Skip to content
Snippets Groups Projects
Commit 2d8bee32 authored by FuzzySecurity's avatar FuzzySecurity
Browse files

PowerShell.Binding-Rework 

Rework based on project requirements
parent 2fdfb806
No related branches found
No related tags found
No related merge requests found
Expand all Hide whitespace changes
Inline Side-by-side
bindings/powershell/Invoke-Keystone.ps1
+ 23
136
View file @ 2d8bee32
This diff is collapsed.
bindings/powershell/Out-UnmanagedDll.ps1 deleted 100644 → 0
+ 0
58
View file @ 2fdfb806
function Out-UnmanagedDll
{
[CmdletBinding()] Param (
[Parameter(Mandatory = $True)]
[String]
$FilePath
)
$Path = Resolve-Path $FilePath
if (! [IO.File]::Exists($Path))
{
Throw "$Path does not exist."
}
$FileBytes = [System.IO.File]::ReadAllBytes($Path)
if (($FileBytes[0..1] | % {[Char]$_}) -join '' -cne 'MZ')
{
Throw "$Path is not a valid executable."
}
# Encode
$Length = $FileBytes.Length
$CompressedStream = New-Object IO.MemoryStream
$DeflateStream = New-Object IO.Compression.DeflateStream ($CompressedStream, [IO.Compression.CompressionMode]::Compress)
$DeflateStream.Write($FileBytes, 0, $FileBytes.Length)
$DeflateStream.Dispose()
$CompressedFileBytes = $CompressedStream.ToArray()
$CompressedStream.Dispose()
$EncodedCompressedFile = [Convert]::ToBase64String($CompressedFileBytes)
# Decode
$Output = @"
`$EncodedCompressedFile = @'
$EncodedCompressedFile
'@
`$Stream = new-object -TypeName System.IO.MemoryStream
`$DeflateStream = New-Object IO.Compression.DeflateStream([IO.MemoryStream][Convert]::FromBase64String(`$EncodedCompressedFile),[IO.Compression.CompressionMode]::Decompress)
`$buffer = New-Object Byte[]($Length)
`$count = 0
do
{
`$count = `$DeflateStream.Read(`$buffer, 0, 1024)
if (`$count -gt 0)
{
`$Stream.Write(`$buffer, 0, `$count)
}
}
While (`$count -gt 0)
`$array = `$stream.ToArray()
`$DeflateStream.Close()
`$Stream.Close()
Set-Content -value `$array -encoding byte -path `$DllPath
"@
Write-Output $Output
}
\ No newline at end of file
bindings/powershell/README
+ 13
11
View file @ 2d8bee32
Usage Usage
Invoke-Keystone is ready for use, there are two options to access the keystone Invoke-Keystone requires an architecture appropriate (x32/64) compiled Keystone DLL.
library from PowerShell: A pre-compiled version can be found on the Keystone download page at the following
URL:
* http://www.keystone-engine.org/download/
Once downloaded, the DLL should be placed in a directory which is part of the SafeDllSearchMode search order. In practice, any folder which is part of the Windows PATH environment variable will work.
The Invoke-Keystone function itself can be initialized using one of the following methods:
* Script dot sourcing: * Script dot sourcing:
...@@ -17,13 +24,8 @@ library from PowerShell: ...@@ -17,13 +24,8 @@ library from PowerShell:
Notes Notes
* Invoke-Keystone drops the Keystone DLL, x32/64 respectively, to the user's The Keystone engine requires the Visual C++ Redistributable Packages for Visual
temporary folder the first time it runs. Further runs will use this cached DLL. Studio 2013. The architecture relevant installer can be downloaded at the following
URL:
* The "Out-UnmanagedDll" script can be used to generate a compressed DLL which
allows for easy integration with Invoke-Keystone. This script is based on
@mattifestation’s post here
http://www.exploit-monday.com/2012/12/in-memory-dll-loading.html.
# Redirect script output to file * https://www.microsoft.com/en-gb/download/confirmation.aspx?id=40784
PS C:\> Out-UnmanagedDll -FilePath C:\Some\Path\keystone.dll \ No newline at end of file
\ No newline at end of file
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment