// Decompiled with JetBrains decompiler // Type: Microsoft.InfoCards.NativeMethods // Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 // MVID: 1D4D5564-A025-490C-AF1D-DF4FBB709D1F // Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-f8f9f26e940480624825f6bddbea86e70fc4aa746c4dd8efa7d98dcb477000ed.exe using Microsoft.Win32.SafeHandles; using System; using System.Runtime.ConstrainedExecution; using System.Runtime.InteropServices; using System.Text; namespace Microsoft.InfoCards { internal static class NativeMethods { public const int E_BUSY = -2147024825; public const int ERROR_ACCESS_DENIED = 5; public const int ERROR_NOT_ENOUGH_MEMORY = 8; public const int ERROR_OUTOFMEMORY = 14; public const int E_NOTIMPL = -2147467263; public const int E_ACCESSDENIED = -2147024891; public const int COR_E_APPLICATION = -2146232832; public const int COR_E_ARGUMENT = -2147024809; public const int ERROR_INVALID_DATA = 13; public const int CRYPTPROTECT_LOCAL_MACHINE = 4; public const int CRYPTPROTECT_UI_FORBIDDEN = 1; public const int CRYPTPROTECT_NO_RECOVERY = 32; public const int CRYPTPROTECT_VERIFY_PROTECTION = 64; public const int CRYPTPROTECT_AUDIT = 16; public const int CRYPTPROTECTMEMORY_SAME_PROCESS = 0; public const int CRYPTPROTECTMEMORY_CROSS_PROCESS = 1; public const int CRYPTPROTECTMEMORY_SAME_LOGON = 2; public const int EVENT_MODIFY_STATE = 2; public const int PROCESS_DUP_HANDLE = 64; public const int TOKEN_QUERY = 8; public const int TOKEN_IMPERSONATE = 4; public const int TOKEN_DUPLICATE = 2; public const int TOKEN_ASSIGN_PRIMARY = 1; public const int TOKEN_ALL_ACCESS = 511; public const uint WAIT_TIMEOUT = 258; public const uint WAIT_ABANDONED = 128; public const uint WAIT_FAILED = 4294967295; public const int CSIDL_LOCAL_APPDATA = 28; public const int SHGFP_TYPE_CURRENT = 0; public const int MAX_PATH = 260; public const int MUTEX_MODIFY_STATE = 2; public const int SYNCHRONIZE = 1048576; public const int FILE_PERSISTENT_ACLS = 8; public const int ERROR_CANCELLED = 1223; public const int SM_TABLETPC = 86; [DllImport("Crypt32.dll", CharSet = CharSet.Unicode, SetLastError = true)] public static extern bool CryptProtectData( [In] IntPtr pDataIn, [MarshalAs(UnmanagedType.LPWStr), In] string szDataDescr, [In] IntPtr pOptionalEntropy, [In] IntPtr pvReserved, [In] IntPtr pPromptStruct, [MarshalAs(UnmanagedType.I4), In] int dwFlags, [In] IntPtr pDataOut); [DllImport("Crypt32.dll", CharSet = CharSet.Unicode, SetLastError = true)] public static extern bool CryptUnprotectData( [In] IntPtr pDataIn, [MarshalAs(UnmanagedType.LPWStr), Out] StringBuilder ppszDataDescr, [In] IntPtr pOptionalEntropy, [In] IntPtr pvReserved, [In] IntPtr pPromptStruct, [MarshalAs(UnmanagedType.I4), In] int dwFlags, [In] IntPtr pDataOut); [DllImport("Rpcrt4.dll", CharSet = CharSet.Unicode)] public static extern uint RpcImpersonateClient([In] IntPtr rpcBindingHandle); [DllImport("Rpcrt4.dll", CharSet = CharSet.Unicode)] public static extern uint RpcRevertToSelfEx([In] IntPtr rpcBindingHandle); [DllImport("Rpcrt4.dll", CharSet = CharSet.Unicode)] public static extern uint I_RpcBindingInqLocalClientPID([In] IntPtr rpcBindingHandle, out uint pid); [DllImport("advapi32.dll", CharSet = CharSet.Unicode, SetLastError = true)] public static extern bool RevertToSelf(); [DllImport("advapi32.dll", CharSet = CharSet.Unicode, SetLastError = true)] public static extern bool ImpersonateLoggedOnUser([In] IntPtr hToken); [DllImport("kernel32.dll", CharSet = CharSet.Unicode, SetLastError = true)] public static extern bool ProcessIdToSessionId([In] int pid, out int tSSession); [DllImport("kernel32.dll", CharSet = CharSet.Unicode, SetLastError = true)] public static extern SafeNativeHandle OpenProcess( [In] int desiredAccess, [In] bool inheritHandle, [In] int processId); [DllImport("kernel32.dll", CharSet = CharSet.Unicode, SetLastError = true)] public static extern bool DuplicateHandle( [In] SafeNativeHandle sourceProcessHandle, [In] SafeWaitHandle sourceHandle, [In] SafeNativeHandle targetProcessHandle, out SafeWaitHandle targetHandle, [In] int desiredAccess, [In] bool inheritHandle, [In] int options); [DllImport("kernel32.dll", CharSet = CharSet.Unicode, SetLastError = true)] public static extern IntPtr GetCurrentProcess(); [DllImport("Kernel32.dll", CharSet = CharSet.Unicode, SetLastError = true)] public static extern IntPtr LocalFree(IntPtr hMem); [DllImport("advapi32.dll", CharSet = CharSet.Unicode, SetLastError = true)] public static extern bool CryptDecrypt( [In] SafeCryptoKeyHandle hKey, [In] IntPtr hHash, [In] uint Final, [In] uint Flags, [In] IntPtr data, [In, Out] ref uint length); [DllImport("advapi32.dll", CharSet = CharSet.Unicode, SetLastError = true)] public static extern bool CryptEncrypt( [In] SafeCryptoKeyHandle hKey, [In] IntPtr hHash, [In] uint Final, [In] uint Flags, [In] IntPtr data, [In, Out] ref uint length, [In] uint bufLength); [DllImport("Kernel32.dll", EntryPoint = "RtlZeroMemory", CharSet = CharSet.Unicode, SetLastError = true)] public static extern void ZeroMemory([In] IntPtr dest, [In] int size); [DllImport("Crypt32.dll", EntryPoint = "CertGetNameStringW", CharSet = CharSet.Unicode)] public static extern int CertGetNameString( IntPtr pCertContext, int dwType, int dwFlags, [MarshalAs(UnmanagedType.LPStr), In] string pvTypePara, [Out] StringBuilder pszNameString, int cchNameString); [DllImport("Kernel32.dll", CharSet = CharSet.Unicode)] public static extern int WTSGetActiveConsoleSessionId(); [DllImport("user32.dll", CharSet = CharSet.Unicode)] public static extern int GetSystemMetrics(int nIndex); public enum SecurityImpersonationLevel { SecurityAnonymous, SecurityIdentification, SecurityImpersonation, SecurityDelegation, } public sealed class SafeHandleOnlyMethods { private SafeHandleOnlyMethods() { } [ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)] [DllImport("Kernel32.dll", CharSet = CharSet.Unicode, SetLastError = true)] public static extern bool CloseHandle([In] IntPtr handle); } } }