Explicitly casting types as [Type]

The latest version of .NET added generics to many of the InteropService
methods. Therefore, all of my uses of types need to be explicitly cast
with [Type].

Author: Matt Graeber

ReverseEngineering/Get-NtSystemInformation.ps1

@@ -633,7 +633,7 @@
 
         foreach ($i in 0..($Count-1))
         {
-            [Runtime.InteropServices.Marshal]::PtrToStructure($StructAddress, $StructType)
+            [Runtime.InteropServices.Marshal]::PtrToStructure($StructAddress, [Type] $StructType)
             $StructAddress = ([IntPtr]($StructAddress.ToInt64() + $StructSize))
         }
 
@@ -958,7 +958,7 @@
                 # Base address of the _SYSTEM_OBJECTTYPE_INFORMATION struct
                 $ObjectTypeAbsoluteAddress = [IntPtr]($PtrData.ToInt64() + $NextTypeOffset)
 
-                $Result = [Runtime.InteropServices.Marshal]::PtrToStructure($ObjectTypeAbsoluteAddress, $ObjectTypeClass)
+                $Result = [Runtime.InteropServices.Marshal]::PtrToStructure($ObjectTypeAbsoluteAddress, [Type] $ObjectTypeClass)
 
                 if ($Result.NumberOfObjects -gt 0)
                 {
@@ -970,7 +970,7 @@
 
                     do
                     {
-                        $ObjectResult = [Runtime.InteropServices.Marshal]::PtrToStructure(( [IntPtr]($ObjectBaseAddr.ToInt64() + $NextObjectOffset) ), $ObjectClass)
+                        $ObjectResult = [Runtime.InteropServices.Marshal]::PtrToStructure(( [IntPtr]($ObjectBaseAddr.ToInt64() + $NextObjectOffset) ), [Type] $ObjectClass)
 
                         $ResultHashTable2 = @{
                             Object = $ObjectResult.Object

ReverseEngineering/Get-StructFromMemory.ps1

@@ -131,7 +131,7 @@ http://www.exploit-monday.com
     $MemoryBasicInformation = [Activator]::CreateInstance($MEMORY_BASIC_INFORMATION)
 
     # Confirm you can actually read the address you're interested in
-    $NativeUtils::VirtualQueryEx($Handle, $MemoryAddress, [Ref] $MemoryBasicInformation, [Runtime.InteropServices.Marshal]::SizeOf($MEMORY_BASIC_INFORMATION)) | Out-Null
+    $NativeUtils::VirtualQueryEx($Handle, $MemoryAddress, [Ref] $MemoryBasicInformation, [Runtime.InteropServices.Marshal]::SizeOf([Type] $MEMORY_BASIC_INFORMATION)) | Out-Null
 
     $PAGE_EXECUTE_READ = 0x20
     $PAGE_EXECUTE_READWRITE = 0x40
@@ -154,7 +154,7 @@ http://www.exploit-monday.com
         throw 'The address specified does not have read access.'
     }
 
-    $StructSize = [Runtime.InteropServices.Marshal]::SizeOf($StructType)
+    $StructSize = [Runtime.InteropServices.Marshal]::SizeOf([Type] $StructType)
     $EndOfAllocation = $AllocationBase + $RegionSize
     $EndOfStruct = $MemoryAddress.ToInt64() + $StructSize
 
@@ -194,7 +194,7 @@ http://www.exploit-monday.com
     Write-Verbose "Struct Size: $StructSize"
     Write-Verbose "Bytes read: $BytesRead"
 
-    $ParsedStruct = [Runtime.InteropServices.Marshal]::PtrToStructure($LocalStructPtr, $StructType)
+    $ParsedStruct = [Runtime.InteropServices.Marshal]::PtrToStructure($LocalStructPtr, [Type] $StructType)
 
     [Runtime.InteropServices.Marshal]::FreeHGlobal($LocalStructPtr)
     $SafeHandle.Close()