Explicitly casting types as [Type]

The latest version of .NET added generics to many of the InteropService methods. Therefore, all of my uses of types need to be explicitly cast with [Type].
PowerShellMafia · Aug 17, 2013 · fcdd3ad · fcdd3ad
1 parent 7f0be86
commit fcdd3ad
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 6 deletions.
diff --git a/ReverseEngineering/Get-NtSystemInformation.ps1 b/ReverseEngineering/Get-NtSystemInformation.ps1
@@ -633,7 +633,7 @@
 
         foreach ($i in 0..($Count-1))
         {
-            [Runtime.InteropServices.Marshal]::PtrToStructure($StructAddress, $StructType)
+            [Runtime.InteropServices.Marshal]::PtrToStructure($StructAddress, [Type] $StructType)
             $StructAddress = ([IntPtr]($StructAddress.ToInt64() + $StructSize))
         }
 
@@ -958,7 +958,7 @@
                 # Base address of the _SYSTEM_OBJECTTYPE_INFORMATION struct
                 $ObjectTypeAbsoluteAddress = [IntPtr]($PtrData.ToInt64() + $NextTypeOffset)
 
-                $Result = [Runtime.InteropServices.Marshal]::PtrToStructure($ObjectTypeAbsoluteAddress, $ObjectTypeClass)
+                $Result = [Runtime.InteropServices.Marshal]::PtrToStructure($ObjectTypeAbsoluteAddress, [Type] $ObjectTypeClass)
 
                 if ($Result.NumberOfObjects -gt 0)
                 {
@@ -970,7 +970,7 @@
 
                     do
                     {
-                        $ObjectResult = [Runtime.InteropServices.Marshal]::PtrToStructure(( [IntPtr]($ObjectBaseAddr.ToInt64() + $NextObjectOffset) ), $ObjectClass)
+                        $ObjectResult = [Runtime.InteropServices.Marshal]::PtrToStructure(( [IntPtr]($ObjectBaseAddr.ToInt64() + $NextObjectOffset) ), [Type] $ObjectClass)
 
                         $ResultHashTable2 = @{
                             Object = $ObjectResult.Object

diff --git a/ReverseEngineering/Get-StructFromMemory.ps1 b/ReverseEngineering/Get-StructFromMemory.ps1
@@ -131,7 +131,7 @@ http://www.exploit-monday.com
     $MemoryBasicInformation = [Activator]::CreateInstance($MEMORY_BASIC_INFORMATION)
 
     # Confirm you can actually read the address you're interested in
-    $NativeUtils::VirtualQueryEx($Handle, $MemoryAddress, [Ref] $MemoryBasicInformation, [Runtime.InteropServices.Marshal]::SizeOf($MEMORY_BASIC_INFORMATION)) | Out-Null
+    $NativeUtils::VirtualQueryEx($Handle, $MemoryAddress, [Ref] $MemoryBasicInformation, [Runtime.InteropServices.Marshal]::SizeOf([Type] $MEMORY_BASIC_INFORMATION)) | Out-Null
 
     $PAGE_EXECUTE_READ = 0x20
     $PAGE_EXECUTE_READWRITE = 0x40
@@ -154,7 +154,7 @@ http://www.exploit-monday.com
         throw 'The address specified does not have read access.'
     }
 
-    $StructSize = [Runtime.InteropServices.Marshal]::SizeOf($StructType)
+    $StructSize = [Runtime.InteropServices.Marshal]::SizeOf([Type] $StructType)
     $EndOfAllocation = $AllocationBase + $RegionSize
     $EndOfStruct = $MemoryAddress.ToInt64() + $StructSize
 
@@ -194,7 +194,7 @@ http://www.exploit-monday.com
     Write-Verbose "Struct Size: $StructSize"
     Write-Verbose "Bytes read: $BytesRead"
 
-    $ParsedStruct = [Runtime.InteropServices.Marshal]::PtrToStructure($LocalStructPtr, $StructType)
+    $ParsedStruct = [Runtime.InteropServices.Marshal]::PtrToStructure($LocalStructPtr, [Type] $StructType)
 
     [Runtime.InteropServices.Marshal]::FreeHGlobal($LocalStructPtr)
     $SafeHandle.Close()