PSHELL /C

#1
Code:
c:\users\jlc\documents\vb.net>ver

TCC  22.00.38 x64   Windows 7 [Version 6.1.7601]
A simple class example;
Code:
' File: Add.vb
    Public Class AddClass
        Public Shared Function Add(ByVal i As Long, ByVal j As Long) As Long
            Return i + j
        End Function
    End Class
Starting in a brand-new TCC;
Code:
c:\users\jlc\documents\vb.net>pshell /s "[AddClass] | get-member -static"
PSHELL: System.Management.Automation.RuntimeException : Unable to find type [AddClass].
This is as it should be, since I have not yet added the class definition.
Code:
c:\users\jlc\documents\vb.net>pshell /s "add-type -Path %_cwd\add.vb"
Class has been added. Now, let's see what's in the class;
Code:
c:\users\jlc\documents\vb.net>pshell /s "[AddClass] | get-member -static"


   TypeName: AddClass

Name            MemberType Definition
----            ---------- ----------
Add             Method     static long Add(long i, long j)
Equals          Method     static bool Equals(System.Object objA, System.Object objB)
new             Method     AddClass new()
ReferenceEquals Method     static bool ReferenceEquals(System.Object objA, System.Object objB)
Again, this is as it should be. Now, close the persistent PowerShell interpreter;
Code:
c:\users\jlc\documents\vb.net>pshell /c
The class should no longer be available to me;
Code:
c:\users\jlc\documents\vb.net>pshell /s "[AddClass] | get-member -static"


   TypeName: AddClass

Name            MemberType Definition
----            ---------- ----------
Add             Method     static long Add(long i, long j)
Equals          Method     static bool Equals(System.Object objA, System.Object objB)
new             Method     AddClass new()
ReferenceEquals Method     static bool ReferenceEquals(System.Object objA, System.Object objB)
...but it still is.

Is this WAD? I was hoping that doing PSHELL /C would remove the class that I added.

Joe
 
Last edited:
#3
And using PSHELL for the first time seems to start several threads (7 or 8). A few of them go away on their own, but "PSHELL /C" itself doesn't get rid of any of them. I see the likes of this (below, a newly started TCC) which I can't explain.
Code:
v:\> echo threads: %_nthreads^thandles: %_nhandles
threads: 6      handles: 256

v:\> pshell /s "echo foo"
foo

v:\> echo threads: %_nthreads^thandles: %_nhandles
threads: 13     handles: 515

v:\> pshell /c

v:\> echo threads: %_nthreads^thandles: %_nhandles
threads: 14     handles: 548

v:\> echo threads: %_nthreads^thandles: %_nhandles
threads: 10     handles: 538

v:\> echo 5 minutes later^r^nthreads: %_nthreads^thandles: %_nhandles
5 minutes later
threads: 9      handles: 536

v:\> pshell /c

v:\> echo threads: %_nthreads^thandles: %_nhandles
threads: 12     handles: 507
 
#4
The NSILP_PowerShell.x64.dll file has the following;
Code:
PSHostAddFunction    0x00000001800030f4    0x000030f4    1 (0x1)    NSILP_PowerShell.x64.dll    C:\Program Files\JPSoft\TCMD22\NSILP_PowerShell.x64.dll    Exported Function    
PSHostAddVariable    0x0000000180003094    0x00003094    2 (0x2)    NSILP_PowerShell.x64.dll    C:\Program Files\JPSoft\TCMD22\NSILP_PowerShell.x64.dll    Exported Function    
PSHostCheckParameterIndex    0x0000000180002f08    0x00002f08    3 (0x3)    NSILP_PowerShell.x64.dll    C:\Program Files\JPSoft\TCMD22\NSILP_PowerShell.x64.dll    Exported Function    
PSHostClearOutput    0x0000000180003144    0x00003144    4 (0x4)    NSILP_PowerShell.x64.dll    C:\Program Files\JPSoft\TCMD22\NSILP_PowerShell.x64.dll    Exported Function    
PSHostClose    0x0000000180003250    0x00003250    5 (0x5)    NSILP_PowerShell.x64.dll    C:\Program Files\JPSoft\TCMD22\NSILP_PowerShell.x64.dll    Exported Function    
PSHostCreate    0x0000000180002c98    0x00002c98    6 (0x6)    NSILP_PowerShell.x64.dll    C:\Program Files\JPSoft\TCMD22\NSILP_PowerShell.x64.dll    Exported Function    
PSHostDestory    0x0000000180002cec    0x00002cec    7 (0x7)    NSILP_PowerShell.x64.dll    C:\Program Files\JPSoft\TCMD22\NSILP_PowerShell.x64.dll    Exported Function    
PSHostEval    0x0000000180003190    0x00003190    8 (0x8)    NSILP_PowerShell.x64.dll    C:\Program Files\JPSoft\TCMD22\NSILP_PowerShell.x64.dll    Exported Function    
PSHostEvalFile    0x00000001800031f0    0x000031f0    9 (0x9)    NSILP_PowerShell.x64.dll    C:\Program Files\JPSoft\TCMD22\NSILP_PowerShell.x64.dll    Exported Function    
PSHostGetLastError    0x0000000180003334    0x00003334    10 (0xa)    NSILP_PowerShell.x64.dll    C:\Program Files\JPSoft\TCMD22\NSILP_PowerShell.x64.dll    Exported Function    
PSHostGetOuputResult    0x000000018000304c    0x0000304c    11 (0xb)    NSILP_PowerShell.x64.dll    C:\Program Files\JPSoft\TCMD22\NSILP_PowerShell.x64.dll    Exported Function    
PSHostGetParameterCount    0x0000000180002e68    0x00002e68    12 (0xc)    NSILP_PowerShell.x64.dll    C:\Program Files\JPSoft\TCMD22\NSILP_PowerShell.x64.dll    Exported Function    
PSHostGetParameterType    0x0000000180002f5c    0x00002f5c    13 (0xd)    NSILP_PowerShell.x64.dll    C:\Program Files\JPSoft\TCMD22\NSILP_PowerShell.x64.dll    Exported Function    
PSHostGetParameterValue    0x0000000180002fd4    0x00002fd4    14 (0xe)    NSILP_PowerShell.x64.dll    C:\Program Files\JPSoft\TCMD22\NSILP_PowerShell.x64.dll    Exported Function    
PSHostGetProfileId    0x0000000180002dc8    0x00002dc8    15 (0xf)    NSILP_PowerShell.x64.dll    C:\Program Files\JPSoft\TCMD22\NSILP_PowerShell.x64.dll    Exported Function    
PSHostGetRunProfiles    0x0000000180002d28    0x00002d28    16 (0x10)    NSILP_PowerShell.x64.dll    C:\Program Files\JPSoft\TCMD22\NSILP_PowerShell.x64.dll    Exported Function    
PSHostInterrupt    0x000000018000329c    0x0000329c    17 (0x11)    NSILP_PowerShell.x64.dll    C:\Program Files\JPSoft\TCMD22\NSILP_PowerShell.x64.dll    Exported Function    
PSHostNewRunspace    0x00000001800032e8    0x000032e8    18 (0x12)    NSILP_PowerShell.x64.dll    C:\Program Files\JPSoft\TCMD22\NSILP_PowerShell.x64.dll    Exported Function    
PSHostSetParameterCount    0x0000000180002eb8    0x00002eb8    19 (0x13)    NSILP_PowerShell.x64.dll    C:\Program Files\JPSoft\TCMD22\NSILP_PowerShell.x64.dll    Exported Function    
PSHostSetProfileId    0x0000000180002e18    0x00002e18    20 (0x14)    NSILP_PowerShell.x64.dll    C:\Program Files\JPSoft\TCMD22\NSILP_PowerShell.x64.dll    Exported Function    
PSHostSetRunProfiles    0x0000000180002d78    0x00002d78    21 (0x15)    NSILP_PowerShell.x64.dll    C:\Program Files\JPSoft\TCMD22\NSILP_PowerShell.x64.dll    Exported Function
Might this be of use in determining what PSHELL /C does?

Not sure what the name of the DLL would be on your 32-bit Windows 7 system, but I'm thinking NSILP_PowerShell.dll

Joe
 
#5
My filename has "x86" where yours has "x64". It exports the functions you listed. PSHostClose/PSHostDestroy seem likely for "PSHELL /C". I can't catch any functions in that DLL with WinDbg.

Do you see any practical consequence of "PSHELL /C"?
 
#6
My filename has "x86" where yours has "x64". It exports the functions you listed. PSHostClose/PSHostDestroy seem likely for "PSHELL /C". I can't catch any functions in that DLL with WinDbg.

Do you see any practical consequence of "PSHELL /C"?
To me, PSHELL /C is like doing a SETLOCAL from TCC. Any and all variables that I create are removed when I do an ENDLOCAL from TCC.

PSHELL /C removes any variables that I have created.

PowerShell will not allow a class added using add-type to be removed from memory. You have to exit PowerShell, and start PowerShell, to remove the class from memory.

I was hoping that is what PSHELL /C does, that is, ends, then starts, a new persistent PowerShell.

Joe
 
#7
OT: Joe, do you know how to give PowerShell a persistent history? I followed the steps here and it works nicely. I didn't need to (and didn't) use the "set-executionpolicy" command; I had done that long ago at an apparently sufficient level.