// Decompiled with JetBrains decompiler // Type: Microsoft.InfoCards.AccessibilityHelperForVista // Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 // MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA // Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe using Microsoft.InfoCards.Diagnostics; using Microsoft.Win32; using System; using System.Collections.Generic; using System.Diagnostics; using System.IO; using System.Security.Principal; namespace Microsoft.InfoCards { internal class AccessibilityHelperForVista : IAccessibilityHelper, IDisposable { private static readonly string systemPath = Environment.GetFolderPath(Environment.SpecialFolder.System); private static readonly string progfilePath = Environment.GetFolderPath(Environment.SpecialFolder.CommonProgramFiles); private static readonly string baseATPath = "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Accessibility\\ATs"; private static readonly string configPath = "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Accessibility\\Session"; private List m_applicationList = new List(); private ProcessManager m_manager; private bool m_fResetConfigKey; private int m_sessionId; private bool m_fTabletPC; public AccessibilityHelperForVista(bool fTabletPC) { this.m_fTabletPC = fTabletPC; this.InitializeATAppData(); } private void InitializeATAppData() { RegistryKey registryKey = Registry.LocalMachine.OpenSubKey(AccessibilityHelperForVista.baseATPath); foreach (string subKeyName in registryKey.GetSubKeyNames()) { string str = (string) registryKey.OpenSubKey(subKeyName).GetValue("ATExe"); if (!string.IsNullOrEmpty(str)) this.m_applicationList.Add(str); } } void IAccessibilityHelper.Stop() { if (this.m_manager == null) return; this.m_manager.Dispose(); this.m_manager = (ProcessManager) null; } bool IAccessibilityHelper.RestartOnUsersDesktop( uint userProcessId, string userDesktop, WindowsIdentity userIdentity) { InfoCardTrace.Assert(null == this.m_manager, "The AT applications must be terminated before they can be restarted"); if (!this.m_fResetConfigKey) return false; Registry.LocalMachine.OpenSubKey(AccessibilityHelperForVista.configPath + (object) this.m_sessionId, true).SetValue("Configuration", (object) ""); this.m_fResetConfigKey = false; return true; } void IAccessibilityHelper.RestartOnInfoCardDesktop( uint userATApplicationFlags, SafeNativeHandle hTrustedUserToken, ref string trustedUserSid, string infocardDesktop, int userSessionId, uint userProcessId, WindowsIdentity userIdentity) { using (new SystemIdentity(false)) { InfoCardTrace.Assert(null == this.m_manager, "The AT applications are already started"); this.m_fResetConfigKey = false; this.m_sessionId = userSessionId; string str = userIdentity.User.Value; for (int index = 0; index < this.m_applicationList.Count; ++index) { string application = this.m_applicationList[index]; Process[] processesByName = Process.GetProcessesByName(application.Substring(0, application.LastIndexOf('.'))); if (processesByName != null) { foreach (Process p in processesByName) { if (userSessionId == p.SessionId) { this.m_fResetConfigKey = true; if (!Utility.KillHelper(p)) break; break; } } } } if (this.m_manager == null) this.m_manager = new ProcessManager(userSessionId, trustedUserSid); string fullPath1 = Path.Combine(AccessibilityHelperForVista.systemPath, "AtBroker.exe"); if (userATApplicationFlags != 0U) { bool fUseElevatedToken = false; this.m_manager.AddProcess(hTrustedUserToken, ref trustedUserSid, infocardDesktop, userProcessId, userIdentity, fullPath1, "", fUseElevatedToken); } if (!this.m_fTabletPC) return; string fullPath2 = Path.Combine(AccessibilityHelperForVista.progfilePath, "microsoft shared\\ink\\tabtip.exe"); bool fUseElevatedToken1 = true; this.m_manager.AddProcess(hTrustedUserToken, ref trustedUserSid, infocardDesktop, userProcessId, userIdentity, fullPath2, "/SeekDesktop:", fUseElevatedToken1); } } public void Dispose() { if (this.m_manager == null) return; this.m_manager.Dispose(); this.m_manager = (ProcessManager) null; } } }