diff options
| author | bitform <matt@exploit-monday.com> | 2012-12-30 10:01:43 -0500 |
|---|---|---|
| committer | bitform <matt@exploit-monday.com> | 2012-12-30 10:01:43 -0500 |
| commit | d2d6ee1409f5b31de8aa7d44598baacb115a3214 (patch) | |
| tree | 241a94c0baa505c519afa11213a96807d304140b | |
| parent | ca3e55ff582e08126a381b9d8ca62327c6b98998 (diff) | |
| download | PowerSploit-d2d6ee1409f5b31de8aa7d44598baacb115a3214.tar.gz PowerSploit-d2d6ee1409f5b31de8aa7d44598baacb115a3214.zip | |
Fixed several bugs in Get-KernelModuleInfo
* The script now silently continues if the ps1xml file is not present.
* Removed compiler parameter code. This was a remnant of the first
version of Get-KernelModuleInfo when it compiled code.
* Improved the heuristics for determining when the last kernel module is
encountered.
| -rw-r--r-- | RE_Tools/Get-KernelModuleInfo.ps1 | 11 |
1 files changed, 3 insertions, 8 deletions
diff --git a/RE_Tools/Get-KernelModuleInfo.ps1 b/RE_Tools/Get-KernelModuleInfo.ps1 index 3883157..0d9f367 100644 --- a/RE_Tools/Get-KernelModuleInfo.ps1 +++ b/RE_Tools/Get-KernelModuleInfo.ps1 @@ -47,9 +47,9 @@ http://www.exploit-monday.com/ #>
# Load custom object formatting views
- $FormatPath = Join-Path $PSScriptRoot Get-KernelModuleInfo.format.ps1xml
+ $FormatPath = try { Join-Path $PSScriptRoot Get-KernelModuleInfo.format.ps1xml } catch {}
# Don't load format ps1xml if it doesn't live in the same folder as this script
- if (Test-Path $FormatPath)
+ if ($FormatPath -and (Test-Path $FormatPath))
{
Update-FormatData -PrependPath (Join-Path $PSScriptRoot Get-KernelModuleInfo.format.ps1xml)
}
@@ -173,11 +173,6 @@ http://www.exploit-monday.com/ $NtQuerySystemInformationDelegate = Get-DelegateType @([UInt32], [IntPtr], [UInt32], [UInt32].MakeByRefType()) ([Int32])
$NtQuerySystemInformation = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($NtQuerySystemInformationAddr, $NtQuerySystemInformationDelegate)
- $CompilerParams = New-Object System.CodeDom.Compiler.CompilerParameters
- $CompilerParams.ReferencedAssemblies.AddRange(@("System.dll", [PsObject].Assembly.Location))
- $CompilerParams.GenerateInMemory = $True
- try { Add-Type -TypeDefinition $PinvokeCode -CompilerParameters $CompilerParams -PassThru | Out-Null } catch {}
-
# $TotalLength represents the total size of the returned structures. This will be used to allocate sufficient memory to store each returned structure.
$TotalLength = 0
@@ -216,7 +211,7 @@ http://www.exploit-monday.com/ # Cast the next struct in memory to type _SYSTEM_MODULE[32|64]
$SystemModule = [Runtime.InteropServices.Marshal]::PtrToStructure($PtrModule, [Type] $SystemModuleType)
- if ($SystemModule.NameOffset -ne 0)
+ if ($SystemModule.NameOffset -ne 0 -and $SystemModule.ImageSize -ne 0)
{
$ModuleInfo = @{
ImageBaseAddress = $SystemModule.ImageBaseAddress
|