// Token: 0x0600036D RID: 877 RVA: 0x000096B4 File Offset: 0x000078B4
protected virtual void OnDrawNode(DrawTreeNodeEventArgs e)
{
try
{
Rectangle rect = new Rectangle(GClass5.smethod_0(e).Location.X, e.Bounds.Location.Y, e.Bounds.Width, e.Bounds.Height);
TreeNodeStates treeNodeStates = this.treeNodeStates_0;
if (treeNodeStates != TreeNodeStates.Selected)
{
if (treeNodeStates == TreeNodeStates.Checked)
{
e.Graphics.FillRectangle(Brushes.Green, rect);
e.Graphics.DrawString(e.Node.Text, new Font("Segoe UI", 8f), Brushes.Black, new Rectangle(rect.X + 2, rect.Y + 2, rect.Width, rect.Height), GClass6.stringFormat_0);
base.Invalidate();
}
else if (treeNodeStates == TreeNodeStates.Default)
{
e.Graphics.FillRectangle(Brushes.Red, rect);
e.Graphics.DrawString(e.Node.Text, new Font("Segoe UI", 8f), Brushes.LimeGreen, new Rectangle(rect.X + 2, rect.Y + 2, rect.Width, rect.Height), GClass6.stringFormat_0);
base.Invalidate();
}
}
else
{
e.Graphics.FillRectangle(Brushes.Green, rect);
e.Graphics.DrawString(e.Node.Text, new Font("Segoe UI", 8f), Brushes.Black, new Rectangle(rect.X + 2, rect.Y + 2, rect.Width, rect.Height), GClass6.stringFormat_0);
base.Invalidate();
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
base.OnDrawNode(e);
}
// Token: 0x0600032F RID: 815 RVA: 0x01038120 File Offset: 0x01036320
public override IntPtr \u202D\u202D\u206E\u200F\u206F\u206C\u202A\u200D\u200F\u206B\u200F\u200C\u200B\u200F\u206D\u202D\u206D\u206B\u206D\u200F\u202C\u202A\u200C\u206F\u206D\u202D\u206D\u200B\u206D\u206B\u206D\u200B\u200D\u202B\u200F\u206D\u206E\u202A\u200D\u206F\u202E(string string_0, IntPtr intptr_0)
{
this.vmethod_0();
if (!intptr_0.smethod_4() && !intptr_0.smethod_2(-1L))
{
try
{
IntPtr result = IntPtr.Zero;
IntPtr procAddress = GClass5.GetProcAddress(GClass5.GetModuleHandleA("kernel32.dll"), "LoadLibraryW");
if (procAddress.smethod_4())
{
throw new Exception("Unable to locate the LoadLibraryW entry point");
}
IntPtr intPtr = GClass5.smethod_0(intptr_0, Encoding.Unicode.GetBytes(string_0 + "\0"), 4);
if (!intPtr.smethod_4())
{
try
{
uint num = GClass5.smethod_7(intptr_0, procAddress, (uint)intPtr.ToInt32(), 10000);
if (num == 0u)
{
throw new Exception("Failed to load module into remote process. Error code: " + GClass5.smethod_1(intptr_0).ToString());
}
if (num != 4294967295u)
{
result = GClass4.smethod_3((long)((ulong)num));
goto IL_E5;
}
throw new Exception("Error occurred when calling function in the remote process");
}
finally
{
GClass5.VirtualFreeEx(intptr_0, intPtr, 0, 32768);
}
goto IL_DA;
IL_E5:
return(result);
}
IL_DA:
throw new InvalidOperationException("Failed to allocate memory in the remote process");
}
catch (Exception exception_)
{
this.vmethod_2(exception_);
return(IntPtr.Zero);
}
}
throw new ArgumentOutOfRangeException("hProcess", "Invalid process handle specified.");
}
public GClass5()
{
GClass5.smethod_0();
this.logger_0 = LogManager.GetLogger("DOPE");
this.logger_0.Info("Loading DOPE {arch} {version} on {architecture} ({os})", new object[]
{
GClass927.smethod_1() ? "x86" : "x64",
Constants.VersionString,
Environment.Is64BitOperatingSystem ? "x64" : "x86",
Environment.OSVersion.VersionString
});
AppDomain.CurrentDomain.FirstChanceException += this.method_0;
AppDomain.CurrentDomain.UnhandledException += this.method_2;
base.ShutdownMode = ShutdownMode.OnMainWindowClose;
GClass82.smethod_2();
bool flag;
using (WindowsIdentity current = WindowsIdentity.GetCurrent())
{
flag = new WindowsPrincipal(current).IsInRole(WindowsBuiltInRole.Administrator);
}
PErkava.IsSupported = flag;
try
{
PErkava.smethod_3();
}
catch
{
PErkava.IsSupported = false;
}
if (flag && PErkava.IsSupported)
{
try
{
GClass933 gclass = new GClass933();
gclass.Start();
PErkava.Host = gclass;
}
catch
{
}
}
this.logger_0.Info("PErkava support status: {status}", PErkava.IsSupported);
if (PErkava.IsSupported)
{
this.logger_0.Info("Use legacy proxy: {proxy}", PErkava.smethod_2());
}
AppDomain.CurrentDomain.ProcessExit += this.method_1;
}
// Token: 0x06000275 RID: 629 RVA: 0x01036920 File Offset: 0x01034B20
public static IntPtr smethod_2(IntPtr intptr_0, string string_0)
{
IntPtr procAddress = GClass5.GetProcAddress(GClass5.GetModuleHandleA("kernel32.dll"), "GetModuleHandleW");
IntPtr result = IntPtr.Zero;
if (!procAddress.smethod_4())
{
IntPtr intPtr = GClass5.smethod_0(intptr_0, Encoding.Unicode.GetBytes(string_0 + "\0"), 4);
if (!intPtr.smethod_4())
{
result = GClass4.smethod_3((long)((ulong)GClass5.smethod_7(intptr_0, procAddress, (uint)intPtr.ToInt32(), 1000)));
GClass5.VirtualFreeEx(intptr_0, intPtr, 0, 32768);
}
}
return(result);
}
// Token: 0x06000072 RID: 114 RVA: 0x00005B24 File Offset: 0x00003D24
public static string smethod_6()
{
foreach (NetworkInterface networkInterface in NetworkInterface.GetAllNetworkInterfaces())
{
if (networkInterface.NetworkInterfaceType == NetworkInterfaceType.Wireless80211 || (networkInterface.NetworkInterfaceType == NetworkInterfaceType.Ethernet && networkInterface.OperationalStatus == OperationalStatus.Up))
{
bool flag = false;
foreach (UnicastIPAddressInformation unicastIPAddressInformation in networkInterface.GetIPProperties().UnicastAddresses)
{
if (unicastIPAddressInformation.Address.AddressFamily == AddressFamily.InterNetwork && unicastIPAddressInformation.AddressPreferredLifetime != 4294967295L)
{
flag = (unicastIPAddressInformation.Address.ToString() == GClass11.smethod_5());
}
}
if (flag)
{
return(GClass5.smethod_0(networkInterface.GetPhysicalAddress().ToString()));
}
}
}
return("-");
}
// Token: 0x06000380 RID: 896 RVA: 0x01039644 File Offset: 0x01037844
protected virtual IntPtr vmethod_10(string[] string_0, IntPtr intptr_0, out IntPtr intptr_1, uint uint_0 = 0u)
{
intptr_1 = IntPtr.Zero;
IntPtr intPtr = IntPtr.Zero;
IntPtr result;
try
{
IntPtr moduleHandleA = GClass5.GetModuleHandleA("kernel32.dll");
IntPtr procAddress = GClass5.GetProcAddress(moduleHandleA, "LoadLibraryA");
IntPtr procAddress2 = GClass5.GetProcAddress(moduleHandleA, "GetModuleHandleA");
if (!procAddress.smethod_4() && !procAddress2.smethod_4())
{
intptr_1 = GClass5.VirtualAllocEx(intptr_0, IntPtr.Zero, (uint)((uint)string_0.Length << 2), 12288, 4);
IntPtr intPtr2 = GClass5.smethod_0(intptr_0, Encoding.ASCII.GetBytes(string.Join("\0", string_0) + "\0"), 4);
if (!intptr_1.smethod_4() && !intPtr2.smethod_4())
{
try
{
uint num = 0u;
byte[] array = new byte[string_0.Length << 2];
for (int i = 0; i < array.Length >> 2; i++)
{
BitConverter.GetBytes(uint_0).CopyTo(array, i << 2);
}
GClass5.WriteProcessMemory(intptr_0, intptr_1, array, array.Length, out num);
byte[] array2 = (byte[])Class8.byte_0.Clone();
intPtr = GClass5.VirtualAllocEx(intptr_0, IntPtr.Zero, (uint)array2.Length, 12288, 64);
if (intPtr.smethod_4())
{
throw new InvalidOperationException("Unable to allocate memory in the remote process");
}
BitConverter.GetBytes(intPtr2.ToInt32()).CopyTo(array2, 7);
BitConverter.GetBytes(string_0.Length).CopyTo(array2, 15);
BitConverter.GetBytes(intptr_1.ToInt32()).CopyTo(array2, 24);
BitConverter.GetBytes(procAddress2.smethod_7(intPtr.smethod_0(56L)).ToInt32()).CopyTo(array2, 52);
BitConverter.GetBytes(procAddress.smethod_7(intPtr.smethod_0(69L)).ToInt32()).CopyTo(array2, 65);
if (GClass5.WriteProcessMemory(intptr_0, intPtr, array2, array2.Length, out num) && (ulong)num == (ulong)((long)array2.Length))
{
result = intPtr;
goto IL_231;
}
throw new Exception("Error creating the remote function stub.");
}
finally
{
GClass5.VirtualFreeEx(intptr_0, intptr_1, 0, 32768);
GClass5.VirtualFreeEx(intptr_0, intPtr2, 0, 32768);
if (!intPtr.smethod_4())
{
GClass5.VirtualFreeEx(intptr_0, intPtr, 0, 32768);
}
intptr_1 = IntPtr.Zero;
}
goto IL_21B;
IL_231:
return(result);
}
IL_21B:
throw new InvalidOperationException("Unable to allocate memory in the remote process");
}
throw new Exception("Unable to find necessary function entry points in the remote process");
}
catch (Exception exception_)
{
this.vmethod_2(exception_);
result = IntPtr.Zero;
}
return(result);
}
// Token: 0x06000351 RID: 849 RVA: 0x0103888C File Offset: 0x01036A8C
private static bool smethod_5(GClass8 gclass8_0, IntPtr intptr_7, int int_0)
{
List <string> list = new List <string>();
string empty = string.Empty;
bool result = false;
foreach (GStruct8 gstruct in gclass8_0.method_8())
{
if (gclass8_0.method_4((long)((ulong)gclass8_0.method_11(gstruct.Name)), SeekOrigin.Begin, out empty, -1, null) && !string.IsNullOrEmpty(empty) && Class7.smethod_3(empty, int_0).smethod_4())
{
list.Add(empty);
}
}
if (list.Count > 0)
{
byte[] array = Class7.smethod_1(gclass8_0);
string text = string.Empty;
if (array != null)
{
text = GClass11.smethod_2(array);
}
else
{
if (string.IsNullOrEmpty(gclass8_0.String_0) || !File.Exists(Path.Combine(Path.GetDirectoryName(gclass8_0.String_0), Path.GetFileName(gclass8_0.String_0) + ".manifest")))
{
IntPtr[] array2 = GClass10.smethod_0(GEnum7.Standard).GClass10.\u200E\u206B\u200D\u202B\u200F\u206A\u206D\u200E\u200E\u206B\u206F\u202E\u200F\u200B\u206E\u202B\u206A\u200E\u206B\u206A\u206C\u202A\u206C\u202B\u206B\u206F\u206A\u200F\u206A\u200E\u202B\u200F\u200F\u200E\u200E\u200B\u200E\u202B\u206D\u202A\u202E(list.ToArray(), intptr_7);
for (int i = 0; i < array2.Length; i++)
{
if (array2[i].smethod_4())
{
return(false);
}
}
return(true);
}
text = Path.Combine(Path.GetDirectoryName(gclass8_0.String_0), Path.GetFileName(gclass8_0.String_0) + ".manifest");
}
if (string.IsNullOrEmpty(text))
{
return(false);
}
IntPtr intPtr = GClass5.VirtualAllocEx(intptr_7, IntPtr.Zero, (uint)Class7.byte_1.Length, 12288, 64);
IntPtr intPtr2 = GClass5.smethod_0(intptr_7, Encoding.ASCII.GetBytes(text + "\0"), 4);
IntPtr intPtr3 = GClass5.smethod_0(intptr_7, Encoding.ASCII.GetBytes(string.Join("\0", list.ToArray()) + "\0"), 4);
if (!intPtr.smethod_4())
{
byte[] array3 = (byte[])Class7.byte_1.Clone();
uint num = 0u;
BitConverter.GetBytes(Class7.intptr_1.smethod_7(intPtr.smethod_0(63L)).ToInt32()).CopyTo(array3, 59);
BitConverter.GetBytes(Class7.intptr_0.smethod_7(intPtr.smethod_0(88L)).ToInt32()).CopyTo(array3, 84);
BitConverter.GetBytes(Class7.intptr_3.smethod_7(intPtr.smethod_0(132L)).ToInt32()).CopyTo(array3, 128);
BitConverter.GetBytes(Class7.intptr_4.smethod_7(intPtr.smethod_0(146L)).ToInt32()).CopyTo(array3, 142);
BitConverter.GetBytes(Class7.intptr_2.smethod_7(intPtr.smethod_0(200L)).ToInt32()).CopyTo(array3, 196);
BitConverter.GetBytes(Class7.intptr_5.smethod_7(intPtr.smethod_0(209L)).ToInt32()).CopyTo(array3, 205);
BitConverter.GetBytes(intPtr2.ToInt32()).CopyTo(array3, 31);
BitConverter.GetBytes(list.Count).CopyTo(array3, 40);
BitConverter.GetBytes(intPtr3.ToInt32()).CopyTo(array3, 49);
if (GClass5.WriteProcessMemory(intptr_7, intPtr, array3, array3.Length, out num) && (ulong)num == (ulong)((long)array3.Length))
{
uint num2 = GClass5.smethod_7(intptr_7, intPtr, 0u, 5000);
result = (num2 != uint.MaxValue && num2 > 0u);
}
GClass5.VirtualFreeEx(intptr_7, intPtr3, 0, 32768);
GClass5.VirtualFreeEx(intptr_7, intPtr2, 0, 32768);
GClass5.VirtualFreeEx(intptr_7, intPtr, 0, 32768);
}
}
return(result);
}
