// Decompiled with JetBrains decompiler
// Type: eRecoveryService.ETFclass
// Assembly: eRecoveryService, Version=2.5.3.6, Culture=neutral, PublicKeyToken=null
// MVID: 08DF666A-8C92-4CCB-869A-390134BB6787
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Patched.mf-d8d6de6a708417645ef396f90e846eda5ae240e20dd2ceba0b7c9c1e4a6a7d77.exe

using IERYETF;
using System;
using System.IO;
using System.Runtime.Remoting.Lifetime;
using System.Threading;

namespace eRecoveryService
{
  public class ETFclass : MarshalByRefObject, IERY
  {
    private ILease lease;

    public override object InitializeLifetimeService()
    {
      if (this.lease == null)
      {
        this.lease = (ILease) base.InitializeLifetimeService();
        if (this.lease.CurrentState == LeaseState.Initial)
          this.lease.InitialLeaseTime = TimeSpan.Zero;
      }
      return (object) this.lease;
    }

    private string GetAvailableDrLetter()
    {
      uint logicalDrives = WIN32.GetLogicalDrives();
      string str = "";
      char ch = 'D';
      int num;
      for (num = 3; num < 26; ++num)
      {
        if (((int) (logicalDrives >> num) & 1) == 0)
        {
          str = ch.ToString();
          break;
        }
        ++ch;
      }
      string availableDrLetter = str + ":";
      if (num == 26)
        availableDrLetter = "";
      return availableDrLetter;
    }

    private bool MountHiddenPartition(string szDr)
    {
      bool flag = false;
      int num = 0;
      while (!flag && num < 5)
      {
        flag = WIN32.DefineDosDevice(1U, szDr, "\\Device\\Harddisk0\\Partition1");
        if (!flag)
          Thread.Sleep(1000);
      }
      return flag;
    }

    public bool UnMountHiddenPartition(string m_szTempHid)
    {
      bool flag = false;
      int num = 0;
      while (!flag && num < 5)
      {
        flag = WIN32.DefineDosDevice(7U, m_szTempHid, "\\Device\\Harddisk0\\Partition1");
        if (!flag)
          Thread.Sleep(1000);
      }
      return flag;
    }

    public bool SetHiddenPartPassHint(string szPass, string szHint)
    {
      string availableDrLetter = this.GetAvailableDrLetter();
      string str = availableDrLetter + "\\aimdrs.dat";
      this.MountHiddenPartition(availableDrLetter);
      if (szPass.Length == 0)
      {
        if (File.Exists(str))
        {
          File.SetAttributes(str, FileAttributes.Normal);
          File.Delete(str);
          this.UnMountHiddenPartition(availableDrLetter);
        }
        return true;
      }
      if (szPass.Length > 0 && File.Exists(str))
        File.SetAttributes(str, FileAttributes.Normal);
      WIN32.WritePrivateProfileString("MyData", "PD", szPass, str);
      WIN32.WritePrivateProfileString("MyData", "HT", szHint, str);
      File.SetAttributes(str, FileAttributes.ReadOnly | FileAttributes.Hidden | FileAttributes.System);
      this.UnMountHiddenPartition(availableDrLetter);
      return true;
    }
  }
}