Comments (4)
Considering 'EnvironmentVariables' is made available to you via Get-Process, would you have a problem with me just calling that and assigning my EnvironmentVariables accordingly? Or would you rather I follow the pointer to the environment variables and walk the list?
Example:
$EnvironmentVariables = (Get-Process -Id $ProcessId -ErrorAction SilentlyContinue).StartInfo.EnvironmentVariables
from powersploit.
Matt, Its good to know that's an option. I didn't think to check the startup options. I think it'd be better to only include the functionality in Get-PEB, if it was reading from the environment block. People are going to assume that's the case, so it would do more harm than good including it.
I took a quick look at the ProcessHacker 1.0 source code which is C# and discovered that ProcessHandle.GetEnvironmentVariables(). I'll see what it takes to extract that into PowerShell code. It looks like that's a better source to model Get-PEB after since its pure C#.
My desire for this stems from trying to figure out how to get SQL Server stacktraces to use the symbol server. In that case, the problem is solved. However, if I was debugging powershell.exe or cmd.exe as well as child processes launched from a command line, I'd probably want the PEB to be read.
from powersploit.
If I were to do a Raw memory copy would you prefer I did an Import-DllImports on NtReadVirtualMemory or is there another method you prefer for calling unmanaged APIs?
from powersploit.
Check out Get-StructFromMemory (https://github.com/mattifestation/PowerSploit/blob/master/ReverseEngineering/Get-StructFromMemory.ps1). I use kernel32!VirtualQueryEx to ensure that I can read a particular address in a remote process and kernel32!ReadProcessMemory to read memory in the remote process.
from powersploit.
Related Issues (20)
- Powerup missing security check
- Invoke-ReflectivePEInjection Cascade of errors HOT 5
- Full QualifiedErrorId when using the command 'get-Netuser' : BadEnumeration HOT 1
- Invoke-Mimikatz + Windows 10 (1909) HOT 2
- It is possible to use Invoke-ReflectivePEInjection with Pyinstaller .exe?
- Get-ObjectAcl resolve SID in SecurityIdentifier
- Simple authentication instead of SASL
- PowerUp gives a lot of errors HOT 2
- Get-NetLocalGroup access
- delete
- Searching files by content
- Constrained Delegation
- Invoke-mimikatz in one ligne
- Cryptodome error?
- Get-NetLoggedon and Get-NetSession data displayed incorrectly
- Invoke-ReflectivePEInjection with meterpreter exe payload quits powershell
- Get-DomainPolicyData is not recognized when importing PowerSploit.psm1 module HOT 1
- The Commands (for example Get-NetDomain, Get-DomainPolicy) don't show any output, and continue to the next command line HOT 1
- please can we get an update on invoke-mimikatz?
- Remove-Comment doesnt seem to work
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from powersploit.