From 6b0ada999a9d2be8c6c9267da57b898494d13219 Mon Sep 17 00:00:00 2001 From: Matt Graeber Date: Sun, 29 May 2016 07:54:50 -0700 Subject: Fixed FreeLibrary function signature #146 The parameter type and return types were accidentally transposed. Thanks @rojaster for pointing this out. --- Exfiltration/Invoke-CredentialInjection.ps1 | 2 +- Exfiltration/Invoke-Mimikatz.ps1 | 2 +- Exfiltration/Invoke-NinjaCopy.ps1 | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) (limited to 'Exfiltration') diff --git a/Exfiltration/Invoke-CredentialInjection.ps1 b/Exfiltration/Invoke-CredentialInjection.ps1 index a7b312d..d6f3c4c 100644 --- a/Exfiltration/Invoke-CredentialInjection.ps1 +++ b/Exfiltration/Invoke-CredentialInjection.ps1 @@ -771,7 +771,7 @@ function Invoke-CredentialInjection $Win32Functions | Add-Member NoteProperty -Name GetModuleHandle -Value $GetModuleHandle $FreeLibraryAddr = Get-ProcAddress kernel32.dll FreeLibrary - $FreeLibraryDelegate = Get-DelegateType @([Bool]) ([IntPtr]) + $FreeLibraryDelegate = Get-DelegateType @([IntPtr]) ([Bool]) $FreeLibrary = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($FreeLibraryAddr, $FreeLibraryDelegate) $Win32Functions | Add-Member -MemberType NoteProperty -Name FreeLibrary -Value $FreeLibrary diff --git a/Exfiltration/Invoke-Mimikatz.ps1 b/Exfiltration/Invoke-Mimikatz.ps1 index c701f63..f95daa3 100644 --- a/Exfiltration/Invoke-Mimikatz.ps1 +++ b/Exfiltration/Invoke-Mimikatz.ps1 @@ -540,7 +540,7 @@ $RemoteScriptBlock = { $Win32Functions | Add-Member NoteProperty -Name GetModuleHandle -Value $GetModuleHandle $FreeLibraryAddr = Get-ProcAddress kernel32.dll FreeLibrary - $FreeLibraryDelegate = Get-DelegateType @([Bool]) ([IntPtr]) + $FreeLibraryDelegate = Get-DelegateType @([IntPtr]) ([Bool]) $FreeLibrary = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($FreeLibraryAddr, $FreeLibraryDelegate) $Win32Functions | Add-Member -MemberType NoteProperty -Name FreeLibrary -Value $FreeLibrary diff --git a/Exfiltration/Invoke-NinjaCopy.ps1 b/Exfiltration/Invoke-NinjaCopy.ps1 index 15bee1b..f22d5f5 100644 --- a/Exfiltration/Invoke-NinjaCopy.ps1 +++ b/Exfiltration/Invoke-NinjaCopy.ps1 @@ -572,7 +572,7 @@ $RemoteScriptBlock = { $Win32Functions | Add-Member NoteProperty -Name GetModuleHandle -Value $GetModuleHandle $FreeLibraryAddr = Get-ProcAddress kernel32.dll FreeLibrary - $FreeLibraryDelegate = Get-DelegateType @([Bool]) ([IntPtr]) + $FreeLibraryDelegate = Get-DelegateType @([IntPtr]) ([Bool]) $FreeLibrary = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($FreeLibraryAddr, $FreeLibraryDelegate) $Win32Functions | Add-Member -MemberType NoteProperty -Name FreeLibrary -Value $FreeLibrary -- cgit v1.2.3