// Decompiled with JetBrains decompiler // Type: Tvsu.Service.Server.PipeManager // Assembly: SUService, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null // MVID: C794206D-ECC0-4CFA-AB4E-5C06FB2FD4CC // Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Patched.mf-57a055e0e8642f449b4d27fa8ff9cbc0f8367d8cdd69ab6deeca9a801697bce1.exe using Microsoft.Win32; using System; using System.Collections; using System.Diagnostics; using System.Globalization; using System.IO; using System.Runtime.InteropServices; using System.Threading; using Tvsu.Service.Common.InterProcessComm; using Tvsu.Service.Common.NamedPipes; using Tvsu.Service.Common.Util; namespace Tvsu.Service.Server { public sealed class PipeManager : IChannelManager { private const string UNINSTALL = "/u"; private const string EXECUTE = "/execute"; private const string DIR = "/directory"; private const string ARGUMENTS = "/arguments"; private const string INSTALL_TYPE = "/type"; private const string PIPE_SERVER_NAME = "SUPipeServer"; private const int MAX_READ_BYTES = 5000; private const int PIPE_MAX_STUFFED_TIME = 5000; private static string commandLine = (string) null; private static string argumentsValue = (string) null; private static string directoryPath = (string) null; private static string installType = (string) null; [MarshalAs(UnmanagedType.LPStr)] private string hardwareId; [MarshalAs(UnmanagedType.LPStr)] private string infFilePath; public Hashtable Pipes; private uint NumberPipes = 5; private uint OutBuffer = 512; private uint InBuffer = 512; private bool _listen = true; private int numChannels = 0; private Hashtable _pipes = new Hashtable(); private Thread MainThread; private string PipeName = "SUPipeServer"; private ManualResetEvent Mre; public object SyncRoot = new object(); [DllImport("tools.dll")] public static extern bool updateDriverForPlugAndPlayDevices( string hardwareId, string fullInfPath); [DllImport("tools.dll")] public static extern string GetError(); public bool Listen { get => this._listen; set => this._listen = value; } public void Initialize() { this.Pipes = Hashtable.Synchronized(this._pipes); this.Mre = new ManualResetEvent(false); this.MainThread = new Thread(new ThreadStart(this.Start)); this.MainThread.IsBackground = false; this.MainThread.Name = "Main Pipe Thread"; this.MainThread.Start(); Thread.Sleep(1000); } public string HandleRequest(string request) { string str = request; try { ServiceLogger.Instance.Info(request); PipeManager.commandLine = ""; PipeManager.argumentsValue = ""; PipeManager.directoryPath = ""; PipeManager.installType = ""; PipeManager.BuildCommandLine(str.Split(' ')); ServiceLogger.Instance.Info(PipeManager.directoryPath + Environment.NewLine + PipeManager.commandLine + Environment.NewLine + PipeManager.argumentsValue + Environment.NewLine + PipeManager.installType); } catch (Exception ex) { ServiceLogger.Instance.Severe("Error handling request", ex); } return this.ExecuteCommand(PipeManager.directoryPath, PipeManager.commandLine, PipeManager.argumentsValue, PipeManager.installType).ToString(); } private int ExecuteCommand(string dir, string cmd, string args, string _installType) { int num = int.MinValue; string path = ""; try { ServiceLogger.Instance.Info("Directory 1: " + dir); if (PipeManager.DirectoryExists(dir)) path = dir; ServiceLogger.Instance.Info("If directory 1 exists: " + path); switch (_installType) { case "": case null: _installType = "COMMAND"; break; } if (_installType == PipeManager.InstallType.INF.ToString()) { this.infFilePath = cmd; Directory.SetCurrentDirectory(path); this.hardwareId = args; return PipeManager.updateDriverForPlugAndPlayDevices(this.hardwareId, this.infFilePath) ? 1 : 0; } Process process = new Process(); ProcessStartInfo processStartInfo = new ProcessStartInfo(); if (File.Exists(path + "\\" + cmd)) processStartInfo.WorkingDirectory = path; else if (File.Exists(path + "\\" + cmd.Substring(cmd.LastIndexOf("\\") + 1, cmd.Length - 1 - cmd.LastIndexOf("\\")))) { processStartInfo.WorkingDirectory = path; cmd = cmd.Substring(cmd.LastIndexOf("\\") + 1, cmd.Length - 1 - cmd.LastIndexOf("\\")); } else if (File.Exists(cmd)) { path = cmd.Substring(0, cmd.LastIndexOf("\\")); cmd = cmd.Substring(cmd.LastIndexOf("\\") + 1, cmd.Length - 1 - cmd.LastIndexOf("\\")); processStartInfo.WorkingDirectory = path; } ServiceLogger.Instance.Info("The parameters directory and command stay as follows:" + Environment.NewLine + "command: " + cmd + Environment.NewLine + "directory: " + path); switch (args) { case "": case null: processStartInfo.FileName = cmd; break; default: processStartInfo.FileName = cmd; processStartInfo.Arguments = args; break; } if (string.Compare(cmd, "egather2.exe", true, new CultureInfo("en-US", false)) == 0) { processStartInfo.WindowStyle = ProcessWindowStyle.Hidden; ServiceLogger.Instance.Info("Type hidden"); } else { processStartInfo.WindowStyle = ProcessWindowStyle.Normal; ServiceLogger.Instance.Info("Type normal"); } if (_installType == PipeManager.InstallType.SHELL.ToString()) processStartInfo.UseShellExecute = true; process.StartInfo = processStartInfo; process.Start(); while (!process.HasExited) process.WaitForExit(); num = process.ExitCode; } catch (Exception ex) { ServiceLogger.Instance.Severe("Error executing command: " + cmd, ex); } return num; } private int WriteRegistryValue(string dir, string svalue) { string root = dir.Substring(0, dir.IndexOf("\\")); string str = dir.Substring(dir.IndexOf("\\") + 1, dir.LastIndexOf("\\") - dir.IndexOf("\\")); string name = dir.Substring(dir.LastIndexOf("\\") + 1, dir.Length - dir.LastIndexOf("\\") - 1); RegistryKey registryKey = PipeManager.GetRegistryKey(root); if (registryKey == null) return int.MinValue; if (registryKey.OpenSubKey(str) != null) { if (svalue == null) svalue = ""; registryKey.OpenSubKey(str, true).SetValue(name, (object) svalue); } else { ServiceLogger.Instance.Info("Creating sub Key: " + str); registryKey.CreateSubKey(str); registryKey.OpenSubKey(str, true).SetValue(name, (object) svalue); } registryKey.Close(); return 0; } public static RegistryKey GetRegistryKey(string root) { RegistryKey registryKey = (RegistryKey) null; switch (root) { case "HKEY_CLASSES_ROOT": registryKey = Registry.ClassesRoot; break; case "HKEY_CURRENT_USER": registryKey = Registry.CurrentUser; break; case "HKEY_LOCAL_MACHINE": registryKey = Registry.LocalMachine; break; case "HKEY_USERS": registryKey = Registry.Users; break; case "HKEY_CURRENT_CONFIG": registryKey = Registry.CurrentConfig; break; } return registryKey; } private static bool DirectoryExists(string dir) => new DirectoryInfo(dir).Exists; private static void BuildCommandLine(string[] arguments) { int position; for (position = 1; position < arguments.Length && !arguments[position].StartsWith("/arguments"); ++position) PipeManager.commandLine = PipeManager.commandLine + arguments[position] + " "; PipeManager.commandLine = PipeManager.commandLine.Remove(PipeManager.commandLine.Length - 1, 1); PipeManager.BuildArguments(arguments, position); } private static void BuildArguments(string[] args, int position) { for (++position; position < args.Length && !args[position].StartsWith("/directory"); ++position) PipeManager.argumentsValue = PipeManager.argumentsValue + args[position] + " "; if (PipeManager.argumentsValue != "") PipeManager.argumentsValue = PipeManager.argumentsValue.Remove(PipeManager.argumentsValue.Length - 1, 1); PipeManager.BuildDirectoryPath(args, position); } private static void BuildDirectoryPath(string[] args, int position) { for (++position; position < args.Length && !args[position].StartsWith("/type"); ++position) PipeManager.directoryPath = PipeManager.directoryPath + args[position] + " "; PipeManager.installType = args[position + 1]; PipeManager.directoryPath = PipeManager.directoryPath.Remove(PipeManager.directoryPath.Length - 1, 1); } private void Start() { try { while (this._listen) { int[] numArray = new int[this.Pipes.Keys.Count]; this.Pipes.Keys.CopyTo((Array) numArray, 0); foreach (int key in numArray) { ServerNamedPipe pipe = (ServerNamedPipe) this.Pipes[(object) key]; if (pipe != null && DateTime.Now.Subtract(pipe.LastAction).Milliseconds > 5000 && ((APipeConnection) pipe.PipeConnection).GetState() != 4) { pipe.Listen = false; pipe.PipeThread.Abort(); this.RemoveServerChannel((object) ((APipeConnection) pipe.PipeConnection).NativeHandle); } } if ((long) this.numChannels <= (long) this.NumberPipes) { ServerNamedPipe serverNamedPipe = new ServerNamedPipe(this.PipeName, this.OutBuffer, this.InBuffer, 5000, false); try { serverNamedPipe.Connect(); serverNamedPipe.LastAction = DateTime.Now; Interlocked.Increment(ref this.numChannels); serverNamedPipe.Start(); this.Pipes.Add((object) ((APipeConnection) serverNamedPipe.PipeConnection).NativeHandle, (object) serverNamedPipe); } catch (InterProcessIOException ex) { this.RemoveServerChannel((object) ((APipeConnection) serverNamedPipe.PipeConnection).NativeHandle); serverNamedPipe.Dispose(); ServiceLogger.Instance.Severe(((Exception) ex).StackTrace.ToString(), (Exception) ex); } } else { this.Mre.Reset(); this.Mre.WaitOne(1000, false); } } } catch (Exception ex) { ServiceLogger.Instance.Warning(ex.Message.ToString(), ex); } } public void Stop() { this._listen = false; this.Mre.Set(); try { int[] numArray = new int[this.Pipes.Keys.Count]; this.Pipes.Keys.CopyTo((Array) numArray, 0); foreach (int key in numArray) ((ServerNamedPipe) this.Pipes[(object) key]).Listen = false; int num = this.numChannels * 3; for (int index = 0; index < num; ++index) this.StopServerPipe(); this.Pipes.Clear(); this.Mre.Close(); this.Mre = (ManualResetEvent) null; } catch (Exception ex) { ServiceLogger.Instance.Warning(ex.Message.ToString(), ex); } } public void WakeUp() { if (this.Mre == null) return; this.Mre.Set(); } private void StopServerPipe() { try { ClientPipeConnection clientPipeConnection = new ClientPipeConnection(this.PipeName); if (!clientPipeConnection.TryConnect()) return; ((APipeConnection) clientPipeConnection).Close(); } catch (Exception ex) { ServiceLogger.Instance.Warning(ex.Message.ToString(), ex); } } public void RemoveServerChannel(object param) { int key = (int) param; Interlocked.Decrement(ref this.numChannels); this.Pipes.Remove((object) key); this.WakeUp(); } private enum InstallType { COMMAND, SHELL, INF, } } }