Powershell ManagementClass覆盖Win32_PnPEntity

时间:2019-01-10 20:05:07

标签: powershell wmi get-wmiobject

为了防止恶意软件检测到我的虚拟机,我尝试通过ManagementClass.put和Set-WmiInstance覆盖Win32_PnPEntity类。

function Get-RandomCharacters($length, $characters) { 
    $random = 1..$length | ForEach-Object { Get-Random -Maximum $characters.length } 
    $private:ofs="" 
    return [String]$characters[$random]
}

$objWMi = get-wmiobject -computername localhost -Namespace root\CIMV2 -Query "Select * from Win32_PnPEntity"

foreach ($obj in $objWmi)
{
    #Creating Win32_PnPEntity fake class
    $newClass = New-Object System.Management.ManagementClass("root\cimv2", [String]::Empty, $null); 
    $newClass["__CLASS"] = "Win32_PnPEntity";
    $newClass.Qualifiers.Add("Static", $true);

    foreach ($pr in $obj.Properties)
    {
        if($pr.Name -eq "DeviceId")
        {
            if($pr.Value -match 'VEN_80EE' -or $pr.Value -match 'VEN_15AD' -or $pr.Value -match 'VBOX'  -or $pr.Value -match 'VMWARE')
            {
                $value = Get-RandomCharacters -length 8 -characters 'ABCDEFGHKLMNOPRSTUVWXYZ123456789_'

                $value = $pr.Value.replace("VEN_80EE", $value).replace("VEN_15AD", $value).replace("VBOX", $value).replace("VMWARE", $value)

                $newClass.Properties.Add($pr.Name, $value, $pr.Type)
            } else
            {
                $newClass.Properties.Add($pr.Name, $pr.Value, $pr.Type)
            }


            $newClass.Properties[$pr.Name].Qualifiers.Add("Key", $true)
        } else
        {
            $newClass.Properties.Add($pr.Name, $pr.Value, $pr.Type)
        }
    }

    $newClass.Put()
    Set-WmiInstance -Path $obj.__path
}

我可以轻松覆盖一个实例,但是在多个实例中,我总能得到:

Exception calling "Put" with "0" argument(s): "Class has instances "

需要更改什么?

0 个答案:

没有答案
相关问题
最新问题