// Token: 0x06000343 RID: 835 RVA: 0x010384A0 File Offset: 0x010366A0
public virtual bool vmethod_8(IntPtr intptr_0, int int_0)
{
this.vmethod_0();
IntPtr intPtr = GClass5.OpenProcess(1082u, false, int_0);
bool result = this.GClass10.\u200E\u206C\u202E\u202D\u200C\u202E\u206B\u202C\u206D\u202E\u206C\u202B\u206E\u200B\u202C\u206D\u200D\u200D\u202C\u206F\u202D\u200D\u202C\u202C\u206D\u200E\u200B\u206A\u200E\u206B\u200E\u200B\u206A\u206A\u202D\u202C\u200E\u202E\u202A\u200E\u202E(intptr_0, intPtr);
GClass5.CloseHandle(intPtr);
return(result);
}
// Token: 0x06000341 RID: 833 RVA: 0x01038470 File Offset: 0x01036670
public virtual IntPtr[] vmethod_7(string[] string_0, int int_0)
{
this.vmethod_0();
IntPtr intptr_ = GClass5.OpenProcess(1082u, false, int_0);
IntPtr[] result = this.GClass10.\u200E\u206B\u200D\u202B\u200F\u206A\u206D\u200E\u200E\u206B\u206F\u202E\u200F\u200B\u206E\u202B\u206A\u200E\u206B\u206A\u206C\u202A\u206C\u202B\u206B\u206F\u206A\u200F\u206A\u200E\u202B\u200F\u200F\u200E\u200E\u200B\u200E\u202B\u206D\u202A\u202E(string_0, intptr_);
GClass5.CloseHandle(intptr_);
return(result);
}
// Token: 0x0600033B RID: 827 RVA: 0x010383E0 File Offset: 0x010365E0
public virtual IntPtr vmethod_4(GClass8 gclass8_0, int int_0)
{
this.vmethod_0();
IntPtr intptr_ = GClass5.OpenProcess(1082u, false, int_0);
IntPtr result = this.GClass10.\u202D\u202D\u206E\u200F\u206F\u206C\u202A\u200D\u200F\u206B\u200F\u200C\u200B\u200F\u206D\u202D\u206D\u206B\u206D\u200F\u202C\u202A\u200C\u206F\u206D\u202D\u206D\u200B\u206D\u206B\u206D\u200B\u200D\u202B\u200F\u206D\u206E\u202A\u200D\u206F\u202E(gclass8_0, intptr_);
GClass5.CloseHandle(intptr_);
return(result);
}
// Token: 0x06000356 RID: 854 RVA: 0x0103930C File Offset: 0x0103750C
public override bool \u200E\u206C\u202E\u202D\u200C\u202E\u206B\u202C\u206D\u202E\u206C\u202B\u206E\u200B\u202C\u206D\u200D\u200D\u202C\u206F\u202D\u200D\u202C\u202C\u206D\u200E\u200B\u206A\u200E\u206B\u200E\u200B\u206A\u206A\u202D\u202C\u200E\u202E\u202A\u200E\u202E(IntPtr intptr_7, IntPtr intptr_8)
{
this.vmethod_0();
if (intptr_7.smethod_4())
{
throw new ArgumentNullException("hModule", "Invalid module handle");
}
if (!intptr_8.smethod_4() && !intptr_8.smethod_2(-1L))
{
IntPtr intPtr = IntPtr.Zero;
uint num = 0u;
try
{
uint num2 = Class7.smethod_2(intptr_8, intptr_7);
if (num2 == 0u)
{
return(GClass5.VirtualFreeEx(intptr_8, intptr_7, 0, 32768));
}
byte[] array = (byte[])Class7.byte_0.Clone();
BitConverter.GetBytes(intptr_7.ToInt32()).CopyTo(array, 11);
BitConverter.GetBytes(0u).CopyTo(array, 6);
BitConverter.GetBytes(1000u).CopyTo(array, 1);
intPtr = GClass5.VirtualAllocEx(intptr_8, IntPtr.Zero, (uint)Class7.byte_0.Length, 12288, 64);
if (intPtr.smethod_4() || !GClass5.WriteProcessMemory(intptr_8, intPtr, array, array.Length, out num) || (ulong)num != (ulong)((long)array.Length))
{
throw new InvalidOperationException("Unable to write stub to the remote process.");
}
IntPtr intPtr2 = GClass5.CreateRemoteThread(intptr_8, 0, 0, intPtr, (uint)intptr_7.smethod_0((long)((ulong)num2)).ToInt32(), 0, 0);
if ((ulong)GClass5.WaitForSingleObject(intPtr2, 5000) == 0UL)
{
GClass5.VirtualFreeEx(intptr_8, intPtr, 0, 32768);
GClass5.CloseHandle(intPtr2);
return(GClass5.VirtualFreeEx(intptr_8, intptr_7, 0, 32768));
}
return(false);
}
catch (Exception exception_)
{
this.vmethod_2(exception_);
return(false);
}
}
throw new ArgumentException("Invalid process handle.", "hProcess");
}
// Token: 0x06000352 RID: 850 RVA: 0x01038C54 File Offset: 0x01036E54
private static IntPtr smethod_6(GClass8 gclass8_0, IntPtr intptr_7, bool bool_0 = false)
{
if (intptr_7.smethod_4() || intptr_7.smethod_2(-1L))
{
throw new ArgumentException("Invalid process handle.", "hProcess");
}
if (gclass8_0 == null)
{
throw new ArgumentException("Cannot map a non-existant PE Image.", "image");
}
int processId = GClass5.GetProcessId(intptr_7);
if (processId == 0)
{
throw new ArgumentException("Provided handle doesn't have sufficient permissions to inject", "hProcess");
}
IntPtr intPtr = IntPtr.Zero;
IntPtr intPtr2 = IntPtr.Zero;
uint num = 0u;
try
{
intPtr = GClass5.VirtualAllocEx(intptr_7, IntPtr.Zero, gclass8_0.GStruct9_0.OptionalHeader.SizeOfImage, 12288, 4);
if (intPtr.smethod_4())
{
throw new InvalidOperationException("Unable to allocate memory in the remote process.");
}
Class7.smethod_9(gclass8_0, intPtr);
Class7.smethod_5(gclass8_0, intptr_7, processId);
Class7.smethod_8(gclass8_0, intptr_7, processId);
if (bool_0)
{
byte[] array = new byte[(ulong)gclass8_0.GStruct6_0.e_lfanew + (ulong)((long)Marshal.SizeOf(typeof(GStruct7))) + 4UL + (ulong)gclass8_0.GStruct9_0.FileHeader.SizeOfOptionalHeader];
if (gclass8_0.method_2(0L, SeekOrigin.Begin, array))
{
GClass5.WriteProcessMemory(intptr_7, intPtr, array, array.Length, out num);
}
}
Class7.smethod_7(gclass8_0, intptr_7, intPtr);
if (gclass8_0.GStruct9_0.OptionalHeader.AddressOfEntryPoint <= 0u)
{
return(intPtr);
}
byte[] array2 = (byte[])Class7.byte_0.Clone();
BitConverter.GetBytes(intPtr.ToInt32()).CopyTo(array2, 11);
intPtr2 = GClass5.VirtualAllocEx(intptr_7, IntPtr.Zero, (uint)Class7.byte_0.Length, 12288, 64);
if (!intPtr2.smethod_4() && GClass5.WriteProcessMemory(intptr_7, intPtr2, array2, array2.Length, out num))
{
if ((ulong)num == (ulong)((long)array2.Length))
{
IntPtr intPtr3 = GClass5.CreateRemoteThread(intptr_7, 0, 0, intPtr2, (uint)intPtr.smethod_0((long)((ulong)gclass8_0.GStruct9_0.OptionalHeader.AddressOfEntryPoint)).ToInt32(), 0, 0);
if ((ulong)GClass5.WaitForSingleObject(intPtr3, 5000) != 0UL)
{
return(intPtr);
}
GClass5.GetExitCodeThread(intPtr3, out num);
if (num == 0u)
{
GClass5.VirtualFreeEx(intptr_7, intPtr, 0, 32768);
throw new Exception("Entry method of module reported a failure " + Marshal.GetLastWin32Error().ToString());
}
GClass5.VirtualFreeEx(intptr_7, intPtr2, 0, 32768);
GClass5.CloseHandle(intPtr3);
return(intPtr);
}
}
throw new InvalidOperationException("Unable to write stub to the remote process.");
}
catch (Exception ex)
{
if (!intPtr.smethod_4())
{
GClass5.VirtualFreeEx(intptr_7, intPtr, 0, 32768);
}
if (!intPtr2.smethod_4())
{
GClass5.VirtualFreeEx(intptr_7, intPtr, 0, 32768);
}
intPtr = IntPtr.Zero;
throw ex;
}
return(intPtr);
}
// Token: 0x06000097 RID: 151 RVA: 0x00002489 File Offset: 0x00000689
public void method_4()
{
GClass5.CloseHandle(this.intptr_0);
}
