Last active
December 10, 2015 08:58
-
-
Save sunnyc7/4410864 to your computer and use it in GitHub Desktop.
Access Win32 Native Api functions like DuplicateHandle, NTQuerySystemInformation (Part of Kernel32.dll), without using P/Invoke wizardry or Reflection.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Author: @mattifestation. | |
| # Link:http://www.exploit-monday.com/2012/12/list-all-win32native-functions.html | |
| ## Comment: | |
| # My experience running on V3.0 has been slow so far. I will try on other workstations and test v3.0 | |
| # Matt's screenshot look impressive. | |
| # To QCall or Not to QCall. | |
| $PinvokeMethods = [AppDomain]::CurrentDomain.GetAssemblies().GetTypes().GetMethods('NonPublic, Public, Static, Instance') | | |
| ? { $_.Attributes.HasFlag([Reflection.MethodAttributes]::PinvokeImpl) } | % { $CurrentMethod = $_; $_.CustomAttributes } | | |
| ? { $_.AttributeType -eq [Runtime.InteropServices.DllImportAttribute] } | ? { $_.ConstructorArguments.Value -ne 'QCall' } | | |
| % { New-Object PSObject -Property @{ Dll = $_.ConstructorArguments.Value; Name = $CurrentMethod.Name; DeclaringType = $CurrentMethod.DeclaringType } } | |
| $PinvokeMethods | Sort-Object -Property Name -Unique | Sort-Object -Property Dll, Name | Format-Table Dll, Name, DeclaringType -AutoSize |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment