Class: Rex::Exploitation::Powershell::Function

Inherits:
Object
  • Object
show all
Includes:
Obfu, Output, Parser
Defined in:
lib/rex/exploitation/powershell/function.rb

Constant Summary collapse

FUNCTION_REGEX =
Regexp.new(/\[(\w+\[\])\]\$(\w+)\s?=|\[(\w+)\]\$(\w+)\s?=|\[(\w+\[\])\]\s+?\$(\w+)\s+=|\[(\w+)\]\s+\$(\w+)\s?=/i)
PARAMETER_REGEX =
Regexp.new(/param\s+\(|param\(/im)

Constants included from Obfu

Obfu::EMPTY_LINE_REGEX, Obfu::MULTI_LINE_COMMENTS_REGEX, Obfu::SINGLE_LINE_COMMENTS_REGEX, Obfu::UNIX_EOL_REGEX, Obfu::WHITESPACE_REGEX, Obfu::WINDOWS_EOL_REGEX

Constants included from Parser

Parser::RESERVED_VARIABLE_NAMES

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from Obfu

#standard_subs, #strip_comments, #strip_empty_lines, #strip_whitespace, #sub_funcs, #sub_vars

Methods included from Parser

#block_extract, #get_func, #get_func_names, #get_string_literals, #get_var_names, #match_start, #scan_with_index

Methods included from Output

#compress_code, #decompress_code, #deflate_code, #encode_code, #gzip_code, #size, #to_s_lineno

Constructor Details

#initialize(name, code) ⇒ Function

Returns a new instance of Function.



15
16
17
18
19
# File 'lib/rex/exploitation/powershell/function.rb', line 15

def initialize(name, code)
  @name = name
  @code = code
  populate_params
end

Instance Attribute Details

#codeObject

Returns the value of attribute code.



9
10
11
# File 'lib/rex/exploitation/powershell/function.rb', line 9

def code
  @code
end

#nameObject

Returns the value of attribute name.



9
10
11
# File 'lib/rex/exploitation/powershell/function.rb', line 9

def name
  @name
end

#paramsObject

Returns the value of attribute params.



9
10
11
# File 'lib/rex/exploitation/powershell/function.rb', line 9

def params
  @params
end

Instance Method Details

#populate_paramsObject

Identify the parameters from the code and store as Param in @params



33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
# File 'lib/rex/exploitation/powershell/function.rb', line 33

def populate_params
  @params = []
  start = code.index(PARAMETER_REGEX)
  return unless start
  # Get start of our block
  idx = scan_with_index('(', code[start..-1]).first.last + start
  pclause = block_extract(idx)

  matches = pclause.scan(FUNCTION_REGEX)

  # Ignore assignment, create params with class and variable names
  matches.each do |param|
    klass = nil
    name = nil
    param.each do |value|
      if value
        if klass
          name = value
          @params << Param.new(klass, name)
          break
        else
          klass = value
        end
      end
    end
  end
end

#to_sString

To String

Returns:

  • (String)

    Powershell function



25
26
27
# File 'lib/rex/exploitation/powershell/function.rb', line 25

def to_s
  "function #{name} #{code}"
end