MalwareSourceCode/MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/NativeMethods.cs

// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.NativeMethods
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe

using Microsoft.Win32.SafeHandles;
using System;
using System.Runtime.ConstrainedExecution;
using System.Runtime.InteropServices;
using System.Text;

namespace Microsoft.InfoCards
{
  internal static class NativeMethods
  {
    public const int E_BUSY = -2147024825;
    public const int ERROR_ACCESS_DENIED = 5;
    public const int ERROR_NOT_ENOUGH_MEMORY = 8;
    public const int ERROR_OUTOFMEMORY = 14;
    public const int E_NOTIMPL = -2147467263;
    public const int E_ACCESSDENIED = -2147024891;
    public const int COR_E_APPLICATION = -2146232832;
    public const int COR_E_ARGUMENT = -2147024809;
    public const int ERROR_INVALID_DATA = 13;
    public const int CRYPTPROTECT_LOCAL_MACHINE = 4;
    public const int CRYPTPROTECT_UI_FORBIDDEN = 1;
    public const int CRYPTPROTECT_NO_RECOVERY = 32;
    public const int CRYPTPROTECT_VERIFY_PROTECTION = 64;
    public const int CRYPTPROTECT_AUDIT = 16;
    public const int CRYPTPROTECTMEMORY_SAME_PROCESS = 0;
    public const int CRYPTPROTECTMEMORY_CROSS_PROCESS = 1;
    public const int CRYPTPROTECTMEMORY_SAME_LOGON = 2;
    public const int EVENT_MODIFY_STATE = 2;
    public const int PROCESS_DUP_HANDLE = 64;
    public const int TOKEN_QUERY = 8;
    public const int TOKEN_IMPERSONATE = 4;
    public const int TOKEN_DUPLICATE = 2;
    public const int TOKEN_ASSIGN_PRIMARY = 1;
    public const int TOKEN_ALL_ACCESS = 511;
    public const uint WAIT_TIMEOUT = 258;
    public const uint WAIT_ABANDONED = 128;
    public const uint WAIT_FAILED = 4294967295;
    public const int CSIDL_LOCAL_APPDATA = 28;
    public const int SHGFP_TYPE_CURRENT = 0;
    public const int MAX_PATH = 260;
    public const int MUTEX_MODIFY_STATE = 2;
    public const int SYNCHRONIZE = 1048576;
    public const int FILE_PERSISTENT_ACLS = 8;
    public const int ERROR_CANCELLED = 1223;
    public const int SM_TABLETPC = 86;

    [DllImport("Crypt32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
    public static extern bool CryptProtectData(
      [In] IntPtr pDataIn,
      [MarshalAs(UnmanagedType.LPWStr), In] string szDataDescr,
      [In] IntPtr pOptionalEntropy,
      [In] IntPtr pvReserved,
      [In] IntPtr pPromptStruct,
      [MarshalAs(UnmanagedType.I4), In] int dwFlags,
      [In] IntPtr pDataOut);

    [DllImport("Crypt32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
    public static extern bool CryptUnprotectData(
      [In] IntPtr pDataIn,
      [MarshalAs(UnmanagedType.LPWStr), Out] StringBuilder ppszDataDescr,
      [In] IntPtr pOptionalEntropy,
      [In] IntPtr pvReserved,
      [In] IntPtr pPromptStruct,
      [MarshalAs(UnmanagedType.I4), In] int dwFlags,
      [In] IntPtr pDataOut);

    [DllImport("Rpcrt4.dll", CharSet = CharSet.Unicode)]
    public static extern uint RpcImpersonateClient([In] IntPtr rpcBindingHandle);

    [DllImport("Rpcrt4.dll", CharSet = CharSet.Unicode)]
    public static extern uint RpcRevertToSelfEx([In] IntPtr rpcBindingHandle);

    [DllImport("Rpcrt4.dll", CharSet = CharSet.Unicode)]
    public static extern uint I_RpcBindingInqLocalClientPID([In] IntPtr rpcBindingHandle, out uint pid);

    [DllImport("advapi32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
    public static extern bool RevertToSelf();

    [DllImport("advapi32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
    public static extern bool ImpersonateLoggedOnUser([In] IntPtr hToken);

    [DllImport("kernel32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
    public static extern bool ProcessIdToSessionId([In] int pid, out int tSSession);

    [DllImport("kernel32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
    public static extern SafeNativeHandle OpenProcess(
      [In] int desiredAccess,
      [In] bool inheritHandle,
      [In] int processId);

    [DllImport("kernel32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
    public static extern bool DuplicateHandle(
      [In] SafeNativeHandle sourceProcessHandle,
      [In] SafeWaitHandle sourceHandle,
      [In] SafeNativeHandle targetProcessHandle,
      out SafeWaitHandle targetHandle,
      [In] int desiredAccess,
      [In] bool inheritHandle,
      [In] int options);

    [DllImport("kernel32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
    public static extern IntPtr GetCurrentProcess();

    [DllImport("Kernel32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
    public static extern IntPtr LocalFree(IntPtr hMem);

    [DllImport("advapi32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
    public static extern bool CryptDecrypt(
      [In] SafeCryptoKeyHandle hKey,
      [In] IntPtr hHash,
      [In] uint Final,
      [In] uint Flags,
      [In] IntPtr data,
      [In, Out] ref uint length);

    [DllImport("advapi32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
    public static extern bool CryptEncrypt(
      [In] SafeCryptoKeyHandle hKey,
      [In] IntPtr hHash,
      [In] uint Final,
      [In] uint Flags,
      [In] IntPtr data,
      [In, Out] ref uint length,
      [In] uint bufLength);

    [DllImport("Kernel32.dll", EntryPoint = "RtlZeroMemory", CharSet = CharSet.Unicode, SetLastError = true)]
    public static extern void ZeroMemory([In] IntPtr dest, [In] int size);

    [DllImport("Crypt32.dll", EntryPoint = "CertGetNameStringW", CharSet = CharSet.Unicode)]
    public static extern int CertGetNameString(
      IntPtr pCertContext,
      int dwType,
      int dwFlags,
      [MarshalAs(UnmanagedType.LPStr), In] string pvTypePara,
      [Out] StringBuilder pszNameString,
      int cchNameString);

    [DllImport("Kernel32.dll", CharSet = CharSet.Unicode)]
    public static extern int WTSGetActiveConsoleSessionId();

    [DllImport("user32.dll", CharSet = CharSet.Unicode)]
    public static extern int GetSystemMetrics(int nIndex);

    public enum SecurityImpersonationLevel
    {
      SecurityAnonymous,
      SecurityIdentification,
      SecurityImpersonation,
      SecurityDelegation,
    }

    public sealed class SafeHandleOnlyMethods
    {
      private SafeHandleOnlyMethods()
      {
      }

      [ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)]
      [DllImport("Kernel32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
      public static extern bool CloseHandle([In] IntPtr handle);
    }
  }
}