diff options
| author | Matt Graeber <mattgraeber@gmail.com> | 2015-12-14 11:02:14 -0800 |
|---|---|---|
| committer | Matt Graeber <mattgraeber@gmail.com> | 2015-12-14 11:02:14 -0800 |
| commit | 7f6d3a4565643e954970405817052f5cbe75836b (patch) | |
| tree | eb364377c4854c5bbab4223e68a04efee73caa72 | |
| parent | 93a71b037caa65fec2431fe54e93981fd3c2e655 (diff) | |
| download | PowerSploit-7f6d3a4565643e954970405817052f5cbe75836b.tar.gz PowerSploit-7f6d3a4565643e954970405817052f5cbe75836b.zip | |
Fix Invoke-Shellcode OS architecture detection
Fixes issue #70
| -rw-r--r-- | CodeExecution/Invoke-Shellcode.ps1 | 33 |
1 files changed, 23 insertions, 10 deletions
diff --git a/CodeExecution/Invoke-Shellcode.ps1 b/CodeExecution/Invoke-Shellcode.ps1 index 5ec681a..2879558 100644 --- a/CodeExecution/Invoke-Shellcode.ps1 +++ b/CodeExecution/Invoke-Shellcode.ps1 @@ -193,7 +193,7 @@ Warning: This script has no way to validate that your shellcode is 32 vs. 64-bit $IsWow64 = $false
- if ($64bitCPU) # Only perform theses checks if CPU is 64-bit
+ if ($64bitOS) # Only perform theses checks if CPU is 64-bit
{
# Determine if the process specified is 32 or 64 bit
$IsWow64Process.Invoke($hProcess, [Ref] $IsWow64) | Out-Null
@@ -376,16 +376,29 @@ Warning: This script has no way to validate that your shellcode is 32 vs. 64-bit # A valid pointer to IsWow64Process will be returned if CPU is 64-bit
$IsWow64ProcessAddr = Get-ProcAddress kernel32.dll IsWow64Process
- if ($IsWow64ProcessAddr)
- {
- $IsWow64ProcessDelegate = Get-DelegateType @([IntPtr], [Bool].MakeByRefType()) ([Bool])
- $IsWow64Process = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($IsWow64ProcessAddr, $IsWow64ProcessDelegate)
-
- $64bitCPU = $true
+ $AddressWidth = $null
+
+ try {
+ $AddressWidth = @(Get-WmiObject -Query 'SELECT AddressWidth FROM Win32_Processor')[0] | Select-Object -ExpandProperty AddressWidth
+ } catch {
+ throw 'Unable to determine OS processor address width.'
}
- else
- {
- $64bitCPU = $false
+
+ switch ($AddressWidth) {
+ '32' {
+ $64bitOS = $False
+ }
+
+ '64' {
+ $64bitOS = $True
+
+ $IsWow64ProcessDelegate = Get-DelegateType @([IntPtr], [Bool].MakeByRefType()) ([Bool])
+ $IsWow64Process = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($IsWow64ProcessAddr, $IsWow64ProcessDelegate)
+ }
+
+ default {
+ throw 'Invalid OS address width detected.'
+ }
}
if ([IntPtr]::Size -eq 4)
|