mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2025-01-19 08:38:52 +00:00
252 lines
11 KiB
C#
252 lines
11 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
// Type: RegAsm.RegAsm
|
|||
|
// Assembly: RegAsm, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
|
|||
|
// MVID: 0D2001F8-49C5-49A7-BF2D-B8D87970A226
|
|||
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Sality.q-546c12c90ae93fcd5a74cdd328faf956effcec6da290a1b13f3f45331b4d58cd.exe
|
|||
|
|
|||
|
using RegCode;
|
|||
|
using System;
|
|||
|
using System.Globalization;
|
|||
|
using System.IO;
|
|||
|
using System.Runtime.InteropServices;
|
|||
|
using System.Security.Policy;
|
|||
|
using System.Text;
|
|||
|
|
|||
|
namespace RegAsm
|
|||
|
{
|
|||
|
public class RegAsm
|
|||
|
{
|
|||
|
private const string strDocStringPrefix = "";
|
|||
|
private const string strManagedTypeThreadingModel = "Both";
|
|||
|
private const string strClassesRootRegKey = "HKEY_CLASSES_ROOT";
|
|||
|
private const int SuccessReturnCode = 0;
|
|||
|
private const int ErrorReturnCode = 100;
|
|||
|
private const int MAX_PATH = 260;
|
|||
|
internal static RegAsmOptions s_Options = (RegAsmOptions) null;
|
|||
|
|
|||
|
public static int Main(string[] aArgs)
|
|||
|
{
|
|||
|
int ReturnCode = 0;
|
|||
|
if (!RegAsm.RegAsm.ParseArguments(aArgs, ref RegAsm.RegAsm.s_Options, ref ReturnCode))
|
|||
|
return ReturnCode;
|
|||
|
if (!RegAsm.RegAsm.s_Options.m_bSilentMode)
|
|||
|
RegAsm.RegAsm.PrintLogo();
|
|||
|
return RegAsm.RegAsm.Run();
|
|||
|
}
|
|||
|
|
|||
|
public static int Run()
|
|||
|
{
|
|||
|
int num = 0;
|
|||
|
try
|
|||
|
{
|
|||
|
string fullPath = Path.GetFullPath(RegAsm.RegAsm.s_Options.m_strAssemblyName);
|
|||
|
if (!File.Exists(fullPath))
|
|||
|
{
|
|||
|
StringBuilder buffer = new StringBuilder(261);
|
|||
|
if (RegAsm.RegAsm.SearchPath((string) null, RegAsm.RegAsm.s_Options.m_strAssemblyName, (string) null, buffer.Capacity + 1, buffer, (int[]) null) == 0)
|
|||
|
throw new ApplicationException(Resource.FormatString("Err_InputFileNotFound", (object) RegAsm.RegAsm.s_Options.m_strAssemblyName));
|
|||
|
RegAsm.RegAsm.s_Options.m_strAssemblyName = buffer.ToString();
|
|||
|
}
|
|||
|
else
|
|||
|
RegAsm.RegAsm.s_Options.m_strAssemblyName = fullPath;
|
|||
|
RegAsm.RegAsm.s_Options.m_strAssemblyName = new FileInfo(RegAsm.RegAsm.s_Options.m_strAssemblyName).FullName;
|
|||
|
if (RegAsm.RegAsm.s_Options.m_strRegFileName != null)
|
|||
|
RegAsm.RegAsm.s_Options.m_strRegFileName = new FileInfo(RegAsm.RegAsm.s_Options.m_strRegFileName).FullName;
|
|||
|
string directoryName = Path.GetDirectoryName(RegAsm.RegAsm.s_Options.m_strAssemblyName);
|
|||
|
if (RegAsm.RegAsm.s_Options.m_strTypeLibName != null)
|
|||
|
RegAsm.RegAsm.s_Options.m_strTypeLibName = !(Path.GetDirectoryName(RegAsm.RegAsm.s_Options.m_strTypeLibName) == "") ? new FileInfo(RegAsm.RegAsm.s_Options.m_strTypeLibName).FullName : Path.Combine(directoryName, RegAsm.RegAsm.s_Options.m_strTypeLibName);
|
|||
|
if (RegAsm.RegAsm.s_Options.m_bTypeLibSpecified)
|
|||
|
{
|
|||
|
if (RegAsm.RegAsm.s_Options.m_strTypeLibName == null)
|
|||
|
{
|
|||
|
RegAsm.RegAsm.s_Options.m_strTypeLibName = !RegAsm.RegAsm.ContainsEmbeddedTlb(RegAsm.RegAsm.s_Options.m_strAssemblyName) ? (RegAsm.RegAsm.s_Options.m_strAssemblyName.Length < 4 || string.Compare(RegAsm.RegAsm.s_Options.m_strAssemblyName.Substring(RegAsm.RegAsm.s_Options.m_strAssemblyName.Length - 4), ".dll", true, CultureInfo.InvariantCulture) != 0 && string.Compare(RegAsm.RegAsm.s_Options.m_strAssemblyName.Substring(RegAsm.RegAsm.s_Options.m_strAssemblyName.Length - 4), ".exe", true, CultureInfo.InvariantCulture) != 0 ? RegAsm.RegAsm.s_Options.m_strAssemblyName + ".tlb" : RegAsm.RegAsm.s_Options.m_strAssemblyName.Substring(0, RegAsm.RegAsm.s_Options.m_strAssemblyName.Length - 4) + ".tlb") : RegAsm.RegAsm.s_Options.m_strAssemblyName;
|
|||
|
if (!Directory.Exists(Path.GetDirectoryName(RegAsm.RegAsm.s_Options.m_strTypeLibName)))
|
|||
|
Directory.CreateDirectory(Path.GetDirectoryName(RegAsm.RegAsm.s_Options.m_strTypeLibName));
|
|||
|
}
|
|||
|
else
|
|||
|
{
|
|||
|
if (!Directory.Exists(Path.GetDirectoryName(RegAsm.RegAsm.s_Options.m_strTypeLibName)))
|
|||
|
Directory.CreateDirectory(Path.GetDirectoryName(RegAsm.RegAsm.s_Options.m_strTypeLibName));
|
|||
|
if (RegAsm.RegAsm.ContainsEmbeddedTlb(RegAsm.RegAsm.s_Options.m_strAssemblyName))
|
|||
|
throw new ApplicationException(Resource.FormatString("Err_TlbNameNotAllowedWithEmbedded"));
|
|||
|
}
|
|||
|
}
|
|||
|
if (RegAsm.RegAsm.s_Options.m_bRegFileSpecified && RegAsm.RegAsm.s_Options.m_strRegFileName == null)
|
|||
|
RegAsm.RegAsm.s_Options.m_strRegFileName = RegAsm.RegAsm.s_Options.m_strAssemblyName.Length < 4 || string.Compare(RegAsm.RegAsm.s_Options.m_strAssemblyName.Substring(RegAsm.RegAsm.s_Options.m_strAssemblyName.Length - 4), ".dll", true, CultureInfo.InvariantCulture) != 0 && string.Compare(RegAsm.RegAsm.s_Options.m_strAssemblyName.Substring(RegAsm.RegAsm.s_Options.m_strAssemblyName.Length - 4), ".exe", true, CultureInfo.InvariantCulture) != 0 ? RegAsm.RegAsm.s_Options.m_strAssemblyName + ".reg" : RegAsm.RegAsm.s_Options.m_strAssemblyName.Substring(0, RegAsm.RegAsm.s_Options.m_strAssemblyName.Length - 4) + ".reg";
|
|||
|
if (RegAsm.RegAsm.s_Options.m_bRegFileSpecified && !Directory.Exists(Path.GetDirectoryName(RegAsm.RegAsm.s_Options.m_strRegFileName)))
|
|||
|
Directory.CreateDirectory(Path.GetDirectoryName(RegAsm.RegAsm.s_Options.m_strRegFileName));
|
|||
|
string currentDirectory = Environment.CurrentDirectory;
|
|||
|
AppDomain domain = AppDomain.CreateDomain(nameof (RegAsm), (Evidence) null, new AppDomainSetup()
|
|||
|
{
|
|||
|
ApplicationBase = directoryName
|
|||
|
});
|
|||
|
if (domain == null)
|
|||
|
throw new ApplicationException(Resource.FormatString("Err_CannotCreateAppDomain"));
|
|||
|
string fullName = typeof (RemoteRegAsm).Assembly.GetName().FullName;
|
|||
|
RemoteRegAsm remoteRegAsm = (RemoteRegAsm) (domain.CreateInstance(fullName, "RegCode.RemoteRegAsm") ?? throw new ApplicationException(Resource.FormatString("Err_CannotCreateRemoteRegAsm"))).Unwrap();
|
|||
|
if (remoteRegAsm != null)
|
|||
|
num = remoteRegAsm.Run(RegAsm.RegAsm.s_Options);
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
RegAsm.RegAsm.WriteErrorMsg((string) null, ex);
|
|||
|
num = 100;
|
|||
|
}
|
|||
|
return num;
|
|||
|
}
|
|||
|
|
|||
|
private static bool ContainsEmbeddedTlb(string strFileName)
|
|||
|
{
|
|||
|
UCOMITypeLib TypeLib = (UCOMITypeLib) null;
|
|||
|
try
|
|||
|
{
|
|||
|
RegAsm.RegAsm.LoadTypeLibEx(RegAsm.RegAsm.s_Options.m_strAssemblyName, REGKIND.REGKIND_NONE, out TypeLib);
|
|||
|
}
|
|||
|
catch (Exception ex)
|
|||
|
{
|
|||
|
}
|
|||
|
return TypeLib != null;
|
|||
|
}
|
|||
|
|
|||
|
private static void WriteErrorMsg(string strPrefix, Exception e)
|
|||
|
{
|
|||
|
string str = "";
|
|||
|
if (strPrefix != null)
|
|||
|
str = strPrefix;
|
|||
|
Console.Error.WriteLine(Resource.FormatString("Msg_RegAsmErrorPrefix", e.Message == null ? (object) (str + ((object) e).GetType().ToString()) : (object) (str + e.Message)));
|
|||
|
}
|
|||
|
|
|||
|
private static void WriteErrorMsg(string strErrorMsg) => Console.Error.WriteLine(Resource.FormatString("Msg_RegAsmErrorPrefix", (object) strErrorMsg));
|
|||
|
|
|||
|
private static void WriteWarningMsg(string strErrorMsg) => Console.Error.WriteLine(Resource.FormatString("Msg_RegAsmWarningPrefix", (object) strErrorMsg));
|
|||
|
|
|||
|
private static bool ParseArguments(
|
|||
|
string[] aArgs,
|
|||
|
ref RegAsmOptions Options,
|
|||
|
ref int ReturnCode)
|
|||
|
{
|
|||
|
Options = new RegAsmOptions();
|
|||
|
CommandLine commandLine;
|
|||
|
try
|
|||
|
{
|
|||
|
commandLine = new CommandLine(aArgs, new string[10]
|
|||
|
{
|
|||
|
"+regfile",
|
|||
|
"+tlb",
|
|||
|
"unregister",
|
|||
|
"registered",
|
|||
|
"codebase",
|
|||
|
"nologo",
|
|||
|
"silent",
|
|||
|
"verbose",
|
|||
|
"?",
|
|||
|
"help"
|
|||
|
});
|
|||
|
}
|
|||
|
catch (ApplicationException ex)
|
|||
|
{
|
|||
|
RegAsm.RegAsm.PrintLogo();
|
|||
|
RegAsm.RegAsm.WriteErrorMsg((string) null, (Exception) ex);
|
|||
|
ReturnCode = 100;
|
|||
|
return false;
|
|||
|
}
|
|||
|
if (commandLine.NumArgs + commandLine.NumOpts < 1)
|
|||
|
{
|
|||
|
RegAsm.RegAsm.PrintUsage();
|
|||
|
ReturnCode = 0;
|
|||
|
return false;
|
|||
|
}
|
|||
|
Options.m_strAssemblyName = commandLine.GetNextArg();
|
|||
|
Option nextOption;
|
|||
|
while ((nextOption = commandLine.GetNextOption()) != null)
|
|||
|
{
|
|||
|
if (nextOption.Name.Equals("regfile"))
|
|||
|
{
|
|||
|
Options.m_strRegFileName = nextOption.Value;
|
|||
|
Options.m_bRegFileSpecified = true;
|
|||
|
}
|
|||
|
else if (nextOption.Name.Equals("tlb"))
|
|||
|
{
|
|||
|
Options.m_strTypeLibName = nextOption.Value;
|
|||
|
Options.m_bTypeLibSpecified = true;
|
|||
|
}
|
|||
|
else if (nextOption.Name.Equals("codebase"))
|
|||
|
Options.m_bSetCodeBase = true;
|
|||
|
else if (nextOption.Name.Equals("unregister"))
|
|||
|
Options.m_bRegister = false;
|
|||
|
else if (nextOption.Name.Equals("registered"))
|
|||
|
Options.m_Flags |= TypeLibExporterFlags.OnlyReferenceRegistered;
|
|||
|
else if (nextOption.Name.Equals("nologo"))
|
|||
|
Options.m_bNoLogo = true;
|
|||
|
else if (nextOption.Name.Equals("silent"))
|
|||
|
Options.m_bSilentMode = true;
|
|||
|
else if (nextOption.Name.Equals("verbose"))
|
|||
|
{
|
|||
|
Options.m_bVerboseMode = true;
|
|||
|
}
|
|||
|
else
|
|||
|
{
|
|||
|
if (nextOption.Name.Equals("?") || nextOption.Name.Equals("help"))
|
|||
|
{
|
|||
|
RegAsm.RegAsm.PrintUsage();
|
|||
|
ReturnCode = 0;
|
|||
|
return false;
|
|||
|
}
|
|||
|
RegAsm.RegAsm.PrintLogo();
|
|||
|
RegAsm.RegAsm.WriteErrorMsg(Resource.FormatString("Err_InvalidOption"));
|
|||
|
ReturnCode = 100;
|
|||
|
return false;
|
|||
|
}
|
|||
|
}
|
|||
|
if (!Options.m_bRegister && Options.m_bRegFileSpecified)
|
|||
|
{
|
|||
|
RegAsm.RegAsm.PrintLogo();
|
|||
|
RegAsm.RegAsm.WriteErrorMsg(Resource.FormatString("Err_CannotGenRegFileForUnregister"));
|
|||
|
ReturnCode = 100;
|
|||
|
return false;
|
|||
|
}
|
|||
|
if (Options.m_bTypeLibSpecified && Options.m_bRegFileSpecified)
|
|||
|
{
|
|||
|
RegAsm.RegAsm.PrintLogo();
|
|||
|
RegAsm.RegAsm.WriteErrorMsg(Resource.FormatString("Err_CannotGenRegFileAndExpTlb"));
|
|||
|
ReturnCode = 100;
|
|||
|
return false;
|
|||
|
}
|
|||
|
if (Options.m_strAssemblyName != null)
|
|||
|
return true;
|
|||
|
RegAsm.RegAsm.PrintLogo();
|
|||
|
RegAsm.RegAsm.WriteErrorMsg(Resource.FormatString("Err_NoInputFile"));
|
|||
|
ReturnCode = 100;
|
|||
|
return false;
|
|||
|
}
|
|||
|
|
|||
|
private static void PrintLogo()
|
|||
|
{
|
|||
|
if (RegAsm.RegAsm.s_Options.m_bNoLogo)
|
|||
|
return;
|
|||
|
Console.WriteLine(Resource.FormatString("Msg_Copyright", (object) "1.1.4322.573"));
|
|||
|
}
|
|||
|
|
|||
|
private static void PrintUsage()
|
|||
|
{
|
|||
|
RegAsm.RegAsm.PrintLogo();
|
|||
|
Console.WriteLine(Resource.FormatString("Msg_Usage"));
|
|||
|
}
|
|||
|
|
|||
|
[DllImport("kernel32.dll", CharSet = CharSet.Auto, SetLastError = true)]
|
|||
|
public static extern int SearchPath(
|
|||
|
string path,
|
|||
|
string fileName,
|
|||
|
string extension,
|
|||
|
int numBufferChars,
|
|||
|
StringBuilder buffer,
|
|||
|
int[] filePart);
|
|||
|
|
|||
|
[DllImport("oleaut32.dll", CharSet = CharSet.Unicode, PreserveSig = false)]
|
|||
|
private static extern void LoadTypeLibEx(
|
|||
|
string strTypeLibName,
|
|||
|
REGKIND regKind,
|
|||
|
out UCOMITypeLib TypeLib);
|
|||
|
}
|
|||
|
}
|