From fcdd3ad6428b4f1ecfd7f63be629af8cbe3204af Mon Sep 17 00:00:00 2001 From: Matt Graeber Date: Sat, 17 Aug 2013 17:55:31 -0400 Subject: Explicitly casting types as [Type] The latest version of .NET added generics to many of the InteropService methods. Therefore, all of my uses of types need to be explicitly cast with [Type]. --- ReverseEngineering/Get-StructFromMemory.ps1 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'ReverseEngineering/Get-StructFromMemory.ps1') diff --git a/ReverseEngineering/Get-StructFromMemory.ps1 b/ReverseEngineering/Get-StructFromMemory.ps1 index ccf6d5b..c32c190 100644 --- a/ReverseEngineering/Get-StructFromMemory.ps1 +++ b/ReverseEngineering/Get-StructFromMemory.ps1 @@ -131,7 +131,7 @@ http://www.exploit-monday.com $MemoryBasicInformation = [Activator]::CreateInstance($MEMORY_BASIC_INFORMATION) # Confirm you can actually read the address you're interested in - $NativeUtils::VirtualQueryEx($Handle, $MemoryAddress, [Ref] $MemoryBasicInformation, [Runtime.InteropServices.Marshal]::SizeOf($MEMORY_BASIC_INFORMATION)) | Out-Null + $NativeUtils::VirtualQueryEx($Handle, $MemoryAddress, [Ref] $MemoryBasicInformation, [Runtime.InteropServices.Marshal]::SizeOf([Type] $MEMORY_BASIC_INFORMATION)) | Out-Null $PAGE_EXECUTE_READ = 0x20 $PAGE_EXECUTE_READWRITE = 0x40 @@ -154,7 +154,7 @@ http://www.exploit-monday.com throw 'The address specified does not have read access.' } - $StructSize = [Runtime.InteropServices.Marshal]::SizeOf($StructType) + $StructSize = [Runtime.InteropServices.Marshal]::SizeOf([Type] $StructType) $EndOfAllocation = $AllocationBase + $RegionSize $EndOfStruct = $MemoryAddress.ToInt64() + $StructSize @@ -194,7 +194,7 @@ http://www.exploit-monday.com Write-Verbose "Struct Size: $StructSize" Write-Verbose "Bytes read: $BytesRead" - $ParsedStruct = [Runtime.InteropServices.Marshal]::PtrToStructure($LocalStructPtr, $StructType) + $ParsedStruct = [Runtime.InteropServices.Marshal]::PtrToStructure($LocalStructPtr, [Type] $StructType) [Runtime.InteropServices.Marshal]::FreeHGlobal($LocalStructPtr) $SafeHandle.Close() -- cgit v1.2.3