转的一份代码应该是 max的吧..

C#语言: Codee#23924

using System;
using System.IO;
using System.Reflection;
using System.Runtime.InteropServices;
using System.Text;

public class InfaceMaxtoCode
{
    private static string IInfaceMaxtoCode_interface_string;
    private static bool started = false;

    private static string ByteToString(byte[] inbuf)
    {
        return Encoding.ASCII.GetString(inbuf);
    }

    private static string ByteToString(byte[] inbuf, int Index, int Count)
    {
        return Encoding.ASCII.GetString(inbuf, Index, Count);
    }

    [DllImport("OriSoft.dll", CharSet = CharSet.Unicode, SetLastError = true, ExactSpelling = true)]
    private static extern int CheckRuntime(IntPtr ImageBase);
    [DllImport("OriSoft64.dll", EntryPoint = "CheckRuntime", CharSet = CharSet.Unicode, SetLastError = true, ExactSpelling = true)]
    private static extern int CheckRuntime64(IntPtr ImageBase);
    [DllImport("kernel32.dll")]
    public static extern int CloseHandle(IntPtr hObject);
    public static bool GetCurMachineofFramework(out MachineClass mc)
    {
        XBED82C99E61DFAE25146410DB92EB284 xbedcedfaedbeb;
        IntPtr zero = IntPtr.Zero;
        IntPtr lpBaseAddress = IntPtr.Zero;
        mc = MachineClass.UNKNOW;
        byte[] buffer = new byte[] { 0x6d, 0x73, 0x63, 0x6f, 0x72, 0x77, 0x6b, 0x73, 0x2e, 100, 0x6c, 0x6c };
        byte[] buffer2 = new byte[] { 0x6d, 0x73, 0x63, 0x6f, 0x72, 0x73, 0x76, 0x72, 0x2e, 100, 0x6c, 0x6c };
        byte[] buffer3 = new byte[] { 0x6d, 0x73, 0x63, 0x6f, 0x72, 0x6a, 0x69, 0x74 };
        lpBaseAddress = GetModuleHandle(Encoding.ASCII.GetString(buffer));
        if (lpBaseAddress == IntPtr.Zero)
        {
            lpBaseAddress = GetModuleHandle(Encoding.ASCII.GetString(buffer2));
        }
        if (lpBaseAddress == IntPtr.Zero)
        {
            lpBaseAddress = GetModuleHandle(Encoding.ASCII.GetString(buffer3));
        }
        byte[] buffer4 = new byte[0x2000];
        zero = OpenProcess(0x18, 1, GetCurrentProcessId());
        if (zero.ToInt32() == 0)
        {
            return false;
        }
        IntPtr lpNumberOfBytesRead = new IntPtr();
        ReadProcessMemory(zero, lpBaseAddress, buffer4, 0x2000, out lpNumberOfBytesRead);
        CloseHandle(zero);
        xbedcedfaedbeb.e_magic = buffer4[0] + (buffer4[1] * 0x100);
        xbedcedfaedbeb.e_lfanew = ((buffer4[60] + (buffer4[0x3d] * 0x100)) + (buffer4[0x3e] * 0x10000)) + (buffer4[0x3f] * 0x1000000);
        if ((xbedcedfaedbeb.e_lfanew + 6) >= 0x2000)
        {
            return false;
        }
        xbedcedfaedbeb.Signature = ((buffer4[xbedcedfaedbeb.e_lfanew] + (buffer4[xbedcedfaedbeb.e_lfanew + 1] * 0x100)) + (buffer4[xbedcedfaedbeb.e_lfanew + 2] * 0x10000)) + (buffer4[xbedcedfaedbeb.e_lfanew + 3] * 0x1000000);
        xbedcedfaedbeb.Machine = buffer4[xbedcedfaedbeb.e_lfanew + 4] + (buffer4[xbedcedfaedbeb.e_lfanew + 5] * 0x100);
        if ((xbedcedfaedbeb.e_magic != 0x5a4d) || (xbedcedfaedbeb.Signature != 0x4550))
        {
            return false;
        }
        switch (xbedcedfaedbeb.Machine)
        {
            case 0x14c:
                mc = MachineClass.X86;
                return true;

            case 0x200:
                mc = MachineClass.IA64;
                return true;

            case 0x8664:
                mc = MachineClass.AMD64;
                return true;
        }
        mc = MachineClass.UNKNOW;
        return true;
    }

    [DllImport("kernel32.dll")]
    private static extern uint GetCurrentProcessId();
    [DllImport("KERNEL32.DLL", EntryPoint = "GetModuleHandleA", CharSet = CharSet.Ansi, SetLastError = true, ExactSpelling = true)]
    private static extern IntPtr GetModuleHandle(string lpModuleName);
    private static string GetRuntimeName()
    {
        return ByteToString(new byte[] { 0x4f, 0x72, 0x69, 0x53, 0x6f, 0x66, 0x74, 0x2e, 100, 0x6c, 0x6c });
    }

    private static void LicenseHelper()
    {
    }

    private static void LoadRuntimes()
    {
        byte[] inbuf = new byte[12];
        inbuf[0] = 0x2f;
        inbuf[1] = 0x3a;
        inbuf[2] = 0x3b;
        inbuf[3] = 0x5c;
        inbuf[4] = 0x70;
        inbuf[5] = 0x61;
        inbuf[6] = 0x74;
        inbuf[7] = 0x68;
        inbuf[8] = 0;
        IntPtr zero = IntPtr.Zero;
        if (!started)
        {
            string str;
            MachineClass class2;
            started = true;
            WarningString();
            zero = GetModuleHandle(Assembly.GetExecutingAssembly().get_Location());
            string runtimeName = GetRuntimeName();
            if (AppDomain.CurrentDomain.get_RelativeSearchPath() != null)
            {
                if (AppDomain.CurrentDomain.get_RelativeSearchPath().IndexOf(ByteToString(inbuf, 1, 1) + ByteToString(inbuf, 3, 1)) != -1)
                {
                    str = AppDomain.CurrentDomain.get_RelativeSearchPath();
                }
                else
                {
                    str = AppDomain.CurrentDomain.get_BaseDirectory() + AppDomain.CurrentDomain.get_RelativeSearchPath();
                }
            }
            else
            {
                str = AppDomain.CurrentDomain.get_BaseDirectory();
            }
            string environmentVariable = Environment.GetEnvironmentVariable(Encoding.ASCII.GetString(inbuf, 4, 4));
            if (environmentVariable.IndexOf(str) == -1)
            {
                SetEnvironmentVariable(ByteToString(inbuf, 4, 4), environmentVariable + ByteToString(inbuf, 2, 1) + str.Replace(ByteToString(inbuf, 0, 1), ByteToString(inbuf, 3, 1)));
            }
            if (str.Substring(str.Length - 1, 1) == ByteToString(inbuf, 3, 1))
            {
                str = str;
            }
            else
            {
                str = str + ByteToString(inbuf, 3, 1);
            }
            if (environmentVariable.IndexOf(Path.GetTempPath()) == -1)
            {
                SetEnvironmentVariable(ByteToString(inbuf, 4, 4), environmentVariable + ByteToString(inbuf, 2, 1) + str.Replace(ByteToString(inbuf, 0, 1), ByteToString(inbuf, 3, 1)) + ByteToString(inbuf, 2, 1) + Path.GetTempPath().Replace(ByteToString(inbuf, 0, 1), ByteToString(inbuf, 3, 1)));
            }
            if (File.Exists(str + runtimeName) && !File.Exists(Path.GetTempPath() + runtimeName))
            {
                File.Copy(str + runtimeName, Path.GetTempPath() + runtimeName);
            }
            GetCurMachineofFramework(out class2);
            int num = 5;
            if (class2 == MachineClass.X86)
            {
                num = CheckRuntime(zero);
            }
            else
            {
                num = CheckRuntime64(zero);
            }
            if (num == 0)
            {
                IntPtr moduleHandle = GetModuleHandle(runtimeName);
                if (class2 == MachineClass.X86)
                {
                    started = MainDLL(moduleHandle, zero);
                }
                else
                {
                    started = MainDLL64(moduleHandle, zero);
                }
            }
            else
            {
                byte[] buffer2 = new byte[] { 0x55, 0x4e, 0x4b, 0x57, 0x4f, 0x4e, 0x20, 0x45, 0x52, 0x52, 0x4f, 0x52 };
                byte[] buffer3 = new byte[] { 
                     0x4e, 0x6f, 0x74, 0x20, 0x66, 0x69, 110, 100, 0x20, 70, 0x72, 0x61, 0x6d, 0x65, 0x77, 0x6f, 
                     0x72, 0x6b, 0x20, 0x52, 0x75, 110, 0x74, 0x69, 0x6d, 0x65, 0x2c, 0x20, 80, 0x6c, 0x65, 0x61, 
                     0x73, 0x65, 0x20, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x20, 0x79, 0x6f, 0x75, 0x20, 70, 0x72, 0x61, 
                     0x6d, 0x65, 0x77, 0x6f, 0x72, 0x6b, 0x21, 0x5c, 110, 0x5c, 0x72
                  };
                byte[] buffer4 = new byte[] { 
                     0x54, 0x68, 0x65, 0x20, 70, 0x72, 0x6d, 0x61, 0x65, 0x77, 0x6f, 0x72, 0x6b, 0x20, 0x76, 0x65, 
                     0x72, 0x73, 0x69, 0x6f, 110, 0x20, 0x69, 0x73, 0x20, 110, 0x6f, 0x74, 0x20, 0x73, 0x75, 0x70, 
                     0x70, 0x6f, 0x72, 0x74, 0x2c, 0x20, 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x20, 0x75, 0x70, 100, 
                     0x61, 0x74, 0x65, 0x20, 0x79, 0x6f, 0x75, 0x72, 0x20, 0x66, 0x72, 0x61, 0x6d, 0x65, 0x77, 0x6f, 
                     0x72, 0x6b, 0x20, 0x6f, 0x72, 0x20, 0x72, 0x65, 0x73, 0x74, 0x61, 0x72, 0x74, 0x20, 0x73, 0x65, 
                     0x74, 0x75, 0x70, 0x20, 0x2e, 0x4e, 0x45, 0x54, 0x20, 0x66, 0x72, 0x61, 0x6d, 0x65, 0x77, 0x6f, 
                     0x72, 0x6b, 0x5c, 110, 0x5c, 0x72, 80, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x20, 0x67, 0x65, 0x74, 
                     0x20, 0x61, 0x20, 110, 0x65, 0x77, 0x20, 0x72, 0x75, 110, 0x74, 0x69, 0x6d, 0x65, 0x20, 0x73, 
                     0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x20, 0x74, 0x6f, 0x20, 0x77, 0x65, 0x62, 0x73, 0x69, 0x74, 
                     0x65, 0x20, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x61, 120, 
                     0x74, 0x6f, 0x63, 0x6f, 100, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 70, 0x72, 0x61, 0x6d, 0x65, 
                     0x77, 0x6f, 0x72, 0x6b, 0x53, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x68, 0x74, 0x6d, 0x6c, 
                     0x5c, 110, 0x5c, 0x72
                  };
                byte[] buffer5 = new byte[] { 
                     0x54, 0x68, 0x65, 0x20, 70, 0x72, 0x6d, 0x61, 0x65, 0x77, 0x6f, 0x72, 0x6b, 0x20, 0x76, 0x65, 
                     0x72, 0x73, 0x69, 0x6f, 110, 0x20, 0x69, 0x73, 0x20, 110, 0x6f, 0x74, 0x20, 0x73, 0x75, 0x70, 
                     0x70, 0x6f, 0x72, 0x74, 0x2c, 0x20, 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x20, 0x75, 0x70, 100, 
                     0x61, 0x74, 0x65, 0x20, 0x79, 0x6f, 0x75, 0x72, 0x20, 0x66, 0x72, 0x61, 0x6d, 0x65, 0x77, 0x6f, 
                     0x72, 0x6b, 0x20, 0x6f, 0x72, 0x20, 0x72, 0x65, 0x73, 0x74, 0x61, 0x72, 0x74, 0x20, 0x73, 0x65, 
                     0x74, 0x75, 0x70, 0x20, 0x2e, 0x4e, 0x45, 0x54, 0x20, 0x66, 0x72, 0x61, 0x6d, 0x65, 0x77, 0x6f, 
                     0x72, 0x6b, 0x5c, 110, 0x5c, 0x72, 80, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x20, 0x67, 0x65, 0x74, 
                     0x20, 0x61, 0x20, 110, 0x65, 0x77, 0x20, 0x72, 0x75, 110, 0x74, 0x69, 0x6d, 0x65, 0x20, 0x73, 
                     0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x20, 0x74, 0x6f, 0x20, 0x77, 0x65, 0x62, 0x73, 0x69, 0x74, 
                     0x65, 0x20, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x61, 120, 
                     0x74, 0x6f, 0x63, 0x6f, 100, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 70, 0x72, 0x61, 0x6d, 0x65, 
                     0x77, 0x6f, 0x72, 0x6b, 0x53, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x68, 0x74, 0x6d, 0x6c, 
                     0x5c, 110, 0x5c, 0x72, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x20, 0x43, 0x6f, 100, 0x65, 0x20, 0x3a, 
                     0x20, 0x30, 120, 0x30, 0x30, 0x30, 0x33, 0x5c, 110, 0x5c, 0x72
                  };
                byte[] buffer6 = new byte[] { 
                     0x4d, 0x61, 0x6b, 0x65, 0x72, 0x20, 0x44, 0x65, 0x63, 0x6f, 100, 0x65, 0x72, 0x20, 0x45, 0x72, 
                     0x72, 0x6f, 0x72, 0x5c, 110, 0x5c, 0x72
                  };
                byte[] buffer7 = new byte[0x20];
                buffer7[0] = 0x49;
                buffer7[1] = 0x6d;
                buffer7[2] = 0x70;
                buffer7[3] = 0x6f;
                buffer7[4] = 0x72;
                buffer7[5] = 0x74;
                buffer7[6] = 0x73;
                buffer7[7] = 0x20;
                buffer7[8] = 0x52;
                buffer7[9] = 0x75;
                buffer7[10] = 110;
                buffer7[11] = 0x74;
                buffer7[12] = 0x69;
                buffer7[13] = 0x6d;
                buffer7[14] = 0x65;
                buffer7[15] = 0x20;
                buffer7[0x10] = 0x44;
                buffer7[0x11] = 0x4c;
                buffer7[0x12] = 0x4c;
                buffer7[0x13] = 0x20;
                buffer7[20] = 0x69;
                buffer7[0x15] = 0x73;
                buffer7[0x16] = 0x20;
                buffer7[0x17] = 0x45;
                buffer7[0x18] = 0x72;
                buffer7[0x19] = 0x72;
                buffer7[0x1a] = 0x6f;
                buffer7[0x1b] = 0x72;
                buffer7[0x1c] = 0x5c;
                byte[] buffer8 = new byte[] { 0x52, 0x75, 110, 0x74, 0x69, 0x6d, 0x65, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x2e, 0x6c, 0x6f, 0x67 };
                byte[] buffer9 = new byte[] { 0x20 };
                byte[] buffer10 = new byte[] { 
                     0x20, 0x20, 0x45, 120, 0x63, 0x70, 0x74, 0x69, 0x6f, 110, 0x5c, 110, 0x5c, 0x72, 0x5c, 110, 
                     0x5c, 0x72
                  };
                byte[] buffer11 = new byte[0x5f];
                buffer11[0] = 0x2d;
                buffer11[1] = 0x2d;
                buffer11[2] = 0x2d;
                buffer11[3] = 0x2d;
                buffer11[4] = 0x2d;
                buffer11[5] = 0x2d;
                buffer11[6] = 0x2d;
                buffer11[7] = 0x2d;
                buffer11[8] = 0x2d;
                buffer11[9] = 0x2d;
                buffer11[10] = 0x2d;
                buffer11[11] = 0x2d;
                buffer11[12] = 0x2d;
                buffer11[13] = 0x2d;
                buffer11[14] = 0x2d;
                buffer11[15] = 0x2d;
                buffer11[0x10] = 0x2d;
                buffer11[0x11] = 0x2d;
                buffer11[0x12] = 0x2d;
                buffer11[0x13] = 0x2d;
                buffer11[20] = 0x2d;
                buffer11[0x15] = 0x2d;
                buffer11[0x16] = 0x2d;
                buffer11[0x17] = 0x2d;
                buffer11[0x18] = 0x2d;
                buffer11[0x19] = 0x2d;
                buffer11[0x1a] = 0x2d;
                buffer11[0x1b] = 0x2d;
                buffer11[0x1c] = 0x2d;
                byte[] buffer12 = new byte[] { 
                     0x5c, 110, 0x5c, 0x72, 0x5c, 110, 0x5c, 0x72, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 
                     0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 
                     0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 
                     0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 
                     0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 
                     0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x5c, 
                     110, 0x5c, 0x72, 0x5c, 110, 0x5c, 0x72
                  };
                string s = ByteToString(buffer2);
                switch (num)
                {
                    case 1:
                        s = ByteToString(buffer3);
                        break;

                    case 2:
                        s = ByteToString(buffer4);
                        break;

                    case 3:
                        s = ByteToString(buffer5);
                        break;

                    case 4:
                        s = ByteToString(buffer6);
                        break;

                    case 5:
                        s = ByteToString(buffer7);
                        break;
                }
                FileStream stream = new FileStream(str + ByteToString(buffer8), FileMode.Append, FileAccess.Write);
                string str5 = DateTime.Now.ToShortDateString() + ByteToString(buffer9) + DateTime.Now.ToShortTimeString() + ByteToString(buffer10);
                stream.Write(Encoding.ASCII.GetBytes(str5), 0, str5.Length);
                str5 = ByteToString(buffer11);
                stream.Write(Encoding.ASCII.GetBytes(str5), 0, str5.Length);
                stream.Write(Encoding.ASCII.GetBytes(s), 0, s.Length);
                str5 = ByteToString(buffer12);
                stream.Write(Encoding.ASCII.GetBytes(str5), 0, str5.Length);
                stream.Close();
            }
        }
    }

    [DllImport("OriSoft.dll", CharSet = CharSet.Ansi, SetLastError = true, ExactSpelling = true)]
    private static extern bool MainDLL(IntPtr RuntimeBase, IntPtr AppBase);
    [DllImport("OriSoft64.dll", EntryPoint = "MainDLL", CharSet = CharSet.Ansi, SetLastError = true, ExactSpelling = true)]
    private static extern bool MainDLL64(IntPtr RuntimeBase, IntPtr AppBase);
    [DllImport("kernel32.dll")]
    public static extern IntPtr OpenProcess(uint dwDesiredAccess, int bInheritHandle, uint dwProcessId);
    [DllImport("kernel32.dll")]
    public static extern int ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [In, Out] byte[] buffer, uint size, out IntPtr lpNumberOfBytesRead);
    [DllImport("KERNEL32.DLL", EntryPoint = "SetEnvironmentVariableA", CharSet = CharSet.Ansi, SetLastError = true, ExactSpelling = true)]
    private static extern bool SetEnvironmentVariable(string lpName, string lpValue);
    public static void Startup()
    {
        if (!started)
        {
            try
            {
                LoadRuntimes();
            }
            finally
            {
                LicenseHelper();
            }
        }
    }

    private static string WarningString()
    {
        byte[] buffer = new byte[] { 0xe4, 0xb8, 0xad, 0xe5, 0x9b, 0xbd, 0x61, 0x62, 0x63, 0 };
        return Encoding.UTF8.GetString(buffer);
    }

    [DllImport("kernel32.dll")]
    public static extern int WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [In, Out] byte[] buffer, uint size, out IntPtr lpNumberOfBytesWritten);

    internal interface IInfaceMaxtoCode_interface
    {
    }

    public enum MachineClass
    {
        UNKNOW,
        X86,
        AMD64,
        IA64
    }

    public enum MachineValue
    {
        AMD64 = 0x8664,
        IA64 = 0x200,
        X86 = 0x14c
    }

    public enum ProcessAccessType
    {
        PROCESS_CREATE_PROCESS = 0x80,
        PROCESS_CREATE_THREAD = 2,
        PROCESS_DUP_HANDLE = 0x40,
        PROCESS_QUERY_INFORMATION = 0x400,
        PROCESS_SET_INFORMATION = 0x200,
        PROCESS_SET_QUOTA = 0x100,
        PROCESS_SET_SESSIONID = 4,
        PROCESS_TERMINATE = 1,
        PROCESS_VM_OPERATION = 8,
        PROCESS_VM_READ = 0x10,
        PROCESS_VM_WRITE = 0x20
    }

    [StructLayout(LayoutKind.Sequential)]
    private struct XBED82C99E61DFAE25146410DB92EB284
    {
        public int e_magic;
        public int e_lfanew;
        public int Signature;
        public int Machine;
    }
}

///不是广告哦..代码发芽网生成的高亮的.