Gh0st
/
PowerSploit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed x86 bug in Get-MethodAddress 

Get-MethodAddress was not working correctly in 32-bit PowerShell because
it was returning a [UInt64] value when it should have been a [UInt32].
This fix will detect if PowerShell is running as 32 or 64-bit and define
its return type accordingly.
This commit is contained in:
Matt Graeber 2013-04-05 11:04:48 -04:00
parent 577be2fea5
commit 1e79c0f793
1 changed files with 119 additions and 110 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
ReverseEngineering/Get-MethodAddress.ps1
View File

@ -79,6 +79,15 @@ http://www.exploit-monday.com/2012/11/Get-MethodAddress.html
Write-Warning "$($MethodInfo.Name) is an InternalCall method. These methods always point to the same address." Write-Warning "$($MethodInfo.Name) is an InternalCall method. These methods always point to the same address."
} }
if ([IntPtr]::Size -eq 4)
{
$ReturnType = [UInt32]
}
else
{
$ReturnType = [UInt64]
}
$Domain = [AppDomain]::CurrentDomain $Domain = [AppDomain]::CurrentDomain
$DynAssembly = New-Object System.Reflection.AssemblyName('MethodLeakAssembly') $DynAssembly = New-Object System.Reflection.AssemblyName('MethodLeakAssembly')
# Assemble in memory # Assemble in memory
@ -86,7 +95,7 @@ http://www.exploit-monday.com/2012/11/Get-MethodAddress.html
$ModuleBuilder = $AssemblyBuilder.DefineDynamicModule('MethodLeakModule') $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule('MethodLeakModule')
$TypeBuilder = $ModuleBuilder.DefineType('MethodLeaker', [System.Reflection.TypeAttributes]::Public) $TypeBuilder = $ModuleBuilder.DefineType('MethodLeaker', [System.Reflection.TypeAttributes]::Public)
# Declaration of the LeakMethod method # Declaration of the LeakMethod method
$MethodBuilder = $TypeBuilder.DefineMethod('LeakMethod', [System.Reflection.MethodAttributes]::Public -bOr [System.Reflection.MethodAttributes]::Static, [UInt64], $null) $MethodBuilder = $TypeBuilder.DefineMethod('LeakMethod', [System.Reflection.MethodAttributes]::Public -bOr [System.Reflection.MethodAttributes]::Static, $ReturnType, $null)
$Generator = $MethodBuilder.GetILGenerator() $Generator = $MethodBuilder.GetILGenerator()
# Push unmanaged pointer to MethodInfo onto the evaluation stack # Push unmanaged pointer to MethodInfo onto the evaluation stack