From 924103aa015be3e8838c2a9bacb5194fe5984226 Mon Sep 17 00:00:00 2001 From: Matt Graeber Date: Mon, 14 Dec 2015 20:43:51 -0800 Subject: Invoke-DllInjection Pester test improvement The test dll I now use is advpack.dll since that is present in all versions of windows. --- Tests/CodeExecution.tests.ps1 | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'Tests/CodeExecution.tests.ps1') diff --git a/Tests/CodeExecution.tests.ps1 b/Tests/CodeExecution.tests.ps1 index b8e415e..2771e78 100644 --- a/Tests/CodeExecution.tests.ps1 +++ b/Tests/CodeExecution.tests.ps1 @@ -125,19 +125,19 @@ Describe 'Invoke-Shellcode' { } Describe 'Invoke-DllInjection' { - $Accessibilitycpl = 'accessibilitycpl.dll' - $AccessibilitycplPath = "$($Env:SystemRoot)\System32\$Accessibilitycpl" + $Advpack = 'advpack.dll' + $AdvpackPath = "$($Env:SystemRoot)\System32\$Advpack" It 'should inject a known system DLL' { - if (-not (Test-Path $AccessibilitycplPath)) { - throw "$AccessibilitycplPath does not exist on disk." + if (-not (Test-Path $AdvpackPath)) { + throw "$AdvpackPath does not exist on disk." } - $LoadedModule = Invoke-DllInjection -ProcessID $PID -Dll $AccessibilitycplPath + $LoadedModule = Invoke-DllInjection -ProcessID $PID -Dll $AdvpackPath $LoadedModule | Should Not BeNullOrEmpty $LoadedModule -is [System.Diagnostics.ProcessModule] | Should Be $True - $LoadedModule.ModuleName | Should Be $Accessibilitycpl + $LoadedModule.ModuleName | Should Be $Advpack } It 'should not inject a non-existent DLL' { @@ -149,7 +149,7 @@ Describe 'Invoke-DllInjection' { } It 'should not inject to a non-existent process' { - { Invoke-DllInjection -ProcessID 0 -Dll $AccessibilitycplPath } | Should Throw + { Invoke-DllInjection -ProcessID 0 -Dll $AdvpackPath } | Should Throw } } -- cgit v1.2.3