File tree 1 file changed +13
-4
lines changed 1 file changed +13
-4
lines changed Original file line number Diff line number Diff line change @@ -156,14 +156,23 @@ http://clymb3r.wordpress.com/2013/11/03/powershell-and-token-impersonation/
156
156
$UnsafeNativeMethods = $SystemAssembly.GetType (' Microsoft.Win32.UnsafeNativeMethods' )
157
157
# Get a reference to the GetModuleHandle and GetProcAddress methods
158
158
$GetModuleHandle = $UnsafeNativeMethods.GetMethod (' GetModuleHandle' )
159
- $GetProcAddress = $UnsafeNativeMethods.GetMethod (' GetProcAddress' )
159
+ $GetProcAddress = $UnsafeNativeMethods.GetMethods () | Where {$_.Name -eq " GetProcAddress" } | Select-Object - first 1
160
+
160
161
# Get a handle to the module specified
161
162
$Kern32Handle = $GetModuleHandle.Invoke ($null , @ ($Module ))
162
- $tmpPtr = New-Object IntPtr
163
- $HandleRef = New-Object System.Runtime.InteropServices.HandleRef($tmpPtr , $Kern32Handle )
164
163
165
164
# Return the address of the function
166
- Write-Output $GetProcAddress.Invoke ($null , @ ([System.Runtime.InteropServices.HandleRef ]$HandleRef , $Procedure ))
165
+ try
166
+ {
167
+ $tmpPtr = New-Object IntPtr
168
+ $HandleRef = New-Object System.Runtime.InteropServices.HandleRef($tmpPtr , $Kern32Handle )
169
+ Write-Output $GetProcAddress.Invoke ($null , @ ([System.Runtime.InteropServices.HandleRef ]$HandleRef , $Procedure ))
170
+ }
171
+ catch
172
+ {
173
+ # Windows 10 v1803 needs $Kern32Handle as a System.IntPtr instead of System.Runtime.InteropServices.HandleRef
174
+ Write-Output $GetProcAddress.Invoke ($null , @ ($Kern32Handle , $Procedure ))
175
+ }
167
176
}
168
177
169
178
# performs named pipe impersonation to elevate to SYSTEM without needing
You can’t perform that action at this time.
0 commit comments