Moving all RE functionality to PowerShellArsenal

https://github.com/mattifestation/PowerShellArsenal

PowerSploit will now stay true to its roots of being a purely offensive
PowerShell module.

11 files changed, 0 insertions, 307 deletions

diff --git a/Capstone/Capstone.psd1 b/Capstone/Capstone.psd1
deleted file mode 100644
index d85443f..0000000
--- a/Capstone/Capstone.psd1
+++ /dev/null
@@ -1,48 +0,0 @@
-@{
-
-# Script module or binary module file associated with this manifest.
-ModuleToProcess = 'Capstone.psm1'
-
-# Version number of this module.
-ModuleVersion = '2.0.0.0'
-
-# ID used to uniquely identify this module
-GUID = 'bc335667-02fd-46c4-a3d9-0a5113c9c03b'
-
-# Author of this module
-Author = 'Matthew Graeber'
-
-# Copyright statement for this module
-Copyright = 'see LICENSE.TXT'
-
-# Description of the functionality provided by this module
-Description = 'Capstone Disassembly Framework Binding Module'
-
-# Minimum version of the Windows PowerShell engine required by this module
-PowerShellVersion = '3.0'
-
-# Minimum version of the common language runtime (CLR) required by this module
-CLRVersion = '4.0'
-
-# Assemblies that must be loaded prior to importing this module
-RequiredAssemblies = 'lib/capstone.dll'
-
-# Format files (.ps1xml) to be loaded when importing this module
-FormatsToProcess = 'Get-CSDisassembly.format.ps1xml'
-
-# Functions to export from this module
-FunctionsToExport = '*'
-
-# List of all modules packaged with this module.
-ModuleList = @(@{ModuleName = 'Capstone'; ModuleVersion = '1.0.0.0'; GUID = 'bc335667-02fd-46c4-a3d9-0a5113c9c03b'})
-
-# List of all files packaged with this module
-FileList = 'Capstone.psm1',
-           'Capstone.psd1',
-           'Get-CSDisassembly.format.ps1xml',
-           'LICENSE.TXT',
-           'README', 
-           'lib/capstone.dll',
-           'lib/x86/libcapstone.dll',
-           'lib/x64/libcapstone.dll'
-}
diff --git a/Capstone/Capstone.psm1 b/Capstone/Capstone.psm1
deleted file mode 100644
index 6507c54..0000000
--- a/Capstone/Capstone.psm1
+++ /dev/null
@@ -1,171 +0,0 @@
-function Get-CSDisassembly
-{
-<#
-.SYNOPSIS
-
-    Disassembles a byte array using the Capstone Engine disassembly framework.
-
-    PowerSploit Function: Get-CSDisassembly
-    Author: Matthew Graeber (@mattifestation)
-    License: See LICENSE.TXT
-    Required Dependencies: lib\capstone.dll, lib\[x86|x64]\libcapstone.dll
-    Optional Dependencies: None
-
-.DESCRIPTION
-
-    Get-CSDisassembly is compatible on 32 and 64-bit.
-
-.PARAMETER Architecture
-
-    Specifies the architecture of the code to be disassembled.
-
-.PARAMETER Mode
-
-    Specifies the mode in which to disassemble code. For example, to disassemble Amd64 code, architecture is set to 'X86' and Mode is set to 'MODE_64'.
-
-.PARAMETER Code
-
-    A byte array consisting of the code to be disassembled.
-
-.PARAMETER Offset
-
-    Specifies the starting address of the disassembly listing.
-
-.PARAMETER Count
-
-    Specifies the maximum number of instructions to disassemble.
-
-.PARAMETER Syntax
-
-    Specifies the syntax flavor to be used (INTEL vs. ATT).
-
-.PARAMETER DetailOn
-
-    Specifies that detailed parsing should be performed - i.e. provide detailed information for each disassembled instruction.
-
-.PARAMETER Verstion
-
-    Prints the running Capstone Framework version.
-      
-.EXAMPLE
-
-    $Bytes = [Byte[]] @( 0x8D, 0x4C, 0x32, 0x08, 0x01, 0xD8, 0x81, 0xC6, 0x34, 0x12, 0x00, 0x00 )
-    Get-CSDisassembly -Architecture X86 -Mode Mode16 -Code $Bytes -Offset 0x1000
-
-    $Bytes = [Byte[]] @( 0x8D, 0x4C, 0x32, 0x08, 0x01, 0xD8, 0x81, 0xC6, 0x34, 0x12, 0x00, 0x00 )
-    Get-CSDisassembly -Architecture X86 -Mode Mode32 -Code $Bytes
-
-    $Bytes = [Byte[]] @( 0x8D, 0x4C, 0x32, 0x08, 0x01, 0xD8, 0x81, 0xC6, 0x34, 0x12, 0x00, 0x00 )
-    Get-CSDisassembly -Architecture X86 -Mode Mode32 -Code $Bytes -Syntax ATT
-
-    $Bytes = [Byte[]] @( 0x55, 0x48, 0x8b, 0x05, 0xb8, 0x13, 0x00, 0x00 )
-    Get-CSDisassembly -Architecture X86 -Mode Mode64 -Code $Bytes -DetailOn
-
-    $Bytes = [Byte[]] @( 0xED, 0xFF, 0xFF, 0xEB, 0x04, 0xe0, 0x2d, 0xe5, 0x00, 0x00, 0x00, 0x00, 0xe0, 0x83, 0x22, 0xe5, 0xf1, 0x02, 0x03, 0x0e, 0x00, 0x00, 0xa0, 0xe3, 0x02, 0x30, 0xc1, 0xe7, 0x00, 0x00, 0x53, 0xe3 )
-    Get-CSDisassembly -Architecture Arm -Mode Arm -Code $Bytes
-
-    $Bytes = [Byte[]] @( 0x4f, 0xf0, 0x00, 0x01, 0xbd, 0xe8, 0x00, 0x88, 0xd1, 0xe8, 0x00, 0xf0 )
-    Get-CSDisassembly -Architecture Arm -Mode Thumb -Code $Bytes
-
-    $Bytes = [Byte[]] @( 0x10, 0xf1, 0x10, 0xe7, 0x11, 0xf2, 0x31, 0xe7, 0xdc, 0xa1, 0x2e, 0xf3, 0xe8, 0x4e, 0x62, 0xf3 )
-    Get-CSDisassembly -Architecture Arm -Mode Arm -Code $Bytes
-
-    $Bytes = [Byte[]] @( 0x70, 0x47, 0xeb, 0x46, 0x83, 0xb0, 0xc9, 0x68 )
-    Get-CSDisassembly -Architecture Arm -Mode Thumb -Code $Bytes -DetailOn
-
-    $Bytes = [Byte[]] @( 0x21, 0x7c, 0x02, 0x9b, 0x21, 0x7c, 0x00, 0x53, 0x00, 0x40, 0x21, 0x4b, 0xe1, 0x0b, 0x40, 0xb9 )
-    Get-CSDisassembly -Architecture Arm64 -Mode Arm -Code $Bytes
-
-    $Bytes = [Byte[]] @( 0x0C, 0x10, 0x00, 0x97, 0x00, 0x00, 0x00, 0x00, 0x24, 0x02, 0x00, 0x0c, 0x8f, 0xa2, 0x00, 0x00, 0x34, 0x21, 0x34, 0x56 )
-    Get-CSDisassembly -Architecture Mips -Mode 'Mode32, BigEndian' -Code $Bytes
-
-    $Bytes = [Byte[]] @( 0x56, 0x34, 0x21, 0x34, 0xc2, 0x17, 0x01, 0x00 )
-    Get-CSDisassembly -Architecture Mips -Mode 'Mode64, LittleEndian' -Code $Bytes
-
-    $Bytes = [Byte[]] @( 0x80, 0x20, 0x00, 0x00, 0x80, 0x3f, 0x00, 0x00, 0x10, 0x43, 0x23, 0x0e, 0xd0, 0x44, 0x00, 0x80, 0x4c, 0x43, 0x22, 0x02, 0x2d, 0x03, 0x00, 0x80, 0x7c, 0x43, 0x20, 0x14, 0x7c, 0x43, 0x20, 0x93, 0x4f, 0x20, 0x00, 0x21, 0x4c, 0xc8, 0x00, 0x21 )
-    Get-CSDisassembly -Architecture PPC -Mode BigEndian -Code $Bytes
-
-.INPUTS
-
-    None
-
-    You cannot pipe objects to Get-CSDisassembly.
-
-.OUTPUTS
-
-    Capstone.Instruction[]
-
-    Get-CSDisassembly returns an array of Instruction objects.
-#>
-
-    [OutputType([Capstone.Instruction])]
-    [CmdletBinding(DefaultParameterSetName = 'Disassemble')]
-    Param (
-        [Parameter(Mandatory, ParameterSetName = 'Disassemble')]
-        [Capstone.Architecture]
-        $Architecture,
-
-        [Parameter(Mandatory, ParameterSetName = 'Disassemble')]
-        [Capstone.Mode]
-        $Mode,
-
-        [Parameter(Mandatory, ParameterSetName = 'Disassemble')]
-        [ValidateNotNullOrEmpty()]
-        [Byte[]]
-        $Code,
-
-        [Parameter( ParameterSetName = 'Disassemble' )]
-        [UInt64]
-        $Offset = 0,
-
-        [Parameter( ParameterSetName = 'Disassemble' )]
-        [UInt32]
-        $Count = 0,
-
-        [Parameter( ParameterSetName = 'Disassemble' )]
-        [ValidateSet('Intel', 'ATT')]
-        [String]
-        $Syntax,
-
-        [Parameter( ParameterSetName = 'Disassemble' )]
-        [Switch]
-        $DetailOn,
-
-        [Parameter( ParameterSetName = 'Version' )]
-        [Switch]
-        $Version
-    )
-
-    if ($PsCmdlet.ParameterSetName -eq 'Version')
-    {
-        $Disassembly = New-Object Capstone.Capstone([Capstone.Architecture]::X86, [Capstone.Mode]::Mode16)
-        $Disassembly.Version
-
-        return
-    }
-
-    $Disassembly = New-Object Capstone.Capstone($Architecture, $Mode)
-
-    if ($Disassembly.Version -ne [Capstone.Capstone]::BindingVersion)
-    {
-        Write-Error "capstone.dll version ($([Capstone.Capstone]::BindingVersion.ToString())) should be the same as libcapstone.dll version. Otherwise, undefined behavior is likely."
-    }
-
-    if ($Syntax)
-    {
-        switch ($Syntax)
-        {
-            'Intel' { $SyntaxMode = [Capstone.OptionValue]::SyntaxIntel }
-            'ATT'   { $SyntaxMode = [Capstone.OptionValue]::SyntaxATT }
-        }
-
-        $Disassembly.SetSyntax($SyntaxMode)
-    }
-
-    if ($DetailOn)
-    {
-        $Disassembly.SetDetail($True)
-    }
-
-    $Disassembly.Disassemble($Code, $Offset, $Count)
-}
\ No newline at end of file
diff --git a/Capstone/Get-CSDisassembly.format.ps1xml b/Capstone/Get-CSDisassembly.format.ps1xml
deleted file mode 100644
index e9703a2..0000000
--- a/Capstone/Get-CSDisassembly.format.ps1xml
+++ /dev/null
@@ -1,41 +0,0 @@
-<?xml version="1.0" encoding="utf-8" ?>
-<Configuration>
-    <ViewDefinitions>
-        <View>
-            <Name>InstructionView</Name>
-                <ViewSelectedBy>
-		            <TypeName>Capstone.Instruction</TypeName>
-		        </ViewSelectedBy>
-            <TableControl>
-            <AutoSize/>
-                <TableHeaders>
-                    <TableColumnHeader>
-                        <Label>Address</Label>
-                    </TableColumnHeader>
-                    <TableColumnHeader>
-                        <Label>Mnemonic</Label>
-                    </TableColumnHeader>
-                    <TableColumnHeader>
-                        <Label>Operands</Label>
-                    </TableColumnHeader>
-                </TableHeaders>
-                <TableRowEntries>
-                    <TableRowEntry>
-                        <TableColumnItems>
-                            <TableColumnItem>
-                                <PropertyName>Address</PropertyName>
-                                <FormatString>0x{0:X8}</FormatString>
-                            </TableColumnItem>
-                            <TableColumnItem>
-                                <PropertyName>Mnemonic</PropertyName>
-                            </TableColumnItem>
-                            <TableColumnItem>
-                                <PropertyName>Operands</PropertyName>
-                            </TableColumnItem>
-                        </TableColumnItems>
-                    </TableRowEntry>
-                </TableRowEntries>
-            </TableControl>
-        </View>
-    </ViewDefinitions>
-</Configuration>
\ No newline at end of file
diff --git a/Capstone/LICENSE.TXT b/Capstone/LICENSE.TXT
deleted file mode 100644
index 9edde0b..0000000
--- a/Capstone/LICENSE.TXT
+++ /dev/null
@@ -1,30 +0,0 @@
-This is the software license for Capstone disassembly framework.
-Capstone has been designed & implemented by Nguyen Anh Quynh <aquynh@gmail.com>
-See http://www.capstone-engine.org for further information.
-
-Copyright (c) 2013, COSEINC.
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met:
-
-* Redistributions of source code must retain the above copyright notice,
-  this list of conditions and the following disclaimer.
-* Redistributions in binary form must reproduce the above copyright notice,
-  this list of conditions and the following disclaimer in the documentation
-  and/or other materials provided with the distribution.
-* Neither the name of the developer(s) nor the names of its
-  contributors may be used to endorse or promote products derived from this
-  software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
-AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
-LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-POSSIBILITY OF SUCH DAMAGE.
diff --git a/Capstone/README b/Capstone/README
deleted file mode 100644
index cbab0cb..0000000
--- a/Capstone/README
+++ /dev/null
@@ -1,17 +0,0 @@
-This module has three dependencies:
-* lib\x86\libcapstone.dll (the 32-bit unmanaged Capstone library)
-* lib\x64\libcapstone.dll (the 64-bit unmanaged Capstone library)
-* lib\capstone.dll (the managed C# bindings to the Capstone Framework)
-
-To install this module, drop the entire ScriptModification folder into one of your module directories. The default PowerShell module paths are listed in the $Env:PSModulePath environment variable.
-
-The default per-user module path is: "$Env:HomeDrive$Env:HOMEPATH\Documents\WindowsPowerShell\Modules"
-The default computer-level module path is: "$Env:windir\System32\WindowsPowerShell\v1.0\Modules"
-
-To use the module, type `Import-Module Capstone`
-
-To see the commands imported, type `Get-Command -Module Capstone`
-
-For help on each individual command, Get-Help is your friend.
-
-Note: The tools contained within this module were all designed such that they can be run individually. Including them in a module simply lends itself to increased portability.
\ No newline at end of file
diff --git a/Capstone/lib/capstone.dll b/Capstone/lib/capstone.dll
deleted file mode 100644
index 809932b..0000000
--- a/Capstone/lib/capstone.dll
+++ /dev/null
diff --git a/Capstone/lib/place_capstone.dll_here b/Capstone/lib/place_capstone.dll_here
deleted file mode 100644
index e69de29..0000000
--- a/Capstone/lib/place_capstone.dll_here
+++ /dev/null
diff --git a/Capstone/lib/x64/libcapstone.dll b/Capstone/lib/x64/libcapstone.dll
deleted file mode 100644
index 8d0a578..0000000
--- a/Capstone/lib/x64/libcapstone.dll
+++ /dev/null
diff --git a/Capstone/lib/x64/place_64-bit_libcapstone.dll_here b/Capstone/lib/x64/place_64-bit_libcapstone.dll_here
deleted file mode 100644
index e69de29..0000000
--- a/Capstone/lib/x64/place_64-bit_libcapstone.dll_here
+++ /dev/null
diff --git a/Capstone/lib/x86/libcapstone.dll b/Capstone/lib/x86/libcapstone.dll
deleted file mode 100644
index bb919a6..0000000
--- a/Capstone/lib/x86/libcapstone.dll
+++ /dev/null
diff --git a/Capstone/lib/x86/place_32-bit_libcapstone.dll_here b/Capstone/lib/x86/place_32-bit_libcapstone.dll_here
deleted file mode 100644
index e69de29..0000000
--- a/Capstone/lib/x86/place_32-bit_libcapstone.dll_here
+++ /dev/null