-
-
Save dlwyatt/d514afcc1183c20eefc2 to your computer and use it in GitHub Desktop.
MapUrlToZone caching observations (PowerShell Unblock-File)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$null = Add-Type -TypeDefinition @' | |
namespace Testing123 | |
{ | |
using System; | |
using System.Text; | |
using System.Runtime.InteropServices; | |
using System.Runtime.InteropServices.ComTypes; | |
using System.ComponentModel; | |
public static class NativeMethods | |
{ | |
[ComVisible(false), Guid("79EAC9EE-BAF9-11CE-8C82-00AA004BA90B"), InterfaceType(ComInterfaceType.InterfaceIsIUnknown)] | |
[ComImport] | |
public interface IInternetSecurityManager | |
{ | |
[PreserveSig] | |
[return: MarshalAs(UnmanagedType.I4)] | |
int SetSecuritySite([In] IntPtr pSite); | |
[PreserveSig] | |
[return: MarshalAs(UnmanagedType.I4)] | |
int GetSecuritySite([Out] IntPtr pSite); | |
[PreserveSig] | |
[return: MarshalAs(UnmanagedType.I4)] | |
int MapUrlToZone([MarshalAs(UnmanagedType.LPWStr)] [In] string pwszUrl, out uint pdwZone, uint dwFlags); | |
[PreserveSig] | |
[return: MarshalAs(UnmanagedType.I4)] | |
int GetSecurityId([MarshalAs(UnmanagedType.LPWStr)] string pwszUrl, [MarshalAs(UnmanagedType.LPArray)] byte[] pbSecurityId, ref uint pcbSecurityId, uint dwReserved); | |
[PreserveSig] | |
[return: MarshalAs(UnmanagedType.I4)] | |
int ProcessUrlAction([MarshalAs(UnmanagedType.LPWStr)] [In] string pwszUrl, uint dwAction, out byte pPolicy, uint cbPolicy, byte pContext, uint cbContext, uint dwFlags, uint dwReserved); | |
[PreserveSig] | |
[return: MarshalAs(UnmanagedType.I4)] | |
int QueryCustomPolicy([MarshalAs(UnmanagedType.LPWStr)] [In] string pwszUrl, ref Guid guidKey, ref byte ppPolicy, ref uint pcbPolicy, ref byte pContext, uint cbContext, uint dwReserved); | |
[PreserveSig] | |
[return: MarshalAs(UnmanagedType.I4)] | |
int SetZoneMapping(uint dwZone, [MarshalAs(UnmanagedType.LPWStr)] [In] string lpszPattern, uint dwFlags); | |
[PreserveSig] | |
[return: MarshalAs(UnmanagedType.I4)] | |
int GetZoneMappings(uint dwZone, out IEnumString ppenumString, uint dwFlags); | |
} | |
public const int S_OK = 0; | |
[DllImport("kernel32.dll", CharSet = CharSet.Unicode)] | |
public static extern uint GetOEMCP(); | |
[DllImport("urlmon.dll", ExactSpelling = true)] | |
public static extern int CoInternetCreateSecurityManager([MarshalAs(UnmanagedType.Interface)] object pIServiceProvider, [MarshalAs(UnmanagedType.Interface)] out object ppISecurityManager, int dwReserved); | |
} | |
public static class ZoneFetcher | |
{ | |
public static uint GetZoneForFile(string filePath, uint flags = 0u) | |
{ | |
object obj = null; | |
int num = Testing123.NativeMethods.CoInternetCreateSecurityManager(null, out obj, 0); | |
if (num != 0) | |
{ | |
throw new Win32Exception(num); | |
} | |
try | |
{ | |
Testing123.NativeMethods.IInternetSecurityManager internetSecurityManager = (Testing123.NativeMethods.IInternetSecurityManager)obj; | |
uint num2; | |
internetSecurityManager.MapUrlToZone(filePath, out num2, flags); | |
return num2; | |
} | |
finally | |
{ | |
if (obj != null) { Marshal.ReleaseComObject(obj); } | |
} | |
} | |
} | |
} | |
'@ | |
$MUTZ_DONT_USE_CACHE = [uint32]0x00001000 | |
$filePath = "C:\Users\dlwya_000\Downloads\Send-MailMessage.ps1" | |
Write-Verbose -Verbose 'Flag 0, before Unblock-File' | |
[Testing123.ZoneFetcher]::GetZoneForFile($filePath, 0) -as [System.Security.SecurityZone] | |
Unblock-File $filePath | |
Write-Verbose -Verbose 'Flag 0, after Unblock-File' | |
[Testing123.ZoneFetcher]::GetZoneForFile($filePath, 0) -as [System.Security.SecurityZone] | |
Write-Verbose -Verbose 'Flag MUTZ_DONT_USE_CACHE, after Unblock-File' | |
[Testing123.ZoneFetcher]::GetZoneForFile($filePath, $MUTZ_DONT_USE_CACHE) -as [System.Security.SecurityZone] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment