateTextReader(input, (Encoding) null, InfoCardConstants.DefaultQuotas, (OnXmlDictionaryReaderClose) null);
public static MemoryStream ReadByteStreamFromBase64(XmlReader reader)
{
MemoryStream memoryStream = new MemoryStream();
if (!reader.IsEmptyElement && reader.Read() && reader.NodeType != XmlNodeType.EndElement)
{
byte[] buffer = new byte[1024];
int count;
while ((count = reader.ReadContentAsBase64(buffer, 0, buffer.Length)) > 0)
memoryStream.Write(buffer, 0, count);
memoryStream.Flush();
memoryStream.Seek(0L, SeekOrigin.Begin);
}
return memoryStream;
}
public static BindingElementCollection UpdateProxyForHttpAndRestrictTransportBinding(
BindingElementCollection source,
IWebProxy proxy,
bool turnOffClientAuthOnTransport)
{
InfoCardTrace.Assert(null != source, "Do not expect a null bindingElementCollection");
if (source.Find<TransportBindingElement>() == null)
throw InfoCardTrace.ThrowHelperError((Exception) new UnsupportedPolicyOptionsException());
BindingElementCollection elementCollection = HttpProxyTransportBindingElement.ReplaceHttpTransportWithProxy(source, proxy, turnOffClientAuthOnTransport);
TransportBindingElement transportBindingElement = elementCollection.Find<TransportBindingElement>();
InfoCardTrace.Assert(null != transportBindingElement, "We ensured there is a TransportBindingElement at the start of this function");
transportBindingElement.MaxReceivedMessageSize = (long) InfoCardConstants.MaximumMessageSize;
switch (transportBindingElement)
{
case TcpTransportBindingElement _:
case HttpProxyTransportBindingElement _:
if (turnOffClientAuthOnTransport)
{
Collection<StreamUpgradeBindingElement> all = elementCollection.FindAll<StreamUpgradeBindingElement>();
InfoCardTrace.Assert(all != null && 1 >= all.Count, "Should not be null (even if empty) and there should be at most one StreamUpgradeBindingElement");
foreach (StreamUpgradeBindingElement upgradeBindingElement in all)
{
if (!(upgradeBindingElement is SslStreamSecurityBindingElement))
throw InfoCardTrace.ThrowHelperError((Exception) new UnsupportedPolicyOptionsException());
}
}
return elementCollection;
default:
InfoCardTrace.Assert(null == transportBindingElement as HttpTransportBindingElement, "Http(s)TransportBindingElement should have been replaced by HttpProxyTransportBindingElement above");
throw InfoCardTrace.ThrowHelperError((Exception) new UnsupportedPolicyOptionsException());
}
}
public static bool KillHelper(Process p)
{
bool flag = false;
if (!p.HasExited)
{
try
{
p.Kill();
flag = true;
}
catch (InvalidOperationException ex)
{
}
catch (Win32Exception ex)
{
if (5 != ex.NativeErrorCode)
throw ex;
}
}
return flag;
}
[System.Flags]
public enum SubjectAtrributeHAFlags
{
NotEnabled = 0,
Enabled = 1,
OrganizationHA = 2,
LocStateCountryHA = 4,
LogoHA = 8,
}
}
}
Reference in New Issue Copy Permalink