Skip to content
This repository has been archived by the owner on Jan 21, 2021. It is now read-only.

Commit

Permalink
Fixed FreeLibrary function signature #146
Browse files Browse the repository at this point in the history 
The parameter type and return types were accidentally transposed. Thanks
@rojaster for pointing this out.
  • Loading branch information
Matt Graeber committed May 29, 2016
1 parent 83305c5 commit 6b0ada9
Show file tree
Hide file tree
Showing 4 changed files with 4 additions and 4 deletions.
2 changes: 1 addition & 1 deletion CodeExecution/Invoke-ReflectivePEInjection.ps1
View file
Expand Up @@ -648,7 +648,7 @@ $RemoteScriptBlock = {
$Win32Functions | Add-Member NoteProperty -Name GetModuleHandle -Value $GetModuleHandle

$FreeLibraryAddr = Get-ProcAddress kernel32.dll FreeLibrary
$FreeLibraryDelegate = Get-DelegateType @([Bool]) ([IntPtr])
$FreeLibraryDelegate = Get-DelegateType @([IntPtr]) ([Bool])
$FreeLibrary = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($FreeLibraryAddr, $FreeLibraryDelegate)
$Win32Functions | Add-Member -MemberType NoteProperty -Name FreeLibrary -Value $FreeLibrary

Expand Down
2 changes: 1 addition & 1 deletion Exfiltration/Invoke-CredentialInjection.ps1
View file
Expand Up @@ -771,7 +771,7 @@ function Invoke-CredentialInjection
$Win32Functions | Add-Member NoteProperty -Name GetModuleHandle -Value $GetModuleHandle

$FreeLibraryAddr = Get-ProcAddress kernel32.dll FreeLibrary
$FreeLibraryDelegate = Get-DelegateType @([Bool]) ([IntPtr])
$FreeLibraryDelegate = Get-DelegateType @([IntPtr]) ([Bool])
$FreeLibrary = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($FreeLibraryAddr, $FreeLibraryDelegate)
$Win32Functions | Add-Member -MemberType NoteProperty -Name FreeLibrary -Value $FreeLibrary

Expand Down
2 changes: 1 addition & 1 deletion Exfiltration/Invoke-Mimikatz.ps1
View file
Expand Up @@ -540,7 +540,7 @@ $RemoteScriptBlock = {
$Win32Functions | Add-Member NoteProperty -Name GetModuleHandle -Value $GetModuleHandle

$FreeLibraryAddr = Get-ProcAddress kernel32.dll FreeLibrary
$FreeLibraryDelegate = Get-DelegateType @([Bool]) ([IntPtr])
$FreeLibraryDelegate = Get-DelegateType @([IntPtr]) ([Bool])
$FreeLibrary = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($FreeLibraryAddr, $FreeLibraryDelegate)
$Win32Functions | Add-Member -MemberType NoteProperty -Name FreeLibrary -Value $FreeLibrary

Expand Down
2 changes: 1 addition & 1 deletion Exfiltration/Invoke-NinjaCopy.ps1
View file
Expand Up @@ -572,7 +572,7 @@ $RemoteScriptBlock = {
$Win32Functions | Add-Member NoteProperty -Name GetModuleHandle -Value $GetModuleHandle

$FreeLibraryAddr = Get-ProcAddress kernel32.dll FreeLibrary
$FreeLibraryDelegate = Get-DelegateType @([Bool]) ([IntPtr])
$FreeLibraryDelegate = Get-DelegateType @([IntPtr]) ([Bool])
$FreeLibrary = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($FreeLibraryAddr, $FreeLibraryDelegate)
$Win32Functions | Add-Member -MemberType NoteProperty -Name FreeLibrary -Value $FreeLibrary

Expand Down

0 comments on commit 6b0ada9

Please sign in to comment.