// Decompiled with JetBrains decompiler // Type: Microsoft.InfoCards.NativeMcppMethods // Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 // MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA // Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Virus.Win32.Expiro.w-67b630ead60119692b9abbdfd8717c96904ef041127c2cae033c86b718eaa61e.exe using \u003CCppImplementationDetails\u003E; using System; using System.ComponentModel; using System.Diagnostics; using System.IO; using System.Runtime.CompilerServices; using System.Runtime.InteropServices; using System.Security; using System.Security.Cryptography; using System.Security.Principal; namespace Microsoft.InfoCards { internal class NativeMcppMethods { private NativeMcppMethods() { } public static unsafe byte[] X931KeyGenWrapper( byte[] Xp1ByteArray, byte[] Xp2ByteArray, byte[] Xq1ByteArray, byte[] Xq2ByteArray, byte[] XpByteArray, byte[] XqByteArray, int publicExponent, ref KeyGenRestartCodes restartCode) { byte* numPtr = (byte*) 0; uint length1 = 0; byte[] destination = (byte[]) null; X931_restart_t x931RestartT = (X931_restart_t) 0; int length2 = Xp1ByteArray.Length; int length3 = XpByteArray.Length; \u003CModule\u003E.AssertInternal(true, (ushort*) &\u003CModule\u003E.\u003F\u003F_C\u0040_1EI\u0040FAPBOFLF\u0040\u003F\u0024AAX\u003F\u0024AAp\u003F\u0024AAq\u003F\u0024AA1\u003F\u0024AA2\u003F\u0024AAL\u003F\u0024AAe\u003F\u0024AAn\u003F\u0024AAg\u003F\u0024AAt\u003F\u0024AAh\u003F\u0024AA\u003F5\u003F\u0024AA\u003F\u0024DN\u003F\u0024AA\u003F\u0024DN\u003F\u0024AA\u003F5\u003F\u0024AAX\u003F\u0024AAp\u003F\u0024AA1\u003F\u0024AAB\u003F\u0024AAy\u003F\u0024AAt\u003F\u0024AAe\u003F\u0024AAA\u003F\u0024AAr\u003F\u0024AAr\u003F\u0024AAa\u003F\u0024AAy\u003F\u0024AA\u003F9\u003F\u0024AA\u003F\u0024DO\u003F\u0024AAL\u003F\u0024AAe\u003F\u0024AAn\u0040, (sbyte*) &\u003CModule\u003E.\u003F\u003F_C\u0040_0CE\u0040EGKBOGOO\u0040Microsoft\u003F2InfoCards\u003F2mcppwrapper\u003F4\u0040, 130, false); \u003CModule\u003E.AssertInternal(length2 == Xp2ByteArray.Length, (ushort*) &\u003CModule\u003E.\u003F\u003F_C\u0040_1EI\u0040BNBJOFNC\u0040\u003F\u0024AAX\u003F\u0024AAp\u003F\u0024AAq\u003F\u0024AA1\u003F\u0024AA2\u003F\u0024AAL\u003F\u0024AAe\u003F\u0024AAn\u003F\u0024AAg\u003F\u0024AAt\u003F\u0024AAh\u003F\u0024AA\u003F5\u003F\u0024AA\u003F\u0024DN\u003F\u0024AA\u003F\u0024DN\u003F\u0024AA\u003F5\u003F\u0024AAX\u003F\u0024AAp\u003F\u0024AA2\u003F\u0024AAB\u003F\u0024AAy\u003F\u0024AAt\u003F\u0024AAe\u003F\u0024AAA\u003F\u0024AAr\u003F\u0024AAr\u003F\u0024AAa\u003F\u0024AAy\u003F\u0024AA\u003F9\u003F\u0024AA\u003F\u0024DO\u003F\u0024AAL\u003F\u0024AAe\u003F\u0024AAn\u0040, (sbyte*) &\u003CModule\u003E.\u003F\u003F_C\u0040_0CE\u0040EGKBOGOO\u0040Microsoft\u003F2InfoCards\u003F2mcppwrapper\u003F4\u0040, 131, false); \u003CModule\u003E.AssertInternal(length2 == Xq1ByteArray.Length, (ushort*) &\u003CModule\u003E.\u003F\u003F_C\u0040_1EI\u0040PPLFHHPC\u0040\u003F\u0024AAX\u003F\u0024AAp\u003F\u0024AAq\u003F\u0024AA1\u003F\u0024AA2\u003F\u0024AAL\u003F\u0024AAe\u003F\u0024AAn\u003F\u0024AAg\u003F\u0024AAt\u003F\u0024AAh\u003F\u0024AA\u003F5\u003F\u0024AA\u003F\u0024DN\u003F\u0024AA\u003F\u0024DN\u003F\u0024AA\u003F5\u003F\u0024AAX\u003F\u0024AAq\u003F\u0024AA1\u003F\u0024AAB\u003F\u0024AAy\u003F\u0024AAt\u003F\u0024AAe\u003F\u0024AAA\u003F\u0024AAr\u003F\u0024AAr\u003F\u0024AAa\u003F\u0024AAy\u003F\u0024AA\u003F9\u003F\u0024AA\u003F\u0024DO\u003F\u0024AAL\u003F\u0024AAe\u003F\u0024AAn\u0040, (sbyte*) &\u003CModule\u003E.\u003F\u003F_C\u0040_0CE\u0040EGKBOGOO\u0040Microsoft\u003F2InfoCards\u003F2mcppwrapper\u003F4\u0040, 132, false); \u003CModule\u003E.AssertInternal(length2 == Xq2ByteArray.Length, (ushort*) &\u003CModule\u003E.\u003F\u003F_C\u0040_1EI\u0040LCFNHHJF\u0040\u003F\u0024AAX\u003F\u0024AAp\u003F\u0024AAq\u003F\u0024AA1\u003F\u0024AA2\u003F\u0024AAL\u003F\u0024AAe\u003F\u0024AAn\u003F\u0024AAg\u003F\u0024AAt\u003F\u0024AAh\u003F\u0024AA\u003F5\u003F\u0024AA\u003F\u0024DN\u003F\u0024AA\u003F\u0024DN\u003F\u0024AA\u003F5\u003F\u0024AAX\u003F\u0024AAq\u003F\u0024AA2\u003F\u0024AAB\u003F\u0024AAy\u003F\u0024AAt\u003F\u0024AAe\u003F\u0024AAA\u003F\u0024AAr\u003F\u0024AAr\u003F\u0024AAa\u003F\u0024AAy\u003F\u0024AA\u003F9\u003F\u0024AA\u003F\u0024DO\u003F\u0024AAL\u003F\u0024AAe\u003F\u0024AAn\u0040, (sbyte*) &\u003CModule\u003E.\u003F\u003F_C\u0040_0CE\u0040EGKBOGOO\u0040Microsoft\u003F2InfoCards\u003F2mcppwrapper\u003F4\u0040, 133, false); \u003CModule\u003E.AssertInternal(length3 == XpByteArray.Length, (ushort*) &\u003CModule\u003E.\u003F\u003F_C\u0040_1EC\u0040PNPIPOFH\u0040\u003F\u0024AAX\u003F\u0024AAp\u003F\u0024AAq\u003F\u0024AAL\u003F\u0024AAe\u003F\u0024AAn\u003F\u0024AAg\u003F\u0024AAt\u003F\u0024AAh\u003F\u0024AA\u003F5\u003F\u0024AA\u003F\u0024DN\u003F\u0024AA\u003F\u0024DN\u003F\u0024AA\u003F5\u003F\u0024AAX\u003F\u0024AAp\u003F\u0024AAB\u003F\u0024AAy\u003F\u0024AAt\u003F\u0024AAe\u003F\u0024AAA\u003F\u0024AAr\u003F\u0024AAr\u003F\u0024AAa\u003F\u0024AAy\u003F\u0024AA\u003F9\u003F\u0024AA\u003F\u0024DO\u003F\u0024AAL\u003F\u0024AAe\u003F\u0024AAn\u003F\u0024AAg\u003F\u0024AAt\u003F\u0024AAh\u0040, (sbyte*) &\u003CModule\u003E.\u003F\u003F_C\u0040_0CE\u0040EGKBOGOO\u0040Microsoft\u003F2InfoCards\u003F2mcppwrapper\u003F4\u0040, 134, false); \u003CModule\u003E.AssertInternal(length3 == XqByteArray.Length, (ushort*) &\u003CModule\u003E.\u003F\u003F_C\u0040_1EC\u0040HAHAADLF\u0040\u003F\u0024AAX\u003F\u0024AAp\u003F\u0024AAq\u003F\u0024AAL\u003F\u0024AAe\u003F\u0024AAn\u003F\u0024AAg\u003F\u0024AAt\u003F\u0024AAh\u003F\u0024AA\u003F5\u003F\u0024AA\u003F\u0024DN\u003F\u0024AA\u003F\u0024DN\u003F\u0024AA\u003F5\u003F\u0024AAX\u003F\u0024AAq\u003F\u0024AAB\u003F\u0024AAy\u003F\u0024AAt\u003F\u0024AAe\u003F\u0024AAA\u003F\u0024AAr\u003F\u0024AAr\u003F\u0024AAa\u003F\u0024AAy\u003F\u0024AA\u003F9\u003F\u0024AA\u003F\u0024DO\u003F\u0024AAL\u003F\u0024AAe\u003F\u0024AAn\u003F\u0024AAg\u003F\u0024AAt\u003F\u0024AAh\u0040, (sbyte*) &\u003CModule\u003E.\u003F\u003F_C\u0040_0CE\u0040EGKBOGOO\u0040Microsoft\u003F2InfoCards\u003F2mcppwrapper\u003F4\u0040, 135, false); IntPtr num1 = IntPtr.Zero; IntPtr num2 = IntPtr.Zero; IntPtr num3 = IntPtr.Zero; IntPtr num4 = IntPtr.Zero; IntPtr num5 = IntPtr.Zero; IntPtr num6 = IntPtr.Zero; RuntimeHelpers.PrepareConstrainedRegions(); try { num1 = Marshal.AllocHGlobal(length2); num2 = Marshal.AllocHGlobal(length2); num3 = Marshal.AllocHGlobal(length2); num4 = Marshal.AllocHGlobal(length2); num5 = Marshal.AllocHGlobal(length3); num6 = Marshal.AllocHGlobal(length3); Marshal.Copy(Xp1ByteArray, 0, num1, length2); Marshal.Copy(Xp2ByteArray, 0, num2, length2); Marshal.Copy(Xq1ByteArray, 0, num3, length2); Marshal.Copy(Xq2ByteArray, 0, num4, length2); Marshal.Copy(XpByteArray, 0, num5, length3); Marshal.Copy(XqByteArray, 0, num6, length3); int error = \u003CModule\u003E.InfoCardKeyGenX931((uint) length2, (byte*) num1.ToPointer(), (byte*) num2.ToPointer(), (byte*) num3.ToPointer(), (byte*) num4.ToPointer(), (uint) length3, (byte*) num5.ToPointer(), (byte*) num6.ToPointer(), (uint) publicExponent, &numPtr, &length1, &x931RestartT); restartCode = (KeyGenRestartCodes) x931RestartT; if (0 == error) { try { if (KeyGenRestartCodes.X931RestartNone == restartCode) { \u003CModule\u003E.AssertInternal(0U != length1, (ushort*) &\u003CModule\u003E.\u003F\u003F_C\u0040_1CE\u0040MDDMNBFC\u0040\u003F\u0024AA0\u003F\u0024AA\u003F5\u003F\u0024AA\u003F\u0024CB\u003F\u0024AA\u003F\u0024DN\u003F\u0024AA\u003F5\u003F\u0024AAc\u003F\u0024AAb\u003F\u0024AAC\u003F\u0024AAr\u003F\u0024AAy\u003F\u0024AAp\u003F\u0024AAt\u003F\u0024AAo\u003F\u0024AAB\u003F\u0024AAl\u003F\u0024AAo\u003F\u0024AAb\u003F\u0024AA\u003F\u0024AA\u0040, (sbyte*) &\u003CModule\u003E.\u003F\u003F_C\u0040_0CE\u0040EGKBOGOO\u0040Microsoft\u003F2InfoCards\u003F2mcppwrapper\u003F4\u0040, 194, false); destination = new byte[(int) length1]; Marshal.Copy(new IntPtr((void*) numPtr), destination, 0, (int) length1); } else \u003CModule\u003E.AssertInternal(0U == length1, (ushort*) &\u003CModule\u003E.\u003F\u003F_C\u0040_1CE\u0040EMPLJBMF\u0040\u003F\u0024AA0\u003F\u0024AA\u003F5\u003F\u0024AA\u003F\u0024DN\u003F\u0024AA\u003F\u0024DN\u003F\u0024AA\u003F5\u003F\u0024AAc\u003F\u0024AAb\u003F\u0024AAC\u003F\u0024AAr\u003F\u0024AAy\u003F\u0024AAp\u003F\u0024AAt\u003F\u0024AAo\u003F\u0024AAB\u003F\u0024AAl\u003F\u0024AAo\u003F\u0024AAb\u003F\u0024AA\u003F\u0024AA\u0040, (sbyte*) &\u003CModule\u003E.\u003F\u003F_C\u0040_0CE\u0040EGKBOGOO\u0040Microsoft\u003F2InfoCards\u003F2mcppwrapper\u003F4\u0040, 204, false); } finally { \u003CModule\u003E.InfoCardKeyGenZeroAndFree(numPtr, length1); } return destination; } \u003CModule\u003E.AssertInternal(0U == length1, (ushort*) &\u003CModule\u003E.\u003F\u003F_C\u0040_1CE\u0040EMPLJBMF\u0040\u003F\u0024AA0\u003F\u0024AA\u003F5\u003F\u0024AA\u003F\u0024DN\u003F\u0024AA\u003F\u0024DN\u003F\u0024AA\u003F5\u003F\u0024AAc\u003F\u0024AAb\u003F\u0024AAC\u003F\u0024AAr\u003F\u0024AAy\u003F\u0024AAp\u003F\u0024AAt\u003F\u0024AAo\u003F\u0024AAB\u003F\u0024AAl\u003F\u0024AAo\u003F\u0024AAb\u003F\u0024AA\u003F\u0024AA\u0040, (sbyte*) &\u003CModule\u003E.\u003F\u003F_C\u0040_0CE\u0040EGKBOGOO\u0040Microsoft\u003F2InfoCards\u003F2mcppwrapper\u003F4\u0040, 219, false); throw new Win32Exception(error); } finally { if (IntPtr.Zero != num1) { uint num7 = (uint) length2; sbyte* pointer = (sbyte*) num1.ToPointer(); if (length2 != 0) { do { *pointer = (sbyte) 0; ++pointer; --num7; } while (num7 != 0U); } Marshal.FreeHGlobal(num1); } if (IntPtr.Zero != num2) { uint num8 = (uint) length2; sbyte* pointer = (sbyte*) num2.ToPointer(); if (length2 != 0) { do { *pointer = (sbyte) 0; ++pointer; --num8; } while (num8 != 0U); } Marshal.FreeHGlobal(num2); } if (IntPtr.Zero != num3) { uint num9 = (uint) length2; sbyte* pointer = (sbyte*) num3.ToPointer(); if (length2 != 0) { do { *pointer = (sbyte) 0; ++pointer; --num9; } while (num9 != 0U); } Marshal.FreeHGlobal(num3); } if (IntPtr.Zero != num4) { uint num10 = (uint) length2; sbyte* pointer = (sbyte*) num4.ToPointer(); if (length2 != 0) { do { *pointer = (sbyte) 0; ++pointer; --num10; } while (num10 != 0U); } Marshal.FreeHGlobal(num4); } if (IntPtr.Zero != num5) { uint num11 = (uint) length3; sbyte* pointer = (sbyte*) num5.ToPointer(); if (length3 != 0) { do { *pointer = (sbyte) 0; ++pointer; --num11; } while (num11 != 0U); } Marshal.FreeHGlobal(num5); } if (IntPtr.Zero != num6) { uint num12 = (uint) length3; sbyte* pointer = (sbyte*) num6.ToPointer(); if (length3 != 0) { do { *pointer = (sbyte) 0; ++pointer; --num12; } while (num12 != 0U); } Marshal.FreeHGlobal(num6); } } } public static unsafe uint InfoCardStartRpcServerWrapper( string uiAgentFullPath, IntPtr rpcCallbacks) { IntPtr hglobal = IntPtr.Zero; try { hglobal = Marshal.StringToHGlobalUni(uiAgentFullPath); return \u003CModule\u003E.InfoCardStartRpcServer((ushort*) hglobal.ToPointer(), (_RPCCALLBACKS*) rpcCallbacks.ToPointer()); } finally { if (IntPtr.Zero != hglobal) { Marshal.FreeHGlobal(hglobal); IntPtr zero = IntPtr.Zero; } } } public static uint InfoCardStopRpcServerWrapper() => \u003CModule\u003E.InfoCardStopRpcServer(); public static uint AdjustPrivilegesWrapper([MarshalAs(UnmanagedType.U1)] bool isTabletPC) => \u003CModule\u003E.AdjustPrivileges(isTabletPC); public static unsafe uint CreateAndWaitForFileOpenDialogWrapper( string arguments, WindowsIdentity callerIdentity, uint userProcessPid, ref string fileName) { uint openDialogWrapper = 0; IntPtr hglobal1 = IntPtr.Zero; IntPtr hglobal2 = IntPtr.Zero; try { hglobal1 = Marshal.StringToHGlobalUni(arguments); hglobal2 = Marshal.StringToHGlobalUni(callerIdentity.Name); \u0024ArrayType\u0024\u0024\u0024BY0BAE\u0040G arrayTypeBy0BaeG; // ISSUE: cast to a reference type // ISSUE: explicit reference operation ^(short&) ref arrayTypeBy0BaeG = (short) 0; // ISSUE: cast to a reference type // ISSUE: initblk instruction __memset((\u0024ArrayType\u0024\u0024\u0024BY0BAE\u0040G&) ((IntPtr) &arrayTypeBy0BaeG + 2), 0, 518); IntPtr token = callerIdentity.Token; openDialogWrapper = \u003CModule\u003E.CreateAndWaitForFileOpenDialog((ushort*) hglobal1.ToPointer(), token.ToPointer(), userProcessPid, (ushort*) hglobal2.ToPointer(), (ushort*) &arrayTypeBy0BaeG); fileName = 0U != openDialogWrapper ? "" : new string((char*) &arrayTypeBy0BaeG); } finally { if (IntPtr.Zero != hglobal2) { Marshal.FreeHGlobal(hglobal2); IntPtr zero = IntPtr.Zero; } if (IntPtr.Zero != hglobal1) { Marshal.FreeHGlobal(hglobal1); IntPtr zero = IntPtr.Zero; } } return openDialogWrapper; } [return: MarshalAs(UnmanagedType.U1)] public static unsafe bool DnsNameCompareWrapper(string dnsName1, string dnsName2) { IntPtr hglobal1 = IntPtr.Zero; IntPtr hglobal2 = IntPtr.Zero; int num = 0; try { hglobal1 = Marshal.StringToHGlobalUni(dnsName1); hglobal2 = Marshal.StringToHGlobalUni(dnsName2); num = \u003CModule\u003E.DnsNameCompare_W((ushort*) hglobal1.ToPointer(), (ushort*) hglobal2.ToPointer()); } finally { if (IntPtr.Zero != hglobal1) { Marshal.FreeHGlobal(hglobal1); IntPtr zero = IntPtr.Zero; } if (IntPtr.Zero != hglobal2) { Marshal.FreeHGlobal(hglobal2); IntPtr zero = IntPtr.Zero; } } return 0 != num; } public static unsafe uint CreateProcessAsUserHelperWrapper( string application, string commandLine, uint userProcessPid, string desktop, string userName, ref int pid) { uint userHelperWrapper = 0; IntPtr hglobal1 = IntPtr.Zero; IntPtr hglobal2 = IntPtr.Zero; IntPtr hglobal3 = IntPtr.Zero; IntPtr hglobal4 = IntPtr.Zero; void* voidPtr = (void*) 0; try { hglobal1 = Marshal.StringToHGlobalUni(application); hglobal2 = Marshal.StringToHGlobalUni(commandLine); hglobal3 = Marshal.StringToHGlobalUni(desktop); hglobal4 = Marshal.StringToHGlobalUni(userName); uint num = 0; userHelperWrapper = \u003CModule\u003E.CreateProcessAsUserHelper((ushort*) hglobal1.ToPointer(), (ushort*) hglobal2.ToPointer(), userProcessPid, (ushort*) hglobal3.ToPointer(), (ushort*) hglobal4.ToPointer(), &voidPtr, &num); pid = (int) num; } finally { if (IntPtr.Zero != hglobal1) { Marshal.FreeHGlobal(hglobal1); IntPtr zero = IntPtr.Zero; } if (IntPtr.Zero != hglobal2) { Marshal.FreeHGlobal(hglobal2); IntPtr zero = IntPtr.Zero; } if (IntPtr.Zero != hglobal3) { Marshal.FreeHGlobal(hglobal3); IntPtr zero = IntPtr.Zero; } if (IntPtr.Zero != hglobal4) { Marshal.FreeHGlobal(hglobal4); IntPtr zero = IntPtr.Zero; } if (IntPtr.Zero != (IntPtr) voidPtr) \u003CModule\u003E.CloseHandle(voidPtr); } return userHelperWrapper; } public static unsafe string GetLocalDataPath(WindowsIdentity identity) { \u0024ArrayType\u0024\u0024\u0024BY0BAE\u0040G arrayTypeBy0BaeG; // ISSUE: initblk instruction __memset(ref arrayTypeBy0BaeG, 0, 520); int folderPathW = \u003CModule\u003E.SHGetFolderPathW((HWND__*) 0, 28, identity.Token.ToPointer(), 0U, (ushort*) &arrayTypeBy0BaeG); if (folderPathW < 0) throw new Win32Exception(folderPathW); return new string((char*) &arrayTypeBy0BaeG); } public static unsafe WindowsIdentity CreateServiceExecutionIdentity( Process callingProcess) { WindowsIdentity identity = (WindowsIdentity) null; void* voidPtr = (void*) 0; RuntimeHelpers.PrepareConstrainedRegions(); try { } finally { if (\u003CModule\u003E.OpenProcessToken(callingProcess.Handle.ToPointer(), 14U, &voidPtr) == 0) throw new Win32Exception((int) \u003CModule\u003E.GetLastError()); try { identity = new WindowsIdentity(new IntPtr(voidPtr)); if (NativeMcppMethods.IsLowIntegrityIdentity(identity)) identity = NativeMcppMethods.CreateMediumIntegrityIdentity(identity); } finally { \u003CModule\u003E.CloseHandle(voidPtr); } } return identity; } [return: MarshalAs(UnmanagedType.U1)] public static unsafe bool IsTokenValid(Process callingProcess) { void* voidPtr = (void*) 0; if (\u003CModule\u003E.OpenProcessToken(callingProcess.Handle.ToPointer(), 14U, &voidPtr) == 0) throw new Win32Exception((int) \u003CModule\u003E.GetLastError()); try { _TOKEN_STATISTICS tokenStatistics; // ISSUE: cast to a reference type // ISSUE: explicit reference operation ^(int&) ref tokenStatistics = 0; // ISSUE: cast to a reference type // ISSUE: initblk instruction __memset((_TOKEN_STATISTICS&) ((IntPtr) &tokenStatistics + 4), 0, 52); uint num1 = 0; if (\u003CModule\u003E.GetTokenInformation(voidPtr, (_TOKEN_INFORMATION_CLASS) 10, (void*) &tokenStatistics, 56U, &num1) == 0) throw new Win32Exception((int) \u003CModule\u003E.GetLastError()); _SECURITY_LOGON_SESSION_DATA* logonSessionDataPtr = (_SECURITY_LOGON_SESSION_DATA*) 0; if (0 != \u003CModule\u003E.LsaGetLogonSessionData((_LUID*) ((IntPtr) &tokenStatistics + 8), &logonSessionDataPtr)) throw new Win32Exception((int) \u003CModule\u003E.GetLastError()); uint num2 = (uint) *(int*) ((IntPtr) logonSessionDataPtr + 36); \u003CModule\u003E.LsaFreeReturnBuffer((void*) logonSessionDataPtr); return 9U != num2; } finally { \u003CModule\u003E.CloseHandle(voidPtr); } } public static unsafe uint CreateProcessAsTrustedUserWrapper( string application, string commandLine, uint userProcessPid, string pDesktop, string pUserName, uint userSessionId, ref IntPtr trustedUserToken, ref IntPtr processHandle, ref int pid, IntPtr jobHandle, ref string trustedUserSid, [MarshalAs(UnmanagedType.U1)] bool fElevateToken) { uint trustedUserWrapper = 0; IntPtr hglobal1 = IntPtr.Zero; IntPtr hglobal2 = IntPtr.Zero; IntPtr hglobal3 = IntPtr.Zero; IntPtr hglobal4 = IntPtr.Zero; IntPtr hglobal5 = IntPtr.Zero; void* voidPtr1 = (void*) 0; void* voidPtr2 = (void*) 0; try { hglobal1 = Marshal.StringToHGlobalUni(application); hglobal2 = Marshal.StringToHGlobalUni(commandLine); hglobal3 = Marshal.StringToHGlobalUni(pDesktop); hglobal4 = Marshal.StringToHGlobalUni(pUserName); uint num1 = 0; void* voidPtr3 = (void*) 0; void* hCurrentToken = (void*) 0; void* voidPtr4 = (void*) 0; if (IntPtr.Zero != trustedUserToken) hCurrentToken = trustedUserToken.ToPointer(); if (IntPtr.Zero != jobHandle) voidPtr4 = jobHandle.ToPointer(); if (!string.IsNullOrEmpty(trustedUserSid)) { hglobal5 = Marshal.StringToHGlobalUni(trustedUserSid); if (0 == \u003CModule\u003E.ConvertStringSidToSidW((ushort*) hglobal5.ToPointer(), &voidPtr1)) trustedUserWrapper = \u003CModule\u003E.GetLastError(); } if (fElevateToken) { voidPtr2 = NativeMcppMethods.CreateHighIntegrityToken(hCurrentToken); \u003CModule\u003E.AssertInternal((IntPtr) voidPtr2 != IntPtr.Zero, (ushort*) &\u003CModule\u003E.\u003F\u003F_C\u0040_1BO\u0040IGNPGJKB\u0040\u003F\u0024AAh\u003F\u0024AAE\u003F\u0024AAl\u003F\u0024AAe\u003F\u0024AAv\u003F\u0024AAa\u003F\u0024AAt\u003F\u0024AAe\u003F\u0024AAd\u003F\u0024AAT\u003F\u0024AAo\u003F\u0024AAk\u003F\u0024AAe\u003F\u0024AAn\u003F\u0024AA\u003F\u0024AA\u0040, (sbyte*) &\u003CModule\u003E.\u003F\u003F_C\u0040_0CE\u0040EGKBOGOO\u0040Microsoft\u003F2InfoCards\u003F2mcppwrapper\u003F4\u0040, 722, false); } if (0U == trustedUserWrapper) { void** voidPtr5 = (IntPtr) voidPtr2 == IntPtr.Zero ? &hCurrentToken : &voidPtr2; trustedUserWrapper = \u003CModule\u003E.CreateProcessAsTrustedUser((ushort*) hglobal1.ToPointer(), (ushort*) hglobal2.ToPointer(), userProcessPid, (ushort*) hglobal3.ToPointer(), (ushort*) hglobal4.ToPointer(), userSessionId, voidPtr5, &voidPtr3, &num1, voidPtr4, &voidPtr1); if (0U == trustedUserWrapper) { IntPtr num2 = new IntPtr(voidPtr3); processHandle = num2; IntPtr num3 = new IntPtr(hCurrentToken); trustedUserToken = num3; pid = (int) num1; } } } finally { if (IntPtr.Zero != hglobal1) { Marshal.FreeHGlobal(hglobal1); IntPtr zero = IntPtr.Zero; } if (IntPtr.Zero != hglobal2) { Marshal.FreeHGlobal(hglobal2); IntPtr zero = IntPtr.Zero; } if (IntPtr.Zero != hglobal3) { Marshal.FreeHGlobal(hglobal3); IntPtr zero = IntPtr.Zero; } if (IntPtr.Zero != hglobal4) { Marshal.FreeHGlobal(hglobal4); IntPtr zero = IntPtr.Zero; } if (IntPtr.Zero != hglobal5) { Marshal.FreeHGlobal(hglobal5); IntPtr zero = IntPtr.Zero; } if (IntPtr.Zero != (IntPtr) voidPtr1) { ushort* numPtr = (ushort*) 0; if (string.IsNullOrEmpty(trustedUserSid) && \u003CModule\u003E.ConvertSidToStringSidW(voidPtr1, &numPtr) != 0) { IntPtr ptr = new IntPtr((void*) numPtr); trustedUserSid = Marshal.PtrToStringUni(ptr); } \u003CModule\u003E.LocalFree(voidPtr1); } if (IntPtr.Zero != (IntPtr) voidPtr2) \u003CModule\u003E.CloseHandle(voidPtr2); } return trustedUserWrapper; } public static unsafe uint CreateJobObjectWithSD(ref IntPtr jobHandle, string trustedUserSid) { uint jobObjectWithSd = 0; IntPtr hglobal = IntPtr.Zero; void* voidPtr1 = (void*) 0; void* voidPtr2 = (void*) 0; try { if (!string.IsNullOrEmpty(trustedUserSid)) { hglobal = Marshal.StringToHGlobalUni(trustedUserSid); if (0 == \u003CModule\u003E.ConvertStringSidToSidW((ushort*) hglobal.ToPointer(), &voidPtr1)) { jobObjectWithSd = \u003CModule\u003E.GetLastError(); if (0U != jobObjectWithSd) goto label_11; } } jobObjectWithSd = \u003CModule\u003E.CreateJobObjectHelper(&voidPtr2, voidPtr1); if (0U == jobObjectWithSd) { IntPtr num = new IntPtr(voidPtr2); jobHandle = num; } } finally { if (IntPtr.Zero != hglobal) { Marshal.FreeHGlobal(hglobal); IntPtr zero = IntPtr.Zero; } if (IntPtr.Zero != (IntPtr) voidPtr1) \u003CModule\u003E.LocalFree(voidPtr1); } label_11: return jobObjectWithSd; } public static unsafe IntPtr RpcCryptoOpen(string portName) { string s = (string) null; IntPtr hglobal1 = IntPtr.Zero; IntPtr hglobal2 = IntPtr.Zero; void* voidPtr = (void*) 0; ushort* numPtr = (ushort*) 0; try { hglobal1 = Marshal.StringToHGlobalUni(portName); int error1 = \u003CModule\u003E.RpcStringBindingComposeW((ushort*) 0, \u003CModule\u003E.g_lrpcProtocolSequence, (ushort*) 0, (ushort*) hglobal1.ToPointer(), (ushort*) 0, &numPtr); if (0 != error1) throw new Win32Exception(error1); int error2 = \u003CModule\u003E.RpcBindingFromStringBindingW(numPtr, &voidPtr); if (0 != error2) throw new Win32Exception(error2); hglobal2 = Marshal.StringToHGlobalUni(s); int error3 = \u003CModule\u003E.RpcBindingSetAuthInfoW(voidPtr, (ushort*) 0, 6U, 10U, (void*) 0, 0U); if (0 != error3) throw new Win32Exception(error3); return new IntPtr(voidPtr); } catch (SEHException ex) { throw new Win32Exception(-2147467259); } finally { if (IntPtr.Zero != (IntPtr) numPtr) \u003CModule\u003E.RpcStringFreeW(&numPtr); if (IntPtr.Zero != hglobal1) { Marshal.FreeHGlobal(hglobal1); IntPtr zero = IntPtr.Zero; } if (IntPtr.Zero != hglobal2) Marshal.FreeHGlobal(hglobal2); } } public static unsafe void RpcCryptoClose(IntPtr hIdl, string contextKey) { IntPtr hglobal = IntPtr.Zero; try { hglobal = Marshal.StringToHGlobalUni(contextKey); \u003CModule\u003E.RpcCryptoCloseContext(hIdl.ToPointer(), (ushort*) hglobal.ToPointer()); \u003CModule\u003E.RpcBindingFree(&hIdl.ToPointer()); } catch (SEHException ex) { throw new Win32Exception(-2147467259); } finally { if (IntPtr.Zero != hglobal) { Marshal.FreeHGlobal(hglobal); IntPtr zero = IntPtr.Zero; } } } public static unsafe byte[] RpcCryptoDispatchRequest( IntPtr hIdl, string contextKey, string requestName, byte[] buffer, int index, int length) { IntPtr hglobal1 = IntPtr.Zero; IntPtr hglobal2 = IntPtr.Zero; IntPtr hglobal3 = IntPtr.Zero; _RPC_REQUEST rpcRequest; // ISSUE: initblk instruction __memset(ref rpcRequest, 0, 12); _RPC_RESPONSE* rpcResponsePtr1 = (_RPC_RESPONSE*) 0; try { hglobal2 = Marshal.StringToHGlobalUni(contextKey); hglobal1 = Marshal.StringToHGlobalUni(requestName); IntPtr destination1 = Marshal.AllocHGlobal(length); hglobal3 = destination1; Marshal.Copy(buffer, 0, destination1, length); // ISSUE: cast to a reference type // ISSUE: explicit reference operation ^(int&) ((IntPtr) &rpcRequest + 8) = (int) hglobal3.ToPointer(); // ISSUE: cast to a reference type // ISSUE: explicit reference operation ^(int&) ((IntPtr) &rpcRequest + 4) = length; // ISSUE: cast to a reference type // ISSUE: explicit reference operation ^(int&) ref rpcRequest = (int) hglobal1.ToPointer(); int error = \u003CModule\u003E.RpcCryptoDispatchRequest(hIdl.ToPointer(), (ushort*) hglobal2.ToPointer(), &rpcRequest, &rpcResponsePtr1); if (error < 0) throw new Win32Exception(error); if (IntPtr.Zero == (IntPtr) rpcResponsePtr1) throw new Win32Exception(87); int length1 = *(int*) rpcResponsePtr1; byte[] destination2 = new byte[length1]; _RPC_RESPONSE* rpcResponsePtr2 = (_RPC_RESPONSE*) ((IntPtr) rpcResponsePtr1 + 4); if (*(int*) rpcResponsePtr2 != 0) Marshal.Copy(new IntPtr((void*) *(int*) rpcResponsePtr2), destination2, 0, *(int*) rpcResponsePtr1); else if (length1 > 0) throw new Win32Exception(87); return destination2; } catch (SEHException ex) { throw new Win32Exception(-2147467259); } finally { if (IntPtr.Zero != hglobal2) { Marshal.FreeHGlobal(hglobal2); IntPtr zero = IntPtr.Zero; } if (IntPtr.Zero != hglobal1) { Marshal.FreeHGlobal(hglobal1); IntPtr zero = IntPtr.Zero; } if (IntPtr.Zero != hglobal3) { Marshal.FreeHGlobal(hglobal3); IntPtr zero = IntPtr.Zero; } if (IntPtr.Zero != (IntPtr) rpcResponsePtr1) { _RPC_RESPONSE* rpcResponsePtr3 = (_RPC_RESPONSE*) ((IntPtr) rpcResponsePtr1 + 4); if (*(int*) rpcResponsePtr3 != 0) \u003CModule\u003E.MIDL_user_free((void*) *(int*) rpcResponsePtr3); \u003CModule\u003E.MIDL_user_free((void*) rpcResponsePtr1); } } } public static unsafe int CryptAlgIdFromOid(string strOid) { if (string.IsNullOrEmpty(strOid)) return 32772; string s = CryptoConfig.MapNameToOID(strOid); if (string.IsNullOrEmpty(s)) s = strOid; IntPtr hglobalAnsi = Marshal.StringToHGlobalAnsi(s); try { _CRYPT_OID_INFO* oidInfo = \u003CModule\u003E.CryptFindOIDInfo(1U, hglobalAnsi.ToPointer(), 0U); if (IntPtr.Zero == (IntPtr) oidInfo) throw new Win32Exception(-2147467259); return *(int*) ((IntPtr) oidInfo + 16); } finally { if (IntPtr.Zero != hglobalAnsi) Marshal.FreeHGlobal(hglobalAnsi); } } [return: MarshalAs(UnmanagedType.U1)] public static unsafe bool GetHighAssuranceFlags(IntPtr pcertchaincontext, ref int haFlags) { uint num = 0; haFlags = 0; byte highAssuranceFlags; if (!(IntPtr.Zero == pcertchaincontext) && \u003CModule\u003E.SetHighAssuranceFlags((_CERT_CHAIN_CONTEXT*) pcertchaincontext.ToPointer(), &num) != 0) { haFlags = (int) num; highAssuranceFlags = (byte) 1; } else highAssuranceFlags = (byte) 0; return (bool) highAssuranceFlags; } public static unsafe int VerifyTrust(string fileName) { IntPtr hglobal = IntPtr.Zero; try { hglobal = Marshal.StringToHGlobalUni(fileName); return (int) \u003CModule\u003E.VerifyTrust((ushort*) hglobal.ToPointer()); } finally { if (IntPtr.Zero != hglobal) { Marshal.FreeHGlobal(hglobal); IntPtr zero = IntPtr.Zero; } } } public static unsafe void CheckSIDAgainstCurrentRpcUser(string strSid) { IntPtr hglobal = IntPtr.Zero; void* voidPtr = (void*) 0; int num1 = 0; int num2 = 0; try { hglobal = Marshal.StringToHGlobalUni(strSid); if (\u003CModule\u003E.ConvertStringSidToSidW((ushort*) hglobal.ToPointer(), &voidPtr) == 0) throw new Win32Exception((int) \u003CModule\u003E.GetLastError()); if (0 != \u003CModule\u003E.RpcImpersonateClient((void*) 0)) throw new SecurityException(); num2 = 1; if (\u003CModule\u003E.CheckTokenMembership((void*) 0, voidPtr, &num1) == 0) throw new Win32Exception((int) \u003CModule\u003E.GetLastError()); if (num1 == 0) throw new SecurityException(); } finally { if (num2 != 0 && \u003CModule\u003E.RevertToSelf() == 0) throw new InvalidOperationException(); if (IntPtr.Zero != hglobal) { Marshal.FreeHGlobal(hglobal); IntPtr zero = IntPtr.Zero; } if (IntPtr.Zero != (IntPtr) voidPtr) \u003CModule\u003E.LocalFree(voidPtr); } } [return: MarshalAs(UnmanagedType.U1)] public static unsafe bool IsOsVistaOrGreater() { _OSVERSIONINFOW osversioninfow; // ISSUE: cast to a reference type // ISSUE: explicit reference operation ^(int&) ref osversioninfow = 276; // ISSUE: cast to a reference type // ISSUE: initblk instruction __memset((_OSVERSIONINFOW&) ((IntPtr) &osversioninfow + 4), 0, 272); if (\u003CModule\u003E.GetVersionExW(&osversioninfow) == 0) throw new Win32Exception((int) \u003CModule\u003E.GetLastError()); // ISSUE: cast to a reference type // ISSUE: explicit reference operation return (uint) ^(int&) ((IntPtr) &osversioninfow + 4) >= 6U; } [return: MarshalAs(UnmanagedType.U1)] public static unsafe bool IsLowIntegrityIdentity(WindowsIdentity identity) { bool flag = false; _OSVERSIONINFOW osversioninfow; // ISSUE: cast to a reference type // ISSUE: explicit reference operation ^(int&) ref osversioninfow = 276; // ISSUE: cast to a reference type // ISSUE: initblk instruction __memset((_OSVERSIONINFOW&) ((IntPtr) &osversioninfow + 4), 0, 272); if (\u003CModule\u003E.GetVersionExW(&osversioninfow) == 0) throw new Win32Exception((int) \u003CModule\u003E.GetLastError()); // ISSUE: cast to a reference type // ISSUE: explicit reference operation if (((uint) ^(int&) ((IntPtr) &osversioninfow + 4) >= 6U ? 1 : 0) != 0) { _TOKEN_MANDATORY_LABEL* tokenMandatoryLabelPtr = (_TOKEN_MANDATORY_LABEL*) 0; void* voidPtr = (void*) 0; uint num1 = 0; uint num2 = 0; RuntimeHelpers.PrepareConstrainedRegions(); try { } finally { try { if (\u003CModule\u003E.GetTokenInformation(identity.Token.ToPointer(), (_TOKEN_INFORMATION_CLASS) 25, (void*) 0, 0U, &num1) == 0) { uint lastError = \u003CModule\u003E.GetLastError(); if (122U != lastError) throw new Win32Exception((int) lastError); tokenMandatoryLabelPtr = (_TOKEN_MANDATORY_LABEL*) \u003CModule\u003E.LocalAlloc(64U, num1); if ((IntPtr) tokenMandatoryLabelPtr == IntPtr.Zero) throw new OutOfMemoryException(); } if (\u003CModule\u003E.GetTokenInformation(identity.Token.ToPointer(), (_TOKEN_INFORMATION_CLASS) 25, (void*) tokenMandatoryLabelPtr, num1, &num1) == 0) throw new Win32Exception((int) \u003CModule\u003E.GetLastError()); if (\u003CModule\u003E.CreateWellKnownSid((WELL_KNOWN_SID_TYPE) 66, (void*) 0, (void*) 0, &num2) == 0) { uint lastError = \u003CModule\u003E.GetLastError(); if (122U != lastError) throw new Win32Exception((int) lastError); voidPtr = \u003CModule\u003E.LocalAlloc(64U, num2); if ((IntPtr) voidPtr == IntPtr.Zero) throw new OutOfMemoryException(); } if (\u003CModule\u003E.CreateWellKnownSid((WELL_KNOWN_SID_TYPE) 66, (void*) 0, voidPtr, &num2) == 0) throw new Win32Exception((int) \u003CModule\u003E.GetLastError()); if (\u003CModule\u003E.EqualSid(voidPtr, (void*) *(int*) tokenMandatoryLabelPtr) != 0) flag = true; } finally { if ((IntPtr) voidPtr != IntPtr.Zero) \u003CModule\u003E.LocalFree(voidPtr); if ((IntPtr) tokenMandatoryLabelPtr != IntPtr.Zero) \u003CModule\u003E.LocalFree((void*) tokenMandatoryLabelPtr); } } } return flag; } public static unsafe WindowsIdentity CreateMediumIntegrityIdentity( WindowsIdentity identity) { WindowsIdentity integrityIdentity = (WindowsIdentity) null; _OSVERSIONINFOW osversioninfow; // ISSUE: cast to a reference type // ISSUE: explicit reference operation ^(int&) ref osversioninfow = 276; // ISSUE: cast to a reference type // ISSUE: initblk instruction __memset((_OSVERSIONINFOW&) ((IntPtr) &osversioninfow + 4), 0, 272); if (\u003CModule\u003E.GetVersionExW(&osversioninfow) == 0) throw new Win32Exception((int) \u003CModule\u003E.GetLastError()); // ISSUE: cast to a reference type // ISSUE: explicit reference operation if (((uint) ^(int&) ((IntPtr) &osversioninfow + 4) >= 6U ? 1 : 0) == 0) throw new InvalidOperationException(); void* voidPtr = (void*) 0; _TOKEN_MANDATORY_LABEL* tokenMandatoryLabelPtr1 = (_TOKEN_MANDATORY_LABEL*) 0; uint num1 = 0; RuntimeHelpers.PrepareConstrainedRegions(); try { } finally { try { if (\u003CModule\u003E.DuplicateTokenEx(identity.Token.ToPointer(), 142U, (_SECURITY_ATTRIBUTES*) 0, (_SECURITY_IMPERSONATION_LEVEL) 2, (_TOKEN_TYPE) 2, &voidPtr) == 0) throw new Win32Exception((int) \u003CModule\u003E.GetLastError()); if (\u003CModule\u003E.CreateWellKnownSid((WELL_KNOWN_SID_TYPE) 67, (void*) 0, (void*) 0, &num1) == 0) { uint lastError = \u003CModule\u003E.GetLastError(); if (122U != lastError) throw new Win32Exception((int) lastError); } uint num2 = num1 + 8U; tokenMandatoryLabelPtr1 = (_TOKEN_MANDATORY_LABEL*) \u003CModule\u003E.LocalAlloc(64U, num2); if ((IntPtr) tokenMandatoryLabelPtr1 == IntPtr.Zero) throw new OutOfMemoryException(); _TOKEN_MANDATORY_LABEL* tokenMandatoryLabelPtr2 = (_TOKEN_MANDATORY_LABEL*) ((IntPtr) tokenMandatoryLabelPtr1 + 8); *(int*) tokenMandatoryLabelPtr1 = (int) tokenMandatoryLabelPtr2; *(int*) ((IntPtr) tokenMandatoryLabelPtr1 + 4) = 96; if (\u003CModule\u003E.CreateWellKnownSid((WELL_KNOWN_SID_TYPE) 67, (void*) 0, (void*) tokenMandatoryLabelPtr2, &num1) == 0) throw new Win32Exception((int) \u003CModule\u003E.GetLastError()); if (\u003CModule\u003E.SetTokenInformation(voidPtr, (_TOKEN_INFORMATION_CLASS) 25, (void*) tokenMandatoryLabelPtr1, num2) == 0) throw new Win32Exception((int) \u003CModule\u003E.GetLastError()); integrityIdentity = new WindowsIdentity(new IntPtr(voidPtr)); } finally { if ((IntPtr) voidPtr != IntPtr.Zero) \u003CModule\u003E.CloseHandle(voidPtr); if ((IntPtr) tokenMandatoryLabelPtr1 != IntPtr.Zero) \u003CModule\u003E.LocalFree((void*) tokenMandatoryLabelPtr1); } } return integrityIdentity; } public static unsafe void* CreateHighIntegrityToken(void* hCurrentToken) { _OSVERSIONINFOW osversioninfow; // ISSUE: cast to a reference type // ISSUE: explicit reference operation ^(int&) ref osversioninfow = 276; // ISSUE: cast to a reference type // ISSUE: initblk instruction __memset((_OSVERSIONINFOW&) ((IntPtr) &osversioninfow + 4), 0, 272); if (\u003CModule\u003E.GetVersionExW(&osversioninfow) == 0) throw new Win32Exception((int) \u003CModule\u003E.GetLastError()); // ISSUE: cast to a reference type // ISSUE: explicit reference operation if (((uint) ^(int&) ((IntPtr) &osversioninfow + 4) >= 6U ? 1 : 0) == 0) throw new InvalidOperationException(); void* highIntegrityToken = (void*) 0; _TOKEN_MANDATORY_LABEL* tokenMandatoryLabelPtr1 = (_TOKEN_MANDATORY_LABEL*) 0; uint num1 = 0; RuntimeHelpers.PrepareConstrainedRegions(); try { } finally { try { if (\u003CModule\u003E.DuplicateTokenEx(hCurrentToken, 139U, (_SECURITY_ATTRIBUTES*) 0, (_SECURITY_IMPERSONATION_LEVEL) 2, (_TOKEN_TYPE) 1, &highIntegrityToken) == 0) throw new Win32Exception((int) \u003CModule\u003E.GetLastError()); if (\u003CModule\u003E.CreateWellKnownSid((WELL_KNOWN_SID_TYPE) 68, (void*) 0, (void*) 0, &num1) == 0) { uint lastError = \u003CModule\u003E.GetLastError(); if (122U != lastError) throw new Win32Exception((int) lastError); } uint num2 = num1 + 8U; tokenMandatoryLabelPtr1 = (_TOKEN_MANDATORY_LABEL*) \u003CModule\u003E.LocalAlloc(64U, num2); if ((IntPtr) tokenMandatoryLabelPtr1 == IntPtr.Zero) throw new OutOfMemoryException(); _TOKEN_MANDATORY_LABEL* tokenMandatoryLabelPtr2 = (_TOKEN_MANDATORY_LABEL*) ((IntPtr) tokenMandatoryLabelPtr1 + 8); *(int*) tokenMandatoryLabelPtr1 = (int) tokenMandatoryLabelPtr2; *(int*) ((IntPtr) tokenMandatoryLabelPtr1 + 4) = 96; if (\u003CModule\u003E.CreateWellKnownSid((WELL_KNOWN_SID_TYPE) 68, (void*) 0, (void*) tokenMandatoryLabelPtr2, &num1) == 0) throw new Win32Exception((int) \u003CModule\u003E.GetLastError()); if (\u003CModule\u003E.SetTokenInformation(highIntegrityToken, (_TOKEN_INFORMATION_CLASS) 25, (void*) tokenMandatoryLabelPtr1, num2) == 0) throw new Win32Exception((int) \u003CModule\u003E.GetLastError()); } finally { if ((IntPtr) tokenMandatoryLabelPtr1 != IntPtr.Zero) \u003CModule\u003E.LocalFree((void*) tokenMandatoryLabelPtr1); } } return highIntegrityToken; } public static unsafe void AdjustServiceProcessSecurity() { void* voidPtr = (void*) 0; _ACL* aclPtr1 = (_ACL*) 0; _ACL* aclPtr2 = (_ACL*) 0; uint num = 68; _EXPLICIT_ACCESS_W explicitAccessW; // ISSUE: cast to a reference type // ISSUE: explicit reference operation ^(int&) ref explicitAccessW = 0; // ISSUE: cast to a reference type // ISSUE: initblk instruction __memset((_EXPLICIT_ACCESS_W&) ((IntPtr) &explicitAccessW + 4), 0, 28); try { uint securityInfo = \u003CModule\u003E.GetSecurityInfo(\u003CModule\u003E.GetCurrentProcess(), (_SE_OBJECT_TYPE) 6, 4U, (void**) 0, (void**) 0, &aclPtr1, (_ACL**) 0, &voidPtr); if (0U != securityInfo) throw new Win32Exception((int) securityInfo); \u0024ArrayType\u0024\u0024\u0024BY0BB\u0040K arrayTypeBy0BbK; if (\u003CModule\u003E.CreateWellKnownSid((WELL_KNOWN_SID_TYPE) 11, (void*) 0, (void*) &arrayTypeBy0BbK, &num) == 0) throw new Win32Exception((int) \u003CModule\u003E.GetLastError()); // ISSUE: cast to a reference type // ISSUE: explicit reference operation ^(int&) ref explicitAccessW = 1048576; // ISSUE: cast to a reference type // ISSUE: explicit reference operation ^(int&) ((IntPtr) &explicitAccessW + 4) = 1; // ISSUE: cast to a reference type // ISSUE: explicit reference operation ^(int&) ((IntPtr) &explicitAccessW + 20) = 0; // ISSUE: cast to a reference type // ISSUE: explicit reference operation ^(int&) ((IntPtr) &explicitAccessW + 24) = 5; // ISSUE: cast to a reference type // ISSUE: explicit reference operation ^(int&) ((IntPtr) &explicitAccessW + 28) = (int) &arrayTypeBy0BbK; uint error1 = \u003CModule\u003E.SetEntriesInAclW(1U, &explicitAccessW, aclPtr1, &aclPtr2); if (0U != error1) throw new Win32Exception((int) error1); uint error2 = \u003CModule\u003E.SetSecurityInfo(\u003CModule\u003E.GetCurrentProcess(), (_SE_OBJECT_TYPE) 6, 4U, (void*) 0, (void*) 0, aclPtr2, (_ACL*) 0); if (0U != error2) throw new Win32Exception((int) error2); } finally { if (IntPtr.Zero != (IntPtr) aclPtr2) \u003CModule\u003E.LocalFree((void*) aclPtr2); if (IntPtr.Zero != (IntPtr) voidPtr) \u003CModule\u003E.LocalFree(voidPtr); } } [return: MarshalAs(UnmanagedType.U1)] public static unsafe bool IsCardSpaceTcserverInstance(int pid, string trustedUserSid) { bool flag = false; void* voidPtr1 = (void*) 0; void* voidPtr2 = (void*) 0; ushort* numPtr = (ushort*) 0; IntPtr hglobal = IntPtr.Zero; try { voidPtr1 = \u003CModule\u003E.OpenProcess(1024U, 0, (uint) pid); if (IntPtr.Zero != (IntPtr) voidPtr1) { if (\u003CModule\u003E.OpenProcessToken(voidPtr1, 8U, &voidPtr2) != 0) { \u0024ArrayType\u0024\u0024\u0024BY0EE\u0040E arrayTypeBy0EeE; // ISSUE: cast to a reference type // ISSUE: explicit reference operation ^(sbyte&) ref arrayTypeBy0EeE = (sbyte) 0; // ISSUE: cast to a reference type // ISSUE: initblk instruction __memset((\u0024ArrayType\u0024\u0024\u0024BY0EE\u0040E&) ((IntPtr) &arrayTypeBy0EeE + 1), 0, 67); uint num = 0; if (\u003CModule\u003E.GetTokenInformation(voidPtr2, (_TOKEN_INFORMATION_CLASS) 4, (void*) &arrayTypeBy0EeE, 68U, &num) != 0) { _TOKEN_OWNER* tokenOwnerPtr = (_TOKEN_OWNER*) &arrayTypeBy0EeE; // ISSUE: cast to a reference type // ISSUE: explicit reference operation if (\u003CModule\u003E.ConvertSidToStringSidW((void*) ^(int&) ref arrayTypeBy0EeE, &numPtr) != 0) { hglobal = Marshal.StringToHGlobalUni(trustedUserSid); flag = 0 == \u003CModule\u003E._wcsnicmp((ushort*) hglobal.ToPointer(), numPtr, 68U); } } } } } finally { if (IntPtr.Zero != (IntPtr) numPtr) \u003CModule\u003E.LocalFree((void*) numPtr); if (IntPtr.Zero != (IntPtr) voidPtr2) \u003CModule\u003E.CloseHandle(voidPtr2); if (IntPtr.Zero != (IntPtr) voidPtr1) \u003CModule\u003E.CloseHandle(voidPtr1); if (IntPtr.Zero != hglobal) Marshal.FreeHGlobal(hglobal); } return flag; } public static unsafe void AddSystemAccessToProcess(IntPtr RpcHandle, uint callerPid) { bool flag = false; void* voidPtr1 = (void*) 0; _ACL* aclPtr1 = (_ACL*) 0; _ACL* aclPtr2 = (_ACL*) 0; void* voidPtr2 = (void*) 0; _EXPLICIT_ACCESS_W explicitAccessW; // ISSUE: cast to a reference type // ISSUE: explicit reference operation ^(int&) ref explicitAccessW = 0; // ISSUE: cast to a reference type // ISSUE: initblk instruction __memset((_EXPLICIT_ACCESS_W&) ((IntPtr) &explicitAccessW + 4), 0, 28); \u0024ArrayType\u0024\u0024\u0024BY0EE\u0040E arrayTypeBy0EeE; // ISSUE: cast to a reference type // ISSUE: explicit reference operation ^(sbyte&) ref arrayTypeBy0EeE = (sbyte) 0; // ISSUE: cast to a reference type // ISSUE: initblk instruction __memset((\u0024ArrayType\u0024\u0024\u0024BY0EE\u0040E&) ((IntPtr) &arrayTypeBy0EeE + 1), 0, 67); uint num = 68; try { uint error1 = (uint) \u003CModule\u003E.RpcImpersonateClient(RpcHandle.ToPointer()); if (0U != error1) throw new Win32Exception((int) error1); flag = true; voidPtr1 = \u003CModule\u003E.OpenProcess(393216U, 0, callerPid); if (IntPtr.Zero == (IntPtr) voidPtr1) throw new Win32Exception((int) \u003CModule\u003E.GetLastError()); uint securityInfo = \u003CModule\u003E.GetSecurityInfo(voidPtr1, (_SE_OBJECT_TYPE) 6, 4U, (void**) 0, (void**) 0, &aclPtr1, (_ACL**) 0, &voidPtr2); if (0U != securityInfo) throw new Win32Exception((int) securityInfo); if (\u003CModule\u003E.CreateWellKnownSid((WELL_KNOWN_SID_TYPE) 22, (void*) 0, (void*) &arrayTypeBy0EeE, &num) == 0) throw new Win32Exception((int) \u003CModule\u003E.GetLastError()); // ISSUE: cast to a reference type // ISSUE: explicit reference operation ^(int&) ref explicitAccessW = 2035711; // ISSUE: cast to a reference type // ISSUE: explicit reference operation ^(int&) ((IntPtr) &explicitAccessW + 4) = 1; // ISSUE: cast to a reference type // ISSUE: explicit reference operation ^(int&) ((IntPtr) &explicitAccessW + 20) = 0; // ISSUE: cast to a reference type // ISSUE: explicit reference operation ^(int&) ((IntPtr) &explicitAccessW + 24) = 1; // ISSUE: cast to a reference type // ISSUE: explicit reference operation ^(int&) ((IntPtr) &explicitAccessW + 28) = (int) &arrayTypeBy0EeE; uint error2 = \u003CModule\u003E.SetEntriesInAclW(1U, &explicitAccessW, aclPtr1, &aclPtr2); if (0U != error2) throw new Win32Exception((int) error2); uint error3 = \u003CModule\u003E.SetSecurityInfo(voidPtr1, (_SE_OBJECT_TYPE) 6, 4U, (void*) 0, (void*) 0, aclPtr2, (_ACL*) 0); if (0U != error3) throw new Win32Exception((int) error3); } finally { if (IntPtr.Zero != (IntPtr) aclPtr2) \u003CModule\u003E.LocalFree((void*) aclPtr2); if (IntPtr.Zero != (IntPtr) voidPtr2) \u003CModule\u003E.LocalFree(voidPtr2); if (IntPtr.Zero != (IntPtr) voidPtr1) \u003CModule\u003E.CloseHandle(voidPtr1); if (flag) \u003CModule\u003E.RpcRevertToSelf(); } } [return: MarshalAs(UnmanagedType.U1)] public static unsafe bool PathSupportsPersistedSecurity(string path) { bool flag = false; string pathRoot = Path.GetPathRoot(path); RuntimeHelpers.PrepareConstrainedRegions(); try { } finally { GCHandle gcHandle = GCHandle.Alloc((object) pathRoot, GCHandleType.Pinned); \u0024ArrayType\u0024\u0024\u0024BY0BAF\u0040G arrayTypeBy0BafG1; // ISSUE: initblk instruction __memset(ref arrayTypeBy0BafG1, 0, 522); \u0024ArrayType\u0024\u0024\u0024BY0BAF\u0040G arrayTypeBy0BafG2; // ISSUE: initblk instruction __memset(ref arrayTypeBy0BafG2, 0, 522); uint num1 = 0; uint num2 = 0; uint num3 = 0; if (\u003CModule\u003E.GetVolumeInformationW((ushort*) gcHandle.AddrOfPinnedObject().ToPointer(), (ushort*) &arrayTypeBy0BafG1, 261U, &num1, &num2, &num3, (ushort*) &arrayTypeBy0BafG2, 261U) != 0) { if (((int) num3 & 8) != 0) flag = true; gcHandle.Free(); } else { gcHandle.Free(); throw new Win32Exception((int) \u003CModule\u003E.GetLastError()); } } return flag; } } }