-
Notifications
You must be signed in to change notification settings - Fork 99
/
New-RemoteReconHeader.ps1
50 lines (40 loc) · 1.08 KB
/
New-RemoteReconHeader.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
function New-RemoteReconHeader
{
<#
.SYNOPSIS Generates a new header file in the post build event for RemoteReconKS
Author: @tifkin_ Lee Christensen
#>
[CmdletBinding()]
[OutputType([string])]
Param
(
[Parameter(Mandatory=$true,
ValueFromPipelineByPropertyName=$true,
Position=0)]
$AssemblyPath
)
$Bytes = Get-Content -Raw -Encoding Byte $AssemblyPath
$OutputStr = New-Object System.Text.StringBuilder
$Counter = 1
foreach($Byte in $Bytes) {
$null = $OutputStr.Append("0x$('{0:X2}' -f $Byte),")
if($Counter % 12 -eq 0) {
$null = $OutputStr.AppendLine()
$null = $OutputStr.Append("`t")
}
$Counter++
}
$null = $OutputStr.Remove($OutputStr.Length-1,1)
$Source = @'
#ifndef REMOTERECONKSDLL_H_
#define REMOTERECONKSDLL_H_
static const unsigned char RemoteReconKS_dll[] = {
REPLACE
};
static const unsigned int REMOTERECONKS_dll_len = LENGTH;
#endif
'@
$Source = $Source -replace 'REPLACE',$OutputStr.ToString()
$Source = $Source -replace 'LENGTH',$Bytes.Length
$Source
}