// Token: 0x06000354 RID: 852 RVA: 0x01038FC8 File Offset: 0x010371C8
private static void smethod_8(GClass8 gclass8_0, IntPtr intptr_7, int int_0)
{
string empty = string.Empty;
string empty2 = string.Empty;
foreach (GStruct8 gstruct in gclass8_0.method_8())
{
if (gclass8_0.method_4((long)((ulong)gclass8_0.method_11(gstruct.Name)), SeekOrigin.Begin, out empty, -1, null))
{
IntPtr intPtr = IntPtr.Zero;
intPtr = Class7.smethod_3(empty, int_0);
if (intPtr.smethod_4())
{
throw new FileNotFoundException(string.Format("Unable to load dependent module '{0}'.", empty));
}
uint num = gclass8_0.method_11(gstruct.FirstThunkPtr);
uint num2 = (uint)Marshal.SizeOf(typeof(GStruct15));
GStruct15 gstruct2;
while (gclass8_0.method_3 <GStruct15>((long)((ulong)num), SeekOrigin.Begin, out gstruct2) && gstruct2.u1.AddressOfData > 0u)
{
IntPtr intPtr2 = IntPtr.Zero;
object obj;
if ((gstruct2.u1.Ordinal & 2147483648u) != 0u)
{
obj = (ushort)(gstruct2.u1.Ordinal & 65535u);
}
else
{
if (!gclass8_0.method_4((long)((ulong)(gclass8_0.method_11(gstruct2.u1.AddressOfData) + 2u)), SeekOrigin.Begin, out empty2, -1, null))
{
throw gclass8_0.vmethod_1();
}
obj = empty2;
}
if (!(intPtr2 = GClass5.GetModuleHandleA(empty)).smethod_4())
{
IntPtr intPtr3 = obj.GetType().Equals(typeof(string)) ? GClass5.GetProcAddress(intPtr2, (string)obj) : GClass5.GetProcAddress_1(intPtr2, (uint)((ushort)obj & ushort.MaxValue));
if (!intPtr3.smethod_4())
{
intPtr2 = intPtr.smethod_0((long)intPtr3.smethod_6((long)intPtr2.ToInt32()).ToInt32());
}
}
else
{
intPtr2 = GClass5.smethod_3(intptr_7, intPtr, obj);
}
if (intPtr2.smethod_4())
{
throw new EntryPointNotFoundException(string.Format("Unable to locate imported function '{0}' from module '{1}' in the remote process.", empty2, empty));
}
gclass8_0.method_7 <int>((long)((ulong)num), SeekOrigin.Begin, intPtr2.ToInt32());
num += num2;
}
}
}
}
// Token: 0x0600032F RID: 815 RVA: 0x01038120 File Offset: 0x01036320
public override IntPtr \u202D\u202D\u206E\u200F\u206F\u206C\u202A\u200D\u200F\u206B\u200F\u200C\u200B\u200F\u206D\u202D\u206D\u206B\u206D\u200F\u202C\u202A\u200C\u206F\u206D\u202D\u206D\u200B\u206D\u206B\u206D\u200B\u200D\u202B\u200F\u206D\u206E\u202A\u200D\u206F\u202E(string string_0, IntPtr intptr_0)
{
this.vmethod_0();
if (!intptr_0.smethod_4() && !intptr_0.smethod_2(-1L))
{
try
{
IntPtr result = IntPtr.Zero;
IntPtr procAddress = GClass5.GetProcAddress(GClass5.GetModuleHandleA("kernel32.dll"), "LoadLibraryW");
if (procAddress.smethod_4())
{
throw new Exception("Unable to locate the LoadLibraryW entry point");
}
IntPtr intPtr = GClass5.smethod_0(intptr_0, Encoding.Unicode.GetBytes(string_0 + "\0"), 4);
if (!intPtr.smethod_4())
{
try
{
uint num = GClass5.smethod_7(intptr_0, procAddress, (uint)intPtr.ToInt32(), 10000);
if (num == 0u)
{
throw new Exception("Failed to load module into remote process. Error code: " + GClass5.smethod_1(intptr_0).ToString());
}
if (num != 4294967295u)
{
result = GClass4.smethod_3((long)((ulong)num));
goto IL_E5;
}
throw new Exception("Error occurred when calling function in the remote process");
}
finally
{
GClass5.VirtualFreeEx(intptr_0, intPtr, 0, 32768);
}
goto IL_DA;
IL_E5:
return(result);
}
IL_DA:
throw new InvalidOperationException("Failed to allocate memory in the remote process");
}
catch (Exception exception_)
{
this.vmethod_2(exception_);
return(IntPtr.Zero);
}
}
throw new ArgumentOutOfRangeException("hProcess", "Invalid process handle specified.");
}
// Token: 0x06000275 RID: 629 RVA: 0x01036920 File Offset: 0x01034B20
public static IntPtr smethod_2(IntPtr intptr_0, string string_0)
{
IntPtr procAddress = GClass5.GetProcAddress(GClass5.GetModuleHandleA("kernel32.dll"), "GetModuleHandleW");
IntPtr result = IntPtr.Zero;
if (!procAddress.smethod_4())
{
IntPtr intPtr = GClass5.smethod_0(intptr_0, Encoding.Unicode.GetBytes(string_0 + "\0"), 4);
if (!intPtr.smethod_4())
{
result = GClass4.smethod_3((long)((ulong)GClass5.smethod_7(intptr_0, procAddress, (uint)intPtr.ToInt32(), 1000)));
GClass5.VirtualFreeEx(intptr_0, intPtr, 0, 32768);
}
}
return(result);
}
// Token: 0x06000380 RID: 896 RVA: 0x01039644 File Offset: 0x01037844
protected virtual IntPtr vmethod_10(string[] string_0, IntPtr intptr_0, out IntPtr intptr_1, uint uint_0 = 0u)
{
intptr_1 = IntPtr.Zero;
IntPtr intPtr = IntPtr.Zero;
IntPtr result;
try
{
IntPtr moduleHandleA = GClass5.GetModuleHandleA("kernel32.dll");
IntPtr procAddress = GClass5.GetProcAddress(moduleHandleA, "LoadLibraryA");
IntPtr procAddress2 = GClass5.GetProcAddress(moduleHandleA, "GetModuleHandleA");
if (!procAddress.smethod_4() && !procAddress2.smethod_4())
{
intptr_1 = GClass5.VirtualAllocEx(intptr_0, IntPtr.Zero, (uint)((uint)string_0.Length << 2), 12288, 4);
IntPtr intPtr2 = GClass5.smethod_0(intptr_0, Encoding.ASCII.GetBytes(string.Join("\0", string_0) + "\0"), 4);
if (!intptr_1.smethod_4() && !intPtr2.smethod_4())
{
try
{
uint num = 0u;
byte[] array = new byte[string_0.Length << 2];
for (int i = 0; i < array.Length >> 2; i++)
{
BitConverter.GetBytes(uint_0).CopyTo(array, i << 2);
}
GClass5.WriteProcessMemory(intptr_0, intptr_1, array, array.Length, out num);
byte[] array2 = (byte[])Class8.byte_0.Clone();
intPtr = GClass5.VirtualAllocEx(intptr_0, IntPtr.Zero, (uint)array2.Length, 12288, 64);
if (intPtr.smethod_4())
{
throw new InvalidOperationException("Unable to allocate memory in the remote process");
}
BitConverter.GetBytes(intPtr2.ToInt32()).CopyTo(array2, 7);
BitConverter.GetBytes(string_0.Length).CopyTo(array2, 15);
BitConverter.GetBytes(intptr_1.ToInt32()).CopyTo(array2, 24);
BitConverter.GetBytes(procAddress2.smethod_7(intPtr.smethod_0(56L)).ToInt32()).CopyTo(array2, 52);
BitConverter.GetBytes(procAddress.smethod_7(intPtr.smethod_0(69L)).ToInt32()).CopyTo(array2, 65);
if (GClass5.WriteProcessMemory(intptr_0, intPtr, array2, array2.Length, out num) && (ulong)num == (ulong)((long)array2.Length))
{
result = intPtr;
goto IL_231;
}
throw new Exception("Error creating the remote function stub.");
}
finally
{
GClass5.VirtualFreeEx(intptr_0, intptr_1, 0, 32768);
GClass5.VirtualFreeEx(intptr_0, intPtr2, 0, 32768);
if (!intPtr.smethod_4())
{
GClass5.VirtualFreeEx(intptr_0, intPtr, 0, 32768);
}
intptr_1 = IntPtr.Zero;
}
goto IL_21B;
IL_231:
return(result);
}
IL_21B:
throw new InvalidOperationException("Unable to allocate memory in the remote process");
}
throw new Exception("Unable to find necessary function entry points in the remote process");
}
catch (Exception exception_)
{
this.vmethod_2(exception_);
result = IntPtr.Zero;
}
return(result);
}
// Token: 0x06000384 RID: 900 RVA: 0x010399F8 File Offset: 0x01037BF8
public override bool[] \u202B\u200E\u206C\u200C\u202C\u200F\u202C\u206C\u202D\u200F\u206B\u200B\u200B\u206E\u200D\u200C\u206C\u200C\u206F\u206E\u206D\u200C\u200B\u202C\u200B\u202D\u202C\u206B\u206B\u206D\u202E\u202B\u202D\u200C\u206D\u206D\u206D\u202A\u202D\u206C\u202E(IntPtr[] intptr_0, IntPtr intptr_1)
{
this.vmethod_0();
IntPtr intPtr = IntPtr.Zero;
IntPtr intPtr2 = IntPtr.Zero;
IntPtr intPtr3 = IntPtr.Zero;
bool[] result;
try
{
uint num = 0u;
IntPtr procAddress = GClass5.GetProcAddress(GClass5.GetModuleHandleA("kernel32.dll"), "FreeLibrary");
if (procAddress.smethod_4())
{
throw new Exception("Unable to find necessary function entry points in the remote process");
}
intPtr = GClass5.VirtualAllocEx(intptr_1, IntPtr.Zero, (uint)((uint)intptr_0.Length << 2), 12288, 4);
intPtr2 = GClass5.VirtualAllocEx(intptr_1, IntPtr.Zero, (uint)((uint)(intptr_0.Length + 1) << 2), 12288, 4);
intPtr3 = GClass5.VirtualAllocEx(intptr_1, IntPtr.Zero, (uint)Class8.byte_1.Length, 12288, 64);
if (!intPtr.smethod_4() && !intPtr2.smethod_4() && !intPtr3.smethod_4())
{
byte[] array = new byte[intptr_0.Length + 1 << 2];
for (int i = 0; i < intptr_0.Length; i++)
{
BitConverter.GetBytes(intptr_0[i].ToInt32()).CopyTo(array, i << 2);
}
GClass5.WriteProcessMemory(intptr_1, intPtr2, array, array.Length, out num);
byte[] array2 = (byte[])Class8.byte_1.Clone();
BitConverter.GetBytes(intPtr2.ToInt32()).CopyTo(array2, 7);
BitConverter.GetBytes(intPtr.ToInt32()).CopyTo(array2, 15);
BitConverter.GetBytes(procAddress.smethod_7(intPtr3.smethod_0(56L)).ToInt32()).CopyTo(array2, 52);
if (GClass5.WriteProcessMemory(intptr_1, intPtr3, array2, array2.Length, out num))
{
if ((ulong)num == (ulong)((long)array2.Length))
{
if (GClass5.smethod_7(intptr_1, intPtr3, 0u, 1000) == 4294967295u)
{
throw new InvalidOperationException("Error occurred when running remote function stub.");
}
byte[] array3 = GClass5.smethod_4(intptr_1, intPtr, (uint)((uint)intptr_0.Length << 2));
if (array3 == null)
{
throw new Exception("Unable to read results from the remote process.");
}
bool[] array4 = new bool[intptr_0.Length];
for (int i = 0; i < array4.Length; i++)
{
array4[i] = (BitConverter.ToInt32(array3, i << 2) != 0);
}
return(array4);
}
}
throw new InvalidOperationException("Unable to write the function stub to the remote process.");
}
throw new InvalidOperationException("Unable to allocate memory in the remote process");
}
catch (Exception exception_)
{
this.vmethod_2(exception_);
result = null;
}
finally
{
GClass5.VirtualFreeEx(intptr_1, intPtr3, 0, 32768);
GClass5.VirtualFreeEx(intptr_1, intPtr, 0, 32768);
GClass5.VirtualFreeEx(intptr_1, intPtr2, 0, 32768);
}
return(result);
}