MalwareSourceCode/MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-67b630ead60119692b9abbdfd8717c96904ef041127c2cae033c86b718eaa61e/Microsoft/InfoCards/AccessibilityHelperForVista.cs

125 lines
4.8 KiB
C#
Raw Normal View History

2022-08-18 11:28:56 +00:00
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.AccessibilityHelperForVista
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Virus.Win32.Expiro.w-67b630ead60119692b9abbdfd8717c96904ef041127c2cae033c86b718eaa61e.exe
using Microsoft.InfoCards.Diagnostics;
using Microsoft.Win32;
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using System.Security.Principal;
namespace Microsoft.InfoCards
{
internal class AccessibilityHelperForVista : IAccessibilityHelper, IDisposable
{
private static readonly string systemPath = Environment.GetFolderPath(Environment.SpecialFolder.System);
private static readonly string progfilePath = Environment.GetFolderPath(Environment.SpecialFolder.CommonProgramFiles);
private static readonly string baseATPath = "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Accessibility\\ATs";
private static readonly string configPath = "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Accessibility\\Session";
private List<string> m_applicationList = new List<string>();
private ProcessManager m_manager;
private bool m_fResetConfigKey;
private int m_sessionId;
private bool m_fTabletPC;
public AccessibilityHelperForVista(bool fTabletPC)
{
this.m_fTabletPC = fTabletPC;
this.InitializeATAppData();
}
private void InitializeATAppData()
{
RegistryKey registryKey = Registry.LocalMachine.OpenSubKey(AccessibilityHelperForVista.baseATPath);
foreach (string subKeyName in registryKey.GetSubKeyNames())
{
string str = (string) registryKey.OpenSubKey(subKeyName).GetValue("ATExe");
if (!string.IsNullOrEmpty(str))
this.m_applicationList.Add(str);
}
}
void IAccessibilityHelper.Stop()
{
if (this.m_manager == null)
return;
this.m_manager.Dispose();
this.m_manager = (ProcessManager) null;
}
bool IAccessibilityHelper.RestartOnUsersDesktop(
uint userProcessId,
string userDesktop,
WindowsIdentity userIdentity)
{
InfoCardTrace.Assert(null == this.m_manager, "The AT applications must be terminated before they can be restarted");
if (!this.m_fResetConfigKey)
return false;
Registry.LocalMachine.OpenSubKey(AccessibilityHelperForVista.configPath + (object) this.m_sessionId, true).SetValue("Configuration", (object) "");
this.m_fResetConfigKey = false;
return true;
}
void IAccessibilityHelper.RestartOnInfoCardDesktop(
uint userATApplicationFlags,
SafeNativeHandle hTrustedUserToken,
ref string trustedUserSid,
string infocardDesktop,
int userSessionId,
uint userProcessId,
WindowsIdentity userIdentity)
{
using (new SystemIdentity(false))
{
InfoCardTrace.Assert(null == this.m_manager, "The AT applications are already started");
this.m_fResetConfigKey = false;
this.m_sessionId = userSessionId;
string str = userIdentity.User.Value;
for (int index = 0; index < this.m_applicationList.Count; ++index)
{
string application = this.m_applicationList[index];
Process[] processesByName = Process.GetProcessesByName(application.Substring(0, application.LastIndexOf('.')));
if (processesByName != null)
{
foreach (Process p in processesByName)
{
if (userSessionId == p.SessionId)
{
this.m_fResetConfigKey = true;
if (!Utility.KillHelper(p))
break;
break;
}
}
}
}
if (this.m_manager == null)
this.m_manager = new ProcessManager(userSessionId, trustedUserSid);
string fullPath1 = Path.Combine(AccessibilityHelperForVista.systemPath, "AtBroker.exe");
if (userATApplicationFlags != 0U)
{
bool fUseElevatedToken = false;
this.m_manager.AddProcess(hTrustedUserToken, ref trustedUserSid, infocardDesktop, userProcessId, userIdentity, fullPath1, "", fUseElevatedToken);
}
if (!this.m_fTabletPC)
return;
string fullPath2 = Path.Combine(AccessibilityHelperForVista.progfilePath, "microsoft shared\\ink\\tabtip.exe");
bool fUseElevatedToken1 = true;
this.m_manager.AddProcess(hTrustedUserToken, ref trustedUserSid, infocardDesktop, userProcessId, userIdentity, fullPath2, "/SeekDesktop:", fUseElevatedToken1);
}
}
public void Dispose()
{
if (this.m_manager == null)
return;
this.m_manager.Dispose();
this.m_manager = (ProcessManager) null;
}
}
}