Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
MapUrlToZone caching observations (PowerShell Unblock-File)
$null = Add-Type -TypeDefinition @'
namespace Testing123
{
using System;
using System.Text;
using System.Runtime.InteropServices;
using System.Runtime.InteropServices.ComTypes;
using System.ComponentModel;
public static class NativeMethods
{
[ComVisible(false), Guid("79EAC9EE-BAF9-11CE-8C82-00AA004BA90B"), InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]
[ComImport]
public interface IInternetSecurityManager
{
[PreserveSig]
[return: MarshalAs(UnmanagedType.I4)]
int SetSecuritySite([In] IntPtr pSite);
[PreserveSig]
[return: MarshalAs(UnmanagedType.I4)]
int GetSecuritySite([Out] IntPtr pSite);
[PreserveSig]
[return: MarshalAs(UnmanagedType.I4)]
int MapUrlToZone([MarshalAs(UnmanagedType.LPWStr)] [In] string pwszUrl, out uint pdwZone, uint dwFlags);
[PreserveSig]
[return: MarshalAs(UnmanagedType.I4)]
int GetSecurityId([MarshalAs(UnmanagedType.LPWStr)] string pwszUrl, [MarshalAs(UnmanagedType.LPArray)] byte[] pbSecurityId, ref uint pcbSecurityId, uint dwReserved);
[PreserveSig]
[return: MarshalAs(UnmanagedType.I4)]
int ProcessUrlAction([MarshalAs(UnmanagedType.LPWStr)] [In] string pwszUrl, uint dwAction, out byte pPolicy, uint cbPolicy, byte pContext, uint cbContext, uint dwFlags, uint dwReserved);
[PreserveSig]
[return: MarshalAs(UnmanagedType.I4)]
int QueryCustomPolicy([MarshalAs(UnmanagedType.LPWStr)] [In] string pwszUrl, ref Guid guidKey, ref byte ppPolicy, ref uint pcbPolicy, ref byte pContext, uint cbContext, uint dwReserved);
[PreserveSig]
[return: MarshalAs(UnmanagedType.I4)]
int SetZoneMapping(uint dwZone, [MarshalAs(UnmanagedType.LPWStr)] [In] string lpszPattern, uint dwFlags);
[PreserveSig]
[return: MarshalAs(UnmanagedType.I4)]
int GetZoneMappings(uint dwZone, out IEnumString ppenumString, uint dwFlags);
}
public const int S_OK = 0;
[DllImport("kernel32.dll", CharSet = CharSet.Unicode)]
public static extern uint GetOEMCP();
[DllImport("urlmon.dll", ExactSpelling = true)]
public static extern int CoInternetCreateSecurityManager([MarshalAs(UnmanagedType.Interface)] object pIServiceProvider, [MarshalAs(UnmanagedType.Interface)] out object ppISecurityManager, int dwReserved);
}
public static class ZoneFetcher
{
public static uint GetZoneForFile(string filePath, uint flags = 0u)
{
object obj = null;
int num = Testing123.NativeMethods.CoInternetCreateSecurityManager(null, out obj, 0);
if (num != 0)
{
throw new Win32Exception(num);
}
try
{
Testing123.NativeMethods.IInternetSecurityManager internetSecurityManager = (Testing123.NativeMethods.IInternetSecurityManager)obj;
uint num2;
internetSecurityManager.MapUrlToZone(filePath, out num2, flags);
return num2;
}
finally
{
if (obj != null) { Marshal.ReleaseComObject(obj); }
}
}
}
}
'@
$MUTZ_DONT_USE_CACHE = [uint32]0x00001000
$filePath = "C:\Users\dlwya_000\Downloads\Send-MailMessage.ps1"
Write-Verbose -Verbose 'Flag 0, before Unblock-File'
[Testing123.ZoneFetcher]::GetZoneForFile($filePath, 0) -as [System.Security.SecurityZone]
Unblock-File $filePath
Write-Verbose -Verbose 'Flag 0, after Unblock-File'
[Testing123.ZoneFetcher]::GetZoneForFile($filePath, 0) -as [System.Security.SecurityZone]
Write-Verbose -Verbose 'Flag MUTZ_DONT_USE_CACHE, after Unblock-File'
[Testing123.ZoneFetcher]::GetZoneForFile($filePath, $MUTZ_DONT_USE_CACHE) -as [System.Security.SecurityZone]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.