diff options
Diffstat (limited to 'CodeExecution/Invoke-DllInjection.ps1')
| -rw-r--r-- | CodeExecution/Invoke-DllInjection.ps1 | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/CodeExecution/Invoke-DllInjection.ps1 b/CodeExecution/Invoke-DllInjection.ps1 index 2d2019d..369d606 100644 --- a/CodeExecution/Invoke-DllInjection.ps1 +++ b/CodeExecution/Invoke-DllInjection.ps1 @@ -224,12 +224,10 @@ http://www.exploit-monday.com $PowerShell32bit = $False
}
- $OSArchitecture = (Get-WmiObject Win32_OperatingSystem).OSArchitecture
-
- switch ($OSArchitecture)
- {
- '32-bit' { $64bitOS = $False }
- '64-bit' { $64bitOS = $True }
+ if (${Env:ProgramFiles(x86)}) {
+ $64bitOS = $True
+ } else {
+ $64bitOS = $False
}
# The address for IsWow64Process will be returned if and only if running on a 64-bit CPU. Otherwise, Get-ProcAddress will return $null.
@@ -315,9 +313,11 @@ http://www.exploit-monday.com # Close process handle
$CloseHandle.Invoke($hProcess) | Out-Null
+ Start-Sleep -Seconds 2
+
# Extract just the filename from the provided path to the dll.
- $FileName = Split-Path $Dll -Leaf
- $DllInfo = (Get-Process -Id $ProcessID).Modules | ? { $_.FileName.Contains($FileName) }
+ $FileName = (Split-Path $Dll -Leaf).ToLower()
+ $DllInfo = (Get-Process -Id $ProcessID).Modules | ? { $_.FileName.ToLower().Contains($FileName) }
if (!$DllInfo)
{
|