PowerShell Pipeline Runners

As we mentioned in Powershell Basics, PowerShell's functionality is not contained in the powershell.exe binary but in System.Management.Automation.(ni.).dll so PowerShell commands and code can be ran without the binary itself with PowerShell pipeline runners.

A project that showcases this is UnmanagedPowerShell, what this does is:

  1. Load the .NET common language runtime (CLR) in the current process using CLRCreateInstance() or CorBindToRuntime() (for older .NET versions)

  2. Grabs the pointer to the CLR AppDomain with .GetDefaultDomain() and .QueryInterface()

  3. Loads the PowerShell runner as a custom C# assembly using appDomain->Load_3()

  4. Copies the command or scriptblock to be executed into the assembly

  5. Calls the execution method in the assmebly

PreviousAlternate PowerShell HostsNextPowerShell Code Signing

Last updated