├── PSReflector-List-Methods.ps1 ├── PSReflector-Public-Invoke-Private-Overloading.ps1 ├── PSReflector-Public-Invoke-Public.ps1 ├── PSReflector-Public-Invoke-Static-Private-Overloading.ps1 ├── PSReflector-Public-Invoke-Static-Private.ps1 ├── PSReflector-Public-Invoke-Static-Public.ps1 └── README.md /PSReflector-List-Methods.ps1: -------------------------------------------------------------------------------- 1 | $Results=@() 2 | Get-ChildItem -recurse "D:\Documents\Visual Studio 2010\Projects\AesSample\AesSample\bin\Debug\"| 3 | Where-Object { ($_.Extension -EQ ".dll") -or ($_.Extension -eq ".exe")} | 4 | ForEach-Object { 5 | $AssemblyName= $_.FullName; try {$Assembly = [Reflection.Assembly]::LoadFile($AssemblyName);} catch{ "***ERROR*** Error when loading assembly: " + $AssemblyName} $Assembly | Format-Table; $Assembly.GetTypes() | 6 | %{ 7 | $Type=$_;$_.GetMembers() | Where-Object {$_.MemberType -eq "Constructor"-or $_.MemberType -EQ "Method" } | 8 | %{ 9 | $ObjectProperties = @{ 'Assembly' = $AssemblyName; 10 | 'ClassName' = $Type.Name; 11 | 'ClassPublic' = $Type.IsPublic; 12 | 'ClassStatic' = $Type.IsAbstract -and $Type.IsSealed; 13 | 'MemberType' = $_.MemberType; 14 | 'Member' = $_.ToString(); 15 | 'Changed' = $Changed; 16 | 'MemberPublic' = $_.IsPublic; 17 | 'MemberStatic' =$_.IsStatic; 18 | } 19 | $ResultsObject = New-Object -TypeName PSObject -Property $ObjectProperties 20 | $Results+=$ResultsObject 21 | } 22 | } 23 | } 24 | $Results | Select-Object Assembly,ClassPublic,ClassStatic,ClassName,MemberType,Member,MemberPublic,MemberStatic | Sort-Object Assembly,ClassName,MemberType,Member| Out-GridView -Title "Reflection" 25 | -------------------------------------------------------------------------------- /PSReflector-Public-Invoke-Private-Overloading.ps1: -------------------------------------------------------------------------------- 1 | #Load all .NET binaries in the folder 2 | Get-ChildItem -recurse "D:\Documents\Visual Studio 2010\Projects\AesSample\AesSample\bin\Debug\"|Where-Object {($_.Extension -EQ ".dll") -or ($_.Extension -eq ".exe")} | ForEach-Object { $AssemblyName=$_.FullName; Try {[Reflection.Assembly]::LoadFile($AssemblyName)} Catch{ "***ERROR*** Not .NET assembly: " + $AssemblyName}} 3 | #Call constructor 4 | $Instance= New-Object "AesSample.AesLib" ("a","b") 5 | 6 | # Find private nonstatic method. If you want to invoke static private method, replace Instance with Static 7 | $BindingFlags= [Reflection.BindingFlags] "NonPublic,Instance" 8 | 9 | $Instance.GetType().GetMethods($BindingFlags) | Where-Object Name -eq DecryptStringPrivate| ForEach-Object{ 10 | $PrivateMethod=$_ 11 | $MethodParams=$PrivateMethod.GetParameters() 12 | $MemberSignature = $MethodParams | Select -First 1 | Select-Object Member 13 | $MemberSignature.Member.ToString() 14 | If ($MemberSignature.Member.ToString() -eq "System.String DecryptStringPrivate(Byte[])"){ 15 | [byte[]]$Bytes =@(70,1,65,70,155,197,95,238,85,79,190,34,158,69,125,233,53,212,111,19,248,209,147,180,19,172,150,25,97,41,127,175) 16 | [Object[]] $Params=@(,$Bytes) 17 | 18 | # You will need to pass the Instance here instead of $null 19 | $PrivateMethod.Invoke($Instance,$Params) 20 | } 21 | } -------------------------------------------------------------------------------- /PSReflector-Public-Invoke-Public.ps1: -------------------------------------------------------------------------------- 1 | #Load all .NET binaries in the folder 2 | Get-ChildItem -recurse "D:\Documents\Visual Studio 2010\Projects\AesSample\AesSample\bin\Debug\"|Where-Object {($_.Extension -EQ ".dll") -or ($_.Extension -eq ".exe")} | ForEach-Object { $AssemblyName=$_.FullName; Try {[Reflection.Assembly]::LoadFile($AssemblyName)} Catch{ "***ERROR*** Not .NET assembly: " + $AssemblyName}}#Call default constructor (no argument) 3 | 4 | $AesSample= New-Object "AesSample.AesLib" 5 | #Call constructor with arguments using this syntax: $AesSample= New-Object "AesSample.AesLib" ("a","b") 6 | 7 | #Invoke public method 8 | $AesSample.DecryptString("8E3C5A3088CEA26B634CFDA09D13A7DB") -------------------------------------------------------------------------------- /PSReflector-Public-Invoke-Static-Private-Overloading.ps1: -------------------------------------------------------------------------------- 1 | #Load all .NET binaries in the folder 2 | Get-ChildItem -recurse "D:\Documents\Visual Studio 2010\Projects\AesSample\AesSample\bin\Debug\"|Where-Object {($_.Extension -EQ ".dll") -or ($_.Extension -eq ".exe")} | ForEach-Object { $AssemblyName=$_.FullName; Try {[Reflection.Assembly]::LoadFile($AssemblyName)} Catch{ "***ERROR*** Not .NET assembly: " + $AssemblyName}} 3 | #Search for private method based on name 4 | $PrivateMethods = [AesSample.AesLibStatic].GetMethods($bindingFlags) | Where-Object Name -eq DecryptStringPrivate 5 | 6 | 7 | $PrivateMethods | ForEach-Object{ 8 | $PrivateMethod=$_ 9 | $MethodParams=$PrivateMethod.GetParameters() 10 | $MemberSignature = $MethodParams | Select -First 1 | Select-Object Member 11 | #This will list all the method signatures 12 | $MemberSignature.Member.ToString() 13 | 14 | #Choose the correct method based on parameter list 15 | If ($MemberSignature.Member.ToString() -eq "System.String DecryptStringPrivate(Byte[])"){ 16 | [byte[]]$Bytes =@(70,1,65,70,155,197,95,238,85,79,190,34,158,69,125,233,53,212,111,19,248,209,147,180,19,172,150,25,97,41,127,175) 17 | [Object[]] $Params=@(,$Bytes) 18 | 19 | #Call with the right arguments 20 | $PrivateMethod.Invoke($null,$Params) 21 | } 22 | } -------------------------------------------------------------------------------- /PSReflector-Public-Invoke-Static-Private.ps1: -------------------------------------------------------------------------------- 1 | #Load all .NET binaries in the folder 2 | Get-ChildItem -recurse "D:\Documents\Visual Studio 2010\Projects\AesSample\AesSample\bin\Debug\"|Where-Object {($_.Extension -EQ ".dll") -or ($_.Extension -eq ".exe")} | ForEach-Object { $AssemblyName=$_.FullName; Try {[Reflection.Assembly]::LoadFile($AssemblyName)} Catch{ "***ERROR*** Not .NET assembly: " + $AssemblyName}} 3 | #Only retrieve static private method 4 | $BindingFlags= [Reflection.BindingFlags] "NonPublic,Static" 5 | 6 | #Load method based on name 7 | $PrivateMethod = [AesSample.AesLibStatic].GetMethod("DecryptStringSecret",$bindingFlags) 8 | 9 | #Invoke 10 | $PrivateMethod.Invoke($null,"8E3C5A3088CEA26B634CFDA09D13A7DB") -------------------------------------------------------------------------------- /PSReflector-Public-Invoke-Static-Public.ps1: -------------------------------------------------------------------------------- 1 | #Load all .NET binaries in the folder 2 | Get-ChildItem -recurse "D:\Documents\Visual Studio 2010\Projects\AesSample\AesSample\bin\Debug\"|Where-Object {($_.Extension -EQ ".dll") -or ($_.Extension -eq ".exe")} | ForEach-Object { $AssemblyName=$_.FullName; Try {[Reflection.Assembly]::LoadFile($AssemblyName)} Catch{ "***ERROR*** Not .NET assembly: " + $AssemblyName}} 3 | 4 | #Call public static method 5 | [AesSample.AesLibStatic]::DecryptString("8E3C5A3088CEA26B634CFDA09D13A7DB") 6 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | PS_Reflector 2 | ============ 3 | Blog: https://www.netspi.com/blog/entryid/200/using-powershell-and-reflection-api-to-invoke-methods-from-net-assemblies?utm_content=bufferefb9f&utm_source=buffer&utm_medium=twitter&utm_campaign=Buffer --------------------------------------------------------------------------------