i read analyse of code and i can't determine what type of operator and how it works, it's powershell, can you help me please. I can't understand what is the operator and how it works :
${xadeoc} [ +52 -53 +1]
and what is the :: before a function, such as :
[system.runtime.interopservices.marshal]::copy
and the : such as
$global:window_proc
i try to understand the codepower
The statement ${xadeoc} [ +52 -53 +1] is not valid PowerShell, so I'm going to assume you're asking about ${xadeoc}[ +52 -53 +1]
There are 3 distinct operators in this statement:
[...] immediately following a value expression is the index operator
Selects objects from indexed collections, such as arrays and hash tables. Array indexes are zero-based, so the first object is indexed as
[0].
+ is the addition operator:
Adds numbers, concatenates strings, arrays, and hash tables
- is the [subtraction operator]:
Subtracts or negates numbers
Since the expression +52-53+1 equals 0, the resulting index operation is effectively:
${xadeoc}[0]
... which, depending on the type of the object will yield the first item from an array or list, the first character of a string, or the value associated with the key 0 from a hashtable or dictionary
The statement:
[system.runtime.interopservices.marshal]::copy
is a static member invocation operation ("invoke static member copy on type [System.Runtime.InteropServices.Marshal]"), and the pertinent operator :: is thus known as the static member operator
This expression:
$global:window_proc
is a syntactically known as a variable path expression - the variable name is window_proc, and the global label preceding : is what we syntactically call a variable path modifier - the global modifier is more specifically known as a scope modifier, as it changes the scoping behavior of the variable expression to read from (or write to) the global scope rather than the local scope of the callsite.
You can read more about variable path syntax and modifiers in the about_Variables help file, and specifically about scope modifiers in the about_Scopes help file
It's worth pointing out that the variable syntax used in the first statement ${xadeoc} describes the exact same variable as if you'd written it $xadeoc - the { and } simply acts as qualifiers for the boundaries of the extent of the variable path, much in the same way " or ' might act as string literal qualifiers.
This can be helpful when interpolating variables in string literals where the succeeding string content might otherwise be interpreted as a continuation of a variable path token:
PS ~> $Name = 'John'
PS ~> "It's $Names birthday!"
It's birthday!
PS ~> "It's ${Name}s birthday!"
It's Johns birthday!
char type, which is why it's so tortuously written. Search for the variable name + "malware" to find the expression in a malware report...
::learn.microsoft.com/en-us/powershell/module/… and:learn.microsoft.com/en-us/powershell/module/…