CODEWITHSUNDEEP
c#.netpowershellwinapi
egkmor
egkmor

Reputation: 152

How to call a Win32 API Function from Powershell?

I need to call MapFileAndCheckSumA function from Imagehlp.dll in Win 32 API using PowerShell. I have tried to follow some similar tutorials online, such as this: https://devblogs.microsoft.com/scripting/use-powershell-to-interact-with-the-windows-api-part-1/ I have tried to use the Add-Type cmdlet to compile C# code in PowerShell. The code that I wrote is below.

Add-Type -TypeDefinition @"
 using System;
 using System.Diagnostics;
 using System.Runtime.InteropServices;

 public static class Imagehlp
 {
     [DllImport("imagehlp.dll", CharSet=CharSet.Auto)]
         public static extern bool MapFileAndCheckSumA(
             [MarshalAs(UnmanagedType.LPStr)] string Filename,
             UIntPtr HeaderSum,
             UIntPtr CheckSum);
 }
"@

 $x = [UIntPtr]::new(5)
 $y = [UIntPtr]::new(5)
 [Imagehlp]::MapFileAndCheckSumA("C:\Program Files\Internet Explorer\iexplore.exe", $x,$y)

However, when I execute the last line of the code, I get the exception below.

Unhandled Exception: System.AccessViolationException: Attempted to read or write protected memory. This is often an indication that other memory is corrupt.
   at Imagehlp.MapFileAndCheckSumA(String Filename, UIntPtr HeaderSum, UIntPtr CheckSum)
   at CallSite.Target(Closure , CallSite , Type , String , Object , Object )
   at System.Dynamic.UpdateDelegates.UpdateAndExecute4[T0,T1,T2,T3,TRet](CallSite site, T0 arg0, T1 arg1, T2 arg2, T3 arg3)
   at System.Management.Automation.Interpreter.DynamicInstruction`5.Run(InterpretedFrame frame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)
   at System.Management.Automation.Interpreter.Interpreter.Run(InterpretedFrame frame)
   at System.Management.Automation.Interpreter.LightLambda.RunVoid1[T0](T0 arg0)
   at System.Management.Automation.DlrScriptCommandProcessor.RunClause(Action`1 clause, Object dollarUnderbar, Object inputToProcess)
   at System.Management.Automation.DlrScriptCommandProcessor.Complete()
   at System.Management.Automation.CommandProcessorBase.DoComplete()
   at System.Management.Automation.Internal.PipelineProcessor.DoCompleteCore(CommandProcessorBase commandRequestingUpstreamCommandsToStop)
   at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(Object input)
   at System.Management.Automation.Runspaces.LocalPipeline.InvokeHelper()
   at System.Management.Automation.Runspaces.LocalPipeline.InvokeThreadProc()
   at System.Management.Automation.Runspaces.PipelineThread.WorkerProc()
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
   at System.Threading.ThreadHelper.ThreadStart()

I have searched online for the exception and I'm guessing that this is a compile error caused by the C# part of the code. The solutions online said that I have to change the compiling settings from the IDE that I'm using but I'm fairly new into PowerShell and C# and therefore, I don't know how to make this work. Can you please help me?

Upvotes: 4

Views: 10983

Answers (1)

Jeroen Mostert
Jeroen Mostert

Reputation: 28789

All the things wrong with this:

  • when using CharSet.Auto, the function should not also have the A or W suffix, that's what Auto will do for you.
  • when using CharSet.Auto, using UnmanagedType.LPStr is wrong as this always marshals the string as ANSI.
  • MapFileAndCheckSum is documented to return a DWORD, not a BOOL. This is especially important because the value for success is 0, which maps to False, while 1 ("could not open file") maps to True.
  • HeaderSum and CheckSum are pointers to DWORD values for output values and should be marshaled as out int, not IntPtr.

The corrected signature:

[DllImport("imagehlp.dll", CharSet = CharSet.Auto)]
public static extern int MapFileAndCheckSum(string Filename, out int HeaderSum, out int CheckSum);

This can then be invoked in PowerShell as follows:

[int] $headerSum = 0;
[int] $checkSum = 0;
$result = [Imagehlp]::MapFileAndCheckSum(
    "C:\Program Files\Internet Explorer\iexplore.exe", 
    [ref] $headerSum, 
    [ref] $checkSum
)

if ($result -ne 0) { 
    Write-Error "Error: $result" 
}
$headerSum, $checkSum

Upvotes: 6

Related Questions