aboutsummaryrefslogtreecommitdiff
path: root/CodeExecution/Invoke-ReflectivePEInjection.ps1
AgeCommit message (Collapse)AuthorFilesLines
2016-12-14For ./CodeExecution/ :HarmJ0y1-2626/+2609
-PSScriptAnalyzering -Tweaking of synopsis blocks in order to support platyPS -Code standardization -Generated docs
2016-05-29Fixed FreeLibrary function signature #146Matt Graeber1-1/+1
The parameter type and return types were accidentally transposed. Thanks @rojaster for pointing this out.
2015-12-16Removed all version numbers from scriptsMatt Graeber1-4/+1
Scripts in a module should not be individually versioned. Only the module should be versioned.
2015-12-14Bugfix #93Matt Graeber1-13/+1
Removed the "EndAddress" parameter set since it was never used. This should resolve any parameter set confusion.
2015-12-14Bugfix #92: perform OS check when importing NtCreateThreadExMatt Graeber1-4/+7
2015-11-07Adding -DoNotZeroMZ for testingMatt Graeber1-5/+14
2015-11-07Removed extraneous parametersMatt Graeber1-58/+13
Removed extraneous parameters Removed the following extraneous parameters: -PEPath -PEUrl The functionality they provided can be easily replicated in code outside of Invoke-ReflectivePEInjection. i.e. it should be up to the user how they might want to download a PE before loading it. That should not be dictated by Invoke-ReflectivePEInjection.
2015-11-07Revert "Removed extraneous parameters"Matt Graeber1-18/+89
This reverts commit 0eb520e31f97bc0ca83bd2c1546a18dd97e09d79.
2015-11-07Removed extraneous parametersMatt Graeber1-89/+18
Removed the following extraneous parameters: -PEPath -PEUrl -ComputerName The functionality they provided can be easily replicated in code outside of Invoke-ReflectivePEInjection. i.e. it should be up to the user how they might want to download a PE before loading it. That should not be dictated by Invoke-ReflectivePEInjection.
2015-11-06Fixed a casting bugMatt Graeber1-2/+2
2015-01-26Adding PEBytes parameterclymb3r1-5/+17
Added PEBytes parameter for reflectively loading a PE file passed as a byte array to the script.
2015-01-07Bugfix: Resolving ordinals in remote dll injectionclymb3r1-2/+2
Thanks to sixdub for finding and fixing a bug when resolving functions by ordinal in remote processes.
2014-07-10Bug fixes to Invoke-ReflectivePEInjectionclymb3r1-63/+157
Fixed a bug where calling GetProcAddress by ordinal instead of procedure name failed. Fixed a bug where reflectively loading an EXE will cause the entry function (main()) to be called twice instead of once as expected. Added a ForceASLR flag to force ASLR to be used even if the PE file doesn't officially support ASLR. Some minor other changes.
2013-11-13Normalized all scripts to ASCII encodingmattifestation1-1/+1
2013-10-01Switching to ANSI from UTF8 encodingclymb3r1-2/+2
Scripts now work in 2008r2. I thought I tested before uploading but something broke somehow... Now the scripts work in 2008r2 and win8+
2013-09-30Fixes for Windows 8.1/.NET 4.5clymb3r1-2593/+2575
.NET 4.5 introduced breaking changes in the way Marshalling works. Added a fix so ReflectivePEInjection works with Windows 8.1/.NET4.5.
2013-09-03Call to DllMain when unloading reflective DLLclymb3r1-0/+9
Prior to this fix, DllMain with the ProessDetach flag was not called when unloading the reflectively loaded DLL. This was causing very weird crashes in the Invoke-NinjaCopy script which is built on this script. This should fix the crash.
2013-05-31Added Invoke-ReflectivePEInjectionMatt Graeber1-0/+2852
Another awesome addition from Joe Bialek. Invoke-ReflectivePEInjection is a vast improvement over Invoke-ReflectiveDllInjection. It adds the following features: * Now supports loading exe files in memory * Supports reflective dll injection into a remote process * Additional sample Visual Studio solutions
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-25 23:35:40 +0000