powershell - Powershell 无法处理大字符串
问题描述
我有一个需要加载 base64 exe 文件的脚本,它碰巧字符串太大,powershell 无法处理,因此会破坏程序
我想知道是否有绕过这个powershell限制的方法
据我了解,这取决于 powershell 作为一种语言和 microsoft 作为背后的操作系统如何将文件名转换为二进制代码
我在这里需要一些帮助
我运行exe的方式是
$InputString = '...........'
$PEBytes = [System.Convert]::FromBase64String($InputString)
Invoke-ReflectivePEInjection -PEBytes $PEBytes
谢谢
解决方案
获取对该GetProcAddress
方法的引用会引发异常:
$UnsafeNativeMethods.GetMethod('GetProcAddress')
Exception calling "GetMethod" with "1" argument(s): "Ambiguous match found."
让我们找到正确的语法模式:
$GetProcAddresses = $UnsafeNativeMethods.GetMethods() |
Where-Object Name -Match 'GetProcAddress'
$GetProcAddresses |
ForEach-Object { $_.ReturnTypeCustomAttributes |
Select-Object -Property Member }
Member ------ IntPtr GetProcAddress(IntPtr, System.String) IntPtr GetProcAddress(System.Runtime.InteropServices.HandleRef, System.String)
要获得对该GetProcAddress
方法的引用:使用任一
$GetProcAddress = $UnsafeNativeMethods.GetMethod('GetProcAddress',
[type[]]('IntPtr', 'System.String'))
或者
$GetProcAddress = $UnsafeNativeMethods.GetMethod('GetProcAddress',
[type[]]('System.Runtime.InteropServices.HandleRef', 'System.String'))
示例代码(在PowerShell 5.1中测试):
Remove-Variable -Name Get* -ErrorAction SilentlyContinue
# Get a reference to System.dll in the GAC
$SystemAssembly = [AppDomain]::CurrentDomain.GetAssemblies() |
Where-Object { $_.GlobalAssemblyCache -and $_.Location -and (
( $_.Location -split '\\' )[-1] -eq 'System.dll') }
$UnsafeNativeMethods = $SystemAssembly.GetType('Microsoft.Win32.UnsafeNativeMethods')
# Get a reference to the GetModuleHandle method
$GetModuleHandle = $UnsafeNativeMethods.GetMethod('GetModuleHandle')
# Let's find correct syntax pattern
$GetProcAddresses = $UnsafeNativeMethods.GetMethods() |
Where-Object Name -Match 'GetProcAddress'
$GetProcAddresses |
ForEach-Object { $_.ReturnTypeCustomAttributes |
Select-Object -Property Member }
# Get a reference to the GetProcAddress method: use either
$GetProcAddress1 = $UnsafeNativeMethods.GetMethod('GetProcAddress',
[type[]]('IntPtr', 'System.String'))
# or
$GetProcAddress2 = $UnsafeNativeMethods.GetMethod('GetProcAddress',
[type[]]('System.Runtime.InteropServices.HandleRef', 'System.String'))
Get-Variable -Name Get*, SystemAssembly, UnsafeNativeMethods |
Format-List -Property Name, Value
输出:D:\PShell\SO\60820994.ps1
Member ------ IntPtr GetProcAddress(IntPtr, System.String) IntPtr GetProcAddress(System.Runtime.InteropServices.HandleRef,System.String) Name : GetModuleHandle Value : IntPtr GetModuleHandle(System.String) Name : GetProcAddress1 Value : IntPtr GetProcAddress(IntPtr, System.String) Name : GetProcAddress2 Value : IntPtr GetProcAddress(System.Runtime.InteropServices.HandleRef, System.String) Name : GetProcAddresses Value : {IntPtr GetProcAddress(IntPtr, System.String), IntPtr GetProcAddress(System.Runtime.InteropServices.HandleRef, System.String)} Name : SystemAssembly Value : System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 Name : UnsafeNativeMethods Value : Microsoft.Win32.UnsafeNativeMethods
题外话:代码不在PowerShell Core中运行,因为System.dll
默认情况下没有安装到全局程序集缓存 (GAC) 中。
推荐阅读
- html - 如果我编辑 x 和 y 值,SVG 元素不会移动
- amazon-iam - 获取用户策略所需的 AWS IAM ListGroupsForUser
- python - 函数总和的curve_fit
- javascript - 是否可以向 Vue 2 的“on”指令添加自定义事件?
- excel - 循环遍历列并更新 Excel 中的空白单元格
- swift - 如何为不同的方案设置不同的启动屏幕?
- html - Mozilla Firefox 上的 CSS flex 框大小错误问题
- sql - pgsql DELETE + LIMIT + JOIN + ORDER
- javascript - Webpack 混淆器问题:无法读取未定义的属性“tap”
- flutter - Flutter:如何制作自定义头像