diff options
| author | clymb3r <bialek.joseph@gmail.com> | 2014-04-16 21:02:50 -0700 |
|---|---|---|
| committer | clymb3r <bialek.joseph@gmail.com> | 2014-04-16 21:02:50 -0700 |
| commit | b783b459c12112509a733253df9f5935e104200c (patch) | |
| tree | e58bce1f7d2f2584d1426262cc609f153d774e51 /ReverseEngineering/Get-Entropy.ps1 | |
| parent | 47b90647c11cb4956c735cfa47628dc7dcb03bb6 (diff) | |
| parent | 946328cf9e6d6c60eca2bb9d71a38e210c1c3b6c (diff) | |
| download | PowerSploit-b783b459c12112509a733253df9f5935e104200c.tar.gz PowerSploit-b783b459c12112509a733253df9f5935e104200c.zip | |
Merge branch 'master' of https://github.com/mattifestation/PowerSploit
Conflicts:
Recon/Get-ComputerDetails.ps1
Recon/Recon.psd1
Diffstat (limited to 'ReverseEngineering/Get-Entropy.ps1')
| -rw-r--r-- | ReverseEngineering/Get-Entropy.ps1 | 106 |
1 files changed, 106 insertions, 0 deletions
diff --git a/ReverseEngineering/Get-Entropy.ps1 b/ReverseEngineering/Get-Entropy.ps1 new file mode 100644 index 0000000..42e5d28 --- /dev/null +++ b/ReverseEngineering/Get-Entropy.ps1 @@ -0,0 +1,106 @@ +function Get-Entropy +{ +<# +.SYNOPSIS + + Calculates the entropy of a file or byte array. + + PowerSploit Function: Get-Entropy + Author: Matthew Graeber (@mattifestation) + License: BSD 3-Clause + Required Dependencies: None + Optional Dependencies: None + +.PARAMETER ByteArray + + Specifies the byte array containing the data from which entropy will be calculated. + +.PARAMETER FilePath + + Specifies the path to the input file from which entropy will be calculated. + +.EXAMPLE + + C:\PS>Get-Entropy -FilePath C:\Windows\System32\kernel32.dll + +.EXAMPLE + + C:\PS>ls C:\Windows\System32\*.dll | % { Get-Entropy -FilePath $_ } + +.EXAMPLE + + C:\PS>$RandArray = New-Object Byte[](10000) + C:\PS>foreach ($Offset in 0..9999) { $RandArray[$Offset] = [Byte] (Get-Random -Min 0 -Max 256) } + C:\PS>$RandArray | Get-Entropy + + Description + ----------- + Calculates the entropy of a large array containing random bytes. + +.EXAMPLE + + C:\PS> 0..255 | Get-Entropy + + Description + ----------- + Calculates the entropy of 0-255. This should equal exactly 8. + +.OUTPUTS + + System.Double + + Get-Entropy outputs a double representing the entropy of the byte array. + +.LINK + + http://www.exploit-monday.com +#> + + [CmdletBinding()] Param ( + [Parameter(Mandatory = $True, Position = 0, ValueFromPipeline = $True, ParameterSetName = 'Bytes')] + [ValidateNotNullOrEmpty()] + [Byte[]] + $ByteArray, + + [Parameter(Mandatory = $True, Position = 0, ParameterSetName = 'File')] + [ValidateNotNullOrEmpty()] + [IO.FileInfo] + $FilePath + ) + + BEGIN + { + $FrequencyTable = @{} + $ByteArrayLength = 0 + } + + PROCESS + { + if ($PsCmdlet.ParameterSetName -eq 'File') + { + $ByteArray = [IO.File]::ReadAllBytes($FilePath.FullName) + } + + foreach ($Byte in $ByteArray) + { + $FrequencyTable[$Byte]++ + $ByteArrayLength++ + } + } + + END + { + $Entropy = 0.0 + + foreach ($Byte in 0..255) + { + $ByteProbability = ([Double] $FrequencyTable[[Byte]$Byte]) / $ByteArrayLength + if ($ByteProbability -gt 0) + { + $Entropy += -$ByteProbability * [Math]::Log($ByteProbability, 2) + } + } + + Write-Output $Entropy + } +}
\ No newline at end of file |