// Token: 0x06000099 RID: 153 RVA: 0x0000A608 File Offset: 0x00008808
private void method_6()
{
if (this.intptr_0 == IntPtr.Zero)
{
throw new InvalidOperationException("Cannot dump process memory regions. No process loaded.");
}
this.dictionary_0.Clear();
IntPtr zero = IntPtr.Zero;
GStruct8 gstruct = default(GStruct8);
Console.WriteLine("Handle: " + this.intptr_0.ToString());
while ((long)zero < (long)this.intptr_1 && (long)zero >= 0L && GClass5.VirtualQueryEx(this.intptr_0, zero, out gstruct, (uint)Marshal.SizeOf(typeof(GStruct8))) != 0)
{
if (gstruct.int_2 == 4096)
{
if (gstruct.int_3 == 4 && (uint)gstruct.ulong_2 != 0u)
{
byte[] array = new byte[(int)gstruct.ulong_2];
int num = 0;
if (!GClass5.ReadProcessMemory(this.intptr_0, new IntPtr((long)gstruct.ulong_0), array, (uint)gstruct.ulong_2, out num))
{
throw new Exception("Failed to read process memory at search " + gstruct.ulong_0.ToString() + ". Error code: " + Marshal.GetLastWin32Error().ToString());
}
this.dictionary_0.Add(new IntPtr((long)gstruct.ulong_0), array);
}
}
zero = new IntPtr((long)(gstruct.ulong_0 + gstruct.ulong_2));
}
}
// Token: 0x06000076 RID: 118 RVA: 0x00005E58 File Offset: 0x00004058
public static string smethod_3()
{
string result;
try
{
string text = string.Empty;
string scope = GClass8.VistaOrHigher ? "root\\SecurityCenter2" : "root\\SecurityCenter";
string queryString = "SELECT * FROM FirewallProduct";
using (ManagementObjectSearcher managementObjectSearcher = new ManagementObjectSearcher(scope, queryString))
{
foreach (ManagementBaseObject managementBaseObject in managementObjectSearcher.Get())
{
ManagementObject managementObject = (ManagementObject)managementBaseObject;
text = text + managementObject["displayName"].ToString() + "; ";
}
}
text = GClass5.smethod_3(text);
result = ((!string.IsNullOrEmpty(text)) ? text : "N/A");
}
catch
{
result = "Unknown";
}
return(result);
}
// Token: 0x0600036D RID: 877 RVA: 0x000096B4 File Offset: 0x000078B4
protected virtual void OnDrawNode(DrawTreeNodeEventArgs e)
{
try
{
Rectangle rect = new Rectangle(GClass5.smethod_0(e).Location.X, e.Bounds.Location.Y, e.Bounds.Width, e.Bounds.Height);
TreeNodeStates treeNodeStates = this.treeNodeStates_0;
if (treeNodeStates != TreeNodeStates.Selected)
{
if (treeNodeStates == TreeNodeStates.Checked)
{
e.Graphics.FillRectangle(Brushes.Green, rect);
e.Graphics.DrawString(e.Node.Text, new Font("Segoe UI", 8f), Brushes.Black, new Rectangle(rect.X + 2, rect.Y + 2, rect.Width, rect.Height), GClass6.stringFormat_0);
base.Invalidate();
}
else if (treeNodeStates == TreeNodeStates.Default)
{
e.Graphics.FillRectangle(Brushes.Red, rect);
e.Graphics.DrawString(e.Node.Text, new Font("Segoe UI", 8f), Brushes.LimeGreen, new Rectangle(rect.X + 2, rect.Y + 2, rect.Width, rect.Height), GClass6.stringFormat_0);
base.Invalidate();
}
}
else
{
e.Graphics.FillRectangle(Brushes.Green, rect);
e.Graphics.DrawString(e.Node.Text, new Font("Segoe UI", 8f), Brushes.Black, new Rectangle(rect.X + 2, rect.Y + 2, rect.Width, rect.Height), GClass6.stringFormat_0);
base.Invalidate();
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
base.OnDrawNode(e);
}
// Token: 0x06000070 RID: 112 RVA: 0x00005990 File Offset: 0x00003B90
public static string smethod_4()
{
string result;
try
{
string text = string.Empty;
string queryString = "SELECT * FROM Win32_DisplayConfiguration";
using (ManagementObjectSearcher managementObjectSearcher = new ManagementObjectSearcher(queryString))
{
foreach (ManagementBaseObject managementBaseObject in managementObjectSearcher.Get())
{
ManagementObject managementObject = (ManagementObject)managementBaseObject;
text = text + managementObject["Description"].ToString() + "; ";
}
}
text = GClass5.smethod_3(text);
result = ((!string.IsNullOrEmpty(text)) ? text : "N/A");
}
catch
{
result = "Unknown";
}
return(result);
}
// Token: 0x06000092 RID: 146 RVA: 0x0000A55C File Offset: 0x0000875C
public GClass5()
{
GStruct7 gstruct;
GClass5.GetSystemInfo(out gstruct);
this.intptr_1 = gstruct.intptr_1;
this.method_0();
}
// Token: 0x06000343 RID: 835 RVA: 0x010384A0 File Offset: 0x010366A0
public virtual bool vmethod_8(IntPtr intptr_0, int int_0)
{
this.vmethod_0();
IntPtr intPtr = GClass5.OpenProcess(1082u, false, int_0);
bool result = this.GClass10.\u200E\u206C\u202E\u202D\u200C\u202E\u206B\u202C\u206D\u202E\u206C\u202B\u206E\u200B\u202C\u206D\u200D\u200D\u202C\u206F\u202D\u200D\u202C\u202C\u206D\u200E\u200B\u206A\u200E\u206B\u200E\u200B\u206A\u206A\u202D\u202C\u200E\u202E\u202A\u200E\u202E(intptr_0, intPtr);
GClass5.CloseHandle(intPtr);
return(result);
}
// Token: 0x06000341 RID: 833 RVA: 0x01038470 File Offset: 0x01036670
public virtual IntPtr[] vmethod_7(string[] string_0, int int_0)
{
this.vmethod_0();
IntPtr intptr_ = GClass5.OpenProcess(1082u, false, int_0);
IntPtr[] result = this.GClass10.\u200E\u206B\u200D\u202B\u200F\u206A\u206D\u200E\u200E\u206B\u206F\u202E\u200F\u200B\u206E\u202B\u206A\u200E\u206B\u206A\u206C\u202A\u206C\u202B\u206B\u206F\u206A\u200F\u206A\u200E\u202B\u200F\u200F\u200E\u200E\u200B\u200E\u202B\u206D\u202A\u202E(string_0, intptr_);
GClass5.CloseHandle(intptr_);
return(result);
}
// Token: 0x0600033B RID: 827 RVA: 0x010383E0 File Offset: 0x010365E0
public virtual IntPtr vmethod_4(GClass8 gclass8_0, int int_0)
{
this.vmethod_0();
IntPtr intptr_ = GClass5.OpenProcess(1082u, false, int_0);
IntPtr result = this.GClass10.\u202D\u202D\u206E\u200F\u206F\u206C\u202A\u200D\u200F\u206B\u200F\u200C\u200B\u200F\u206D\u202D\u206D\u206B\u206D\u200F\u202C\u202A\u200C\u206F\u206D\u202D\u206D\u200B\u206D\u206B\u206D\u200B\u200D\u202B\u200F\u206D\u206E\u202A\u200D\u206F\u202E(gclass8_0, intptr_);
GClass5.CloseHandle(intptr_);
return(result);
}
// Token: 0x0600036E RID: 878 RVA: 0x00009630 File Offset: 0x00007830
public GClass5()
{
base.SetStyle(ControlStyles.UserPaint | ControlStyles.ResizeRedraw | ControlStyles.AllPaintingInWmPaint | ControlStyles.OptimizedDoubleBuffer, true);
this.DoubleBuffered = true;
GClass5.smethod_1(this, this.color_0);
GClass5.smethod_2(this, Color.White);
GClass5.smethod_3(this, this.color_1);
GClass5.smethod_4(this, TreeViewDrawMode.OwnerDrawAll);
}
// Token: 0x06000354 RID: 852 RVA: 0x01038FC8 File Offset: 0x010371C8
private static void smethod_8(GClass8 gclass8_0, IntPtr intptr_7, int int_0)
{
string empty = string.Empty;
string empty2 = string.Empty;
foreach (GStruct8 gstruct in gclass8_0.method_8())
{
if (gclass8_0.method_4((long)((ulong)gclass8_0.method_11(gstruct.Name)), SeekOrigin.Begin, out empty, -1, null))
{
IntPtr intPtr = IntPtr.Zero;
intPtr = Class7.smethod_3(empty, int_0);
if (intPtr.smethod_4())
{
throw new FileNotFoundException(string.Format("Unable to load dependent module '{0}'.", empty));
}
uint num = gclass8_0.method_11(gstruct.FirstThunkPtr);
uint num2 = (uint)Marshal.SizeOf(typeof(GStruct15));
GStruct15 gstruct2;
while (gclass8_0.method_3 <GStruct15>((long)((ulong)num), SeekOrigin.Begin, out gstruct2) && gstruct2.u1.AddressOfData > 0u)
{
IntPtr intPtr2 = IntPtr.Zero;
object obj;
if ((gstruct2.u1.Ordinal & 2147483648u) != 0u)
{
obj = (ushort)(gstruct2.u1.Ordinal & 65535u);
}
else
{
if (!gclass8_0.method_4((long)((ulong)(gclass8_0.method_11(gstruct2.u1.AddressOfData) + 2u)), SeekOrigin.Begin, out empty2, -1, null))
{
throw gclass8_0.vmethod_1();
}
obj = empty2;
}
if (!(intPtr2 = GClass5.GetModuleHandleA(empty)).smethod_4())
{
IntPtr intPtr3 = obj.GetType().Equals(typeof(string)) ? GClass5.GetProcAddress(intPtr2, (string)obj) : GClass5.GetProcAddress_1(intPtr2, (uint)((ushort)obj & ushort.MaxValue));
if (!intPtr3.smethod_4())
{
intPtr2 = intPtr.smethod_0((long)intPtr3.smethod_6((long)intPtr2.ToInt32()).ToInt32());
}
}
else
{
intPtr2 = GClass5.smethod_3(intptr_7, intPtr, obj);
}
if (intPtr2.smethod_4())
{
throw new EntryPointNotFoundException(string.Format("Unable to locate imported function '{0}' from module '{1}' in the remote process.", empty2, empty));
}
gclass8_0.method_7 <int>((long)((ulong)num), SeekOrigin.Begin, intPtr2.ToInt32());
num += num2;
}
}
}
}
// Token: 0x06000282 RID: 642 RVA: 0x01036CD0 File Offset: 0x01034ED0
public static uint smethod_7(IntPtr intptr_0, IntPtr intptr_1, uint uint_0, int int_0 = 1000)
{
uint maxValue = uint.MaxValue;
IntPtr intPtr = GClass5.CreateRemoteThread(intptr_0, 0, 0, intptr_1, uint_0, 0, 0);
if (intPtr != IntPtr.Zero && (ulong)GClass5.WaitForSingleObject(intPtr, int_0) == 0UL)
{
GClass5.GetExitCodeThread(intPtr, out maxValue);
}
return(maxValue);
}
// Token: 0x0600027E RID: 638 RVA: 0x01036BD4 File Offset: 0x01034DD4
public static byte[] smethod_4(IntPtr intptr_0, IntPtr intptr_1, uint uint_0)
{
byte[] array = new byte[uint_0];
uint num = 0u;
if (!GClass5.ReadProcessMemory(intptr_0, intptr_1, array, array.Length, out num) || num != uint_0)
{
array = null;
}
return(array);
}
// Token: 0x06000283 RID: 643 RVA: 0x01036D10 File Offset: 0x01034F10
private static int smethod_8(IntPtr intptr_0, IntPtr intptr_1, byte[] byte_0, string string_0)
{
uint num = BitConverter.ToUInt32(byte_0, 24);
uint num2 = BitConverter.ToUInt32(byte_0, 32);
int num3 = -1;
if (num > 0u && num2 > 0u)
{
byte[] array = GClass5.smethod_4(intptr_0, intptr_1.smethod_0((long)((ulong)num2)), num << 2);
if (array == null)
{
return(num3);
}
uint[] array2 = new uint[num];
for (int i = 0; i < array2.Length; i++)
{
array2[i] = BitConverter.ToUInt32(array, i << 2);
}
int j = 0;
int num4 = array2.Length - 1;
string text = string.Empty;
while (j >= 0)
{
if (j > num4)
{
break;
}
if (num3 != -1)
{
break;
}
int num5 = (j + num4) / 2;
text = GClass5.smethod_6(intptr_0, intptr_1.smethod_0((long)((ulong)array2[num5])), null);
if (!text.Equals(string_0))
{
if (string.CompareOrdinal(text, string_0) < 0)
{
j = num5 - 1;
}
else
{
num4 = num5 + 1;
}
}
else
{
num3 = num5;
}
}
}
return(num3);
}
// Token: 0x0600027F RID: 639 RVA: 0x01036C04 File Offset: 0x01034E04
public static IntPtr smethod_5(IntPtr intptr_0, IntPtr intptr_1)
{
IntPtr zero = IntPtr.Zero;
if (!intptr_0.smethod_4() && !intptr_1.smethod_4())
{
byte[] array = GClass5.smethod_4(intptr_0, intptr_1, (uint)IntPtr.Size);
if (array != null)
{
zero = new IntPtr(BitConverter.ToInt32(array, 0));
}
}
return(zero);
}
// Token: 0x06000095 RID: 149 RVA: 0x0000A588 File Offset: 0x00008788
public void method_2(int int_1)
{
if (this.intptr_0 != IntPtr.Zero)
{
this.method_4();
this.method_0();
}
this.int_0 = int_1;
this.intptr_0 = GClass5.OpenProcess(1080u, false, int_1);
if (this.intptr_0 == IntPtr.Zero)
{
throw new Exception("Failed to open process " + int_1.ToString() + ". Error code: " + Marshal.GetLastWin32Error().ToString());
}
}
public GClass5()
{
GClass5.smethod_0();
this.logger_0 = LogManager.GetLogger("DOPE");
this.logger_0.Info("Loading DOPE {arch} {version} on {architecture} ({os})", new object[]
{
GClass927.smethod_1() ? "x86" : "x64",
Constants.VersionString,
Environment.Is64BitOperatingSystem ? "x64" : "x86",
Environment.OSVersion.VersionString
});
AppDomain.CurrentDomain.FirstChanceException += this.method_0;
AppDomain.CurrentDomain.UnhandledException += this.method_2;
base.ShutdownMode = ShutdownMode.OnMainWindowClose;
GClass82.smethod_2();
bool flag;
using (WindowsIdentity current = WindowsIdentity.GetCurrent())
{
flag = new WindowsPrincipal(current).IsInRole(WindowsBuiltInRole.Administrator);
}
PErkava.IsSupported = flag;
try
{
PErkava.smethod_3();
}
catch
{
PErkava.IsSupported = false;
}
if (flag && PErkava.IsSupported)
{
try
{
GClass933 gclass = new GClass933();
gclass.Start();
PErkava.Host = gclass;
}
catch
{
}
}
this.logger_0.Info("PErkava support status: {status}", PErkava.IsSupported);
if (PErkava.IsSupported)
{
this.logger_0.Info("Use legacy proxy: {proxy}", PErkava.smethod_2());
}
AppDomain.CurrentDomain.ProcessExit += this.method_1;
}
// Token: 0x0600032F RID: 815 RVA: 0x01038120 File Offset: 0x01036320
public override IntPtr \u202D\u202D\u206E\u200F\u206F\u206C\u202A\u200D\u200F\u206B\u200F\u200C\u200B\u200F\u206D\u202D\u206D\u206B\u206D\u200F\u202C\u202A\u200C\u206F\u206D\u202D\u206D\u200B\u206D\u206B\u206D\u200B\u200D\u202B\u200F\u206D\u206E\u202A\u200D\u206F\u202E(string string_0, IntPtr intptr_0)
{
this.vmethod_0();
if (!intptr_0.smethod_4() && !intptr_0.smethod_2(-1L))
{
try
{
IntPtr result = IntPtr.Zero;
IntPtr procAddress = GClass5.GetProcAddress(GClass5.GetModuleHandleA("kernel32.dll"), "LoadLibraryW");
if (procAddress.smethod_4())
{
throw new Exception("Unable to locate the LoadLibraryW entry point");
}
IntPtr intPtr = GClass5.smethod_0(intptr_0, Encoding.Unicode.GetBytes(string_0 + "\0"), 4);
if (!intPtr.smethod_4())
{
try
{
uint num = GClass5.smethod_7(intptr_0, procAddress, (uint)intPtr.ToInt32(), 10000);
if (num == 0u)
{
throw new Exception("Failed to load module into remote process. Error code: " + GClass5.smethod_1(intptr_0).ToString());
}
if (num != 4294967295u)
{
result = GClass4.smethod_3((long)((ulong)num));
goto IL_E5;
}
throw new Exception("Error occurred when calling function in the remote process");
}
finally
{
GClass5.VirtualFreeEx(intptr_0, intPtr, 0, 32768);
}
goto IL_DA;
IL_E5:
return(result);
}
IL_DA:
throw new InvalidOperationException("Failed to allocate memory in the remote process");
}
catch (Exception exception_)
{
this.vmethod_2(exception_);
return(IntPtr.Zero);
}
}
throw new ArgumentOutOfRangeException("hProcess", "Invalid process handle specified.");
}
// Token: 0x06000275 RID: 629 RVA: 0x01036920 File Offset: 0x01034B20
public static IntPtr smethod_2(IntPtr intptr_0, string string_0)
{
IntPtr procAddress = GClass5.GetProcAddress(GClass5.GetModuleHandleA("kernel32.dll"), "GetModuleHandleW");
IntPtr result = IntPtr.Zero;
if (!procAddress.smethod_4())
{
IntPtr intPtr = GClass5.smethod_0(intptr_0, Encoding.Unicode.GetBytes(string_0 + "\0"), 4);
if (!intPtr.smethod_4())
{
result = GClass4.smethod_3((long)((ulong)GClass5.smethod_7(intptr_0, procAddress, (uint)intPtr.ToInt32(), 1000)));
GClass5.VirtualFreeEx(intptr_0, intPtr, 0, 32768);
}
}
return(result);
}
// Token: 0x06000330 RID: 816 RVA: 0x0103825C File Offset: 0x0103645C
public override IntPtr[] \u200E\u206B\u200D\u202B\u200F\u206A\u206D\u200E\u200E\u206B\u206F\u202E\u200F\u200B\u206E\u202B\u206A\u200E\u206B\u206A\u206C\u202A\u206C\u202B\u206B\u206F\u206A\u200F\u206A\u200E\u202B\u200F\u200F\u200E\u200E\u200B\u200E\u202B\u206D\u202A\u202E(string[] string_0, IntPtr intptr_0)
{
this.vmethod_0();
if (!intptr_0.smethod_4() && !intptr_0.smethod_2(-1L))
{
try
{
IntPtr zero = IntPtr.Zero;
IntPtr intPtr = this.vmethod_10(string_0, intptr_0, out zero, 0u);
IntPtr[] array = null;
if (!intPtr.smethod_4())
{
try
{
if (GClass5.smethod_7(intptr_0, intPtr, 0u, 10000) == 4294967295u)
{
throw new Exception("Error occurred while executing remote thread.");
}
byte[] array2 = GClass5.smethod_4(intptr_0, zero, (uint)((uint)string_0.Length << 2));
if (array2 == null)
{
throw new InvalidOperationException("Unable to read from the remote process.");
}
array = new IntPtr[string_0.Length];
for (int i = 0; i < array.Length; i++)
{
array[i] = new IntPtr(BitConverter.ToInt32(array2, i << 2));
}
}
finally
{
GClass5.VirtualFreeEx(intptr_0, zero, 0, 32768);
GClass5.VirtualFreeEx(intptr_0, intPtr, 0, 32768);
}
}
return(array);
}
catch (Exception exception_)
{
this.vmethod_2(exception_);
return(null);
}
}
throw new ArgumentOutOfRangeException("hProcess", "Invalid process handle specified.");
}
// Token: 0x06000353 RID: 851 RVA: 0x01038F04 File Offset: 0x01037104
private static void smethod_7(GClass8 gclass8_0, IntPtr intptr_7, IntPtr intptr_8)
{
foreach (GStruct14 gstruct in gclass8_0.method_9())
{
byte[] array = new byte[gstruct.SizeOfRawData];
if (!gclass8_0.method_2((long)((ulong)gstruct.PointerToRawData), SeekOrigin.Begin, array))
{
throw gclass8_0.vmethod_1();
}
if ((gstruct.Characteristics & 33554432u) == 0u)
{
uint num;
GClass5.WriteProcessMemory(intptr_7, intptr_8.smethod_0((long)((ulong)gstruct.VirtualAddress)), array, array.Length, out num);
IntPtr intPtr = intptr_8.smethod_0((long)((ulong)gstruct.VirtualAddress));
GClass5.VirtualProtectEx(intptr_7, intPtr, gstruct.SizeOfRawData, gstruct.Characteristics & 16777215u, out num);
}
}
}
// Token: 0x0600036F RID: 879 RVA: 0x000096A4 File Offset: 0x000078A4
protected virtual void OnPaint(PaintEventArgs e)
{
Bitmap bitmap = GClass5.smethod_7(GClass5.smethod_5(this), GClass5.smethod_6(this));
Graphics graphics = GClass5.smethod_8(bitmap);
Rectangle rectangle_ = new Rectangle(0, 0, GClass5.smethod_5(this), GClass5.smethod_6(this));
GClass5.smethod_9(graphics, SmoothingMode.HighQuality);
GClass5.smethod_10(graphics, PixelOffsetMode.HighQuality);
GClass5.smethod_11(graphics, TextRenderingHint.ClearTypeGridFit);
GClass5.smethod_13(graphics, GClass5.smethod_12(this));
GClass5.smethod_15(graphics, GClass5.smethod_14(this.color_0), rectangle_);
graphics.DrawString(GClass5.smethod_16(this), GClass5.smethod_17("Segoe UI", 8f), GClass5.smethod_18(), new Rectangle(this.method_0().X + 2, base.Bounds.Y + 2, base.Bounds.Width, base.Bounds.Height), GClass6.stringFormat_0);
base.OnPaint(e);
graphics.Dispose();
e.Graphics.InterpolationMode = InterpolationMode.HighQualityBicubic;
e.Graphics.DrawImageUnscaled(bitmap, 0, 0);
bitmap.Dispose();
}
// Token: 0x06000356 RID: 854 RVA: 0x0103930C File Offset: 0x0103750C
public override bool \u200E\u206C\u202E\u202D\u200C\u202E\u206B\u202C\u206D\u202E\u206C\u202B\u206E\u200B\u202C\u206D\u200D\u200D\u202C\u206F\u202D\u200D\u202C\u202C\u206D\u200E\u200B\u206A\u200E\u206B\u200E\u200B\u206A\u206A\u202D\u202C\u200E\u202E\u202A\u200E\u202E(IntPtr intptr_7, IntPtr intptr_8)
{
this.vmethod_0();
if (intptr_7.smethod_4())
{
throw new ArgumentNullException("hModule", "Invalid module handle");
}
if (!intptr_8.smethod_4() && !intptr_8.smethod_2(-1L))
{
IntPtr intPtr = IntPtr.Zero;
uint num = 0u;
try
{
uint num2 = Class7.smethod_2(intptr_8, intptr_7);
if (num2 == 0u)
{
return(GClass5.VirtualFreeEx(intptr_8, intptr_7, 0, 32768));
}
byte[] array = (byte[])Class7.byte_0.Clone();
BitConverter.GetBytes(intptr_7.ToInt32()).CopyTo(array, 11);
BitConverter.GetBytes(0u).CopyTo(array, 6);
BitConverter.GetBytes(1000u).CopyTo(array, 1);
intPtr = GClass5.VirtualAllocEx(intptr_8, IntPtr.Zero, (uint)Class7.byte_0.Length, 12288, 64);
if (intPtr.smethod_4() || !GClass5.WriteProcessMemory(intptr_8, intPtr, array, array.Length, out num) || (ulong)num != (ulong)((long)array.Length))
{
throw new InvalidOperationException("Unable to write stub to the remote process.");
}
IntPtr intPtr2 = GClass5.CreateRemoteThread(intptr_8, 0, 0, intPtr, (uint)intptr_7.smethod_0((long)((ulong)num2)).ToInt32(), 0, 0);
if ((ulong)GClass5.WaitForSingleObject(intPtr2, 5000) == 0UL)
{
GClass5.VirtualFreeEx(intptr_8, intPtr, 0, 32768);
GClass5.CloseHandle(intPtr2);
return(GClass5.VirtualFreeEx(intptr_8, intptr_7, 0, 32768));
}
return(false);
}
catch (Exception exception_)
{
this.vmethod_2(exception_);
return(false);
}
}
throw new ArgumentException("Invalid process handle.", "hProcess");
}
// Token: 0x06000270 RID: 624 RVA: 0x01036860 File Offset: 0x01034A60
public static IntPtr smethod_0(IntPtr intptr_0, byte[] byte_0, int int_0)
{
IntPtr intPtr = IntPtr.Zero;
if (byte_0 != null && intptr_0 != IntPtr.Zero)
{
intPtr = GClass5.VirtualAllocEx(intptr_0, IntPtr.Zero, (uint)byte_0.Length, 12288, int_0);
uint num = 0u;
if (intPtr != IntPtr.Zero && GClass5.WriteProcessMemory(intptr_0, intPtr, byte_0, byte_0.Length, out num) && (ulong)num == (ulong)((long)byte_0.Length))
{
return(intPtr);
}
if (intPtr != IntPtr.Zero)
{
GClass5.VirtualFreeEx(intptr_0, intPtr, 0, 32768);
intPtr = IntPtr.Zero;
}
}
return(intPtr);
}
// Token: 0x06000280 RID: 640 RVA: 0x01036C48 File Offset: 0x01034E48
public static string smethod_6(IntPtr intptr_0, IntPtr intptr_1, Encoding encoding_0 = null)
{
if (encoding_0 == null)
{
encoding_0 = Encoding.ASCII;
}
StringBuilder stringBuilder = new StringBuilder();
byte[] array = new byte[256];
uint num = 0u;
int num2 = -1;
while (num2 < 0 && GClass5.ReadProcessMemory(intptr_0, intptr_1, array, array.Length, out num) && num > 0u)
{
intptr_1 = intptr_1.smethod_0((long)((ulong)num));
int length = stringBuilder.Length;
stringBuilder.Append(encoding_0.GetString(array, 0, (int)num));
num2 = stringBuilder.ToString().IndexOf('\0', length);
}
return(stringBuilder.ToString().Substring(0, num2));
}
// Token: 0x0600009E RID: 158 RVA: 0x0000AAB8 File Offset: 0x00008CB8
public void method_11(IntPtr intptr_2, byte[] byte_0)
{
if (this.intptr_0 == IntPtr.Zero)
{
throw new InvalidOperationException("Cannot write process memory at " + intptr_2.ToString() + ". No process loaded.");
}
if (intptr_2 == IntPtr.Zero)
{
throw new ArgumentOutOfRangeException("Cannot write process memory. Invalid memory address.");
}
if (byte_0.Length < 1)
{
throw new ArgumentOutOfRangeException("Cannot write process memory of size " + byte_0.Length.ToString() + ".");
}
int num;
if (!GClass5.WriteProcessMemory(this.intptr_0, intptr_2, byte_0, byte_0.Length, out num))
{
throw new Exception("Failed to write process memory at " + intptr_2.ToString() + ". Error code: " + Marshal.GetLastWin32Error().ToString());
}
}
// Token: 0x06000072 RID: 114 RVA: 0x00005B24 File Offset: 0x00003D24
public static string smethod_6()
{
foreach (NetworkInterface networkInterface in NetworkInterface.GetAllNetworkInterfaces())
{
if (networkInterface.NetworkInterfaceType == NetworkInterfaceType.Wireless80211 || (networkInterface.NetworkInterfaceType == NetworkInterfaceType.Ethernet && networkInterface.OperationalStatus == OperationalStatus.Up))
{
bool flag = false;
foreach (UnicastIPAddressInformation unicastIPAddressInformation in networkInterface.GetIPProperties().UnicastAddresses)
{
if (unicastIPAddressInformation.Address.AddressFamily == AddressFamily.InterNetwork && unicastIPAddressInformation.AddressPreferredLifetime != 4294967295L)
{
flag = (unicastIPAddressInformation.Address.ToString() == GClass11.smethod_5());
}
}
if (flag)
{
return(GClass5.smethod_0(networkInterface.GetPhysicalAddress().ToString()));
}
}
}
return("-");
}
// Token: 0x0600006E RID: 110 RVA: 0x00005814 File Offset: 0x00003A14
public static string smethod_2()
{
try
{
string text = string.Empty;
string queryString = "SELECT * FROM Win32_Processor";
using (ManagementObjectSearcher managementObjectSearcher = new ManagementObjectSearcher(queryString))
{
foreach (ManagementBaseObject managementBaseObject in managementObjectSearcher.Get())
{
ManagementObject managementObject = (ManagementObject)managementBaseObject;
text = text + managementObject["Name"].ToString() + "; ";
}
}
text = GClass5.smethod_3(text);
return((!string.IsNullOrEmpty(text)) ? text : "N/A");
}
catch
{
}
return("Unknown");
}
// Token: 0x0600009D RID: 157 RVA: 0x0000AA00 File Offset: 0x00008C00
public byte[] method_10(IntPtr intptr_2, int int_1)
{
if (this.intptr_0 == IntPtr.Zero)
{
throw new InvalidOperationException("Cannot read process memory at " + intptr_2.ToString() + ". No process loaded.");
}
if (intptr_2 == IntPtr.Zero)
{
throw new ArgumentOutOfRangeException("Cannot read process memory. Invalid memory address.");
}
if (int_1 < 1)
{
throw new ArgumentOutOfRangeException("Cannot read process memory of size " + int_1.ToString() + ".");
}
byte[] array = new byte[int_1];
int num;
if (!GClass5.ReadProcessMemory(this.intptr_0, intptr_2, array, (uint)array.Length, out num))
{
throw new Exception("Failed to read process memory at readMemory() " + intptr_2.ToString() + ". Error code: " + Marshal.GetLastWin32Error().ToString());
}
return(array);
}
// Token: 0x0600034A RID: 842 RVA: 0x010385D4 File Offset: 0x010367D4
private static uint smethod_2(IntPtr intptr_7, IntPtr intptr_8)
{
if (intptr_7.smethod_4() || intptr_7.smethod_2(-1L))
{
throw new ArgumentException("Invalid process handle.", "hProcess");
}
if (intptr_8.smethod_4())
{
throw new ArgumentException("Invalid module handle.", "hModule");
}
byte[] array = GClass5.smethod_4(intptr_7, intptr_8, (uint)Marshal.SizeOf(typeof(GStruct6)));
if (array != null)
{
ushort num = BitConverter.ToUInt16(array, 0);
uint num2 = BitConverter.ToUInt32(array, 60);
if (num == 23117)
{
byte[] array2 = GClass5.smethod_4(intptr_7, intptr_8.smethod_0((long)((ulong)num2)), (uint)Marshal.SizeOf(typeof(GStruct9)));
if (array2 != null && BitConverter.ToUInt32(array2, 0) == 17744u)
{
GStruct9 gstruct = default(GStruct9);
uint addressOfEntryPoint;
using (GClass9 gclass = new GClass9(256))
{
if (!gclass.method_9 <GStruct9>(array2, out gstruct))
{
return(0u);
}
addressOfEntryPoint = gstruct.OptionalHeader.AddressOfEntryPoint;
}
return(addressOfEntryPoint);
}
}
}
return(0u);
}
// Token: 0x06000380 RID: 896 RVA: 0x01039644 File Offset: 0x01037844
protected virtual IntPtr vmethod_10(string[] string_0, IntPtr intptr_0, out IntPtr intptr_1, uint uint_0 = 0u)
{
intptr_1 = IntPtr.Zero;
IntPtr intPtr = IntPtr.Zero;
IntPtr result;
try
{
IntPtr moduleHandleA = GClass5.GetModuleHandleA("kernel32.dll");
IntPtr procAddress = GClass5.GetProcAddress(moduleHandleA, "LoadLibraryA");
IntPtr procAddress2 = GClass5.GetProcAddress(moduleHandleA, "GetModuleHandleA");
if (!procAddress.smethod_4() && !procAddress2.smethod_4())
{
intptr_1 = GClass5.VirtualAllocEx(intptr_0, IntPtr.Zero, (uint)((uint)string_0.Length << 2), 12288, 4);
IntPtr intPtr2 = GClass5.smethod_0(intptr_0, Encoding.ASCII.GetBytes(string.Join("\0", string_0) + "\0"), 4);
if (!intptr_1.smethod_4() && !intPtr2.smethod_4())
{
try
{
uint num = 0u;
byte[] array = new byte[string_0.Length << 2];
for (int i = 0; i < array.Length >> 2; i++)
{
BitConverter.GetBytes(uint_0).CopyTo(array, i << 2);
}
GClass5.WriteProcessMemory(intptr_0, intptr_1, array, array.Length, out num);
byte[] array2 = (byte[])Class8.byte_0.Clone();
intPtr = GClass5.VirtualAllocEx(intptr_0, IntPtr.Zero, (uint)array2.Length, 12288, 64);
if (intPtr.smethod_4())
{
throw new InvalidOperationException("Unable to allocate memory in the remote process");
}
BitConverter.GetBytes(intPtr2.ToInt32()).CopyTo(array2, 7);
BitConverter.GetBytes(string_0.Length).CopyTo(array2, 15);
BitConverter.GetBytes(intptr_1.ToInt32()).CopyTo(array2, 24);
BitConverter.GetBytes(procAddress2.smethod_7(intPtr.smethod_0(56L)).ToInt32()).CopyTo(array2, 52);
BitConverter.GetBytes(procAddress.smethod_7(intPtr.smethod_0(69L)).ToInt32()).CopyTo(array2, 65);
if (GClass5.WriteProcessMemory(intptr_0, intPtr, array2, array2.Length, out num) && (ulong)num == (ulong)((long)array2.Length))
{
result = intPtr;
goto IL_231;
}
throw new Exception("Error creating the remote function stub.");
}
finally
{
GClass5.VirtualFreeEx(intptr_0, intptr_1, 0, 32768);
GClass5.VirtualFreeEx(intptr_0, intPtr2, 0, 32768);
if (!intPtr.smethod_4())
{
GClass5.VirtualFreeEx(intptr_0, intPtr, 0, 32768);
}
intptr_1 = IntPtr.Zero;
}
goto IL_21B;
IL_231:
return(result);
}
IL_21B:
throw new InvalidOperationException("Unable to allocate memory in the remote process");
}
throw new Exception("Unable to find necessary function entry points in the remote process");
}
catch (Exception exception_)
{
this.vmethod_2(exception_);
result = IntPtr.Zero;
}
return(result);
}
