mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-22 19:36:11 +00:00
f2ac1ece55
add
1159 lines
50 KiB
C#
1159 lines
50 KiB
C#
// Decompiled with JetBrains decompiler
|
|
// Type: Microsoft.InfoCards.NativeMcppMethods
|
|
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
|
|
// MVID: 1D4D5564-A025-490C-AF1D-DF4FBB709D1F
|
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-f8f9f26e940480624825f6bddbea86e70fc4aa746c4dd8efa7d98dcb477000ed.exe
|
|
|
|
using \u003CCppImplementationDetails\u003E;
|
|
using System;
|
|
using System.ComponentModel;
|
|
using System.Diagnostics;
|
|
using System.IO;
|
|
using System.Runtime.CompilerServices;
|
|
using System.Runtime.InteropServices;
|
|
using System.Security;
|
|
using System.Security.Cryptography;
|
|
using System.Security.Principal;
|
|
|
|
namespace Microsoft.InfoCards
|
|
{
|
|
internal class NativeMcppMethods
|
|
{
|
|
private NativeMcppMethods()
|
|
{
|
|
}
|
|
|
|
public static unsafe byte[] X931KeyGenWrapper(
|
|
byte[] Xp1ByteArray,
|
|
byte[] Xp2ByteArray,
|
|
byte[] Xq1ByteArray,
|
|
byte[] Xq2ByteArray,
|
|
byte[] XpByteArray,
|
|
byte[] XqByteArray,
|
|
int publicExponent,
|
|
ref KeyGenRestartCodes restartCode)
|
|
{
|
|
byte* numPtr = (byte*) 0;
|
|
uint length1 = 0;
|
|
byte[] destination = (byte[]) null;
|
|
X931_restart_t x931RestartT = (X931_restart_t) 0;
|
|
int length2 = Xp1ByteArray.Length;
|
|
int length3 = XpByteArray.Length;
|
|
\u003CModule\u003E.AssertInternal(true, (ushort*) &\u003CModule\u003E.\u003F\u003F_C\u0040_1EI\u0040FAPBOFLF\u0040\u003F\u0024AAX\u003F\u0024AAp\u003F\u0024AAq\u003F\u0024AA1\u003F\u0024AA2\u003F\u0024AAL\u003F\u0024AAe\u003F\u0024AAn\u003F\u0024AAg\u003F\u0024AAt\u003F\u0024AAh\u003F\u0024AA\u003F5\u003F\u0024AA\u003F\u0024DN\u003F\u0024AA\u003F\u0024DN\u003F\u0024AA\u003F5\u003F\u0024AAX\u003F\u0024AAp\u003F\u0024AA1\u003F\u0024AAB\u003F\u0024AAy\u003F\u0024AAt\u003F\u0024AAe\u003F\u0024AAA\u003F\u0024AAr\u003F\u0024AAr\u003F\u0024AAa\u003F\u0024AAy\u003F\u0024AA\u003F9\u003F\u0024AA\u003F\u0024DO\u003F\u0024AAL\u003F\u0024AAe\u003F\u0024AAn\u0040, (sbyte*) &\u003CModule\u003E.\u003F\u003F_C\u0040_0CE\u0040EGKBOGOO\u0040Microsoft\u003F2InfoCards\u003F2mcppwrapper\u003F4\u0040, 129, false);
|
|
\u003CModule\u003E.AssertInternal(length2 == Xp2ByteArray.Length, (ushort*) &\u003CModule\u003E.\u003F\u003F_C\u0040_1EI\u0040BNBJOFNC\u0040\u003F\u0024AAX\u003F\u0024AAp\u003F\u0024AAq\u003F\u0024AA1\u003F\u0024AA2\u003F\u0024AAL\u003F\u0024AAe\u003F\u0024AAn\u003F\u0024AAg\u003F\u0024AAt\u003F\u0024AAh\u003F\u0024AA\u003F5\u003F\u0024AA\u003F\u0024DN\u003F\u0024AA\u003F\u0024DN\u003F\u0024AA\u003F5\u003F\u0024AAX\u003F\u0024AAp\u003F\u0024AA2\u003F\u0024AAB\u003F\u0024AAy\u003F\u0024AAt\u003F\u0024AAe\u003F\u0024AAA\u003F\u0024AAr\u003F\u0024AAr\u003F\u0024AAa\u003F\u0024AAy\u003F\u0024AA\u003F9\u003F\u0024AA\u003F\u0024DO\u003F\u0024AAL\u003F\u0024AAe\u003F\u0024AAn\u0040, (sbyte*) &\u003CModule\u003E.\u003F\u003F_C\u0040_0CE\u0040EGKBOGOO\u0040Microsoft\u003F2InfoCards\u003F2mcppwrapper\u003F4\u0040, 130, false);
|
|
\u003CModule\u003E.AssertInternal(length2 == Xq1ByteArray.Length, (ushort*) &\u003CModule\u003E.\u003F\u003F_C\u0040_1EI\u0040PPLFHHPC\u0040\u003F\u0024AAX\u003F\u0024AAp\u003F\u0024AAq\u003F\u0024AA1\u003F\u0024AA2\u003F\u0024AAL\u003F\u0024AAe\u003F\u0024AAn\u003F\u0024AAg\u003F\u0024AAt\u003F\u0024AAh\u003F\u0024AA\u003F5\u003F\u0024AA\u003F\u0024DN\u003F\u0024AA\u003F\u0024DN\u003F\u0024AA\u003F5\u003F\u0024AAX\u003F\u0024AAq\u003F\u0024AA1\u003F\u0024AAB\u003F\u0024AAy\u003F\u0024AAt\u003F\u0024AAe\u003F\u0024AAA\u003F\u0024AAr\u003F\u0024AAr\u003F\u0024AAa\u003F\u0024AAy\u003F\u0024AA\u003F9\u003F\u0024AA\u003F\u0024DO\u003F\u0024AAL\u003F\u0024AAe\u003F\u0024AAn\u0040, (sbyte*) &\u003CModule\u003E.\u003F\u003F_C\u0040_0CE\u0040EGKBOGOO\u0040Microsoft\u003F2InfoCards\u003F2mcppwrapper\u003F4\u0040, 131, false);
|
|
\u003CModule\u003E.AssertInternal(length2 == Xq2ByteArray.Length, (ushort*) &\u003CModule\u003E.\u003F\u003F_C\u0040_1EI\u0040LCFNHHJF\u0040\u003F\u0024AAX\u003F\u0024AAp\u003F\u0024AAq\u003F\u0024AA1\u003F\u0024AA2\u003F\u0024AAL\u003F\u0024AAe\u003F\u0024AAn\u003F\u0024AAg\u003F\u0024AAt\u003F\u0024AAh\u003F\u0024AA\u003F5\u003F\u0024AA\u003F\u0024DN\u003F\u0024AA\u003F\u0024DN\u003F\u0024AA\u003F5\u003F\u0024AAX\u003F\u0024AAq\u003F\u0024AA2\u003F\u0024AAB\u003F\u0024AAy\u003F\u0024AAt\u003F\u0024AAe\u003F\u0024AAA\u003F\u0024AAr\u003F\u0024AAr\u003F\u0024AAa\u003F\u0024AAy\u003F\u0024AA\u003F9\u003F\u0024AA\u003F\u0024DO\u003F\u0024AAL\u003F\u0024AAe\u003F\u0024AAn\u0040, (sbyte*) &\u003CModule\u003E.\u003F\u003F_C\u0040_0CE\u0040EGKBOGOO\u0040Microsoft\u003F2InfoCards\u003F2mcppwrapper\u003F4\u0040, 132, false);
|
|
\u003CModule\u003E.AssertInternal(length3 == XpByteArray.Length, (ushort*) &\u003CModule\u003E.\u003F\u003F_C\u0040_1EC\u0040PNPIPOFH\u0040\u003F\u0024AAX\u003F\u0024AAp\u003F\u0024AAq\u003F\u0024AAL\u003F\u0024AAe\u003F\u0024AAn\u003F\u0024AAg\u003F\u0024AAt\u003F\u0024AAh\u003F\u0024AA\u003F5\u003F\u0024AA\u003F\u0024DN\u003F\u0024AA\u003F\u0024DN\u003F\u0024AA\u003F5\u003F\u0024AAX\u003F\u0024AAp\u003F\u0024AAB\u003F\u0024AAy\u003F\u0024AAt\u003F\u0024AAe\u003F\u0024AAA\u003F\u0024AAr\u003F\u0024AAr\u003F\u0024AAa\u003F\u0024AAy\u003F\u0024AA\u003F9\u003F\u0024AA\u003F\u0024DO\u003F\u0024AAL\u003F\u0024AAe\u003F\u0024AAn\u003F\u0024AAg\u003F\u0024AAt\u003F\u0024AAh\u0040, (sbyte*) &\u003CModule\u003E.\u003F\u003F_C\u0040_0CE\u0040EGKBOGOO\u0040Microsoft\u003F2InfoCards\u003F2mcppwrapper\u003F4\u0040, 133, false);
|
|
\u003CModule\u003E.AssertInternal(length3 == XqByteArray.Length, (ushort*) &\u003CModule\u003E.\u003F\u003F_C\u0040_1EC\u0040HAHAADLF\u0040\u003F\u0024AAX\u003F\u0024AAp\u003F\u0024AAq\u003F\u0024AAL\u003F\u0024AAe\u003F\u0024AAn\u003F\u0024AAg\u003F\u0024AAt\u003F\u0024AAh\u003F\u0024AA\u003F5\u003F\u0024AA\u003F\u0024DN\u003F\u0024AA\u003F\u0024DN\u003F\u0024AA\u003F5\u003F\u0024AAX\u003F\u0024AAq\u003F\u0024AAB\u003F\u0024AAy\u003F\u0024AAt\u003F\u0024AAe\u003F\u0024AAA\u003F\u0024AAr\u003F\u0024AAr\u003F\u0024AAa\u003F\u0024AAy\u003F\u0024AA\u003F9\u003F\u0024AA\u003F\u0024DO\u003F\u0024AAL\u003F\u0024AAe\u003F\u0024AAn\u003F\u0024AAg\u003F\u0024AAt\u003F\u0024AAh\u0040, (sbyte*) &\u003CModule\u003E.\u003F\u003F_C\u0040_0CE\u0040EGKBOGOO\u0040Microsoft\u003F2InfoCards\u003F2mcppwrapper\u003F4\u0040, 134, false);
|
|
IntPtr num1 = IntPtr.Zero;
|
|
IntPtr num2 = IntPtr.Zero;
|
|
IntPtr num3 = IntPtr.Zero;
|
|
IntPtr num4 = IntPtr.Zero;
|
|
IntPtr num5 = IntPtr.Zero;
|
|
IntPtr num6 = IntPtr.Zero;
|
|
RuntimeHelpers.PrepareConstrainedRegions();
|
|
try
|
|
{
|
|
num1 = Marshal.AllocHGlobal(length2);
|
|
num2 = Marshal.AllocHGlobal(length2);
|
|
num3 = Marshal.AllocHGlobal(length2);
|
|
num4 = Marshal.AllocHGlobal(length2);
|
|
num5 = Marshal.AllocHGlobal(length3);
|
|
num6 = Marshal.AllocHGlobal(length3);
|
|
Marshal.Copy(Xp1ByteArray, 0, num1, length2);
|
|
Marshal.Copy(Xp2ByteArray, 0, num2, length2);
|
|
Marshal.Copy(Xq1ByteArray, 0, num3, length2);
|
|
Marshal.Copy(Xq2ByteArray, 0, num4, length2);
|
|
Marshal.Copy(XpByteArray, 0, num5, length3);
|
|
Marshal.Copy(XqByteArray, 0, num6, length3);
|
|
int error = \u003CModule\u003E.InfoCardKeyGenX931((uint) length2, (byte*) num1.ToPointer(), (byte*) num2.ToPointer(), (byte*) num3.ToPointer(), (byte*) num4.ToPointer(), (uint) length3, (byte*) num5.ToPointer(), (byte*) num6.ToPointer(), (uint) publicExponent, &numPtr, &length1, &x931RestartT);
|
|
restartCode = (KeyGenRestartCodes) x931RestartT;
|
|
if (0 == error)
|
|
{
|
|
try
|
|
{
|
|
if (KeyGenRestartCodes.X931RestartNone == restartCode)
|
|
{
|
|
\u003CModule\u003E.AssertInternal(0U != length1, (ushort*) &\u003CModule\u003E.\u003F\u003F_C\u0040_1CE\u0040MDDMNBFC\u0040\u003F\u0024AA0\u003F\u0024AA\u003F5\u003F\u0024AA\u003F\u0024CB\u003F\u0024AA\u003F\u0024DN\u003F\u0024AA\u003F5\u003F\u0024AAc\u003F\u0024AAb\u003F\u0024AAC\u003F\u0024AAr\u003F\u0024AAy\u003F\u0024AAp\u003F\u0024AAt\u003F\u0024AAo\u003F\u0024AAB\u003F\u0024AAl\u003F\u0024AAo\u003F\u0024AAb\u003F\u0024AA\u003F\u0024AA\u0040, (sbyte*) &\u003CModule\u003E.\u003F\u003F_C\u0040_0CE\u0040EGKBOGOO\u0040Microsoft\u003F2InfoCards\u003F2mcppwrapper\u003F4\u0040, 193, false);
|
|
destination = new byte[(int) length1];
|
|
Marshal.Copy(new IntPtr((void*) numPtr), destination, 0, (int) length1);
|
|
}
|
|
else
|
|
\u003CModule\u003E.AssertInternal(0U == length1, (ushort*) &\u003CModule\u003E.\u003F\u003F_C\u0040_1CE\u0040EMPLJBMF\u0040\u003F\u0024AA0\u003F\u0024AA\u003F5\u003F\u0024AA\u003F\u0024DN\u003F\u0024AA\u003F\u0024DN\u003F\u0024AA\u003F5\u003F\u0024AAc\u003F\u0024AAb\u003F\u0024AAC\u003F\u0024AAr\u003F\u0024AAy\u003F\u0024AAp\u003F\u0024AAt\u003F\u0024AAo\u003F\u0024AAB\u003F\u0024AAl\u003F\u0024AAo\u003F\u0024AAb\u003F\u0024AA\u003F\u0024AA\u0040, (sbyte*) &\u003CModule\u003E.\u003F\u003F_C\u0040_0CE\u0040EGKBOGOO\u0040Microsoft\u003F2InfoCards\u003F2mcppwrapper\u003F4\u0040, 203, false);
|
|
}
|
|
finally
|
|
{
|
|
\u003CModule\u003E.InfoCardKeyGenZeroAndFree(numPtr, length1);
|
|
}
|
|
return destination;
|
|
}
|
|
\u003CModule\u003E.AssertInternal(0U == length1, (ushort*) &\u003CModule\u003E.\u003F\u003F_C\u0040_1CE\u0040EMPLJBMF\u0040\u003F\u0024AA0\u003F\u0024AA\u003F5\u003F\u0024AA\u003F\u0024DN\u003F\u0024AA\u003F\u0024DN\u003F\u0024AA\u003F5\u003F\u0024AAc\u003F\u0024AAb\u003F\u0024AAC\u003F\u0024AAr\u003F\u0024AAy\u003F\u0024AAp\u003F\u0024AAt\u003F\u0024AAo\u003F\u0024AAB\u003F\u0024AAl\u003F\u0024AAo\u003F\u0024AAb\u003F\u0024AA\u003F\u0024AA\u0040, (sbyte*) &\u003CModule\u003E.\u003F\u003F_C\u0040_0CE\u0040EGKBOGOO\u0040Microsoft\u003F2InfoCards\u003F2mcppwrapper\u003F4\u0040, 218, false);
|
|
throw new Win32Exception(error);
|
|
}
|
|
finally
|
|
{
|
|
if (IntPtr.Zero != num1)
|
|
{
|
|
uint num7 = (uint) length2;
|
|
sbyte* pointer = (sbyte*) num1.ToPointer();
|
|
if (length2 != 0)
|
|
{
|
|
do
|
|
{
|
|
*pointer = (sbyte) 0;
|
|
++pointer;
|
|
--num7;
|
|
}
|
|
while (num7 != 0U);
|
|
}
|
|
Marshal.FreeHGlobal(num1);
|
|
}
|
|
if (IntPtr.Zero != num2)
|
|
{
|
|
uint num8 = (uint) length2;
|
|
sbyte* pointer = (sbyte*) num2.ToPointer();
|
|
if (length2 != 0)
|
|
{
|
|
do
|
|
{
|
|
*pointer = (sbyte) 0;
|
|
++pointer;
|
|
--num8;
|
|
}
|
|
while (num8 != 0U);
|
|
}
|
|
Marshal.FreeHGlobal(num2);
|
|
}
|
|
if (IntPtr.Zero != num3)
|
|
{
|
|
uint num9 = (uint) length2;
|
|
sbyte* pointer = (sbyte*) num3.ToPointer();
|
|
if (length2 != 0)
|
|
{
|
|
do
|
|
{
|
|
*pointer = (sbyte) 0;
|
|
++pointer;
|
|
--num9;
|
|
}
|
|
while (num9 != 0U);
|
|
}
|
|
Marshal.FreeHGlobal(num3);
|
|
}
|
|
if (IntPtr.Zero != num4)
|
|
{
|
|
uint num10 = (uint) length2;
|
|
sbyte* pointer = (sbyte*) num4.ToPointer();
|
|
if (length2 != 0)
|
|
{
|
|
do
|
|
{
|
|
*pointer = (sbyte) 0;
|
|
++pointer;
|
|
--num10;
|
|
}
|
|
while (num10 != 0U);
|
|
}
|
|
Marshal.FreeHGlobal(num4);
|
|
}
|
|
if (IntPtr.Zero != num5)
|
|
{
|
|
uint num11 = (uint) length3;
|
|
sbyte* pointer = (sbyte*) num5.ToPointer();
|
|
if (length3 != 0)
|
|
{
|
|
do
|
|
{
|
|
*pointer = (sbyte) 0;
|
|
++pointer;
|
|
--num11;
|
|
}
|
|
while (num11 != 0U);
|
|
}
|
|
Marshal.FreeHGlobal(num5);
|
|
}
|
|
if (IntPtr.Zero != num6)
|
|
{
|
|
uint num12 = (uint) length3;
|
|
sbyte* pointer = (sbyte*) num6.ToPointer();
|
|
if (length3 != 0)
|
|
{
|
|
do
|
|
{
|
|
*pointer = (sbyte) 0;
|
|
++pointer;
|
|
--num12;
|
|
}
|
|
while (num12 != 0U);
|
|
}
|
|
Marshal.FreeHGlobal(num6);
|
|
}
|
|
}
|
|
}
|
|
|
|
public static unsafe uint InfoCardStartRpcServerWrapper(
|
|
string uiAgentFullPath,
|
|
IntPtr rpcCallbacks)
|
|
{
|
|
IntPtr hglobal = IntPtr.Zero;
|
|
try
|
|
{
|
|
hglobal = Marshal.StringToHGlobalUni(uiAgentFullPath);
|
|
return \u003CModule\u003E.InfoCardStartRpcServer((ushort*) hglobal.ToPointer(), (_RPCCALLBACKS*) rpcCallbacks.ToPointer());
|
|
}
|
|
finally
|
|
{
|
|
if (IntPtr.Zero != hglobal)
|
|
{
|
|
Marshal.FreeHGlobal(hglobal);
|
|
IntPtr zero = IntPtr.Zero;
|
|
}
|
|
}
|
|
}
|
|
|
|
public static uint InfoCardStopRpcServerWrapper() => \u003CModule\u003E.InfoCardStopRpcServer();
|
|
|
|
public static uint AdjustPrivilegesWrapper([MarshalAs(UnmanagedType.U1)] bool isTabletPC) => \u003CModule\u003E.AdjustPrivileges(isTabletPC);
|
|
|
|
public static unsafe uint CreateAndWaitForFileOpenDialogWrapper(
|
|
string arguments,
|
|
WindowsIdentity callerIdentity,
|
|
uint userProcessPid,
|
|
ref string fileName)
|
|
{
|
|
uint openDialogWrapper = 0;
|
|
IntPtr hglobal1 = IntPtr.Zero;
|
|
IntPtr hglobal2 = IntPtr.Zero;
|
|
try
|
|
{
|
|
hglobal1 = Marshal.StringToHGlobalUni(arguments);
|
|
hglobal2 = Marshal.StringToHGlobalUni(callerIdentity.Name);
|
|
\u0024ArrayType\u0024\u0024\u0024BY0BAE\u0040G arrayTypeBy0BaeG;
|
|
// ISSUE: cast to a reference type
|
|
// ISSUE: explicit reference operation
|
|
^(short&) ref arrayTypeBy0BaeG = (short) 0;
|
|
// ISSUE: cast to a reference type
|
|
// ISSUE: initblk instruction
|
|
__memset((\u0024ArrayType\u0024\u0024\u0024BY0BAE\u0040G&) ((IntPtr) &arrayTypeBy0BaeG + 2), 0, 518);
|
|
IntPtr token = callerIdentity.Token;
|
|
openDialogWrapper = \u003CModule\u003E.CreateAndWaitForFileOpenDialog((ushort*) hglobal1.ToPointer(), token.ToPointer(), userProcessPid, (ushort*) hglobal2.ToPointer(), (ushort*) &arrayTypeBy0BaeG);
|
|
fileName = 0U != openDialogWrapper ? "" : new string((char*) &arrayTypeBy0BaeG);
|
|
}
|
|
finally
|
|
{
|
|
if (IntPtr.Zero != hglobal2)
|
|
{
|
|
Marshal.FreeHGlobal(hglobal2);
|
|
IntPtr zero = IntPtr.Zero;
|
|
}
|
|
if (IntPtr.Zero != hglobal1)
|
|
{
|
|
Marshal.FreeHGlobal(hglobal1);
|
|
IntPtr zero = IntPtr.Zero;
|
|
}
|
|
}
|
|
return openDialogWrapper;
|
|
}
|
|
|
|
public static unsafe uint CreateProcessAsUserHelperWrapper(
|
|
string application,
|
|
string commandLine,
|
|
uint userProcessPid,
|
|
string desktop,
|
|
string userName,
|
|
ref int pid)
|
|
{
|
|
uint userHelperWrapper = 0;
|
|
IntPtr hglobal1 = IntPtr.Zero;
|
|
IntPtr hglobal2 = IntPtr.Zero;
|
|
IntPtr hglobal3 = IntPtr.Zero;
|
|
IntPtr hglobal4 = IntPtr.Zero;
|
|
void* voidPtr = (void*) 0;
|
|
try
|
|
{
|
|
hglobal1 = Marshal.StringToHGlobalUni(application);
|
|
hglobal2 = Marshal.StringToHGlobalUni(commandLine);
|
|
hglobal3 = Marshal.StringToHGlobalUni(desktop);
|
|
hglobal4 = Marshal.StringToHGlobalUni(userName);
|
|
uint num = 0;
|
|
userHelperWrapper = \u003CModule\u003E.CreateProcessAsUserHelper((ushort*) hglobal1.ToPointer(), (ushort*) hglobal2.ToPointer(), userProcessPid, (ushort*) hglobal3.ToPointer(), (ushort*) hglobal4.ToPointer(), &voidPtr, &num);
|
|
pid = (int) num;
|
|
}
|
|
finally
|
|
{
|
|
if (IntPtr.Zero != hglobal1)
|
|
{
|
|
Marshal.FreeHGlobal(hglobal1);
|
|
IntPtr zero = IntPtr.Zero;
|
|
}
|
|
if (IntPtr.Zero != hglobal2)
|
|
{
|
|
Marshal.FreeHGlobal(hglobal2);
|
|
IntPtr zero = IntPtr.Zero;
|
|
}
|
|
if (IntPtr.Zero != hglobal3)
|
|
{
|
|
Marshal.FreeHGlobal(hglobal3);
|
|
IntPtr zero = IntPtr.Zero;
|
|
}
|
|
if (IntPtr.Zero != hglobal4)
|
|
{
|
|
Marshal.FreeHGlobal(hglobal4);
|
|
IntPtr zero = IntPtr.Zero;
|
|
}
|
|
if (IntPtr.Zero != (IntPtr) voidPtr)
|
|
\u003CModule\u003E.CloseHandle(voidPtr);
|
|
}
|
|
return userHelperWrapper;
|
|
}
|
|
|
|
public static unsafe string GetLocalDataPath(WindowsIdentity identity)
|
|
{
|
|
\u0024ArrayType\u0024\u0024\u0024BY0BAE\u0040G arrayTypeBy0BaeG;
|
|
// ISSUE: initblk instruction
|
|
__memset(ref arrayTypeBy0BaeG, 0, 520);
|
|
int folderPathW = \u003CModule\u003E.SHGetFolderPathW((HWND__*) 0, 28, identity.Token.ToPointer(), 0U, (ushort*) &arrayTypeBy0BaeG);
|
|
if (folderPathW < 0)
|
|
throw new Win32Exception(folderPathW);
|
|
return new string((char*) &arrayTypeBy0BaeG);
|
|
}
|
|
|
|
public static unsafe WindowsIdentity CreateServiceExecutionIdentity(
|
|
Process callingProcess)
|
|
{
|
|
WindowsIdentity identity = (WindowsIdentity) null;
|
|
void* voidPtr = (void*) 0;
|
|
RuntimeHelpers.PrepareConstrainedRegions();
|
|
try
|
|
{
|
|
}
|
|
finally
|
|
{
|
|
if (\u003CModule\u003E.OpenProcessToken(callingProcess.Handle.ToPointer(), 14U, &voidPtr) == 0)
|
|
throw new Win32Exception((int) \u003CModule\u003E.GetLastError());
|
|
try
|
|
{
|
|
identity = new WindowsIdentity(new IntPtr(voidPtr));
|
|
if (NativeMcppMethods.IsLowIntegrityIdentity(identity))
|
|
identity = NativeMcppMethods.CreateMediumIntegrityIdentity(identity);
|
|
}
|
|
finally
|
|
{
|
|
\u003CModule\u003E.CloseHandle(voidPtr);
|
|
}
|
|
}
|
|
return identity;
|
|
}
|
|
|
|
[return: MarshalAs(UnmanagedType.U1)]
|
|
public static unsafe bool IsTokenValid(Process callingProcess)
|
|
{
|
|
void* voidPtr = (void*) 0;
|
|
if (\u003CModule\u003E.OpenProcessToken(callingProcess.Handle.ToPointer(), 14U, &voidPtr) == 0)
|
|
throw new Win32Exception((int) \u003CModule\u003E.GetLastError());
|
|
try
|
|
{
|
|
_TOKEN_STATISTICS tokenStatistics;
|
|
// ISSUE: cast to a reference type
|
|
// ISSUE: explicit reference operation
|
|
^(int&) ref tokenStatistics = 0;
|
|
// ISSUE: cast to a reference type
|
|
// ISSUE: initblk instruction
|
|
__memset((_TOKEN_STATISTICS&) ((IntPtr) &tokenStatistics + 4), 0, 52);
|
|
uint num1 = 0;
|
|
if (\u003CModule\u003E.GetTokenInformation(voidPtr, (_TOKEN_INFORMATION_CLASS) 10, (void*) &tokenStatistics, 56U, &num1) == 0)
|
|
throw new Win32Exception((int) \u003CModule\u003E.GetLastError());
|
|
_SECURITY_LOGON_SESSION_DATA* logonSessionDataPtr = (_SECURITY_LOGON_SESSION_DATA*) 0;
|
|
if (0 != \u003CModule\u003E.LsaGetLogonSessionData((_LUID*) ((IntPtr) &tokenStatistics + 8), &logonSessionDataPtr))
|
|
throw new Win32Exception((int) \u003CModule\u003E.GetLastError());
|
|
uint num2 = (uint) *(int*) ((IntPtr) logonSessionDataPtr + 36);
|
|
\u003CModule\u003E.LsaFreeReturnBuffer((void*) logonSessionDataPtr);
|
|
return 9U != num2;
|
|
}
|
|
finally
|
|
{
|
|
\u003CModule\u003E.CloseHandle(voidPtr);
|
|
}
|
|
}
|
|
|
|
public static unsafe uint CreateProcessAsTrustedUserWrapper(
|
|
string application,
|
|
string commandLine,
|
|
uint userProcessPid,
|
|
string pDesktop,
|
|
string pUserName,
|
|
uint userSessionId,
|
|
ref IntPtr trustedUserToken,
|
|
ref IntPtr processHandle,
|
|
ref int pid,
|
|
IntPtr jobHandle,
|
|
ref string trustedUserSid,
|
|
[MarshalAs(UnmanagedType.U1)] bool fElevateToken)
|
|
{
|
|
uint trustedUserWrapper = 0;
|
|
IntPtr hglobal1 = IntPtr.Zero;
|
|
IntPtr hglobal2 = IntPtr.Zero;
|
|
IntPtr hglobal3 = IntPtr.Zero;
|
|
IntPtr hglobal4 = IntPtr.Zero;
|
|
IntPtr hglobal5 = IntPtr.Zero;
|
|
void* voidPtr1 = (void*) 0;
|
|
void* voidPtr2 = (void*) 0;
|
|
try
|
|
{
|
|
hglobal1 = Marshal.StringToHGlobalUni(application);
|
|
hglobal2 = Marshal.StringToHGlobalUni(commandLine);
|
|
hglobal3 = Marshal.StringToHGlobalUni(pDesktop);
|
|
hglobal4 = Marshal.StringToHGlobalUni(pUserName);
|
|
uint num1 = 0;
|
|
void* voidPtr3 = (void*) 0;
|
|
void* hCurrentToken = (void*) 0;
|
|
void* voidPtr4 = (void*) 0;
|
|
if (IntPtr.Zero != trustedUserToken)
|
|
hCurrentToken = trustedUserToken.ToPointer();
|
|
if (IntPtr.Zero != jobHandle)
|
|
voidPtr4 = jobHandle.ToPointer();
|
|
if (!string.IsNullOrEmpty(trustedUserSid))
|
|
{
|
|
hglobal5 = Marshal.StringToHGlobalUni(trustedUserSid);
|
|
if (0 == \u003CModule\u003E.ConvertStringSidToSidW((ushort*) hglobal5.ToPointer(), &voidPtr1))
|
|
trustedUserWrapper = \u003CModule\u003E.GetLastError();
|
|
}
|
|
if (fElevateToken)
|
|
{
|
|
voidPtr2 = NativeMcppMethods.CreateHighIntegrityToken(hCurrentToken);
|
|
\u003CModule\u003E.AssertInternal((IntPtr) voidPtr2 != IntPtr.Zero, (ushort*) &\u003CModule\u003E.\u003F\u003F_C\u0040_1BO\u0040IGNPGJKB\u0040\u003F\u0024AAh\u003F\u0024AAE\u003F\u0024AAl\u003F\u0024AAe\u003F\u0024AAv\u003F\u0024AAa\u003F\u0024AAt\u003F\u0024AAe\u003F\u0024AAd\u003F\u0024AAT\u003F\u0024AAo\u003F\u0024AAk\u003F\u0024AAe\u003F\u0024AAn\u003F\u0024AA\u003F\u0024AA\u0040, (sbyte*) &\u003CModule\u003E.\u003F\u003F_C\u0040_0CE\u0040EGKBOGOO\u0040Microsoft\u003F2InfoCards\u003F2mcppwrapper\u003F4\u0040, 685, false);
|
|
}
|
|
if (0U == trustedUserWrapper)
|
|
{
|
|
void** voidPtr5 = (IntPtr) voidPtr2 == IntPtr.Zero ? &hCurrentToken : &voidPtr2;
|
|
trustedUserWrapper = \u003CModule\u003E.CreateProcessAsTrustedUser((ushort*) hglobal1.ToPointer(), (ushort*) hglobal2.ToPointer(), userProcessPid, (ushort*) hglobal3.ToPointer(), (ushort*) hglobal4.ToPointer(), userSessionId, voidPtr5, &voidPtr3, &num1, voidPtr4, &voidPtr1);
|
|
if (0U == trustedUserWrapper)
|
|
{
|
|
IntPtr num2 = new IntPtr(voidPtr3);
|
|
processHandle = num2;
|
|
IntPtr num3 = new IntPtr(hCurrentToken);
|
|
trustedUserToken = num3;
|
|
pid = (int) num1;
|
|
}
|
|
}
|
|
}
|
|
finally
|
|
{
|
|
if (IntPtr.Zero != hglobal1)
|
|
{
|
|
Marshal.FreeHGlobal(hglobal1);
|
|
IntPtr zero = IntPtr.Zero;
|
|
}
|
|
if (IntPtr.Zero != hglobal2)
|
|
{
|
|
Marshal.FreeHGlobal(hglobal2);
|
|
IntPtr zero = IntPtr.Zero;
|
|
}
|
|
if (IntPtr.Zero != hglobal3)
|
|
{
|
|
Marshal.FreeHGlobal(hglobal3);
|
|
IntPtr zero = IntPtr.Zero;
|
|
}
|
|
if (IntPtr.Zero != hglobal4)
|
|
{
|
|
Marshal.FreeHGlobal(hglobal4);
|
|
IntPtr zero = IntPtr.Zero;
|
|
}
|
|
if (IntPtr.Zero != hglobal5)
|
|
{
|
|
Marshal.FreeHGlobal(hglobal5);
|
|
IntPtr zero = IntPtr.Zero;
|
|
}
|
|
if (IntPtr.Zero != (IntPtr) voidPtr1)
|
|
{
|
|
ushort* numPtr = (ushort*) 0;
|
|
if (string.IsNullOrEmpty(trustedUserSid) && \u003CModule\u003E.ConvertSidToStringSidW(voidPtr1, &numPtr) != 0)
|
|
{
|
|
IntPtr ptr = new IntPtr((void*) numPtr);
|
|
trustedUserSid = Marshal.PtrToStringUni(ptr);
|
|
}
|
|
\u003CModule\u003E.LocalFree(voidPtr1);
|
|
}
|
|
if (IntPtr.Zero != (IntPtr) voidPtr2)
|
|
\u003CModule\u003E.CloseHandle(voidPtr2);
|
|
}
|
|
return trustedUserWrapper;
|
|
}
|
|
|
|
public static unsafe uint CreateJobObjectWithSD(ref IntPtr jobHandle, string trustedUserSid)
|
|
{
|
|
uint jobObjectWithSd = 0;
|
|
IntPtr hglobal = IntPtr.Zero;
|
|
void* voidPtr1 = (void*) 0;
|
|
void* voidPtr2 = (void*) 0;
|
|
try
|
|
{
|
|
if (!string.IsNullOrEmpty(trustedUserSid))
|
|
{
|
|
hglobal = Marshal.StringToHGlobalUni(trustedUserSid);
|
|
if (0 == \u003CModule\u003E.ConvertStringSidToSidW((ushort*) hglobal.ToPointer(), &voidPtr1))
|
|
{
|
|
jobObjectWithSd = \u003CModule\u003E.GetLastError();
|
|
if (0U != jobObjectWithSd)
|
|
goto label_11;
|
|
}
|
|
}
|
|
jobObjectWithSd = \u003CModule\u003E.CreateJobObjectHelper(&voidPtr2, voidPtr1);
|
|
if (0U == jobObjectWithSd)
|
|
{
|
|
IntPtr num = new IntPtr(voidPtr2);
|
|
jobHandle = num;
|
|
}
|
|
}
|
|
finally
|
|
{
|
|
if (IntPtr.Zero != hglobal)
|
|
{
|
|
Marshal.FreeHGlobal(hglobal);
|
|
IntPtr zero = IntPtr.Zero;
|
|
}
|
|
if (IntPtr.Zero != (IntPtr) voidPtr1)
|
|
\u003CModule\u003E.LocalFree(voidPtr1);
|
|
}
|
|
label_11:
|
|
return jobObjectWithSd;
|
|
}
|
|
|
|
public static unsafe IntPtr RpcCryptoOpen(string portName)
|
|
{
|
|
string s = (string) null;
|
|
IntPtr hglobal1 = IntPtr.Zero;
|
|
IntPtr hglobal2 = IntPtr.Zero;
|
|
void* voidPtr = (void*) 0;
|
|
ushort* numPtr = (ushort*) 0;
|
|
try
|
|
{
|
|
hglobal1 = Marshal.StringToHGlobalUni(portName);
|
|
int error1 = \u003CModule\u003E.RpcStringBindingComposeW((ushort*) 0, \u003CModule\u003E.g_lrpcProtocolSequence, (ushort*) 0, (ushort*) hglobal1.ToPointer(), (ushort*) 0, &numPtr);
|
|
if (0 != error1)
|
|
throw new Win32Exception(error1);
|
|
int error2 = \u003CModule\u003E.RpcBindingFromStringBindingW(numPtr, &voidPtr);
|
|
if (0 != error2)
|
|
throw new Win32Exception(error2);
|
|
hglobal2 = Marshal.StringToHGlobalUni(s);
|
|
int error3 = \u003CModule\u003E.RpcBindingSetAuthInfoW(voidPtr, (ushort*) 0, 6U, 10U, (void*) 0, 0U);
|
|
if (0 != error3)
|
|
throw new Win32Exception(error3);
|
|
return new IntPtr(voidPtr);
|
|
}
|
|
catch (SEHException ex)
|
|
{
|
|
throw new Win32Exception(-2147467259);
|
|
}
|
|
finally
|
|
{
|
|
if (IntPtr.Zero != (IntPtr) numPtr)
|
|
\u003CModule\u003E.RpcStringFreeW(&numPtr);
|
|
if (IntPtr.Zero != hglobal1)
|
|
{
|
|
Marshal.FreeHGlobal(hglobal1);
|
|
IntPtr zero = IntPtr.Zero;
|
|
}
|
|
if (IntPtr.Zero != hglobal2)
|
|
Marshal.FreeHGlobal(hglobal2);
|
|
}
|
|
}
|
|
|
|
public static unsafe void RpcCryptoClose(IntPtr hIdl, string contextKey)
|
|
{
|
|
IntPtr hglobal = IntPtr.Zero;
|
|
try
|
|
{
|
|
hglobal = Marshal.StringToHGlobalUni(contextKey);
|
|
\u003CModule\u003E.RpcCryptoCloseContext(hIdl.ToPointer(), (ushort*) hglobal.ToPointer());
|
|
\u003CModule\u003E.RpcBindingFree(&hIdl.ToPointer());
|
|
}
|
|
catch (SEHException ex)
|
|
{
|
|
throw new Win32Exception(-2147467259);
|
|
}
|
|
finally
|
|
{
|
|
if (IntPtr.Zero != hglobal)
|
|
{
|
|
Marshal.FreeHGlobal(hglobal);
|
|
IntPtr zero = IntPtr.Zero;
|
|
}
|
|
}
|
|
}
|
|
|
|
public static unsafe byte[] RpcCryptoDispatchRequest(
|
|
IntPtr hIdl,
|
|
string contextKey,
|
|
string requestName,
|
|
byte[] buffer,
|
|
int index,
|
|
int length)
|
|
{
|
|
IntPtr hglobal1 = IntPtr.Zero;
|
|
IntPtr hglobal2 = IntPtr.Zero;
|
|
IntPtr hglobal3 = IntPtr.Zero;
|
|
_RPC_REQUEST rpcRequest;
|
|
// ISSUE: initblk instruction
|
|
__memset(ref rpcRequest, 0, 12);
|
|
_RPC_RESPONSE* rpcResponsePtr1 = (_RPC_RESPONSE*) 0;
|
|
try
|
|
{
|
|
hglobal2 = Marshal.StringToHGlobalUni(contextKey);
|
|
hglobal1 = Marshal.StringToHGlobalUni(requestName);
|
|
IntPtr destination1 = Marshal.AllocHGlobal(length);
|
|
hglobal3 = destination1;
|
|
Marshal.Copy(buffer, 0, destination1, length);
|
|
// ISSUE: cast to a reference type
|
|
// ISSUE: explicit reference operation
|
|
^(int&) ((IntPtr) &rpcRequest + 8) = (int) hglobal3.ToPointer();
|
|
// ISSUE: cast to a reference type
|
|
// ISSUE: explicit reference operation
|
|
^(int&) ((IntPtr) &rpcRequest + 4) = length;
|
|
// ISSUE: cast to a reference type
|
|
// ISSUE: explicit reference operation
|
|
^(int&) ref rpcRequest = (int) hglobal1.ToPointer();
|
|
int error = \u003CModule\u003E.RpcCryptoDispatchRequest(hIdl.ToPointer(), (ushort*) hglobal2.ToPointer(), &rpcRequest, &rpcResponsePtr1);
|
|
if (error < 0)
|
|
throw new Win32Exception(error);
|
|
if (IntPtr.Zero == (IntPtr) rpcResponsePtr1)
|
|
throw new Win32Exception(87);
|
|
int length1 = *(int*) rpcResponsePtr1;
|
|
byte[] destination2 = new byte[length1];
|
|
_RPC_RESPONSE* rpcResponsePtr2 = (_RPC_RESPONSE*) ((IntPtr) rpcResponsePtr1 + 4);
|
|
if (*(int*) rpcResponsePtr2 != 0)
|
|
Marshal.Copy(new IntPtr((void*) *(int*) rpcResponsePtr2), destination2, 0, *(int*) rpcResponsePtr1);
|
|
else if (length1 > 0)
|
|
throw new Win32Exception(87);
|
|
return destination2;
|
|
}
|
|
catch (SEHException ex)
|
|
{
|
|
throw new Win32Exception(-2147467259);
|
|
}
|
|
finally
|
|
{
|
|
if (IntPtr.Zero != hglobal2)
|
|
{
|
|
Marshal.FreeHGlobal(hglobal2);
|
|
IntPtr zero = IntPtr.Zero;
|
|
}
|
|
if (IntPtr.Zero != hglobal1)
|
|
{
|
|
Marshal.FreeHGlobal(hglobal1);
|
|
IntPtr zero = IntPtr.Zero;
|
|
}
|
|
if (IntPtr.Zero != hglobal3)
|
|
{
|
|
Marshal.FreeHGlobal(hglobal3);
|
|
IntPtr zero = IntPtr.Zero;
|
|
}
|
|
if (IntPtr.Zero != (IntPtr) rpcResponsePtr1)
|
|
{
|
|
_RPC_RESPONSE* rpcResponsePtr3 = (_RPC_RESPONSE*) ((IntPtr) rpcResponsePtr1 + 4);
|
|
if (*(int*) rpcResponsePtr3 != 0)
|
|
\u003CModule\u003E.MIDL_user_free((void*) *(int*) rpcResponsePtr3);
|
|
\u003CModule\u003E.MIDL_user_free((void*) rpcResponsePtr1);
|
|
}
|
|
}
|
|
}
|
|
|
|
public static unsafe int CryptAlgIdFromOid(string strOid)
|
|
{
|
|
if (string.IsNullOrEmpty(strOid))
|
|
return 32772;
|
|
string s = CryptoConfig.MapNameToOID(strOid);
|
|
if (string.IsNullOrEmpty(s))
|
|
s = strOid;
|
|
IntPtr hglobalAnsi = Marshal.StringToHGlobalAnsi(s);
|
|
try
|
|
{
|
|
_CRYPT_OID_INFO* oidInfo = \u003CModule\u003E.CryptFindOIDInfo(1U, hglobalAnsi.ToPointer(), 0U);
|
|
if (IntPtr.Zero == (IntPtr) oidInfo)
|
|
throw new Win32Exception(-2147467259);
|
|
return *(int*) ((IntPtr) oidInfo + 16);
|
|
}
|
|
finally
|
|
{
|
|
if (IntPtr.Zero != hglobalAnsi)
|
|
Marshal.FreeHGlobal(hglobalAnsi);
|
|
}
|
|
}
|
|
|
|
[return: MarshalAs(UnmanagedType.U1)]
|
|
public static unsafe bool GetHighAssuranceFlags(IntPtr pcertchaincontext, ref int haFlags)
|
|
{
|
|
uint num = 0;
|
|
haFlags = 0;
|
|
byte highAssuranceFlags;
|
|
if (!(IntPtr.Zero == pcertchaincontext) && \u003CModule\u003E.SetHighAssuranceFlags((_CERT_CHAIN_CONTEXT*) pcertchaincontext.ToPointer(), &num) != 0)
|
|
{
|
|
haFlags = (int) num;
|
|
highAssuranceFlags = (byte) 1;
|
|
}
|
|
else
|
|
highAssuranceFlags = (byte) 0;
|
|
return (bool) highAssuranceFlags;
|
|
}
|
|
|
|
public static unsafe int VerifyTrust(string fileName)
|
|
{
|
|
IntPtr hglobal = IntPtr.Zero;
|
|
try
|
|
{
|
|
hglobal = Marshal.StringToHGlobalUni(fileName);
|
|
return (int) \u003CModule\u003E.VerifyTrust((ushort*) hglobal.ToPointer());
|
|
}
|
|
finally
|
|
{
|
|
if (IntPtr.Zero != hglobal)
|
|
{
|
|
Marshal.FreeHGlobal(hglobal);
|
|
IntPtr zero = IntPtr.Zero;
|
|
}
|
|
}
|
|
}
|
|
|
|
public static unsafe void CheckSIDAgainstCurrentRpcUser(string strSid)
|
|
{
|
|
IntPtr hglobal = IntPtr.Zero;
|
|
void* voidPtr = (void*) 0;
|
|
int num1 = 0;
|
|
int num2 = 0;
|
|
try
|
|
{
|
|
hglobal = Marshal.StringToHGlobalUni(strSid);
|
|
if (\u003CModule\u003E.ConvertStringSidToSidW((ushort*) hglobal.ToPointer(), &voidPtr) == 0)
|
|
throw new Win32Exception((int) \u003CModule\u003E.GetLastError());
|
|
if (0 != \u003CModule\u003E.RpcImpersonateClient((void*) 0))
|
|
throw new SecurityException();
|
|
num2 = 1;
|
|
if (\u003CModule\u003E.CheckTokenMembership((void*) 0, voidPtr, &num1) == 0)
|
|
throw new Win32Exception((int) \u003CModule\u003E.GetLastError());
|
|
if (num1 == 0)
|
|
throw new SecurityException();
|
|
}
|
|
finally
|
|
{
|
|
if (num2 != 0 && \u003CModule\u003E.RevertToSelf() == 0)
|
|
throw new InvalidOperationException();
|
|
if (IntPtr.Zero != hglobal)
|
|
{
|
|
Marshal.FreeHGlobal(hglobal);
|
|
IntPtr zero = IntPtr.Zero;
|
|
}
|
|
if (IntPtr.Zero != (IntPtr) voidPtr)
|
|
\u003CModule\u003E.LocalFree(voidPtr);
|
|
}
|
|
}
|
|
|
|
[return: MarshalAs(UnmanagedType.U1)]
|
|
public static unsafe bool IsOsVistaOrGreater()
|
|
{
|
|
_OSVERSIONINFOW osversioninfow;
|
|
// ISSUE: cast to a reference type
|
|
// ISSUE: explicit reference operation
|
|
^(int&) ref osversioninfow = 276;
|
|
// ISSUE: cast to a reference type
|
|
// ISSUE: initblk instruction
|
|
__memset((_OSVERSIONINFOW&) ((IntPtr) &osversioninfow + 4), 0, 272);
|
|
if (\u003CModule\u003E.GetVersionExW(&osversioninfow) == 0)
|
|
throw new Win32Exception((int) \u003CModule\u003E.GetLastError());
|
|
// ISSUE: cast to a reference type
|
|
// ISSUE: explicit reference operation
|
|
return (uint) ^(int&) ((IntPtr) &osversioninfow + 4) >= 6U;
|
|
}
|
|
|
|
[return: MarshalAs(UnmanagedType.U1)]
|
|
public static unsafe bool IsLowIntegrityIdentity(WindowsIdentity identity)
|
|
{
|
|
bool flag = false;
|
|
_OSVERSIONINFOW osversioninfow;
|
|
// ISSUE: cast to a reference type
|
|
// ISSUE: explicit reference operation
|
|
^(int&) ref osversioninfow = 276;
|
|
// ISSUE: cast to a reference type
|
|
// ISSUE: initblk instruction
|
|
__memset((_OSVERSIONINFOW&) ((IntPtr) &osversioninfow + 4), 0, 272);
|
|
if (\u003CModule\u003E.GetVersionExW(&osversioninfow) == 0)
|
|
throw new Win32Exception((int) \u003CModule\u003E.GetLastError());
|
|
// ISSUE: cast to a reference type
|
|
// ISSUE: explicit reference operation
|
|
if (((uint) ^(int&) ((IntPtr) &osversioninfow + 4) >= 6U ? 1 : 0) != 0)
|
|
{
|
|
_TOKEN_MANDATORY_LABEL* tokenMandatoryLabelPtr = (_TOKEN_MANDATORY_LABEL*) 0;
|
|
void* voidPtr = (void*) 0;
|
|
uint num1 = 0;
|
|
uint num2 = 0;
|
|
RuntimeHelpers.PrepareConstrainedRegions();
|
|
try
|
|
{
|
|
}
|
|
finally
|
|
{
|
|
try
|
|
{
|
|
if (\u003CModule\u003E.GetTokenInformation(identity.Token.ToPointer(), (_TOKEN_INFORMATION_CLASS) 25, (void*) 0, 0U, &num1) == 0)
|
|
{
|
|
uint lastError = \u003CModule\u003E.GetLastError();
|
|
if (122U != lastError)
|
|
throw new Win32Exception((int) lastError);
|
|
tokenMandatoryLabelPtr = (_TOKEN_MANDATORY_LABEL*) \u003CModule\u003E.LocalAlloc(64U, num1);
|
|
if ((IntPtr) tokenMandatoryLabelPtr == IntPtr.Zero)
|
|
throw new OutOfMemoryException();
|
|
}
|
|
if (\u003CModule\u003E.GetTokenInformation(identity.Token.ToPointer(), (_TOKEN_INFORMATION_CLASS) 25, (void*) tokenMandatoryLabelPtr, num1, &num1) == 0)
|
|
throw new Win32Exception((int) \u003CModule\u003E.GetLastError());
|
|
if (\u003CModule\u003E.CreateWellKnownSid((WELL_KNOWN_SID_TYPE) 66, (void*) 0, (void*) 0, &num2) == 0)
|
|
{
|
|
uint lastError = \u003CModule\u003E.GetLastError();
|
|
if (122U != lastError)
|
|
throw new Win32Exception((int) lastError);
|
|
voidPtr = \u003CModule\u003E.LocalAlloc(64U, num2);
|
|
if ((IntPtr) voidPtr == IntPtr.Zero)
|
|
throw new OutOfMemoryException();
|
|
}
|
|
if (\u003CModule\u003E.CreateWellKnownSid((WELL_KNOWN_SID_TYPE) 66, (void*) 0, voidPtr, &num2) == 0)
|
|
throw new Win32Exception((int) \u003CModule\u003E.GetLastError());
|
|
if (\u003CModule\u003E.EqualSid(voidPtr, (void*) *(int*) tokenMandatoryLabelPtr) != 0)
|
|
flag = true;
|
|
}
|
|
finally
|
|
{
|
|
if ((IntPtr) voidPtr != IntPtr.Zero)
|
|
\u003CModule\u003E.LocalFree(voidPtr);
|
|
if ((IntPtr) tokenMandatoryLabelPtr != IntPtr.Zero)
|
|
\u003CModule\u003E.LocalFree((void*) tokenMandatoryLabelPtr);
|
|
}
|
|
}
|
|
}
|
|
return flag;
|
|
}
|
|
|
|
public static unsafe WindowsIdentity CreateMediumIntegrityIdentity(
|
|
WindowsIdentity identity)
|
|
{
|
|
WindowsIdentity integrityIdentity = (WindowsIdentity) null;
|
|
_OSVERSIONINFOW osversioninfow;
|
|
// ISSUE: cast to a reference type
|
|
// ISSUE: explicit reference operation
|
|
^(int&) ref osversioninfow = 276;
|
|
// ISSUE: cast to a reference type
|
|
// ISSUE: initblk instruction
|
|
__memset((_OSVERSIONINFOW&) ((IntPtr) &osversioninfow + 4), 0, 272);
|
|
if (\u003CModule\u003E.GetVersionExW(&osversioninfow) == 0)
|
|
throw new Win32Exception((int) \u003CModule\u003E.GetLastError());
|
|
// ISSUE: cast to a reference type
|
|
// ISSUE: explicit reference operation
|
|
if (((uint) ^(int&) ((IntPtr) &osversioninfow + 4) >= 6U ? 1 : 0) == 0)
|
|
throw new InvalidOperationException();
|
|
void* voidPtr = (void*) 0;
|
|
_TOKEN_MANDATORY_LABEL* tokenMandatoryLabelPtr1 = (_TOKEN_MANDATORY_LABEL*) 0;
|
|
uint num1 = 0;
|
|
RuntimeHelpers.PrepareConstrainedRegions();
|
|
try
|
|
{
|
|
}
|
|
finally
|
|
{
|
|
try
|
|
{
|
|
if (\u003CModule\u003E.DuplicateTokenEx(identity.Token.ToPointer(), 142U, (_SECURITY_ATTRIBUTES*) 0, (_SECURITY_IMPERSONATION_LEVEL) 2, (_TOKEN_TYPE) 2, &voidPtr) == 0)
|
|
throw new Win32Exception((int) \u003CModule\u003E.GetLastError());
|
|
if (\u003CModule\u003E.CreateWellKnownSid((WELL_KNOWN_SID_TYPE) 67, (void*) 0, (void*) 0, &num1) == 0)
|
|
{
|
|
uint lastError = \u003CModule\u003E.GetLastError();
|
|
if (122U != lastError)
|
|
throw new Win32Exception((int) lastError);
|
|
}
|
|
uint num2 = num1 + 8U;
|
|
tokenMandatoryLabelPtr1 = (_TOKEN_MANDATORY_LABEL*) \u003CModule\u003E.LocalAlloc(64U, num2);
|
|
if ((IntPtr) tokenMandatoryLabelPtr1 == IntPtr.Zero)
|
|
throw new OutOfMemoryException();
|
|
_TOKEN_MANDATORY_LABEL* tokenMandatoryLabelPtr2 = (_TOKEN_MANDATORY_LABEL*) ((IntPtr) tokenMandatoryLabelPtr1 + 8);
|
|
*(int*) tokenMandatoryLabelPtr1 = (int) tokenMandatoryLabelPtr2;
|
|
*(int*) ((IntPtr) tokenMandatoryLabelPtr1 + 4) = 96;
|
|
if (\u003CModule\u003E.CreateWellKnownSid((WELL_KNOWN_SID_TYPE) 67, (void*) 0, (void*) tokenMandatoryLabelPtr2, &num1) == 0)
|
|
throw new Win32Exception((int) \u003CModule\u003E.GetLastError());
|
|
if (\u003CModule\u003E.SetTokenInformation(voidPtr, (_TOKEN_INFORMATION_CLASS) 25, (void*) tokenMandatoryLabelPtr1, num2) == 0)
|
|
throw new Win32Exception((int) \u003CModule\u003E.GetLastError());
|
|
integrityIdentity = new WindowsIdentity(new IntPtr(voidPtr));
|
|
}
|
|
finally
|
|
{
|
|
if ((IntPtr) voidPtr != IntPtr.Zero)
|
|
\u003CModule\u003E.CloseHandle(voidPtr);
|
|
if ((IntPtr) tokenMandatoryLabelPtr1 != IntPtr.Zero)
|
|
\u003CModule\u003E.LocalFree((void*) tokenMandatoryLabelPtr1);
|
|
}
|
|
}
|
|
return integrityIdentity;
|
|
}
|
|
|
|
public static unsafe void* CreateHighIntegrityToken(void* hCurrentToken)
|
|
{
|
|
_OSVERSIONINFOW osversioninfow;
|
|
// ISSUE: cast to a reference type
|
|
// ISSUE: explicit reference operation
|
|
^(int&) ref osversioninfow = 276;
|
|
// ISSUE: cast to a reference type
|
|
// ISSUE: initblk instruction
|
|
__memset((_OSVERSIONINFOW&) ((IntPtr) &osversioninfow + 4), 0, 272);
|
|
if (\u003CModule\u003E.GetVersionExW(&osversioninfow) == 0)
|
|
throw new Win32Exception((int) \u003CModule\u003E.GetLastError());
|
|
// ISSUE: cast to a reference type
|
|
// ISSUE: explicit reference operation
|
|
if (((uint) ^(int&) ((IntPtr) &osversioninfow + 4) >= 6U ? 1 : 0) == 0)
|
|
throw new InvalidOperationException();
|
|
void* highIntegrityToken = (void*) 0;
|
|
_TOKEN_MANDATORY_LABEL* tokenMandatoryLabelPtr1 = (_TOKEN_MANDATORY_LABEL*) 0;
|
|
uint num1 = 0;
|
|
RuntimeHelpers.PrepareConstrainedRegions();
|
|
try
|
|
{
|
|
}
|
|
finally
|
|
{
|
|
try
|
|
{
|
|
if (\u003CModule\u003E.DuplicateTokenEx(hCurrentToken, 139U, (_SECURITY_ATTRIBUTES*) 0, (_SECURITY_IMPERSONATION_LEVEL) 2, (_TOKEN_TYPE) 1, &highIntegrityToken) == 0)
|
|
throw new Win32Exception((int) \u003CModule\u003E.GetLastError());
|
|
if (\u003CModule\u003E.CreateWellKnownSid((WELL_KNOWN_SID_TYPE) 68, (void*) 0, (void*) 0, &num1) == 0)
|
|
{
|
|
uint lastError = \u003CModule\u003E.GetLastError();
|
|
if (122U != lastError)
|
|
throw new Win32Exception((int) lastError);
|
|
}
|
|
uint num2 = num1 + 8U;
|
|
tokenMandatoryLabelPtr1 = (_TOKEN_MANDATORY_LABEL*) \u003CModule\u003E.LocalAlloc(64U, num2);
|
|
if ((IntPtr) tokenMandatoryLabelPtr1 == IntPtr.Zero)
|
|
throw new OutOfMemoryException();
|
|
_TOKEN_MANDATORY_LABEL* tokenMandatoryLabelPtr2 = (_TOKEN_MANDATORY_LABEL*) ((IntPtr) tokenMandatoryLabelPtr1 + 8);
|
|
*(int*) tokenMandatoryLabelPtr1 = (int) tokenMandatoryLabelPtr2;
|
|
*(int*) ((IntPtr) tokenMandatoryLabelPtr1 + 4) = 96;
|
|
if (\u003CModule\u003E.CreateWellKnownSid((WELL_KNOWN_SID_TYPE) 68, (void*) 0, (void*) tokenMandatoryLabelPtr2, &num1) == 0)
|
|
throw new Win32Exception((int) \u003CModule\u003E.GetLastError());
|
|
if (\u003CModule\u003E.SetTokenInformation(highIntegrityToken, (_TOKEN_INFORMATION_CLASS) 25, (void*) tokenMandatoryLabelPtr1, num2) == 0)
|
|
throw new Win32Exception((int) \u003CModule\u003E.GetLastError());
|
|
}
|
|
finally
|
|
{
|
|
if ((IntPtr) tokenMandatoryLabelPtr1 != IntPtr.Zero)
|
|
\u003CModule\u003E.LocalFree((void*) tokenMandatoryLabelPtr1);
|
|
}
|
|
}
|
|
return highIntegrityToken;
|
|
}
|
|
|
|
public static unsafe void AdjustServiceProcessSecurity()
|
|
{
|
|
void* voidPtr = (void*) 0;
|
|
_ACL* aclPtr1 = (_ACL*) 0;
|
|
_ACL* aclPtr2 = (_ACL*) 0;
|
|
uint num = 68;
|
|
_EXPLICIT_ACCESS_W explicitAccessW;
|
|
// ISSUE: cast to a reference type
|
|
// ISSUE: explicit reference operation
|
|
^(int&) ref explicitAccessW = 0;
|
|
// ISSUE: cast to a reference type
|
|
// ISSUE: initblk instruction
|
|
__memset((_EXPLICIT_ACCESS_W&) ((IntPtr) &explicitAccessW + 4), 0, 28);
|
|
try
|
|
{
|
|
uint securityInfo = \u003CModule\u003E.GetSecurityInfo(\u003CModule\u003E.GetCurrentProcess(), (_SE_OBJECT_TYPE) 6, 4U, (void**) 0, (void**) 0, &aclPtr1, (_ACL**) 0, &voidPtr);
|
|
if (0U != securityInfo)
|
|
throw new Win32Exception((int) securityInfo);
|
|
\u0024ArrayType\u0024\u0024\u0024BY0BB\u0040K arrayTypeBy0BbK;
|
|
if (\u003CModule\u003E.CreateWellKnownSid((WELL_KNOWN_SID_TYPE) 11, (void*) 0, (void*) &arrayTypeBy0BbK, &num) == 0)
|
|
throw new Win32Exception((int) \u003CModule\u003E.GetLastError());
|
|
// ISSUE: cast to a reference type
|
|
// ISSUE: explicit reference operation
|
|
^(int&) ref explicitAccessW = 1048576;
|
|
// ISSUE: cast to a reference type
|
|
// ISSUE: explicit reference operation
|
|
^(int&) ((IntPtr) &explicitAccessW + 4) = 1;
|
|
// ISSUE: cast to a reference type
|
|
// ISSUE: explicit reference operation
|
|
^(int&) ((IntPtr) &explicitAccessW + 20) = 0;
|
|
// ISSUE: cast to a reference type
|
|
// ISSUE: explicit reference operation
|
|
^(int&) ((IntPtr) &explicitAccessW + 24) = 5;
|
|
// ISSUE: cast to a reference type
|
|
// ISSUE: explicit reference operation
|
|
^(int&) ((IntPtr) &explicitAccessW + 28) = (int) &arrayTypeBy0BbK;
|
|
uint error1 = \u003CModule\u003E.SetEntriesInAclW(1U, &explicitAccessW, aclPtr1, &aclPtr2);
|
|
if (0U != error1)
|
|
throw new Win32Exception((int) error1);
|
|
uint error2 = \u003CModule\u003E.SetSecurityInfo(\u003CModule\u003E.GetCurrentProcess(), (_SE_OBJECT_TYPE) 6, 4U, (void*) 0, (void*) 0, aclPtr2, (_ACL*) 0);
|
|
if (0U != error2)
|
|
throw new Win32Exception((int) error2);
|
|
}
|
|
finally
|
|
{
|
|
if (IntPtr.Zero != (IntPtr) aclPtr2)
|
|
\u003CModule\u003E.LocalFree((void*) aclPtr2);
|
|
if (IntPtr.Zero != (IntPtr) voidPtr)
|
|
\u003CModule\u003E.LocalFree(voidPtr);
|
|
}
|
|
}
|
|
|
|
[return: MarshalAs(UnmanagedType.U1)]
|
|
public static unsafe bool IsCardSpaceTcserverInstance(int pid, string trustedUserSid)
|
|
{
|
|
bool flag = false;
|
|
void* voidPtr1 = (void*) 0;
|
|
void* voidPtr2 = (void*) 0;
|
|
ushort* numPtr = (ushort*) 0;
|
|
IntPtr hglobal = IntPtr.Zero;
|
|
try
|
|
{
|
|
voidPtr1 = \u003CModule\u003E.OpenProcess(1024U, 0, (uint) pid);
|
|
if (IntPtr.Zero != (IntPtr) voidPtr1)
|
|
{
|
|
if (\u003CModule\u003E.OpenProcessToken(voidPtr1, 8U, &voidPtr2) != 0)
|
|
{
|
|
\u0024ArrayType\u0024\u0024\u0024BY0EE\u0040E arrayTypeBy0EeE;
|
|
// ISSUE: cast to a reference type
|
|
// ISSUE: explicit reference operation
|
|
^(sbyte&) ref arrayTypeBy0EeE = (sbyte) 0;
|
|
// ISSUE: cast to a reference type
|
|
// ISSUE: initblk instruction
|
|
__memset((\u0024ArrayType\u0024\u0024\u0024BY0EE\u0040E&) ((IntPtr) &arrayTypeBy0EeE + 1), 0, 67);
|
|
uint num = 0;
|
|
if (\u003CModule\u003E.GetTokenInformation(voidPtr2, (_TOKEN_INFORMATION_CLASS) 4, (void*) &arrayTypeBy0EeE, 68U, &num) != 0)
|
|
{
|
|
_TOKEN_OWNER* tokenOwnerPtr = (_TOKEN_OWNER*) &arrayTypeBy0EeE;
|
|
// ISSUE: cast to a reference type
|
|
// ISSUE: explicit reference operation
|
|
if (\u003CModule\u003E.ConvertSidToStringSidW((void*) ^(int&) ref arrayTypeBy0EeE, &numPtr) != 0)
|
|
{
|
|
hglobal = Marshal.StringToHGlobalUni(trustedUserSid);
|
|
flag = 0 == \u003CModule\u003E._wcsnicmp((ushort*) hglobal.ToPointer(), numPtr, 68U);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
finally
|
|
{
|
|
if (IntPtr.Zero != (IntPtr) numPtr)
|
|
\u003CModule\u003E.LocalFree((void*) numPtr);
|
|
if (IntPtr.Zero != (IntPtr) voidPtr2)
|
|
\u003CModule\u003E.CloseHandle(voidPtr2);
|
|
if (IntPtr.Zero != (IntPtr) voidPtr1)
|
|
\u003CModule\u003E.CloseHandle(voidPtr1);
|
|
if (IntPtr.Zero != hglobal)
|
|
Marshal.FreeHGlobal(hglobal);
|
|
}
|
|
return flag;
|
|
}
|
|
|
|
public static unsafe void AddSystemAccessToProcess(IntPtr RpcHandle, uint callerPid)
|
|
{
|
|
bool flag = false;
|
|
void* voidPtr1 = (void*) 0;
|
|
_ACL* aclPtr1 = (_ACL*) 0;
|
|
_ACL* aclPtr2 = (_ACL*) 0;
|
|
void* voidPtr2 = (void*) 0;
|
|
_EXPLICIT_ACCESS_W explicitAccessW;
|
|
// ISSUE: cast to a reference type
|
|
// ISSUE: explicit reference operation
|
|
^(int&) ref explicitAccessW = 0;
|
|
// ISSUE: cast to a reference type
|
|
// ISSUE: initblk instruction
|
|
__memset((_EXPLICIT_ACCESS_W&) ((IntPtr) &explicitAccessW + 4), 0, 28);
|
|
\u0024ArrayType\u0024\u0024\u0024BY0EE\u0040E arrayTypeBy0EeE;
|
|
// ISSUE: cast to a reference type
|
|
// ISSUE: explicit reference operation
|
|
^(sbyte&) ref arrayTypeBy0EeE = (sbyte) 0;
|
|
// ISSUE: cast to a reference type
|
|
// ISSUE: initblk instruction
|
|
__memset((\u0024ArrayType\u0024\u0024\u0024BY0EE\u0040E&) ((IntPtr) &arrayTypeBy0EeE + 1), 0, 67);
|
|
uint num = 68;
|
|
try
|
|
{
|
|
uint error1 = (uint) \u003CModule\u003E.RpcImpersonateClient(RpcHandle.ToPointer());
|
|
if (0U != error1)
|
|
throw new Win32Exception((int) error1);
|
|
flag = true;
|
|
voidPtr1 = \u003CModule\u003E.OpenProcess(393216U, 0, callerPid);
|
|
if (IntPtr.Zero == (IntPtr) voidPtr1)
|
|
throw new Win32Exception((int) \u003CModule\u003E.GetLastError());
|
|
uint securityInfo = \u003CModule\u003E.GetSecurityInfo(voidPtr1, (_SE_OBJECT_TYPE) 6, 4U, (void**) 0, (void**) 0, &aclPtr1, (_ACL**) 0, &voidPtr2);
|
|
if (0U != securityInfo)
|
|
throw new Win32Exception((int) securityInfo);
|
|
if (\u003CModule\u003E.CreateWellKnownSid((WELL_KNOWN_SID_TYPE) 22, (void*) 0, (void*) &arrayTypeBy0EeE, &num) == 0)
|
|
throw new Win32Exception((int) \u003CModule\u003E.GetLastError());
|
|
// ISSUE: cast to a reference type
|
|
// ISSUE: explicit reference operation
|
|
^(int&) ref explicitAccessW = 2035711;
|
|
// ISSUE: cast to a reference type
|
|
// ISSUE: explicit reference operation
|
|
^(int&) ((IntPtr) &explicitAccessW + 4) = 1;
|
|
// ISSUE: cast to a reference type
|
|
// ISSUE: explicit reference operation
|
|
^(int&) ((IntPtr) &explicitAccessW + 20) = 0;
|
|
// ISSUE: cast to a reference type
|
|
// ISSUE: explicit reference operation
|
|
^(int&) ((IntPtr) &explicitAccessW + 24) = 1;
|
|
// ISSUE: cast to a reference type
|
|
// ISSUE: explicit reference operation
|
|
^(int&) ((IntPtr) &explicitAccessW + 28) = (int) &arrayTypeBy0EeE;
|
|
uint error2 = \u003CModule\u003E.SetEntriesInAclW(1U, &explicitAccessW, aclPtr1, &aclPtr2);
|
|
if (0U != error2)
|
|
throw new Win32Exception((int) error2);
|
|
uint error3 = \u003CModule\u003E.SetSecurityInfo(voidPtr1, (_SE_OBJECT_TYPE) 6, 4U, (void*) 0, (void*) 0, aclPtr2, (_ACL*) 0);
|
|
if (0U != error3)
|
|
throw new Win32Exception((int) error3);
|
|
}
|
|
finally
|
|
{
|
|
if (IntPtr.Zero != (IntPtr) aclPtr2)
|
|
\u003CModule\u003E.LocalFree((void*) aclPtr2);
|
|
if (IntPtr.Zero != (IntPtr) voidPtr2)
|
|
\u003CModule\u003E.LocalFree(voidPtr2);
|
|
if (IntPtr.Zero != (IntPtr) voidPtr1)
|
|
\u003CModule\u003E.CloseHandle(voidPtr1);
|
|
if (flag)
|
|
\u003CModule\u003E.RpcRevertToSelf();
|
|
}
|
|
}
|
|
|
|
[return: MarshalAs(UnmanagedType.U1)]
|
|
public static unsafe bool PathSupportsPersistedSecurity(string path)
|
|
{
|
|
bool flag = false;
|
|
string pathRoot = Path.GetPathRoot(path);
|
|
RuntimeHelpers.PrepareConstrainedRegions();
|
|
try
|
|
{
|
|
}
|
|
finally
|
|
{
|
|
GCHandle gcHandle = GCHandle.Alloc((object) pathRoot, GCHandleType.Pinned);
|
|
\u0024ArrayType\u0024\u0024\u0024BY0BAF\u0040G arrayTypeBy0BafG1;
|
|
// ISSUE: initblk instruction
|
|
__memset(ref arrayTypeBy0BafG1, 0, 522);
|
|
\u0024ArrayType\u0024\u0024\u0024BY0BAF\u0040G arrayTypeBy0BafG2;
|
|
// ISSUE: initblk instruction
|
|
__memset(ref arrayTypeBy0BafG2, 0, 522);
|
|
uint num1 = 0;
|
|
uint num2 = 0;
|
|
uint num3 = 0;
|
|
if (\u003CModule\u003E.GetVolumeInformationW((ushort*) gcHandle.AddrOfPinnedObject().ToPointer(), (ushort*) &arrayTypeBy0BafG1, 261U, &num1, &num2, &num3, (ushort*) &arrayTypeBy0BafG2, 261U) != 0)
|
|
{
|
|
if (((int) num3 & 8) != 0)
|
|
flag = true;
|
|
gcHandle.Free();
|
|
}
|
|
else
|
|
{
|
|
gcHandle.Free();
|
|
throw new Win32Exception((int) \u003CModule\u003E.GetLastError());
|
|
}
|
|
}
|
|
return flag;
|
|
}
|
|
}
|
|
}
|