mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-20 10:26:10 +00:00
358 lines
12 KiB
C#
358 lines
12 KiB
C#
// Decompiled with JetBrains decompiler
|
|
// Type: Tvsu.Service.Server.PipeManager
|
|
// Assembly: SUService, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
// MVID: C794206D-ECC0-4CFA-AB4E-5C06FB2FD4CC
|
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Patched.mf-57a055e0e8642f449b4d27fa8ff9cbc0f8367d8cdd69ab6deeca9a801697bce1.exe
|
|
|
|
using Microsoft.Win32;
|
|
using System;
|
|
using System.Collections;
|
|
using System.Diagnostics;
|
|
using System.Globalization;
|
|
using System.IO;
|
|
using System.Runtime.InteropServices;
|
|
using System.Threading;
|
|
using Tvsu.Service.Common.InterProcessComm;
|
|
using Tvsu.Service.Common.NamedPipes;
|
|
using Tvsu.Service.Common.Util;
|
|
|
|
namespace Tvsu.Service.Server
|
|
{
|
|
public sealed class PipeManager : IChannelManager
|
|
{
|
|
private const string UNINSTALL = "/u";
|
|
private const string EXECUTE = "/execute";
|
|
private const string DIR = "/directory";
|
|
private const string ARGUMENTS = "/arguments";
|
|
private const string INSTALL_TYPE = "/type";
|
|
private const string PIPE_SERVER_NAME = "SUPipeServer";
|
|
private const int MAX_READ_BYTES = 5000;
|
|
private const int PIPE_MAX_STUFFED_TIME = 5000;
|
|
private static string commandLine = (string) null;
|
|
private static string argumentsValue = (string) null;
|
|
private static string directoryPath = (string) null;
|
|
private static string installType = (string) null;
|
|
[MarshalAs(UnmanagedType.LPStr)]
|
|
private string hardwareId;
|
|
[MarshalAs(UnmanagedType.LPStr)]
|
|
private string infFilePath;
|
|
public Hashtable Pipes;
|
|
private uint NumberPipes = 5;
|
|
private uint OutBuffer = 512;
|
|
private uint InBuffer = 512;
|
|
private bool _listen = true;
|
|
private int numChannels = 0;
|
|
private Hashtable _pipes = new Hashtable();
|
|
private Thread MainThread;
|
|
private string PipeName = "SUPipeServer";
|
|
private ManualResetEvent Mre;
|
|
public object SyncRoot = new object();
|
|
|
|
[DllImport("tools.dll")]
|
|
public static extern bool updateDriverForPlugAndPlayDevices(
|
|
string hardwareId,
|
|
string fullInfPath);
|
|
|
|
[DllImport("tools.dll")]
|
|
public static extern string GetError();
|
|
|
|
public bool Listen
|
|
{
|
|
get => this._listen;
|
|
set => this._listen = value;
|
|
}
|
|
|
|
public void Initialize()
|
|
{
|
|
this.Pipes = Hashtable.Synchronized(this._pipes);
|
|
this.Mre = new ManualResetEvent(false);
|
|
this.MainThread = new Thread(new ThreadStart(this.Start));
|
|
this.MainThread.IsBackground = false;
|
|
this.MainThread.Name = "Main Pipe Thread";
|
|
this.MainThread.Start();
|
|
Thread.Sleep(1000);
|
|
}
|
|
|
|
public string HandleRequest(string request)
|
|
{
|
|
string str = request;
|
|
try
|
|
{
|
|
ServiceLogger.Instance.Info(request);
|
|
PipeManager.commandLine = "";
|
|
PipeManager.argumentsValue = "";
|
|
PipeManager.directoryPath = "";
|
|
PipeManager.installType = "";
|
|
PipeManager.BuildCommandLine(str.Split(' '));
|
|
ServiceLogger.Instance.Info(PipeManager.directoryPath + Environment.NewLine + PipeManager.commandLine + Environment.NewLine + PipeManager.argumentsValue + Environment.NewLine + PipeManager.installType);
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
ServiceLogger.Instance.Severe("Error handling request", ex);
|
|
}
|
|
return this.ExecuteCommand(PipeManager.directoryPath, PipeManager.commandLine, PipeManager.argumentsValue, PipeManager.installType).ToString();
|
|
}
|
|
|
|
private int ExecuteCommand(string dir, string cmd, string args, string _installType)
|
|
{
|
|
int num = int.MinValue;
|
|
string path = "";
|
|
try
|
|
{
|
|
ServiceLogger.Instance.Info("Directory 1: " + dir);
|
|
if (PipeManager.DirectoryExists(dir))
|
|
path = dir;
|
|
ServiceLogger.Instance.Info("If directory 1 exists: " + path);
|
|
switch (_installType)
|
|
{
|
|
case "":
|
|
case null:
|
|
_installType = "COMMAND";
|
|
break;
|
|
}
|
|
if (_installType == PipeManager.InstallType.INF.ToString())
|
|
{
|
|
this.infFilePath = cmd;
|
|
Directory.SetCurrentDirectory(path);
|
|
this.hardwareId = args;
|
|
return PipeManager.updateDriverForPlugAndPlayDevices(this.hardwareId, this.infFilePath) ? 1 : 0;
|
|
}
|
|
Process process = new Process();
|
|
ProcessStartInfo processStartInfo = new ProcessStartInfo();
|
|
if (File.Exists(path + "\\" + cmd))
|
|
processStartInfo.WorkingDirectory = path;
|
|
else if (File.Exists(path + "\\" + cmd.Substring(cmd.LastIndexOf("\\") + 1, cmd.Length - 1 - cmd.LastIndexOf("\\"))))
|
|
{
|
|
processStartInfo.WorkingDirectory = path;
|
|
cmd = cmd.Substring(cmd.LastIndexOf("\\") + 1, cmd.Length - 1 - cmd.LastIndexOf("\\"));
|
|
}
|
|
else if (File.Exists(cmd))
|
|
{
|
|
path = cmd.Substring(0, cmd.LastIndexOf("\\"));
|
|
cmd = cmd.Substring(cmd.LastIndexOf("\\") + 1, cmd.Length - 1 - cmd.LastIndexOf("\\"));
|
|
processStartInfo.WorkingDirectory = path;
|
|
}
|
|
ServiceLogger.Instance.Info("The parameters directory and command stay as follows:" + Environment.NewLine + "command: " + cmd + Environment.NewLine + "directory: " + path);
|
|
switch (args)
|
|
{
|
|
case "":
|
|
case null:
|
|
processStartInfo.FileName = cmd;
|
|
break;
|
|
default:
|
|
processStartInfo.FileName = cmd;
|
|
processStartInfo.Arguments = args;
|
|
break;
|
|
}
|
|
if (string.Compare(cmd, "egather2.exe", true, new CultureInfo("en-US", false)) == 0)
|
|
{
|
|
processStartInfo.WindowStyle = ProcessWindowStyle.Hidden;
|
|
ServiceLogger.Instance.Info("Type hidden");
|
|
}
|
|
else
|
|
{
|
|
processStartInfo.WindowStyle = ProcessWindowStyle.Normal;
|
|
ServiceLogger.Instance.Info("Type normal");
|
|
}
|
|
if (_installType == PipeManager.InstallType.SHELL.ToString())
|
|
processStartInfo.UseShellExecute = true;
|
|
process.StartInfo = processStartInfo;
|
|
process.Start();
|
|
while (!process.HasExited)
|
|
process.WaitForExit();
|
|
num = process.ExitCode;
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
ServiceLogger.Instance.Severe("Error executing command: " + cmd, ex);
|
|
}
|
|
return num;
|
|
}
|
|
|
|
private int WriteRegistryValue(string dir, string svalue)
|
|
{
|
|
string root = dir.Substring(0, dir.IndexOf("\\"));
|
|
string str = dir.Substring(dir.IndexOf("\\") + 1, dir.LastIndexOf("\\") - dir.IndexOf("\\"));
|
|
string name = dir.Substring(dir.LastIndexOf("\\") + 1, dir.Length - dir.LastIndexOf("\\") - 1);
|
|
RegistryKey registryKey = PipeManager.GetRegistryKey(root);
|
|
if (registryKey == null)
|
|
return int.MinValue;
|
|
if (registryKey.OpenSubKey(str) != null)
|
|
{
|
|
if (svalue == null)
|
|
svalue = "";
|
|
registryKey.OpenSubKey(str, true).SetValue(name, (object) svalue);
|
|
}
|
|
else
|
|
{
|
|
ServiceLogger.Instance.Info("Creating sub Key: " + str);
|
|
registryKey.CreateSubKey(str);
|
|
registryKey.OpenSubKey(str, true).SetValue(name, (object) svalue);
|
|
}
|
|
registryKey.Close();
|
|
return 0;
|
|
}
|
|
|
|
public static RegistryKey GetRegistryKey(string root)
|
|
{
|
|
RegistryKey registryKey = (RegistryKey) null;
|
|
switch (root)
|
|
{
|
|
case "HKEY_CLASSES_ROOT":
|
|
registryKey = Registry.ClassesRoot;
|
|
break;
|
|
case "HKEY_CURRENT_USER":
|
|
registryKey = Registry.CurrentUser;
|
|
break;
|
|
case "HKEY_LOCAL_MACHINE":
|
|
registryKey = Registry.LocalMachine;
|
|
break;
|
|
case "HKEY_USERS":
|
|
registryKey = Registry.Users;
|
|
break;
|
|
case "HKEY_CURRENT_CONFIG":
|
|
registryKey = Registry.CurrentConfig;
|
|
break;
|
|
}
|
|
return registryKey;
|
|
}
|
|
|
|
private static bool DirectoryExists(string dir) => new DirectoryInfo(dir).Exists;
|
|
|
|
private static void BuildCommandLine(string[] arguments)
|
|
{
|
|
int position;
|
|
for (position = 1; position < arguments.Length && !arguments[position].StartsWith("/arguments"); ++position)
|
|
PipeManager.commandLine = PipeManager.commandLine + arguments[position] + " ";
|
|
PipeManager.commandLine = PipeManager.commandLine.Remove(PipeManager.commandLine.Length - 1, 1);
|
|
PipeManager.BuildArguments(arguments, position);
|
|
}
|
|
|
|
private static void BuildArguments(string[] args, int position)
|
|
{
|
|
for (++position; position < args.Length && !args[position].StartsWith("/directory"); ++position)
|
|
PipeManager.argumentsValue = PipeManager.argumentsValue + args[position] + " ";
|
|
if (PipeManager.argumentsValue != "")
|
|
PipeManager.argumentsValue = PipeManager.argumentsValue.Remove(PipeManager.argumentsValue.Length - 1, 1);
|
|
PipeManager.BuildDirectoryPath(args, position);
|
|
}
|
|
|
|
private static void BuildDirectoryPath(string[] args, int position)
|
|
{
|
|
for (++position; position < args.Length && !args[position].StartsWith("/type"); ++position)
|
|
PipeManager.directoryPath = PipeManager.directoryPath + args[position] + " ";
|
|
PipeManager.installType = args[position + 1];
|
|
PipeManager.directoryPath = PipeManager.directoryPath.Remove(PipeManager.directoryPath.Length - 1, 1);
|
|
}
|
|
|
|
private void Start()
|
|
{
|
|
try
|
|
{
|
|
while (this._listen)
|
|
{
|
|
int[] numArray = new int[this.Pipes.Keys.Count];
|
|
this.Pipes.Keys.CopyTo((Array) numArray, 0);
|
|
foreach (int key in numArray)
|
|
{
|
|
ServerNamedPipe pipe = (ServerNamedPipe) this.Pipes[(object) key];
|
|
if (pipe != null && DateTime.Now.Subtract(pipe.LastAction).Milliseconds > 5000 && ((APipeConnection) pipe.PipeConnection).GetState() != 4)
|
|
{
|
|
pipe.Listen = false;
|
|
pipe.PipeThread.Abort();
|
|
this.RemoveServerChannel((object) ((APipeConnection) pipe.PipeConnection).NativeHandle);
|
|
}
|
|
}
|
|
if ((long) this.numChannels <= (long) this.NumberPipes)
|
|
{
|
|
ServerNamedPipe serverNamedPipe = new ServerNamedPipe(this.PipeName, this.OutBuffer, this.InBuffer, 5000, false);
|
|
try
|
|
{
|
|
serverNamedPipe.Connect();
|
|
serverNamedPipe.LastAction = DateTime.Now;
|
|
Interlocked.Increment(ref this.numChannels);
|
|
serverNamedPipe.Start();
|
|
this.Pipes.Add((object) ((APipeConnection) serverNamedPipe.PipeConnection).NativeHandle, (object) serverNamedPipe);
|
|
}
|
|
catch (InterProcessIOException ex)
|
|
{
|
|
this.RemoveServerChannel((object) ((APipeConnection) serverNamedPipe.PipeConnection).NativeHandle);
|
|
serverNamedPipe.Dispose();
|
|
ServiceLogger.Instance.Severe(((Exception) ex).StackTrace.ToString(), (Exception) ex);
|
|
}
|
|
}
|
|
else
|
|
{
|
|
this.Mre.Reset();
|
|
this.Mre.WaitOne(1000, false);
|
|
}
|
|
}
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
ServiceLogger.Instance.Warning(ex.Message.ToString(), ex);
|
|
}
|
|
}
|
|
|
|
public void Stop()
|
|
{
|
|
this._listen = false;
|
|
this.Mre.Set();
|
|
try
|
|
{
|
|
int[] numArray = new int[this.Pipes.Keys.Count];
|
|
this.Pipes.Keys.CopyTo((Array) numArray, 0);
|
|
foreach (int key in numArray)
|
|
((ServerNamedPipe) this.Pipes[(object) key]).Listen = false;
|
|
int num = this.numChannels * 3;
|
|
for (int index = 0; index < num; ++index)
|
|
this.StopServerPipe();
|
|
this.Pipes.Clear();
|
|
this.Mre.Close();
|
|
this.Mre = (ManualResetEvent) null;
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
ServiceLogger.Instance.Warning(ex.Message.ToString(), ex);
|
|
}
|
|
}
|
|
|
|
public void WakeUp()
|
|
{
|
|
if (this.Mre == null)
|
|
return;
|
|
this.Mre.Set();
|
|
}
|
|
|
|
private void StopServerPipe()
|
|
{
|
|
try
|
|
{
|
|
ClientPipeConnection clientPipeConnection = new ClientPipeConnection(this.PipeName);
|
|
if (!clientPipeConnection.TryConnect())
|
|
return;
|
|
((APipeConnection) clientPipeConnection).Close();
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
ServiceLogger.Instance.Warning(ex.Message.ToString(), ex);
|
|
}
|
|
}
|
|
|
|
public void RemoveServerChannel(object param)
|
|
{
|
|
int key = (int) param;
|
|
Interlocked.Decrement(ref this.numChannels);
|
|
this.Pipes.Remove((object) key);
|
|
this.WakeUp();
|
|
}
|
|
|
|
private enum InstallType
|
|
{
|
|
COMMAND,
|
|
SHELL,
|
|
INF,
|
|
}
|
|
}
|
|
}
|