How To Embed An Assembly Into A Powershell Script

I may have gone too far this time in my far reaching experiments. The joy about script is that we can simply read them to find out whether they are safe to execute. The script that I am presenting today could make doing that difficult even for people that have advanced debugging techniques up their sleeves. The benefit, however, is that compiled code executes much faster than interpreted code, making this script useful in some cases.

The script as you can see below is very simple. There are two parameters to this script. The first is a list of paths that should point to valid assemblies, and the second is a switch that indicates that the loading process should not return the reference to the assembly once it finally gets loaded.

The processes of the script is simple. For each path in the "AssemblyPath" parameter, the content of the file at that path is loaded as byte data. That byte data is then converted to a string using the Base64 method. that Base64 string is then prepended and appended with the code that will load the assembly. The result of that is then returned as a single string for each path that was given. The process of loading that assembly is also very simple. The Base64 string is converted back to byte data and sent to the "[AppDomain]::CurrentDomain.Load" method.

The resulting string(s) are valid Powershell script and can be immediately exported to a .ps1 file or included in an existing script.

This script will allow us to include precompiled, fast executing code into scripts, but beware, while this script is safe to use, it is very difficult to determine if a script that was made using this script by someone else is safe to execute. So unless you trust the life of your computer to the person that made the script, I would suggest inspecting any assemblies included in scripts you find before use.

Something like the .NET Reflector should be of use if you can get the content of the embedded assembly to a file.


# Get-AssemblyResource.ps1

# Version: 1.0

# Author: LunaticExperimentalist

# End User License: Public Domain



param ([String[]]$AssemblyPath, [Switch]$Silent)



$AssemblyPath | Foreach {

	[String]::Join("`r`n", @(if ($Silent) {'[Void]('}

	"[AppDomain]::CurrentDomain.Load([Convert]::FromBase64String(@'"

	[Convert]::ToBase64String((Get-Content $_ -encoding byte),'InsertLineBreaks')

	"'@) )"

	if ($Silent) {');'}))

}
Advertisements

~ by lunaticexperimentalist on September 22, 2007.

2 Responses to “How To Embed An Assembly Into A Powershell Script”

  1. wow!!! this is first step for creating powershell virus !!! Watch out everyone  

  2. Heh. A virus. Even being able to insert compiled code into the script doesn’t make it any easier to get anyone to execute that script.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: