1 files changed, 106 insertions, 0 deletions

diff --git a/ReverseEngineering/Get-Entropy.ps1 b/ReverseEngineering/Get-Entropy.ps1
new file mode 100644
index 0000000..42e5d28
--- /dev/null
+++ b/ReverseEngineering/Get-Entropy.ps1
@@ -0,0 +1,106 @@
+function Get-Entropy
+{
+<#
+.SYNOPSIS
+
+    Calculates the entropy of a file or byte array.
+
+    PowerSploit Function: Get-Entropy
+    Author: Matthew Graeber (@mattifestation)
+    License: BSD 3-Clause
+    Required Dependencies: None
+    Optional Dependencies: None
+
+.PARAMETER ByteArray
+
+    Specifies the byte array containing the data from which entropy will be calculated.
+
+.PARAMETER FilePath
+
+    Specifies the path to the input file from which entropy will be calculated.
+
+.EXAMPLE
+
+    C:\PS>Get-Entropy -FilePath C:\Windows\System32\kernel32.dll
+
+.EXAMPLE
+
+    C:\PS>ls C:\Windows\System32\*.dll | % { Get-Entropy -FilePath $_ }
+
+.EXAMPLE
+
+    C:\PS>$RandArray = New-Object Byte[](10000)
+    C:\PS>foreach ($Offset in 0..9999) { $RandArray[$Offset] = [Byte] (Get-Random -Min 0 -Max 256) }
+    C:\PS>$RandArray | Get-Entropy
+
+    Description
+    -----------
+    Calculates the entropy of a large array containing random bytes.
+
+.EXAMPLE
+
+    C:\PS> 0..255 | Get-Entropy
+
+    Description
+    -----------
+    Calculates the entropy of 0-255. This should equal exactly 8.
+
+.OUTPUTS
+
+    System.Double
+
+    Get-Entropy outputs a double representing the entropy of the byte array.
+
+.LINK
+
+    http://www.exploit-monday.com
+#>
+
+    [CmdletBinding()] Param (
+        [Parameter(Mandatory = $True, Position = 0, ValueFromPipeline = $True, ParameterSetName = 'Bytes')]
+        [ValidateNotNullOrEmpty()]
+        [Byte[]]
+        $ByteArray,
+
+        [Parameter(Mandatory = $True, Position = 0, ParameterSetName = 'File')]
+        [ValidateNotNullOrEmpty()]
+        [IO.FileInfo]
+        $FilePath
+    )
+
+    BEGIN
+    {
+        $FrequencyTable = @{}
+        $ByteArrayLength = 0
+    }
+
+    PROCESS
+    {
+        if ($PsCmdlet.ParameterSetName -eq 'File')
+        {
+            $ByteArray = [IO.File]::ReadAllBytes($FilePath.FullName)
+        }
+
+        foreach ($Byte in $ByteArray)
+        {
+            $FrequencyTable[$Byte]++
+            $ByteArrayLength++
+        }
+    }
+
+    END
+    {
+        $Entropy = 0.0
+
+        foreach ($Byte in 0..255)
+        {
+            $ByteProbability = ([Double] $FrequencyTable[[Byte]$Byte]) / $ByteArrayLength
+            if ($ByteProbability -gt 0)
+            {
+                $Entropy += -$ByteProbability * [Math]::Log($ByteProbability, 2)
+            }
+        }
+
+        Write-Output $Entropy
+    }
+}
\ No newline at end of file