Skip to content

Instantly share code, notes, and snippets.

@moriyoshi

moriyoshi/aeremoting.ps1

Created November 7, 2016 01:22
Show Gist options
  • Save moriyoshi/4664016551e6087e95b0891b2b68f5eb to your computer and use it in GitHub Desktop.
Save moriyoshi/4664016551e6087e95b0891b2b68f5eb to your computer and use it in GitHub Desktop.
Download ZIP
Raw
aeremoting.ps1
$type = Add-Type `
-TypeDefinition @'
using System;
using System.Runtime.InteropServices;
[Flags]
public enum FileMapAccess : uint
{
FileMapCopy = 0x0001,
FileMapWrite = 0x0002,
FileMapRead = 0x0004,
FileMapReadWrite = 0x0006,
FileMapAllAccess = 0x001f,
FileMapExecute = 0x0020,
}
[Flags]
public enum FileMapProtection : uint
{
PageReadonly = 0x02,
PageReadWrite = 0x04,
PageWriteCopy = 0x08,
PageExecuteRead = 0x20,
PageExecuteReadWrite = 0x40,
SectionCommit = 0x8000000,
SectionImage = 0x1000000,
SectionNoCache = 0x10000000,
SectionReserve = 0x4000000,
}
public enum SendMessageFlags : uint
{
Normal = 0,
Block = 1,
AbortIfHung = 2,
NoTimeOutIfNotHung = 8,
ErrorOnExit = 32,
}
public class Win32API
{
public static readonly IntPtr InvalidHandleValue = (IntPtr)(-1);
[DllImport("kernel32", SetLastError = true)]
public static extern IntPtr GlobalAddAtom(string lpString);
[DllImport("user32.dll", SetLastError = true)]
public static extern IntPtr FindWindow(string lpClassName, IntPtr windowName);
[DllImport("user32.dll", SetLastError = true)]
public static extern IntPtr SendMessageTimeout(IntPtr hWnd, UInt32 Msg, IntPtr wParam, IntPtr lParam, SendMessageFlags fuFlags, uint uTimeout, IntPtr lpdwResult);
[DllImport("user32.dll", SetLastError = true)]
public static extern bool SetProp(IntPtr hWnd, string lpString, IntPtr hData);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern IntPtr CreateFileMapping(IntPtr hFile, IntPtr lpAttributes, FileMapProtection flProtect, Int32 dwMaxSizeHi, Int32 dwMaxSizeLow, string lpName);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern IntPtr MapViewOfFile(IntPtr hFileMappingObject, FileMapAccess dwDesiredAccess, UInt32 dwFileOffsetHigh, UInt32 dwFileOffsetLow, UIntPtr dwNumberOfBytesToMap);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool UnmapViewOfFile(IntPtr lpAddr);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool CloseHandle(IntPtr handle);
}
'@ `
-PassThru
$token = "AfterEffects Happy Cartoon Fun Command Line";
$script = "-s alert(`"123 456 789\`"test`");";
$utf8 = [System.Text.Encoding]::UTF8;
[byte[]] $encodedScript = @(0) * $utf8.GetByteCount($script)
$utf8.GetBytes($script, 0, $script.Length, $encodedScript, 0);
$mapping = $type[3]::CreateFileMapping($type[3]::InvalidHandleValue, [IntPtr]::Zero, $type[1]::PageReadWrite, 0, $encodedScript.Length, $token)
$err = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()
if ($err -ne 0) {
echo "CreateFileMapping failed ($err)"
return
}
$addr = $type[3]::MapViewOfFile($mapping, $type[0]::FileMapReadWrite, 0, 0, [UIntPtr][uint32]($encodedScript.Length))
$err = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()
if ($err -ne 0) {
echo "MapViewOfFile failed"
$type[3]::CloseHandle($mapping)
return
}
[System.Runtime.InteropServices.Marshal]::Copy($encodedScript, 0, $addr, $encodedScript.Length)
$type[3]::UnmapViewOfFile($addr);
$atom = $type[3]::GlobalAddAtom($token)
$hwnd = $type[3]::FindWindow("AE_CApplication_14.0", [IntPtr]::Zero)
if ($hwnd -eq [IntPtr]::Zero) {
$type[3]::CloseHandle($mapping);
echo "oops"
return
}
echo $type[3]::SendMessageTimeout($hwnd, 1547, $atom, 0, $type[2]::Normal, 5000, [IntPtr]::Zero)
$type[3]::CloseHandle($mapping);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment