Is loading a Module from memory possible?

This topic contains 6 replies, has 4 voices, and was last updated by Profile photo of Max Kozlov Max Kozlov 1 week ago.

  • Author
    Posts
  • #70610
    Profile photo of sahar
    sahar
    Participant

    Hi everyone,
    I'm interested in loading a module that that reside in the memory (but not in the disk).
    is that possible? I would appreciate any suggestion and explanation regarding this procedure.
    This is for forensics purposes which is why i'm interested in loading it from the memory.

  • #70655
    Profile photo of Don Jones
    Don Jones
    Keymaster

    You'll have to explain a bit more about what you mean.

    If the scenario is, "I have an instance of PowerShell which has loaded a module... I want to inspect that module as it sits in memory," the answer is very probably, "no." PowerShell itself runs inside the .NET runtime, and does its own memory management in terms of module contents. You can't "see" inside another instance very easily.

    If you have code running inside the same instance, and it's a script module, then the FUNCTION: drive would contain the loaded commands.

    • #70711
      Profile photo of sahar
      sahar
      Participant

      Let me explain my self further.
      •I have a psm file on server1
      •I want to transfer that file to server2
      •I do not want to write on the disk, but transfer the file directly to the volatile memory.
      •I then want to import the module in a powershell instance on server2 (where the psm file should reside in the memory)

      My goal is to take a psm file from a server and save it on a different server only in the volatile memory (not to write it on the disk) and then import that module that is in the memory somewhere to a powershell instance in the server i sent to psm file.

      this is for forensics purposes if you're wondering why i would choose this way to import a module.

    • #70714
      Profile photo of Olaf Soyk
      Olaf Soyk
      Participant

      ... and simply importing the module on the server2 from the remote server server1 is not an option?

    • #70720
      Profile photo of sahar
      sahar
      Participant

      No because i cant allow access from server2 to server1

  • #70724
    Profile photo of Don Jones
    Don Jones
    Keymaster

    If you can't allow access from server1 to server2, how do you plan to actually move the bits back and forth?

    Given your other restrictions, generally, no – you can't do what you're asking.

  • #70751
    Profile photo of Max Kozlov
    Max Kozlov
    Participant

    If you have remote or physical access to server2 you may copy/paste all needed functions from module. Of course if it not binary module.

You must be logged in to reply to this topic.