PowerShell Pipeline Runners

As we mentioned in , PowerShell's functionality is not contained in the powershell.exe binary but in System.Management.Automation.(ni.).dll so PowerShell commands and code can be ran without the binary itself with PowerShell pipeline runners.

A project that showcases this is , what this does is:

Load the .NET common language runtime (CLR) in the current process using CLRCreateInstance() or CorBindToRuntime() (for older .NET versions)
Grabs the pointer to the CLR AppDomain with .GetDefaultDomain() and .QueryInterface()
Loads the PowerShell runner as a custom C# assembly using appDomain->Load_3()
Copies the command or scriptblock to be executed into the assembly
Calls the execution method in the assmebly

PreviousAlternate PowerShell Hosts NextPowerShell Code Signing

Last updated 3 months ago