C#语言: Codee#23924
using System;
using System.IO;
using System.Reflection;
using System.Runtime.InteropServices;
using System.Text;
public class InfaceMaxtoCode
{
private static string IInfaceMaxtoCode_interface_string;
private static bool started = false;
private static string ByteToString(byte[] inbuf)
{
return Encoding.ASCII.GetString(inbuf);
}
private static string ByteToString(byte[] inbuf, int Index, int Count)
{
return Encoding.ASCII.GetString(inbuf, Index, Count);
}
[DllImport("OriSoft.dll", CharSet = CharSet.Unicode, SetLastError = true, ExactSpelling = true)]
private static extern int CheckRuntime(IntPtr ImageBase);
[DllImport("OriSoft64.dll", EntryPoint = "CheckRuntime", CharSet = CharSet.Unicode, SetLastError = true, ExactSpelling = true)]
private static extern int CheckRuntime64(IntPtr ImageBase);
[DllImport("kernel32.dll")]
public static extern int CloseHandle(IntPtr hObject);
public static bool GetCurMachineofFramework(out MachineClass mc)
{
XBED82C99E61DFAE25146410DB92EB284 xbedcedfaedbeb;
IntPtr zero = IntPtr.Zero;
IntPtr lpBaseAddress = IntPtr.Zero;
mc = MachineClass.UNKNOW;
byte[] buffer = new byte[] { 0x6d, 0x73, 0x63, 0x6f, 0x72, 0x77, 0x6b, 0x73, 0x2e, 100, 0x6c, 0x6c };
byte[] buffer2 = new byte[] { 0x6d, 0x73, 0x63, 0x6f, 0x72, 0x73, 0x76, 0x72, 0x2e, 100, 0x6c, 0x6c };
byte[] buffer3 = new byte[] { 0x6d, 0x73, 0x63, 0x6f, 0x72, 0x6a, 0x69, 0x74 };
lpBaseAddress = GetModuleHandle(Encoding.ASCII.GetString(buffer));
if (lpBaseAddress == IntPtr.Zero)
{
lpBaseAddress = GetModuleHandle(Encoding.ASCII.GetString(buffer2));
}
if (lpBaseAddress == IntPtr.Zero)
{
lpBaseAddress = GetModuleHandle(Encoding.ASCII.GetString(buffer3));
}
byte[] buffer4 = new byte[0x2000];
zero = OpenProcess(0x18, 1, GetCurrentProcessId());
if (zero.ToInt32() == 0)
{
return false;
}
IntPtr lpNumberOfBytesRead = new IntPtr();
ReadProcessMemory(zero, lpBaseAddress, buffer4, 0x2000, out lpNumberOfBytesRead);
CloseHandle(zero);
xbedcedfaedbeb.e_magic = buffer4[0] + (buffer4[1] * 0x100);
xbedcedfaedbeb.e_lfanew = ((buffer4[60] + (buffer4[0x3d] * 0x100)) + (buffer4[0x3e] * 0x10000)) + (buffer4[0x3f] * 0x1000000);
if ((xbedcedfaedbeb.e_lfanew + 6) >= 0x2000)
{
return false;
}
xbedcedfaedbeb.Signature = ((buffer4[xbedcedfaedbeb.e_lfanew] + (buffer4[xbedcedfaedbeb.e_lfanew + 1] * 0x100)) + (buffer4[xbedcedfaedbeb.e_lfanew + 2] * 0x10000)) + (buffer4[xbedcedfaedbeb.e_lfanew + 3] * 0x1000000);
xbedcedfaedbeb.Machine = buffer4[xbedcedfaedbeb.e_lfanew + 4] + (buffer4[xbedcedfaedbeb.e_lfanew + 5] * 0x100);
if ((xbedcedfaedbeb.e_magic != 0x5a4d) || (xbedcedfaedbeb.Signature != 0x4550))
{
return false;
}
switch (xbedcedfaedbeb.Machine)
{
case 0x14c:
mc = MachineClass.X86;
return true;
case 0x200:
mc = MachineClass.IA64;
return true;
case 0x8664:
mc = MachineClass.AMD64;
return true;
}
mc = MachineClass.UNKNOW;
return true;
}
[DllImport("kernel32.dll")]
private static extern uint GetCurrentProcessId();
[DllImport("KERNEL32.DLL", EntryPoint = "GetModuleHandleA", CharSet = CharSet.Ansi, SetLastError = true, ExactSpelling = true)]
private static extern IntPtr GetModuleHandle(string lpModuleName);
private static string GetRuntimeName()
{
return ByteToString(new byte[] { 0x4f, 0x72, 0x69, 0x53, 0x6f, 0x66, 0x74, 0x2e, 100, 0x6c, 0x6c });
}
private static void LicenseHelper()
{
}
private static void LoadRuntimes()
{
byte[] inbuf = new byte[12];
inbuf[0] = 0x2f;
inbuf[1] = 0x3a;
inbuf[2] = 0x3b;
inbuf[3] = 0x5c;
inbuf[4] = 0x70;
inbuf[5] = 0x61;
inbuf[6] = 0x74;
inbuf[7] = 0x68;
inbuf[8] = 0;
IntPtr zero = IntPtr.Zero;
if (!started)
{
string str;
MachineClass class2;
started = true;
WarningString();
zero = GetModuleHandle(Assembly.GetExecutingAssembly().get_Location());
string runtimeName = GetRuntimeName();
if (AppDomain.CurrentDomain.get_RelativeSearchPath() != null)
{
if (AppDomain.CurrentDomain.get_RelativeSearchPath().IndexOf(ByteToString(inbuf, 1, 1) + ByteToString(inbuf, 3, 1)) != -1)
{
str = AppDomain.CurrentDomain.get_RelativeSearchPath();
}
else
{
str = AppDomain.CurrentDomain.get_BaseDirectory() + AppDomain.CurrentDomain.get_RelativeSearchPath();
}
}
else
{
str = AppDomain.CurrentDomain.get_BaseDirectory();
}
string environmentVariable = Environment.GetEnvironmentVariable(Encoding.ASCII.GetString(inbuf, 4, 4));
if (environmentVariable.IndexOf(str) == -1)
{
SetEnvironmentVariable(ByteToString(inbuf, 4, 4), environmentVariable + ByteToString(inbuf, 2, 1) + str.Replace(ByteToString(inbuf, 0, 1), ByteToString(inbuf, 3, 1)));
}
if (str.Substring(str.Length - 1, 1) == ByteToString(inbuf, 3, 1))
{
str = str;
}
else
{
str = str + ByteToString(inbuf, 3, 1);
}
if (environmentVariable.IndexOf(Path.GetTempPath()) == -1)
{
SetEnvironmentVariable(ByteToString(inbuf, 4, 4), environmentVariable + ByteToString(inbuf, 2, 1) + str.Replace(ByteToString(inbuf, 0, 1), ByteToString(inbuf, 3, 1)) + ByteToString(inbuf, 2, 1) + Path.GetTempPath().Replace(ByteToString(inbuf, 0, 1), ByteToString(inbuf, 3, 1)));
}
if (File.Exists(str + runtimeName) && !File.Exists(Path.GetTempPath() + runtimeName))
{
File.Copy(str + runtimeName, Path.GetTempPath() + runtimeName);
}
GetCurMachineofFramework(out class2);
int num = 5;
if (class2 == MachineClass.X86)
{
num = CheckRuntime(zero);
}
else
{
num = CheckRuntime64(zero);
}
if (num == 0)
{
IntPtr moduleHandle = GetModuleHandle(runtimeName);
if (class2 == MachineClass.X86)
{
started = MainDLL(moduleHandle, zero);
}
else
{
started = MainDLL64(moduleHandle, zero);
}
}
else
{
byte[] buffer2 = new byte[] { 0x55, 0x4e, 0x4b, 0x57, 0x4f, 0x4e, 0x20, 0x45, 0x52, 0x52, 0x4f, 0x52 };
byte[] buffer3 = new byte[] {
0x4e, 0x6f, 0x74, 0x20, 0x66, 0x69, 110, 100, 0x20, 70, 0x72, 0x61, 0x6d, 0x65, 0x77, 0x6f,
0x72, 0x6b, 0x20, 0x52, 0x75, 110, 0x74, 0x69, 0x6d, 0x65, 0x2c, 0x20, 80, 0x6c, 0x65, 0x61,
0x73, 0x65, 0x20, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x20, 0x79, 0x6f, 0x75, 0x20, 70, 0x72, 0x61,
0x6d, 0x65, 0x77, 0x6f, 0x72, 0x6b, 0x21, 0x5c, 110, 0x5c, 0x72
};
byte[] buffer4 = new byte[] {
0x54, 0x68, 0x65, 0x20, 70, 0x72, 0x6d, 0x61, 0x65, 0x77, 0x6f, 0x72, 0x6b, 0x20, 0x76, 0x65,
0x72, 0x73, 0x69, 0x6f, 110, 0x20, 0x69, 0x73, 0x20, 110, 0x6f, 0x74, 0x20, 0x73, 0x75, 0x70,
0x70, 0x6f, 0x72, 0x74, 0x2c, 0x20, 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x20, 0x75, 0x70, 100,
0x61, 0x74, 0x65, 0x20, 0x79, 0x6f, 0x75, 0x72, 0x20, 0x66, 0x72, 0x61, 0x6d, 0x65, 0x77, 0x6f,
0x72, 0x6b, 0x20, 0x6f, 0x72, 0x20, 0x72, 0x65, 0x73, 0x74, 0x61, 0x72, 0x74, 0x20, 0x73, 0x65,
0x74, 0x75, 0x70, 0x20, 0x2e, 0x4e, 0x45, 0x54, 0x20, 0x66, 0x72, 0x61, 0x6d, 0x65, 0x77, 0x6f,
0x72, 0x6b, 0x5c, 110, 0x5c, 0x72, 80, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x20, 0x67, 0x65, 0x74,
0x20, 0x61, 0x20, 110, 0x65, 0x77, 0x20, 0x72, 0x75, 110, 0x74, 0x69, 0x6d, 0x65, 0x20, 0x73,
0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x20, 0x74, 0x6f, 0x20, 0x77, 0x65, 0x62, 0x73, 0x69, 0x74,
0x65, 0x20, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x61, 120,
0x74, 0x6f, 0x63, 0x6f, 100, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 70, 0x72, 0x61, 0x6d, 0x65,
0x77, 0x6f, 0x72, 0x6b, 0x53, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x68, 0x74, 0x6d, 0x6c,
0x5c, 110, 0x5c, 0x72
};
byte[] buffer5 = new byte[] {
0x54, 0x68, 0x65, 0x20, 70, 0x72, 0x6d, 0x61, 0x65, 0x77, 0x6f, 0x72, 0x6b, 0x20, 0x76, 0x65,
0x72, 0x73, 0x69, 0x6f, 110, 0x20, 0x69, 0x73, 0x20, 110, 0x6f, 0x74, 0x20, 0x73, 0x75, 0x70,
0x70, 0x6f, 0x72, 0x74, 0x2c, 0x20, 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x20, 0x75, 0x70, 100,
0x61, 0x74, 0x65, 0x20, 0x79, 0x6f, 0x75, 0x72, 0x20, 0x66, 0x72, 0x61, 0x6d, 0x65, 0x77, 0x6f,
0x72, 0x6b, 0x20, 0x6f, 0x72, 0x20, 0x72, 0x65, 0x73, 0x74, 0x61, 0x72, 0x74, 0x20, 0x73, 0x65,
0x74, 0x75, 0x70, 0x20, 0x2e, 0x4e, 0x45, 0x54, 0x20, 0x66, 0x72, 0x61, 0x6d, 0x65, 0x77, 0x6f,
0x72, 0x6b, 0x5c, 110, 0x5c, 0x72, 80, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x20, 0x67, 0x65, 0x74,
0x20, 0x61, 0x20, 110, 0x65, 0x77, 0x20, 0x72, 0x75, 110, 0x74, 0x69, 0x6d, 0x65, 0x20, 0x73,
0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x20, 0x74, 0x6f, 0x20, 0x77, 0x65, 0x62, 0x73, 0x69, 0x74,
0x65, 0x20, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x61, 120,
0x74, 0x6f, 0x63, 0x6f, 100, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 70, 0x72, 0x61, 0x6d, 0x65,
0x77, 0x6f, 0x72, 0x6b, 0x53, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x68, 0x74, 0x6d, 0x6c,
0x5c, 110, 0x5c, 0x72, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x20, 0x43, 0x6f, 100, 0x65, 0x20, 0x3a,
0x20, 0x30, 120, 0x30, 0x30, 0x30, 0x33, 0x5c, 110, 0x5c, 0x72
};
byte[] buffer6 = new byte[] {
0x4d, 0x61, 0x6b, 0x65, 0x72, 0x20, 0x44, 0x65, 0x63, 0x6f, 100, 0x65, 0x72, 0x20, 0x45, 0x72,
0x72, 0x6f, 0x72, 0x5c, 110, 0x5c, 0x72
};
byte[] buffer7 = new byte[0x20];
buffer7[0] = 0x49;
buffer7[1] = 0x6d;
buffer7[2] = 0x70;
buffer7[3] = 0x6f;
buffer7[4] = 0x72;
buffer7[5] = 0x74;
buffer7[6] = 0x73;
buffer7[7] = 0x20;
buffer7[8] = 0x52;
buffer7[9] = 0x75;
buffer7[10] = 110;
buffer7[11] = 0x74;
buffer7[12] = 0x69;
buffer7[13] = 0x6d;
buffer7[14] = 0x65;
buffer7[15] = 0x20;
buffer7[0x10] = 0x44;
buffer7[0x11] = 0x4c;
buffer7[0x12] = 0x4c;
buffer7[0x13] = 0x20;
buffer7[20] = 0x69;
buffer7[0x15] = 0x73;
buffer7[0x16] = 0x20;
buffer7[0x17] = 0x45;
buffer7[0x18] = 0x72;
buffer7[0x19] = 0x72;
buffer7[0x1a] = 0x6f;
buffer7[0x1b] = 0x72;
buffer7[0x1c] = 0x5c;
byte[] buffer8 = new byte[] { 0x52, 0x75, 110, 0x74, 0x69, 0x6d, 0x65, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x2e, 0x6c, 0x6f, 0x67 };
byte[] buffer9 = new byte[] { 0x20 };
byte[] buffer10 = new byte[] {
0x20, 0x20, 0x45, 120, 0x63, 0x70, 0x74, 0x69, 0x6f, 110, 0x5c, 110, 0x5c, 0x72, 0x5c, 110,
0x5c, 0x72
};
byte[] buffer11 = new byte[0x5f];
buffer11[0] = 0x2d;
buffer11[1] = 0x2d;
buffer11[2] = 0x2d;
buffer11[3] = 0x2d;
buffer11[4] = 0x2d;
buffer11[5] = 0x2d;
buffer11[6] = 0x2d;
buffer11[7] = 0x2d;
buffer11[8] = 0x2d;
buffer11[9] = 0x2d;
buffer11[10] = 0x2d;
buffer11[11] = 0x2d;
buffer11[12] = 0x2d;
buffer11[13] = 0x2d;
buffer11[14] = 0x2d;
buffer11[15] = 0x2d;
buffer11[0x10] = 0x2d;
buffer11[0x11] = 0x2d;
buffer11[0x12] = 0x2d;
buffer11[0x13] = 0x2d;
buffer11[20] = 0x2d;
buffer11[0x15] = 0x2d;
buffer11[0x16] = 0x2d;
buffer11[0x17] = 0x2d;
buffer11[0x18] = 0x2d;
buffer11[0x19] = 0x2d;
buffer11[0x1a] = 0x2d;
buffer11[0x1b] = 0x2d;
buffer11[0x1c] = 0x2d;
byte[] buffer12 = new byte[] {
0x5c, 110, 0x5c, 0x72, 0x5c, 110, 0x5c, 0x72, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d,
0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d,
0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d,
0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d,
0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d,
0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x5c,
110, 0x5c, 0x72, 0x5c, 110, 0x5c, 0x72
};
string s = ByteToString(buffer2);
switch (num)
{
case 1:
s = ByteToString(buffer3);
break;
case 2:
s = ByteToString(buffer4);
break;
case 3:
s = ByteToString(buffer5);
break;
case 4:
s = ByteToString(buffer6);
break;
case 5:
s = ByteToString(buffer7);
break;
}
FileStream stream = new FileStream(str + ByteToString(buffer8), FileMode.Append, FileAccess.Write);
string str5 = DateTime.Now.ToShortDateString() + ByteToString(buffer9) + DateTime.Now.ToShortTimeString() + ByteToString(buffer10);
stream.Write(Encoding.ASCII.GetBytes(str5), 0, str5.Length);
str5 = ByteToString(buffer11);
stream.Write(Encoding.ASCII.GetBytes(str5), 0, str5.Length);
stream.Write(Encoding.ASCII.GetBytes(s), 0, s.Length);
str5 = ByteToString(buffer12);
stream.Write(Encoding.ASCII.GetBytes(str5), 0, str5.Length);
stream.Close();
}
}
}
[DllImport("OriSoft.dll", CharSet = CharSet.Ansi, SetLastError = true, ExactSpelling = true)]
private static extern bool MainDLL(IntPtr RuntimeBase, IntPtr AppBase);
[DllImport("OriSoft64.dll", EntryPoint = "MainDLL", CharSet = CharSet.Ansi, SetLastError = true, ExactSpelling = true)]
private static extern bool MainDLL64(IntPtr RuntimeBase, IntPtr AppBase);
[DllImport("kernel32.dll")]
public static extern IntPtr OpenProcess(uint dwDesiredAccess, int bInheritHandle, uint dwProcessId);
[DllImport("kernel32.dll")]
public static extern int ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [In, Out] byte[] buffer, uint size, out IntPtr lpNumberOfBytesRead);
[DllImport("KERNEL32.DLL", EntryPoint = "SetEnvironmentVariableA", CharSet = CharSet.Ansi, SetLastError = true, ExactSpelling = true)]
private static extern bool SetEnvironmentVariable(string lpName, string lpValue);
public static void Startup()
{
if (!started)
{
try
{
LoadRuntimes();
}
finally
{
LicenseHelper();
}
}
}
private static string WarningString()
{
byte[] buffer = new byte[] { 0xe4, 0xb8, 0xad, 0xe5, 0x9b, 0xbd, 0x61, 0x62, 0x63, 0 };
return Encoding.UTF8.GetString(buffer);
}
[DllImport("kernel32.dll")]
public static extern int WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [In, Out] byte[] buffer, uint size, out IntPtr lpNumberOfBytesWritten);
internal interface IInfaceMaxtoCode_interface
{
}
public enum MachineClass
{
UNKNOW,
X86,
AMD64,
IA64
}
public enum MachineValue
{
AMD64 = 0x8664,
IA64 = 0x200,
X86 = 0x14c
}
public enum ProcessAccessType
{
PROCESS_CREATE_PROCESS = 0x80,
PROCESS_CREATE_THREAD = 2,
PROCESS_DUP_HANDLE = 0x40,
PROCESS_QUERY_INFORMATION = 0x400,
PROCESS_SET_INFORMATION = 0x200,
PROCESS_SET_QUOTA = 0x100,
PROCESS_SET_SESSIONID = 4,
PROCESS_TERMINATE = 1,
PROCESS_VM_OPERATION = 8,
PROCESS_VM_READ = 0x10,
PROCESS_VM_WRITE = 0x20
}
[StructLayout(LayoutKind.Sequential)]
private struct XBED82C99E61DFAE25146410DB92EB284
{
public int e_magic;
public int e_lfanew;
public int Signature;
public int Machine;
}
}
using System.IO;
using System.Reflection;
using System.Runtime.InteropServices;
using System.Text;
public class InfaceMaxtoCode
{
private static string IInfaceMaxtoCode_interface_string;
private static bool started = false;
private static string ByteToString(byte[] inbuf)
{
return Encoding.ASCII.GetString(inbuf);
}
private static string ByteToString(byte[] inbuf, int Index, int Count)
{
return Encoding.ASCII.GetString(inbuf, Index, Count);
}
[DllImport("OriSoft.dll", CharSet = CharSet.Unicode, SetLastError = true, ExactSpelling = true)]
private static extern int CheckRuntime(IntPtr ImageBase);
[DllImport("OriSoft64.dll", EntryPoint = "CheckRuntime", CharSet = CharSet.Unicode, SetLastError = true, ExactSpelling = true)]
private static extern int CheckRuntime64(IntPtr ImageBase);
[DllImport("kernel32.dll")]
public static extern int CloseHandle(IntPtr hObject);
public static bool GetCurMachineofFramework(out MachineClass mc)
{
XBED82C99E61DFAE25146410DB92EB284 xbedcedfaedbeb;
IntPtr zero = IntPtr.Zero;
IntPtr lpBaseAddress = IntPtr.Zero;
mc = MachineClass.UNKNOW;
byte[] buffer = new byte[] { 0x6d, 0x73, 0x63, 0x6f, 0x72, 0x77, 0x6b, 0x73, 0x2e, 100, 0x6c, 0x6c };
byte[] buffer2 = new byte[] { 0x6d, 0x73, 0x63, 0x6f, 0x72, 0x73, 0x76, 0x72, 0x2e, 100, 0x6c, 0x6c };
byte[] buffer3 = new byte[] { 0x6d, 0x73, 0x63, 0x6f, 0x72, 0x6a, 0x69, 0x74 };
lpBaseAddress = GetModuleHandle(Encoding.ASCII.GetString(buffer));
if (lpBaseAddress == IntPtr.Zero)
{
lpBaseAddress = GetModuleHandle(Encoding.ASCII.GetString(buffer2));
}
if (lpBaseAddress == IntPtr.Zero)
{
lpBaseAddress = GetModuleHandle(Encoding.ASCII.GetString(buffer3));
}
byte[] buffer4 = new byte[0x2000];
zero = OpenProcess(0x18, 1, GetCurrentProcessId());
if (zero.ToInt32() == 0)
{
return false;
}
IntPtr lpNumberOfBytesRead = new IntPtr();
ReadProcessMemory(zero, lpBaseAddress, buffer4, 0x2000, out lpNumberOfBytesRead);
CloseHandle(zero);
xbedcedfaedbeb.e_magic = buffer4[0] + (buffer4[1] * 0x100);
xbedcedfaedbeb.e_lfanew = ((buffer4[60] + (buffer4[0x3d] * 0x100)) + (buffer4[0x3e] * 0x10000)) + (buffer4[0x3f] * 0x1000000);
if ((xbedcedfaedbeb.e_lfanew + 6) >= 0x2000)
{
return false;
}
xbedcedfaedbeb.Signature = ((buffer4[xbedcedfaedbeb.e_lfanew] + (buffer4[xbedcedfaedbeb.e_lfanew + 1] * 0x100)) + (buffer4[xbedcedfaedbeb.e_lfanew + 2] * 0x10000)) + (buffer4[xbedcedfaedbeb.e_lfanew + 3] * 0x1000000);
xbedcedfaedbeb.Machine = buffer4[xbedcedfaedbeb.e_lfanew + 4] + (buffer4[xbedcedfaedbeb.e_lfanew + 5] * 0x100);
if ((xbedcedfaedbeb.e_magic != 0x5a4d) || (xbedcedfaedbeb.Signature != 0x4550))
{
return false;
}
switch (xbedcedfaedbeb.Machine)
{
case 0x14c:
mc = MachineClass.X86;
return true;
case 0x200:
mc = MachineClass.IA64;
return true;
case 0x8664:
mc = MachineClass.AMD64;
return true;
}
mc = MachineClass.UNKNOW;
return true;
}
[DllImport("kernel32.dll")]
private static extern uint GetCurrentProcessId();
[DllImport("KERNEL32.DLL", EntryPoint = "GetModuleHandleA", CharSet = CharSet.Ansi, SetLastError = true, ExactSpelling = true)]
private static extern IntPtr GetModuleHandle(string lpModuleName);
private static string GetRuntimeName()
{
return ByteToString(new byte[] { 0x4f, 0x72, 0x69, 0x53, 0x6f, 0x66, 0x74, 0x2e, 100, 0x6c, 0x6c });
}
private static void LicenseHelper()
{
}
private static void LoadRuntimes()
{
byte[] inbuf = new byte[12];
inbuf[0] = 0x2f;
inbuf[1] = 0x3a;
inbuf[2] = 0x3b;
inbuf[3] = 0x5c;
inbuf[4] = 0x70;
inbuf[5] = 0x61;
inbuf[6] = 0x74;
inbuf[7] = 0x68;
inbuf[8] = 0;
IntPtr zero = IntPtr.Zero;
if (!started)
{
string str;
MachineClass class2;
started = true;
WarningString();
zero = GetModuleHandle(Assembly.GetExecutingAssembly().get_Location());
string runtimeName = GetRuntimeName();
if (AppDomain.CurrentDomain.get_RelativeSearchPath() != null)
{
if (AppDomain.CurrentDomain.get_RelativeSearchPath().IndexOf(ByteToString(inbuf, 1, 1) + ByteToString(inbuf, 3, 1)) != -1)
{
str = AppDomain.CurrentDomain.get_RelativeSearchPath();
}
else
{
str = AppDomain.CurrentDomain.get_BaseDirectory() + AppDomain.CurrentDomain.get_RelativeSearchPath();
}
}
else
{
str = AppDomain.CurrentDomain.get_BaseDirectory();
}
string environmentVariable = Environment.GetEnvironmentVariable(Encoding.ASCII.GetString(inbuf, 4, 4));
if (environmentVariable.IndexOf(str) == -1)
{
SetEnvironmentVariable(ByteToString(inbuf, 4, 4), environmentVariable + ByteToString(inbuf, 2, 1) + str.Replace(ByteToString(inbuf, 0, 1), ByteToString(inbuf, 3, 1)));
}
if (str.Substring(str.Length - 1, 1) == ByteToString(inbuf, 3, 1))
{
str = str;
}
else
{
str = str + ByteToString(inbuf, 3, 1);
}
if (environmentVariable.IndexOf(Path.GetTempPath()) == -1)
{
SetEnvironmentVariable(ByteToString(inbuf, 4, 4), environmentVariable + ByteToString(inbuf, 2, 1) + str.Replace(ByteToString(inbuf, 0, 1), ByteToString(inbuf, 3, 1)) + ByteToString(inbuf, 2, 1) + Path.GetTempPath().Replace(ByteToString(inbuf, 0, 1), ByteToString(inbuf, 3, 1)));
}
if (File.Exists(str + runtimeName) && !File.Exists(Path.GetTempPath() + runtimeName))
{
File.Copy(str + runtimeName, Path.GetTempPath() + runtimeName);
}
GetCurMachineofFramework(out class2);
int num = 5;
if (class2 == MachineClass.X86)
{
num = CheckRuntime(zero);
}
else
{
num = CheckRuntime64(zero);
}
if (num == 0)
{
IntPtr moduleHandle = GetModuleHandle(runtimeName);
if (class2 == MachineClass.X86)
{
started = MainDLL(moduleHandle, zero);
}
else
{
started = MainDLL64(moduleHandle, zero);
}
}
else
{
byte[] buffer2 = new byte[] { 0x55, 0x4e, 0x4b, 0x57, 0x4f, 0x4e, 0x20, 0x45, 0x52, 0x52, 0x4f, 0x52 };
byte[] buffer3 = new byte[] {
0x4e, 0x6f, 0x74, 0x20, 0x66, 0x69, 110, 100, 0x20, 70, 0x72, 0x61, 0x6d, 0x65, 0x77, 0x6f,
0x72, 0x6b, 0x20, 0x52, 0x75, 110, 0x74, 0x69, 0x6d, 0x65, 0x2c, 0x20, 80, 0x6c, 0x65, 0x61,
0x73, 0x65, 0x20, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x20, 0x79, 0x6f, 0x75, 0x20, 70, 0x72, 0x61,
0x6d, 0x65, 0x77, 0x6f, 0x72, 0x6b, 0x21, 0x5c, 110, 0x5c, 0x72
};
byte[] buffer4 = new byte[] {
0x54, 0x68, 0x65, 0x20, 70, 0x72, 0x6d, 0x61, 0x65, 0x77, 0x6f, 0x72, 0x6b, 0x20, 0x76, 0x65,
0x72, 0x73, 0x69, 0x6f, 110, 0x20, 0x69, 0x73, 0x20, 110, 0x6f, 0x74, 0x20, 0x73, 0x75, 0x70,
0x70, 0x6f, 0x72, 0x74, 0x2c, 0x20, 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x20, 0x75, 0x70, 100,
0x61, 0x74, 0x65, 0x20, 0x79, 0x6f, 0x75, 0x72, 0x20, 0x66, 0x72, 0x61, 0x6d, 0x65, 0x77, 0x6f,
0x72, 0x6b, 0x20, 0x6f, 0x72, 0x20, 0x72, 0x65, 0x73, 0x74, 0x61, 0x72, 0x74, 0x20, 0x73, 0x65,
0x74, 0x75, 0x70, 0x20, 0x2e, 0x4e, 0x45, 0x54, 0x20, 0x66, 0x72, 0x61, 0x6d, 0x65, 0x77, 0x6f,
0x72, 0x6b, 0x5c, 110, 0x5c, 0x72, 80, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x20, 0x67, 0x65, 0x74,
0x20, 0x61, 0x20, 110, 0x65, 0x77, 0x20, 0x72, 0x75, 110, 0x74, 0x69, 0x6d, 0x65, 0x20, 0x73,
0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x20, 0x74, 0x6f, 0x20, 0x77, 0x65, 0x62, 0x73, 0x69, 0x74,
0x65, 0x20, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x61, 120,
0x74, 0x6f, 0x63, 0x6f, 100, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 70, 0x72, 0x61, 0x6d, 0x65,
0x77, 0x6f, 0x72, 0x6b, 0x53, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x68, 0x74, 0x6d, 0x6c,
0x5c, 110, 0x5c, 0x72
};
byte[] buffer5 = new byte[] {
0x54, 0x68, 0x65, 0x20, 70, 0x72, 0x6d, 0x61, 0x65, 0x77, 0x6f, 0x72, 0x6b, 0x20, 0x76, 0x65,
0x72, 0x73, 0x69, 0x6f, 110, 0x20, 0x69, 0x73, 0x20, 110, 0x6f, 0x74, 0x20, 0x73, 0x75, 0x70,
0x70, 0x6f, 0x72, 0x74, 0x2c, 0x20, 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x20, 0x75, 0x70, 100,
0x61, 0x74, 0x65, 0x20, 0x79, 0x6f, 0x75, 0x72, 0x20, 0x66, 0x72, 0x61, 0x6d, 0x65, 0x77, 0x6f,
0x72, 0x6b, 0x20, 0x6f, 0x72, 0x20, 0x72, 0x65, 0x73, 0x74, 0x61, 0x72, 0x74, 0x20, 0x73, 0x65,
0x74, 0x75, 0x70, 0x20, 0x2e, 0x4e, 0x45, 0x54, 0x20, 0x66, 0x72, 0x61, 0x6d, 0x65, 0x77, 0x6f,
0x72, 0x6b, 0x5c, 110, 0x5c, 0x72, 80, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x20, 0x67, 0x65, 0x74,
0x20, 0x61, 0x20, 110, 0x65, 0x77, 0x20, 0x72, 0x75, 110, 0x74, 0x69, 0x6d, 0x65, 0x20, 0x73,
0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x20, 0x74, 0x6f, 0x20, 0x77, 0x65, 0x62, 0x73, 0x69, 0x74,
0x65, 0x20, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x61, 120,
0x74, 0x6f, 0x63, 0x6f, 100, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 70, 0x72, 0x61, 0x6d, 0x65,
0x77, 0x6f, 0x72, 0x6b, 0x53, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x68, 0x74, 0x6d, 0x6c,
0x5c, 110, 0x5c, 0x72, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x20, 0x43, 0x6f, 100, 0x65, 0x20, 0x3a,
0x20, 0x30, 120, 0x30, 0x30, 0x30, 0x33, 0x5c, 110, 0x5c, 0x72
};
byte[] buffer6 = new byte[] {
0x4d, 0x61, 0x6b, 0x65, 0x72, 0x20, 0x44, 0x65, 0x63, 0x6f, 100, 0x65, 0x72, 0x20, 0x45, 0x72,
0x72, 0x6f, 0x72, 0x5c, 110, 0x5c, 0x72
};
byte[] buffer7 = new byte[0x20];
buffer7[0] = 0x49;
buffer7[1] = 0x6d;
buffer7[2] = 0x70;
buffer7[3] = 0x6f;
buffer7[4] = 0x72;
buffer7[5] = 0x74;
buffer7[6] = 0x73;
buffer7[7] = 0x20;
buffer7[8] = 0x52;
buffer7[9] = 0x75;
buffer7[10] = 110;
buffer7[11] = 0x74;
buffer7[12] = 0x69;
buffer7[13] = 0x6d;
buffer7[14] = 0x65;
buffer7[15] = 0x20;
buffer7[0x10] = 0x44;
buffer7[0x11] = 0x4c;
buffer7[0x12] = 0x4c;
buffer7[0x13] = 0x20;
buffer7[20] = 0x69;
buffer7[0x15] = 0x73;
buffer7[0x16] = 0x20;
buffer7[0x17] = 0x45;
buffer7[0x18] = 0x72;
buffer7[0x19] = 0x72;
buffer7[0x1a] = 0x6f;
buffer7[0x1b] = 0x72;
buffer7[0x1c] = 0x5c;
byte[] buffer8 = new byte[] { 0x52, 0x75, 110, 0x74, 0x69, 0x6d, 0x65, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x2e, 0x6c, 0x6f, 0x67 };
byte[] buffer9 = new byte[] { 0x20 };
byte[] buffer10 = new byte[] {
0x20, 0x20, 0x45, 120, 0x63, 0x70, 0x74, 0x69, 0x6f, 110, 0x5c, 110, 0x5c, 0x72, 0x5c, 110,
0x5c, 0x72
};
byte[] buffer11 = new byte[0x5f];
buffer11[0] = 0x2d;
buffer11[1] = 0x2d;
buffer11[2] = 0x2d;
buffer11[3] = 0x2d;
buffer11[4] = 0x2d;
buffer11[5] = 0x2d;
buffer11[6] = 0x2d;
buffer11[7] = 0x2d;
buffer11[8] = 0x2d;
buffer11[9] = 0x2d;
buffer11[10] = 0x2d;
buffer11[11] = 0x2d;
buffer11[12] = 0x2d;
buffer11[13] = 0x2d;
buffer11[14] = 0x2d;
buffer11[15] = 0x2d;
buffer11[0x10] = 0x2d;
buffer11[0x11] = 0x2d;
buffer11[0x12] = 0x2d;
buffer11[0x13] = 0x2d;
buffer11[20] = 0x2d;
buffer11[0x15] = 0x2d;
buffer11[0x16] = 0x2d;
buffer11[0x17] = 0x2d;
buffer11[0x18] = 0x2d;
buffer11[0x19] = 0x2d;
buffer11[0x1a] = 0x2d;
buffer11[0x1b] = 0x2d;
buffer11[0x1c] = 0x2d;
byte[] buffer12 = new byte[] {
0x5c, 110, 0x5c, 0x72, 0x5c, 110, 0x5c, 0x72, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d,
0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d,
0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d,
0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d,
0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d,
0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x5c,
110, 0x5c, 0x72, 0x5c, 110, 0x5c, 0x72
};
string s = ByteToString(buffer2);
switch (num)
{
case 1:
s = ByteToString(buffer3);
break;
case 2:
s = ByteToString(buffer4);
break;
case 3:
s = ByteToString(buffer5);
break;
case 4:
s = ByteToString(buffer6);
break;
case 5:
s = ByteToString(buffer7);
break;
}
FileStream stream = new FileStream(str + ByteToString(buffer8), FileMode.Append, FileAccess.Write);
string str5 = DateTime.Now.ToShortDateString() + ByteToString(buffer9) + DateTime.Now.ToShortTimeString() + ByteToString(buffer10);
stream.Write(Encoding.ASCII.GetBytes(str5), 0, str5.Length);
str5 = ByteToString(buffer11);
stream.Write(Encoding.ASCII.GetBytes(str5), 0, str5.Length);
stream.Write(Encoding.ASCII.GetBytes(s), 0, s.Length);
str5 = ByteToString(buffer12);
stream.Write(Encoding.ASCII.GetBytes(str5), 0, str5.Length);
stream.Close();
}
}
}
[DllImport("OriSoft.dll", CharSet = CharSet.Ansi, SetLastError = true, ExactSpelling = true)]
private static extern bool MainDLL(IntPtr RuntimeBase, IntPtr AppBase);
[DllImport("OriSoft64.dll", EntryPoint = "MainDLL", CharSet = CharSet.Ansi, SetLastError = true, ExactSpelling = true)]
private static extern bool MainDLL64(IntPtr RuntimeBase, IntPtr AppBase);
[DllImport("kernel32.dll")]
public static extern IntPtr OpenProcess(uint dwDesiredAccess, int bInheritHandle, uint dwProcessId);
[DllImport("kernel32.dll")]
public static extern int ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [In, Out] byte[] buffer, uint size, out IntPtr lpNumberOfBytesRead);
[DllImport("KERNEL32.DLL", EntryPoint = "SetEnvironmentVariableA", CharSet = CharSet.Ansi, SetLastError = true, ExactSpelling = true)]
private static extern bool SetEnvironmentVariable(string lpName, string lpValue);
public static void Startup()
{
if (!started)
{
try
{
LoadRuntimes();
}
finally
{
LicenseHelper();
}
}
}
private static string WarningString()
{
byte[] buffer = new byte[] { 0xe4, 0xb8, 0xad, 0xe5, 0x9b, 0xbd, 0x61, 0x62, 0x63, 0 };
return Encoding.UTF8.GetString(buffer);
}
[DllImport("kernel32.dll")]
public static extern int WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [In, Out] byte[] buffer, uint size, out IntPtr lpNumberOfBytesWritten);
internal interface IInfaceMaxtoCode_interface
{
}
public enum MachineClass
{
UNKNOW,
X86,
AMD64,
IA64
}
public enum MachineValue
{
AMD64 = 0x8664,
IA64 = 0x200,
X86 = 0x14c
}
public enum ProcessAccessType
{
PROCESS_CREATE_PROCESS = 0x80,
PROCESS_CREATE_THREAD = 2,
PROCESS_DUP_HANDLE = 0x40,
PROCESS_QUERY_INFORMATION = 0x400,
PROCESS_SET_INFORMATION = 0x200,
PROCESS_SET_QUOTA = 0x100,
PROCESS_SET_SESSIONID = 4,
PROCESS_TERMINATE = 1,
PROCESS_VM_OPERATION = 8,
PROCESS_VM_READ = 0x10,
PROCESS_VM_WRITE = 0x20
}
[StructLayout(LayoutKind.Sequential)]
private struct XBED82C99E61DFAE25146410DB92EB284
{
public int e_magic;
public int e_lfanew;
public int Signature;
public int Machine;
}
}
///不是广告哦..代码发芽网生成的高亮的.