删除安全支持包
Delete Security Support Package
所以我正在编写一个 powershell 脚本来管理专门控件的安全支持提供程序。目前我有脚本可以添加 SSP,但是当我尝试将脚本更改为删除 SSP 时,它会中断。
代码如下:
$DynAssembly = New-Object System.Reflection.AssemblyName('SSPI2')
$AssemblyBuilder = [AppDomain]::CurrentDomain.DefineDynamicAssembly($DynAssembly, [Reflection.Emit.AssemblyBuilderAccess]::Run)
$ModuleBuilder = $AssemblyBuilder.DefineDynamicModule('SSPI2', $False)
$TypeBuilder = $ModuleBuilder.DefineType('SSPI2.Secur32', 'Public, Class')
$PInvokeMethod = $TypeBuilder.DefinePInvokeMethod('DeleteSecurityPackage',
'secur32.dll',
'Public, Static',
[Reflection.CallingConventions]::Standard,
[Int32],
[Type[]] @([String]),
[Runtime.InteropServices.CallingConvention]::Winapi,
[Runtime.InteropServices.CharSet]::Auto)
$Secur32 = $TypeBuilder.CreateType()
$RuntimeSuccess = $True
$Result = $Secur32::DeleteSecurityPackage($DllName)
每次我 运行 我得到:使用“1”个参数调用 "DeleteSecurityPackage" 的异常:“不支持请求的函数
但是这段添加 ssp 的代码工作正常:
$DynAssembly = New-Object System.Reflection.AssemblyName('SSPI2')
$AssemblyBuilder = [AppDomain]::CurrentDomain.DefineDynamicAssembly($DynAssembly, [Reflection.Emit.AssemblyBuilderAccess]::Run)
$ModuleBuilder = $AssemblyBuilder.DefineDynamicModule('SSPI2', $False)
$TypeBuilder = $ModuleBuilder.DefineType('SSPI2.Secur32', 'Public, Class')
$PInvokeMethod = $TypeBuilder.DefinePInvokeMethod('AddSecurityPackage',
'secur32.dll',
'Public, Static',
[Reflection.CallingConventions]::Standard,
[Int32],
[Type[]] @([String], [IntPtr]),
[Runtime.InteropServices.CallingConvention]::Winapi,
[Runtime.InteropServices.CharSet]::Auto)
$Secur32 = $TypeBuilder.CreateType()
if ([IntPtr]::Size -eq 4) {
$StructSize = 20
} else {
$StructSize = 24
}
$StructPtr = [Runtime.InteropServices.Marshal]::AllocHGlobal($StructSize)
[Runtime.InteropServices.Marshal]::WriteInt32($StructPtr, $StructSize)
$RuntimeSuccess = $True
$Result = $Secur32::AddSecurityPackage($DllName, $StructPtr)
按理说应该更容易删除,因为我不需要担心结构,但是它不开心。
任何帮助将不胜感激
Microsoft 似乎没有完全 implemented/supported。这篇文章似乎支持:http://cybernigma.blogspot.com/2014/03/using-sspap-lsass-proxy-to-mitigate.html 相关信息大约是下降的3/4。
所以我正在编写一个 powershell 脚本来管理专门控件的安全支持提供程序。目前我有脚本可以添加 SSP,但是当我尝试将脚本更改为删除 SSP 时,它会中断。
代码如下:
$DynAssembly = New-Object System.Reflection.AssemblyName('SSPI2')
$AssemblyBuilder = [AppDomain]::CurrentDomain.DefineDynamicAssembly($DynAssembly, [Reflection.Emit.AssemblyBuilderAccess]::Run)
$ModuleBuilder = $AssemblyBuilder.DefineDynamicModule('SSPI2', $False)
$TypeBuilder = $ModuleBuilder.DefineType('SSPI2.Secur32', 'Public, Class')
$PInvokeMethod = $TypeBuilder.DefinePInvokeMethod('DeleteSecurityPackage',
'secur32.dll',
'Public, Static',
[Reflection.CallingConventions]::Standard,
[Int32],
[Type[]] @([String]),
[Runtime.InteropServices.CallingConvention]::Winapi,
[Runtime.InteropServices.CharSet]::Auto)
$Secur32 = $TypeBuilder.CreateType()
$RuntimeSuccess = $True
$Result = $Secur32::DeleteSecurityPackage($DllName)
每次我 运行 我得到:使用“1”个参数调用 "DeleteSecurityPackage" 的异常:“不支持请求的函数
但是这段添加 ssp 的代码工作正常:
$DynAssembly = New-Object System.Reflection.AssemblyName('SSPI2')
$AssemblyBuilder = [AppDomain]::CurrentDomain.DefineDynamicAssembly($DynAssembly, [Reflection.Emit.AssemblyBuilderAccess]::Run)
$ModuleBuilder = $AssemblyBuilder.DefineDynamicModule('SSPI2', $False)
$TypeBuilder = $ModuleBuilder.DefineType('SSPI2.Secur32', 'Public, Class')
$PInvokeMethod = $TypeBuilder.DefinePInvokeMethod('AddSecurityPackage',
'secur32.dll',
'Public, Static',
[Reflection.CallingConventions]::Standard,
[Int32],
[Type[]] @([String], [IntPtr]),
[Runtime.InteropServices.CallingConvention]::Winapi,
[Runtime.InteropServices.CharSet]::Auto)
$Secur32 = $TypeBuilder.CreateType()
if ([IntPtr]::Size -eq 4) {
$StructSize = 20
} else {
$StructSize = 24
}
$StructPtr = [Runtime.InteropServices.Marshal]::AllocHGlobal($StructSize)
[Runtime.InteropServices.Marshal]::WriteInt32($StructPtr, $StructSize)
$RuntimeSuccess = $True
$Result = $Secur32::AddSecurityPackage($DllName, $StructPtr)
按理说应该更容易删除,因为我不需要担心结构,但是它不开心。
任何帮助将不胜感激
Microsoft 似乎没有完全 implemented/supported。这篇文章似乎支持:http://cybernigma.blogspot.com/2014/03/using-sspap-lsass-proxy-to-mitigate.html 相关信息大约是下降的3/4。