diff options
| author | clymb3r <bialek.joseph@gmail.com> | 2014-04-16 21:02:50 -0700 |
|---|---|---|
| committer | clymb3r <bialek.joseph@gmail.com> | 2014-04-16 21:02:50 -0700 |
| commit | b783b459c12112509a733253df9f5935e104200c (patch) | |
| tree | e58bce1f7d2f2584d1426262cc609f153d774e51 /ReverseEngineering/Get-ILDisassembly.ps1 | |
| parent | 47b90647c11cb4956c735cfa47628dc7dcb03bb6 (diff) | |
| parent | 946328cf9e6d6c60eca2bb9d71a38e210c1c3b6c (diff) | |
| download | PowerSploit-b783b459c12112509a733253df9f5935e104200c.tar.gz PowerSploit-b783b459c12112509a733253df9f5935e104200c.zip | |
Merge branch 'master' of https://github.com/mattifestation/PowerSploit
Conflicts:
Recon/Get-ComputerDetails.ps1
Recon/Recon.psd1
Diffstat (limited to 'ReverseEngineering/Get-ILDisassembly.ps1')
| -rw-r--r-- | ReverseEngineering/Get-ILDisassembly.ps1 | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/ReverseEngineering/Get-ILDisassembly.ps1 b/ReverseEngineering/Get-ILDisassembly.ps1 index 645dc39..6948919 100644 --- a/ReverseEngineering/Get-ILDisassembly.ps1 +++ b/ReverseEngineering/Get-ILDisassembly.ps1 @@ -68,9 +68,9 @@ Disassembles the System.Array.BinarySearch(Array, Object) method .INPUTS
-System.Reflection.MethodInfo
+System.Reflection.MethodInfo, System.Reflection.ConstructorInfo
-The method description containing the raw IL bytecodes.
+A method or constructor description containing the raw IL bytecodes.
.OUTPUTS
@@ -88,7 +88,8 @@ http://www.ecma-international.org/publications/files/ECMA-ST/Ecma-335.pdf Param (
[Parameter(Mandatory = $True, ValueFromPipeline = $True)]
- [System.Reflection.MethodInfo]
+ [ValidateScript({$_ -is [Reflection.MethodInfo] -or $_ -is [Reflection.ConstructorInfo]})]
+ [Object]
$MethodInfo
)
@@ -131,6 +132,7 @@ http://www.ecma-international.org/publications/files/ECMA-ST/Ecma-335.pdf $Type = $Op.OperandType
$Operand = $null
+ $OpInt = $null
if ($Type -eq 'InlineNone') {
$OperandLength = 0
@@ -191,13 +193,14 @@ http://www.ecma-international.org/publications/files/ECMA-ST/Ecma-335.pdf if (($OperandLength -gt 0) -and ($OperandLength -ne 4) -and ($Type -ne 'InlineSwitch') -and ($Type -ne 'ShortInlineBrTarget')) {
# Simply print the hex for all operands with immediate values
- $Operand = "0x{0}" -f (($IL[$Position..($Position+$OperandLength-1)] | ForEach-Object { $_.ToString('X2') }) -join '')
+ $Operand = "0x{0}" -f (($IL[($Position+$OperandLength-1)..$Position] | ForEach-Object { $_.ToString('X2') }) -join '')
}
$Instruction = @{
Position = $InstructionPostion
- Instruction = $Op.Name
+ Instruction = $Op
Operand = $Operand
+ MetadataToken = $OpInt
}
# Return a custom object containing a position, instruction, and fully-qualified operand
@@ -209,4 +212,4 @@ http://www.ecma-international.org/publications/files/ECMA-ST/Ecma-335.pdf # Adjust the position in the opcode array accordingly
$Position += $OperandLength
}
-}
\ No newline at end of file +}
|