├── README.md
├── App.config
├── Properties
    ├── Settings.settings
    ├── Settings.Designer.cs
    ├── AssemblyInfo.cs
    ├── Resources.Designer.cs
    └── Resources.resx
├── Program.cs
├── Form1.cs
├── Utilities
    ├── ResourceHelper.cs
    └── DictionaryPropertyGridAdapter .cs
├── Form1.Designer.cs
├── NanocoreDecoder.csproj
├── .gitignore
├── Form1.resx
├── LICENSE
└── Decoders
    └── Common.cs


/README.md:
--------------------------------------------------------------------------------
1 | # NanocoreDecoder
2 | Decrypt Nanocore RAT configuration
3 | 


--------------------------------------------------------------------------------
/App.config:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="utf-8" ?>
2 | <configuration>
3 |     <startup> 
4 |         <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
5 |     </startup>
6 | </configuration>


--------------------------------------------------------------------------------
/Properties/Settings.settings:
--------------------------------------------------------------------------------
1 | <?xml version='1.0' encoding='utf-8'?>
2 | <SettingsFile xmlns="http://schemas.microsoft.com/VisualStudio/2004/01/settings" CurrentProfile="(Default)">
3 |   <Profiles>
4 |     <Profile Name="(Default)" />
5 |   </Profiles>
6 |   <Settings />
7 | </SettingsFile>
8 | 


--------------------------------------------------------------------------------
/Program.cs:
--------------------------------------------------------------------------------
 1 | using System;
 2 | using System.Collections.Generic;
 3 | using System.Linq;
 4 | using System.Threading.Tasks;
 5 | using System.Windows.Forms;
 6 | 
 7 | namespace NanocoreDecoder
 8 | {
 9 |     static class Program
10 |     {
11 |         /// <summary>
12 |         /// Point d'entrée principal de l'application.
13 |         /// </summary>
14 |         [STAThread]
15 |         static void Main()
16 |         {
17 |             Application.EnableVisualStyles();
18 |             Application.SetCompatibleTextRenderingDefault(false);
19 |             Application.Run(new Form1());
20 |         }
21 |     }
22 | }
23 | 


--------------------------------------------------------------------------------
/Properties/Settings.Designer.cs:
--------------------------------------------------------------------------------
 1 | //------------------------------------------------------------------------------
 2 | // <auto-generated>
 3 | //     This code was generated by a tool.
 4 | //     Runtime Version:4.0.30319.34209
 5 | //
 6 | //     Changes to this file may cause incorrect behavior and will be lost if
 7 | //     the code is regenerated.
 8 | // </auto-generated>
 9 | //------------------------------------------------------------------------------
10 | 
11 | namespace NanocoreDecoder.Properties
12 | {
13 | 
14 | 
15 |     [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
16 |     [global::System.CodeDom.Compiler.GeneratedCodeAttribute("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "11.0.0.0")]
17 |     internal sealed partial class Settings : global::System.Configuration.ApplicationSettingsBase
18 |     {
19 | 
20 |         private static Settings defaultInstance = ((Settings)(global::System.Configuration.ApplicationSettingsBase.Synchronized(new Settings())));
21 | 
22 |         public static Settings Default
23 |         {
24 |             get
25 |             {
26 |                 return defaultInstance;
27 |             }
28 |         }
29 |     }
30 | }
31 | 


--------------------------------------------------------------------------------
/Form1.cs:
--------------------------------------------------------------------------------
 1 | using System;
 2 | using System.Windows.Forms;
 3 | 
 4 | namespace NanocoreDecoder
 5 | {
 6 |     public partial class Form1 : Form
 7 |     {
 8 | 
 9 | 
10 | 
11 |         public Form1()
12 |         {
13 |             InitializeComponent();
14 |         }
15 | 
16 |         private void Form1_Load(object sender, EventArgs e)
17 |         {
18 |             AllowDrop = true;
19 |   
20 |         }
21 | 
22 |         private void Form1_DragEnter(object sender, DragEventArgs e)
23 |         {
24 |              if(e.Data.GetDataPresent(DataFormats.FileDrop))
25 |              {
26 |                 e.Effect = DragDropEffects.Copy;
27 | 
28 |              }
29 |      
30 |         }
31 | 
32 |         private void Form1_DragDrop(object sender, DragEventArgs e)
33 |         {
34 |             label1.Visible = false;
35 |             string[] files = (string[])e.Data.GetData(DataFormats.FileDrop);
36 |             foreach (string filePath in files)
37 |             {
38 |                 propertyGrid1.SelectedObject = null;
39 | 
40 |                 if (Decoders.Common.Decoder(filePath))
41 |                 {
42 |                     propertyGrid1.SelectedObject = new DictionaryPropertyGridAdapter(NanocoreDecoder.Decoders.Common.dictionary_1);
43 | 
44 |                 }
45 | 
46 |                 break;
47 |             }
48 |         }
49 | 
50 |    
51 |     }
52 | }
53 | 


--------------------------------------------------------------------------------
/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
 1 | using System.Reflection;
 2 | using System.Runtime.CompilerServices;
 3 | using System.Runtime.InteropServices;
 4 | 
 5 | // Les informations générales relatives à un assembly dépendent de 
 6 | // l'ensemble d'attributs suivant. Changez les valeurs de ces attributs pour modifier les informations
 7 | // associées à un assembly.
 8 | [assembly: AssemblyTitle("NanocoreDecoder")]
 9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("NanocoreDecoder")]
13 | [assembly: AssemblyCopyright("Copyright ©  2015")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 | 
17 | // L'affectation de la valeur false à ComVisible rend les types invisibles dans cet assembly 
18 | // aux composants COM.  Si vous devez accéder à un type dans cet assembly à partir de 
19 | // COM, affectez la valeur true à l'attribut ComVisible sur ce type.
20 | [assembly: ComVisible(false)]
21 | 
22 | // Le GUID suivant est pour l'ID de la typelib si ce projet est exposé à COM
23 | [assembly: Guid("f0b46fa2-57d7-4e74-b79e-27d97fc7cdbe")]
24 | 
25 | // Les informations de version pour un assembly se composent des quatre valeurs suivantes :
26 | //
27 | //      Version principale
28 | //      Version secondaire 
29 | //      Numéro de build
30 | //      Révision
31 | //
32 | // Vous pouvez spécifier toutes les valeurs ou indiquer les numéros de build et de révision par défaut 
33 | // en utilisant '*', comme indiqué ci-dessous :
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 | 


--------------------------------------------------------------------------------
/Properties/Resources.Designer.cs:
--------------------------------------------------------------------------------
 1 | //------------------------------------------------------------------------------
 2 | // <auto-generated>
 3 | //     Ce code a été généré par un outil.
 4 | //     Version du runtime :4.0.30319.34209
 5 | //
 6 | //     Les modifications apportées à ce fichier peuvent provoquer un comportement incorrect et seront perdues si
 7 | //     le code est régénéré.
 8 | // </auto-generated>
 9 | //------------------------------------------------------------------------------
10 | 
11 | namespace NanocoreDecoder.Properties
12 | {
13 | 
14 | 
15 |     /// <summary>
16 |     ///   Une classe de ressource fortement typée destinée, entre autres, à la consultation des chaînes localisées.
17 |     /// </summary>
18 |     // Cette classe a été générée automatiquement par la classe StronglyTypedResourceBuilder
19 |     // à l'aide d'un outil, tel que ResGen ou Visual Studio.
20 |     // Pour ajouter ou supprimer un membre, modifiez votre fichier .ResX, puis réexécutez ResGen
21 |     // avec l'option /str ou régénérez votre projet VS.
22 |     [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "4.0.0.0")]
23 |     [global::System.Diagnostics.DebuggerNonUserCodeAttribute()]
24 |     [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
25 |     internal class Resources
26 |     {
27 | 
28 |         private static global::System.Resources.ResourceManager resourceMan;
29 | 
30 |         private static global::System.Globalization.CultureInfo resourceCulture;
31 | 
32 |         [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode")]
33 |         internal Resources()
34 |         {
35 |         }
36 | 
37 |         /// <summary>
38 |         ///   Retourne l'instance ResourceManager mise en cache utilisée par cette classe.
39 |         /// </summary>
40 |         [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
41 |         internal static global::System.Resources.ResourceManager ResourceManager
42 |         {
43 |             get
44 |             {
45 |                 if ((resourceMan == null))
46 |                 {
47 |                     global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("NanocoreDecoder.Properties.Resources", typeof(Resources).Assembly);
48 |                     resourceMan = temp;
49 |                 }
50 |                 return resourceMan;
51 |             }
52 |         }
53 | 
54 |         /// <summary>
55 |         ///   Remplace la propriété CurrentUICulture du thread actuel pour toutes
56 |         ///   les recherches de ressources à l'aide de cette classe de ressource fortement typée.
57 |         /// </summary>
58 |         [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
59 |         internal static global::System.Globalization.CultureInfo Culture
60 |         {
61 |             get
62 |             {
63 |                 return resourceCulture;
64 |             }
65 |             set
66 |             {
67 |                 resourceCulture = value;
68 |             }
69 |         }
70 |     }
71 | }
72 | 


--------------------------------------------------------------------------------
/Utilities/ResourceHelper.cs:
--------------------------------------------------------------------------------
 1 | using System;
 2 | using System.IO;
 3 | using System.Reflection;
 4 | using System.Runtime.InteropServices;
 5 | 
 6 | namespace NanocoreDecoder.Utilities
 7 | {
 8 |     class ResourceHelper
 9 |     {
10 |         
11 |         [DllImport("kernel32.dll", CharSet = CharSet.Ansi, SetLastError = true)]
12 |         public static extern IntPtr LoadLibrary([MarshalAs(UnmanagedType.LPStr)] string fileName);
13 | 
14 |         [DllImport("kernel32.dll")]
15 |         public static extern IntPtr FindResourceEx(IntPtr intptr_0, int int_0, int int_1, short short_0);
16 | 
17 |         [DllImport("kernel32.dll")]
18 |         public static extern IntPtr LoadResource(IntPtr intptr_0, IntPtr intptr_1);
19 | 
20 |         [DllImport("kernel32.dll")]
21 |         public static extern IntPtr LockResource(IntPtr intptr_0);
22 | 
23 |         [DllImport("kernel32.dll")]
24 |         public static extern int SizeofResource(IntPtr intptr_0, IntPtr intptr_1);
25 | 
26 |         [DllImport("kernel32.dll", CharSet = CharSet.Auto, SetLastError = true)]
27 |         public static extern bool FreeLibrary([In] IntPtr hModule);
28 | 
29 |         /// <summary>
30 |         /// Read unmanaged resource 
31 |         /// </summary>
32 |         /// <param name="fname"></param>
33 |         /// <returns></returns>
34 |         public  static byte[] ReadWin32Res(string fname)
35 |         {
36 |             IntPtr a1 = LoadLibrary(fname);
37 | 
38 |             IntPtr ptr = FindResourceEx(a1, 10, 1, 0);
39 |             if (ptr == IntPtr.Zero)
40 |             {
41 |                 FreeLibrary(a1);
42 |                 return null;
43 |             }
44 |             IntPtr ptr2 = LoadResource(a1, ptr);
45 |             if (ptr2 == IntPtr.Zero)
46 |             {
47 |                 FreeLibrary(a1);
48 |                 return null;
49 |             }
50 |             int num = SizeofResource(a1, ptr);
51 |             if (num == 0)
52 |             {
53 |                 FreeLibrary(a1);
54 |                 return null;
55 |             }
56 |             IntPtr source = LockResource(ptr2);
57 |             if (source == IntPtr.Zero)
58 |             {
59 |                 FreeLibrary(a1);
60 |                 return null;
61 |             }
62 |             byte[] destination = new byte[(num - 1) + 1];
63 |             Marshal.Copy(source, destination, 0, destination.Length);
64 |             FreeLibrary(a1);
65 |             return destination;
66 |         }
67 | 
68 | 
69 |         /// <summary>
70 |         /// Read Managed resource  
71 |         /// </summary>
72 |         /// <param name="assm"></param>
73 |         /// <param name="name"></param>
74 |         /// <returns></returns>
75 |         public static byte[] GetDotnetResourceFromAssembly(Assembly assm, string name)
76 |         {
77 |             Stream manifestResourceStream = assm.GetManifestResourceStream(name);
78 |             if (manifestResourceStream == null)
79 |             {
80 |                 return null;
81 |             }
82 |             byte[] buffer = new byte[(((int)manifestResourceStream.Length) - 1) + 1];
83 |             manifestResourceStream.Read(buffer, 0, buffer.Length);
84 |             manifestResourceStream.Dispose();
85 |             return buffer;
86 |         }
87 | 
88 |     }
89 | }
90 | 


--------------------------------------------------------------------------------
/Form1.Designer.cs:
--------------------------------------------------------------------------------
 1 | namespace NanocoreDecoder
 2 | {
 3 |     partial class Form1
 4 |     {
 5 |         /// <summary>
 6 |         /// Variable nécessaire au concepteur.
 7 |         /// </summary>
 8 |         private System.ComponentModel.IContainer components = null;
 9 | 
10 |         /// <summary>
11 |         /// Nettoyage des ressources utilisées.
12 |         /// </summary>
13 |         /// <param name="disposing">true si les ressources managées doivent être supprimées ; sinon, false.</param>
14 |         protected override void Dispose(bool disposing)
15 |         {
16 |             if (disposing && (components != null))
17 |             {
18 |                 components.Dispose();
19 |             }
20 |             base.Dispose(disposing);
21 |         }
22 | 
23 |         #region Code généré par le Concepteur Windows Form
24 | 
25 |         /// <summary>
26 |         /// Méthode requise pour la prise en charge du concepteur - ne modifiez pas
27 |         /// le contenu de cette méthode avec l'éditeur de code.
28 |         /// </summary>
29 |         private void InitializeComponent()
30 |         {
31 |             this.propertyGrid1 = new System.Windows.Forms.PropertyGrid();
32 |             this.label1 = new System.Windows.Forms.Label();
33 |             this.SuspendLayout();
34 |             // 
35 |             // propertyGrid1
36 |             // 
37 |             this.propertyGrid1.Dock = System.Windows.Forms.DockStyle.Fill;
38 |             this.propertyGrid1.HelpVisible = false;
39 |             this.propertyGrid1.Location = new System.Drawing.Point(0, 0);
40 |             this.propertyGrid1.Name = "propertyGrid1";
41 |             this.propertyGrid1.PropertySort = System.Windows.Forms.PropertySort.NoSort;
42 |             this.propertyGrid1.Size = new System.Drawing.Size(647, 343);
43 |             this.propertyGrid1.TabIndex = 0;
44 |             this.propertyGrid1.ToolbarVisible = false;
45 |             // 
46 |             // label1
47 |             // 
48 |             this.label1.AutoSize = true;
49 |             this.label1.Location = new System.Drawing.Point(200, 145);
50 |             this.label1.Name = "label1";
51 |             this.label1.Size = new System.Drawing.Size(249, 13);
52 |             this.label1.TabIndex = 1;
53 |             this.label1.Text = "Drag && Drop a Nanocore sample here to start analysis";
54 |             // 
55 |             // Form1
56 |             // 
57 |             this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 13F);
58 |             this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
59 |             this.ClientSize = new System.Drawing.Size(647, 343);
60 |             this.Controls.Add(this.label1);
61 |             this.Controls.Add(this.propertyGrid1);
62 |             this.Name = "Form1";
63 |             this.Text = "Nanocore Config Decoder";
64 |             this.Load += new System.EventHandler(this.Form1_Load);
65 |             this.DragDrop += new System.Windows.Forms.DragEventHandler(this.Form1_DragDrop);
66 |             this.DragEnter += new System.Windows.Forms.DragEventHandler(this.Form1_DragEnter);
67 |             this.ResumeLayout(false);
68 |             this.PerformLayout();
69 | 
70 |         }
71 | 
72 |         #endregion
73 | 
74 |         private System.Windows.Forms.PropertyGrid propertyGrid1;
75 |         private System.Windows.Forms.Label label1;
76 |     }
77 | }
78 | 
79 | 


--------------------------------------------------------------------------------
/NanocoreDecoder.csproj:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="12.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
 4 |   <PropertyGroup>
 5 |     <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
 6 |     <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
 7 |     <ProjectGuid>{29739A8B-322B-46FD-A057-EADDC5206CF1}</ProjectGuid>
 8 |     <OutputType>WinExe</OutputType>
 9 |     <AppDesignerFolder>Properties</AppDesignerFolder>
10 |     <RootNamespace>NanocoreDecoder</RootNamespace>
11 |     <AssemblyName>NanocoreDecoder</AssemblyName>
12 |     <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
13 |     <FileAlignment>512</FileAlignment>
14 |   </PropertyGroup>
15 |   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
16 |     <PlatformTarget>AnyCPU</PlatformTarget>
17 |     <DebugSymbols>true</DebugSymbols>
18 |     <DebugType>full</DebugType>
19 |     <Optimize>false</Optimize>
20 |     <OutputPath>bin\Debug\</OutputPath>
21 |     <DefineConstants>DEBUG;TRACE</DefineConstants>
22 |     <ErrorReport>prompt</ErrorReport>
23 |     <WarningLevel>4</WarningLevel>
24 |   </PropertyGroup>
25 |   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
26 |     <PlatformTarget>AnyCPU</PlatformTarget>
27 |     <DebugType>pdbonly</DebugType>
28 |     <Optimize>true</Optimize>
29 |     <OutputPath>bin\Release\</OutputPath>
30 |     <DefineConstants>TRACE</DefineConstants>
31 |     <ErrorReport>prompt</ErrorReport>
32 |     <WarningLevel>4</WarningLevel>
33 |   </PropertyGroup>
34 |   <ItemGroup>
35 |     <Reference Include="System" />
36 |     <Reference Include="System.Core" />
37 |     <Reference Include="System.Xml.Linq" />
38 |     <Reference Include="System.Data.DataSetExtensions" />
39 |     <Reference Include="Microsoft.CSharp" />
40 |     <Reference Include="System.Data" />
41 |     <Reference Include="System.Deployment" />
42 |     <Reference Include="System.Drawing" />
43 |     <Reference Include="System.Windows.Forms" />
44 |     <Reference Include="System.Xml" />
45 |   </ItemGroup>
46 |   <ItemGroup>
47 |     <Compile Include="Decoders\Common.cs" />
48 |     <Compile Include="Utilities\DictionaryPropertyGridAdapter .cs" />
49 |     <Compile Include="Form1.cs">
50 |       <SubType>Form</SubType>
51 |     </Compile>
52 |     <Compile Include="Form1.Designer.cs">
53 |       <DependentUpon>Form1.cs</DependentUpon>
54 |     </Compile>
55 |     <Compile Include="Program.cs" />
56 |     <Compile Include="Properties\AssemblyInfo.cs" />
57 |     <Compile Include="Utilities\ResourceHelper.cs" />
58 |     <EmbeddedResource Include="Form1.resx">
59 |       <DependentUpon>Form1.cs</DependentUpon>
60 |     </EmbeddedResource>
61 |     <EmbeddedResource Include="Properties\Resources.resx">
62 |       <Generator>ResXFileCodeGenerator</Generator>
63 |       <LastGenOutput>Resources.Designer.cs</LastGenOutput>
64 |       <SubType>Designer</SubType>
65 |     </EmbeddedResource>
66 |     <Compile Include="Properties\Resources.Designer.cs">
67 |       <AutoGen>True</AutoGen>
68 |       <DependentUpon>Resources.resx</DependentUpon>
69 |     </Compile>
70 |     <None Include="Properties\Settings.settings">
71 |       <Generator>SettingsSingleFileGenerator</Generator>
72 |       <LastGenOutput>Settings.Designer.cs</LastGenOutput>
73 |     </None>
74 |     <Compile Include="Properties\Settings.Designer.cs">
75 |       <AutoGen>True</AutoGen>
76 |       <DependentUpon>Settings.settings</DependentUpon>
77 |       <DesignTimeSharedInput>True</DesignTimeSharedInput>
78 |     </Compile>
79 |   </ItemGroup>
80 |   <ItemGroup>
81 |     <None Include="App.config" />
82 |   </ItemGroup>
83 |   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
84 |   <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
85 |        Other similar extension points exist, see Microsoft.Common.targets.
86 |   <Target Name="BeforeBuild">
87 |   </Target>
88 |   <Target Name="AfterBuild">
89 |   </Target>
90 |   -->
91 | </Project>


--------------------------------------------------------------------------------
/Utilities/DictionaryPropertyGridAdapter .cs:
--------------------------------------------------------------------------------
  1 | using System;
  2 | using System.Collections;
  3 | using System.ComponentModel;
  4 | 
  5 | namespace NanocoreDecoder
  6 | {
  7 |     class DictionaryPropertyGridAdapter :ICustomTypeDescriptor
  8 |     {
  9 | 
 10 |         IDictionary _dictionary;
 11 | 
 12 |         public DictionaryPropertyGridAdapter(IDictionary d)
 13 |         {
 14 |             _dictionary = d;
 15 |         }
 16 | 
 17 |         public string GetComponentName()
 18 |         {
 19 |             return TypeDescriptor.GetComponentName(this, true);
 20 |         }
 21 | 
 22 |         public EventDescriptor GetDefaultEvent()
 23 |         {
 24 |             return TypeDescriptor.GetDefaultEvent(this, true);
 25 |         }
 26 | 
 27 |         public string GetClassName()
 28 |         {
 29 |             return TypeDescriptor.GetClassName(this, true);
 30 |         }
 31 | 
 32 |         public EventDescriptorCollection GetEvents(Attribute[] attributes)
 33 |         {
 34 |             return TypeDescriptor.GetEvents(this, attributes, true);
 35 |         }
 36 | 
 37 |         EventDescriptorCollection System.ComponentModel.ICustomTypeDescriptor.GetEvents()
 38 |         {
 39 |             return TypeDescriptor.GetEvents(this, true);
 40 |         }
 41 | 
 42 |         public TypeConverter GetConverter()
 43 |         {
 44 |             return TypeDescriptor.GetConverter(this, true);
 45 |         }
 46 | 
 47 |         public object GetPropertyOwner(PropertyDescriptor pd)
 48 |         {
 49 |             return _dictionary;
 50 |         }
 51 | 
 52 |         public AttributeCollection GetAttributes()
 53 |         {
 54 |             return TypeDescriptor.GetAttributes(this, true);
 55 |         }
 56 | 
 57 |         public object GetEditor(Type editorBaseType)
 58 |         {
 59 |             return TypeDescriptor.GetEditor(this, editorBaseType, true);
 60 |         }
 61 | 
 62 |         public PropertyDescriptor GetDefaultProperty()
 63 |         {
 64 |             return null;
 65 |         }
 66 | 
 67 |         PropertyDescriptorCollection
 68 |             System.ComponentModel.ICustomTypeDescriptor.GetProperties()
 69 |         {
 70 |             return ((ICustomTypeDescriptor)this).GetProperties(new Attribute[0]);
 71 |         }
 72 | 
 73 |         public PropertyDescriptorCollection GetProperties(Attribute[] attributes)
 74 |         {
 75 |             ArrayList properties = new ArrayList();
 76 |             foreach (DictionaryEntry e in _dictionary)
 77 |             {
 78 |                 properties.Add(new DictionaryPropertyDescriptor(_dictionary, e.Key));
 79 |             }
 80 | 
 81 |             PropertyDescriptor[] props =
 82 |                 (PropertyDescriptor[])properties.ToArray(typeof(PropertyDescriptor));
 83 | 
 84 |             return new PropertyDescriptorCollection(props);
 85 |         }
 86 |     }
 87 | 
 88 |     class DictionaryPropertyDescriptor : PropertyDescriptor
 89 | {
 90 | 
 91 |     IDictionary _dictionary;
 92 |     object _key;
 93 | 
 94 |     internal DictionaryPropertyDescriptor(IDictionary d, object key)
 95 |         : base(key.ToString(), null)
 96 |     {
 97 |         _dictionary = d;
 98 |         _key = key;
 99 |     }
100 | 
101 | 
102 |     public override Type PropertyType
103 |     {
104 |         get { return _dictionary[_key].GetType(); }
105 |     }
106 | 
107 | 
108 | 
109 |     public override void SetValue(object component, object value)
110 |     {
111 |         _dictionary[_key] = value;
112 |     }
113 | 
114 |     public override object GetValue(object component)
115 |     {
116 |         return _dictionary[_key];
117 |     }
118 | 
119 | 
120 |     public override bool IsReadOnly
121 |     {
122 |         get { return false; }
123 |     }
124 | 
125 |     public override Type ComponentType
126 |     {
127 |         get { return null; }
128 |     }
129 | 
130 |     public override bool CanResetValue(object component)
131 |     {
132 |         return false;
133 |     }
134 | 
135 |     public override void ResetValue(object component)
136 |     {
137 |     }
138 | 
139 |     public override bool ShouldSerializeValue(object component)
140 |     {
141 |         return false;
142 |     }
143 | }
144 | 
145 | 
146 | }
147 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
  1 | ## Ignore Visual Studio temporary files, build results, and
  2 | ## files generated by popular Visual Studio add-ons.
  3 | 
  4 | # User-specific files
  5 | *.suo
  6 | *.user
  7 | *.userosscache
  8 | *.sln.docstates
  9 | 
 10 | # User-specific files (MonoDevelop/Xamarin Studio)
 11 | *.userprefs
 12 | 
 13 | # Build results
 14 | [Dd]ebug/
 15 | [Dd]ebugPublic/
 16 | [Rr]elease/
 17 | [Rr]eleases/
 18 | x64/
 19 | x86/
 20 | bld/
 21 | [Bb]in/
 22 | [Oo]bj/
 23 | [Ll]og/
 24 | 
 25 | # Visual Studio 2015 cache/options directory
 26 | .vs/
 27 | # Uncomment if you have tasks that create the project's static files in wwwroot
 28 | #wwwroot/
 29 | 
 30 | # MSTest test Results
 31 | [Tt]est[Rr]esult*/
 32 | [Bb]uild[Ll]og.*
 33 | 
 34 | # NUNIT
 35 | *.VisualState.xml
 36 | TestResult.xml
 37 | 
 38 | # Build Results of an ATL Project
 39 | [Dd]ebugPS/
 40 | [Rr]eleasePS/
 41 | dlldata.c
 42 | 
 43 | # DNX
 44 | project.lock.json
 45 | artifacts/
 46 | 
 47 | *_i.c
 48 | *_p.c
 49 | *_i.h
 50 | *.ilk
 51 | *.meta
 52 | *.obj
 53 | *.pch
 54 | *.pdb
 55 | *.pgc
 56 | *.pgd
 57 | *.rsp
 58 | *.sbr
 59 | *.tlb
 60 | *.tli
 61 | *.tlh
 62 | *.tmp
 63 | *.tmp_proj
 64 | *.log
 65 | *.vspscc
 66 | *.vssscc
 67 | .builds
 68 | *.pidb
 69 | *.svclog
 70 | *.scc
 71 | 
 72 | # Chutzpah Test files
 73 | _Chutzpah*
 74 | 
 75 | # Visual C++ cache files
 76 | ipch/
 77 | *.aps
 78 | *.ncb
 79 | *.opendb
 80 | *.opensdf
 81 | *.sdf
 82 | *.cachefile
 83 | *.VC.db
 84 | *.VC.VC.opendb
 85 | 
 86 | # Visual Studio profiler
 87 | *.psess
 88 | *.vsp
 89 | *.vspx
 90 | *.sap
 91 | 
 92 | # TFS 2012 Local Workspace
 93 | $tf/
 94 | 
 95 | # Guidance Automation Toolkit
 96 | *.gpState
 97 | 
 98 | # ReSharper is a .NET coding add-in
 99 | _ReSharper*/
100 | *.[Rr]e[Ss]harper
101 | *.DotSettings.user
102 | 
103 | # JustCode is a .NET coding add-in
104 | .JustCode
105 | 
106 | # TeamCity is a build add-in
107 | _TeamCity*
108 | 
109 | # DotCover is a Code Coverage Tool
110 | *.dotCover
111 | 
112 | # NCrunch
113 | _NCrunch_*
114 | .*crunch*.local.xml
115 | nCrunchTemp_*
116 | 
117 | # MightyMoose
118 | *.mm.*
119 | AutoTest.Net/
120 | 
121 | # Web workbench (sass)
122 | .sass-cache/
123 | 
124 | # Installshield output folder
125 | [Ee]xpress/
126 | 
127 | # DocProject is a documentation generator add-in
128 | DocProject/buildhelp/
129 | DocProject/Help/*.HxT
130 | DocProject/Help/*.HxC
131 | DocProject/Help/*.hhc
132 | DocProject/Help/*.hhk
133 | DocProject/Help/*.hhp
134 | DocProject/Help/Html2
135 | DocProject/Help/html
136 | 
137 | # Click-Once directory
138 | publish/
139 | 
140 | # Publish Web Output
141 | *.[Pp]ublish.xml
142 | *.azurePubxml
143 | # TODO: Comment the next line if you want to checkin your web deploy settings
144 | # but database connection strings (with potential passwords) will be unencrypted
145 | *.pubxml
146 | *.publishproj
147 | 
148 | # Microsoft Azure Web App publish settings. Comment the next line if you want to
149 | # checkin your Azure Web App publish settings, but sensitive information contained
150 | # in these scripts will be unencrypted
151 | PublishScripts/
152 | 
153 | # NuGet Packages
154 | *.nupkg
155 | # The packages folder can be ignored because of Package Restore
156 | **/packages/*
157 | # except build/, which is used as an MSBuild target.
158 | !**/packages/build/
159 | # Uncomment if necessary however generally it will be regenerated when needed
160 | #!**/packages/repositories.config
161 | # NuGet v3's project.json files produces more ignoreable files
162 | *.nuget.props
163 | *.nuget.targets
164 | 
165 | # Microsoft Azure Build Output
166 | csx/
167 | *.build.csdef
168 | 
169 | # Microsoft Azure Emulator
170 | ecf/
171 | rcf/
172 | 
173 | # Windows Store app package directories and files
174 | AppPackages/
175 | BundleArtifacts/
176 | Package.StoreAssociation.xml
177 | _pkginfo.txt
178 | 
179 | # Visual Studio cache files
180 | # files ending in .cache can be ignored
181 | *.[Cc]ache
182 | # but keep track of directories ending in .cache
183 | !*.[Cc]ache/
184 | 
185 | # Others
186 | ClientBin/
187 | ~$*
188 | *~
189 | *.dbmdl
190 | *.dbproj.schemaview
191 | *.pfx
192 | *.publishsettings
193 | node_modules/
194 | orleans.codegen.cs
195 | 
196 | # Since there are multiple workflows, uncomment next line to ignore bower_components
197 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
198 | #bower_components/
199 | 
200 | # RIA/Silverlight projects
201 | Generated_Code/
202 | 
203 | # Backup & report files from converting an old project file
204 | # to a newer Visual Studio version. Backup files are not needed,
205 | # because we have git ;-)
206 | _UpgradeReport_Files/
207 | Backup*/
208 | UpgradeLog*.XML
209 | UpgradeLog*.htm
210 | 
211 | # SQL Server files
212 | *.mdf
213 | *.ldf
214 | 
215 | # Business Intelligence projects
216 | *.rdl.data
217 | *.bim.layout
218 | *.bim_*.settings
219 | 
220 | # Microsoft Fakes
221 | FakesAssemblies/
222 | 
223 | # GhostDoc plugin setting file
224 | *.GhostDoc.xml
225 | 
226 | # Node.js Tools for Visual Studio
227 | .ntvs_analysis.dat
228 | 
229 | # Visual Studio 6 build log
230 | *.plg
231 | 
232 | # Visual Studio 6 workspace options file
233 | *.opt
234 | 
235 | # Visual Studio LightSwitch build output
236 | **/*.HTMLClient/GeneratedArtifacts
237 | **/*.DesktopClient/GeneratedArtifacts
238 | **/*.DesktopClient/ModelManifest.xml
239 | **/*.Server/GeneratedArtifacts
240 | **/*.Server/ModelManifest.xml
241 | _Pvt_Extensions
242 | 
243 | # Paket dependency manager
244 | .paket/paket.exe
245 | paket-files/
246 | 
247 | # FAKE - F# Make
248 | .fake/
249 | 
250 | # JetBrains Rider
251 | .idea/
252 | *.sln.iml
253 | 


--------------------------------------------------------------------------------
/Properties/Resources.resx:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <root>
  3 |   <!-- 
  4 |     Microsoft ResX Schema 
  5 |     
  6 |     Version 2.0
  7 |     
  8 |     The primary goals of this format is to allow a simple XML format 
  9 |     that is mostly human readable. The generation and parsing of the 
 10 |     various data types are done through the TypeConverter classes 
 11 |     associated with the data types.
 12 |     
 13 |     Example:
 14 |     
 15 |     ... ado.net/XML headers & schema ...
 16 |     <resheader name="resmimetype">text/microsoft-resx</resheader>
 17 |     <resheader name="version">2.0</resheader>
 18 |     <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
 19 |     <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
 20 |     <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
 21 |     <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
 22 |     <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
 23 |         <value>[base64 mime encoded serialized .NET Framework object]</value>
 24 |     </data>
 25 |     <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
 26 |         <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
 27 |         <comment>This is a comment</comment>
 28 |     </data>
 29 |                 
 30 |     There are any number of "resheader" rows that contain simple 
 31 |     name/value pairs.
 32 |     
 33 |     Each data row contains a name, and value. The row also contains a 
 34 |     type or mimetype. Type corresponds to a .NET class that support 
 35 |     text/value conversion through the TypeConverter architecture. 
 36 |     Classes that don't support this are serialized and stored with the 
 37 |     mimetype set.
 38 |     
 39 |     The mimetype is used for serialized objects, and tells the 
 40 |     ResXResourceReader how to depersist the object. This is currently not 
 41 |     extensible. For a given mimetype the value must be set accordingly:
 42 |     
 43 |     Note - application/x-microsoft.net.object.binary.base64 is the format 
 44 |     that the ResXResourceWriter will generate, however the reader can 
 45 |     read any of the formats listed below.
 46 |     
 47 |     mimetype: application/x-microsoft.net.object.binary.base64
 48 |     value   : The object must be serialized with 
 49 |             : System.Serialization.Formatters.Binary.BinaryFormatter
 50 |             : and then encoded with base64 encoding.
 51 |     
 52 |     mimetype: application/x-microsoft.net.object.soap.base64
 53 |     value   : The object must be serialized with 
 54 |             : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
 55 |             : and then encoded with base64 encoding.
 56 | 
 57 |     mimetype: application/x-microsoft.net.object.bytearray.base64
 58 |     value   : The object must be serialized into a byte array 
 59 |             : using a System.ComponentModel.TypeConverter
 60 |             : and then encoded with base64 encoding.
 61 |     -->
 62 |   <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
 63 |     <xsd:element name="root" msdata:IsDataSet="true">
 64 |       <xsd:complexType>
 65 |         <xsd:choice maxOccurs="unbounded">
 66 |           <xsd:element name="metadata">
 67 |             <xsd:complexType>
 68 |               <xsd:sequence>
 69 |                 <xsd:element name="value" type="xsd:string" minOccurs="0" />
 70 |               </xsd:sequence>
 71 |               <xsd:attribute name="name" type="xsd:string" />
 72 |               <xsd:attribute name="type" type="xsd:string" />
 73 |               <xsd:attribute name="mimetype" type="xsd:string" />
 74 |             </xsd:complexType>
 75 |           </xsd:element>
 76 |           <xsd:element name="assembly">
 77 |             <xsd:complexType>
 78 |               <xsd:attribute name="alias" type="xsd:string" />
 79 |               <xsd:attribute name="name" type="xsd:string" />
 80 |             </xsd:complexType>
 81 |           </xsd:element>
 82 |           <xsd:element name="data">
 83 |             <xsd:complexType>
 84 |               <xsd:sequence>
 85 |                 <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
 86 |                 <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
 87 |               </xsd:sequence>
 88 |               <xsd:attribute name="name" type="xsd:string" msdata:Ordinal="1" />
 89 |               <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
 90 |               <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
 91 |             </xsd:complexType>
 92 |           </xsd:element>
 93 |           <xsd:element name="resheader">
 94 |             <xsd:complexType>
 95 |               <xsd:sequence>
 96 |                 <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
 97 |               </xsd:sequence>
 98 |               <xsd:attribute name="name" type="xsd:string" use="required" />
 99 |             </xsd:complexType>
100 |           </xsd:element>
101 |         </xsd:choice>
102 |       </xsd:complexType>
103 |     </xsd:element>
104 |   </xsd:schema>
105 |   <resheader name="resmimetype">
106 |     <value>text/microsoft-resx</value>
107 |   </resheader>
108 |   <resheader name="version">
109 |     <value>2.0</value>
110 |   </resheader>
111 |   <resheader name="reader">
112 |     <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
113 |   </resheader>
114 |   <resheader name="writer">
115 |     <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
116 |   </resheader>
117 | </root>


--------------------------------------------------------------------------------
/Form1.resx:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <root>
  3 |   <!-- 
  4 |     Microsoft ResX Schema 
  5 |     
  6 |     Version 2.0
  7 |     
  8 |     The primary goals of this format is to allow a simple XML format 
  9 |     that is mostly human readable. The generation and parsing of the 
 10 |     various data types are done through the TypeConverter classes 
 11 |     associated with the data types.
 12 |     
 13 |     Example:
 14 |     
 15 |     ... ado.net/XML headers & schema ...
 16 |     <resheader name="resmimetype">text/microsoft-resx</resheader>
 17 |     <resheader name="version">2.0</resheader>
 18 |     <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
 19 |     <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
 20 |     <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
 21 |     <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
 22 |     <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
 23 |         <value>[base64 mime encoded serialized .NET Framework object]</value>
 24 |     </data>
 25 |     <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
 26 |         <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
 27 |         <comment>This is a comment</comment>
 28 |     </data>
 29 |                 
 30 |     There are any number of "resheader" rows that contain simple 
 31 |     name/value pairs.
 32 |     
 33 |     Each data row contains a name, and value. The row also contains a 
 34 |     type or mimetype. Type corresponds to a .NET class that support 
 35 |     text/value conversion through the TypeConverter architecture. 
 36 |     Classes that don't support this are serialized and stored with the 
 37 |     mimetype set.
 38 |     
 39 |     The mimetype is used for serialized objects, and tells the 
 40 |     ResXResourceReader how to depersist the object. This is currently not 
 41 |     extensible. For a given mimetype the value must be set accordingly:
 42 |     
 43 |     Note - application/x-microsoft.net.object.binary.base64 is the format 
 44 |     that the ResXResourceWriter will generate, however the reader can 
 45 |     read any of the formats listed below.
 46 |     
 47 |     mimetype: application/x-microsoft.net.object.binary.base64
 48 |     value   : The object must be serialized with 
 49 |             : System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
 50 |             : and then encoded with base64 encoding.
 51 |     
 52 |     mimetype: application/x-microsoft.net.object.soap.base64
 53 |     value   : The object must be serialized with 
 54 |             : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
 55 |             : and then encoded with base64 encoding.
 56 | 
 57 |     mimetype: application/x-microsoft.net.object.bytearray.base64
 58 |     value   : The object must be serialized into a byte array 
 59 |             : using a System.ComponentModel.TypeConverter
 60 |             : and then encoded with base64 encoding.
 61 |     -->
 62 |   <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
 63 |     <xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
 64 |     <xsd:element name="root" msdata:IsDataSet="true">
 65 |       <xsd:complexType>
 66 |         <xsd:choice maxOccurs="unbounded">
 67 |           <xsd:element name="metadata">
 68 |             <xsd:complexType>
 69 |               <xsd:sequence>
 70 |                 <xsd:element name="value" type="xsd:string" minOccurs="0" />
 71 |               </xsd:sequence>
 72 |               <xsd:attribute name="name" use="required" type="xsd:string" />
 73 |               <xsd:attribute name="type" type="xsd:string" />
 74 |               <xsd:attribute name="mimetype" type="xsd:string" />
 75 |               <xsd:attribute ref="xml:space" />
 76 |             </xsd:complexType>
 77 |           </xsd:element>
 78 |           <xsd:element name="assembly">
 79 |             <xsd:complexType>
 80 |               <xsd:attribute name="alias" type="xsd:string" />
 81 |               <xsd:attribute name="name" type="xsd:string" />
 82 |             </xsd:complexType>
 83 |           </xsd:element>
 84 |           <xsd:element name="data">
 85 |             <xsd:complexType>
 86 |               <xsd:sequence>
 87 |                 <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
 88 |                 <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
 89 |               </xsd:sequence>
 90 |               <xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
 91 |               <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
 92 |               <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
 93 |               <xsd:attribute ref="xml:space" />
 94 |             </xsd:complexType>
 95 |           </xsd:element>
 96 |           <xsd:element name="resheader">
 97 |             <xsd:complexType>
 98 |               <xsd:sequence>
 99 |                 <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
100 |               </xsd:sequence>
101 |               <xsd:attribute name="name" type="xsd:string" use="required" />
102 |             </xsd:complexType>
103 |           </xsd:element>
104 |         </xsd:choice>
105 |       </xsd:complexType>
106 |     </xsd:element>
107 |   </xsd:schema>
108 |   <resheader name="resmimetype">
109 |     <value>text/microsoft-resx</value>
110 |   </resheader>
111 |   <resheader name="version">
112 |     <value>2.0</value>
113 |   </resheader>
114 |   <resheader name="reader">
115 |     <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
116 |   </resheader>
117 |   <resheader name="writer">
118 |     <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
119 |   </resheader>
120 | </root>


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
  1 |                                  Apache License
  2 |                            Version 2.0, January 2004
  3 |                         http://www.apache.org/licenses/
  4 | 
  5 |    TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
  6 | 
  7 |    1. Definitions.
  8 | 
  9 |       "License" shall mean the terms and conditions for use, reproduction,
 10 |       and distribution as defined by Sections 1 through 9 of this document.
 11 | 
 12 |       "Licensor" shall mean the copyright owner or entity authorized by
 13 |       the copyright owner that is granting the License.
 14 | 
 15 |       "Legal Entity" shall mean the union of the acting entity and all
 16 |       other entities that control, are controlled by, or are under common
 17 |       control with that entity. For the purposes of this definition,
 18 |       "control" means (i) the power, direct or indirect, to cause the
 19 |       direction or management of such entity, whether by contract or
 20 |       otherwise, or (ii) ownership of fifty percent (50%) or more of the
 21 |       outstanding shares, or (iii) beneficial ownership of such entity.
 22 | 
 23 |       "You" (or "Your") shall mean an individual or Legal Entity
 24 |       exercising permissions granted by this License.
 25 | 
 26 |       "Source" form shall mean the preferred form for making modifications,
 27 |       including but not limited to software source code, documentation
 28 |       source, and configuration files.
 29 | 
 30 |       "Object" form shall mean any form resulting from mechanical
 31 |       transformation or translation of a Source form, including but
 32 |       not limited to compiled object code, generated documentation,
 33 |       and conversions to other media types.
 34 | 
 35 |       "Work" shall mean the work of authorship, whether in Source or
 36 |       Object form, made available under the License, as indicated by a
 37 |       copyright notice that is included in or attached to the work
 38 |       (an example is provided in the Appendix below).
 39 | 
 40 |       "Derivative Works" shall mean any work, whether in Source or Object
 41 |       form, that is based on (or derived from) the Work and for which the
 42 |       editorial revisions, annotations, elaborations, or other modifications
 43 |       represent, as a whole, an original work of authorship. For the purposes
 44 |       of this License, Derivative Works shall not include works that remain
 45 |       separable from, or merely link (or bind by name) to the interfaces of,
 46 |       the Work and Derivative Works thereof.
 47 | 
 48 |       "Contribution" shall mean any work of authorship, including
 49 |       the original version of the Work and any modifications or additions
 50 |       to that Work or Derivative Works thereof, that is intentionally
 51 |       submitted to Licensor for inclusion in the Work by the copyright owner
 52 |       or by an individual or Legal Entity authorized to submit on behalf of
 53 |       the copyright owner. For the purposes of this definition, "submitted"
 54 |       means any form of electronic, verbal, or written communication sent
 55 |       to the Licensor or its representatives, including but not limited to
 56 |       communication on electronic mailing lists, source code control systems,
 57 |       and issue tracking systems that are managed by, or on behalf of, the
 58 |       Licensor for the purpose of discussing and improving the Work, but
 59 |       excluding communication that is conspicuously marked or otherwise
 60 |       designated in writing by the copyright owner as "Not a Contribution."
 61 | 
 62 |       "Contributor" shall mean Licensor and any individual or Legal Entity
 63 |       on behalf of whom a Contribution has been received by Licensor and
 64 |       subsequently incorporated within the Work.
 65 | 
 66 |    2. Grant of Copyright License. Subject to the terms and conditions of
 67 |       this License, each Contributor hereby grants to You a perpetual,
 68 |       worldwide, non-exclusive, no-charge, royalty-free, irrevocable
 69 |       copyright license to reproduce, prepare Derivative Works of,
 70 |       publicly display, publicly perform, sublicense, and distribute the
 71 |       Work and such Derivative Works in Source or Object form.
 72 | 
 73 |    3. Grant of Patent License. Subject to the terms and conditions of
 74 |       this License, each Contributor hereby grants to You a perpetual,
 75 |       worldwide, non-exclusive, no-charge, royalty-free, irrevocable
 76 |       (except as stated in this section) patent license to make, have made,
 77 |       use, offer to sell, sell, import, and otherwise transfer the Work,
 78 |       where such license applies only to those patent claims licensable
 79 |       by such Contributor that are necessarily infringed by their
 80 |       Contribution(s) alone or by combination of their Contribution(s)
 81 |       with the Work to which such Contribution(s) was submitted. If You
 82 |       institute patent litigation against any entity (including a
 83 |       cross-claim or counterclaim in a lawsuit) alleging that the Work
 84 |       or a Contribution incorporated within the Work constitutes direct
 85 |       or contributory patent infringement, then any patent licenses
 86 |       granted to You under this License for that Work shall terminate
 87 |       as of the date such litigation is filed.
 88 | 
 89 |    4. Redistribution. You may reproduce and distribute copies of the
 90 |       Work or Derivative Works thereof in any medium, with or without
 91 |       modifications, and in Source or Object form, provided that You
 92 |       meet the following conditions:
 93 | 
 94 |       (a) You must give any other recipients of the Work or
 95 |           Derivative Works a copy of this License; and
 96 | 
 97 |       (b) You must cause any modified files to carry prominent notices
 98 |           stating that You changed the files; and
 99 | 
100 |       (c) You must retain, in the Source form of any Derivative Works
101 |           that You distribute, all copyright, patent, trademark, and
102 |           attribution notices from the Source form of the Work,
103 |           excluding those notices that do not pertain to any part of
104 |           the Derivative Works; and
105 | 
106 |       (d) If the Work includes a "NOTICE" text file as part of its
107 |           distribution, then any Derivative Works that You distribute must
108 |           include a readable copy of the attribution notices contained
109 |           within such NOTICE file, excluding those notices that do not
110 |           pertain to any part of the Derivative Works, in at least one
111 |           of the following places: within a NOTICE text file distributed
112 |           as part of the Derivative Works; within the Source form or
113 |           documentation, if provided along with the Derivative Works; or,
114 |           within a display generated by the Derivative Works, if and
115 |           wherever such third-party notices normally appear. The contents
116 |           of the NOTICE file are for informational purposes only and
117 |           do not modify the License. You may add Your own attribution
118 |           notices within Derivative Works that You distribute, alongside
119 |           or as an addendum to the NOTICE text from the Work, provided
120 |           that such additional attribution notices cannot be construed
121 |           as modifying the License.
122 | 
123 |       You may add Your own copyright statement to Your modifications and
124 |       may provide additional or different license terms and conditions
125 |       for use, reproduction, or distribution of Your modifications, or
126 |       for any such Derivative Works as a whole, provided Your use,
127 |       reproduction, and distribution of the Work otherwise complies with
128 |       the conditions stated in this License.
129 | 
130 |    5. Submission of Contributions. Unless You explicitly state otherwise,
131 |       any Contribution intentionally submitted for inclusion in the Work
132 |       by You to the Licensor shall be under the terms and conditions of
133 |       this License, without any additional terms or conditions.
134 |       Notwithstanding the above, nothing herein shall supersede or modify
135 |       the terms of any separate license agreement you may have executed
136 |       with Licensor regarding such Contributions.
137 | 
138 |    6. Trademarks. This License does not grant permission to use the trade
139 |       names, trademarks, service marks, or product names of the Licensor,
140 |       except as required for reasonable and customary use in describing the
141 |       origin of the Work and reproducing the content of the NOTICE file.
142 | 
143 |    7. Disclaimer of Warranty. Unless required by applicable law or
144 |       agreed to in writing, Licensor provides the Work (and each
145 |       Contributor provides its Contributions) on an "AS IS" BASIS,
146 |       WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
147 |       implied, including, without limitation, any warranties or conditions
148 |       of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
149 |       PARTICULAR PURPOSE. You are solely responsible for determining the
150 |       appropriateness of using or redistributing the Work and assume any
151 |       risks associated with Your exercise of permissions under this License.
152 | 
153 |    8. Limitation of Liability. In no event and under no legal theory,
154 |       whether in tort (including negligence), contract, or otherwise,
155 |       unless required by applicable law (such as deliberate and grossly
156 |       negligent acts) or agreed to in writing, shall any Contributor be
157 |       liable to You for damages, including any direct, indirect, special,
158 |       incidental, or consequential damages of any character arising as a
159 |       result of this License or out of the use or inability to use the
160 |       Work (including but not limited to damages for loss of goodwill,
161 |       work stoppage, computer failure or malfunction, or any and all
162 |       other commercial damages or losses), even if such Contributor
163 |       has been advised of the possibility of such damages.
164 | 
165 |    9. Accepting Warranty or Additional Liability. While redistributing
166 |       the Work or Derivative Works thereof, You may choose to offer,
167 |       and charge a fee for, acceptance of support, warranty, indemnity,
168 |       or other liability obligations and/or rights consistent with this
169 |       License. However, in accepting such obligations, You may act only
170 |       on Your own behalf and on Your sole responsibility, not on behalf
171 |       of any other Contributor, and only if You agree to indemnify,
172 |       defend, and hold each Contributor harmless for any liability
173 |       incurred by, or claims asserted against, such Contributor by reason
174 |       of your accepting any such warranty or additional liability.
175 | 
176 |    END OF TERMS AND CONDITIONS
177 | 
178 |    APPENDIX: How to apply the Apache License to your work.
179 | 
180 |       To apply the Apache License to your work, attach the following
181 |       boilerplate notice, with the fields enclosed by brackets "{}"
182 |       replaced with your own identifying information. (Don't include
183 |       the brackets!)  The text should be enclosed in the appropriate
184 |       comment syntax for the file format. We also recommend that a
185 |       file or class name and description of purpose be included on the
186 |       same "printed page" as the copyright notice for easier
187 |       identification within third-party archives.
188 | 
189 |    Copyright {yyyy} {name of copyright owner}
190 | 
191 |    Licensed under the Apache License, Version 2.0 (the "License");
192 |    you may not use this file except in compliance with the License.
193 |    You may obtain a copy of the License at
194 | 
195 |        http://www.apache.org/licenses/LICENSE-2.0
196 | 
197 |    Unless required by applicable law or agreed to in writing, software
198 |    distributed under the License is distributed on an "AS IS" BASIS,
199 |    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
200 |    See the License for the specific language governing permissions and
201 |    limitations under the License.
202 | 


--------------------------------------------------------------------------------
/Decoders/Common.cs:
--------------------------------------------------------------------------------
  1 | using System;
  2 | using System.Collections.Generic;
  3 | using System.Drawing;
  4 | using System.IO;
  5 | using System.Reflection;
  6 | using System.Runtime.InteropServices;
  7 | using System.Security.Cryptography;
  8 | using System.Runtime.CompilerServices;
  9 | using System.IO.Compression;
 10 | 
 11 | namespace NanocoreDecoder.Decoders
 12 | {
 13 |     class Common
 14 |     {
 15 | 
 16 | 
 17 | 
 18 |  
 19 | 
 20 | 
 21 |         private static ICryptoTransform DESDecryptor;
 22 | 
 23 | 
 24 |         private static List<object> objectlist = new List<object>();
 25 | 
 26 |         public static Dictionary<string, object> dictionary_1 = new Dictionary<string, object>(); //Dictionary holding the malware config
 27 | 
 28 | 
 29 |         public static Assembly SampleAssembly;//Our Nanocore sample
 30 |         public static Guid guid; //Guid of the Binary sample : used as KEY to decrypt the config
 31 |         private static string fname; //Sample full path
 32 | 
 33 | 
 34 | 
 35 | 
 36 |         [StructLayout(LayoutKind.Sequential)]
 37 |         public struct NanoStruct
 38 |         {
 39 |             public byte byte_0;
 40 |             public byte byte_1;
 41 |             public Guid guid_0;
 42 |             public object[] object_0;
 43 |         }
 44 | 
 45 | 
 46 |         public static Boolean Decoder(string filename)
 47 |         {
 48 | 
 49 |             fname = filename;
 50 | 
 51 |             //Load the assembly as reflection only, for security reasons
 52 |             SampleAssembly = Assembly.ReflectionOnlyLoadFrom(filename);
 53 | 
 54 |             //1) Try to read the config as an unmanaged resource (old Nanocore variants)
 55 |             byte[] buffer = Utilities.ResourceHelper.ReadWin32Res(filename);
 56 | 
 57 |             if (buffer == null)
 58 |             {
 59 |                 //Otherwise read the managed resource "Data.bin"
 60 |                 buffer = Utilities.ResourceHelper.GetDotnetResourceFromAssembly(SampleAssembly, "Data.bin");
 61 |             }
 62 |             
 63 | 
 64 |             if (buffer != null)
 65 |             {
 66 |                 return decodefinal(buffer);
 67 |             }
 68 | 
 69 |             return false;
 70 |         }
 71 | 
 72 | 
 73 |         /// <summary>
 74 |         /// Perform the actual config decryption
 75 |         /// </summary>
 76 |         /// <param name="buf"></param>
 77 |         /// <returns></returns>
 78 |         private static Boolean decodefinal(byte[] buf)
 79 |         {
 80 |             bool ret = false;
 81 |             byte[] decrypted_buffer;
 82 |             
 83 |             try
 84 |             {
 85 | 
 86 |                 int num = 0;
 87 |                 MemoryStream input = new MemoryStream(buf);
 88 |                 BinaryReader reader = new BinaryReader(input);
 89 |                 byte[] buffer2 = reader.ReadBytes(reader.ReadInt32());
 90 | 
 91 |                 guid = GetGuid(SampleAssembly);
 92 | 
 93 | 
 94 |                 decrypted_buffer = AESDecrypt(buffer2, guid);
 95 |                 DESInit(decrypted_buffer);
 96 | 
 97 |                 object[] sourceArray = smethod_2(reader.ReadBytes(reader.ReadInt32()));
 98 |                 object[] destinationArray = new object[(((int)sourceArray[num]) - 1) + 1];
 99 |                 num++;
100 |                 Array.Copy(sourceArray, num, destinationArray, 0, destinationArray.Length);
101 | 
102 |                 for (int i = 0; i < destinationArray.Length; i++)
103 |                 {
104 |                     //Write to disk binary files included in the config (most likely Nanocore assemblies "plugins")
105 |                     if (destinationArray[i] is Byte[])
106 |                     {
107 |                         string f = fname + "-" + i + ".bin";
108 |                         File.Delete(f);
109 |                         File.WriteAllBytes(f, (Byte[])destinationArray[i]);
110 |                     }
111 |                 }
112 | 
113 | 
114 |                 num += destinationArray.Length;
115 |                 object[] objArray3 = new object[(((int)sourceArray[num]) - 1) + 1];
116 |                 num++;
117 |                 Array.Copy(sourceArray, num, objArray3, 0, objArray3.Length);
118 |                 filldict(objArray3);
119 | 
120 |                 ret = true;
121 |             }
122 |             catch (Exception)
123 |             {
124 | 
125 |                 ret = false;
126 |             }
127 |             
128 |             return ret;
129 | 
130 |         }
131 | 
132 |         /// <summary>
133 |         /// Get Assembly GUID
134 |         /// </summary>
135 |         /// <param name="asm">Assembly</param>
136 |         /// <returns></returns>
137 |         private static Guid GetGuid(Assembly asm)
138 |         {
139 |             guid = new Guid();
140 |             var attributes = CustomAttributeData.GetCustomAttributes(asm);
141 | 
142 |             foreach (CustomAttributeData cad in attributes)
143 |             {
144 | 
145 |                 if (cad.AttributeType.Name == "GuidAttribute")
146 |                 {
147 |                     foreach (CustomAttributeTypedArgument cata in cad.ConstructorArguments)
148 |                     {
149 |                         guid = new Guid((String)cata.Value);
150 |                         break;
151 |                     }
152 | 
153 |                 }
154 |             }
155 |             return guid;
156 |         }
157 | 
158 |        
159 |         /// <summary>
160 |         /// Decrypt the byte array using the GUID ask key
161 |         /// </summary>
162 |         /// <param name="byte_3"></param>
163 |         /// <param name="guid_0"></param>
164 |         /// <returns></returns>
165 |         private static byte[] AESDecrypt(byte[] byte_3, Guid guid_0)
166 |         {
167 |             Rfc2898DeriveBytes bytes = new Rfc2898DeriveBytes(guid_0.ToByteArray(), guid_0.ToByteArray(), 8);
168 |             RijndaelManaged managed = new RijndaelManaged
169 |             {
170 |                 IV = bytes.GetBytes(0x10),
171 |                 Key = bytes.GetBytes(0x10)
172 |             };
173 |             return managed.CreateDecryptor().TransformFinalBlock(byte_3, 0, byte_3.Length);
174 |         }
175 |         
176 | 
177 |         /// <summary>
178 |         /// Fill our dictionary using the object list
179 |         /// </summary>
180 |         /// <param name="object_0"></param>
181 |         private static void filldict(object[] object_0)
182 |         {
183 |             int num2 = object_0.Length - 1;
184 |             for (int i = 0; i <= num2; i += 2)
185 |             {
186 |                 string key = (string)object_0[i];
187 |                 object objectValue = RuntimeHelpers.GetObjectValue(object_0[i + 1]);
188 |                 if (dictionary_1.ContainsKey(key))
189 |                 {
190 |                     dictionary_1[key] = RuntimeHelpers.GetObjectValue(objectValue);
191 |                 }
192 |                 else
193 |                 {
194 |                     dictionary_1.Add(key, RuntimeHelpers.GetObjectValue(objectValue));
195 |                 }
196 |             }
197 |         }
198 | 
199 | 
200 | 
201 |         private static void DESInit(byte[] byte_0)
202 |         {
203 |             DESCryptoServiceProvider provider = new DESCryptoServiceProvider
204 |             {
205 |                 BlockSize = 0x40,
206 |                 Key = byte_0,
207 |                 IV = byte_0
208 |             };
209 | 
210 |             DESDecryptor = provider.CreateDecryptor();
211 |         }
212 |         
213 | 
214 |         private static object[] smethod_2(byte[] byte_0)
215 |         {
216 |             return DESdecodestruct(byte_0).object_0;
217 |         }
218 | 
219 |         private static NanoStruct DESdecodestruct(byte[] byte_0)
220 |         {
221 |             NanoStruct struct3;
222 |             MemoryStream memoryStream_0 = new MemoryStream();
223 |             MemoryStream memoryStream_1 = new MemoryStream();
224 | 
225 |            BinaryReader binaryReader_0 = new BinaryReader(memoryStream_0);
226 |            BinaryWriter binaryWriter_0 = new BinaryWriter(memoryStream_1);
227 | 
228 | 
229 | 
230 |             byte_0 = DESDecryptor.TransformFinalBlock(byte_0, 0, byte_0.Length);
231 |             memoryStream_0 = new MemoryStream(byte_0);
232 |             binaryReader_0 = new BinaryReader(memoryStream_0);
233 |             if (binaryReader_0.ReadBoolean())
234 |             {
235 |                 int num = binaryReader_0.ReadInt32();
236 |                 DeflateStream stream = new DeflateStream(memoryStream_0, CompressionMode.Decompress, false);
237 |                 byte[] array = new byte[(num - 1) + 1];
238 |                 stream.Read(array, 0, array.Length);
239 |                 stream.Close();
240 |                 memoryStream_0 = new MemoryStream(array);
241 |                 binaryReader_0 = new BinaryReader(memoryStream_0);
242 |             }
243 |             NanoStruct struct2 = new NanoStruct
244 |             {
245 |                 byte_0 = binaryReader_0.ReadByte(),
246 |                 byte_1 = binaryReader_0.ReadByte()
247 |             };
248 |             if (binaryReader_0.ReadBoolean())
249 |             {
250 |                 struct2.guid_0 = new Guid(binaryReader_0.ReadBytes(0x10));
251 |             }
252 |             while (memoryStream_0.Position != memoryStream_0.Length)
253 |             {
254 |                 string[] strArray;
255 |                 int num3;
256 |                 int num4;
257 |                 switch (binaryReader_0.ReadByte())
258 |                 {
259 |                     case 0:
260 |                         {
261 |                             objectlist.Add(binaryReader_0.ReadBoolean());
262 |                             continue;
263 |                         }
264 |                     case 1:
265 |                         {
266 |                             objectlist.Add(binaryReader_0.ReadByte());
267 |                             continue;
268 |                         }
269 |                     case 2:
270 |                         {
271 |                             objectlist.Add(binaryReader_0.ReadBytes(binaryReader_0.ReadInt32()));
272 |                             continue;
273 |                         }
274 |                     case 3:
275 |                         {
276 |                             objectlist.Add(binaryReader_0.ReadChar());
277 |                             continue;
278 |                         }
279 |                     case 4:
280 |                         {
281 |                             objectlist.Add(binaryReader_0.ReadString().ToCharArray());
282 |                             continue;
283 |                         }
284 |                     case 5:
285 |                         {
286 |                             objectlist.Add(binaryReader_0.ReadDecimal());
287 |                             continue;
288 |                         }
289 |                     case 6:
290 |                         {
291 |                             objectlist.Add(binaryReader_0.ReadDouble());
292 |                             continue;
293 |                         }
294 |                     case 7:
295 |                         {
296 |                             objectlist.Add(binaryReader_0.ReadInt32());
297 |                             continue;
298 |                         }
299 |                     case 8:
300 |                         {
301 |                             objectlist.Add(binaryReader_0.ReadInt64());
302 |                             continue;
303 |                         }
304 |                     case 9:
305 |                         {
306 |                             objectlist.Add(binaryReader_0.ReadSByte());
307 |                             continue;
308 |                         }
309 |                     case 10:
310 |                         {
311 |                             objectlist.Add(binaryReader_0.ReadInt16());
312 |                             continue;
313 |                         }
314 |                     case 11:
315 |                         {
316 |                             objectlist.Add(binaryReader_0.ReadSingle());
317 |                             continue;
318 |                         }
319 |                     case 12:
320 |                         {
321 |                             objectlist.Add(binaryReader_0.ReadString());
322 |                             continue;
323 |                         }
324 |                     case 13:
325 |                         {
326 |                             objectlist.Add(binaryReader_0.ReadUInt32());
327 |                             continue;
328 |                         }
329 |                     case 14:
330 |                         {
331 |                             objectlist.Add(binaryReader_0.ReadUInt64());
332 |                             continue;
333 |                         }
334 |                     case 15:
335 |                         {
336 |                             objectlist.Add(binaryReader_0.ReadUInt16());
337 |                             continue;
338 |                         }
339 |                     case 0x10:
340 |                         {
341 |                             objectlist.Add(DateTime.FromBinary(binaryReader_0.ReadInt64()));
342 |                             continue;
343 |                         }
344 |                     case 0x11:
345 |                         strArray = new string[(binaryReader_0.ReadInt32() - 1) + 1];
346 |                         num3 = strArray.Length - 1;
347 |                         num4 = 0;
348 |                         goto Label_039A;
349 | 
350 |                     case 0x12:
351 |                         {
352 |                             Guid item = new Guid(binaryReader_0.ReadBytes(0x10));
353 |                             objectlist.Add(item);
354 |                             continue;
355 |                         }
356 |                     case 0x13:
357 |                         {
358 |                             Size size = new Size(binaryReader_0.ReadInt32(), binaryReader_0.ReadInt32());
359 |                             objectlist.Add(size);
360 |                             continue;
361 |                         }
362 |                     case 20:
363 |                         {
364 |                             Rectangle rectangle = new Rectangle(binaryReader_0.ReadInt32(), binaryReader_0.ReadInt32(), binaryReader_0.ReadInt32(), binaryReader_0.ReadInt32());
365 |                             objectlist.Add(rectangle);
366 |                             continue;
367 |                         }
368 |                     case 0x15:
369 |                         {
370 |                             objectlist.Add(new Version(binaryReader_0.ReadString()));
371 |                             continue;
372 |                         }
373 |                     default:
374 |                         {
375 |                             continue;
376 |                         }
377 |                 }
378 |             Label_0385:
379 |                 strArray[num4] = binaryReader_0.ReadString();
380 |                 num4++;
381 |             Label_039A:
382 |                 if (num4 <= num3)
383 |                 {
384 |                     goto Label_0385;
385 |                 }
386 |                 objectlist.Add(strArray);
387 |             }
388 |             struct2.object_0 = objectlist.ToArray();
389 |             struct3 = struct2;
390 |             objectlist.Clear();
391 |             binaryReader_0.Close();
392 | 
393 |             return struct3;
394 |         }
395 | 
396 | 
397 | 
398 | 
399 | 
400 | 
401 | 
402 | 
403 | 
404 | 
405 | 
406 |     }
407 | 
408 | }
409 | 
410 | 


--------------------------------------------------------------------------------