From fee3b4c642c6cae1ef18b85b7ae30111518e84fd Mon Sep 17 00:00:00 2001
From: Matt Graeber <matt@exploit-monday.com>
Date: Fri, 15 Jul 2016 14:07:10 -0700
Subject: #147 Bugfix: Invoke-Mimikatz

Invoke-Mimikatz was not not handling functions exported by ordinal.
Thank you @gentilkiwi for the suggested fix!
---
 Exfiltration/Invoke-Mimikatz.ps1 | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/Exfiltration/Invoke-Mimikatz.ps1 b/Exfiltration/Invoke-Mimikatz.ps1
index f95daa3..bb18cfa 100644
--- a/Exfiltration/Invoke-Mimikatz.ps1
+++ b/Exfiltration/Invoke-Mimikatz.ps1
@@ -1687,7 +1687,14 @@ $RemoteScriptBlock = {
 					}
 					else
 					{
-						[IntPtr]$NewThunkRef = $Win32Functions.GetProcAddress.Invoke($ImportDllHandle, $ProcedureName)
+						if($ProcedureName -is [string])
+						{
+						    [IntPtr]$NewThunkRef = $Win32Functions.GetProcAddress.Invoke($ImportDllHandle, $ProcedureName)
+						}
+						else
+						{
+						    [IntPtr]$NewThunkRef = $Win32Functions.GetProcAddressOrdinal.Invoke($ImportDllHandle, $ProcedureName)
+						}
 					}
 					
 					if ($NewThunkRef -eq $null -or $NewThunkRef -eq [IntPtr]::Zero)
-- 
cgit v1.2.3