Binding.PowerShell-Script

Added script to generate compressed DLL output & update for README
2024-12-04 20:06:41 +00:00 · 2016-11-04 10:56:47 +01:00 · 2016-11-04 10:56:47 +01:00 · 12ce2b31d7
commit 12ce2b31d7
parent 8da385d9ad
2 changed files with 70 additions and 2 deletions
--- a/bindings/powershell/Out-UnmanagedDll.ps1
+++ b/bindings/powershell/Out-UnmanagedDll.ps1
@ -0,0 +1,58 @@
+function Out-UnmanagedDll
+{
+    [CmdletBinding()] Param (
+        [Parameter(Mandatory = $True)]
+        [String]
+        $FilePath
+    )
+
+    $Path = Resolve-Path $FilePath
+
+    if (! [IO.File]::Exists($Path))
+    {
+        Throw "$Path does not exist."
+    }
+
+    $FileBytes = [System.IO.File]::ReadAllBytes($Path)
+
+    if (($FileBytes[0..1] | % {[Char]$_}) -join '' -cne 'MZ')
+    {
+        Throw "$Path is not a valid executable."
+    }
+
+	# Encode
+    $Length = $FileBytes.Length
+    $CompressedStream = New-Object IO.MemoryStream
+    $DeflateStream = New-Object IO.Compression.DeflateStream ($CompressedStream, [IO.Compression.CompressionMode]::Compress)
+    $DeflateStream.Write($FileBytes, 0, $FileBytes.Length)
+    $DeflateStream.Dispose()
+    $CompressedFileBytes = $CompressedStream.ToArray()
+    $CompressedStream.Dispose()
+    $EncodedCompressedFile = [Convert]::ToBase64String($CompressedFileBytes)
+
+	# Decode
+	$Output = @"
+`$EncodedCompressedFile = @'
+$EncodedCompressedFile
+'@
+`$Stream = new-object -TypeName System.IO.MemoryStream
+`$DeflateStream = New-Object IO.Compression.DeflateStream([IO.MemoryStream][Convert]::FromBase64String(`$EncodedCompressedFile),[IO.Compression.CompressionMode]::Decompress)
+`$buffer = New-Object Byte[]($Length)
+`$count = 0
+do
+    {
+        `$count = `$DeflateStream.Read(`$buffer, 0, 1024)
+        if (`$count -gt 0)
+            {
+                `$Stream.Write(`$buffer, 0, `$count)
+            }
+    }
+While (`$count -gt 0)
+`$array = `$stream.ToArray()
+`$DeflateStream.Close()
+`$Stream.Close()
+Set-Content -value `$array -encoding byte -path `$DllPath
+"@
+
+	Write-Output $Output
+}
--- a/bindings/powershell/README
+++ b/bindings/powershell/README
@ -1,6 +1,7 @@
 Usage

-Invoke-Capstone is ready for use, there are two options to access the capstone library from PowerShell:
+Invoke-Capstone is ready for use, there are two options to access the capstone
+library from PowerShell:

  * Script dot sourcing:

@ -16,4 +17,13 @@ Invoke-Capstone is ready for use, there are two options to access the capstone l

 Notes

-Invoke-Capstone drops the Capstone DLL, x32/64 respectively, to the user's temporary folder the first time it runs.
+  * Invoke-Capstone drops the Capstone DLL, x32/64 respectively, to the user's
+    temporary folder the first time it runs. Further runs will use this cached DLL.
+
+  * The "Out-UnmanagedDll" script can be used to generate a compressed DLL which
+    allows for easy integration with Invoke-Capstone. This script is based on
+    @mattifestation’s post here
+    http://www.exploit-monday.com/2012/12/in-memory-dll-loading.html.
+
+     # Redirect script output to file
+     PS C:\> Out-UnmanagedDll -FilePath C:\Some\Path\capstone.dll