diff options
| author | PowerShellMafia <PowerShellMafia@users.noreply.github.com> | 2015-12-18 16:33:59 -0800 |
|---|---|---|
| committer | PowerShellMafia <PowerShellMafia@users.noreply.github.com> | 2015-12-18 16:33:59 -0800 |
| commit | 9e771d15bf19ab3c2ac196393c088ecdab6c9a73 (patch) | |
| tree | 58927893ecb9289ad1de64d3a67eb58d00e4b762 /CodeExecution/Invoke-DllInjection.ps1 | |
| parent | 9f78286ea7b0ec65d2aa09893a076864dd8d14e9 (diff) | |
| parent | 9f183e36518176c4299eed5c68b7deac7f4e8025 (diff) | |
| download | PowerSploit-3.0.0.tar.gz PowerSploit-3.0.0.zip | |
Merge pull request #102 from PowerShellMafia/devv3.0.0
Merge 3.0 release changes
Diffstat (limited to 'CodeExecution/Invoke-DllInjection.ps1')
| -rw-r--r-- | CodeExecution/Invoke-DllInjection.ps1 | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/CodeExecution/Invoke-DllInjection.ps1 b/CodeExecution/Invoke-DllInjection.ps1 index 2d2019d..369d606 100644 --- a/CodeExecution/Invoke-DllInjection.ps1 +++ b/CodeExecution/Invoke-DllInjection.ps1 @@ -224,12 +224,10 @@ http://www.exploit-monday.com $PowerShell32bit = $False
}
- $OSArchitecture = (Get-WmiObject Win32_OperatingSystem).OSArchitecture
-
- switch ($OSArchitecture)
- {
- '32-bit' { $64bitOS = $False }
- '64-bit' { $64bitOS = $True }
+ if (${Env:ProgramFiles(x86)}) {
+ $64bitOS = $True
+ } else {
+ $64bitOS = $False
}
# The address for IsWow64Process will be returned if and only if running on a 64-bit CPU. Otherwise, Get-ProcAddress will return $null.
@@ -315,9 +313,11 @@ http://www.exploit-monday.com # Close process handle
$CloseHandle.Invoke($hProcess) | Out-Null
+ Start-Sleep -Seconds 2
+
# Extract just the filename from the provided path to the dll.
- $FileName = Split-Path $Dll -Leaf
- $DllInfo = (Get-Process -Id $ProcessID).Modules | ? { $_.FileName.Contains($FileName) }
+ $FileName = (Split-Path $Dll -Leaf).ToLower()
+ $DllInfo = (Get-Process -Id $ProcessID).Modules | ? { $_.FileName.ToLower().Contains($FileName) }
if (!$DllInfo)
{
|