diff options
| -rw-r--r-- | ReverseEngineering/Get-NtSystemInformation.ps1 | 6 | ||||
| -rw-r--r-- | ReverseEngineering/Get-StructFromMemory.ps1 | 6 |
2 files changed, 6 insertions, 6 deletions
diff --git a/ReverseEngineering/Get-NtSystemInformation.ps1 b/ReverseEngineering/Get-NtSystemInformation.ps1 index b571ac0..bb0871a 100644 --- a/ReverseEngineering/Get-NtSystemInformation.ps1 +++ b/ReverseEngineering/Get-NtSystemInformation.ps1 @@ -633,7 +633,7 @@ foreach ($i in 0..($Count-1)) { - [Runtime.InteropServices.Marshal]::PtrToStructure($StructAddress, $StructType) + [Runtime.InteropServices.Marshal]::PtrToStructure($StructAddress, [Type] $StructType) $StructAddress = ([IntPtr]($StructAddress.ToInt64() + $StructSize)) } @@ -958,7 +958,7 @@ # Base address of the _SYSTEM_OBJECTTYPE_INFORMATION struct $ObjectTypeAbsoluteAddress = [IntPtr]($PtrData.ToInt64() + $NextTypeOffset) - $Result = [Runtime.InteropServices.Marshal]::PtrToStructure($ObjectTypeAbsoluteAddress, $ObjectTypeClass) + $Result = [Runtime.InteropServices.Marshal]::PtrToStructure($ObjectTypeAbsoluteAddress, [Type] $ObjectTypeClass) if ($Result.NumberOfObjects -gt 0) { @@ -970,7 +970,7 @@ do { - $ObjectResult = [Runtime.InteropServices.Marshal]::PtrToStructure(( [IntPtr]($ObjectBaseAddr.ToInt64() + $NextObjectOffset) ), $ObjectClass) + $ObjectResult = [Runtime.InteropServices.Marshal]::PtrToStructure(( [IntPtr]($ObjectBaseAddr.ToInt64() + $NextObjectOffset) ), [Type] $ObjectClass) $ResultHashTable2 = @{ Object = $ObjectResult.Object diff --git a/ReverseEngineering/Get-StructFromMemory.ps1 b/ReverseEngineering/Get-StructFromMemory.ps1 index ccf6d5b..c32c190 100644 --- a/ReverseEngineering/Get-StructFromMemory.ps1 +++ b/ReverseEngineering/Get-StructFromMemory.ps1 @@ -131,7 +131,7 @@ http://www.exploit-monday.com $MemoryBasicInformation = [Activator]::CreateInstance($MEMORY_BASIC_INFORMATION)
# Confirm you can actually read the address you're interested in
- $NativeUtils::VirtualQueryEx($Handle, $MemoryAddress, [Ref] $MemoryBasicInformation, [Runtime.InteropServices.Marshal]::SizeOf($MEMORY_BASIC_INFORMATION)) | Out-Null
+ $NativeUtils::VirtualQueryEx($Handle, $MemoryAddress, [Ref] $MemoryBasicInformation, [Runtime.InteropServices.Marshal]::SizeOf([Type] $MEMORY_BASIC_INFORMATION)) | Out-Null
$PAGE_EXECUTE_READ = 0x20
$PAGE_EXECUTE_READWRITE = 0x40
@@ -154,7 +154,7 @@ http://www.exploit-monday.com throw 'The address specified does not have read access.'
}
- $StructSize = [Runtime.InteropServices.Marshal]::SizeOf($StructType)
+ $StructSize = [Runtime.InteropServices.Marshal]::SizeOf([Type] $StructType)
$EndOfAllocation = $AllocationBase + $RegionSize
$EndOfStruct = $MemoryAddress.ToInt64() + $StructSize
@@ -194,7 +194,7 @@ http://www.exploit-monday.com Write-Verbose "Struct Size: $StructSize"
Write-Verbose "Bytes read: $BytesRead"
- $ParsedStruct = [Runtime.InteropServices.Marshal]::PtrToStructure($LocalStructPtr, $StructType)
+ $ParsedStruct = [Runtime.InteropServices.Marshal]::PtrToStructure($LocalStructPtr, [Type] $StructType)
[Runtime.InteropServices.Marshal]::FreeHGlobal($LocalStructPtr)
$SafeHandle.Close()
|