• 转的一份代码应该是 max的吧..


    C#语言: Codee#23924
    using System;
    using System.IO;
    using System.Reflection;
    using System.Runtime.InteropServices;
    using System.Text;

    public class InfaceMaxtoCode
    {
        private static string IInfaceMaxtoCode_interface_string;
        private static bool started = false;

        private static string ByteToString(byte[] inbuf)
        {
            return Encoding.ASCII.GetString(inbuf);
        }

        private static string ByteToString(byte[] inbuf, int Index, int Count)
        {
            return Encoding.ASCII.GetString(inbuf, Index, Count);
        }

        [DllImport("OriSoft.dll", CharSet = CharSet.Unicode, SetLastError = true, ExactSpelling = true)]
        private static extern int CheckRuntime(IntPtr ImageBase);
        [DllImport("OriSoft64.dll", EntryPoint = "CheckRuntime", CharSet = CharSet.Unicode, SetLastError = true, ExactSpelling = true)]
        private static extern int CheckRuntime64(IntPtr ImageBase);
        [DllImport("kernel32.dll")]
        public static extern int CloseHandle(IntPtr hObject);
        public static bool GetCurMachineofFramework(out MachineClass mc)
        {
            XBED82C99E61DFAE25146410DB92EB284 xbedcedfaedbeb;
            IntPtr zero = IntPtr.Zero;
            IntPtr lpBaseAddress = IntPtr.Zero;
            mc = MachineClass.UNKNOW;
            byte[] buffer = new byte[] { 0x6d, 0x73, 0x63, 0x6f, 0x72, 0x77, 0x6b, 0x73, 0x2e, 100, 0x6c, 0x6c };
            byte[] buffer2 = new byte[] { 0x6d, 0x73, 0x63, 0x6f, 0x72, 0x73, 0x76, 0x72, 0x2e, 100, 0x6c, 0x6c };
            byte[] buffer3 = new byte[] { 0x6d, 0x73, 0x63, 0x6f, 0x72, 0x6a, 0x69, 0x74 };
            lpBaseAddress = GetModuleHandle(Encoding.ASCII.GetString(buffer));
            if (lpBaseAddress == IntPtr.Zero)
            {
                lpBaseAddress = GetModuleHandle(Encoding.ASCII.GetString(buffer2));
            }
            if (lpBaseAddress == IntPtr.Zero)
            {
                lpBaseAddress = GetModuleHandle(Encoding.ASCII.GetString(buffer3));
            }
            byte[] buffer4 = new byte[0x2000];
            zero = OpenProcess(0x18, 1, GetCurrentProcessId());
            if (zero.ToInt32() == 0)
            {
                return false;
            }
            IntPtr lpNumberOfBytesRead = new IntPtr();
            ReadProcessMemory(zero, lpBaseAddress, buffer4, 0x2000, out lpNumberOfBytesRead);
            CloseHandle(zero);
            xbedcedfaedbeb.e_magic = buffer4[0] + (buffer4[1] * 0x100);
            xbedcedfaedbeb.e_lfanew = ((buffer4[60] + (buffer4[0x3d] * 0x100)) + (buffer4[0x3e] * 0x10000)) + (buffer4[0x3f] * 0x1000000);
            if ((xbedcedfaedbeb.e_lfanew + 6) >= 0x2000)
            {
                return false;
            }
            xbedcedfaedbeb.Signature = ((buffer4[xbedcedfaedbeb.e_lfanew] + (buffer4[xbedcedfaedbeb.e_lfanew + 1] * 0x100)) + (buffer4[xbedcedfaedbeb.e_lfanew + 2] * 0x10000)) + (buffer4[xbedcedfaedbeb.e_lfanew + 3] * 0x1000000);
            xbedcedfaedbeb.Machine = buffer4[xbedcedfaedbeb.e_lfanew + 4] + (buffer4[xbedcedfaedbeb.e_lfanew + 5] * 0x100);
            if ((xbedcedfaedbeb.e_magic != 0x5a4d) || (xbedcedfaedbeb.Signature != 0x4550))
            {
                return false;
            }
            switch (xbedcedfaedbeb.Machine)
            {
                case 0x14c:
                    mc = MachineClass.X86;
                    return true;

                case 0x200:
                    mc = MachineClass.IA64;
                    return true;

                case 0x8664:
                    mc = MachineClass.AMD64;
                    return true;
            }
            mc = MachineClass.UNKNOW;
            return true;
        }

        [DllImport("kernel32.dll")]
        private static extern uint GetCurrentProcessId();
        [DllImport("KERNEL32.DLL", EntryPoint = "GetModuleHandleA", CharSet = CharSet.Ansi, SetLastError = true, ExactSpelling = true)]
        private static extern IntPtr GetModuleHandle(string lpModuleName);
        private static string GetRuntimeName()
        {
            return ByteToString(new byte[] { 0x4f, 0x72, 0x69, 0x53, 0x6f, 0x66, 0x74, 0x2e, 100, 0x6c, 0x6c });
        }

        private static void LicenseHelper()
        {
        }

        private static void LoadRuntimes()
        {
            byte[] inbuf = new byte[12];
            inbuf[0] = 0x2f;
            inbuf[1] = 0x3a;
            inbuf[2] = 0x3b;
            inbuf[3] = 0x5c;
            inbuf[4] = 0x70;
            inbuf[5] = 0x61;
            inbuf[6] = 0x74;
            inbuf[7] = 0x68;
            inbuf[8] = 0;
            IntPtr zero = IntPtr.Zero;
            if (!started)
            {
                string str;
                MachineClass class2;
                started = true;
                WarningString();
                zero = GetModuleHandle(Assembly.GetExecutingAssembly().get_Location());
                string runtimeName = GetRuntimeName();
                if (AppDomain.CurrentDomain.get_RelativeSearchPath() != null)
                {
                    if (AppDomain.CurrentDomain.get_RelativeSearchPath().IndexOf(ByteToString(inbuf, 1, 1) + ByteToString(inbuf, 3, 1)) != -1)
                    {
                        str = AppDomain.CurrentDomain.get_RelativeSearchPath();
                    }
                    else
                    {
                        str = AppDomain.CurrentDomain.get_BaseDirectory() + AppDomain.CurrentDomain.get_RelativeSearchPath();
                    }
                }
                else
                {
                    str = AppDomain.CurrentDomain.get_BaseDirectory();
                }
                string environmentVariable = Environment.GetEnvironmentVariable(Encoding.ASCII.GetString(inbuf, 4, 4));
                if (environmentVariable.IndexOf(str) == -1)
                {
                    SetEnvironmentVariable(ByteToString(inbuf, 4, 4), environmentVariable + ByteToString(inbuf, 2, 1) + str.Replace(ByteToString(inbuf, 0, 1), ByteToString(inbuf, 3, 1)));
                }
                if (str.Substring(str.Length - 1, 1) == ByteToString(inbuf, 3, 1))
                {
                    str = str;
                }
                else
                {
                    str = str + ByteToString(inbuf, 3, 1);
                }
                if (environmentVariable.IndexOf(Path.GetTempPath()) == -1)
                {
                    SetEnvironmentVariable(ByteToString(inbuf, 4, 4), environmentVariable + ByteToString(inbuf, 2, 1) + str.Replace(ByteToString(inbuf, 0, 1), ByteToString(inbuf, 3, 1)) + ByteToString(inbuf, 2, 1) + Path.GetTempPath().Replace(ByteToString(inbuf, 0, 1), ByteToString(inbuf, 3, 1)));
                }
                if (File.Exists(str + runtimeName) && !File.Exists(Path.GetTempPath() + runtimeName))
                {
                    File.Copy(str + runtimeName, Path.GetTempPath() + runtimeName);
                }
                GetCurMachineofFramework(out class2);
                int num = 5;
                if (class2 == MachineClass.X86)
                {
                    num = CheckRuntime(zero);
                }
                else
                {
                    num = CheckRuntime64(zero);
                }
                if (num == 0)
                {
                    IntPtr moduleHandle = GetModuleHandle(runtimeName);
                    if (class2 == MachineClass.X86)
                    {
                        started = MainDLL(moduleHandle, zero);
                    }
                    else
                    {
                        started = MainDLL64(moduleHandle, zero);
                    }
                }
                else
                {
                    byte[] buffer2 = new byte[] { 0x55, 0x4e, 0x4b, 0x57, 0x4f, 0x4e, 0x20, 0x45, 0x52, 0x52, 0x4f, 0x52 };
                    byte[] buffer3 = new byte[] { 
                         0x4e, 0x6f, 0x74, 0x20, 0x66, 0x69, 110, 100, 0x20, 70, 0x72, 0x61, 0x6d, 0x65, 0x77, 0x6f, 
                         0x72, 0x6b, 0x20, 0x52, 0x75, 110, 0x74, 0x69, 0x6d, 0x65, 0x2c, 0x20, 80, 0x6c, 0x65, 0x61, 
                         0x73, 0x65, 0x20, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x20, 0x79, 0x6f, 0x75, 0x20, 70, 0x72, 0x61, 
                         0x6d, 0x65, 0x77, 0x6f, 0x72, 0x6b, 0x21, 0x5c, 110, 0x5c, 0x72
                      };
                    byte[] buffer4 = new byte[] { 
                         0x54, 0x68, 0x65, 0x20, 70, 0x72, 0x6d, 0x61, 0x65, 0x77, 0x6f, 0x72, 0x6b, 0x20, 0x76, 0x65, 
                         0x72, 0x73, 0x69, 0x6f, 110, 0x20, 0x69, 0x73, 0x20, 110, 0x6f, 0x74, 0x20, 0x73, 0x75, 0x70, 
                         0x70, 0x6f, 0x72, 0x74, 0x2c, 0x20, 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x20, 0x75, 0x70, 100, 
                         0x61, 0x74, 0x65, 0x20, 0x79, 0x6f, 0x75, 0x72, 0x20, 0x66, 0x72, 0x61, 0x6d, 0x65, 0x77, 0x6f, 
                         0x72, 0x6b, 0x20, 0x6f, 0x72, 0x20, 0x72, 0x65, 0x73, 0x74, 0x61, 0x72, 0x74, 0x20, 0x73, 0x65, 
                         0x74, 0x75, 0x70, 0x20, 0x2e, 0x4e, 0x45, 0x54, 0x20, 0x66, 0x72, 0x61, 0x6d, 0x65, 0x77, 0x6f, 
                         0x72, 0x6b, 0x5c, 110, 0x5c, 0x72, 80, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x20, 0x67, 0x65, 0x74, 
                         0x20, 0x61, 0x20, 110, 0x65, 0x77, 0x20, 0x72, 0x75, 110, 0x74, 0x69, 0x6d, 0x65, 0x20, 0x73, 
                         0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x20, 0x74, 0x6f, 0x20, 0x77, 0x65, 0x62, 0x73, 0x69, 0x74, 
                         0x65, 0x20, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x61, 120, 
                         0x74, 0x6f, 0x63, 0x6f, 100, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 70, 0x72, 0x61, 0x6d, 0x65, 
                         0x77, 0x6f, 0x72, 0x6b, 0x53, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x68, 0x74, 0x6d, 0x6c, 
                         0x5c, 110, 0x5c, 0x72
                      };
                    byte[] buffer5 = new byte[] { 
                         0x54, 0x68, 0x65, 0x20, 70, 0x72, 0x6d, 0x61, 0x65, 0x77, 0x6f, 0x72, 0x6b, 0x20, 0x76, 0x65, 
                         0x72, 0x73, 0x69, 0x6f, 110, 0x20, 0x69, 0x73, 0x20, 110, 0x6f, 0x74, 0x20, 0x73, 0x75, 0x70, 
                         0x70, 0x6f, 0x72, 0x74, 0x2c, 0x20, 0x70, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x20, 0x75, 0x70, 100, 
                         0x61, 0x74, 0x65, 0x20, 0x79, 0x6f, 0x75, 0x72, 0x20, 0x66, 0x72, 0x61, 0x6d, 0x65, 0x77, 0x6f, 
                         0x72, 0x6b, 0x20, 0x6f, 0x72, 0x20, 0x72, 0x65, 0x73, 0x74, 0x61, 0x72, 0x74, 0x20, 0x73, 0x65, 
                         0x74, 0x75, 0x70, 0x20, 0x2e, 0x4e, 0x45, 0x54, 0x20, 0x66, 0x72, 0x61, 0x6d, 0x65, 0x77, 0x6f, 
                         0x72, 0x6b, 0x5c, 110, 0x5c, 0x72, 80, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x20, 0x67, 0x65, 0x74, 
                         0x20, 0x61, 0x20, 110, 0x65, 0x77, 0x20, 0x72, 0x75, 110, 0x74, 0x69, 0x6d, 0x65, 0x20, 0x73, 
                         0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x20, 0x74, 0x6f, 0x20, 0x77, 0x65, 0x62, 0x73, 0x69, 0x74, 
                         0x65, 0x20, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x61, 120, 
                         0x74, 0x6f, 0x63, 0x6f, 100, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 70, 0x72, 0x61, 0x6d, 0x65, 
                         0x77, 0x6f, 0x72, 0x6b, 0x53, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x68, 0x74, 0x6d, 0x6c, 
                         0x5c, 110, 0x5c, 0x72, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x20, 0x43, 0x6f, 100, 0x65, 0x20, 0x3a, 
                         0x20, 0x30, 120, 0x30, 0x30, 0x30, 0x33, 0x5c, 110, 0x5c, 0x72
                      };
                    byte[] buffer6 = new byte[] { 
                         0x4d, 0x61, 0x6b, 0x65, 0x72, 0x20, 0x44, 0x65, 0x63, 0x6f, 100, 0x65, 0x72, 0x20, 0x45, 0x72, 
                         0x72, 0x6f, 0x72, 0x5c, 110, 0x5c, 0x72
                      };
                    byte[] buffer7 = new byte[0x20];
                    buffer7[0] = 0x49;
                    buffer7[1] = 0x6d;
                    buffer7[2] = 0x70;
                    buffer7[3] = 0x6f;
                    buffer7[4] = 0x72;
                    buffer7[5] = 0x74;
                    buffer7[6] = 0x73;
                    buffer7[7] = 0x20;
                    buffer7[8] = 0x52;
                    buffer7[9] = 0x75;
                    buffer7[10] = 110;
                    buffer7[11] = 0x74;
                    buffer7[12] = 0x69;
                    buffer7[13] = 0x6d;
                    buffer7[14] = 0x65;
                    buffer7[15] = 0x20;
                    buffer7[0x10] = 0x44;
                    buffer7[0x11] = 0x4c;
                    buffer7[0x12] = 0x4c;
                    buffer7[0x13] = 0x20;
                    buffer7[20] = 0x69;
                    buffer7[0x15] = 0x73;
                    buffer7[0x16] = 0x20;
                    buffer7[0x17] = 0x45;
                    buffer7[0x18] = 0x72;
                    buffer7[0x19] = 0x72;
                    buffer7[0x1a] = 0x6f;
                    buffer7[0x1b] = 0x72;
                    buffer7[0x1c] = 0x5c;
                    byte[] buffer8 = new byte[] { 0x52, 0x75, 110, 0x74, 0x69, 0x6d, 0x65, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x2e, 0x6c, 0x6f, 0x67 };
                    byte[] buffer9 = new byte[] { 0x20 };
                    byte[] buffer10 = new byte[] { 
                         0x20, 0x20, 0x45, 120, 0x63, 0x70, 0x74, 0x69, 0x6f, 110, 0x5c, 110, 0x5c, 0x72, 0x5c, 110, 
                         0x5c, 0x72
                      };
                    byte[] buffer11 = new byte[0x5f];
                    buffer11[0] = 0x2d;
                    buffer11[1] = 0x2d;
                    buffer11[2] = 0x2d;
                    buffer11[3] = 0x2d;
                    buffer11[4] = 0x2d;
                    buffer11[5] = 0x2d;
                    buffer11[6] = 0x2d;
                    buffer11[7] = 0x2d;
                    buffer11[8] = 0x2d;
                    buffer11[9] = 0x2d;
                    buffer11[10] = 0x2d;
                    buffer11[11] = 0x2d;
                    buffer11[12] = 0x2d;
                    buffer11[13] = 0x2d;
                    buffer11[14] = 0x2d;
                    buffer11[15] = 0x2d;
                    buffer11[0x10] = 0x2d;
                    buffer11[0x11] = 0x2d;
                    buffer11[0x12] = 0x2d;
                    buffer11[0x13] = 0x2d;
                    buffer11[20] = 0x2d;
                    buffer11[0x15] = 0x2d;
                    buffer11[0x16] = 0x2d;
                    buffer11[0x17] = 0x2d;
                    buffer11[0x18] = 0x2d;
                    buffer11[0x19] = 0x2d;
                    buffer11[0x1a] = 0x2d;
                    buffer11[0x1b] = 0x2d;
                    buffer11[0x1c] = 0x2d;
                    byte[] buffer12 = new byte[] { 
                         0x5c, 110, 0x5c, 0x72, 0x5c, 110, 0x5c, 0x72, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 
                         0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 
                         0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 
                         0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 
                         0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 
                         0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x5c, 
                         110, 0x5c, 0x72, 0x5c, 110, 0x5c, 0x72
                      };
                    string s = ByteToString(buffer2);
                    switch (num)
                    {
                        case 1:
                            s = ByteToString(buffer3);
                            break;

                        case 2:
                            s = ByteToString(buffer4);
                            break;

                        case 3:
                            s = ByteToString(buffer5);
                            break;

                        case 4:
                            s = ByteToString(buffer6);
                            break;

                        case 5:
                            s = ByteToString(buffer7);
                            break;
                    }
                    FileStream stream = new FileStream(str + ByteToString(buffer8), FileMode.Append, FileAccess.Write);
                    string str5 = DateTime.Now.ToShortDateString() + ByteToString(buffer9) + DateTime.Now.ToShortTimeString() + ByteToString(buffer10);
                    stream.Write(Encoding.ASCII.GetBytes(str5), 0, str5.Length);
                    str5 = ByteToString(buffer11);
                    stream.Write(Encoding.ASCII.GetBytes(str5), 0, str5.Length);
                    stream.Write(Encoding.ASCII.GetBytes(s), 0, s.Length);
                    str5 = ByteToString(buffer12);
                    stream.Write(Encoding.ASCII.GetBytes(str5), 0, str5.Length);
                    stream.Close();
                }
            }
        }

        [DllImport("OriSoft.dll", CharSet = CharSet.Ansi, SetLastError = true, ExactSpelling = true)]
        private static extern bool MainDLL(IntPtr RuntimeBase, IntPtr AppBase);
        [DllImport("OriSoft64.dll", EntryPoint = "MainDLL", CharSet = CharSet.Ansi, SetLastError = true, ExactSpelling = true)]
        private static extern bool MainDLL64(IntPtr RuntimeBase, IntPtr AppBase);
        [DllImport("kernel32.dll")]
        public static extern IntPtr OpenProcess(uint dwDesiredAccess, int bInheritHandle, uint dwProcessId);
        [DllImport("kernel32.dll")]
        public static extern int ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [In, Out] byte[] buffer, uint size, out IntPtr lpNumberOfBytesRead);
        [DllImport("KERNEL32.DLL", EntryPoint = "SetEnvironmentVariableA", CharSet = CharSet.Ansi, SetLastError = true, ExactSpelling = true)]
        private static extern bool SetEnvironmentVariable(string lpName, string lpValue);
        public static void Startup()
        {
            if (!started)
            {
                try
                {
                    LoadRuntimes();
                }
                finally
                {
                    LicenseHelper();
                }
            }
        }

        private static string WarningString()
        {
            byte[] buffer = new byte[] { 0xe4, 0xb8, 0xad, 0xe5, 0x9b, 0xbd, 0x61, 0x62, 0x63, 0 };
            return Encoding.UTF8.GetString(buffer);
        }

        [DllImport("kernel32.dll")]
        public static extern int WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [In, Out] byte[] buffer, uint size, out IntPtr lpNumberOfBytesWritten);

        internal interface IInfaceMaxtoCode_interface
        {
        }

        public enum MachineClass
        {
            UNKNOW,
            X86,
            AMD64,
            IA64
        }

        public enum MachineValue
        {
            AMD64 = 0x8664,
            IA64 = 0x200,
            X86 = 0x14c
        }

        public enum ProcessAccessType
        {
            PROCESS_CREATE_PROCESS = 0x80,
            PROCESS_CREATE_THREAD = 2,
            PROCESS_DUP_HANDLE = 0x40,
            PROCESS_QUERY_INFORMATION = 0x400,
            PROCESS_SET_INFORMATION = 0x200,
            PROCESS_SET_QUOTA = 0x100,
            PROCESS_SET_SESSIONID = 4,
            PROCESS_TERMINATE = 1,
            PROCESS_VM_OPERATION = 8,
            PROCESS_VM_READ = 0x10,
            PROCESS_VM_WRITE = 0x20
        }

        [StructLayout(LayoutKind.Sequential)]
        private struct XBED82C99E61DFAE25146410DB92EB284
        {
            public int e_magic;
            public int e_lfanew;
            public int Signature;
            public int Machine;
        }
    }

    ///不是广告哦..代码发芽网生成的高亮的.

     
  • 相关阅读:
    oracle ash性能报告的使用方法
    Top 5 Timed Events[转]
    通过top 5等待事件查看sql语句
    oracle中关于删除表purge语句和闪回语句的基本使用
    oracle表类似:BIN$dJ5h8mA4Lr/gQAB/AQB0oA==$0 TABLE
    Oracle 10G 中的"回收站"
    oracle ash性能报告的使用方法
    分析AWR报告
    global cache cr request
    ORACLE创建OEM是老爱报的错误【weber出品】
  • 原文地址:https://www.cnblogs.com/fat_li/p/2246574.html
Copyright © 2020-2023  润新知