Message	Id	Version	Qualifiers	Level	Task	Opcode	Keywords	RecordId	ProviderName	ProviderId	LogName	ProcessId	ThreadId	MachineName	UserId	TimeCreated	ActivityId	RelatedActivityId	ContainerLog	MatchedQueryIds	Bookmark	LevelDisplayName	OpcodeDisplayName	TaskDisplayName	KeywordsDisplayNames	Properties
PowerShell console is ready for user input	40962	1		4	4	2	0	2085	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5080	4480	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:41 PM	7f70462d-725d-0004-19d4-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 5080 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	2084	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5080	4960	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:41 PM	7f70462d-725d-0004-19d4-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	2083	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5080	4480	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:41 PM	7f70462d-725d-0004-19d4-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 1f24579c-83f0-4841-ae31-56873a59640f Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 0f52b320-b31a-4e52-b96a-18eed1d2076f Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = HV-CINDER-79963\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	2082	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4884	4408	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:41 PM	7f70462d-725d-0002-f80e-767f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: b68a78e3-bd33-47f8-8db5-7fdac0f74765 Path:	4104	1		3	2	15	0	2081	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4884	3608	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:40 PM	7f70462d-725d-0000-2ead-757f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 1c1acd29-2b51-441d-951f-a8218dec976f Path:	4104	1		3	2	15	0	2080	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4884	3608	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:40 PM	7f70462d-725d-0000-27ad-757f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: c5505c0a-a138-435f-bbf5-dc02db0000ea Path:	4104	1		3	2	15	0	2079	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4884	3608	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:40 PM	7f70462d-725d-0000-1cad-757f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): JZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "C:\\collect-event-log.ps1", "_ansible_verbosity": 3, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 6f5a0fb1-ded5-4e27-8b42-a01c34870bc3 Path:	4104	1		3	2	15	0	2078	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4884	3608	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:40 PM	7f70462d-725d-0000-16ad-757f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): KICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbAp ScriptBlock ID: 6f5a0fb1-ded5-4e27-8b42-a01c34870bc3 Path:	4104	1		3	2	15	0	2077	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4884	3608	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:40 PM	7f70462d-725d-0000-16ad-757f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): ICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWU ScriptBlock ID: 6f5a0fb1-ded5-4e27-8b42-a01c34870bc3 Path:	4104	1		3	2	15	0	2076	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4884	3608	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:40 PM	7f70462d-725d-0000-16ad-757f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAg ScriptBlock ID: 6f5a0fb1-ded5-4e27-8b42-a01c34870bc3 Path:	4104	1		3	2	15	0	2075	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4884	3608	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:40 PM	7f70462d-725d-0000-16ad-757f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	2074	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4884	1808	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:40 PM	7f70462d-725d-0004-10d4-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4884 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	2073	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4884	4752	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:40 PM	7f70462d-725d-0004-10d4-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	2072	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4884	1808	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:40 PM	7f70462d-725d-0004-10d4-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	2071	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1272	4428	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:39 PM	7f70462d-725d-0005-41ab-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1272 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	2070	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1272	1936	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:39 PM	7f70462d-725d-0005-41ab-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	2069	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1272	4428	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:39 PM	7f70462d-725d-0005-41ab-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	2068	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1944	3572	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:39 PM	7f70462d-725d-0004-07d4-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1944 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	2067	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1944	1168	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:38 PM	7f70462d-725d-0004-07d4-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	2066	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1944	3572	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:38 PM	7f70462d-725d-0004-07d4-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2015, Jon Hawkesworth (@jhawkesworth) <figs@unity.demon.co.uk> # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = 'Stop' $params = Parse-Args -arguments $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false $diff_mode = Get-AnsibleParam -obj $params -name "_ansible_diff" -type "bool" -default $false # there are 4 modes to win_copy which are driven by the action plugins: # explode: src is a zip file which needs to be extracted to dest, for use with multiple files # query: win_copy action plugin wants to get the state of remote files to check whether it needs to send them # remote: all copy action is happening remotely (remote_src=True) # single: a single file has been copied, also used with template $copy_mode = Get-AnsibleParam -obj $params -name "_copy_mode" -type "str" -default "single" -validateset "explode","query","remote","single" # used in explode, remote and single mode $src = Get-AnsibleParam -obj $params -name "src" -type "path" -failifempty ($copy_mode -in @("explode","process","single")) $dest = Get-AnsibleParam -obj $params -name "dest" -type "path" -failifempty $true # used in single mode $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" # used in query and remote mode $force = Get-AnsibleParam -obj $params -name "force" -type "bool" -default $true # used in query mode, contains the local files/directories/symlinks that are to be copied $files = Get-AnsibleParam -obj $params -name "files" -type "list" $directories = Get-AnsibleParam -obj $params -name "directories" -type "list" $symlinks = Get-AnsibleParam -obj $params -name "symlinks" -type "list" $result = @{ changed = $false } if ($diff_mode) { $result.diff = @{} } Function Copy-File($source, $dest) { $diff = "" $copy_file = $false $source_checksum = $null if ($force) { $source_checksum = Get-FileChecksum -path $source } if (Test-Path -Path $dest -PathType Container) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': dest is already a folder" } elseif (Test-Path -Path $dest -PathType Leaf) { if ($force) { $target_checksum = Get-FileChecksum -path $dest if ($source_checksum -ne $target_checksum) { $copy_file = $true } } } else { $copy_file = $true } if ($copy_file) { $file_dir = [System.IO.Path]::GetDirectoryName($dest) # validate the parent dir is not a file and that it exists if (Test-Path -Path $file_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } elseif (-not (Test-Path -Path $file_dir)) { # directory doesn't exist, need to create New-Item -Path $file_dir -ItemType Directory -WhatIf:$check_mode | Out-Null $diff += "+$file_dir\`n" } if (Test-Path -Path $dest -PathType Leaf) { Remove-Item -Path $dest -Force -Recurse -WhatIf:$check_mode | Out-Null $diff += "-$dest`n" } if (-not $check_mode) { # cannot run with -WhatIf:$check_mode as if the parent dir didn't # exist and was created above would still not exist in check mode Copy-Item -Path $source -Destination $dest -Force | Out-Null } $diff += "+$dest`n" $result.changed = $true } # ugly but to save us from running the checksum twice, let's return it for # the main code to add it to $result return ,@{ diff = $diff; checksum = $source_checksum } } Function Copy-Folder($source, $dest) { $diff = "" $copy_folder = $false if (-not (Test-Path -Path $dest -PathType Container)) { $parent_dir = [System.IO.Path]::GetDirectoryName($dest) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } if (Test-Path -Path $dest -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder from '$source' to '$dest': dest is already a file" } New-Item -Path $dest -ItemType Container -WhatIf:$check_mode | Out-Null $diff += "+$dest\`n" $result.changed = $true } $child_items = Get-ChildItem -Path $source -Force foreach ($child_item in $child_items) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_item.Name if ($child_item.PSIsContainer) { $diff += (Copy-Folder -source $child_item.Fullname -dest $dest_child_path) } else { $diff += (Copy-File -source $child_item.Fullname -dest $dest_child_path).diff } } return $diff } Function Get-FileSize($path) { $file = Get-Item -Path $path -Force $size = $null if ($file.PSIsContainer) { $dir_files_sum = Get-ChildItem $file.FullName -Recurse if ($dir_files_sum -eq $null -or ($dir_files_sum.PSObject.Properties.name -contains 'length' -eq $false)) { $size = 0 } else { $size = ($dir_files_sum | Measure-Object -property length -sum).Sum } } else { $size = $file.Length } $size } Function Extract-Zip($src, $dest) { $archive = [System.IO.Compression.ZipFile]::Open($src, [System.IO.Compression.ZipArchiveMode]::Read, [System.Text.Encoding]::UTF8) foreach ($entry in $archive.Entries) { $archive_name = $entry.FullName # FullName may be appended with / or \, determine if it is padded and remove it $padding_length = $archive_name.Length % 4 if ($padding_length -eq 0) { $is_dir = $false $base64_name = $archive_name } elseif ($padding_length -eq 1) { $is_dir = $true if ($archive_name.EndsWith("/") -or $archive_name.EndsWith("`\")) { $base64_name = $archive_name.Substring(0, $archive_name.Length - 1) } else { throw "invalid base64 archive name '$archive_name'" } } else { throw "invalid base64 length '$archive_name'" } # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_name = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_name)) # re-add the / to the entry full name if it was a directory if ($is_dir) { $decoded_archive_name = "$decoded_archive_name/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_name) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false) { if (-not $check_mode) { [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $entry_target_path, $true) } } } $archive.Dispose() # release the handle of the zip file } Function Extract-ZipLegacy($src, $dest) { if (-not (Test-Path -Path $dest)) { New-Item -Path $dest -ItemType Directory -WhatIf:$check_mode | Out-Null } $shell = New-Object -ComObject Shell.Application $zip = $shell.NameSpace($src) $dest_path = $shell.NameSpace($dest) foreach ($entry in $zip.Items()) { $is_dir = $entry.IsFolder $encoded_archive_entry = $entry.Name # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_entry = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encoded_archive_entry)) if ($is_dir) { $decoded_archive_entry = "$decoded_archive_entry/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_entry) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false -and (-not $check_mode)) { # https://msdn.microsoft.com/en-us/library/windows/desktop/bb787866.aspx # From Folder.CopyHere documentation, 1044 means: # - 1024: do not display a user interface if an error occurs # - 16: respond with "yes to all" for any dialog box that is displayed # - 4: do not display a progress dialog box $dest_path.CopyHere($entry, 1044) # once file is extraced, we need to rename it with non base64 name $combined_encoded_path = [System.IO.Path]::Combine($dest, $encoded_archive_entry) Move-Item -Path $combined_encoded_path -Destination $entry_target_path -Force | Out-Null } } } if ($copy_mode -eq "query") { # we only return a list of files/directories that need to be copied over # the source of the local file will be the key used $changed_files = @() $changed_directories = @() $changed_symlinks = @() foreach ($file in $files) { $filename = $file.dest $local_checksum = $file.checksum $filepath = Join-Path -Path $dest -ChildPath $filename if (Test-Path -Path $filepath -PathType Leaf) { if ($force) { $checksum = Get-FileChecksum -path $filepath if ($checksum -ne $local_checksum) { $will_change = $true $changed_files += $file } } } elseif (Test-Path -Path $filepath -PathType Container) { Fail-Json -obj $result -message "cannot copy file to dest '$filepath': object at path is already a directory" } else { $changed_files += $file } } foreach ($directory in $directories) { $dirname = $directory.dest $dirpath = Join-Path -Path $dest -ChildPath $dirname $parent_dir = [System.IO.Path]::GetDirectoryName($dirpath) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at parent directory path is already a file" } if (Test-Path -Path $dirpath -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at path is already a file" } elseif (-not (Test-Path -Path $dirpath -PathType Container)) { $changed_directories += $directory } } # TODO: Handle symlinks $result.files = $changed_files $result.directories = $changed_directories $result.symlinks = $changed_symlinks } elseif ($copy_mode -eq "explode") { # a single zip file containing the files and directories needs to be # expanded this will always result in a change as the calculation is done # on the win_copy action plugin and is only run if a change needs to occur if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot expand src zip file: '$src' as it does not exist" } # Detect if the PS zip assemblies are available or whether to use Shell $use_legacy = $false try { Add-Type -AssemblyName System.IO.Compression.FileSystem | Out-Null Add-Type -AssemblyName System.IO.Compression | Out-Null } catch { $use_legacy = $true } if ($use_legacy) { Extract-ZipLegacy -src $src -dest $dest } else { Extract-Zip -src $src -dest $dest } $result.changed = $true } elseif ($copy_mode -eq "remote") { # all copy actions are happening on the remote side (windows host), need # too copy source and dest using PS code $result.src = $src $result.dest = $dest if (-not (Test-Path -Path $src)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } if (Test-Path -Path $src -PathType Container) { # we are copying a directory or the contents of a directory $result.operation = 'folder_copy' if ($src.EndsWith("/") -or $src.EndsWith("`\")) { # copying the folder's contents to dest $diff = "" $child_files = Get-ChildItem -Path $src -Force foreach ($child_file in $child_files) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_file.Name if ($child_file.PSIsContainer) { $diff += Copy-Folder -source $child_file.FullName -dest $dest_child_path } else { $diff += (Copy-File -source $child_file.FullName -dest $dest_child_path).diff } } } else { # copying the folder and it's contents to dest $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest $diff = Copy-Folder -source $src -dest $dest } } else { # we are just copying a single file to dest $result.operation = 'file_copy' $source_basename = (Get-Item -Path $src -Force).Name $result.original_basename = $source_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\")) { $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest } else { # check if the parent dir exists, this is only done if src is a # file and dest if the path to a file (doesn't end with \ or /) $parent_dir = Split-Path -Path $dest if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } $copy_result = Copy-File -source $src -dest $dest $diff = $copy_result.diff $result.checksum = $copy_result.checksum } # the file might not exist if running in check mode if (-not $check_mode -or (Test-Path -Path $dest -PathType Leaf)) { $result.size = Get-FileSize -path $dest } else { $result.size = $null } if ($diff_mode) { $result.diff.prepared = $diff } } elseif ($copy_mode -eq "single") { # a single file is located in src and we need to copy to dest, this will # always result in a change as the calculation is done on the Ansible side # before this is run. This should also never run in check mode if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } # the dest parameter is a directory, we need to append original_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\") -or (Test-Path -Path $dest -PathType Container)) { $remote_dest = Join-Path -Path $dest -ChildPath $original_basename $parent_dir = Split-Path -Path $remote_dest # when dest ends with /, we need to create the destination directories if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { New-Item -Path $parent_dir -ItemType Directory | Out-Null } } else { $remote_dest = $dest $parent_dir = Split-Path -Path $remote_dest # check if the dest parent dirs exist, need to fail if they don't if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } Copy-Item -Path $src -Destination $remote_dest -Force | Out-Null $result.changed = $true } Exit-Json -obj $result ScriptBlock ID: 5a004987-4ace-4c44-bae7-6ef84a0839fe Path:	4104	1		3	2	15	0	2065	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4704	4696	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:38 PM	7f70462d-725d-0004-e4d3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 947572b7-fdd6-4549-af9e-911ef50cfa12 Path:	4104	1		3	2	15	0	2064	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4704	5020	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:38 PM	7f70462d-725d-0004-d7d3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 3137b757-a9ec-49bf-961a-4a0e67c097b0 Path:	4104	1		3	2	15	0	2063	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4704	5020	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:38 PM	7f70462d-725d-0004-c8d3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): SAkZGVzdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICMgY2hlY2sgaWYgdGhlIHBhcmVudCBkaXIgZXhpc3RzLCB0aGlzIGlzIG9ubHkgZG9uZSBpZiBzcmMgaXMgYQogICAgICAgICAgICAjIGZpbGUgYW5kIGRlc3QgaWYgdGhlIHBhdGggdG8gYSBmaWxlIChkb2Vzbid0IGVuZCB3aXRoIFwgb3IgLykKICAgICAgICAgICAgJHBhcmVudF9kaXIgPSBTcGxpdC1QYXRoIC1QYXRoICRkZXN0CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRGVzdGluYXRpb24gZGlyZWN0b3J5ICckcGFyZW50X2RpcicgZG9lcyBub3QgZXhpc3QiCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgJGNvcHlfcmVzdWx0ID0gQ29weS1GaWxlIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgICRkaWZmID0gJGNvcHlfcmVzdWx0LmRpZmYKICAgICAgICAkcmVzdWx0LmNoZWNrc3VtID0gJGNvcHlfcmVzdWx0LmNoZWNrc3VtCiAgICB9CgogICAgIyB0aGUgZmlsZSBtaWdodCBub3QgZXhpc3QgaWYgcnVubmluZyBpbiBjaGVjayBtb2RlCiAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSAtb3IgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikpIHsKICAgICAgICAkcmVzdWx0LnNpemUgPSBHZXQtRmlsZVNpemUgLXBhdGggJGRlc3QKICAgIH0gZWxzZSB7CiAgICAgICAgJHJlc3VsdC5zaXplID0gJG51bGwKICAgIH0KICAgIGlmICgkZGlmZl9tb2RlKSB7CiAgICAgICAgJHJlc3VsdC5kaWZmLnByZXBhcmVkID0gJGRpZmYKICAgIH0KfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJzaW5nbGUiKSB7CiAgICAjIGEgc2luZ2xlIGZpbGUgaXMgbG9jYXRlZCBpbiBzcmMgYW5kIHdlIG5lZWQgdG8gY29weSB0byBkZXN0LCB0aGlzIHdpbGwKICAgICMgYWx3YXlzIHJlc3VsdCBpbiBhIGNoYW5nZSBhcyB0aGUgY2FsY3VsYXRpb24gaXMgZG9uZSBvbiB0aGUgQW5zaWJsZSBzaWRlCiAgICAjIGJlZm9yZSB0aGlzIGlzIHJ1bi4gVGhpcyBzaG91bGQgYWxzbyBuZXZlciBydW4gaW4gY2hlY2sgbW9kZQogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBMZWFmKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgIyB0aGUgZGVzdCBwYXJhbWV0ZXIgaXMgYSBkaXJlY3RvcnksIHdlIG5lZWQgdG8gYXBwZW5kIG9yaWdpbmFsX2Jhc2VuYW1lCiAgICBpZiAoJGRlc3QuRW5kc1dpdGgoIi8iKSAtb3IgJGRlc3QuRW5kc1dpdGgoImBcIikgLW9yIChUZXN0LVBhdGggLVBhdGggJGRlc3QgLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAkcmVtb3RlX2Rlc3QgPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkb3JpZ2luYWxfYmFzZW5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgd2hlbiBkZXN0IGVuZHMgd2l0aCAvLCB3ZSBuZWVkIHRvIGNyZWF0ZSB0aGUgZGVzdGluYXRpb24gZGlyZWN0b3JpZXMKICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXJlbnRfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHJlbW90ZV9kZXN0ID0gJGRlc3QKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgY2hlY2sgaWYgdGhlIGRlc3QgcGFyZW50IGRpcnMgZXhpc3QsIG5lZWQgdG8gZmFpbCBpZiB0aGV5IGRvbid0CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJvYmplY3QgYXQgZGVzdGluYXRpb24gcGFyZW50IGRpciAnJHBhcmVudF9kaXInIGlzIGN1cnJlbnRseSBhIGZpbGUiCiAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJEZXN0aW5hdGlvbiBkaXJlY3RvcnkgJyRwYXJlbnRfZGlyJyBkb2VzIG5vdCBleGlzdCIKICAgICAgICB9CiAgICB9CgogICAgQ29weS1JdGVtIC1QYXRoICRzcmMgLURlc3RpbmF0aW9uICRyZW1vdGVfZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "src": "C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1625575895.36-564863211809\\source", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "dest": "C:\\collect-event-log.ps1", "checksum": "f0e4c7145db8c7eba44bc8a5b81542c17749bbda", "_ansible_module_name": "copy", "_ansible_debug": false, "_ansible_verbosity": 3, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_original_basename": "collect-event-log.ps1", "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "mode": null, "_ansible_check_mode": false, "_ansible_shell_executable": "/bin/sh", "follow": false, "_ansible_tmpdir": "'C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1625575895.36-564863211809'"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: c2038b2b-5cc0-4c1c-860d-8e41d1f12e2f Path:	4104	1		3	2	15	0	2062	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4704	5020	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:38 PM	7f70462d-725d-0000-05ad-757f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): iOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTUsIEpvbiBIYXdrZXN3b3J0aCAoQGpoYXdrZXN3b3J0aCkgPGZpZ3NAdW5pdHkuZGVtb24uY28udWs+CiMgQ29weXJpZ2h0OiAoYykgMjAxNywgQW5zaWJsZSBQcm9qZWN0CiMgR05VIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgdjMuMCsgKHNlZSBDT1BZSU5HIG9yIGh0dHBzOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvZ3BsLTMuMC50eHQpCgojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxlZ2FjeQoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKJHBhcmFtcyA9IFBhcnNlLUFyZ3MgLWFyZ3VtZW50cyAkYXJncyAtc3VwcG9ydHNfY2hlY2tfbW9kZSAkdHJ1ZQokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtdHlwZSAiYm9vbCIgLWRlZmF1bHQgJGZhbHNlCiRkaWZmX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfZGlmZiIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQoKIyB0aGVyZSBhcmUgNCBtb2RlcyB0byB3aW5fY29weSB3aGljaCBhcmUgZHJpdmVuIGJ5IHRoZSBhY3Rpb24gcGx1Z2luczoKIyAgIGV4cGxvZGU6IHNyYyBpcyBhIHppcCBmaWxlIHdoaWNoIG5lZWRzIHRvIGJlIGV4dHJhY3RlZCB0byBkZXN0LCBmb3IgdXNlIHdpdGggbXVsdGlwbGUgZmlsZXMKIyAgIHF1ZXJ5OiB3aW5fY29weSBhY3Rpb24gcGx1Z2luIHdhbnRzIHRvIGdldCB0aGUgc3RhdGUgb2YgcmVtb3RlIGZpbGVzIHRvIGNoZWNrIHdoZXRoZXIgaXQgbmVlZHMgdG8gc2VuZCB0aGVtCiMgICByZW1vdGU6IGFsbCBjb3B5IGFjdGlvbiBpcyBoYXBwZW5pbmcgcmVtb3RlbHkgKHJlbW90ZV9zcmM9VHJ1ZSkKIyAgIHNpbmdsZTogYSBzaW5nbGUgZmlsZSBoYXMgYmVlbiBjb3BpZWQsIGFsc28gdXNlZCB3aXRoIHRlbXBsYXRlCiRjb3B5X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2NvcHlfbW9kZSIgLXR5cGUgInN0ciIgLWRlZmF1bHQgInNpbmdsZSIgLXZhbGlkYXRlc2V0ICJleHBsb2RlIiwicXVlcnkiLCJyZW1vdGUiLCJzaW5nbGUiCgojIHVzZWQgaW4gZXhwbG9kZSwgcmVtb3RlIGFuZCBzaW5nbGUgbW9kZQokc3JjID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInNyYyIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAoJGNvcHlfbW9kZSAtaW4gQCgiZXhwbG9kZSIsInByb2Nlc3MiLCJzaW5nbGUiKSkKJGRlc3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGVzdCIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAkdHJ1ZQoKIyB1c2VkIGluIHNpbmdsZSBtb2RlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCgojIHVzZWQgaW4gcXVlcnkgYW5kIHJlbW90ZSBtb2RlCiRmb3JjZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmb3JjZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCgojIHVzZWQgaW4gcXVlcnkgbW9kZSwgY29udGFpbnMgdGhlIGxvY2FsIGZpbGVzL2RpcmVjdG9yaWVzL3N5bWxpbmtzIHRoYXQgYXJlIHRvIGJlIGNvcGllZAokZmlsZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZmlsZXMiIC10eXBlICJsaXN0IgokZGlyZWN0b3JpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGlyZWN0b3JpZXMiIC10eXBlICJsaXN0Igokc3ltbGlua3MgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3ltbGlua3MiIC10eXBlICJsaXN0IgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCn0KCmlmICgkZGlmZl9tb2RlKSB7CiAgICAkcmVzdWx0LmRpZmYgPSBAe30KfQoKRnVuY3Rpb24gQ29weS1GaWxlKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9maWxlID0gJGZhbHNlCiAgICAkc291cmNlX2NoZWNrc3VtID0gJG51bGwKICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAkc291cmNlX2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkc291cmNlCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBkZXN0IGlzIGFscmVhZHkgYSBmb2xkZXIiCiAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgaWYgKCRmb3JjZSkgewogICAgICAgICAgICAkdGFyZ2V0X2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkZGVzdAogICAgICAgICAgICBpZiAoJHNvdXJjZV9jaGVja3N1bSAtbmUgJHRhcmdldF9jaGVja3N1bSkgewogICAgICAgICAgICAgICAgJGNvcHlfZmlsZSA9ICR0cnVlCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICRjb3B5X2ZpbGUgPSAkdHJ1ZQogICAgfQoKICAgIGlmICgkY29weV9maWxlKSB7CiAgICAgICAgJGZpbGVfZGlyID0gW1N5c3RlbS5JTy5QYXRoXTo6R2V0RGlyZWN0b3J5TmFtZSgkZGVzdCkKICAgICAgICAjIHZhbGlkYXRlIHRoZSBwYXJlbnQgZGlyIGlzIG5vdCBhIGZpbGUgYW5kIHRoYXQgaXQgZXhpc3RzCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZmlsZV9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRmaWxlX2RpcikpIHsKICAgICAgICAgICAgIyBkaXJlY3RvcnkgZG9lc24ndCBleGlzdCwgbmVlZCB0byBjcmVhdGUKICAgICAgICAgICAgTmV3LUl0ZW0gLVBhdGggJGZpbGVfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICIrJGZpbGVfZGlyXGBuIgogICAgICAgIH0KCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBSZW1vdmUtSXRlbSAtUGF0aCAkZGVzdCAtRm9yY2UgLVJlY3Vyc2UgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICItJGRlc3RgbiIKICAgICAgICB9CgogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICMgY2Fubm90IHJ1biB3aXRoIC1XaGF0SWY6JGNoZWNrX21vZGUgYXMgaWYgdGhlIHBhcmVudCBkaXIgZGlkbid0CiAgICAgICAgICAgICMgZXhpc3QgYW5kIHdhcyBjcmVhdGVkIGFib3ZlIHdvdWxkIHN0aWxsIG5vdCBleGlzdCBpbiBjaGVjayBtb2RlCiAgICAgICAgICAgIENvcHktSXRlbSAtUGF0aCAkc291cmNlIC1EZXN0aW5hdGlvbiAkZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgICAgICAkZGlmZiArPSAiKyRkZXN0YG4iCgogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgIyB1Z2x5IGJ1dCB0byBzYXZlIHVzIGZyb20gcnVubmluZyB0aGUgY2hlY2tzdW0gdHdpY2UsIGxldCdzIHJldHVybiBpdCBmb3IKICAgICMgdGhlIG1haW4gY29kZSB0byBhZGQgaXQgdG8gJHJlc3VsdAogICAgcmV0dXJuICxAeyBkaWZmID0gJGRpZmY7IGNoZWNrc3VtID0gJHNvdXJjZV9jaGVja3N1bSB9Cn0KCkZ1bmN0aW9uIENvcHktRm9sZGVyKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9mb2xkZXIgPSAkZmFsc2UKCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgJHBhcmVudF9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRkZXN0KQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgZnJvbSAnJHNvdXJjZScgdG8gJyRkZXN0JzogZGVzdCBpcyBhbHJlYWR5IGEgZmlsZSIKICAgICAgICB9CgogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBDb250YWluZXIgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgJGRpZmYgKz0gIiskZGVzdFxgbiIKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQoKICAgICRjaGlsZF9pdGVtcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJHNvdXJjZSAtRm9yY2UKICAgIGZvcmVhY2ggKCRjaGlsZF9pdGVtIGluICRjaGlsZF9pdGVtcykgewogICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfaXRlbS5OYW1lCiAgICAgICAgaWYgKCRjaGlsZF9pdGVtLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgJGRpZmYgKz0gKENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgIH0KICAgIH0KCiAgICByZXR1cm4gJGRpZmYKfQoKRnVuY3Rpb24gR2V0LUZpbGVTaXplKCRwYXRoKSB7CiAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRwYXRoIC1Gb3JjZQogICAgJHNpemUgPSAkbnVsbAogICAgaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAkZGlyX2ZpbGVzX3N1bSA9IEdldC1DaGlsZEl0ZW0gJGZpbGUuRnVsbE5hbWUgLVJlY3Vyc2UKICAgICAgICBpZiAoJGRpcl9maWxlc19zdW0gLWVxICRudWxsIC1vciAoJGRpcl9maWxlc19zdW0uUFNPYmplY3QuUHJvcGVydGllcy5uYW1lIC1jb250YWlucyAnbGVuZ3RoJyAtZXEgJGZhbHNlKSkgewogICAgICAgICAgICAkc2l6ZSA9IDAKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkc2l6ZSA9ICgkZGlyX2ZpbGVzX3N1bSB8IE1lYXN1cmUtT2JqZWN0IC1wcm9wZXJ0eSBsZW5ndGggLXN1bSkuU3VtCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkc2l6ZSA9ICRmaWxlLkxlbmd0aAogICAgfQoKICAgICRzaXplCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwKCRzcmMsICRkZXN0KSB7CiAgICAkYXJjaGl2ZSA9IFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZV06Ok9wZW4oJHNyYywgW1N5c3RlbS5JTy5Db21wcmVzc2lvbi5aaXBBcmNoaXZlTW9kZV06OlJlYWQsIFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjgpCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJGFyY2hpdmUuRW50cmllcykgewogICAgICAgICRhcmNoaXZlX25hbWUgPSAkZW50cnkuRnVsbE5hbWUKCiAgICAgICAgIyBGdWxsTmFtZSBtYXkgYmUgYXBwZW5kZWQgd2l0aCAvIG9yIFwsIGRldGVybWluZSBpZiBpdCBpcyBwYWRkZWQgYW5kIHJlbW92ZSBpdAogICAgICAgICRwYWRkaW5nX2xlbmd0aCA9ICRhcmNoaXZlX25hbWUuTGVuZ3RoICUgNAogICAgICAgIGlmICgkcGFkZGluZ19sZW5ndGggLWVxIDApIHsKICAgICAgICAgICAgJGlzX2RpciA9ICRmYWxzZQogICAgICAgICAgICAkYmFzZTY0X25hbWUgPSAkYXJjaGl2ZV9uYW1lCiAgICAgICAgfSBlbHNlaWYgKCRwYWRkaW5nX2xlbmd0aCAtZXEgMSkgewogICAgICAgICAgICAkaXNfZGlyID0gJHRydWUKICAgICAgICAgICAgaWYgKCRhcmNoaXZlX25hbWUuRW5kc1dpdGgoIi8iKSAtb3IgJGFyY2hpdmVfbmFtZS5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAgICAgJGJhc2U2NF9uYW1lID0gJGFyY2hpdmVfbmFtZS5TdWJzdHJpbmcoMCwgJGFyY2hpdmVfbmFtZS5MZW5ndGggLSAxKQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgdGhyb3cgImludmFsaWQgYmFzZTY0IGFyY2hpdmUgbmFtZSAnJGFyY2hpdmVfbmFtZSciCiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICB0aHJvdyAiaW52YWxpZCBiYXNlNjQgbGVuZ3RoICckYXJjaGl2ZV9uYW1lJyIKICAgICAgICB9CgogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGJhc2U2NF9uYW1lKSkKICAgICAgICAjIHJlLWFkZCB0aGUgLyB0byB0aGUgZW50cnkgZnVsbCBuYW1lIGlmIGl0IHdhcyBhIGRpcmVjdG9yeQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9ICIkZGVjb2RlZF9hcmNoaXZlX25hbWUvIgogICAgICAgIH0KICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX25hbWUpCiAgICAgICAgJGVudHJ5X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGVudHJ5X3RhcmdldF9wYXRoKQoKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRlbnRyeV9kaXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRlbnRyeV9kaXIgLUl0ZW1UeXBlIERpcmVjdG9yeSAtV2hhdElmOiRjaGVja19tb2RlIHwgT3V0LU51bGwKICAgICAgICB9CgogICAgICAgIGlmICgkaXNfZGlyIC1lcSAkZmFsc2UpIHsKICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgICAgIFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZUV4dGVuc2lvbnNdOjpFeHRyYWN0VG9GaWxlKCRlbnRyeSwgJGVudHJ5X3RhcmdldF9wYXRoLCAkdHJ1ZSkKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KICAgICRhcmNoaXZlLkRpc3Bvc2UoKSAgIyByZWxlYXNlIHRoZSBoYW5kbGUgb2YgdGhlIHppcCBmaWxlCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwTGVnYWN5KCRzcmMsICRkZXN0KSB7CiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0KSkgewogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICB9CiAgICAkc2hlbGwgPSBOZXctT2JqZWN0IC1Db21PYmplY3QgU2hlbGwuQXBwbGljYXRpb24KICAgICR6aXAgPSAkc2hlbGwuTmFtZVNwYWNlKCRzcmMpCiAgICAkZGVzdF9wYXRoID0gJHNoZWxsLk5hbWVTcGFjZSgkZGVzdCkKCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJHppcC5JdGVtcygpKSB7CiAgICAgICAgJGlzX2RpciA9ICRlbnRyeS5Jc0ZvbGRlcgogICAgICAgICRlbmNvZGVkX2FyY2hpdmVfZW50cnkgPSAkZW50cnkuTmFtZQogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRlbmNvZGVkX2FyY2hpdmVfZW50cnkpKQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSAiJGRlY29kZWRfYXJjaGl2ZV9lbnRyeS8iCiAgICAgICAgfQoKICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX2VudHJ5KQogICAgICAgICRlbnRyeV9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRlbnRyeV90YXJnZXRfcGF0aCkKCiAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkZW50cnlfZGlyKSkgewogICAgICAgICAgICBOZXctSXRlbSAtUGF0aCAkZW50cnlfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfQoKICAgICAgICBpZiAoJGlzX2RpciAtZXEgJGZhbHNlIC1hbmQgKC1ub3QgJGNoZWNrX21vZGUpKSB7CiAgICAgICAgICAgICMgaHR0cHM6Ly9tc2RuLm1pY3Jvc29mdC5jb20vZW4tdXMvbGlicmFyeS93aW5kb3dzL2Rlc2t0b3AvYmI3ODc4NjYuYXNweAogICAgICAgICAgICAjIEZyb20gRm9sZGVyLkNvcHlIZXJlIGRvY3VtZW50YXRpb24sIDEwNDQgbWVhbnM6CiAgICAgICAgICAgICMgIC0gMTAyNDogZG8gbm90IGRpc3BsYXkgYSB1c2VyIGludGVyZmFjZSBpZiBhbiBlcnJvciBvY2N1cnMKICAgICAgICAgICAgIyAgLSAgIDE2OiByZXNwb25kIHdpdGggInllcyB0byBhbGwiIGZvciBhbnkgZGlhbG9nIGJveCB0aGF0IGlzIGRpc3BsYXllZAogICAgICAgICAgICAjICAtICAgIDQ6IGRvIG5vdCBkaXNwbGF5IGEgcHJvZ3Jlc3MgZGlhbG9nIGJveAogICAgICAgICAgICAkZGVzdF9wYXRoLkNvcHlIZXJlKCRlbnRyeSwgMTA0NCkKCiAgICAgICAgICAgICMgb25jZSBmaWxlIGlzIGV4dHJhY2VkLCB3ZSBuZWVkIHRvIHJlbmFtZSBpdCB3aXRoIG5vbiBiYXNlNjQgbmFtZQogICAgICAgICAgICAkY29tYmluZWRfZW5jb2RlZF9wYXRoID0gW1N5c3RlbS5JTy5QYXRoXTo6Q29tYmluZSgkZGVzdCwgJGVuY29kZWRfYXJjaGl2ZV9lbnRyeSkKICAgICAgICAgICAgTW92ZS1JdGVtIC1QYXRoICRjb21iaW5lZF9lbmNvZGVkX3BhdGggLURlc3RpbmF0aW9uICRlbnRyeV90YXJnZXRfcGF0aCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0KfQoKaWYgKCRjb3B5X21vZGUgLWVxICJxdWVyeSIpIHsKICAgICMgd2Ugb25seSByZXR1cm4gYSBsaXN0IG9mIGZpbGVzL2RpcmVjdG9yaWVzIHRoYXQgbmVlZCB0byBiZSBjb3BpZWQgb3ZlcgogICAgIyB0aGUgc291cmNlIG9mIHRoZSBsb2NhbCBmaWxlIHdpbGwgYmUgdGhlIGtleSB1c2VkCiAgICAkY2hhbmdlZF9maWxlcyA9IEAoKQogICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgPSBAKCkKICAgICRjaGFuZ2VkX3N5bWxpbmtzID0gQCgpCgogICAgZm9yZWFjaCAoJGZpbGUgaW4gJGZpbGVzKSB7CiAgICAgICAgJGZpbGVuYW1lID0gJGZpbGUuZGVzdAogICAgICAgICRsb2NhbF9jaGVja3N1bSA9ICRmaWxlLmNoZWNrc3VtCgogICAgICAgICRmaWxlcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoICRmaWxlbmFtZQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGZpbGVwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAgICAgICAgICRjaGVja3N1bSA9IEdldC1GaWxlQ2hlY2tzdW0gLXBhdGggJGZpbGVwYXRoCiAgICAgICAgICAgICAgICBpZiAoJGNoZWNrc3VtIC1uZSAkbG9jYWxfY2hlY2tzdW0pIHsKICAgICAgICAgICAgICAgICAgICAkd2lsbF9jaGFuZ2UgPSAkdHJ1ZQogICAgICAgICAgICAgICAgICAgICRjaGFuZ2VkX2ZpbGVzICs9ICRmaWxlCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRmaWxlcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZpbGUgdG8gZGVzdCAnJGZpbGVwYXRoJzogb2JqZWN0IGF0IHBhdGggaXMgYWxyZWFkeSBhIGRpcmVjdG9yeSIKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkY2hhbmdlZF9maWxlcyArPSAkZmlsZQogICAgICAgIH0KICAgIH0KCiAgICBmb3JlYWNoICgkZGlyZWN0b3J5IGluICRkaXJlY3RvcmllcykgewogICAgICAgICRkaXJuYW1lID0gJGRpcmVjdG9yeS5kZXN0CgogICAgICAgICRkaXJwYXRoID0gSm9pbi1QYXRoIC1QYXRoICRkZXN0IC1DaGlsZFBhdGggJGRpcm5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGRpcnBhdGgpCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgdG8gZGVzdCAnJGRpcnBhdGgnOiBvYmplY3QgYXQgcGFyZW50IGRpcmVjdG9yeSBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0KICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRkaXJwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZvbGRlciB0byBkZXN0ICckZGlycGF0aCc6IG9iamVjdCBhdCBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0gZWxzZWlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGRpcnBhdGggLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAgICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgKz0gJGRpcmVjdG9yeQogICAgICAgIH0KICAgIH0KCiAgICAjIFRPRE86IEhhbmRsZSBzeW1saW5rcwoKICAgICRyZXN1bHQuZmlsZXMgPSAkY2hhbmdlZF9maWxlcwogICAgJHJlc3VsdC5kaXJlY3RvcmllcyA9ICRjaGFuZ2VkX2RpcmVjdG9yaWVzCiAgICAkcmVzdWx0LnN5bWxpbmtzID0gJGNoYW5nZWRfc3ltbGlua3MKfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJleHBsb2RlIikgewogICAgIyBhIHNpbmdsZSB6aXAgZmlsZSBjb250YWluaW5nIHRoZSBmaWxlcyBhbmQgZGlyZWN0b3JpZXMgbmVlZHMgdG8gYmUKICAgICMgZXhwYW5kZWQgdGhpcyB3aWxsIGFsd2F5cyByZXN1bHQgaW4gYSBjaGFuZ2UgYXMgdGhlIGNhbGN1bGF0aW9uIGlzIGRvbmUKICAgICMgb24gdGhlIHdpbl9jb3B5IGFjdGlvbiBwbHVnaW4gYW5kIGlzIG9ubHkgcnVuIGlmIGEgY2hhbmdlIG5lZWRzIHRvIG9jY3VyCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRzcmMgLVBhdGhUeXBlIExlYWYpKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiQ2Fubm90IGV4cGFuZCBzcmMgemlwIGZpbGU6ICckc3JjJyBhcyBpdCBkb2VzIG5vdCBleGlzdCIKICAgIH0KCiAgICAjIERldGVjdCBpZiB0aGUgUFMgemlwIGFzc2VtYmxpZXMgYXJlIGF2YWlsYWJsZSBvciB3aGV0aGVyIHRvIHVzZSBTaGVsbAogICAgJHVzZV9sZWdhY3kgPSAkZmFsc2UKICAgIHRyeSB7CiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24uRmlsZVN5c3RlbSB8IE91dC1OdWxsCiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24gfCBPdXQtTnVsbAogICAgfSBjYXRjaCB7CiAgICAgICAgJHVzZV9sZWdhY3kgPSAkdHJ1ZQogICAgfQogICAgaWYgKCR1c2VfbGVnYWN5KSB7CiAgICAgICAgRXh0cmFjdC1aaXBMZWdhY3kgLXNyYyAkc3JjIC1kZXN0ICRkZXN0CiAgICB9IGVsc2UgewogICAgICAgIEV4dHJhY3QtWmlwIC1zcmMgJHNyYyAtZGVzdCAkZGVzdAogICAgfQoKICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCn0gZWxzZWlmICgkY29weV9tb2RlIC1lcSAicmVtb3RlIikgewogICAgIyBhbGwgY29weSBhY3Rpb25zIGFyZSBoYXBwZW5pbmcgb24gdGhlIHJlbW90ZSBzaWRlICh3aW5kb3dzIGhvc3QpLCBuZWVkCiAgICAjIHRvbyBjb3B5IHNvdXJjZSBhbmQgZGVzdCB1c2luZyBQUyBjb2RlCiAgICAkcmVzdWx0LnNyYyA9ICRzcmMKICAgICRyZXN1bHQuZGVzdCA9ICRkZXN0CgogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBDb250YWluZXIpIHsKICAgICAgICAjIHdlIGFyZSBjb3B5aW5nIGEgZGlyZWN0b3J5IG9yIHRoZSBjb250ZW50cyBvZiBhIGRpcmVjdG9yeQogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZvbGRlcl9jb3B5JwogICAgICAgIGlmICgkc3JjLkVuZHNXaXRoKCIvIikgLW9yICRzcmMuRW5kc1dpdGgoImBcIikpIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIncyBjb250ZW50cyB0byBkZXN0CiAgICAgICAgICAgICRkaWZmID0gIiIKICAgICAgICAgICAgJGNoaWxkX2ZpbGVzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZQogICAgICAgICAgICBmb3JlYWNoICgkY2hpbGRfZmlsZSBpbiAkY2hpbGRfZmlsZXMpIHsKICAgICAgICAgICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfZmlsZS5OYW1lCiAgICAgICAgICAgICAgICBpZiAoJGNoaWxkX2ZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgICAgICRkaWZmICs9IENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aAogICAgICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIgYW5kIGl0J3MgY29udGVudHMgdG8gZGVzdAogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgICAgICAkZGlmZiA9IENvcHktRm9sZGVyIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgIyB3ZSBhcmUganVzdCBjb3B5aW5nIGEgc2luZ2xlIGZpbGUgdG8gZGVzdAogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZpbGVfY29weScKCiAgICAgICAgJHNvdXJjZV9iYXNlbmFtZSA9IChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICRyZXN1bHQub3JpZ2luYWxfYmFzZW5hbWUgPSAkc291cmNlX2Jhc2VuYW1lCgogICAgICAgIGlmICgkZGVzdC5FbmRzV2l0aCgiLyIpIC1vciAkZGVzdC5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgP ScriptBlock ID: c2038b2b-5cc0-4c1c-860d-8e41d1f12e2f Path:	4104	1		3	2	15	0	2061	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4704	5020	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:38 PM	7f70462d-725d-0000-05ad-757f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjM ScriptBlock ID: c2038b2b-5cc0-4c1c-860d-8e41d1f12e2f Path:	4104	1		3	2	15	0	2060	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4704	5020	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:38 PM	7f70462d-725d-0000-05ad-757f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	2059	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4704	2560	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:37 PM	7f70462d-725d-0004-c3d3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4704 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	2058	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4704	1860	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:37 PM	7f70462d-725d-0004-c3d3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	2057	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4704	2560	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:37 PM	7f70462d-725d-0004-c3d3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): begin { $path = 'C:\Users\Admin\AppData\Local\Temp\ansible-tmp-1625575895.36-564863211809\source' $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 $fd = [System.IO.File]::Create($path) $sha1 = [System.Security.Cryptography.SHA1CryptoServiceProvider]::Create() $bytes = @() #initialize for empty file case } process { $bytes = [System.Convert]::FromBase64String($input) $sha1.TransformBlock($bytes, 0, $bytes.Length, $bytes, 0) | Out-Null $fd.Write($bytes, 0, $bytes.Length) } end { $sha1.TransformFinalBlock($bytes, 0, 0) | Out-Null $hash = [System.BitConverter]::ToString($sha1.Hash).Replace("-", "").ToLowerInvariant() $fd.Close() Write-Output "{""sha1"":""$hash""}" } ScriptBlock ID: 544261e5-cee3-4103-bebd-2add6ab5b574 Path:	4104	1		3	2	15	0	2056	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4368	476	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:37 PM	7f70462d-725d-0002-c40e-767f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	2055	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4368	2660	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:37 PM	7f70462d-725d-0004-c1d3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4368 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	2054	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4368	4872	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:37 PM	7f70462d-725d-0004-c1d3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	2053	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4368	2660	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:37 PM	7f70462d-725d-0004-c1d3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 8e3660cc-e390-412c-af32-6a543291f045 Path:	4104	1		3	2	15	0	2052	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1032	4148	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:36 PM	7f70462d-725d-0000-dfac-757f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): be used; Get-AnsiblePrivilege Set-AnsiblePrivilege The above cmdlets give the ability to manage permissions on the current process token but the underlying .NET classes are also exposed for greater control. The following functions can be used by calling the .NET class [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($name) [Ansible.PrivilegeUtil.Privileges]::DisablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::DisableAllPrivileges($process) [Ansible.PrivilegeUtil.Privileges]::EnablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process) [Ansible.PrivilegeUtil.Privileges]::RemovePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process, $new_state) Here is a brief explanation of each type of arg $process = The process handle to manipulate, use '[Ansible.PrivilegeUtils.Privileges]::GetCurrentProcess()' to get the current process handle $name = The name of the privilege, this is the constant value from https://docs.microsoft.com/en-us/windows/desktop/SecAuthZ/privilege-constants, e.g. SeAuditPrivilege $new_state = 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' The key is the constant name as a string, the value is a ternary boolean where true - will enable the privilege false - will disable the privilege null - will remove the privilege Each method that changes the privilege state will return a dictionary that can be used as the $new_state arg of SetTokenPrivileges to undo and revert back to the original state. If you remove a privilege then this is irreversible and won't be part of the returned dict #> [CmdletBinding()] # build the C# code to compile $namespace_import = ($ansible_privilege_util_namespaces | ForEach-Object { "using $_;" }) -join "`r`n" $platform_util = "$namespace_import`r`n`r`n$ansible_privilege_util_code" # FUTURE: find a better way to get the _ansible_remote_tmp variable # this is used to force csc to compile the C# code in the remote tmp # specified $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $platform_util $env:TMP = $original_tmp } Function Get-AnsiblePrivilege { <# .SYNOPSIS Get the status of a privilege for the current process. This returns $true - the privilege is enabled $false - the privilege is disabled $null - the privilege is removed from the token If Name is not a valid privilege name, this will throw an ArgumentException. .EXAMPLE Get-AnsiblePrivilege -Name SeDebugPrivilege #> [CmdletBinding()] param( [Parameter(Mandatory=$true)][String]$Name ) if (-not [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($Name)) { throw [System.ArgumentException] "Invalid privilege name '$Name'" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() $privilege_info = [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process_token) if ($privilege_info.ContainsKey($Name)) { $status = $privilege_info.$Name return $status.HasFlag([Ansible.PrivilegeUtil.PrivilegeAttributes]::Enabled) } else { return $null } } Function Set-AnsiblePrivilege { <# .SYNOPSIS Enables/Disables a privilege on the current process' token. If a privilege has been removed from the process token, this will throw an InvalidOperationException. .EXAMPLE # enable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $true # disable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $false #> [CmdletBinding(SupportsShouldProcess)] param( [Parameter(Mandatory=$true)][String]$Name, [Parameter(Mandatory=$true)][bool]$Value ) $action = switch($Value) { $true { "Enable" } $false { "Disable" } } $current_state = Get-AnsiblePrivilege -Name $Name if ($current_state -eq $Value) { return # no change needs to occur } elseif ($null -eq $current_state) { # once a privilege is removed from a token we cannot do anything with it throw [System.InvalidOperationException] "Cannot $($action.ToLower()) the privilege '$Name' as it has been removed from the token" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() if ($PSCmdlet.ShouldProcess($Name, "$action the privilege $Name")) { $new_state = New-Object -TypeName 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' $new_state.Add($Name, $Value) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process_token, $new_state) > $null } } Export-ModuleMember -Function Import-PrivilegeUtil, Get-AnsiblePrivilege, Set-AnsiblePrivilege ` -Variable ansible_privilege_util_namespaces, ansible_privilege_util_code ScriptBlock ID: e960dc78-7444-4b21-b876-d855e6063950 Path:	4104	1		3	2	15	0	2051	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1032	4148	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:36 PM	7f70462d-725d-0000-dbac-757f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): # Copyright (c) 2018 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) # store in separate variables to make it easier for other module_utils to # share this code in their own c# code $ansible_privilege_util_namespaces = @( "Microsoft.Win32.SafeHandles", "System", "System.Collections.Generic", "System.Linq", "System.Runtime.InteropServices", "System.Security.Principal", "System.Text" ) $ansible_privilege_util_code = @' namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } } '@ Function Import-PrivilegeUtil { <# .SYNOPSIS Compiles the C# code that can be used to manage Windows privileges from an Ansible module. Once this function is called, the following PowerShell cmdlets can ScriptBlock ID: e960dc78-7444-4b21-b876-d855e6063950 Path:	4104	1		3	2	15	0	2050	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1032	4148	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:36 PM	7f70462d-725d-0000-dbac-757f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) #Requires -Module Ansible.ModuleUtils.PrivilegeUtil Function Load-LinkUtils() { $link_util = @' using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } } '@ # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $link_util $env:TMP = $original_tmp Import-PrivilegeUtil # enable the SeBackupPrivilege if it is disabled $state = Get-AnsiblePrivilege -Name SeBackupPrivilege if ($state -eq $false) { Set-AnsiblePrivilege -Name SeBackupPrivilege -Value $true } } Function Get-Link($link_path) { $link_info = [Ansible.LinkUtil]::GetLinkInfo($link_path) return $link_info } Function Remove-Link($link_path) { [Ansible.LinkUtil]::DeleteLink($link_path) } Function New-Link($link_path, $link_target, $link_type) { if (-not (Test-Path -Path $link_target)) { throw "link_target '$link_target' does not exist, cannot create link" } switch($link_type) { "link" { $type = [Ansible.LinkType]::SymbolicLink } "junction" { if (Test-Path -Path $link_target -PathType Leaf) { throw "cannot set the target for a junction point to a file" } $type = [Ansible.LinkType]::JunctionPoint } "hard" { if (Test-Path -Path $link_target -PathType Container) { throw "cannot set the target for a hard link to a directory" } $type = [Ansible.LinkType]::HardLink } default { throw "invalid link_type option $($link_type): expecting link, junction, hard" } } [Ansible.LinkUtil]::CreateLink($link_path, $link_target, $type) } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 710a9d87-df29-4ddb-812f-39186e5f9f04 Path:	4104	1		3	2	15	0	2049	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1032	4148	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:36 PM	7f70462d-725d-0000-d7ac-757f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: a0a802ad-bea7-4d0c-8b58-4df3c08fbf73 Path:	4104	1		3	2	15	0	2048	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1032	4148	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:36 PM	7f70462d-725d-0000-ccac-757f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (9 of 9): es": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_shell_executable": "/bin/sh", "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "get_checksum": true, "_ansible_check_mode": false, "checksum_algo": "sha1", "follow": false, "path": "C:\\collect-event-log.ps1", "_ansible_tmpdir": "'C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1625575895.36-564863211809'"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: a0ba99c1-9c16-405c-8082-ab4ef1751182 Path:	4104	1		3	2	15	0	2047	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1032	4148	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:36 PM	7f70462d-725d-0000-c6ac-757f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (8 of 9): 0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5GaWxlVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxpbmtVdGlsCgpmdW5jdGlvbiBEYXRlVG8tVGltZXN0YW1wKCRzdGFydF9kYXRlLCAkZW5kX2RhdGUpIHsKICAgIGlmICgkc3RhcnRfZGF0ZSAtYW5kICRlbmRfZGF0ZSkgewogICAgICAgIHJldHVybiAoTmV3LVRpbWVTcGFuIC1TdGFydCAkc3RhcnRfZGF0ZSAtRW5kICRlbmRfZGF0ZSkuVG90YWxTZWNvbmRzCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokcGF0aCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJwYXRoIiAtdHlwZSAicGF0aCIgLWZhaWxpZmVtcHR5ICR0cnVlIC1hbGlhc2VzICJkZXN0IiwibmFtZSIKJGdldF9tZDUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZ2V0X21kNSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQokZ2V0X2NoZWNrc3VtID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgImdldF9jaGVja3N1bSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCiRjaGVja3N1bV9hbGdvcml0aG0gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hlY2tzdW1fYWxnb3JpdGhtIiAtdHlwZSAic3RyIiAtZGVmYXVsdCAic2hhMSIgLXZhbGlkYXRlc2V0ICJtZDUiLCJzaGExIiwic2hhMjU2Iiwic2hhMzg0Iiwic2hhNTEyIgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCiAgICBzdGF0ID0gQHsKICAgICAgICBleGlzdHMgPSAkZmFsc2UKICAgIH0KfQoKIyBnZXRfbWQ1IHdpbGwgYmUgYW4gdW5kb2N1bWVudGVkIG9wdGlvbiBpbiAyLjkgdG8gYmUgcmVtb3ZlZCBhdCBhIGxhdGVyCiMgZGF0ZSBpZiBwb3NzaWJsZSAoMy4wKykKaWYgKEdldC1NZW1iZXIgLWlucHV0b2JqZWN0ICRwYXJhbXMgLW5hbWUgImdldF9tZDUiKSB7CiAgICBBZGQtRGVwcmVhY3Rpb25XYXJuaW5nIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiZ2V0X21kNSBoYXMgYmVlbiBkZXByZWNhdGVkIGFsb25nIHdpdGggdGhlIG1kNSByZXR1cm4gdmFsdWUsIHVzZSBnZXRfY2hlY2tzdW09VHJ1ZSBhbmQgY2hlY2tzdW1fYWxnb3JpdGhtPW1kNSBpbnN0ZWFkIiAtdmVyc2lvbiAyLjkKfQoKJGluZm8gPSBHZXQtQW5zaWJsZUl0ZW0gLVBhdGggJHBhdGggLUVycm9yQWN0aW9uIFNpbGVudGx5Q29udGludWUKSWYgKCRpbmZvIC1uZSAkbnVsbCkgewogICAgJGVwb2NoX2RhdGUgPSBHZXQtRGF0ZSAtRGF0ZSAiMDEvMDEvMTk3MCIKICAgICRhdHRyaWJ1dGVzID0gQCgpCiAgICBmb3JlYWNoICgkYXR0cmlidXRlIGluICgkaW5mby5BdHRyaWJ1dGVzIC1zcGxpdCAnLCcpKSB7CiAgICAgICAgJGF0dHJpYnV0ZXMgKz0gJGF0dHJpYnV0ZS5UcmltKCkKICAgIH0KCiAgICAjIGRlZmF1bHQgdmFsdWVzIHRoYXQgYXJlIGFsd2F5cyBzZXQsIHNwZWNpZmljIHZhbHVlcyBhcmUgc2V0IGJlbG93IHRoaXMKICAgICMgYnV0IGFyZSBrZXB0IGNvbW1lbnRlZCBmb3IgZWFzaWVyIHJlYWRhYmlsaXR5CiAgICAkc3RhdCA9IEB7CiAgICAgICAgZXhpc3RzID0gJHRydWUKICAgICAgICBhdHRyaWJ1dGVzID0gJGluZm8uQXR0cmlidXRlcy5Ub1N0cmluZygpCiAgICAgICAgaXNhcmNoaXZlID0gKCRhdHRyaWJ1dGVzIC1jb250YWlucyAiQXJjaGl2ZSIpCiAgICAgICAgaXNkaXIgPSAkZmFsc2UKICAgICAgICBpc2hpZGRlbiA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIkhpZGRlbiIpCiAgICAgICAgaXNqdW5jdGlvbiA9ICRmYWxzZQogICAgICAgIGlzbG5rID0gJGZhbHNlCiAgICAgICAgaXNyZWFkb25seSA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIlJlYWRPbmx5IikKICAgICAgICBpc3JlZyA9ICRmYWxzZQogICAgICAgIGlzc2hhcmVkID0gJGZhbHNlCiAgICAgICAgbmxpbmsgPSAxICAjIE51bWJlciBvZiBsaW5rcyB0byB0aGUgZmlsZSAoaGFyZCBsaW5rcyksIG92ZXJyaWRlbiBiZWxvdyBpZiBpc2xuawogICAgICAgICMgbG5rX3RhcmdldCA9IGlzbG5rIG9yIGlzanVuY3Rpb24gVGFyZ2V0IG9mIHRoZSBzeW1saW5rLiBOb3RlIHRoYXQgcmVsYXRpdmUgcGF0aHMgcmVtYWluIHJlbGF0aXZlCiAgICAgICAgIyBsbmtfc291cmNlID0gaXNsbmsgb3MgaXNqdW5jdGlvbiBUYXJnZXQgb2YgdGhlIHN5bWxpbmsgbm9ybWFsaXplZCBmb3IgdGhlIHJlbW90ZSBmaWxlc3lzdGVtCiAgICAgICAgaGxua190YXJnZXRzID0gQCgpCiAgICAgICAgY3JlYXRpb250aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkNyZWF0aW9uVGltZSkKICAgICAgICBsYXN0YWNjZXNzdGltZSA9IChEYXRlVG8tVGltZXN0YW1wIC1zdGFydF9kYXRlICRlcG9jaF9kYXRlIC1lbmRfZGF0ZSAkaW5mby5MYXN0QWNjZXNzVGltZSkKICAgICAgICBsYXN0d3JpdGV0aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkxhc3RXcml0ZVRpbWUpCiAgICAgICAgIyBzaXplID0gYSBmaWxlIGFuZCBkaXJlY3RvcnkgLSBjYWxjdWxhdGVkIGJlbG93CiAgICAgICAgcGF0aCA9ICRpbmZvLkZ1bGxOYW1lCiAgICAgICAgZmlsZW5hbWUgPSAkaW5mby5OYW1lCiAgICAgICAgIyBleHRlbnNpb24gPSBhIGZpbGUKICAgICAgICAjIG93bmVyID0gc2V0IG91dHNpdGUgdGhpcyBkaWN0IGluIGNhc2UgaXQgZmFpbHMKICAgICAgICAjIHNoYXJlbmFtZSA9IGEgZGlyZWN0b3J5IGFuZCBpc3NoYXJlZCBpcyBUcnVlCiAgICAgICAgIyBjaGVja3N1bSA9IGEgZmlsZSBhbmQgZ2V0X2NoZWNrc3VtOiBUcnVlCiAgICAgICAgIyBtZDUgPSBhIGZpbGUgYW5kIGdldF9tZDU6IFRydWUKICAgIH0KICAgICRzdGF0Lm93bmVyID0gJGluZm8uR2V0QWNjZXNzQ29udHJvbCgpLk93bmVyCgogICAgIyB2YWx1ZXMgdGhhdCBhcmUgc2V0IGFjY29yZGluZyB0byB0aGUgdHlwZSBvZiBmaWxlCiAgICBpZiAoJGluZm8uQXR0cmlidXRlcy5IYXNGbGFnKFtTeXN0ZW0uSU8uRmlsZUF0dHJpYnV0ZXNdOjpEaXJlY3RvcnkpKSB7CiAgICAgICAgJHN0YXQuaXNkaXIgPSAkdHJ1ZQogICAgICAgICRzaGFyZV9pbmZvID0gR2V0LVdtaU9iamVjdCAtQ2xhc3MgV2luMzJfU2hhcmUgLUZpbHRlciAiUGF0aD0nJCgkc3RhdC5wYXRoIC1yZXBsYWNlICdcXCcsICdcXCcpJyIKICAgICAgICBpZiAoJHNoYXJlX2luZm8gLW5lICRudWxsKSB7CiAgICAgICAgICAgICRzdGF0Lmlzc2hhcmVkID0gJHRydWUKICAgICAgICAgICAgJHN0YXQuc2hhcmVuYW1lID0gJHNoYXJlX2luZm8uTmFtZQogICAgICAgIH0KCiAgICAgICAgdHJ5IHsKICAgICAgICAgICAgJHNpemUgPSAwCiAgICAgICAgICAgIGZvcmVhY2ggKCRmaWxlIGluICRpbmZvLkVudW1lcmF0ZUZpbGVzKCIqIiwgW1N5c3RlbS5JTy5TZWFyY2hPcHRpb25dOjpBbGxEaXJlY3RvcmllcykpIHsKICAgICAgICAgICAgICAgICRzaXplICs9ICRmaWxlLkxlbmd0aAogICAgICAgICAgICB9CiAgICAgICAgICAgICRzdGF0LnNpemUgPSAkc2l6ZQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICAkc3RhdC5zaXplID0gMAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHN0YXQuZXh0ZW5zaW9uID0gJGluZm8uRXh0ZW5zaW9uCiAgICAgICAgJHN0YXQuaXNyZWcgPSAkdHJ1ZQogICAgICAgICRzdGF0LnNpemUgPSAkaW5mby5MZW5ndGgKCiAgICAgICAgaWYgKCRnZXRfbWQ1KSB7CiAgICAgICAgICAgIHRyeSB7CiAgICAgICAgICAgICAgICAkc3RhdC5tZDUgPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gIm1kNSIKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJmYWlsZWQgdG8gZ2V0IE1ENSBoYXNoIG9mIGZpbGUsIHJlbW92ZSBnZXRfbWQ1IHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICBpZiAoJGdldF9jaGVja3N1bSkgewogICAgICAgICAgICB0cnkgewogICAgICAgICAgICAgICAgJHN0YXQuY2hlY2tzdW0gPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gJGNoZWNrc3VtX2FsZ29yaXRobQogICAgICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImZhaWxlZCB0byBnZXQgaGFzaCBvZiBmaWxlLCBzZXQgZ2V0X2NoZWNrc3VtIHRvIEZhbHNlIHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KCiAgICAjIEdldCBzeW1ib2xpYyBsaW5rLCBqdW5jdGlvbiBwb2ludCwgaGFyZCBsaW5rIGluZm8KICAgIExvYWQtTGlua1V0aWxzCiAgICB0cnkgewogICAgICAgICRsaW5rX2luZm8gPSBHZXQtTGluayAtbGlua19wYXRoICRpbmZvLkZ1bGxOYW1lCiAgICB9IGNhdGNoIHsKICAgICAgICBBZGQtV2FybmluZyAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBjaGVjay9nZXQgbGluayBpbmZvIGZvciBmaWxlOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgIH0KICAgIGlmICgkbGlua19pbmZvIC1uZSAkbnVsbCkgewogICAgICAgIHN3aXRjaCAoJGxpbmtfaW5mby5UeXBlKSB7CiAgICAgICAgICAgICJTeW1ib2xpY0xpbmsiIHsKICAgICAgICAgICAgICAgICRzdGF0LmlzbG5rID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJKdW5jdGlvblBvaW50IiB7CiAgICAgICAgICAgICAgICAkc3RhdC5pc2p1bmN0aW9uID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJIYXJkTGluayIgewogICAgICAgICAgICAgICAgJHN0YXQubG5rX3R5cGUgPSAiaGFyZCIKICAgICAgICAgICAgICAgICRzdGF0Lm5saW5rID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cy5Db3VudAoKICAgICAgICAgICAgICAgICMgcmVtb3ZlIGN1cnJlbnQgcGF0aCBmcm9tIHRoZSB0YXJnZXRzCiAgICAgICAgICAgICAgICAkaGxua190YXJnZXRzID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cyB8IFdoZXJlLU9iamVjdCB7ICRfIC1uZSAkc3RhdC5wYXRoIH0KICAgICAgICAgICAgICAgICRzdGF0LmhsbmtfdGFyZ2V0cyA9IEAoJGhsbmtfdGFyZ2V0cykKICAgICAgICAgICAgICAgIGJyZWFrCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9CgogICAgJHJlc3VsdC5zdGF0ID0gJHN0YXQKfQoKRXhpdC1Kc29uICRyZXN1bHQK", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "stat", "_ansible_debug": false, "_ansible_verbosity": 3, "_ansible_keep_remote_fil ScriptBlock ID: a0ba99c1-9c16-405c-8082-ab4ef1751182 Path:	4104	1		3	2	15	0	2046	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1032	4148	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:36 PM	7f70462d-725d-0000-c6ac-757f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (7 of 9): uZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV ScriptBlock ID: a0ba99c1-9c16-405c-8082-ab4ef1751182 Path:	4104	1		3	2	15	0	2045	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1032	4148	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:36 PM	7f70462d-725d-0000-c6ac-757f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (6 of 9): XRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgdG8gY3JlYXRlIGp1bmN0aW9uIHBvaW50IGF0IHswfSB0byB7MX0iLCBsaW5rUGF0aCwgbGlua1RhcmdldCkpOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZmlsZUhhbmRsZS5EaXNwb3NlKCk7CiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9Cn0KJ0AKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRsaW5rX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKICAgIEltcG9ydC1Qcml2aWxlZ2VVdGlsCiAgICAjIGVuYWJsZSB0aGUgU2VCYWNrdXBQcml2aWxlZ2UgaWYgaXQgaXMgZGlzYWJsZWQKICAgICRzdGF0ZSA9IEdldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQmFja3VwUHJpdmlsZWdlCiAgICBpZiAoJHN0YXRlIC1lcSAkZmFsc2UpIHsKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZSAtTmFtZSBTZUJhY2t1cFByaXZpbGVnZSAtVmFsdWUgJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUxpbmsoJGxpbmtfcGF0aCkgewogICAgJGxpbmtfaW5mbyA9IFtBbnNpYmxlLkxpbmtVdGlsXTo6R2V0TGlua0luZm8oJGxpbmtfcGF0aCkKICAgIHJldHVybiAkbGlua19pbmZvCn0KCkZ1bmN0aW9uIFJlbW92ZS1MaW5rKCRsaW5rX3BhdGgpIHsKICAgIFtBbnNpYmxlLkxpbmtVdGlsXTo6RGVsZXRlTGluaygkbGlua19wYXRoKQp9CgpGdW5jdGlvbiBOZXctTGluaygkbGlua19wYXRoLCAkbGlua190YXJnZXQsICRsaW5rX3R5cGUpIHsKICAgIGlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0KSkgewogICAgICAgIHRocm93ICJsaW5rX3RhcmdldCAnJGxpbmtfdGFyZ2V0JyBkb2VzIG5vdCBleGlzdCwgY2Fubm90IGNyZWF0ZSBsaW5rIgogICAgfQogICAgCiAgICBzd2l0Y2goJGxpbmtfdHlwZSkgewogICAgICAgICJsaW5rIiB7CiAgICAgICAgICAgICR0eXBlID0gW0Fuc2libGUuTGlua1R5cGVdOjpTeW1ib2xpY0xpbmsKICAgICAgICB9CiAgICAgICAgImp1bmN0aW9uIiB7CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGp1bmN0aW9uIHBvaW50IHRvIGEgZmlsZSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SnVuY3Rpb25Qb2ludAogICAgICAgIH0KICAgICAgICAiaGFyZCIgewogICAgICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRsaW5rX3RhcmdldCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGhhcmQgbGluayB0byBhIGRpcmVjdG9yeSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SGFyZExpbmsKICAgICAgICB9CiAgICAgICAgZGVmYXVsdCB7IHRocm93ICJpbnZhbGlkIGxpbmtfdHlwZSBvcHRpb24gJCgkbGlua190eXBlKTogZXhwZWN0aW5nIGxpbmssIGp1bmN0aW9uLCBoYXJkIiB9CiAgICB9CiAgICBbQW5zaWJsZS5MaW5rVXRpbF06OkNyZWF0ZUxpbmsoJGxpbmtfcGF0aCwgJGxpbmtfdGFyZ2V0LCAkdHlwZSkKfQoKIyB0aGlzIGxpbmUgbXVzdCBzdGF5IGF0IHRoZSBib3R0b20gdG8gZW5zdXJlIGFsbCBkZWZpbmVkIG1vZHVsZSBwYXJ0cyBhcmUgZXhwb3J0ZWQKRXhwb3J0LU1vZHVsZU1lbWJlciAtQWxpYXMgKiAtRnVuY3Rpb24gKiAtQ21kbGV0ICoK", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2V ScriptBlock ID: a0ba99c1-9c16-405c-8082-ab4ef1751182 Path:	4104	1		3	2	15	0	2044	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1032	4148	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:36 PM	7f70462d-725d-0000-c6ac-757f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 9): yhsaW5rVGFyZ2V0KTsKICAgICAgICAgICAgICAgICAgICBpZiAoYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICAgICAgICAgIGxpbmtGbGFncyA9IFNZTUJPTElDX0xJTktfRkxBR19ESVJFQ1RPUlk7CiAgICAgICAgICAgICAgICAgICAgZWxzZQogICAgICAgICAgICAgICAgICAgICAgICBsaW5rRmxhZ3MgPSBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRTsKCiAgICAgICAgICAgICAgICAgICAgaWYgKCFDcmVhdGVTeW1ib2xpY0xpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIGxpbmtGbGFncykpCiAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZVN5bWJvbGljTGluayh7MH0sIHsxfSwgezJ9KSBmYWlsZWQiLCBsaW5rUGF0aCwgbGlua1RhcmdldCwgbGlua0ZsYWdzKSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkp1bmN0aW9uUG9pbnQ6CiAgICAgICAgICAgICAgICAgICAgQ3JlYXRlSnVuY3Rpb25Qb2ludChsaW5rUGF0aCwgbGlua1RhcmdldCk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkhhcmRMaW5rOgogICAgICAgICAgICAgICAgICAgIGlmICghQ3JlYXRlSGFyZExpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlSGFyZExpbmsoezB9LCB7MX0pIGZhaWxlZCIsIGxpbmtQYXRoLCBsaW5rVGFyZ2V0KSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgIH0KICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIExpbmtJbmZvIEdldEhhcmRMaW5rSW5mbyhzdHJpbmcgbGlua1BhdGgpCiAgICAgICAgewogICAgICAgICAgICBVSW50MzIgbWF4UGF0aCA9IDI2MDsKICAgICAgICAgICAgTGlzdDxzdHJpbmc+IHJlc3VsdCA9IG5ldyBMaXN0PHN0cmluZz4oKTsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgc2IgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KW1heFBhdGgpOwogICAgICAgICAgICBVSW50MzIgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgaWYgKCFHZXRWb2x1bWVQYXRoTmFtZShsaW5rUGF0aCwgc2IsIHJlZiBzdHJpbmdMZW5ndGgpKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oIkdldFZvbHVtZVBhdGhOYW1lKCkgZmFpbGVkIik7CiAgICAgICAgICAgIHN0cmluZyB2b2x1bWUgPSBzYi5Ub1N0cmluZygpOwoKICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgSW50UHRyIGZpbmRIYW5kbGUgPSBGaW5kRmlyc3RGaWxlTmFtZVcobGlua1BhdGgsIDAsIHJlZiBzdHJpbmdMZW5ndGgsIHNiKTsKICAgICAgICAgICAgaWYgKGZpbmRIYW5kbGUuVG9JbnQ2NCgpICE9IElOVkFMSURfSEFORExFX1ZBTFVFKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBkbwogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nIGhhcmRMaW5rUGF0aCA9IHNiLlRvU3RyaW5nKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChoYXJkTGlua1BhdGguU3RhcnRzV2l0aCgiXFwiKSkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIGhhcmRMaW5rUGF0aCA9IGhhcmRMaW5rUGF0aC5TdWJzdHJpbmcoMSwgaGFyZExpbmtQYXRoLkxlbmd0aCAtIDEpOwoKICAgICAgICAgICAgICAgICAgICAgICAgcmVzdWx0LkFkZChQYXRoLkNvbWJpbmUodm9sdW1lLCBoYXJkTGlua1BhdGgpKTsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKCiAgICAgICAgICAgICAgICAgICAgfSB3aGlsZSAoRmluZE5leHRGaWxlTmFtZVcoZmluZEhhbmRsZSwgcmVmIHN0cmluZ0xlbmd0aCwgc2IpKTsKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBGaW5kQ2xvc2UoZmluZEhhbmRsZSk7CiAgICAgICAgICAgICAgICB9ICAgICAgICAgICAgICAgIAogICAgICAgICAgICB9CgogICAgICAgICAgICBpZiAocmVzdWx0LkNvdW50ID4gMSkKICAgICAgICAgICAgICAgIHJldHVybiBuZXcgTGlua0luZm8KICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBUeXBlID0gTGlua1R5cGUuSGFyZExpbmssCiAgICAgICAgICAgICAgICAgICAgSGFyZFRhcmdldHMgPSByZXN1bHQuVG9BcnJheSgpCiAgICAgICAgICAgICAgICB9OwoKICAgICAgICAgICAgcmV0dXJuIG51bGw7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBMaW5rSW5mbyBHZXRSZXBhcnNlUG9pbnRJbmZvKHN0cmluZyBsaW5rUGF0aCkKICAgICAgICB7CiAgICAgICAgICAgIFNhZmVGaWxlSGFuZGxlIGZpbGVIYW5kbGUgPSBDcmVhdGVGaWxlKAogICAgICAgICAgICAgICAgbGlua1BhdGgsCiAgICAgICAgICAgICAgICBGaWxlQWNjZXNzLlJlYWQsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuTm9uZSwKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgRmlsZU1vZGUuT3BlbiwKICAgICAgICAgICAgICAgIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgfCBGSUxFX0ZMQUdfQkFDS1VQX1NFTUFOVElDUywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKTsKCiAgICAgICAgICAgIGlmIChmaWxlSGFuZGxlLklzSW52YWxpZCkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZUZpbGUoezB9KSBmYWlsZWQiLCBsaW5rUGF0aCkpOyAgICAgICAgICAgIAoKICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfR0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICAgICAgMCwKICAgICAgICAgICAgICAgICAgICBvdXQgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIE1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgZm9yIGZpbGUgYXQgezB9IiwgbGlua1BhdGgpKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUuRGlzcG9zZSgpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBib29sIGlzUmVsYXRpdmUgPSBmYWxzZTsKICAgICAgICAgICAgaW50IHBhdGhPZmZzZXQgPSAwOwogICAgICAgICAgICBMaW5rVHlwZSBsaW5rVHlwZTsKICAgICAgICAgICAgaWYgKGJ1ZmZlci5SZXBhcnNlVGFnID09IElPX1JFUEFSU0VfVEFHX1NZTUxJTkspCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFVJbnQzMiBidWZmZXJGbGFncyA9IENvbnZlcnQuVG9VSW50MzIoYnVmZmVyLlBhdGhCdWZmZXJbMF0pICsgQ29udmVydC5Ub1VJbnQzMihidWZmZXIuUGF0aEJ1ZmZlclsxXSk7CiAgICAgICAgICAgICAgICBpZiAoYnVmZmVyRmxhZ3MgPT0gU1lNTElOS19GTEFHX1JFTEFUSVZFKQogICAgICAgICAgICAgICAgICAgIGlzUmVsYXRpdmUgPSB0cnVlOwogICAgICAgICAgICAgICAgcGF0aE9mZnNldCA9IDI7CiAgICAgICAgICAgICAgICBsaW5rVHlwZSA9IExpbmtUeXBlLlN5bWJvbGljTGluazsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlIGlmIChidWZmZXIuUmVwYXJzZVRhZyA9PSBJT19SRVBBUlNFX1RBR19NT1VOVF9QT0lOVCkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgbGlua1R5cGUgPSBMaW5rVHlwZS5KdW5jdGlvblBvaW50OwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIGVycm9yTWVzc2FnZSA9IFN0cmluZy5Gb3JtYXQoIkludmFsaWQgUmVwYXJzZSBUYWc6IHswfSIsIGJ1ZmZlci5SZXBhcnNlVGFnLlRvU3RyaW5nKCkpOwogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEV4Y2VwdGlvbihlcnJvck1lc3NhZ2UpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBzdHJpbmcgcHJpbnROYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlByaW50TmFtZU9mZnNldCAvIFNJWkVfT0ZfV0NIQVIpICsgcGF0aE9mZnNldCwgKGludCkoYnVmZmVyLlByaW50TmFtZUxlbmd0aCAvIFNJWkVfT0ZfV0NIQVIpKTsKICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0IC8gU0laRV9PRl9XQ0hBUikgKyBwYXRoT2Zmc2V0LCAoaW50KShidWZmZXIuU3Vic3RpdHV0ZU5hbWVMZW5ndGggLyBTSVpFX09GX1dDSEFSKSk7CgogICAgICAgICAgICAvLyBUT0RPOiBzaG91bGQgd2UgY2hlY2sgZm9yIFw/XFVOQ1xzZXJ2ZXIgZm9yIGNvbnZlcnQgaXQgdG8gdGhlIE5UIHN0eWxlIFxcc2VydmVyIHBhdGgKICAgICAgICAgICAgLy8gUmVtb3ZlIHRoZSBsZWFkaW5nIFdpbmRvd3Mgb2JqZWN0IGRpcmVjdG9yeSBcP1wgZnJvbSB0aGUgcGF0aCBpZiBwcmVzZW50CiAgICAgICAgICAgIHN0cmluZyB0YXJnZXRQYXRoID0gc3Vic3RpdHV0ZU5hbWU7CiAgICAgICAgICAgIGlmICh0YXJnZXRQYXRoLlN0YXJ0c1dpdGgoIlxcPz9cXCIpKQogICAgICAgICAgICAgICAgdGFyZ2V0UGF0aCA9IHRhcmdldFBhdGguU3Vic3RyaW5nKDQsIHRhcmdldFBhdGguTGVuZ3RoIC0gNCk7CgogICAgICAgICAgICBzdHJpbmcgYWJzb2x1dGVQYXRoID0gdGFyZ2V0UGF0aDsKICAgICAgICAgICAgaWYgKGlzUmVsYXRpdmUpCiAgICAgICAgICAgICAgICBhYnNvbHV0ZVBhdGggPSBQYXRoLkdldEZ1bGxQYXRoKFBhdGguQ29tYmluZShuZXcgRmlsZUluZm8obGlua1BhdGgpLkRpcmVjdG9yeS5GdWxsTmFtZSwgdGFyZ2V0UGF0aCkpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBMaW5rSW5mbwogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBUeXBlID0gbGlua1R5cGUsCiAgICAgICAgICAgICAgICBQcmludE5hbWUgPSBwcmludE5hbWUsCiAgICAgICAgICAgICAgICBTdWJzdGl0dXRlTmFtZSA9IHN1YnN0aXR1dGVOYW1lLAogICAgICAgICAgICAgICAgQWJzb2x1dGVQYXRoID0gYWJzb2x1dGVQYXRoLAogICAgICAgICAgICAgICAgVGFyZ2V0UGF0aCA9IHRhcmdldFBhdGgKICAgICAgICAgICAgfTsKICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIHZvaWQgQ3JlYXRlSnVuY3Rpb25Qb2ludChzdHJpbmcgbGlua1BhdGgsIHN0cmluZyBsaW5rVGFyZ2V0KQogICAgICAgIHsKICAgICAgICAgICAgLy8gV2UgbmVlZCB0byBjcmVhdGUgdGhlIGxpbmsgYXMgYSBkaXIgYmVmb3JlaGFuZAogICAgICAgICAgICBEaXJlY3RvcnkuQ3JlYXRlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgZmlsZUhhbmRsZSA9IENyZWF0ZUZpbGUoCiAgICAgICAgICAgICAgICBsaW5rUGF0aCwKICAgICAgICAgICAgICAgIEZpbGVBY2Nlc3MuV3JpdGUsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuUmVhZCB8IEZpbGVTaGFyZS5Xcml0ZSB8IEZpbGVTaGFyZS5Ob25lLAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICBGaWxlTW9kZS5PcGVuLAogICAgICAgICAgICAgICAgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgfCBGSUxFX0ZMQUdfT1BFTl9SRVBBUlNFX1BPSU5ULAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8pOwoKICAgICAgICAgICAgaWYgKGZpbGVIYW5kbGUuSXNJbnZhbGlkKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlRmlsZSh7MH0pIGZhaWxlZCIsIGxpbmtQYXRoKSk7CgogICAgICAgICAgICB0cnkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gIlxcPz9cXCIgKyBQYXRoLkdldEZ1bGxQYXRoKGxpbmtUYXJnZXQpOwogICAgICAgICAgICAgICAgc3RyaW5nIHByaW50TmFtZSA9IGxpbmtUYXJnZXQ7CgogICAgICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICAgICAgYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0ID0gMDsKICAgICAgICAgICAgICAgIGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCA9IChVSW50MTYpKHN1YnN0aXR1dGVOYW1lLkxlbmd0aCAqIFNJWkVfT0ZfV0NIQVIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZU9mZnNldCA9IChVSW50MTYpKGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCArIDIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZUxlbmd0aCA9IChVSW50MTYpKHByaW50TmFtZS5MZW5ndGggKiBTSVpFX09GX1dDSEFSKTsKCiAgICAgICAgICAgICAgICBidWZmZXIuUmVwYXJzZVRhZyA9IElPX1JFUEFSU0VfVEFHX01PVU5UX1BPSU5UOwogICAgICAgICAgICAgICAgYnVmZmVyLlJlcGFyc2VEYXRhTGVuZ3RoID0gKFVJbnQxNikoYnVmZmVyLlN1YnN0aXR1dGVOYW1lTGVuZ3RoICsgYnVmZmVyLlByaW50TmFtZUxlbmd0aCArIDEyKTsKICAgICAgICAgICAgICAgIGJ1ZmZlci5QYXRoQnVmZmVyID0gbmV3IGNoYXJbTUFYSU1VTV9SRVBBUlNFX0RBVEFfQlVGRkVSX1NJWkVdOwoKICAgICAgICAgICAgICAgIGJ5dGVbXSB1bmljb2RlQnl0ZXMgPSBFbmNvZGluZy5Vbmljb2RlLkdldEJ5dGVzKHN1YnN0aXR1dGVOYW1lICsgIlwwIiArIHByaW50TmFtZSk7CiAgICAgICAgICAgICAgICBjaGFyW10gcGF0aEJ1ZmZlciA9IEVuY29kaW5nLlVuaWNvZGUuR2V0Q2hhcnModW5pY29kZUJ5dGVzKTsKICAgICAgICAgICAgICAgIEFycmF5LkNvcHkocGF0aEJ1ZmZlciwgYnVmZmVyLlBhdGhCdWZmZXIsIHBhdGhCdWZmZXIuTGVuZ3RoKTsKCiAgICAgICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIChVSW50MzIpKGJ1ZmZlci5SZXBhcnNlRGF0YUxlbmd0aCArIDgpLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLCAwLAogICAgICAgICAgICAgICAgICAgIG91dCBie ScriptBlock ID: a0ba99c1-9c16-405c-8082-ab4ef1751182 Path:	4104	1		3	2	15	0	2043	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1032	4148	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:36 PM	7f70462d-725d-0000-c6ac-757f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 9): SB7CiAgICAgICAgJG5ld19zdGF0ZSA9IE5ldy1PYmplY3QgLVR5cGVOYW1lICdTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5EaWN0aW9uYXJ5YDJbW1N5c3RlbS5TdHJpbmddLCBbU3lzdGVtLk51bGxhYmxlYDFbU3lzdGVtLkJvb2xlYW5dXV0nCiAgICAgICAgJG5ld19zdGF0ZS5BZGQoJE5hbWUsICRWYWx1ZSkKICAgICAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3NfdG9rZW4sICRuZXdfc3RhdGUpID4gJG51bGwKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gSW1wb3J0LVByaXZpbGVnZVV0aWwsIEdldC1BbnNpYmxlUHJpdmlsZWdlLCBTZXQtQW5zaWJsZVByaXZpbGVnZSBgCiAgICAtVmFyaWFibGUgYW5zaWJsZV9wcml2aWxlZ2VfdXRpbF9uYW1lc3BhY2VzLCBhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGU=", "Ansible.ModuleUtils.LinkUtil": "ICMgQ29weXJpZ2h0IChjKSAyMDE3IEFuc2libGUgUHJvamVjdAogIyBTaW1wbGlmaWVkIEJTRCBMaWNlbnNlIChzZWUgbGljZW5zZXMvc2ltcGxpZmllZF9ic2QudHh0IG9yIGh0dHBzOi8vb3BlbnNvdXJjZS5vcmcvbGljZW5zZXMvQlNELTItQ2xhdXNlKQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Qcml2aWxlZ2VVdGlsCgpGdW5jdGlvbiBMb2FkLUxpbmtVdGlscygpIHsKICAgICRsaW5rX3V0aWwgPSBAJwp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWM7CnVzaW5nIFN5c3RlbS5JTzsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwp1c2luZyBTeXN0ZW0uVGV4dDsKCm5hbWVzcGFjZSBBbnNpYmxlCnsKICAgIHB1YmxpYyBlbnVtIExpbmtUeXBlCiAgICB7CiAgICAgICAgU3ltYm9saWNMaW5rLAogICAgICAgIEp1bmN0aW9uUG9pbnQsCiAgICAgICAgSGFyZExpbmsKICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CgogICAgICAgIHB1YmxpYyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIExpbmtVdGlsV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgb3ZlcnJpZGUgc3RyaW5nIE1lc3NhZ2UgeyBnZXQgeyByZXR1cm4gX21zZzsgfSB9CiAgICAgICAgcHVibGljIHN0YXRpYyBleHBsaWNpdCBvcGVyYXRvciBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBMaW5rSW5mbwogICAgewogICAgICAgIHB1YmxpYyBMaW5rVHlwZSBUeXBlIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICBwdWJsaWMgc3RyaW5nIFByaW50TmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBTdWJzdGl0dXRlTmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBBYnNvbHV0ZVBhdGggeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIHB1YmxpYyBzdHJpbmcgVGFyZ2V0UGF0aCB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZ1tdIEhhcmRUYXJnZXRzIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgIH0KCiAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICBwdWJsaWMgc3RydWN0IFJFUEFSU0VfREFUQV9CVUZGRVIKICAgIHsKICAgICAgICBwdWJsaWMgVUludDMyIFJlcGFyc2VUYWc7CiAgICAgICAgcHVibGljIFVJbnQxNiBSZXBhcnNlRGF0YUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFJlc2VydmVkOwogICAgICAgIHB1YmxpYyBVSW50MTYgU3Vic3RpdHV0ZU5hbWVPZmZzZXQ7CiAgICAgICAgcHVibGljIFVJbnQxNiBTdWJzdGl0dXRlTmFtZUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZU9mZnNldDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZUxlbmd0aDsKCiAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkJ5VmFsQXJyYXksIFNpemVDb25zdCA9IExpbmtVdGlsLk1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFKV0KICAgICAgICBwdWJsaWMgY2hhcltdIFBhdGhCdWZmZXI7CiAgICB9CgogICAgcHVibGljIGNsYXNzIExpbmtVdGlsCiAgICB7CiAgICAgICAgcHVibGljIGNvbnN0IGludCBNQVhJTVVNX1JFUEFSU0VfREFUQV9CVUZGRVJfU0laRSA9IDEwMjQgKiAxNjsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgPSAweDAyMDAwMDAwOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgPSAweDAwMjAwMDAwOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBGU0NUTF9HRVRfUkVQQVJTRV9QT0lOVCA9IDB4MDAwOTAwQTg7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQgPSAweDAwMDkwMEE0OwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfREVWSUNFX0ZJTEVfU1lTVEVNID0gMHgwMDA5MDAwMDsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgSU9fUkVQQVJTRV9UQUdfTU9VTlRfUE9JTlQgPSAweEEwMDAwMDAzOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIElPX1JFUEFSU0VfVEFHX1NZTUxJTksgPSAweEEwMDAwMDBDOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1MSU5LX0ZMQUdfUkVMQVRJVkUgPSAweDAwMDAwMDAxOwoKICAgICAgICBwcml2YXRlIGNvbnN0IEludDY0IElOVkFMSURfSEFORExFX1ZBTFVFID0gLTE7CgogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIFNJWkVfT0ZfV0NIQVIgPSAyOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRSA9IDB4MDAwMDAwMDA7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgU1lNQk9MSUNfTElOS19GTEFHX0RJUkVDVE9SWSA9IDB4MDAwMDAwMDE7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBTYWZlRmlsZUhhbmRsZSBDcmVhdGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLlU0KV0gRmlsZUFjY2VzcyBkd0Rlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5VNCldIEZpbGVTaGFyZSBkd1NoYXJlTW9kZSwKICAgICAgICAgICAgSW50UHRyIGxwU2VjdXJpdHlBdHRyaWJ1dGVzLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuVTQpXSBGaWxlTW9kZSBkd0NyZWF0aW9uRGlzcG9zaXRpb24sCiAgICAgICAgICAgIFVJbnQzMiBkd0ZsYWdzQW5kQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGhUZW1wbGF0ZUZpbGUpOwoKICAgICAgICAvLyBVc2VkIGJ5IEdldFJlcGFyc2VQb2ludEluZm8oKQogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIERldmljZUlvQ29udHJvbCgKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaERldmljZSwKICAgICAgICAgICAgVUludDMyIGR3SW9Db250cm9sQ29kZSwKICAgICAgICAgICAgSW50UHRyIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgUkVQQVJTRV9EQVRBX0JVRkZFUiBscE91dEJ1ZmZlciwKICAgICAgICAgICAgVUludDMyIG5PdXRCdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgVUludDMyIGxwQnl0ZXNSZXR1cm5lZCwKICAgICAgICAgICAgSW50UHRyIGxwT3ZlcmxhcHBlZCk7CgogICAgICAgIC8vIFVzZWQgYnkgQ3JlYXRlSnVuY3Rpb25Qb2ludCgpCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIGJvb2wgRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICBTYWZlRmlsZUhhbmRsZSBoRGV2aWNlLAogICAgICAgICAgICBVSW50MzIgZHdJb0NvbnRyb2xDb2RlLAogICAgICAgICAgICBSRVBBUlNFX0RBVEFfQlVGRkVSIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBJbnRQdHIgbHBPdXRCdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuT3V0QnVmZmVyU2l6ZSwKICAgICAgICAgICAgb3V0IFVJbnQzMiBscEJ5dGVzUmV0dXJuZWQsCiAgICAgICAgICAgIEludFB0ciBscE92ZXJsYXBwZWQpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBHZXRWb2x1bWVQYXRoTmFtZSgKICAgICAgICAgICAgc3RyaW5nIGxwc3pGaWxlTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscHN6Vm9sdW1lUGF0aE5hbWUsCiAgICAgICAgICAgIHJlZiBVSW50MzIgY2NoQnVmZmVyTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIEludFB0ciBGaW5kRmlyc3RGaWxlTmFtZVcoCiAgICAgICAgICAgIHN0cmluZyBscEZpbGVOYW1lLAogICAgICAgICAgICBVSW50MzIgZHdGbGFncywKICAgICAgICAgICAgcmVmIFVJbnQzMiBTdHJpbmdMZW5ndGgsCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgTGlua05hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBGaW5kTmV4dEZpbGVOYW1lVygKICAgICAgICAgICAgSW50UHRyIGhGaW5kU3RyZWFtLAogICAgICAgICAgICByZWYgVUludDMyIFN0cmluZ0xlbmd0aCwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBMaW5rTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEZpbmRDbG9zZSgKICAgICAgICAgICAgSW50UHRyIGhGaW5kRmlsZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeSgKICAgICAgICAgICAgc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBEZWxldGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIENyZWF0ZVN5bWJvbGljTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwU3ltbGlua0ZpbGVOYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBUYXJnZXRGaWxlTmFtZSwKICAgICAgICAgICAgVUludDMyIGR3RmxhZ3MpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVIYXJkTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwRmlsZU5hbWUsCiAgICAgICAgICAgIHN0cmluZyBscEV4aXN0aW5nRmlsZU5hbWUsCiAgICAgICAgICAgIEludFB0ciBscFNlY3VyaXR5QXR0cmlidXRlcyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgTGlua0luZm8gR2V0TGlua0luZm8oc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rUGF0aCk7CiAgICAgICAgICAgIGlmIChhdHRyLkhhc0ZsYWcoRmlsZUF0dHJpYnV0ZXMuUmVwYXJzZVBvaW50KSkKICAgICAgICAgICAgICAgIHJldHVybiBHZXRSZXBhcnNlUG9pbnRJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIGlmICghYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICByZXR1cm4gR2V0SGFyZExpbmtJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIHJldHVybiBudWxsOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUxpbmsoc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgYm9vbCBzdWNjZXNzOwogICAgICAgICAgICBGaWxlQXR0cmlidXRlcyBhdHRyID0gRmlsZS5HZXRBdHRyaWJ1dGVzKGxpbmtQYXRoKTsKICAgICAgICAgICAgaWYgKGF0dHIuSGFzRmxhZyhGaWxlQXR0cmlidXRlcy5EaXJlY3RvcnkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzdWNjZXNzID0gUmVtb3ZlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIHN1Y2Nlc3MgPSBEZWxldGVGaWxlKGxpbmtQYXRoKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgaWYgKCFzdWNjZXNzKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRmFpbGVkIHRvIGRlbGV0ZSBsaW5rIGF0IHswfSIsIGxpbmtQYXRoKSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgQ3JlYXRlTGluayhzdHJpbmcgbGlua1BhdGgsIFN0cmluZyBsaW5rVGFyZ2V0LCBMaW5rVHlwZSBsaW5rVHlwZSkKICAgICAgICB7CiAgICAgICAgICAgIHN3aXRjaCAobGlua1R5cGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGNhc2UgTGlua1R5cGUuU3ltYm9saWNMaW5rOgogICAgICAgICAgICAgICAgICAgIFVJbnQzMiBsaW5rRmxhZ3M7CiAgICAgICAgICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlc ScriptBlock ID: a0ba99c1-9c16-405c-8082-ab4ef1751182 Path:	4104	1		3	2	15	0	2042	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1032	4148	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:36 PM	7f70462d-725d-0000-c6ac-757f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 9): GVyckNvZGUgIT0gMCkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihlcnJDb2RlLCAiQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKCkgZmFpbGVkIik7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBNYXJzaGFsIHRoZSBvbGRTdGF0ZVB0ciB0byB0aGUgc3RydWN0CiAgICAgICAgICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUyBvbGRTdGF0ZSA9IChOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShvbGRTdGF0ZVB0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgICAgICBvbGRTdGF0ZVByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW29sZFN0YXRlLlByaXZpbGVnZUNvdW50XTsKICAgICAgICAgICAgICAgICAgICAgICAgUHRyVG9TdHJ1Y3R1cmVBcnJheShvbGRTdGF0ZVByaXZpbGVnZXMsIEludFB0ci5BZGQob2xkU3RhdGVQdHIsIE1hcnNoYWwuU2l6ZU9mKG9sZFN0YXRlLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBNYXJzaGFsLkZyZWVIR2xvYmFsKG9sZFN0YXRlUHRyKTsKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5DbG9zZUhhbmRsZShoVG9rZW4pOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaWYgKG5ld1N0YXRlUHRyICE9IEludFB0ci5aZXJvKQogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwobmV3U3RhdGVQdHIpOwogICAgICAgICAgICB9CgogICAgICAgICAgICByZXR1cm4gb2xkU3RhdGVQcml2aWxlZ2VzLlRvRGljdGlvbmFyeShwID0+IEdldFByaXZpbGVnZU5hbWUocC5MdWlkKSwgcCA9PiAoYm9vbD8pcC5BdHRyaWJ1dGVzLkhhc0ZsYWcoUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBzdHJpbmcgR2V0UHJpdmlsZWdlTmFtZShOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZCkKICAgICAgICB7CiAgICAgICAgICAgIFVJbnQzMiBuYW1lTGVuID0gMDsKICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5Mb29rdXBQcml2aWxlZ2VOYW1lKG51bGwsIHJlZiBsdWlkLCBudWxsLCByZWYgbmFtZUxlbik7CgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIG5hbWUgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KShuYW1lTGVuICsgMSkpOwogICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuTG9va3VwUHJpdmlsZWdlTmFtZShudWxsLCByZWYgbHVpZCwgbmFtZSwgcmVmIG5hbWVMZW4pKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJMb29rdXBQcml2aWxlZ2VOYW1lKCkgZmFpbGVkIik7CgogICAgICAgICAgICByZXR1cm4gbmFtZS5Ub1N0cmluZygpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBQdHJUb1N0cnVjdHVyZUFycmF5PFQ+KFRbXSBhcnJheSwgSW50UHRyIHB0cikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBwdHJPZmZzZXQgPSBwdHI7CiAgICAgICAgICAgIGZvciAoaW50IGkgPSAwOyBpIDwgYXJyYXkuTGVuZ3RoOyBpKyssIHB0ck9mZnNldCA9IEludFB0ci5BZGQocHRyT2Zmc2V0LCBNYXJzaGFsLlNpemVPZih0eXBlb2YoVCkpKSkKICAgICAgICAgICAgICAgIGFycmF5W2ldID0gKFQpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShwdHJPZmZzZXQsIHR5cGVvZihUKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBpbnQgU3RydWN0dXJlVG9CeXRlczxUPihUIHN0cnVjdHVyZSwgYnl0ZVtdIGFycmF5LCBpbnQgb2Zmc2V0KQogICAgICAgIHsKICAgICAgICAgICAgaW50IHNpemUgPSBNYXJzaGFsLlNpemVPZihzdHJ1Y3R1cmUpOwogICAgICAgICAgICBJbnRQdHIgc3RydWN0UHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoc2l6ZSk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBNYXJzaGFsLlN0cnVjdHVyZVRvUHRyKHN0cnVjdHVyZSwgc3RydWN0UHRyLCBmYWxzZSk7CiAgICAgICAgICAgICAgICBNYXJzaGFsLkNvcHkoc3RydWN0UHRyLCBhcnJheSwgb2Zmc2V0LCBzaXplKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwoc3RydWN0UHRyKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgcmV0dXJuIHNpemU7CiAgICAgICAgfQogICAgfQp9CidACgpGdW5jdGlvbiBJbXBvcnQtUHJpdmlsZWdlVXRpbCB7CiAgICA8IwogICAgLlNZTk9QU0lTCiAgICBDb21waWxlcyB0aGUgQyMgY29kZSB0aGF0IGNhbiBiZSB1c2VkIHRvIG1hbmFnZSBXaW5kb3dzIHByaXZpbGVnZXMgZnJvbSBhbgogICAgQW5zaWJsZSBtb2R1bGUuIE9uY2UgdGhpcyBmdW5jdGlvbiBpcyBjYWxsZWQsIHRoZSBmb2xsb3dpbmcgUG93ZXJTaGVsbAogICAgY21kbGV0cyBjYW4gYmUgdXNlZDsKCiAgICAgICAgR2V0LUFuc2libGVQcml2aWxlZ2UKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZQoKICAgIFRoZSBhYm92ZSBjbWRsZXRzIGdpdmUgdGhlIGFiaWxpdHkgdG8gbWFuYWdlIHBlcm1pc3Npb25zIG9uIHRoZSBjdXJyZW50CiAgICBwcm9jZXNzIHRva2VuIGJ1dCB0aGUgdW5kZXJseWluZyAuTkVUIGNsYXNzZXMgYXJlIGFsc28gZXhwb3NlZCBmb3IgZ3JlYXRlcgogICAgY29udHJvbC4gVGhlIGZvbGxvd2luZyBmdW5jdGlvbnMgY2FuIGJlIHVzZWQgYnkgY2FsbGluZyB0aGUgLk5FVCBjbGFzcwoKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkbmFtZSkKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkRpc2FibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6RGlzYWJsZUFsbFByaXZpbGVnZXMoJHByb2Nlc3MpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpFbmFibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2VzcykKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OlJlbW92ZVByaXZpbGVnZSgkcHJvY2VzcywgJG5hbWUpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3MsICRuZXdfc3RhdGUpCgogICAgSGVyZSBpcyBhIGJyaWVmIGV4cGxhbmF0aW9uIG9mIGVhY2ggdHlwZSBvZiBhcmcKICAgICRwcm9jZXNzID0gVGhlIHByb2Nlc3MgaGFuZGxlIHRvIG1hbmlwdWxhdGUsIHVzZSAnW0Fuc2libGUuUHJpdmlsZWdlVXRpbHMuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCknIHRvIGdldCB0aGUgY3VycmVudCBwcm9jZXNzIGhhbmRsZQogICAgJG5hbWUgPSBUaGUgbmFtZSBvZiB0aGUgcHJpdmlsZWdlLCB0aGlzIGlzIHRoZSBjb25zdGFudCB2YWx1ZSBmcm9tIGh0dHBzOi8vZG9jcy5taWNyb3NvZnQuY29tL2VuLXVzL3dpbmRvd3MvZGVza3RvcC9TZWNBdXRoWi9wcml2aWxlZ2UtY29uc3RhbnRzLCBlLmcuIFNlQXVkaXRQcml2aWxlZ2UKICAgICRuZXdfc3RhdGUgPSAnU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuRGljdGlvbmFyeWAyW1tTeXN0ZW0uU3RyaW5nXSwgW1N5c3RlbS5OdWxsYWJsZWAxW1N5c3RlbS5Cb29sZWFuXV1dJwogICAgICAgIFRoZSBrZXkgaXMgdGhlIGNvbnN0YW50IG5hbWUgYXMgYSBzdHJpbmcsIHRoZSB2YWx1ZSBpcyBhIHRlcm5hcnkgYm9vbGVhbiB3aGVyZQogICAgICAgICAgICB0cnVlIC0gd2lsbCBlbmFibGUgdGhlIHByaXZpbGVnZQogICAgICAgICAgICBmYWxzZSAtIHdpbGwgZGlzYWJsZSB0aGUgcHJpdmlsZWdlCiAgICAgICAgICAgIG51bGwgLSB3aWxsIHJlbW92ZSB0aGUgcHJpdmlsZWdlCgogICAgRWFjaCBtZXRob2QgdGhhdCBjaGFuZ2VzIHRoZSBwcml2aWxlZ2Ugc3RhdGUgd2lsbCByZXR1cm4gYSBkaWN0aW9uYXJ5IHRoYXQKICAgIGNhbiBiZSB1c2VkIGFzIHRoZSAkbmV3X3N0YXRlIGFyZyBvZiBTZXRUb2tlblByaXZpbGVnZXMgdG8gdW5kbyBhbmQgcmV2ZXJ0CiAgICBiYWNrIHRvIHRoZSBvcmlnaW5hbCBzdGF0ZS4gSWYgeW91IHJlbW92ZSBhIHByaXZpbGVnZSB0aGVuIHRoaXMgaXMKICAgIGlycmV2ZXJzaWJsZSBhbmQgd29uJ3QgYmUgcGFydCBvZiB0aGUgcmV0dXJuZWQgZGljdAogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICAjIGJ1aWxkIHRoZSBDIyBjb2RlIHRvIGNvbXBpbGUKICAgICRuYW1lc3BhY2VfaW1wb3J0ID0gKCRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX25hbWVzcGFjZXMgfCBGb3JFYWNoLU9iamVjdCB7ICJ1c2luZyAkXzsiIH0pIC1qb2luICJgcmBuIgogICAgJHBsYXRmb3JtX3V0aWwgPSAiJG5hbWVzcGFjZV9pbXBvcnRgcmBuYHJgbiRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGUiCgogICAgIyBGVVRVUkU6IGZpbmQgYSBiZXR0ZXIgd2F5IHRvIGdldCB0aGUgX2Fuc2libGVfcmVtb3RlX3RtcCB2YXJpYWJsZQogICAgIyB0aGlzIGlzIHVzZWQgdG8gZm9yY2UgY3NjIHRvIGNvbXBpbGUgdGhlIEMjIGNvZGUgaW4gdGhlIHJlbW90ZSB0bXAKICAgICMgc3BlY2lmaWVkCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwbGF0Zm9ybV91dGlsCiAgICAkZW52OlRNUCA9ICRvcmlnaW5hbF90bXAKfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQcml2aWxlZ2UgewogICAgPCMKICAgIC5TWU5PUFNJUwogICAgR2V0IHRoZSBzdGF0dXMgb2YgYSBwcml2aWxlZ2UgZm9yIHRoZSBjdXJyZW50IHByb2Nlc3MuIFRoaXMgcmV0dXJucwogICAgICAgICR0cnVlIC0gdGhlIHByaXZpbGVnZSBpcyBlbmFibGVkCiAgICAgICAgJGZhbHNlIC0gdGhlIHByaXZpbGVnZSBpcyBkaXNhYmxlZAogICAgICAgICRudWxsIC0gdGhlIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gdGhlIHRva2VuCgogICAgSWYgTmFtZSBpcyBub3QgYSB2YWxpZCBwcml2aWxlZ2UgbmFtZSwgdGhpcyB3aWxsIHRocm93IGFuCiAgICBBcmd1bWVudEV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VEZWJ1Z1ByaXZpbGVnZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZQogICAgKQoKICAgIGlmICgtbm90IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkTmFtZSkpIHsKICAgICAgICB0aHJvdyBbU3lzdGVtLkFyZ3VtZW50RXhjZXB0aW9uXSAiSW52YWxpZCBwcml2aWxlZ2UgbmFtZSAnJE5hbWUnIgogICAgfQoKICAgICRwcm9jZXNzX3Rva2VuID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0Q3VycmVudFByb2Nlc3MoKQogICAgJHByaXZpbGVnZV9pbmZvID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2Vzc190b2tlbikKICAgIGlmICgkcHJpdmlsZWdlX2luZm8uQ29udGFpbnNLZXkoJE5hbWUpKSB7CiAgICAgICAgJHN0YXR1cyA9ICRwcml2aWxlZ2VfaW5mby4kTmFtZQogICAgICAgIHJldHVybiAkc3RhdHVzLkhhc0ZsYWcoW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VBdHRyaWJ1dGVzXTo6RW5hYmxlZCkKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRudWxsCiAgICB9Cn0KCkZ1bmN0aW9uIFNldC1BbnNpYmxlUHJpdmlsZWdlIHsKICAgIDwjCiAgICAuU1lOT1BTSVMKICAgIEVuYWJsZXMvRGlzYWJsZXMgYSBwcml2aWxlZ2Ugb24gdGhlIGN1cnJlbnQgcHJvY2VzcycgdG9rZW4uIElmIGEgcHJpdmlsZWdlCiAgICBoYXMgYmVlbiByZW1vdmVkIGZyb20gdGhlIHByb2Nlc3MgdG9rZW4sIHRoaXMgd2lsbCB0aHJvdyBhbgogICAgSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgIyBlbmFibGUgYSBwcml2aWxlZ2UKICAgIFNldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQ3JlYXRlU3ltYm9saWNMaW5rUHJpdmlsZWdlIC1WYWx1ZSAkdHJ1ZQoKICAgICMgZGlzYWJsZSBhIHByaXZpbGVnZQogICAgU2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VDcmVhdGVTeW1ib2xpY0xpbmtQcml2aWxlZ2UgLVZhbHVlICRmYWxzZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKFN1cHBvcnRzU2hvdWxkUHJvY2VzcyldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZSwKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW2Jvb2xdJFZhbHVlCiAgICApCgogICAgJGFjdGlvbiA9IHN3aXRjaCgkVmFsdWUpIHsKICAgICAgICAkdHJ1ZSB7ICJFbmFibGUiIH0KICAgICAgICAkZmFsc2UgeyAiRGlzYWJsZSIgfQogICAgfQoKICAgICRjdXJyZW50X3N0YXRlID0gR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgJE5hbWUKICAgIGlmICgkY3VycmVudF9zdGF0ZSAtZXEgJFZhbHVlKSB7CiAgICAgICAgcmV0dXJuICAjIG5vIGNoYW5nZSBuZWVkcyB0byBvY2N1cgogICAgfSBlbHNlaWYgKCRudWxsIC1lcSAkY3VycmVudF9zdGF0ZSkgewogICAgICAgICMgb25jZSBhIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gYSB0b2tlbiB3ZSBjYW5ub3QgZG8gYW55dGhpbmcgd2l0aCBpdAogICAgICAgIHRocm93IFtTeXN0ZW0uSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbl0gIkNhbm5vdCAkKCRhY3Rpb24uVG9Mb3dlcigpKSB0aGUgcHJpdmlsZWdlICckTmFtZScgYXMgaXQgaGFzIGJlZW4gcmVtb3ZlZCBmcm9tIHRoZSB0b2tlbiIKICAgIH0KCiAgICAkcHJvY2Vzc190b2tlbiA9IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCkKICAgIGlmICgkUFNDbWRsZXQuU2hvdWxkUHJvY2VzcygkTmFtZSwgIiRhY3Rpb24gdGhlIHByaXZpbGVnZSAkTmFtZSIpK ScriptBlock ID: a0ba99c1-9c16-405c-8082-ab4ef1751182 Path:	4104	1		3	2	15	0	2041	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1032	4148	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:36 PM	7f70462d-725d-0000-c6ac-757f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 9): GVnZSkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgZmFsc2UgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBEaXNhYmxlQWxsUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuKQogICAgICAgIHsKICAgICAgICAgICAgcmV0dXJuIEFkanVzdFRva2VuUHJpdmlsZWdlcyh0b2tlbiwgbnVsbCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIERpY3Rpb25hcnk8c3RyaW5nLCBib29sPz4gRW5hYmxlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICByZXR1cm4gU2V0VG9rZW5Qcml2aWxlZ2VzKHRva2VuLCBuZXcgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PigpIHsgeyBwcml2aWxlZ2UsIHRydWUgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IEdldEFsbFByaXZpbGVnZUluZm8oU2FmZUhhbmRsZSB0b2tlbikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBoVG9rZW4gPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLk9wZW5Qcm9jZXNzVG9rZW4odG9rZW4sIFRva2VuQWNjZXNzTGV2ZWxzLlF1ZXJ5LCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiT3BlblByb2Nlc3NUb2tlbigpIGZhaWxlZCIpOwoKICAgICAgICAgICAgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IGluZm8gPSBuZXcgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+KCk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBVSW50MzIgdG9rZW5MZW5ndGggPSAwOwogICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5HZXRUb2tlbkluZm9ybWF0aW9uKGhUb2tlbiwgVE9LRU5fUFJJVklMRUdFUywgSW50UHRyLlplcm8sIDAsIG91dCB0b2tlbkxlbmd0aCk7CgogICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlczsKICAgICAgICAgICAgICAgIEludFB0ciBwcml2aWxlZ2VzUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoKGludCl0b2tlbkxlbmd0aCk7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuR2V0VG9rZW5JbmZvcm1hdGlvbihoVG9rZW4sIFRPS0VOX1BSSVZJTEVHRVMsIHByaXZpbGVnZXNQdHIsIHRva2VuTGVuZ3RoLCBvdXQgdG9rZW5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkdldFRva2VuSW5mb3JtYXRpb24oKSBmb3IgVE9LRU5fUFJJVklMRUdFUyBmYWlsZWQiKTsKCiAgICAgICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTIHByaXZpbGVnZUluZm8gPSAoTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTKU1hcnNoYWwuUHRyVG9TdHJ1Y3R1cmUocHJpdmlsZWdlc1B0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgIHByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW3ByaXZpbGVnZUluZm8uUHJpdmlsZWdlQ291bnRdOwogICAgICAgICAgICAgICAgICAgIFB0clRvU3RydWN0dXJlQXJyYXkocHJpdmlsZWdlcywgSW50UHRyLkFkZChwcml2aWxlZ2VzUHRyLCBNYXJzaGFsLlNpemVPZihwcml2aWxlZ2VJbmZvLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwocHJpdmlsZWdlc1B0cik7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgaW5mbyA9IHByaXZpbGVnZXMuVG9EaWN0aW9uYXJ5KHAgPT4gR2V0UHJpdmlsZWdlTmFtZShwLkx1aWQpLCBwID0+IHAuQXR0cmlidXRlcyk7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBOYXRpdmVNZXRob2RzLkNsb3NlSGFuZGxlKGhUb2tlbik7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgcmV0dXJuIGluZm87CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIFNhZmVXYWl0SGFuZGxlIEdldEN1cnJlbnRQcm9jZXNzKCkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBOYXRpdmVNZXRob2RzLkdldEN1cnJlbnRQcm9jZXNzKCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgUmVtb3ZlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgbnVsbCB9IH0pOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IFNldFRva2VuUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuLCBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IHN0YXRlKQogICAgICAgIHsKICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlQXR0ciA9IG5ldyBOYXRpdmVIZWxwZXJzLkxVSURfQU5EX0FUVFJJQlVURVNbc3RhdGUuQ291bnRdOwogICAgICAgICAgICBpbnQgaSA9IDA7CgogICAgICAgICAgICBmb3JlYWNoIChLZXlWYWx1ZVBhaXI8c3RyaW5nLCBib29sPz4gZW50cnkgaW4gc3RhdGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRCBsdWlkOwogICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIGVudHJ5LktleSwgb3V0IGx1aWQpKQogICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJMb29rdXBQcml2aWxlZ2VWYWx1ZSh7MH0pIGZhaWxlZCIsIGVudHJ5LktleSkpOwoKICAgICAgICAgICAgICAgIFByaXZpbGVnZUF0dHJpYnV0ZXMgYXR0cmlidXRlczsKICAgICAgICAgICAgICAgIHN3aXRjaCAoZW50cnkuVmFsdWUpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgY2FzZSB0cnVlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkOwogICAgICAgICAgICAgICAgICAgICAgICBicmVhazsKICAgICAgICAgICAgICAgICAgICBjYXNlIGZhbHNlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5EaXNhYmxlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICAgICAgZGVmYXVsdDoKICAgICAgICAgICAgICAgICAgICAgICAgYXR0cmlidXRlcyA9IFByaXZpbGVnZUF0dHJpYnV0ZXMuUmVtb3ZlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgcHJpdmlsZWdlQXR0cltpXS5MdWlkID0gbHVpZDsKICAgICAgICAgICAgICAgIHByaXZpbGVnZUF0dHJbaV0uQXR0cmlidXRlcyA9IGF0dHJpYnV0ZXM7CiAgICAgICAgICAgICAgICBpKys7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHJldHVybiBBZGp1c3RUb2tlblByaXZpbGVnZXModG9rZW4sIHByaXZpbGVnZUF0dHIpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBBZGp1c3RUb2tlblByaXZpbGVnZXMoU2FmZUhhbmRsZSB0b2tlbiwgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gbmV3U3RhdGUpCiAgICAgICAgewogICAgICAgICAgICBib29sIGRpc2FibGVBbGxQcml2aWxlZ2VzOwogICAgICAgICAgICBJbnRQdHIgbmV3U3RhdGVQdHI7CiAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1tdIG9sZFN0YXRlUHJpdmlsZWdlczsKICAgICAgICAgICAgVUludDMyIHJldHVybkxlbmd0aDsKCiAgICAgICAgICAgIGlmIChuZXdTdGF0ZSA9PSBudWxsKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBkaXNhYmxlQWxsUHJpdmlsZWdlcyA9IHRydWU7CiAgICAgICAgICAgICAgICBuZXdTdGF0ZVB0ciA9IEludFB0ci5aZXJvOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZGlzYWJsZUFsbFByaXZpbGVnZXMgPSBmYWxzZTsKCiAgICAgICAgICAgICAgICAvLyBOZWVkIHRvIG1hbnVhbGx5IG1hcnNoYWwgdGhlIGJ5dGVzIHJlcXVpcmVzIGZvciBuZXdTdGF0ZSBhcyB0aGUgY29uc3RhbnQgc2l6ZQogICAgICAgICAgICAgICAgLy8gb2YgTFVJRF9BTkRfQVRUUklCVVRFUyBpcyBzZXQgdG8gMSBhbmQgY2FuJ3QgYmUgb3ZlcnJpZGRlbiBhdCBydW50aW1lLCBUT0tFTl9QUklWSUxFR0VTCiAgICAgICAgICAgICAgICAvLyBhbHdheXMgY29udGFpbnMgYXQgbGVhc3QgMSBlbnRyeSBzbyB3ZSBuZWVkIHRvIGNhbGN1bGF0ZSB0aGUgZXh0cmEgc2l6ZSBpZiB0aGVyZSBhcmUKICAgICAgICAgICAgICAgIC8vIG5vcmUgdGhhbiAxIExVSURfQU5EX0FUVFJJQlVURVMgZW50cnkKICAgICAgICAgICAgICAgIGludCB0b2tlblByaXZpbGVnZXNTaXplID0gTWFyc2hhbC5TaXplT2YodHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgaW50IGx1aWRBdHRyU2l6ZSA9IDA7CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMSkKICAgICAgICAgICAgICAgICAgICBsdWlkQXR0clNpemUgPSBNYXJzaGFsLlNpemVPZih0eXBlb2YoTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTKSkgKiAobmV3U3RhdGUuTGVuZ3RoIC0gMSk7CiAgICAgICAgICAgICAgICBpbnQgdG90YWxTaXplID0gdG9rZW5Qcml2aWxlZ2VzU2l6ZSArIGx1aWRBdHRyU2l6ZTsKICAgICAgICAgICAgICAgIGJ5dGVbXSBuZXdTdGF0ZUJ5dGVzID0gbmV3IGJ5dGVbdG90YWxTaXplXTsKCiAgICAgICAgICAgICAgICAvLyBnZXQgdGhlIGZpcnN0IGVudHJ5IHRoYXQgaW5jbHVkZXMgdGhlIHN0cnVjdCBkZXRhaWxzCiAgICAgICAgICAgICAgICBOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMgdG9rZW5Qcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUygpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgUHJpdmlsZWdlQ291bnQgPSAoVUludDMyKW5ld1N0YXRlLkxlbmd0aCwKICAgICAgICAgICAgICAgICAgICBQcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1sxXSwKICAgICAgICAgICAgICAgIH07CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMCkKICAgICAgICAgICAgICAgICAgICB0b2tlblByaXZpbGVnZXMuUHJpdmlsZWdlc1swXSA9IG5ld1N0YXRlWzBdOwogICAgICAgICAgICAgICAgaW50IG9mZnNldCA9IFN0cnVjdHVyZVRvQnl0ZXModG9rZW5Qcml2aWxlZ2VzLCBuZXdTdGF0ZUJ5dGVzLCAwKTsKCiAgICAgICAgICAgICAgICAvLyBjb3B5IHRoZSByZW1haW5pbmcgTFVJRF9BTkRfQVRUUklCVVRFUyAoaWYgYW55KQogICAgICAgICAgICAgICAgZm9yIChpbnQgaSA9IDE7IGkgPCBuZXdTdGF0ZS5MZW5ndGg7IGkrKykKICAgICAgICAgICAgICAgICAgICBvZmZzZXQgKz0gU3RydWN0dXJlVG9CeXRlcyhuZXdTdGF0ZVtpXSwgbmV3U3RhdGVCeXRlcywgb2Zmc2V0KTsKCiAgICAgICAgICAgICAgICAvLyBmaW5hbGx5IGNyZWF0ZSB0aGUgcG9pbnRlciB0byB0aGUgYnl0ZSBhcnJheSB3ZSBqdXN0IGNyZWF0ZWQKICAgICAgICAgICAgICAgIG5ld1N0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwobmV3U3RhdGVCeXRlcy5MZW5ndGgpOwogICAgICAgICAgICAgICAgTWFyc2hhbC5Db3B5KG5ld1N0YXRlQnl0ZXMsIDAsIG5ld1N0YXRlUHRyLCBuZXdTdGF0ZUJ5dGVzLkxlbmd0aCk7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBJbnRQdHIgaFRva2VuID0gSW50UHRyLlplcm87CiAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuT3BlblByb2Nlc3NUb2tlbih0b2tlbiwgVG9rZW5BY2Nlc3NMZXZlbHMuUXVlcnkgfCBUb2tlbkFjY2Vzc0xldmVscy5BZGp1c3RQcml2aWxlZ2VzLCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIk9wZW5Qcm9jZXNzVG9rZW4oKSBmYWlsZWQgd2l0aCBRdWVyeSBhbmQgQWRqdXN0UHJpdmlsZWdlcyIpOwogICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgSW50UHRyIG9sZFN0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoMCk7CiAgICAgICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkFkanVzdFRva2VuUHJpdmlsZWdlcyhoVG9rZW4sIGRpc2FibGVBbGxQcml2aWxlZ2VzLCBuZXdTdGF0ZVB0ciwgMCwgb2xkU3RhdGVQdHIsIG91dCByZXR1cm5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChlcnJDb2RlICE9IDEyMikgLy8gRVJST1JfSU5TVUZGSUNJRU5UX0JVRkZFUgogICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKGVyckNvZGUsICJBZGp1c3RUb2tlblByaXZpbGVnZXMoKSBmYWlsZWQgdG8gZ2V0IG9sZCBzdGF0ZSBzaXplIik7CiAgICAgICAgICAgICAgICAgICAgfQoKICAgICAgICAgICAgICAgICAgICAvLyByZXNpemUgdGhlIG9sZFN0YXRlUHRyIGJhc2VkIG9uIHRoZSBsZW5ndGggcmV0dXJuZWQgZnJvbSBXaW5kb3dzCiAgICAgICAgICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChvbGRTdGF0ZVB0cik7CiAgICAgICAgICAgICAgICAgICAgb2xkU3RhdGVQdHIgPSBNYXJzaGFsLkFsbG9jSEdsb2JhbCgoaW50KXJldHVybkxlbmd0aCk7CiAgICAgICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBib29sIHJlcyA9IE5hdGl2ZU1ldGhvZHMuQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKGhUb2tlbiwgZGlzYWJsZUFsbFByaXZpbGVnZXMsIG5ld1N0YXRlUHRyLCByZXR1cm5MZW5ndGgsIG9sZFN0YXRlUHRyLCBvdXQgcmV0dXJuTGVuZ3RoKTsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBldmVuIHdoZW4gcmVzID09IHRydWUsIEVSUk9SX05PVF9BTExfQVNTSUdORUQgbWF5IGJlIHNldCBhcyB0aGUgbGFzdCBlcnJvciBjb2RlCiAgICAgICAgICAgICAgICAgICAgICAgIGlmICghcmVzIHx8I ScriptBlock ID: a0ba99c1-9c16-405c-8082-ab4ef1751182 Path:	4104	1		3	2	15	0	2040	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1032	4148	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:36 PM	7f70462d-725d-0000-c6ac-757f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 9): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.PrivilegeUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTggQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiMgc3RvcmUgaW4gc2VwYXJhdGUgdmFyaWFibGVzIHRvIG1ha2UgaXQgZWFzaWVyIGZvciBvdGhlciBtb2R1bGVfdXRpbHMgdG8KIyBzaGFyZSB0aGlzIGNvZGUgaW4gdGhlaXIgb3duIGMjIGNvZGUKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfbmFtZXNwYWNlcyA9IEAoCiAgICAiTWljcm9zb2Z0LldpbjMyLlNhZmVIYW5kbGVzIiwKICAgICJTeXN0ZW0iLAogICAgIlN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljIiwKICAgICJTeXN0ZW0uTGlucSIsCiAgICAiU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzIiwKICAgICJTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsIiwKICAgICJTeXN0ZW0uVGV4dCIKKQoKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfY29kZSA9IEAnCm5hbWVzcGFjZSBBbnNpYmxlLlByaXZpbGVnZVV0aWwKewogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gUHJpdmlsZWdlQXR0cmlidXRlcyA6IHVpbnQKICAgIHsKICAgICAgICBEaXNhYmxlZCA9IDB4MDAwMDAwMDAsCiAgICAgICAgRW5hYmxlZEJ5RGVmYXVsdCA9IDB4MDAwMDAwMDEsCiAgICAgICAgRW5hYmxlZCA9IDB4MDAwMDAwMDIsCiAgICAgICAgUmVtb3ZlZCA9IDB4MDAwMDAwMDQsCiAgICAgICAgVXNlZEZvckFjY2VzcyA9IDB4ODAwMDAwMDAsCiAgICB9CgogICAgaW50ZXJuYWwgY2xhc3MgTmF0aXZlSGVscGVycwogICAgewogICAgICAgIFtTdHJ1Y3RMYXlvdXQoTGF5b3V0S2luZC5TZXF1ZW50aWFsKV0KICAgICAgICBpbnRlcm5hbCBzdHJ1Y3QgTFVJRAogICAgICAgIHsKICAgICAgICAgICAgcHVibGljIFVJbnQzMiBMb3dQYXJ0OwogICAgICAgICAgICBwdWJsaWMgSW50MzIgSGlnaFBhcnQ7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IExVSURfQU5EX0FUVFJJQlVURVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBMVUlEIEx1aWQ7CiAgICAgICAgICAgIHB1YmxpYyBQcml2aWxlZ2VBdHRyaWJ1dGVzIEF0dHJpYnV0ZXM7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IFRPS0VOX1BSSVZJTEVHRVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBVSW50MzIgUHJpdmlsZWdlQ291bnQ7CiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5CeVZhbEFycmF5LCBTaXplQ29uc3QgPSAxKV0KICAgICAgICAgICAgcHVibGljIExVSURfQU5EX0FUVFJJQlVURVNbXSBQcml2aWxlZ2VzOwogICAgICAgIH0KICAgIH0KCiAgICBpbnRlcm5hbCBjbGFzcyBOYXRpdmVNZXRob2RzCiAgICB7CiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIEFkanVzdFRva2VuUHJpdmlsZWdlcygKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuQm9vbCldIGJvb2wgRGlzYWJsZUFsbFByaXZpbGVnZXMsCiAgICAgICAgICAgIEludFB0ciBOZXdTdGF0ZSwKICAgICAgICAgICAgVUludDMyIEJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgSW50UHRyIFByZXZpb3VzU3RhdGUsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIENsb3NlSGFuZGxlKAogICAgICAgICAgICBJbnRQdHIgaE9iamVjdCk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBTYWZlV2FpdEhhbmRsZSBHZXRDdXJyZW50UHJvY2VzcygpOwoKICAgICAgICBbRGxsSW1wb3J0KCJhZHZhcGkzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBpbnRlcm5hbCBzdGF0aWMgZXh0ZXJuIGJvb2wgR2V0VG9rZW5JbmZvcm1hdGlvbigKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBVSW50MzIgVG9rZW5JbmZvcm1hdGlvbkNsYXNzLAogICAgICAgICAgICBJbnRQdHIgVG9rZW5JbmZvcm1hdGlvbiwKICAgICAgICAgICAgVUludDMyIFRva2VuSW5mb3JtYXRpb25MZW5ndGgsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZU5hbWUoCiAgICAgICAgICAgIHN0cmluZyBscFN5c3RlbU5hbWUsCiAgICAgICAgICAgIHJlZiBOYXRpdmVIZWxwZXJzLkxVSUQgbHBMdWlkLAogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGxwTmFtZSwKICAgICAgICAgICAgcmVmIFVJbnQzMiBjY2hOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZVZhbHVlKAogICAgICAgICAgICBzdHJpbmcgbHBTeXN0ZW1OYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBOYW1lLAogICAgICAgICAgICBvdXQgTmF0aXZlSGVscGVycy5MVUlEIGxwTHVpZCk7CgogICAgICAgIFtEbGxJbXBvcnQoImFkdmFwaTMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIGludGVybmFsIHN0YXRpYyBleHRlcm4gYm9vbCBPcGVuUHJvY2Vzc1Rva2VuKAogICAgICAgICAgICBTYWZlSGFuZGxlIFByb2Nlc3NIYW5kbGUsCiAgICAgICAgICAgIFRva2VuQWNjZXNzTGV2ZWxzIERlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIG91dCBJbnRQdHIgVG9rZW5IYW5kbGUpOwogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KICAgICAgICBwdWJsaWMgV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQogICAgICAgIHB1YmxpYyBvdmVycmlkZSBzdHJpbmcgTWVzc2FnZSB7IGdldCB7IHJldHVybiBfbXNnOyB9IH0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4cGxpY2l0IG9wZXJhdG9yIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgV2luMzJFeGNlcHRpb24obWVzc2FnZSk7IH0KICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgUHJpdmlsZWdlcwogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIHJlYWRvbmx5IFVJbnQzMiBUT0tFTl9QUklWSUxFR0VTID0gMzsKCgogICAgICAgIHB1YmxpYyBzdGF0aWMgYm9vbCBDaGVja1ByaXZpbGVnZU5hbWUoc3RyaW5nIG5hbWUpCiAgICAgICAgewogICAgICAgICAgICBOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZDsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIG5hbWUsIG91dCBsdWlkKSkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICBpZiAoZXJyQ29kZSAhPSAxMzEzKSAgLy8gRVJST1JfTk9fU1VDSF9QUklWSUxFR0UKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oZXJyQ29kZSwgU3RyaW5nLkZvcm1hdCgiTG9va3VwUHJpdmlsZWdlVmFsdWUoezB9KSBmYWlsZWQiLCBuYW1lKSk7CiAgICAgICAgICAgICAgICByZXR1cm4gZmFsc2U7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZWxzZQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICByZXR1cm4gdHJ1ZTsKICAgICAgICAgICAgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IERpc2FibGVQcml2aWxlZ2UoU2FmZUhhbmRsZSB0b2tlbiwgc3RyaW5nIHByaXZpb ScriptBlock ID: a0ba99c1-9c16-405c-8082-ab4ef1751182 Path:	4104	1		3	2	15	0	2039	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1032	4148	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:36 PM	7f70462d-725d-0000-c6ac-757f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	2038	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1032	1940	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:36 PM	7f70462d-725d-0004-b6d3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1032 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	2037	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1032	2632	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:36 PM	7f70462d-725d-0004-b6d3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	2036	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1032	1940	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:36 PM	7f70462d-725d-0004-b6d3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	2035	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3536	2512	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:35 PM	7f70462d-725d-0004-a5d3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3536 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	2034	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3536	4832	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:35 PM	7f70462d-725d-0004-a5d3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	2033	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3536	2512	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:35 PM	7f70462d-725d-0004-a5d3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	2032	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4592	2092	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:35 PM	7f70462d-725d-0004-a4d3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4592 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	2031	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4592	2136	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:35 PM	7f70462d-725d-0004-a4d3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	2030	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4592	2092	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:35 PM	7f70462d-725d-0004-a4d3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	2029	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1332	4752	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:35 PM	7f70462d-725d-0004-9dd3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1332 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	2028	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1332	920	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:35 PM	7f70462d-725d-0004-9dd3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	2027	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1332	4752	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:35 PM	7f70462d-725d-0004-9dd3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	2026	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	168	4736	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:34 PM	7f70462d-725d-0003-7890-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 168 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	2025	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	168	3796	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:34 PM	7f70462d-725d-0003-7890-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	2024	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	168	4736	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:34 PM	7f70462d-725d-0003-7890-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2015, Jon Hawkesworth (@jhawkesworth) <figs@unity.demon.co.uk> # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = 'Stop' $params = Parse-Args -arguments $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false $diff_mode = Get-AnsibleParam -obj $params -name "_ansible_diff" -type "bool" -default $false # there are 4 modes to win_copy which are driven by the action plugins: # explode: src is a zip file which needs to be extracted to dest, for use with multiple files # query: win_copy action plugin wants to get the state of remote files to check whether it needs to send them # remote: all copy action is happening remotely (remote_src=True) # single: a single file has been copied, also used with template $copy_mode = Get-AnsibleParam -obj $params -name "_copy_mode" -type "str" -default "single" -validateset "explode","query","remote","single" # used in explode, remote and single mode $src = Get-AnsibleParam -obj $params -name "src" -type "path" -failifempty ($copy_mode -in @("explode","process","single")) $dest = Get-AnsibleParam -obj $params -name "dest" -type "path" -failifempty $true # used in single mode $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" # used in query and remote mode $force = Get-AnsibleParam -obj $params -name "force" -type "bool" -default $true # used in query mode, contains the local files/directories/symlinks that are to be copied $files = Get-AnsibleParam -obj $params -name "files" -type "list" $directories = Get-AnsibleParam -obj $params -name "directories" -type "list" $symlinks = Get-AnsibleParam -obj $params -name "symlinks" -type "list" $result = @{ changed = $false } if ($diff_mode) { $result.diff = @{} } Function Copy-File($source, $dest) { $diff = "" $copy_file = $false $source_checksum = $null if ($force) { $source_checksum = Get-FileChecksum -path $source } if (Test-Path -Path $dest -PathType Container) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': dest is already a folder" } elseif (Test-Path -Path $dest -PathType Leaf) { if ($force) { $target_checksum = Get-FileChecksum -path $dest if ($source_checksum -ne $target_checksum) { $copy_file = $true } } } else { $copy_file = $true } if ($copy_file) { $file_dir = [System.IO.Path]::GetDirectoryName($dest) # validate the parent dir is not a file and that it exists if (Test-Path -Path $file_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } elseif (-not (Test-Path -Path $file_dir)) { # directory doesn't exist, need to create New-Item -Path $file_dir -ItemType Directory -WhatIf:$check_mode | Out-Null $diff += "+$file_dir\`n" } if (Test-Path -Path $dest -PathType Leaf) { Remove-Item -Path $dest -Force -Recurse -WhatIf:$check_mode | Out-Null $diff += "-$dest`n" } if (-not $check_mode) { # cannot run with -WhatIf:$check_mode as if the parent dir didn't # exist and was created above would still not exist in check mode Copy-Item -Path $source -Destination $dest -Force | Out-Null } $diff += "+$dest`n" $result.changed = $true } # ugly but to save us from running the checksum twice, let's return it for # the main code to add it to $result return ,@{ diff = $diff; checksum = $source_checksum } } Function Copy-Folder($source, $dest) { $diff = "" $copy_folder = $false if (-not (Test-Path -Path $dest -PathType Container)) { $parent_dir = [System.IO.Path]::GetDirectoryName($dest) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } if (Test-Path -Path $dest -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder from '$source' to '$dest': dest is already a file" } New-Item -Path $dest -ItemType Container -WhatIf:$check_mode | Out-Null $diff += "+$dest\`n" $result.changed = $true } $child_items = Get-ChildItem -Path $source -Force foreach ($child_item in $child_items) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_item.Name if ($child_item.PSIsContainer) { $diff += (Copy-Folder -source $child_item.Fullname -dest $dest_child_path) } else { $diff += (Copy-File -source $child_item.Fullname -dest $dest_child_path).diff } } return $diff } Function Get-FileSize($path) { $file = Get-Item -Path $path -Force $size = $null if ($file.PSIsContainer) { $dir_files_sum = Get-ChildItem $file.FullName -Recurse if ($dir_files_sum -eq $null -or ($dir_files_sum.PSObject.Properties.name -contains 'length' -eq $false)) { $size = 0 } else { $size = ($dir_files_sum | Measure-Object -property length -sum).Sum } } else { $size = $file.Length } $size } Function Extract-Zip($src, $dest) { $archive = [System.IO.Compression.ZipFile]::Open($src, [System.IO.Compression.ZipArchiveMode]::Read, [System.Text.Encoding]::UTF8) foreach ($entry in $archive.Entries) { $archive_name = $entry.FullName # FullName may be appended with / or \, determine if it is padded and remove it $padding_length = $archive_name.Length % 4 if ($padding_length -eq 0) { $is_dir = $false $base64_name = $archive_name } elseif ($padding_length -eq 1) { $is_dir = $true if ($archive_name.EndsWith("/") -or $archive_name.EndsWith("`\")) { $base64_name = $archive_name.Substring(0, $archive_name.Length - 1) } else { throw "invalid base64 archive name '$archive_name'" } } else { throw "invalid base64 length '$archive_name'" } # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_name = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_name)) # re-add the / to the entry full name if it was a directory if ($is_dir) { $decoded_archive_name = "$decoded_archive_name/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_name) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false) { if (-not $check_mode) { [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $entry_target_path, $true) } } } $archive.Dispose() # release the handle of the zip file } Function Extract-ZipLegacy($src, $dest) { if (-not (Test-Path -Path $dest)) { New-Item -Path $dest -ItemType Directory -WhatIf:$check_mode | Out-Null } $shell = New-Object -ComObject Shell.Application $zip = $shell.NameSpace($src) $dest_path = $shell.NameSpace($dest) foreach ($entry in $zip.Items()) { $is_dir = $entry.IsFolder $encoded_archive_entry = $entry.Name # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_entry = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encoded_archive_entry)) if ($is_dir) { $decoded_archive_entry = "$decoded_archive_entry/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_entry) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false -and (-not $check_mode)) { # https://msdn.microsoft.com/en-us/library/windows/desktop/bb787866.aspx # From Folder.CopyHere documentation, 1044 means: # - 1024: do not display a user interface if an error occurs # - 16: respond with "yes to all" for any dialog box that is displayed # - 4: do not display a progress dialog box $dest_path.CopyHere($entry, 1044) # once file is extraced, we need to rename it with non base64 name $combined_encoded_path = [System.IO.Path]::Combine($dest, $encoded_archive_entry) Move-Item -Path $combined_encoded_path -Destination $entry_target_path -Force | Out-Null } } } if ($copy_mode -eq "query") { # we only return a list of files/directories that need to be copied over # the source of the local file will be the key used $changed_files = @() $changed_directories = @() $changed_symlinks = @() foreach ($file in $files) { $filename = $file.dest $local_checksum = $file.checksum $filepath = Join-Path -Path $dest -ChildPath $filename if (Test-Path -Path $filepath -PathType Leaf) { if ($force) { $checksum = Get-FileChecksum -path $filepath if ($checksum -ne $local_checksum) { $will_change = $true $changed_files += $file } } } elseif (Test-Path -Path $filepath -PathType Container) { Fail-Json -obj $result -message "cannot copy file to dest '$filepath': object at path is already a directory" } else { $changed_files += $file } } foreach ($directory in $directories) { $dirname = $directory.dest $dirpath = Join-Path -Path $dest -ChildPath $dirname $parent_dir = [System.IO.Path]::GetDirectoryName($dirpath) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at parent directory path is already a file" } if (Test-Path -Path $dirpath -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at path is already a file" } elseif (-not (Test-Path -Path $dirpath -PathType Container)) { $changed_directories += $directory } } # TODO: Handle symlinks $result.files = $changed_files $result.directories = $changed_directories $result.symlinks = $changed_symlinks } elseif ($copy_mode -eq "explode") { # a single zip file containing the files and directories needs to be # expanded this will always result in a change as the calculation is done # on the win_copy action plugin and is only run if a change needs to occur if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot expand src zip file: '$src' as it does not exist" } # Detect if the PS zip assemblies are available or whether to use Shell $use_legacy = $false try { Add-Type -AssemblyName System.IO.Compression.FileSystem | Out-Null Add-Type -AssemblyName System.IO.Compression | Out-Null } catch { $use_legacy = $true } if ($use_legacy) { Extract-ZipLegacy -src $src -dest $dest } else { Extract-Zip -src $src -dest $dest } $result.changed = $true } elseif ($copy_mode -eq "remote") { # all copy actions are happening on the remote side (windows host), need # too copy source and dest using PS code $result.src = $src $result.dest = $dest if (-not (Test-Path -Path $src)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } if (Test-Path -Path $src -PathType Container) { # we are copying a directory or the contents of a directory $result.operation = 'folder_copy' if ($src.EndsWith("/") -or $src.EndsWith("`\")) { # copying the folder's contents to dest $diff = "" $child_files = Get-ChildItem -Path $src -Force foreach ($child_file in $child_files) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_file.Name if ($child_file.PSIsContainer) { $diff += Copy-Folder -source $child_file.FullName -dest $dest_child_path } else { $diff += (Copy-File -source $child_file.FullName -dest $dest_child_path).diff } } } else { # copying the folder and it's contents to dest $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest $diff = Copy-Folder -source $src -dest $dest } } else { # we are just copying a single file to dest $result.operation = 'file_copy' $source_basename = (Get-Item -Path $src -Force).Name $result.original_basename = $source_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\")) { $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest } else { # check if the parent dir exists, this is only done if src is a # file and dest if the path to a file (doesn't end with \ or /) $parent_dir = Split-Path -Path $dest if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } $copy_result = Copy-File -source $src -dest $dest $diff = $copy_result.diff $result.checksum = $copy_result.checksum } # the file might not exist if running in check mode if (-not $check_mode -or (Test-Path -Path $dest -PathType Leaf)) { $result.size = Get-FileSize -path $dest } else { $result.size = $null } if ($diff_mode) { $result.diff.prepared = $diff } } elseif ($copy_mode -eq "single") { # a single file is located in src and we need to copy to dest, this will # always result in a change as the calculation is done on the Ansible side # before this is run. This should also never run in check mode if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } # the dest parameter is a directory, we need to append original_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\") -or (Test-Path -Path $dest -PathType Container)) { $remote_dest = Join-Path -Path $dest -ChildPath $original_basename $parent_dir = Split-Path -Path $remote_dest # when dest ends with /, we need to create the destination directories if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { New-Item -Path $parent_dir -ItemType Directory | Out-Null } } else { $remote_dest = $dest $parent_dir = Split-Path -Path $remote_dest # check if the dest parent dirs exist, need to fail if they don't if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } Copy-Item -Path $src -Destination $remote_dest -Force | Out-Null $result.changed = $true } Exit-Json -obj $result ScriptBlock ID: 350f88a4-e9c9-4a15-9c7d-b1882f1b6abd Path:	4104	1		3	2	15	0	2023	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1040	2776	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:34 PM	7f70462d-725d-0005-16ab-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: d36100e0-a0ba-44d1-8a20-9cc67e05d9fc Path:	4104	1		3	2	15	0	2022	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1040	2288	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:34 PM	7f70462d-725d-0004-86d3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 087eef75-6a00-4de5-a2d2-5989bfec3998 Path:	4104	1		3	2	15	0	2021	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1040	2288	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:34 PM	7f70462d-725d-0004-77d3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 5): ions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 075ffb08-eac1-4280-8c93-7222bfa3444f Path:	4104	1		3	2	15	0	2020	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1040	2288	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:33 PM	7f70462d-725d-0005-13ab-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 5): ZSBMZWFmKSB7CiAgICAgICAgICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAgICAgICAgICRjaGVja3N1bSA9IEdldC1GaWxlQ2hlY2tzdW0gLXBhdGggJGZpbGVwYXRoCiAgICAgICAgICAgICAgICBpZiAoJGNoZWNrc3VtIC1uZSAkbG9jYWxfY2hlY2tzdW0pIHsKICAgICAgICAgICAgICAgICAgICAkd2lsbF9jaGFuZ2UgPSAkdHJ1ZQogICAgICAgICAgICAgICAgICAgICRjaGFuZ2VkX2ZpbGVzICs9ICRmaWxlCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRmaWxlcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZpbGUgdG8gZGVzdCAnJGZpbGVwYXRoJzogb2JqZWN0IGF0IHBhdGggaXMgYWxyZWFkeSBhIGRpcmVjdG9yeSIKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkY2hhbmdlZF9maWxlcyArPSAkZmlsZQogICAgICAgIH0KICAgIH0KCiAgICBmb3JlYWNoICgkZGlyZWN0b3J5IGluICRkaXJlY3RvcmllcykgewogICAgICAgICRkaXJuYW1lID0gJGRpcmVjdG9yeS5kZXN0CgogICAgICAgICRkaXJwYXRoID0gSm9pbi1QYXRoIC1QYXRoICRkZXN0IC1DaGlsZFBhdGggJGRpcm5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGRpcnBhdGgpCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgdG8gZGVzdCAnJGRpcnBhdGgnOiBvYmplY3QgYXQgcGFyZW50IGRpcmVjdG9yeSBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0KICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRkaXJwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZvbGRlciB0byBkZXN0ICckZGlycGF0aCc6IG9iamVjdCBhdCBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0gZWxzZWlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGRpcnBhdGggLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAgICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgKz0gJGRpcmVjdG9yeQogICAgICAgIH0KICAgIH0KCiAgICAjIFRPRE86IEhhbmRsZSBzeW1saW5rcwoKICAgICRyZXN1bHQuZmlsZXMgPSAkY2hhbmdlZF9maWxlcwogICAgJHJlc3VsdC5kaXJlY3RvcmllcyA9ICRjaGFuZ2VkX2RpcmVjdG9yaWVzCiAgICAkcmVzdWx0LnN5bWxpbmtzID0gJGNoYW5nZWRfc3ltbGlua3MKfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJleHBsb2RlIikgewogICAgIyBhIHNpbmdsZSB6aXAgZmlsZSBjb250YWluaW5nIHRoZSBmaWxlcyBhbmQgZGlyZWN0b3JpZXMgbmVlZHMgdG8gYmUKICAgICMgZXhwYW5kZWQgdGhpcyB3aWxsIGFsd2F5cyByZXN1bHQgaW4gYSBjaGFuZ2UgYXMgdGhlIGNhbGN1bGF0aW9uIGlzIGRvbmUKICAgICMgb24gdGhlIHdpbl9jb3B5IGFjdGlvbiBwbHVnaW4gYW5kIGlzIG9ubHkgcnVuIGlmIGEgY2hhbmdlIG5lZWRzIHRvIG9jY3VyCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRzcmMgLVBhdGhUeXBlIExlYWYpKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiQ2Fubm90IGV4cGFuZCBzcmMgemlwIGZpbGU6ICckc3JjJyBhcyBpdCBkb2VzIG5vdCBleGlzdCIKICAgIH0KCiAgICAjIERldGVjdCBpZiB0aGUgUFMgemlwIGFzc2VtYmxpZXMgYXJlIGF2YWlsYWJsZSBvciB3aGV0aGVyIHRvIHVzZSBTaGVsbAogICAgJHVzZV9sZWdhY3kgPSAkZmFsc2UKICAgIHRyeSB7CiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24uRmlsZVN5c3RlbSB8IE91dC1OdWxsCiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24gfCBPdXQtTnVsbAogICAgfSBjYXRjaCB7CiAgICAgICAgJHVzZV9sZWdhY3kgPSAkdHJ1ZQogICAgfQogICAgaWYgKCR1c2VfbGVnYWN5KSB7CiAgICAgICAgRXh0cmFjdC1aaXBMZWdhY3kgLXNyYyAkc3JjIC1kZXN0ICRkZXN0CiAgICB9IGVsc2UgewogICAgICAgIEV4dHJhY3QtWmlwIC1zcmMgJHNyYyAtZGVzdCAkZGVzdAogICAgfQoKICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCn0gZWxzZWlmICgkY29weV9tb2RlIC1lcSAicmVtb3RlIikgewogICAgIyBhbGwgY29weSBhY3Rpb25zIGFyZSBoYXBwZW5pbmcgb24gdGhlIHJlbW90ZSBzaWRlICh3aW5kb3dzIGhvc3QpLCBuZWVkCiAgICAjIHRvbyBjb3B5IHNvdXJjZSBhbmQgZGVzdCB1c2luZyBQUyBjb2RlCiAgICAkcmVzdWx0LnNyYyA9ICRzcmMKICAgICRyZXN1bHQuZGVzdCA9ICRkZXN0CgogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBDb250YWluZXIpIHsKICAgICAgICAjIHdlIGFyZSBjb3B5aW5nIGEgZGlyZWN0b3J5IG9yIHRoZSBjb250ZW50cyBvZiBhIGRpcmVjdG9yeQogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZvbGRlcl9jb3B5JwogICAgICAgIGlmICgkc3JjLkVuZHNXaXRoKCIvIikgLW9yICRzcmMuRW5kc1dpdGgoImBcIikpIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIncyBjb250ZW50cyB0byBkZXN0CiAgICAgICAgICAgICRkaWZmID0gIiIKICAgICAgICAgICAgJGNoaWxkX2ZpbGVzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZQogICAgICAgICAgICBmb3JlYWNoICgkY2hpbGRfZmlsZSBpbiAkY2hpbGRfZmlsZXMpIHsKICAgICAgICAgICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfZmlsZS5OYW1lCiAgICAgICAgICAgICAgICBpZiAoJGNoaWxkX2ZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgICAgICRkaWZmICs9IENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aAogICAgICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIgYW5kIGl0J3MgY29udGVudHMgdG8gZGVzdAogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgICAgICAkZGlmZiA9IENvcHktRm9sZGVyIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgIyB3ZSBhcmUganVzdCBjb3B5aW5nIGEgc2luZ2xlIGZpbGUgdG8gZGVzdAogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZpbGVfY29weScKCiAgICAgICAgJHNvdXJjZV9iYXNlbmFtZSA9IChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICRyZXN1bHQub3JpZ2luYWxfYmFzZW5hbWUgPSAkc291cmNlX2Jhc2VuYW1lCgogICAgICAgIGlmICgkZGVzdC5FbmRzV2l0aCgiLyIpIC1vciAkZGVzdC5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICMgY2hlY2sgaWYgdGhlIHBhcmVudCBkaXIgZXhpc3RzLCB0aGlzIGlzIG9ubHkgZG9uZSBpZiBzcmMgaXMgYQogICAgICAgICAgICAjIGZpbGUgYW5kIGRlc3QgaWYgdGhlIHBhdGggdG8gYSBmaWxlIChkb2Vzbid0IGVuZCB3aXRoIFwgb3IgLykKICAgICAgICAgICAgJHBhcmVudF9kaXIgPSBTcGxpdC1QYXRoIC1QYXRoICRkZXN0CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRGVzdGluYXRpb24gZGlyZWN0b3J5ICckcGFyZW50X2RpcicgZG9lcyBub3QgZXhpc3QiCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgJGNvcHlfcmVzdWx0ID0gQ29weS1GaWxlIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgICRkaWZmID0gJGNvcHlfcmVzdWx0LmRpZmYKICAgICAgICAkcmVzdWx0LmNoZWNrc3VtID0gJGNvcHlfcmVzdWx0LmNoZWNrc3VtCiAgICB9CgogICAgIyB0aGUgZmlsZSBtaWdodCBub3QgZXhpc3QgaWYgcnVubmluZyBpbiBjaGVjayBtb2RlCiAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSAtb3IgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikpIHsKICAgICAgICAkcmVzdWx0LnNpemUgPSBHZXQtRmlsZVNpemUgLXBhdGggJGRlc3QKICAgIH0gZWxzZSB7CiAgICAgICAgJHJlc3VsdC5zaXplID0gJG51bGwKICAgIH0KICAgIGlmICgkZGlmZl9tb2RlKSB7CiAgICAgICAgJHJlc3VsdC5kaWZmLnByZXBhcmVkID0gJGRpZmYKICAgIH0KfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJzaW5nbGUiKSB7CiAgICAjIGEgc2luZ2xlIGZpbGUgaXMgbG9jYXRlZCBpbiBzcmMgYW5kIHdlIG5lZWQgdG8gY29weSB0byBkZXN0LCB0aGlzIHdpbGwKICAgICMgYWx3YXlzIHJlc3VsdCBpbiBhIGNoYW5nZSBhcyB0aGUgY2FsY3VsYXRpb24gaXMgZG9uZSBvbiB0aGUgQW5zaWJsZSBzaWRlCiAgICAjIGJlZm9yZSB0aGlzIGlzIHJ1bi4gVGhpcyBzaG91bGQgYWxzbyBuZXZlciBydW4gaW4gY2hlY2sgbW9kZQogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBMZWFmKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgIyB0aGUgZGVzdCBwYXJhbWV0ZXIgaXMgYSBkaXJlY3RvcnksIHdlIG5lZWQgdG8gYXBwZW5kIG9yaWdpbmFsX2Jhc2VuYW1lCiAgICBpZiAoJGRlc3QuRW5kc1dpdGgoIi8iKSAtb3IgJGRlc3QuRW5kc1dpdGgoImBcIikgLW9yIChUZXN0LVBhdGggLVBhdGggJGRlc3QgLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAkcmVtb3RlX2Rlc3QgPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkb3JpZ2luYWxfYmFzZW5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgd2hlbiBkZXN0IGVuZHMgd2l0aCAvLCB3ZSBuZWVkIHRvIGNyZWF0ZSB0aGUgZGVzdGluYXRpb24gZGlyZWN0b3JpZXMKICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXJlbnRfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHJlbW90ZV9kZXN0ID0gJGRlc3QKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgY2hlY2sgaWYgdGhlIGRlc3QgcGFyZW50IGRpcnMgZXhpc3QsIG5lZWQgdG8gZmFpbCBpZiB0aGV5IGRvbid0CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJvYmplY3QgYXQgZGVzdGluYXRpb24gcGFyZW50IGRpciAnJHBhcmVudF9kaXInIGlzIGN1cnJlbnRseSBhIGZpbGUiCiAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJEZXN0aW5hdGlvbiBkaXJlY3RvcnkgJyRwYXJlbnRfZGlyJyBkb2VzIG5vdCBleGlzdCIKICAgICAgICB9CiAgICB9CgogICAgQ29weS1JdGVtIC1QYXRoICRzcmMgLURlc3RpbmF0aW9uICRyZW1vdGVfZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "src": "C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1625575891.19-215956482876479\\source", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "dest": "C:\\eventlogjs.txt", "checksum": "3d83b7bd9b4b6f109f75affd8ae845d7acd9808d", "_ansible_module_name": "copy", "_ansible_debug": false, "_ansible_verbosity": 3, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_original_basename": "eventlogjs.txt", "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "mode": null, "_ansible_check_mode": false, "_ansible_shell_executable": "/bin/sh", "follow": false, "_ansible_tmpdir": "'C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1625575891.19-215956482876479'"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.act ScriptBlock ID: 075ffb08-eac1-4280-8c93-7222bfa3444f Path:	4104	1		3	2	15	0	2019	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1040	2288	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:33 PM	7f70462d-725d-0005-13ab-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 5): XMgLW5hbWUgInNyYyIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAoJGNvcHlfbW9kZSAtaW4gQCgiZXhwbG9kZSIsInByb2Nlc3MiLCJzaW5nbGUiKSkKJGRlc3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGVzdCIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAkdHJ1ZQoKIyB1c2VkIGluIHNpbmdsZSBtb2RlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCgojIHVzZWQgaW4gcXVlcnkgYW5kIHJlbW90ZSBtb2RlCiRmb3JjZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmb3JjZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCgojIHVzZWQgaW4gcXVlcnkgbW9kZSwgY29udGFpbnMgdGhlIGxvY2FsIGZpbGVzL2RpcmVjdG9yaWVzL3N5bWxpbmtzIHRoYXQgYXJlIHRvIGJlIGNvcGllZAokZmlsZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZmlsZXMiIC10eXBlICJsaXN0IgokZGlyZWN0b3JpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGlyZWN0b3JpZXMiIC10eXBlICJsaXN0Igokc3ltbGlua3MgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3ltbGlua3MiIC10eXBlICJsaXN0IgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCn0KCmlmICgkZGlmZl9tb2RlKSB7CiAgICAkcmVzdWx0LmRpZmYgPSBAe30KfQoKRnVuY3Rpb24gQ29weS1GaWxlKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9maWxlID0gJGZhbHNlCiAgICAkc291cmNlX2NoZWNrc3VtID0gJG51bGwKICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAkc291cmNlX2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkc291cmNlCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBkZXN0IGlzIGFscmVhZHkgYSBmb2xkZXIiCiAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgaWYgKCRmb3JjZSkgewogICAgICAgICAgICAkdGFyZ2V0X2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkZGVzdAogICAgICAgICAgICBpZiAoJHNvdXJjZV9jaGVja3N1bSAtbmUgJHRhcmdldF9jaGVja3N1bSkgewogICAgICAgICAgICAgICAgJGNvcHlfZmlsZSA9ICR0cnVlCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICRjb3B5X2ZpbGUgPSAkdHJ1ZQogICAgfQoKICAgIGlmICgkY29weV9maWxlKSB7CiAgICAgICAgJGZpbGVfZGlyID0gW1N5c3RlbS5JTy5QYXRoXTo6R2V0RGlyZWN0b3J5TmFtZSgkZGVzdCkKICAgICAgICAjIHZhbGlkYXRlIHRoZSBwYXJlbnQgZGlyIGlzIG5vdCBhIGZpbGUgYW5kIHRoYXQgaXQgZXhpc3RzCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZmlsZV9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRmaWxlX2RpcikpIHsKICAgICAgICAgICAgIyBkaXJlY3RvcnkgZG9lc24ndCBleGlzdCwgbmVlZCB0byBjcmVhdGUKICAgICAgICAgICAgTmV3LUl0ZW0gLVBhdGggJGZpbGVfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICIrJGZpbGVfZGlyXGBuIgogICAgICAgIH0KCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBSZW1vdmUtSXRlbSAtUGF0aCAkZGVzdCAtRm9yY2UgLVJlY3Vyc2UgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICItJGRlc3RgbiIKICAgICAgICB9CgogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICMgY2Fubm90IHJ1biB3aXRoIC1XaGF0SWY6JGNoZWNrX21vZGUgYXMgaWYgdGhlIHBhcmVudCBkaXIgZGlkbid0CiAgICAgICAgICAgICMgZXhpc3QgYW5kIHdhcyBjcmVhdGVkIGFib3ZlIHdvdWxkIHN0aWxsIG5vdCBleGlzdCBpbiBjaGVjayBtb2RlCiAgICAgICAgICAgIENvcHktSXRlbSAtUGF0aCAkc291cmNlIC1EZXN0aW5hdGlvbiAkZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgICAgICAkZGlmZiArPSAiKyRkZXN0YG4iCgogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgIyB1Z2x5IGJ1dCB0byBzYXZlIHVzIGZyb20gcnVubmluZyB0aGUgY2hlY2tzdW0gdHdpY2UsIGxldCdzIHJldHVybiBpdCBmb3IKICAgICMgdGhlIG1haW4gY29kZSB0byBhZGQgaXQgdG8gJHJlc3VsdAogICAgcmV0dXJuICxAeyBkaWZmID0gJGRpZmY7IGNoZWNrc3VtID0gJHNvdXJjZV9jaGVja3N1bSB9Cn0KCkZ1bmN0aW9uIENvcHktRm9sZGVyKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9mb2xkZXIgPSAkZmFsc2UKCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgJHBhcmVudF9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRkZXN0KQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgZnJvbSAnJHNvdXJjZScgdG8gJyRkZXN0JzogZGVzdCBpcyBhbHJlYWR5IGEgZmlsZSIKICAgICAgICB9CgogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBDb250YWluZXIgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgJGRpZmYgKz0gIiskZGVzdFxgbiIKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQoKICAgICRjaGlsZF9pdGVtcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJHNvdXJjZSAtRm9yY2UKICAgIGZvcmVhY2ggKCRjaGlsZF9pdGVtIGluICRjaGlsZF9pdGVtcykgewogICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfaXRlbS5OYW1lCiAgICAgICAgaWYgKCRjaGlsZF9pdGVtLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgJGRpZmYgKz0gKENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgIH0KICAgIH0KCiAgICByZXR1cm4gJGRpZmYKfQoKRnVuY3Rpb24gR2V0LUZpbGVTaXplKCRwYXRoKSB7CiAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRwYXRoIC1Gb3JjZQogICAgJHNpemUgPSAkbnVsbAogICAgaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAkZGlyX2ZpbGVzX3N1bSA9IEdldC1DaGlsZEl0ZW0gJGZpbGUuRnVsbE5hbWUgLVJlY3Vyc2UKICAgICAgICBpZiAoJGRpcl9maWxlc19zdW0gLWVxICRudWxsIC1vciAoJGRpcl9maWxlc19zdW0uUFNPYmplY3QuUHJvcGVydGllcy5uYW1lIC1jb250YWlucyAnbGVuZ3RoJyAtZXEgJGZhbHNlKSkgewogICAgICAgICAgICAkc2l6ZSA9IDAKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkc2l6ZSA9ICgkZGlyX2ZpbGVzX3N1bSB8IE1lYXN1cmUtT2JqZWN0IC1wcm9wZXJ0eSBsZW5ndGggLXN1bSkuU3VtCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkc2l6ZSA9ICRmaWxlLkxlbmd0aAogICAgfQoKICAgICRzaXplCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwKCRzcmMsICRkZXN0KSB7CiAgICAkYXJjaGl2ZSA9IFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZV06Ok9wZW4oJHNyYywgW1N5c3RlbS5JTy5Db21wcmVzc2lvbi5aaXBBcmNoaXZlTW9kZV06OlJlYWQsIFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjgpCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJGFyY2hpdmUuRW50cmllcykgewogICAgICAgICRhcmNoaXZlX25hbWUgPSAkZW50cnkuRnVsbE5hbWUKCiAgICAgICAgIyBGdWxsTmFtZSBtYXkgYmUgYXBwZW5kZWQgd2l0aCAvIG9yIFwsIGRldGVybWluZSBpZiBpdCBpcyBwYWRkZWQgYW5kIHJlbW92ZSBpdAogICAgICAgICRwYWRkaW5nX2xlbmd0aCA9ICRhcmNoaXZlX25hbWUuTGVuZ3RoICUgNAogICAgICAgIGlmICgkcGFkZGluZ19sZW5ndGggLWVxIDApIHsKICAgICAgICAgICAgJGlzX2RpciA9ICRmYWxzZQogICAgICAgICAgICAkYmFzZTY0X25hbWUgPSAkYXJjaGl2ZV9uYW1lCiAgICAgICAgfSBlbHNlaWYgKCRwYWRkaW5nX2xlbmd0aCAtZXEgMSkgewogICAgICAgICAgICAkaXNfZGlyID0gJHRydWUKICAgICAgICAgICAgaWYgKCRhcmNoaXZlX25hbWUuRW5kc1dpdGgoIi8iKSAtb3IgJGFyY2hpdmVfbmFtZS5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAgICAgJGJhc2U2NF9uYW1lID0gJGFyY2hpdmVfbmFtZS5TdWJzdHJpbmcoMCwgJGFyY2hpdmVfbmFtZS5MZW5ndGggLSAxKQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgdGhyb3cgImludmFsaWQgYmFzZTY0IGFyY2hpdmUgbmFtZSAnJGFyY2hpdmVfbmFtZSciCiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICB0aHJvdyAiaW52YWxpZCBiYXNlNjQgbGVuZ3RoICckYXJjaGl2ZV9uYW1lJyIKICAgICAgICB9CgogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGJhc2U2NF9uYW1lKSkKICAgICAgICAjIHJlLWFkZCB0aGUgLyB0byB0aGUgZW50cnkgZnVsbCBuYW1lIGlmIGl0IHdhcyBhIGRpcmVjdG9yeQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9ICIkZGVjb2RlZF9hcmNoaXZlX25hbWUvIgogICAgICAgIH0KICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX25hbWUpCiAgICAgICAgJGVudHJ5X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGVudHJ5X3RhcmdldF9wYXRoKQoKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRlbnRyeV9kaXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRlbnRyeV9kaXIgLUl0ZW1UeXBlIERpcmVjdG9yeSAtV2hhdElmOiRjaGVja19tb2RlIHwgT3V0LU51bGwKICAgICAgICB9CgogICAgICAgIGlmICgkaXNfZGlyIC1lcSAkZmFsc2UpIHsKICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgICAgIFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZUV4dGVuc2lvbnNdOjpFeHRyYWN0VG9GaWxlKCRlbnRyeSwgJGVudHJ5X3RhcmdldF9wYXRoLCAkdHJ1ZSkKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KICAgICRhcmNoaXZlLkRpc3Bvc2UoKSAgIyByZWxlYXNlIHRoZSBoYW5kbGUgb2YgdGhlIHppcCBmaWxlCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwTGVnYWN5KCRzcmMsICRkZXN0KSB7CiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0KSkgewogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICB9CiAgICAkc2hlbGwgPSBOZXctT2JqZWN0IC1Db21PYmplY3QgU2hlbGwuQXBwbGljYXRpb24KICAgICR6aXAgPSAkc2hlbGwuTmFtZVNwYWNlKCRzcmMpCiAgICAkZGVzdF9wYXRoID0gJHNoZWxsLk5hbWVTcGFjZSgkZGVzdCkKCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJHppcC5JdGVtcygpKSB7CiAgICAgICAgJGlzX2RpciA9ICRlbnRyeS5Jc0ZvbGRlcgogICAgICAgICRlbmNvZGVkX2FyY2hpdmVfZW50cnkgPSAkZW50cnkuTmFtZQogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRlbmNvZGVkX2FyY2hpdmVfZW50cnkpKQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSAiJGRlY29kZWRfYXJjaGl2ZV9lbnRyeS8iCiAgICAgICAgfQoKICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX2VudHJ5KQogICAgICAgICRlbnRyeV9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRlbnRyeV90YXJnZXRfcGF0aCkKCiAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkZW50cnlfZGlyKSkgewogICAgICAgICAgICBOZXctSXRlbSAtUGF0aCAkZW50cnlfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfQoKICAgICAgICBpZiAoJGlzX2RpciAtZXEgJGZhbHNlIC1hbmQgKC1ub3QgJGNoZWNrX21vZGUpKSB7CiAgICAgICAgICAgICMgaHR0cHM6Ly9tc2RuLm1pY3Jvc29mdC5jb20vZW4tdXMvbGlicmFyeS93aW5kb3dzL2Rlc2t0b3AvYmI3ODc4NjYuYXNweAogICAgICAgICAgICAjIEZyb20gRm9sZGVyLkNvcHlIZXJlIGRvY3VtZW50YXRpb24sIDEwNDQgbWVhbnM6CiAgICAgICAgICAgICMgIC0gMTAyNDogZG8gbm90IGRpc3BsYXkgYSB1c2VyIGludGVyZmFjZSBpZiBhbiBlcnJvciBvY2N1cnMKICAgICAgICAgICAgIyAgLSAgIDE2OiByZXNwb25kIHdpdGggInllcyB0byBhbGwiIGZvciBhbnkgZGlhbG9nIGJveCB0aGF0IGlzIGRpc3BsYXllZAogICAgICAgICAgICAjICAtICAgIDQ6IGRvIG5vdCBkaXNwbGF5IGEgcHJvZ3Jlc3MgZGlhbG9nIGJveAogICAgICAgICAgICAkZGVzdF9wYXRoLkNvcHlIZXJlKCRlbnRyeSwgMTA0NCkKCiAgICAgICAgICAgICMgb25jZSBmaWxlIGlzIGV4dHJhY2VkLCB3ZSBuZWVkIHRvIHJlbmFtZSBpdCB3aXRoIG5vbiBiYXNlNjQgbmFtZQogICAgICAgICAgICAkY29tYmluZWRfZW5jb2RlZF9wYXRoID0gW1N5c3RlbS5JTy5QYXRoXTo6Q29tYmluZSgkZGVzdCwgJGVuY29kZWRfYXJjaGl2ZV9lbnRyeSkKICAgICAgICAgICAgTW92ZS1JdGVtIC1QYXRoICRjb21iaW5lZF9lbmNvZGVkX3BhdGggLURlc3RpbmF0aW9uICRlbnRyeV90YXJnZXRfcGF0aCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0KfQoKaWYgKCRjb3B5X21vZGUgLWVxICJxdWVyeSIpIHsKICAgICMgd2Ugb25seSByZXR1cm4gYSBsaXN0IG9mIGZpbGVzL2RpcmVjdG9yaWVzIHRoYXQgbmVlZCB0byBiZSBjb3BpZWQgb3ZlcgogICAgIyB0aGUgc291cmNlIG9mIHRoZSBsb2NhbCBmaWxlIHdpbGwgYmUgdGhlIGtleSB1c2VkCiAgICAkY2hhbmdlZF9maWxlcyA9IEAoKQogICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgPSBAKCkKICAgICRjaGFuZ2VkX3N5bWxpbmtzID0gQCgpCgogICAgZm9yZWFjaCAoJGZpbGUgaW4gJGZpbGVzKSB7CiAgICAgICAgJGZpbGVuYW1lID0gJGZpbGUuZGVzdAogICAgICAgICRsb2NhbF9jaGVja3N1bSA9ICRmaWxlLmNoZWNrc3VtCgogICAgICAgICRmaWxlcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoICRmaWxlbmFtZQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGZpbGVwYXRoIC1QYXRoVHlw ScriptBlock ID: 075ffb08-eac1-4280-8c93-7222bfa3444f Path:	4104	1		3	2	15	0	2018	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1040	2288	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:33 PM	7f70462d-725d-0005-13ab-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 5): gICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTUsIEpvbiBIYXdrZXN3b3J0aCAoQGpoYXdrZXN3b3J0aCkgPGZpZ3NAdW5pdHkuZGVtb24uY28udWs+CiMgQ29weXJpZ2h0OiAoYykgMjAxNywgQW5zaWJsZSBQcm9qZWN0CiMgR05VIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgdjMuMCsgKHNlZSBDT1BZSU5HIG9yIGh0dHBzOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvZ3BsLTMuMC50eHQpCgojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxlZ2FjeQoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKJHBhcmFtcyA9IFBhcnNlLUFyZ3MgLWFyZ3VtZW50cyAkYXJncyAtc3VwcG9ydHNfY2hlY2tfbW9kZSAkdHJ1ZQokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtdHlwZSAiYm9vbCIgLWRlZmF1bHQgJGZhbHNlCiRkaWZmX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfZGlmZiIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQoKIyB0aGVyZSBhcmUgNCBtb2RlcyB0byB3aW5fY29weSB3aGljaCBhcmUgZHJpdmVuIGJ5IHRoZSBhY3Rpb24gcGx1Z2luczoKIyAgIGV4cGxvZGU6IHNyYyBpcyBhIHppcCBmaWxlIHdoaWNoIG5lZWRzIHRvIGJlIGV4dHJhY3RlZCB0byBkZXN0LCBmb3IgdXNlIHdpdGggbXVsdGlwbGUgZmlsZXMKIyAgIHF1ZXJ5OiB3aW5fY29weSBhY3Rpb24gcGx1Z2luIHdhbnRzIHRvIGdldCB0aGUgc3RhdGUgb2YgcmVtb3RlIGZpbGVzIHRvIGNoZWNrIHdoZXRoZXIgaXQgbmVlZHMgdG8gc2VuZCB0aGVtCiMgICByZW1vdGU6IGFsbCBjb3B5IGFjdGlvbiBpcyBoYXBwZW5pbmcgcmVtb3RlbHkgKHJlbW90ZV9zcmM9VHJ1ZSkKIyAgIHNpbmdsZTogYSBzaW5nbGUgZmlsZSBoYXMgYmVlbiBjb3BpZWQsIGFsc28gdXNlZCB3aXRoIHRlbXBsYXRlCiRjb3B5X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2NvcHlfbW9kZSIgLXR5cGUgInN0ciIgLWRlZmF1bHQgInNpbmdsZSIgLXZhbGlkYXRlc2V0ICJleHBsb2RlIiwicXVlcnkiLCJyZW1vdGUiLCJzaW5nbGUiCgojIHVzZWQgaW4gZXhwbG9kZSwgcmVtb3RlIGFuZCBzaW5nbGUgbW9kZQokc3JjID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhb ScriptBlock ID: 075ffb08-eac1-4280-8c93-7222bfa3444f Path:	4104	1		3	2	15	0	2017	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1040	2288	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:33 PM	7f70462d-725d-0005-13ab-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 5): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICA ScriptBlock ID: 075ffb08-eac1-4280-8c93-7222bfa3444f Path:	4104	1		3	2	15	0	2016	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1040	2288	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:33 PM	7f70462d-725d-0005-13ab-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	2015	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1040	4576	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:33 PM	7f70462d-725d-0004-72d3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1040 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	2014	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1040	4296	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:33 PM	7f70462d-725d-0004-72d3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	2013	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1040	4576	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:33 PM	7f70462d-725d-0004-72d3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): begin { $path = 'C:\Users\Admin\AppData\Local\Temp\ansible-tmp-1625575891.19-215956482876479\source' $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 $fd = [System.IO.File]::Create($path) $sha1 = [System.Security.Cryptography.SHA1CryptoServiceProvider]::Create() $bytes = @() #initialize for empty file case } process { $bytes = [System.Convert]::FromBase64String($input) $sha1.TransformBlock($bytes, 0, $bytes.Length, $bytes, 0) | Out-Null $fd.Write($bytes, 0, $bytes.Length) } end { $sha1.TransformFinalBlock($bytes, 0, 0) | Out-Null $hash = [System.BitConverter]::ToString($sha1.Hash).Replace("-", "").ToLowerInvariant() $fd.Close() Write-Output "{""sha1"":""$hash""}" } ScriptBlock ID: b46be66e-64ab-4d05-a8c7-e819c14db4f4 Path:	4104	1		3	2	15	0	2012	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1672	892	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:33 PM	7f70462d-725d-0004-68d3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	2011	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1672	1716	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:33 PM	7f70462d-725d-0004-66d3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1672 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	2010	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1672	4384	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:33 PM	7f70462d-725d-0004-66d3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	2009	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1672	1716	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:33 PM	7f70462d-725d-0004-66d3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: b1195b59-43cc-4f63-9050-4ddae497b052 Path:	4104	1		3	2	15	0	2008	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2196	3652	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:32 PM	7f70462d-725d-0001-741c-767f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } } '@ Function Import-PrivilegeUtil { <# .SYNOPSIS Compiles the C# code that can be used to manage Windows privileges from an Ansible module. Once this function is called, the following PowerShell cmdlets can be used; Get-AnsiblePrivilege Set-AnsiblePrivilege The above cmdlets give the ability to manage permissions on the current process token but the underlying .NET classes are also exposed for greater control. The following functions can be used by calling the .NET class [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($name) [Ansible.PrivilegeUtil.Privileges]::DisablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::DisableAllPrivileges($process) [Ansible.PrivilegeUtil.Privileges]::EnablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process) [Ansible.PrivilegeUtil.Privileges]::RemovePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process, $new_state) Here is a brief explanation of each type of arg $process = The process handle to manipulate, use '[Ansible.PrivilegeUtils.Privileges]::GetCurrentProcess()' to get the current process handle $name = The name of the privilege, this is the constant value from https://docs.microsoft.com/en-us/windows/desktop/SecAuthZ/privilege-constants, e.g. SeAuditPrivilege $new_state = 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' The key is the constant name as a string, the value is a ternary boolean where true - will enable the privilege false - will disable the privilege null - will remove the privilege Each method that changes the privilege state will return a dictionary that can be used as the $new_state arg of SetTokenPrivileges to undo and revert back to the original state. If you remove a privilege then this is irreversible and won't be part of the returned dict #> [CmdletBinding()] # build the C# code to compile $namespace_import = ($ansible_privilege_util_namespaces | ForEach-Object { "using $_;" }) -join "`r`n" $platform_util = "$namespace_import`r`n`r`n$ansible_privilege_util_code" # FUTURE: find a better way to get the _ansible_remote_tmp variable # this is used to force csc to compile the C# code in the remote tmp # specified $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $platform_util $env:TMP = $original_tmp } Function Get-AnsiblePrivilege { <# .SYNOPSIS Get the status of a privilege for the current process. This returns $true - the privilege is enabled $false - the privilege is disabled $null - the privilege is removed from the token If Name is not a valid privilege name, this will throw an ArgumentException. .EXAMPLE Get-AnsiblePrivilege -Name SeDebugPrivilege #> [CmdletBinding()] param( [Parameter(Mandatory=$true)][String]$Name ) if (-not [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($Name)) { throw [System.ArgumentException] "Invalid privilege name '$Name'" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() $privilege_info = [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process_token) if ($privilege_info.ContainsKey($Name)) { $status = $privilege_info.$Name return $status.HasFlag([Ansible.PrivilegeUtil.PrivilegeAttributes]::Enabled) } else { return $null } } Function Set-AnsiblePrivilege { <# .SYNOPSIS Enables/Disables a privilege on the current process' token. If a privilege has been removed from the process token, this will throw an InvalidOperationException. .EXAMPLE # enable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $true # disable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $false #> [CmdletBinding(SupportsShouldProcess)] param( [Parameter(Mandatory=$true)][String]$Name, [Parameter(Mandatory=$true)][bool]$Value ) $action = switch($Value) { $true { "Enable" } $false { "Disable" } } $current_state = Get-AnsiblePrivilege -Name $Name if ($current_state -eq $Value) { return # no change needs to occur } elseif ($null -eq $current_state) { # once a privilege is removed from a token we cannot do anything with it throw [System.InvalidOperationException] "Cannot $($action.ToLower()) the privilege '$Name' as it has been removed from the token" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() if ($PSCmdlet.ShouldProcess($Name, "$action the privilege $Name")) { $new_state = New-Object -TypeName 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' $new_state.Add($Name, $Value) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process_token, $new_state) > $null } } Export-ModuleMember -Function Import-PrivilegeUtil, Get-AnsiblePrivilege, Set-AnsiblePrivilege ` -Variable ansible_privilege_util_namespaces, ansible_privilege_util_code ScriptBlock ID: dfecb186-51c1-4cbd-8c13-fbc05f3c4b0f Path:	4104	1		3	2	15	0	2007	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2196	3652	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:32 PM	7f70462d-725d-0000-9aac-757f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): # Copyright (c) 2018 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) # store in separate variables to make it easier for other module_utils to # share this code in their own c# code $ansible_privilege_util_namespaces = @( "Microsoft.Win32.SafeHandles", "System", "System.Collections.Generic", "System.Linq", "System.Runtime.InteropServices", "System.Security.Principal", "System.Text" ) $ansible_privilege_util_code = @' namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } ScriptBlock ID: dfecb186-51c1-4cbd-8c13-fbc05f3c4b0f Path:	4104	1		3	2	15	0	2006	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2196	3652	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:32 PM	7f70462d-725d-0000-9aac-757f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) #Requires -Module Ansible.ModuleUtils.PrivilegeUtil Function Load-LinkUtils() { $link_util = @' using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } } '@ # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $link_util $env:TMP = $original_tmp Import-PrivilegeUtil # enable the SeBackupPrivilege if it is disabled $state = Get-AnsiblePrivilege -Name SeBackupPrivilege if ($state -eq $false) { Set-AnsiblePrivilege -Name SeBackupPrivilege -Value $true } } Function Get-Link($link_path) { $link_info = [Ansible.LinkUtil]::GetLinkInfo($link_path) return $link_info } Function Remove-Link($link_path) { [Ansible.LinkUtil]::DeleteLink($link_path) } Function New-Link($link_path, $link_target, $link_type) { if (-not (Test-Path -Path $link_target)) { throw "link_target '$link_target' does not exist, cannot create link" } switch($link_type) { "link" { $type = [Ansible.LinkType]::SymbolicLink } "junction" { if (Test-Path -Path $link_target -PathType Leaf) { throw "cannot set the target for a junction point to a file" } $type = [Ansible.LinkType]::JunctionPoint } "hard" { if (Test-Path -Path $link_target -PathType Container) { throw "cannot set the target for a hard link to a directory" } $type = [Ansible.LinkType]::HardLink } default { throw "invalid link_type option $($link_type): expecting link, junction, hard" } } [Ansible.LinkUtil]::CreateLink($link_path, $link_target, $type) } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 5f6f56e9-e2d5-4750-9cab-22bda2bd5a6a Path:	4104	1		3	2	15	0	2005	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2196	3652	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:32 PM	7f70462d-725d-0000-96ac-757f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 993a12bf-8e85-4c36-abc5-183500b9c824 Path:	4104	1		3	2	15	0	2004	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2196	3652	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:32 PM	7f70462d-725d-0000-87ac-757f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (6 of 6): AgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJIYXJkTGluayIgewogICAgICAgICAgICAgICAgJHN0YXQubG5rX3R5cGUgPSAiaGFyZCIKICAgICAgICAgICAgICAgICRzdGF0Lm5saW5rID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cy5Db3VudAoKICAgICAgICAgICAgICAgICMgcmVtb3ZlIGN1cnJlbnQgcGF0aCBmcm9tIHRoZSB0YXJnZXRzCiAgICAgICAgICAgICAgICAkaGxua190YXJnZXRzID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cyB8IFdoZXJlLU9iamVjdCB7ICRfIC1uZSAkc3RhdC5wYXRoIH0KICAgICAgICAgICAgICAgICRzdGF0LmhsbmtfdGFyZ2V0cyA9IEAoJGhsbmtfdGFyZ2V0cykKICAgICAgICAgICAgICAgIGJyZWFrCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9CgogICAgJHJlc3VsdC5zdGF0ID0gJHN0YXQKfQoKRXhpdC1Kc29uICRyZXN1bHQK", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "stat", "_ansible_debug": false, "_ansible_verbosity": 3, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_shell_executable": "/bin/sh", "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "get_checksum": true, "_ansible_check_mode": false, "checksum_algo": "sha1", "follow": false, "path": "C:\\eventlogjs.txt", "_ansible_tmpdir": "'C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1625575891.19-215956482876479'"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 6732723f-de14-4228-b74f-f90260a60541 Path:	4104	1		3	2	15	0	2003	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2196	3652	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:32 PM	7f70462d-725d-0000-81ac-757f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 6): gLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5GaWxlVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxpbmtVdGlsCgpmdW5jdGlvbiBEYXRlVG8tVGltZXN0YW1wKCRzdGFydF9kYXRlLCAkZW5kX2RhdGUpIHsKICAgIGlmICgkc3RhcnRfZGF0ZSAtYW5kICRlbmRfZGF0ZSkgewogICAgICAgIHJldHVybiAoTmV3LVRpbWVTcGFuIC1TdGFydCAkc3RhcnRfZGF0ZSAtRW5kICRlbmRfZGF0ZSkuVG90YWxTZWNvbmRzCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokcGF0aCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJwYXRoIiAtdHlwZSAicGF0aCIgLWZhaWxpZmVtcHR5ICR0cnVlIC1hbGlhc2VzICJkZXN0IiwibmFtZSIKJGdldF9tZDUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZ2V0X21kNSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQokZ2V0X2NoZWNrc3VtID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgImdldF9jaGVja3N1bSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCiRjaGVja3N1bV9hbGdvcml0aG0gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hlY2tzdW1fYWxnb3JpdGhtIiAtdHlwZSAic3RyIiAtZGVmYXVsdCAic2hhMSIgLXZhbGlkYXRlc2V0ICJtZDUiLCJzaGExIiwic2hhMjU2Iiwic2hhMzg0Iiwic2hhNTEyIgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCiAgICBzdGF0ID0gQHsKICAgICAgICBleGlzdHMgPSAkZmFsc2UKICAgIH0KfQoKIyBnZXRfbWQ1IHdpbGwgYmUgYW4gdW5kb2N1bWVudGVkIG9wdGlvbiBpbiAyLjkgdG8gYmUgcmVtb3ZlZCBhdCBhIGxhdGVyCiMgZGF0ZSBpZiBwb3NzaWJsZSAoMy4wKykKaWYgKEdldC1NZW1iZXIgLWlucHV0b2JqZWN0ICRwYXJhbXMgLW5hbWUgImdldF9tZDUiKSB7CiAgICBBZGQtRGVwcmVhY3Rpb25XYXJuaW5nIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiZ2V0X21kNSBoYXMgYmVlbiBkZXByZWNhdGVkIGFsb25nIHdpdGggdGhlIG1kNSByZXR1cm4gdmFsdWUsIHVzZSBnZXRfY2hlY2tzdW09VHJ1ZSBhbmQgY2hlY2tzdW1fYWxnb3JpdGhtPW1kNSBpbnN0ZWFkIiAtdmVyc2lvbiAyLjkKfQoKJGluZm8gPSBHZXQtQW5zaWJsZUl0ZW0gLVBhdGggJHBhdGggLUVycm9yQWN0aW9uIFNpbGVudGx5Q29udGludWUKSWYgKCRpbmZvIC1uZSAkbnVsbCkgewogICAgJGVwb2NoX2RhdGUgPSBHZXQtRGF0ZSAtRGF0ZSAiMDEvMDEvMTk3MCIKICAgICRhdHRyaWJ1dGVzID0gQCgpCiAgICBmb3JlYWNoICgkYXR0cmlidXRlIGluICgkaW5mby5BdHRyaWJ1dGVzIC1zcGxpdCAnLCcpKSB7CiAgICAgICAgJGF0dHJpYnV0ZXMgKz0gJGF0dHJpYnV0ZS5UcmltKCkKICAgIH0KCiAgICAjIGRlZmF1bHQgdmFsdWVzIHRoYXQgYXJlIGFsd2F5cyBzZXQsIHNwZWNpZmljIHZhbHVlcyBhcmUgc2V0IGJlbG93IHRoaXMKICAgICMgYnV0IGFyZSBrZXB0IGNvbW1lbnRlZCBmb3IgZWFzaWVyIHJlYWRhYmlsaXR5CiAgICAkc3RhdCA9IEB7CiAgICAgICAgZXhpc3RzID0gJHRydWUKICAgICAgICBhdHRyaWJ1dGVzID0gJGluZm8uQXR0cmlidXRlcy5Ub1N0cmluZygpCiAgICAgICAgaXNhcmNoaXZlID0gKCRhdHRyaWJ1dGVzIC1jb250YWlucyAiQXJjaGl2ZSIpCiAgICAgICAgaXNkaXIgPSAkZmFsc2UKICAgICAgICBpc2hpZGRlbiA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIkhpZGRlbiIpCiAgICAgICAgaXNqdW5jdGlvbiA9ICRmYWxzZQogICAgICAgIGlzbG5rID0gJGZhbHNlCiAgICAgICAgaXNyZWFkb25seSA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIlJlYWRPbmx5IikKICAgICAgICBpc3JlZyA9ICRmYWxzZQogICAgICAgIGlzc2hhcmVkID0gJGZhbHNlCiAgICAgICAgbmxpbmsgPSAxICAjIE51bWJlciBvZiBsaW5rcyB0byB0aGUgZmlsZSAoaGFyZCBsaW5rcyksIG92ZXJyaWRlbiBiZWxvdyBpZiBpc2xuawogICAgICAgICMgbG5rX3RhcmdldCA9IGlzbG5rIG9yIGlzanVuY3Rpb24gVGFyZ2V0IG9mIHRoZSBzeW1saW5rLiBOb3RlIHRoYXQgcmVsYXRpdmUgcGF0aHMgcmVtYWluIHJlbGF0aXZlCiAgICAgICAgIyBsbmtfc291cmNlID0gaXNsbmsgb3MgaXNqdW5jdGlvbiBUYXJnZXQgb2YgdGhlIHN5bWxpbmsgbm9ybWFsaXplZCBmb3IgdGhlIHJlbW90ZSBmaWxlc3lzdGVtCiAgICAgICAgaGxua190YXJnZXRzID0gQCgpCiAgICAgICAgY3JlYXRpb250aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkNyZWF0aW9uVGltZSkKICAgICAgICBsYXN0YWNjZXNzdGltZSA9IChEYXRlVG8tVGltZXN0YW1wIC1zdGFydF9kYXRlICRlcG9jaF9kYXRlIC1lbmRfZGF0ZSAkaW5mby5MYXN0QWNjZXNzVGltZSkKICAgICAgICBsYXN0d3JpdGV0aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkxhc3RXcml0ZVRpbWUpCiAgICAgICAgIyBzaXplID0gYSBmaWxlIGFuZCBkaXJlY3RvcnkgLSBjYWxjdWxhdGVkIGJlbG93CiAgICAgICAgcGF0aCA9ICRpbmZvLkZ1bGxOYW1lCiAgICAgICAgZmlsZW5hbWUgPSAkaW5mby5OYW1lCiAgICAgICAgIyBleHRlbnNpb24gPSBhIGZpbGUKICAgICAgICAjIG93bmVyID0gc2V0IG91dHNpdGUgdGhpcyBkaWN0IGluIGNhc2UgaXQgZmFpbHMKICAgICAgICAjIHNoYXJlbmFtZSA9IGEgZGlyZWN0b3J5IGFuZCBpc3NoYXJlZCBpcyBUcnVlCiAgICAgICAgIyBjaGVja3N1bSA9IGEgZmlsZSBhbmQgZ2V0X2NoZWNrc3VtOiBUcnVlCiAgICAgICAgIyBtZDUgPSBhIGZpbGUgYW5kIGdldF9tZDU6IFRydWUKICAgIH0KICAgICRzdGF0Lm93bmVyID0gJGluZm8uR2V0QWNjZXNzQ29udHJvbCgpLk93bmVyCgogICAgIyB2YWx1ZXMgdGhhdCBhcmUgc2V0IGFjY29yZGluZyB0byB0aGUgdHlwZSBvZiBmaWxlCiAgICBpZiAoJGluZm8uQXR0cmlidXRlcy5IYXNGbGFnKFtTeXN0ZW0uSU8uRmlsZUF0dHJpYnV0ZXNdOjpEaXJlY3RvcnkpKSB7CiAgICAgICAgJHN0YXQuaXNkaXIgPSAkdHJ1ZQogICAgICAgICRzaGFyZV9pbmZvID0gR2V0LVdtaU9iamVjdCAtQ2xhc3MgV2luMzJfU2hhcmUgLUZpbHRlciAiUGF0aD0nJCgkc3RhdC5wYXRoIC1yZXBsYWNlICdcXCcsICdcXCcpJyIKICAgICAgICBpZiAoJHNoYXJlX2luZm8gLW5lICRudWxsKSB7CiAgICAgICAgICAgICRzdGF0Lmlzc2hhcmVkID0gJHRydWUKICAgICAgICAgICAgJHN0YXQuc2hhcmVuYW1lID0gJHNoYXJlX2luZm8uTmFtZQogICAgICAgIH0KCiAgICAgICAgdHJ5IHsKICAgICAgICAgICAgJHNpemUgPSAwCiAgICAgICAgICAgIGZvcmVhY2ggKCRmaWxlIGluICRpbmZvLkVudW1lcmF0ZUZpbGVzKCIqIiwgW1N5c3RlbS5JTy5TZWFyY2hPcHRpb25dOjpBbGxEaXJlY3RvcmllcykpIHsKICAgICAgICAgICAgICAgICRzaXplICs9ICRmaWxlLkxlbmd0aAogICAgICAgICAgICB9CiAgICAgICAgICAgICRzdGF0LnNpemUgPSAkc2l6ZQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICAkc3RhdC5zaXplID0gMAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHN0YXQuZXh0ZW5zaW9uID0gJGluZm8uRXh0ZW5zaW9uCiAgICAgICAgJHN0YXQuaXNyZWcgPSAkdHJ1ZQogICAgICAgICRzdGF0LnNpemUgPSAkaW5mby5MZW5ndGgKCiAgICAgICAgaWYgKCRnZXRfbWQ1KSB7CiAgICAgICAgICAgIHRyeSB7CiAgICAgICAgICAgICAgICAkc3RhdC5tZDUgPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gIm1kNSIKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJmYWlsZWQgdG8gZ2V0IE1ENSBoYXNoIG9mIGZpbGUsIHJlbW92ZSBnZXRfbWQ1IHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICBpZiAoJGdldF9jaGVja3N1bSkgewogICAgICAgICAgICB0cnkgewogICAgICAgICAgICAgICAgJHN0YXQuY2hlY2tzdW0gPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gJGNoZWNrc3VtX2FsZ29yaXRobQogICAgICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImZhaWxlZCB0byBnZXQgaGFzaCBvZiBmaWxlLCBzZXQgZ2V0X2NoZWNrc3VtIHRvIEZhbHNlIHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KCiAgICAjIEdldCBzeW1ib2xpYyBsaW5rLCBqdW5jdGlvbiBwb2ludCwgaGFyZCBsaW5rIGluZm8KICAgIExvYWQtTGlua1V0aWxzCiAgICB0cnkgewogICAgICAgICRsaW5rX2luZm8gPSBHZXQtTGluayAtbGlua19wYXRoICRpbmZvLkZ1bGxOYW1lCiAgICB9IGNhdGNoIHsKICAgICAgICBBZGQtV2FybmluZyAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBjaGVjay9nZXQgbGluayBpbmZvIGZvciBmaWxlOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgIH0KICAgIGlmICgkbGlua19pbmZvIC1uZSAkbnVsbCkgewogICAgICAgIHN3aXRjaCAoJGxpbmtfaW5mby5UeXBlKSB7CiAgICAgICAgICAgICJTeW1ib2xpY0xpbmsiIHsKICAgICAgICAgICAgICAgICRzdGF0LmlzbG5rID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJKdW5jdGlvblBvaW50IiB7CiAgICAgICAgICAgICAgICAkc3RhdC5pc2p1bmN0aW9uID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgIC ScriptBlock ID: 6732723f-de14-4228-b74f-f90260a60541 Path:	4104	1		3	2	15	0	2002	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2196	3652	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:32 PM	7f70462d-725d-0000-81ac-757f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 6): CAgICAgICAgLy8gV2UgbmVlZCB0byBjcmVhdGUgdGhlIGxpbmsgYXMgYSBkaXIgYmVmb3JlaGFuZAogICAgICAgICAgICBEaXJlY3RvcnkuQ3JlYXRlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgZmlsZUhhbmRsZSA9IENyZWF0ZUZpbGUoCiAgICAgICAgICAgICAgICBsaW5rUGF0aCwKICAgICAgICAgICAgICAgIEZpbGVBY2Nlc3MuV3JpdGUsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuUmVhZCB8IEZpbGVTaGFyZS5Xcml0ZSB8IEZpbGVTaGFyZS5Ob25lLAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICBGaWxlTW9kZS5PcGVuLAogICAgICAgICAgICAgICAgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgfCBGSUxFX0ZMQUdfT1BFTl9SRVBBUlNFX1BPSU5ULAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8pOwoKICAgICAgICAgICAgaWYgKGZpbGVIYW5kbGUuSXNJbnZhbGlkKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlRmlsZSh7MH0pIGZhaWxlZCIsIGxpbmtQYXRoKSk7CgogICAgICAgICAgICB0cnkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gIlxcPz9cXCIgKyBQYXRoLkdldEZ1bGxQYXRoKGxpbmtUYXJnZXQpOwogICAgICAgICAgICAgICAgc3RyaW5nIHByaW50TmFtZSA9IGxpbmtUYXJnZXQ7CgogICAgICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICAgICAgYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0ID0gMDsKICAgICAgICAgICAgICAgIGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCA9IChVSW50MTYpKHN1YnN0aXR1dGVOYW1lLkxlbmd0aCAqIFNJWkVfT0ZfV0NIQVIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZU9mZnNldCA9IChVSW50MTYpKGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCArIDIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZUxlbmd0aCA9IChVSW50MTYpKHByaW50TmFtZS5MZW5ndGggKiBTSVpFX09GX1dDSEFSKTsKCiAgICAgICAgICAgICAgICBidWZmZXIuUmVwYXJzZVRhZyA9IElPX1JFUEFSU0VfVEFHX01PVU5UX1BPSU5UOwogICAgICAgICAgICAgICAgYnVmZmVyLlJlcGFyc2VEYXRhTGVuZ3RoID0gKFVJbnQxNikoYnVmZmVyLlN1YnN0aXR1dGVOYW1lTGVuZ3RoICsgYnVmZmVyLlByaW50TmFtZUxlbmd0aCArIDEyKTsKICAgICAgICAgICAgICAgIGJ1ZmZlci5QYXRoQnVmZmVyID0gbmV3IGNoYXJbTUFYSU1VTV9SRVBBUlNFX0RBVEFfQlVGRkVSX1NJWkVdOwoKICAgICAgICAgICAgICAgIGJ5dGVbXSB1bmljb2RlQnl0ZXMgPSBFbmNvZGluZy5Vbmljb2RlLkdldEJ5dGVzKHN1YnN0aXR1dGVOYW1lICsgIlwwIiArIHByaW50TmFtZSk7CiAgICAgICAgICAgICAgICBjaGFyW10gcGF0aEJ1ZmZlciA9IEVuY29kaW5nLlVuaWNvZGUuR2V0Q2hhcnModW5pY29kZUJ5dGVzKTsKICAgICAgICAgICAgICAgIEFycmF5LkNvcHkocGF0aEJ1ZmZlciwgYnVmZmVyLlBhdGhCdWZmZXIsIHBhdGhCdWZmZXIuTGVuZ3RoKTsKCiAgICAgICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIChVSW50MzIpKGJ1ZmZlci5SZXBhcnNlRGF0YUxlbmd0aCArIDgpLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLCAwLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgdG8gY3JlYXRlIGp1bmN0aW9uIHBvaW50IGF0IHswfSB0byB7MX0iLCBsaW5rUGF0aCwgbGlua1RhcmdldCkpOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZmlsZUhhbmRsZS5EaXNwb3NlKCk7CiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9Cn0KJ0AKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRsaW5rX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKICAgIEltcG9ydC1Qcml2aWxlZ2VVdGlsCiAgICAjIGVuYWJsZSB0aGUgU2VCYWNrdXBQcml2aWxlZ2UgaWYgaXQgaXMgZGlzYWJsZWQKICAgICRzdGF0ZSA9IEdldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQmFja3VwUHJpdmlsZWdlCiAgICBpZiAoJHN0YXRlIC1lcSAkZmFsc2UpIHsKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZSAtTmFtZSBTZUJhY2t1cFByaXZpbGVnZSAtVmFsdWUgJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUxpbmsoJGxpbmtfcGF0aCkgewogICAgJGxpbmtfaW5mbyA9IFtBbnNpYmxlLkxpbmtVdGlsXTo6R2V0TGlua0luZm8oJGxpbmtfcGF0aCkKICAgIHJldHVybiAkbGlua19pbmZvCn0KCkZ1bmN0aW9uIFJlbW92ZS1MaW5rKCRsaW5rX3BhdGgpIHsKICAgIFtBbnNpYmxlLkxpbmtVdGlsXTo6RGVsZXRlTGluaygkbGlua19wYXRoKQp9CgpGdW5jdGlvbiBOZXctTGluaygkbGlua19wYXRoLCAkbGlua190YXJnZXQsICRsaW5rX3R5cGUpIHsKICAgIGlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0KSkgewogICAgICAgIHRocm93ICJsaW5rX3RhcmdldCAnJGxpbmtfdGFyZ2V0JyBkb2VzIG5vdCBleGlzdCwgY2Fubm90IGNyZWF0ZSBsaW5rIgogICAgfQogICAgCiAgICBzd2l0Y2goJGxpbmtfdHlwZSkgewogICAgICAgICJsaW5rIiB7CiAgICAgICAgICAgICR0eXBlID0gW0Fuc2libGUuTGlua1R5cGVdOjpTeW1ib2xpY0xpbmsKICAgICAgICB9CiAgICAgICAgImp1bmN0aW9uIiB7CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGp1bmN0aW9uIHBvaW50IHRvIGEgZmlsZSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SnVuY3Rpb25Qb2ludAogICAgICAgIH0KICAgICAgICAiaGFyZCIgewogICAgICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRsaW5rX3RhcmdldCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGhhcmQgbGluayB0byBhIGRpcmVjdG9yeSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SGFyZExpbmsKICAgICAgICB9CiAgICAgICAgZGVmYXVsdCB7IHRocm93ICJpbnZhbGlkIGxpbmtfdHlwZSBvcHRpb24gJCgkbGlua190eXBlKTogZXhwZWN0aW5nIGxpbmssIGp1bmN0aW9uLCBoYXJkIiB9CiAgICB9CiAgICBbQW5zaWJsZS5MaW5rVXRpbF06OkNyZWF0ZUxpbmsoJGxpbmtfcGF0aCwgJGxpbmtfdGFyZ2V0LCAkdHlwZSkKfQoKIyB0aGlzIGxpbmUgbXVzdCBzdGF5IGF0IHRoZSBib3R0b20gdG8gZW5zdXJlIGFsbCBkZWZpbmVkIG1vZHVsZSBwYXJ0cyBhcmUgZXhwb3J0ZWQKRXhwb3J0LU1vZHVsZU1lbWJlciAtQWxpYXMgKiAtRnVuY3Rpb24gKiAtQ21kbGV0ICoK", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWU ScriptBlock ID: 6732723f-de14-4228-b74f-f90260a60541 Path:	4104	1		3	2	15	0	2001	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2196	3652	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:32 PM	7f70462d-725d-0000-81ac-757f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 6): G1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgb3ZlcnJpZGUgc3RyaW5nIE1lc3NhZ2UgeyBnZXQgeyByZXR1cm4gX21zZzsgfSB9CiAgICAgICAgcHVibGljIHN0YXRpYyBleHBsaWNpdCBvcGVyYXRvciBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBMaW5rSW5mbwogICAgewogICAgICAgIHB1YmxpYyBMaW5rVHlwZSBUeXBlIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICBwdWJsaWMgc3RyaW5nIFByaW50TmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBTdWJzdGl0dXRlTmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBBYnNvbHV0ZVBhdGggeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIHB1YmxpYyBzdHJpbmcgVGFyZ2V0UGF0aCB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZ1tdIEhhcmRUYXJnZXRzIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgIH0KCiAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICBwdWJsaWMgc3RydWN0IFJFUEFSU0VfREFUQV9CVUZGRVIKICAgIHsKICAgICAgICBwdWJsaWMgVUludDMyIFJlcGFyc2VUYWc7CiAgICAgICAgcHVibGljIFVJbnQxNiBSZXBhcnNlRGF0YUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFJlc2VydmVkOwogICAgICAgIHB1YmxpYyBVSW50MTYgU3Vic3RpdHV0ZU5hbWVPZmZzZXQ7CiAgICAgICAgcHVibGljIFVJbnQxNiBTdWJzdGl0dXRlTmFtZUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZU9mZnNldDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZUxlbmd0aDsKCiAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkJ5VmFsQXJyYXksIFNpemVDb25zdCA9IExpbmtVdGlsLk1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFKV0KICAgICAgICBwdWJsaWMgY2hhcltdIFBhdGhCdWZmZXI7CiAgICB9CgogICAgcHVibGljIGNsYXNzIExpbmtVdGlsCiAgICB7CiAgICAgICAgcHVibGljIGNvbnN0IGludCBNQVhJTVVNX1JFUEFSU0VfREFUQV9CVUZGRVJfU0laRSA9IDEwMjQgKiAxNjsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgPSAweDAyMDAwMDAwOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgPSAweDAwMjAwMDAwOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBGU0NUTF9HRVRfUkVQQVJTRV9QT0lOVCA9IDB4MDAwOTAwQTg7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQgPSAweDAwMDkwMEE0OwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfREVWSUNFX0ZJTEVfU1lTVEVNID0gMHgwMDA5MDAwMDsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgSU9fUkVQQVJTRV9UQUdfTU9VTlRfUE9JTlQgPSAweEEwMDAwMDAzOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIElPX1JFUEFSU0VfVEFHX1NZTUxJTksgPSAweEEwMDAwMDBDOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1MSU5LX0ZMQUdfUkVMQVRJVkUgPSAweDAwMDAwMDAxOwoKICAgICAgICBwcml2YXRlIGNvbnN0IEludDY0IElOVkFMSURfSEFORExFX1ZBTFVFID0gLTE7CgogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIFNJWkVfT0ZfV0NIQVIgPSAyOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRSA9IDB4MDAwMDAwMDA7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgU1lNQk9MSUNfTElOS19GTEFHX0RJUkVDVE9SWSA9IDB4MDAwMDAwMDE7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBTYWZlRmlsZUhhbmRsZSBDcmVhdGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLlU0KV0gRmlsZUFjY2VzcyBkd0Rlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5VNCldIEZpbGVTaGFyZSBkd1NoYXJlTW9kZSwKICAgICAgICAgICAgSW50UHRyIGxwU2VjdXJpdHlBdHRyaWJ1dGVzLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuVTQpXSBGaWxlTW9kZSBkd0NyZWF0aW9uRGlzcG9zaXRpb24sCiAgICAgICAgICAgIFVJbnQzMiBkd0ZsYWdzQW5kQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGhUZW1wbGF0ZUZpbGUpOwoKICAgICAgICAvLyBVc2VkIGJ5IEdldFJlcGFyc2VQb2ludEluZm8oKQogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIERldmljZUlvQ29udHJvbCgKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaERldmljZSwKICAgICAgICAgICAgVUludDMyIGR3SW9Db250cm9sQ29kZSwKICAgICAgICAgICAgSW50UHRyIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgUkVQQVJTRV9EQVRBX0JVRkZFUiBscE91dEJ1ZmZlciwKICAgICAgICAgICAgVUludDMyIG5PdXRCdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgVUludDMyIGxwQnl0ZXNSZXR1cm5lZCwKICAgICAgICAgICAgSW50UHRyIGxwT3ZlcmxhcHBlZCk7CgogICAgICAgIC8vIFVzZWQgYnkgQ3JlYXRlSnVuY3Rpb25Qb2ludCgpCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIGJvb2wgRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICBTYWZlRmlsZUhhbmRsZSBoRGV2aWNlLAogICAgICAgICAgICBVSW50MzIgZHdJb0NvbnRyb2xDb2RlLAogICAgICAgICAgICBSRVBBUlNFX0RBVEFfQlVGRkVSIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBJbnRQdHIgbHBPdXRCdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuT3V0QnVmZmVyU2l6ZSwKICAgICAgICAgICAgb3V0IFVJbnQzMiBscEJ5dGVzUmV0dXJuZWQsCiAgICAgICAgICAgIEludFB0ciBscE92ZXJsYXBwZWQpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBHZXRWb2x1bWVQYXRoTmFtZSgKICAgICAgICAgICAgc3RyaW5nIGxwc3pGaWxlTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscHN6Vm9sdW1lUGF0aE5hbWUsCiAgICAgICAgICAgIHJlZiBVSW50MzIgY2NoQnVmZmVyTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIEludFB0ciBGaW5kRmlyc3RGaWxlTmFtZVcoCiAgICAgICAgICAgIHN0cmluZyBscEZpbGVOYW1lLAogICAgICAgICAgICBVSW50MzIgZHdGbGFncywKICAgICAgICAgICAgcmVmIFVJbnQzMiBTdHJpbmdMZW5ndGgsCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgTGlua05hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBGaW5kTmV4dEZpbGVOYW1lVygKICAgICAgICAgICAgSW50UHRyIGhGaW5kU3RyZWFtLAogICAgICAgICAgICByZWYgVUludDMyIFN0cmluZ0xlbmd0aCwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBMaW5rTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEZpbmRDbG9zZSgKICAgICAgICAgICAgSW50UHRyIGhGaW5kRmlsZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeSgKICAgICAgICAgICAgc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBEZWxldGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIENyZWF0ZVN5bWJvbGljTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwU3ltbGlua0ZpbGVOYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBUYXJnZXRGaWxlTmFtZSwKICAgICAgICAgICAgVUludDMyIGR3RmxhZ3MpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVIYXJkTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwRmlsZU5hbWUsCiAgICAgICAgICAgIHN0cmluZyBscEV4aXN0aW5nRmlsZU5hbWUsCiAgICAgICAgICAgIEludFB0ciBscFNlY3VyaXR5QXR0cmlidXRlcyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgTGlua0luZm8gR2V0TGlua0luZm8oc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rUGF0aCk7CiAgICAgICAgICAgIGlmIChhdHRyLkhhc0ZsYWcoRmlsZUF0dHJpYnV0ZXMuUmVwYXJzZVBvaW50KSkKICAgICAgICAgICAgICAgIHJldHVybiBHZXRSZXBhcnNlUG9pbnRJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIGlmICghYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICByZXR1cm4gR2V0SGFyZExpbmtJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIHJldHVybiBudWxsOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUxpbmsoc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgYm9vbCBzdWNjZXNzOwogICAgICAgICAgICBGaWxlQXR0cmlidXRlcyBhdHRyID0gRmlsZS5HZXRBdHRyaWJ1dGVzKGxpbmtQYXRoKTsKICAgICAgICAgICAgaWYgKGF0dHIuSGFzRmxhZyhGaWxlQXR0cmlidXRlcy5EaXJlY3RvcnkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzdWNjZXNzID0gUmVtb3ZlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIHN1Y2Nlc3MgPSBEZWxldGVGaWxlKGxpbmtQYXRoKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgaWYgKCFzdWNjZXNzKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRmFpbGVkIHRvIGRlbGV0ZSBsaW5rIGF0IHswfSIsIGxpbmtQYXRoKSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgQ3JlYXRlTGluayhzdHJpbmcgbGlua1BhdGgsIFN0cmluZyBsaW5rVGFyZ2V0LCBMaW5rVHlwZSBsaW5rVHlwZSkKICAgICAgICB7CiAgICAgICAgICAgIHN3aXRjaCAobGlua1R5cGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGNhc2UgTGlua1R5cGUuU3ltYm9saWNMaW5rOgogICAgICAgICAgICAgICAgICAgIFVJbnQzMiBsaW5rRmxhZ3M7CiAgICAgICAgICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rVGFyZ2V0KTsKICAgICAgICAgICAgICAgICAgICBpZiAoYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICAgICAgICAgIGxpbmtGbGFncyA9IFNZTUJPTElDX0xJTktfRkxBR19ESVJFQ1RPUlk7CiAgICAgICAgICAgICAgICAgICAgZWxzZQogICAgICAgICAgICAgICAgICAgICAgICBsaW5rRmxhZ3MgPSBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRTsKCiAgICAgICAgICAgICAgICAgICAgaWYgKCFDcmVhdGVTeW1ib2xpY0xpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIGxpbmtGbGFncykpCiAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZVN5bWJvbGljTGluayh7MH0sIHsxfSwgezJ9KSBmYWlsZWQiLCBsaW5rUGF0aCwgbGlua1RhcmdldCwgbGlua0ZsYWdzKSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkp1bmN0aW9uUG9pbnQ6CiAgICAgICAgICAgICAgICAgICAgQ3JlYXRlSnVuY3Rpb25Qb2ludChsaW5rUGF0aCwgbGlua1RhcmdldCk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkhhcmRMaW5rOgogICAgICAgICAgICAgICAgICAgIGlmICghQ3JlYXRlSGFyZExpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlSGFyZExpbmsoezB9LCB7MX0pIGZhaWxlZCIsIGxpbmtQYXRoLCBsaW5rVGFyZ2V0KSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgIH0KICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIExpbmtJbmZvIEdldEhhcmRMaW5rSW5mbyhzdHJpbmcgbGlua1BhdGgpCiAgICAgICAgewogICAgICAgICAgICBVSW50MzIgbWF4UGF0aCA9IDI2MDsKICAgICAgICAgICAgTGlzdDxzdHJpbmc+IHJlc3VsdCA9IG5ldyBMaXN0PHN0cmluZz4oKTsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgc2IgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KW1heFBhdGgpOwogICAgICAgICAgICBVSW50MzIgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgaWYgKCFHZXRWb2x1bWVQYXRoTmFtZShsaW5rUGF0aCwgc2IsIHJlZiBzdHJpbmdMZW5ndGgpKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oIkdldFZvbHVtZVBhdGhOYW1lKCkgZmFpbGVkIik7CiAgICAgICAgICAgIHN0cmluZyB2b2x1bWUgPSBzYi5Ub1N0cmluZygpOwoKICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgSW50UHRyIGZpbmRIYW5kbGUgPSBGaW5kRmlyc3RGaWxlTmFtZVcobGlua1BhdGgsIDAsIHJlZiBzdHJpbmdMZW5ndGgsIHNiKTsKICAgICAgICAgICAgaWYgKGZpbmRIYW5kbGUuVG9JbnQ2NCgpICE9IElOVkFMSURfSEFORExFX1ZBTFVFKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBkbwogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nIGhhcmRMaW5rUGF0aCA9IHNiLlRvU3RyaW5nKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChoYXJkTGlua1BhdGguU3RhcnRzV2l0aCgiXFwiKSkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIGhhcmRMaW5rUGF0aCA9IGhhcmRMaW5rUGF0aC5TdWJzdHJpbmcoMSwgaGFyZExpbmtQYXRoLkxlbmd0aCAtIDEpOwoKICAgICAgICAgICAgICAgICAgICAgICAgcmVzdWx0LkFkZChQYXRoLkNvbWJpbmUodm9sdW1lLCBoYXJkTGlua1BhdGgpKTsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKCiAgICAgICAgICAgICAgICAgICAgfSB3aGlsZSAoRmluZE5leHRGaWxlTmFtZVcoZmluZEhhbmRsZSwgcmVmIHN0cmluZ0xlbmd0aCwgc2IpKTsKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBGaW5kQ2xvc2UoZmluZEhhbmRsZSk7CiAgICAgICAgICAgICAgICB9ICAgICAgICAgICAgICAgIAogICAgICAgICAgICB9CgogICAgICAgICAgICBpZiAocmVzdWx0LkNvdW50ID4gMSkKICAgICAgICAgICAgICAgIHJldHVybiBuZXcgTGlua0luZm8KICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBUeXBlID0gTGlua1R5cGUuSGFyZExpbmssCiAgICAgICAgICAgICAgICAgICAgSGFyZFRhcmdldHMgPSByZXN1bHQuVG9BcnJheSgpCiAgICAgICAgICAgICAgICB9OwoKICAgICAgICAgICAgcmV0dXJuIG51bGw7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBMaW5rSW5mbyBHZXRSZXBhcnNlUG9pbnRJbmZvKHN0cmluZyBsaW5rUGF0aCkKICAgICAgICB7CiAgICAgICAgICAgIFNhZmVGaWxlSGFuZGxlIGZpbGVIYW5kbGUgPSBDcmVhdGVGaWxlKAogICAgICAgICAgICAgICAgbGlua1BhdGgsCiAgICAgICAgICAgICAgICBGaWxlQWNjZXNzLlJlYWQsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuTm9uZSwKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgRmlsZU1vZGUuT3BlbiwKICAgICAgICAgICAgICAgIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgfCBGSUxFX0ZMQUdfQkFDS1VQX1NFTUFOVElDUywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKTsKCiAgICAgICAgICAgIGlmIChmaWxlSGFuZGxlLklzSW52YWxpZCkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZUZpbGUoezB9KSBmYWlsZWQiLCBsaW5rUGF0aCkpOyAgICAgICAgICAgIAoKICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfR0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICAgICAgMCwKICAgICAgICAgICAgICAgICAgICBvdXQgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIE1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgZm9yIGZpbGUgYXQgezB9IiwgbGlua1BhdGgpKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUuRGlzcG9zZSgpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBib29sIGlzUmVsYXRpdmUgPSBmYWxzZTsKICAgICAgICAgICAgaW50IHBhdGhPZmZzZXQgPSAwOwogICAgICAgICAgICBMaW5rVHlwZSBsaW5rVHlwZTsKICAgICAgICAgICAgaWYgKGJ1ZmZlci5SZXBhcnNlVGFnID09IElPX1JFUEFSU0VfVEFHX1NZTUxJTkspCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFVJbnQzMiBidWZmZXJGbGFncyA9IENvbnZlcnQuVG9VSW50MzIoYnVmZmVyLlBhdGhCdWZmZXJbMF0pICsgQ29udmVydC5Ub1VJbnQzMihidWZmZXIuUGF0aEJ1ZmZlclsxXSk7CiAgICAgICAgICAgICAgICBpZiAoYnVmZmVyRmxhZ3MgPT0gU1lNTElOS19GTEFHX1JFTEFUSVZFKQogICAgICAgICAgICAgICAgICAgIGlzUmVsYXRpdmUgPSB0cnVlOwogICAgICAgICAgICAgICAgcGF0aE9mZnNldCA9IDI7CiAgICAgICAgICAgICAgICBsaW5rVHlwZSA9IExpbmtUeXBlLlN5bWJvbGljTGluazsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlIGlmIChidWZmZXIuUmVwYXJzZVRhZyA9PSBJT19SRVBBUlNFX1RBR19NT1VOVF9QT0lOVCkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgbGlua1R5cGUgPSBMaW5rVHlwZS5KdW5jdGlvblBvaW50OwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIGVycm9yTWVzc2FnZSA9IFN0cmluZy5Gb3JtYXQoIkludmFsaWQgUmVwYXJzZSBUYWc6IHswfSIsIGJ1ZmZlci5SZXBhcnNlVGFnLlRvU3RyaW5nKCkpOwogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEV4Y2VwdGlvbihlcnJvck1lc3NhZ2UpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBzdHJpbmcgcHJpbnROYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlByaW50TmFtZU9mZnNldCAvIFNJWkVfT0ZfV0NIQVIpICsgcGF0aE9mZnNldCwgKGludCkoYnVmZmVyLlByaW50TmFtZUxlbmd0aCAvIFNJWkVfT0ZfV0NIQVIpKTsKICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0IC8gU0laRV9PRl9XQ0hBUikgKyBwYXRoT2Zmc2V0LCAoaW50KShidWZmZXIuU3Vic3RpdHV0ZU5hbWVMZW5ndGggLyBTSVpFX09GX1dDSEFSKSk7CgogICAgICAgICAgICAvLyBUT0RPOiBzaG91bGQgd2UgY2hlY2sgZm9yIFw/XFVOQ1xzZXJ2ZXIgZm9yIGNvbnZlcnQgaXQgdG8gdGhlIE5UIHN0eWxlIFxcc2VydmVyIHBhdGgKICAgICAgICAgICAgLy8gUmVtb3ZlIHRoZSBsZWFkaW5nIFdpbmRvd3Mgb2JqZWN0IGRpcmVjdG9yeSBcP1wgZnJvbSB0aGUgcGF0aCBpZiBwcmVzZW50CiAgICAgICAgICAgIHN0cmluZyB0YXJnZXRQYXRoID0gc3Vic3RpdHV0ZU5hbWU7CiAgICAgICAgICAgIGlmICh0YXJnZXRQYXRoLlN0YXJ0c1dpdGgoIlxcPz9cXCIpKQogICAgICAgICAgICAgICAgdGFyZ2V0UGF0aCA9IHRhcmdldFBhdGguU3Vic3RyaW5nKDQsIHRhcmdldFBhdGguTGVuZ3RoIC0gNCk7CgogICAgICAgICAgICBzdHJpbmcgYWJzb2x1dGVQYXRoID0gdGFyZ2V0UGF0aDsKICAgICAgICAgICAgaWYgKGlzUmVsYXRpdmUpCiAgICAgICAgICAgICAgICBhYnNvbHV0ZVBhdGggPSBQYXRoLkdldEZ1bGxQYXRoKFBhdGguQ29tYmluZShuZXcgRmlsZUluZm8obGlua1BhdGgpLkRpcmVjdG9yeS5GdWxsTmFtZSwgdGFyZ2V0UGF0aCkpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBMaW5rSW5mbwogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBUeXBlID0gbGlua1R5cGUsCiAgICAgICAgICAgICAgICBQcmludE5hbWUgPSBwcmludE5hbWUsCiAgICAgICAgICAgICAgICBTdWJzdGl0dXRlTmFtZSA9IHN1YnN0aXR1dGVOYW1lLAogICAgICAgICAgICAgICAgQWJzb2x1dGVQYXRoID0gYWJzb2x1dGVQYXRoLAogICAgICAgICAgICAgICAgVGFyZ2V0UGF0aCA9IHRhcmdldFBhdGgKICAgICAgICAgICAgfTsKICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIHZvaWQgQ3JlYXRlSnVuY3Rpb25Qb2ludChzdHJpbmcgbGlua1BhdGgsIHN0cmluZyBsaW5rVGFyZ2V0KQogICAgICAgIHsKICAgI ScriptBlock ID: 6732723f-de14-4228-b74f-f90260a60541 Path:	4104	1		3	2	15	0	2000	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2196	3652	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:32 PM	7f70462d-725d-0000-81ac-757f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 6): nNoYWwgdGhlIGJ5dGVzIHJlcXVpcmVzIGZvciBuZXdTdGF0ZSBhcyB0aGUgY29uc3RhbnQgc2l6ZQogICAgICAgICAgICAgICAgLy8gb2YgTFVJRF9BTkRfQVRUUklCVVRFUyBpcyBzZXQgdG8gMSBhbmQgY2FuJ3QgYmUgb3ZlcnJpZGRlbiBhdCBydW50aW1lLCBUT0tFTl9QUklWSUxFR0VTCiAgICAgICAgICAgICAgICAvLyBhbHdheXMgY29udGFpbnMgYXQgbGVhc3QgMSBlbnRyeSBzbyB3ZSBuZWVkIHRvIGNhbGN1bGF0ZSB0aGUgZXh0cmEgc2l6ZSBpZiB0aGVyZSBhcmUKICAgICAgICAgICAgICAgIC8vIG5vcmUgdGhhbiAxIExVSURfQU5EX0FUVFJJQlVURVMgZW50cnkKICAgICAgICAgICAgICAgIGludCB0b2tlblByaXZpbGVnZXNTaXplID0gTWFyc2hhbC5TaXplT2YodHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgaW50IGx1aWRBdHRyU2l6ZSA9IDA7CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMSkKICAgICAgICAgICAgICAgICAgICBsdWlkQXR0clNpemUgPSBNYXJzaGFsLlNpemVPZih0eXBlb2YoTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTKSkgKiAobmV3U3RhdGUuTGVuZ3RoIC0gMSk7CiAgICAgICAgICAgICAgICBpbnQgdG90YWxTaXplID0gdG9rZW5Qcml2aWxlZ2VzU2l6ZSArIGx1aWRBdHRyU2l6ZTsKICAgICAgICAgICAgICAgIGJ5dGVbXSBuZXdTdGF0ZUJ5dGVzID0gbmV3IGJ5dGVbdG90YWxTaXplXTsKCiAgICAgICAgICAgICAgICAvLyBnZXQgdGhlIGZpcnN0IGVudHJ5IHRoYXQgaW5jbHVkZXMgdGhlIHN0cnVjdCBkZXRhaWxzCiAgICAgICAgICAgICAgICBOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMgdG9rZW5Qcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUygpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgUHJpdmlsZWdlQ291bnQgPSAoVUludDMyKW5ld1N0YXRlLkxlbmd0aCwKICAgICAgICAgICAgICAgICAgICBQcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1sxXSwKICAgICAgICAgICAgICAgIH07CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMCkKICAgICAgICAgICAgICAgICAgICB0b2tlblByaXZpbGVnZXMuUHJpdmlsZWdlc1swXSA9IG5ld1N0YXRlWzBdOwogICAgICAgICAgICAgICAgaW50IG9mZnNldCA9IFN0cnVjdHVyZVRvQnl0ZXModG9rZW5Qcml2aWxlZ2VzLCBuZXdTdGF0ZUJ5dGVzLCAwKTsKCiAgICAgICAgICAgICAgICAvLyBjb3B5IHRoZSByZW1haW5pbmcgTFVJRF9BTkRfQVRUUklCVVRFUyAoaWYgYW55KQogICAgICAgICAgICAgICAgZm9yIChpbnQgaSA9IDE7IGkgPCBuZXdTdGF0ZS5MZW5ndGg7IGkrKykKICAgICAgICAgICAgICAgICAgICBvZmZzZXQgKz0gU3RydWN0dXJlVG9CeXRlcyhuZXdTdGF0ZVtpXSwgbmV3U3RhdGVCeXRlcywgb2Zmc2V0KTsKCiAgICAgICAgICAgICAgICAvLyBmaW5hbGx5IGNyZWF0ZSB0aGUgcG9pbnRlciB0byB0aGUgYnl0ZSBhcnJheSB3ZSBqdXN0IGNyZWF0ZWQKICAgICAgICAgICAgICAgIG5ld1N0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwobmV3U3RhdGVCeXRlcy5MZW5ndGgpOwogICAgICAgICAgICAgICAgTWFyc2hhbC5Db3B5KG5ld1N0YXRlQnl0ZXMsIDAsIG5ld1N0YXRlUHRyLCBuZXdTdGF0ZUJ5dGVzLkxlbmd0aCk7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBJbnRQdHIgaFRva2VuID0gSW50UHRyLlplcm87CiAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuT3BlblByb2Nlc3NUb2tlbih0b2tlbiwgVG9rZW5BY2Nlc3NMZXZlbHMuUXVlcnkgfCBUb2tlbkFjY2Vzc0xldmVscy5BZGp1c3RQcml2aWxlZ2VzLCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIk9wZW5Qcm9jZXNzVG9rZW4oKSBmYWlsZWQgd2l0aCBRdWVyeSBhbmQgQWRqdXN0UHJpdmlsZWdlcyIpOwogICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgSW50UHRyIG9sZFN0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoMCk7CiAgICAgICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkFkanVzdFRva2VuUHJpdmlsZWdlcyhoVG9rZW4sIGRpc2FibGVBbGxQcml2aWxlZ2VzLCBuZXdTdGF0ZVB0ciwgMCwgb2xkU3RhdGVQdHIsIG91dCByZXR1cm5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChlcnJDb2RlICE9IDEyMikgLy8gRVJST1JfSU5TVUZGSUNJRU5UX0JVRkZFUgogICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKGVyckNvZGUsICJBZGp1c3RUb2tlblByaXZpbGVnZXMoKSBmYWlsZWQgdG8gZ2V0IG9sZCBzdGF0ZSBzaXplIik7CiAgICAgICAgICAgICAgICAgICAgfQoKICAgICAgICAgICAgICAgICAgICAvLyByZXNpemUgdGhlIG9sZFN0YXRlUHRyIGJhc2VkIG9uIHRoZSBsZW5ndGggcmV0dXJuZWQgZnJvbSBXaW5kb3dzCiAgICAgICAgICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChvbGRTdGF0ZVB0cik7CiAgICAgICAgICAgICAgICAgICAgb2xkU3RhdGVQdHIgPSBNYXJzaGFsLkFsbG9jSEdsb2JhbCgoaW50KXJldHVybkxlbmd0aCk7CiAgICAgICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBib29sIHJlcyA9IE5hdGl2ZU1ldGhvZHMuQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKGhUb2tlbiwgZGlzYWJsZUFsbFByaXZpbGVnZXMsIG5ld1N0YXRlUHRyLCByZXR1cm5MZW5ndGgsIG9sZFN0YXRlUHRyLCBvdXQgcmV0dXJuTGVuZ3RoKTsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBldmVuIHdoZW4gcmVzID09IHRydWUsIEVSUk9SX05PVF9BTExfQVNTSUdORUQgbWF5IGJlIHNldCBhcyB0aGUgbGFzdCBlcnJvciBjb2RlCiAgICAgICAgICAgICAgICAgICAgICAgIGlmICghcmVzIHx8IGVyckNvZGUgIT0gMCkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihlcnJDb2RlLCAiQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKCkgZmFpbGVkIik7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBNYXJzaGFsIHRoZSBvbGRTdGF0ZVB0ciB0byB0aGUgc3RydWN0CiAgICAgICAgICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUyBvbGRTdGF0ZSA9IChOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShvbGRTdGF0ZVB0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgICAgICBvbGRTdGF0ZVByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW29sZFN0YXRlLlByaXZpbGVnZUNvdW50XTsKICAgICAgICAgICAgICAgICAgICAgICAgUHRyVG9TdHJ1Y3R1cmVBcnJheShvbGRTdGF0ZVByaXZpbGVnZXMsIEludFB0ci5BZGQob2xkU3RhdGVQdHIsIE1hcnNoYWwuU2l6ZU9mKG9sZFN0YXRlLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBNYXJzaGFsLkZyZWVIR2xvYmFsKG9sZFN0YXRlUHRyKTsKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5DbG9zZUhhbmRsZShoVG9rZW4pOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaWYgKG5ld1N0YXRlUHRyICE9IEludFB0ci5aZXJvKQogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwobmV3U3RhdGVQdHIpOwogICAgICAgICAgICB9CgogICAgICAgICAgICByZXR1cm4gb2xkU3RhdGVQcml2aWxlZ2VzLlRvRGljdGlvbmFyeShwID0+IEdldFByaXZpbGVnZU5hbWUocC5MdWlkKSwgcCA9PiAoYm9vbD8pcC5BdHRyaWJ1dGVzLkhhc0ZsYWcoUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBzdHJpbmcgR2V0UHJpdmlsZWdlTmFtZShOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZCkKICAgICAgICB7CiAgICAgICAgICAgIFVJbnQzMiBuYW1lTGVuID0gMDsKICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5Mb29rdXBQcml2aWxlZ2VOYW1lKG51bGwsIHJlZiBsdWlkLCBudWxsLCByZWYgbmFtZUxlbik7CgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIG5hbWUgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KShuYW1lTGVuICsgMSkpOwogICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuTG9va3VwUHJpdmlsZWdlTmFtZShudWxsLCByZWYgbHVpZCwgbmFtZSwgcmVmIG5hbWVMZW4pKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJMb29rdXBQcml2aWxlZ2VOYW1lKCkgZmFpbGVkIik7CgogICAgICAgICAgICByZXR1cm4gbmFtZS5Ub1N0cmluZygpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBQdHJUb1N0cnVjdHVyZUFycmF5PFQ+KFRbXSBhcnJheSwgSW50UHRyIHB0cikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBwdHJPZmZzZXQgPSBwdHI7CiAgICAgICAgICAgIGZvciAoaW50IGkgPSAwOyBpIDwgYXJyYXkuTGVuZ3RoOyBpKyssIHB0ck9mZnNldCA9IEludFB0ci5BZGQocHRyT2Zmc2V0LCBNYXJzaGFsLlNpemVPZih0eXBlb2YoVCkpKSkKICAgICAgICAgICAgICAgIGFycmF5W2ldID0gKFQpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShwdHJPZmZzZXQsIHR5cGVvZihUKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBpbnQgU3RydWN0dXJlVG9CeXRlczxUPihUIHN0cnVjdHVyZSwgYnl0ZVtdIGFycmF5LCBpbnQgb2Zmc2V0KQogICAgICAgIHsKICAgICAgICAgICAgaW50IHNpemUgPSBNYXJzaGFsLlNpemVPZihzdHJ1Y3R1cmUpOwogICAgICAgICAgICBJbnRQdHIgc3RydWN0UHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoc2l6ZSk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBNYXJzaGFsLlN0cnVjdHVyZVRvUHRyKHN0cnVjdHVyZSwgc3RydWN0UHRyLCBmYWxzZSk7CiAgICAgICAgICAgICAgICBNYXJzaGFsLkNvcHkoc3RydWN0UHRyLCBhcnJheSwgb2Zmc2V0LCBzaXplKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwoc3RydWN0UHRyKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgcmV0dXJuIHNpemU7CiAgICAgICAgfQogICAgfQp9CidACgpGdW5jdGlvbiBJbXBvcnQtUHJpdmlsZWdlVXRpbCB7CiAgICA8IwogICAgLlNZTk9QU0lTCiAgICBDb21waWxlcyB0aGUgQyMgY29kZSB0aGF0IGNhbiBiZSB1c2VkIHRvIG1hbmFnZSBXaW5kb3dzIHByaXZpbGVnZXMgZnJvbSBhbgogICAgQW5zaWJsZSBtb2R1bGUuIE9uY2UgdGhpcyBmdW5jdGlvbiBpcyBjYWxsZWQsIHRoZSBmb2xsb3dpbmcgUG93ZXJTaGVsbAogICAgY21kbGV0cyBjYW4gYmUgdXNlZDsKCiAgICAgICAgR2V0LUFuc2libGVQcml2aWxlZ2UKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZQoKICAgIFRoZSBhYm92ZSBjbWRsZXRzIGdpdmUgdGhlIGFiaWxpdHkgdG8gbWFuYWdlIHBlcm1pc3Npb25zIG9uIHRoZSBjdXJyZW50CiAgICBwcm9jZXNzIHRva2VuIGJ1dCB0aGUgdW5kZXJseWluZyAuTkVUIGNsYXNzZXMgYXJlIGFsc28gZXhwb3NlZCBmb3IgZ3JlYXRlcgogICAgY29udHJvbC4gVGhlIGZvbGxvd2luZyBmdW5jdGlvbnMgY2FuIGJlIHVzZWQgYnkgY2FsbGluZyB0aGUgLk5FVCBjbGFzcwoKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkbmFtZSkKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkRpc2FibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6RGlzYWJsZUFsbFByaXZpbGVnZXMoJHByb2Nlc3MpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpFbmFibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2VzcykKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OlJlbW92ZVByaXZpbGVnZSgkcHJvY2VzcywgJG5hbWUpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3MsICRuZXdfc3RhdGUpCgogICAgSGVyZSBpcyBhIGJyaWVmIGV4cGxhbmF0aW9uIG9mIGVhY2ggdHlwZSBvZiBhcmcKICAgICRwcm9jZXNzID0gVGhlIHByb2Nlc3MgaGFuZGxlIHRvIG1hbmlwdWxhdGUsIHVzZSAnW0Fuc2libGUuUHJpdmlsZWdlVXRpbHMuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCknIHRvIGdldCB0aGUgY3VycmVudCBwcm9jZXNzIGhhbmRsZQogICAgJG5hbWUgPSBUaGUgbmFtZSBvZiB0aGUgcHJpdmlsZWdlLCB0aGlzIGlzIHRoZSBjb25zdGFudCB2YWx1ZSBmcm9tIGh0dHBzOi8vZG9jcy5taWNyb3NvZnQuY29tL2VuLXVzL3dpbmRvd3MvZGVza3RvcC9TZWNBdXRoWi9wcml2aWxlZ2UtY29uc3RhbnRzLCBlLmcuIFNlQXVkaXRQcml2aWxlZ2UKICAgICRuZXdfc3RhdGUgPSAnU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuRGljdGlvbmFyeWAyW1tTeXN0ZW0uU3RyaW5nXSwgW1N5c3RlbS5OdWxsYWJsZWAxW1N5c3RlbS5Cb29sZWFuXV1dJwogICAgICAgIFRoZSBrZXkgaXMgdGhlIGNvbnN0YW50IG5hbWUgYXMgYSBzdHJpbmcsIHRoZSB2YWx1ZSBpcyBhIHRlcm5hcnkgYm9vbGVhbiB3aGVyZQogICAgICAgICAgICB0cnVlIC0gd2lsbCBlbmFibGUgdGhlIHByaXZpbGVnZQogICAgICAgICAgICBmYWxzZSAtIHdpbGwgZGlzYWJsZSB0aGUgcHJpdmlsZWdlCiAgICAgICAgICAgIG51bGwgLSB3aWxsIHJlbW92ZSB0aGUgcHJpdmlsZWdlCgogICAgRWFjaCBtZXRob2QgdGhhdCBjaGFuZ2VzIHRoZSBwcml2aWxlZ2Ugc3RhdGUgd2lsbCByZXR1cm4gYSBkaWN0aW9uYXJ5IHRoYXQKICAgIGNhbiBiZSB1c2VkIGFzIHRoZSAkbmV3X3N0YXRlIGFyZyBvZiBTZXRUb2tlblByaXZpbGVnZXMgdG8gdW5kbyBhbmQgcmV2ZXJ0CiAgICBiYWNrIHRvIHRoZSBvcmlnaW5hbCBzdGF0ZS4gSWYgeW91IHJlbW92ZSBhIHByaXZpbGVnZSB0aGVuIHRoaXMgaXMKICAgIGlycmV2ZXJzaWJsZSBhbmQgd29uJ3QgYmUgcGFydCBvZiB0aGUgcmV0dXJuZWQgZGljdAogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICAjIGJ1aWxkIHRoZSBDIyBjb2RlIHRvIGNvbXBpbGUKICAgICRuYW1lc3BhY2VfaW1wb3J0ID0gKCRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX25hbWVzcGFjZXMgfCBGb3JFYWNoLU9iamVjdCB7ICJ1c2luZyAkXzsiIH0pIC1qb2luICJgcmBuIgogICAgJHBsYXRmb3JtX3V0aWwgPSAiJG5hbWVzcGFjZV9pbXBvcnRgcmBuYHJgbiRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGUiCgogICAgIyBGVVRVUkU6IGZpbmQgYSBiZXR0ZXIgd2F5IHRvIGdldCB0aGUgX2Fuc2libGVfcmVtb3RlX3RtcCB2YXJpYWJsZQogICAgIyB0aGlzIGlzIHVzZWQgdG8gZm9yY2UgY3NjIHRvIGNvbXBpbGUgdGhlIEMjIGNvZGUgaW4gdGhlIHJlbW90ZSB0bXAKICAgICMgc3BlY2lmaWVkCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwbGF0Zm9ybV91dGlsCiAgICAkZW52OlRNUCA9ICRvcmlnaW5hbF90bXAKfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQcml2aWxlZ2UgewogICAgPCMKICAgIC5TWU5PUFNJUwogICAgR2V0IHRoZSBzdGF0dXMgb2YgYSBwcml2aWxlZ2UgZm9yIHRoZSBjdXJyZW50IHByb2Nlc3MuIFRoaXMgcmV0dXJucwogICAgICAgICR0cnVlIC0gdGhlIHByaXZpbGVnZSBpcyBlbmFibGVkCiAgICAgICAgJGZhbHNlIC0gdGhlIHByaXZpbGVnZSBpcyBkaXNhYmxlZAogICAgICAgICRudWxsIC0gdGhlIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gdGhlIHRva2VuCgogICAgSWYgTmFtZSBpcyBub3QgYSB2YWxpZCBwcml2aWxlZ2UgbmFtZSwgdGhpcyB3aWxsIHRocm93IGFuCiAgICBBcmd1bWVudEV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VEZWJ1Z1ByaXZpbGVnZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZQogICAgKQoKICAgIGlmICgtbm90IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkTmFtZSkpIHsKICAgICAgICB0aHJvdyBbU3lzdGVtLkFyZ3VtZW50RXhjZXB0aW9uXSAiSW52YWxpZCBwcml2aWxlZ2UgbmFtZSAnJE5hbWUnIgogICAgfQoKICAgICRwcm9jZXNzX3Rva2VuID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0Q3VycmVudFByb2Nlc3MoKQogICAgJHByaXZpbGVnZV9pbmZvID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2Vzc190b2tlbikKICAgIGlmICgkcHJpdmlsZWdlX2luZm8uQ29udGFpbnNLZXkoJE5hbWUpKSB7CiAgICAgICAgJHN0YXR1cyA9ICRwcml2aWxlZ2VfaW5mby4kTmFtZQogICAgICAgIHJldHVybiAkc3RhdHVzLkhhc0ZsYWcoW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VBdHRyaWJ1dGVzXTo6RW5hYmxlZCkKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRudWxsCiAgICB9Cn0KCkZ1bmN0aW9uIFNldC1BbnNpYmxlUHJpdmlsZWdlIHsKICAgIDwjCiAgICAuU1lOT1BTSVMKICAgIEVuYWJsZXMvRGlzYWJsZXMgYSBwcml2aWxlZ2Ugb24gdGhlIGN1cnJlbnQgcHJvY2VzcycgdG9rZW4uIElmIGEgcHJpdmlsZWdlCiAgICBoYXMgYmVlbiByZW1vdmVkIGZyb20gdGhlIHByb2Nlc3MgdG9rZW4sIHRoaXMgd2lsbCB0aHJvdyBhbgogICAgSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgIyBlbmFibGUgYSBwcml2aWxlZ2UKICAgIFNldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQ3JlYXRlU3ltYm9saWNMaW5rUHJpdmlsZWdlIC1WYWx1ZSAkdHJ1ZQoKICAgICMgZGlzYWJsZSBhIHByaXZpbGVnZQogICAgU2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VDcmVhdGVTeW1ib2xpY0xpbmtQcml2aWxlZ2UgLVZhbHVlICRmYWxzZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKFN1cHBvcnRzU2hvdWxkUHJvY2VzcyldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZSwKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW2Jvb2xdJFZhbHVlCiAgICApCgogICAgJGFjdGlvbiA9IHN3aXRjaCgkVmFsdWUpIHsKICAgICAgICAkdHJ1ZSB7ICJFbmFibGUiIH0KICAgICAgICAkZmFsc2UgeyAiRGlzYWJsZSIgfQogICAgfQoKICAgICRjdXJyZW50X3N0YXRlID0gR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgJE5hbWUKICAgIGlmICgkY3VycmVudF9zdGF0ZSAtZXEgJFZhbHVlKSB7CiAgICAgICAgcmV0dXJuICAjIG5vIGNoYW5nZSBuZWVkcyB0byBvY2N1cgogICAgfSBlbHNlaWYgKCRudWxsIC1lcSAkY3VycmVudF9zdGF0ZSkgewogICAgICAgICMgb25jZSBhIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gYSB0b2tlbiB3ZSBjYW5ub3QgZG8gYW55dGhpbmcgd2l0aCBpdAogICAgICAgIHRocm93IFtTeXN0ZW0uSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbl0gIkNhbm5vdCAkKCRhY3Rpb24uVG9Mb3dlcigpKSB0aGUgcHJpdmlsZWdlICckTmFtZScgYXMgaXQgaGFzIGJlZW4gcmVtb3ZlZCBmcm9tIHRoZSB0b2tlbiIKICAgIH0KCiAgICAkcHJvY2Vzc190b2tlbiA9IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCkKICAgIGlmICgkUFNDbWRsZXQuU2hvdWxkUHJvY2VzcygkTmFtZSwgIiRhY3Rpb24gdGhlIHByaXZpbGVnZSAkTmFtZSIpKSB7CiAgICAgICAgJG5ld19zdGF0ZSA9IE5ldy1PYmplY3QgLVR5cGVOYW1lICdTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5EaWN0aW9uYXJ5YDJbW1N5c3RlbS5TdHJpbmddLCBbU3lzdGVtLk51bGxhYmxlYDFbU3lzdGVtLkJvb2xlYW5dXV0nCiAgICAgICAgJG5ld19zdGF0ZS5BZGQoJE5hbWUsICRWYWx1ZSkKICAgICAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3NfdG9rZW4sICRuZXdfc3RhdGUpID4gJG51bGwKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gSW1wb3J0LVByaXZpbGVnZVV0aWwsIEdldC1BbnNpYmxlUHJpdmlsZWdlLCBTZXQtQW5zaWJsZVByaXZpbGVnZSBgCiAgICAtVmFyaWFibGUgYW5zaWJsZV9wcml2aWxlZ2VfdXRpbF9uYW1lc3BhY2VzLCBhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGU=", "Ansible.ModuleUtils.LinkUtil": "ICMgQ29weXJpZ2h0IChjKSAyMDE3IEFuc2libGUgUHJvamVjdAogIyBTaW1wbGlmaWVkIEJTRCBMaWNlbnNlIChzZWUgbGljZW5zZXMvc2ltcGxpZmllZF9ic2QudHh0IG9yIGh0dHBzOi8vb3BlbnNvdXJjZS5vcmcvbGljZW5zZXMvQlNELTItQ2xhdXNlKQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Qcml2aWxlZ2VVdGlsCgpGdW5jdGlvbiBMb2FkLUxpbmtVdGlscygpIHsKICAgICRsaW5rX3V0aWwgPSBAJwp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWM7CnVzaW5nIFN5c3RlbS5JTzsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwp1c2luZyBTeXN0ZW0uVGV4dDsKCm5hbWVzcGFjZSBBbnNpYmxlCnsKICAgIHB1YmxpYyBlbnVtIExpbmtUeXBlCiAgICB7CiAgICAgICAgU3ltYm9saWNMaW5rLAogICAgICAgIEp1bmN0aW9uUG9pbnQsCiAgICAgICAgSGFyZExpbmsKICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CgogICAgICAgIHB1YmxpYyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIExpbmtVdGlsV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nI ScriptBlock ID: 6732723f-de14-4228-b74f-f90260a60541 Path:	4104	1		3	2	15	0	1999	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2196	3652	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:32 PM	7f70462d-725d-0000-81ac-757f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 6): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.PrivilegeUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTggQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiMgc3RvcmUgaW4gc2VwYXJhdGUgdmFyaWFibGVzIHRvIG1ha2UgaXQgZWFzaWVyIGZvciBvdGhlciBtb2R1bGVfdXRpbHMgdG8KIyBzaGFyZSB0aGlzIGNvZGUgaW4gdGhlaXIgb3duIGMjIGNvZGUKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfbmFtZXNwYWNlcyA9IEAoCiAgICAiTWljcm9zb2Z0LldpbjMyLlNhZmVIYW5kbGVzIiwKICAgICJTeXN0ZW0iLAogICAgIlN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljIiwKICAgICJTeXN0ZW0uTGlucSIsCiAgICAiU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzIiwKICAgICJTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsIiwKICAgICJTeXN0ZW0uVGV4dCIKKQoKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfY29kZSA9IEAnCm5hbWVzcGFjZSBBbnNpYmxlLlByaXZpbGVnZVV0aWwKewogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gUHJpdmlsZWdlQXR0cmlidXRlcyA6IHVpbnQKICAgIHsKICAgICAgICBEaXNhYmxlZCA9IDB4MDAwMDAwMDAsCiAgICAgICAgRW5hYmxlZEJ5RGVmYXVsdCA9IDB4MDAwMDAwMDEsCiAgICAgICAgRW5hYmxlZCA9IDB4MDAwMDAwMDIsCiAgICAgICAgUmVtb3ZlZCA9IDB4MDAwMDAwMDQsCiAgICAgICAgVXNlZEZvckFjY2VzcyA9IDB4ODAwMDAwMDAsCiAgICB9CgogICAgaW50ZXJuYWwgY2xhc3MgTmF0aXZlSGVscGVycwogICAgewogICAgICAgIFtTdHJ1Y3RMYXlvdXQoTGF5b3V0S2luZC5TZXF1ZW50aWFsKV0KICAgICAgICBpbnRlcm5hbCBzdHJ1Y3QgTFVJRAogICAgICAgIHsKICAgICAgICAgICAgcHVibGljIFVJbnQzMiBMb3dQYXJ0OwogICAgICAgICAgICBwdWJsaWMgSW50MzIgSGlnaFBhcnQ7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IExVSURfQU5EX0FUVFJJQlVURVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBMVUlEIEx1aWQ7CiAgICAgICAgICAgIHB1YmxpYyBQcml2aWxlZ2VBdHRyaWJ1dGVzIEF0dHJpYnV0ZXM7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IFRPS0VOX1BSSVZJTEVHRVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBVSW50MzIgUHJpdmlsZWdlQ291bnQ7CiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5CeVZhbEFycmF5LCBTaXplQ29uc3QgPSAxKV0KICAgICAgICAgICAgcHVibGljIExVSURfQU5EX0FUVFJJQlVURVNbXSBQcml2aWxlZ2VzOwogICAgICAgIH0KICAgIH0KCiAgICBpbnRlcm5hbCBjbGFzcyBOYXRpdmVNZXRob2RzCiAgICB7CiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIEFkanVzdFRva2VuUHJpdmlsZWdlcygKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuQm9vbCldIGJvb2wgRGlzYWJsZUFsbFByaXZpbGVnZXMsCiAgICAgICAgICAgIEludFB0ciBOZXdTdGF0ZSwKICAgICAgICAgICAgVUludDMyIEJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgSW50UHRyIFByZXZpb3VzU3RhdGUsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIENsb3NlSGFuZGxlKAogICAgICAgICAgICBJbnRQdHIgaE9iamVjdCk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBTYWZlV2FpdEhhbmRsZSBHZXRDdXJyZW50UHJvY2VzcygpOwoKICAgICAgICBbRGxsSW1wb3J0KCJhZHZhcGkzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBpbnRlcm5hbCBzdGF0aWMgZXh0ZXJuIGJvb2wgR2V0VG9rZW5JbmZvcm1hdGlvbigKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBVSW50MzIgVG9rZW5JbmZvcm1hdGlvbkNsYXNzLAogICAgICAgICAgICBJbnRQdHIgVG9rZW5JbmZvcm1hdGlvbiwKICAgICAgICAgICAgVUludDMyIFRva2VuSW5mb3JtYXRpb25MZW5ndGgsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZU5hbWUoCiAgICAgICAgICAgIHN0cmluZyBscFN5c3RlbU5hbWUsCiAgICAgICAgICAgIHJlZiBOYXRpdmVIZWxwZXJzLkxVSUQgbHBMdWlkLAogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGxwTmFtZSwKICAgICAgICAgICAgcmVmIFVJbnQzMiBjY2hOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZVZhbHVlKAogICAgICAgICAgICBzdHJpbmcgbHBTeXN0ZW1OYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBOYW1lLAogICAgICAgICAgICBvdXQgTmF0aXZlSGVscGVycy5MVUlEIGxwTHVpZCk7CgogICAgICAgIFtEbGxJbXBvcnQoImFkdmFwaTMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIGludGVybmFsIHN0YXRpYyBleHRlcm4gYm9vbCBPcGVuUHJvY2Vzc1Rva2VuKAogICAgICAgICAgICBTYWZlSGFuZGxlIFByb2Nlc3NIYW5kbGUsCiAgICAgICAgICAgIFRva2VuQWNjZXNzTGV2ZWxzIERlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIG91dCBJbnRQdHIgVG9rZW5IYW5kbGUpOwogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KICAgICAgICBwdWJsaWMgV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQogICAgICAgIHB1YmxpYyBvdmVycmlkZSBzdHJpbmcgTWVzc2FnZSB7IGdldCB7IHJldHVybiBfbXNnOyB9IH0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4cGxpY2l0IG9wZXJhdG9yIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgV2luMzJFeGNlcHRpb24obWVzc2FnZSk7IH0KICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgUHJpdmlsZWdlcwogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIHJlYWRvbmx5IFVJbnQzMiBUT0tFTl9QUklWSUxFR0VTID0gMzsKCgogICAgICAgIHB1YmxpYyBzdGF0aWMgYm9vbCBDaGVja1ByaXZpbGVnZU5hbWUoc3RyaW5nIG5hbWUpCiAgICAgICAgewogICAgICAgICAgICBOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZDsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIG5hbWUsIG91dCBsdWlkKSkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICBpZiAoZXJyQ29kZSAhPSAxMzEzKSAgLy8gRVJST1JfTk9fU1VDSF9QUklWSUxFR0UKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oZXJyQ29kZSwgU3RyaW5nLkZvcm1hdCgiTG9va3VwUHJpdmlsZWdlVmFsdWUoezB9KSBmYWlsZWQiLCBuYW1lKSk7CiAgICAgICAgICAgICAgICByZXR1cm4gZmFsc2U7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZWxzZQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICByZXR1cm4gdHJ1ZTsKICAgICAgICAgICAgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IERpc2FibGVQcml2aWxlZ2UoU2FmZUhhbmRsZSB0b2tlbiwgc3RyaW5nIHByaXZpbGVnZSkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgZmFsc2UgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBEaXNhYmxlQWxsUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuKQogICAgICAgIHsKICAgICAgICAgICAgcmV0dXJuIEFkanVzdFRva2VuUHJpdmlsZWdlcyh0b2tlbiwgbnVsbCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIERpY3Rpb25hcnk8c3RyaW5nLCBib29sPz4gRW5hYmxlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICByZXR1cm4gU2V0VG9rZW5Qcml2aWxlZ2VzKHRva2VuLCBuZXcgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PigpIHsgeyBwcml2aWxlZ2UsIHRydWUgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IEdldEFsbFByaXZpbGVnZUluZm8oU2FmZUhhbmRsZSB0b2tlbikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBoVG9rZW4gPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLk9wZW5Qcm9jZXNzVG9rZW4odG9rZW4sIFRva2VuQWNjZXNzTGV2ZWxzLlF1ZXJ5LCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiT3BlblByb2Nlc3NUb2tlbigpIGZhaWxlZCIpOwoKICAgICAgICAgICAgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IGluZm8gPSBuZXcgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+KCk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBVSW50MzIgdG9rZW5MZW5ndGggPSAwOwogICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5HZXRUb2tlbkluZm9ybWF0aW9uKGhUb2tlbiwgVE9LRU5fUFJJVklMRUdFUywgSW50UHRyLlplcm8sIDAsIG91dCB0b2tlbkxlbmd0aCk7CgogICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlczsKICAgICAgICAgICAgICAgIEludFB0ciBwcml2aWxlZ2VzUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoKGludCl0b2tlbkxlbmd0aCk7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuR2V0VG9rZW5JbmZvcm1hdGlvbihoVG9rZW4sIFRPS0VOX1BSSVZJTEVHRVMsIHByaXZpbGVnZXNQdHIsIHRva2VuTGVuZ3RoLCBvdXQgdG9rZW5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkdldFRva2VuSW5mb3JtYXRpb24oKSBmb3IgVE9LRU5fUFJJVklMRUdFUyBmYWlsZWQiKTsKCiAgICAgICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTIHByaXZpbGVnZUluZm8gPSAoTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTKU1hcnNoYWwuUHRyVG9TdHJ1Y3R1cmUocHJpdmlsZWdlc1B0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgIHByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW3ByaXZpbGVnZUluZm8uUHJpdmlsZWdlQ291bnRdOwogICAgICAgICAgICAgICAgICAgIFB0clRvU3RydWN0dXJlQXJyYXkocHJpdmlsZWdlcywgSW50UHRyLkFkZChwcml2aWxlZ2VzUHRyLCBNYXJzaGFsLlNpemVPZihwcml2aWxlZ2VJbmZvLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwocHJpdmlsZWdlc1B0cik7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgaW5mbyA9IHByaXZpbGVnZXMuVG9EaWN0aW9uYXJ5KHAgPT4gR2V0UHJpdmlsZWdlTmFtZShwLkx1aWQpLCBwID0+IHAuQXR0cmlidXRlcyk7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBOYXRpdmVNZXRob2RzLkNsb3NlSGFuZGxlKGhUb2tlbik7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgcmV0dXJuIGluZm87CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIFNhZmVXYWl0SGFuZGxlIEdldEN1cnJlbnRQcm9jZXNzKCkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBOYXRpdmVNZXRob2RzLkdldEN1cnJlbnRQcm9jZXNzKCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgUmVtb3ZlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgbnVsbCB9IH0pOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IFNldFRva2VuUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuLCBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IHN0YXRlKQogICAgICAgIHsKICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlQXR0ciA9IG5ldyBOYXRpdmVIZWxwZXJzLkxVSURfQU5EX0FUVFJJQlVURVNbc3RhdGUuQ291bnRdOwogICAgICAgICAgICBpbnQgaSA9IDA7CgogICAgICAgICAgICBmb3JlYWNoIChLZXlWYWx1ZVBhaXI8c3RyaW5nLCBib29sPz4gZW50cnkgaW4gc3RhdGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRCBsdWlkOwogICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIGVudHJ5LktleSwgb3V0IGx1aWQpKQogICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJMb29rdXBQcml2aWxlZ2VWYWx1ZSh7MH0pIGZhaWxlZCIsIGVudHJ5LktleSkpOwoKICAgICAgICAgICAgICAgIFByaXZpbGVnZUF0dHJpYnV0ZXMgYXR0cmlidXRlczsKICAgICAgICAgICAgICAgIHN3aXRjaCAoZW50cnkuVmFsdWUpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgY2FzZSB0cnVlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkOwogICAgICAgICAgICAgICAgICAgICAgICBicmVhazsKICAgICAgICAgICAgICAgICAgICBjYXNlIGZhbHNlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5EaXNhYmxlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICAgICAgZGVmYXVsdDoKICAgICAgICAgICAgICAgICAgICAgICAgYXR0cmlidXRlcyA9IFByaXZpbGVnZUF0dHJpYnV0ZXMuUmVtb3ZlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgcHJpdmlsZWdlQXR0cltpXS5MdWlkID0gbHVpZDsKICAgICAgICAgICAgICAgIHByaXZpbGVnZUF0dHJbaV0uQXR0cmlidXRlcyA9IGF0dHJpYnV0ZXM7CiAgICAgICAgICAgICAgICBpKys7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHJldHVybiBBZGp1c3RUb2tlblByaXZpbGVnZXModG9rZW4sIHByaXZpbGVnZUF0dHIpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBBZGp1c3RUb2tlblByaXZpbGVnZXMoU2FmZUhhbmRsZSB0b2tlbiwgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gbmV3U3RhdGUpCiAgICAgICAgewogICAgICAgICAgICBib29sIGRpc2FibGVBbGxQcml2aWxlZ2VzOwogICAgICAgICAgICBJbnRQdHIgbmV3U3RhdGVQdHI7CiAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1tdIG9sZFN0YXRlUHJpdmlsZWdlczsKICAgICAgICAgICAgVUludDMyIHJldHVybkxlbmd0aDsKCiAgICAgICAgICAgIGlmIChuZXdTdGF0ZSA9PSBudWxsKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBkaXNhYmxlQWxsUHJpdmlsZWdlcyA9IHRydWU7CiAgICAgICAgICAgICAgICBuZXdTdGF0ZVB0ciA9IEludFB0ci5aZXJvOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZGlzYWJsZUFsbFByaXZpbGVnZXMgPSBmYWxzZTsKCiAgICAgICAgICAgICAgICAvLyBOZWVkIHRvIG1hbnVhbGx5IG1hc ScriptBlock ID: 6732723f-de14-4228-b74f-f90260a60541 Path:	4104	1		3	2	15	0	1998	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2196	3652	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:32 PM	7f70462d-725d-0000-81ac-757f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1997	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2196	1168	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:32 PM	7f70462d-725d-0004-5dd3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2196 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1996	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2196	4360	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:32 PM	7f70462d-725d-0004-5dd3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1995	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2196	1168	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:32 PM	7f70462d-725d-0004-5dd3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1994	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3616	5112	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:31 PM	7f70462d-725d-0004-4bd3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3616 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1993	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3616	476	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:31 PM	7f70462d-725d-0004-4bd3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1992	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3616	5112	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:31 PM	7f70462d-725d-0004-4bd3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1991	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4784	1508	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:31 PM	7f70462d-725d-0004-4ad3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4784 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1990	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4784	4152	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:31 PM	7f70462d-725d-0004-4ad3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1989	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4784	1508	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:31 PM	7f70462d-725d-0004-4ad3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1988	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5104	2600	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:30 PM	7f70462d-725d-0004-46d3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 5104 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1987	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5104	4952	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:30 PM	7f70462d-725d-0004-46d3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1986	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5104	2600	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:30 PM	7f70462d-725d-0004-46d3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1985	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4484	32	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:30 PM	7f70462d-725d-0004-45d3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4484 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1984	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4484	2612	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:30 PM	7f70462d-725d-0004-45d3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1983	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4484	32	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:30 PM	7f70462d-725d-0004-45d3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2015, Jon Hawkesworth (@jhawkesworth) <figs@unity.demon.co.uk> # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = 'Stop' $params = Parse-Args -arguments $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false $diff_mode = Get-AnsibleParam -obj $params -name "_ansible_diff" -type "bool" -default $false # there are 4 modes to win_copy which are driven by the action plugins: # explode: src is a zip file which needs to be extracted to dest, for use with multiple files # query: win_copy action plugin wants to get the state of remote files to check whether it needs to send them # remote: all copy action is happening remotely (remote_src=True) # single: a single file has been copied, also used with template $copy_mode = Get-AnsibleParam -obj $params -name "_copy_mode" -type "str" -default "single" -validateset "explode","query","remote","single" # used in explode, remote and single mode $src = Get-AnsibleParam -obj $params -name "src" -type "path" -failifempty ($copy_mode -in @("explode","process","single")) $dest = Get-AnsibleParam -obj $params -name "dest" -type "path" -failifempty $true # used in single mode $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" # used in query and remote mode $force = Get-AnsibleParam -obj $params -name "force" -type "bool" -default $true # used in query mode, contains the local files/directories/symlinks that are to be copied $files = Get-AnsibleParam -obj $params -name "files" -type "list" $directories = Get-AnsibleParam -obj $params -name "directories" -type "list" $symlinks = Get-AnsibleParam -obj $params -name "symlinks" -type "list" $result = @{ changed = $false } if ($diff_mode) { $result.diff = @{} } Function Copy-File($source, $dest) { $diff = "" $copy_file = $false $source_checksum = $null if ($force) { $source_checksum = Get-FileChecksum -path $source } if (Test-Path -Path $dest -PathType Container) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': dest is already a folder" } elseif (Test-Path -Path $dest -PathType Leaf) { if ($force) { $target_checksum = Get-FileChecksum -path $dest if ($source_checksum -ne $target_checksum) { $copy_file = $true } } } else { $copy_file = $true } if ($copy_file) { $file_dir = [System.IO.Path]::GetDirectoryName($dest) # validate the parent dir is not a file and that it exists if (Test-Path -Path $file_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } elseif (-not (Test-Path -Path $file_dir)) { # directory doesn't exist, need to create New-Item -Path $file_dir -ItemType Directory -WhatIf:$check_mode | Out-Null $diff += "+$file_dir\`n" } if (Test-Path -Path $dest -PathType Leaf) { Remove-Item -Path $dest -Force -Recurse -WhatIf:$check_mode | Out-Null $diff += "-$dest`n" } if (-not $check_mode) { # cannot run with -WhatIf:$check_mode as if the parent dir didn't # exist and was created above would still not exist in check mode Copy-Item -Path $source -Destination $dest -Force | Out-Null } $diff += "+$dest`n" $result.changed = $true } # ugly but to save us from running the checksum twice, let's return it for # the main code to add it to $result return ,@{ diff = $diff; checksum = $source_checksum } } Function Copy-Folder($source, $dest) { $diff = "" $copy_folder = $false if (-not (Test-Path -Path $dest -PathType Container)) { $parent_dir = [System.IO.Path]::GetDirectoryName($dest) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } if (Test-Path -Path $dest -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder from '$source' to '$dest': dest is already a file" } New-Item -Path $dest -ItemType Container -WhatIf:$check_mode | Out-Null $diff += "+$dest\`n" $result.changed = $true } $child_items = Get-ChildItem -Path $source -Force foreach ($child_item in $child_items) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_item.Name if ($child_item.PSIsContainer) { $diff += (Copy-Folder -source $child_item.Fullname -dest $dest_child_path) } else { $diff += (Copy-File -source $child_item.Fullname -dest $dest_child_path).diff } } return $diff } Function Get-FileSize($path) { $file = Get-Item -Path $path -Force $size = $null if ($file.PSIsContainer) { $dir_files_sum = Get-ChildItem $file.FullName -Recurse if ($dir_files_sum -eq $null -or ($dir_files_sum.PSObject.Properties.name -contains 'length' -eq $false)) { $size = 0 } else { $size = ($dir_files_sum | Measure-Object -property length -sum).Sum } } else { $size = $file.Length } $size } Function Extract-Zip($src, $dest) { $archive = [System.IO.Compression.ZipFile]::Open($src, [System.IO.Compression.ZipArchiveMode]::Read, [System.Text.Encoding]::UTF8) foreach ($entry in $archive.Entries) { $archive_name = $entry.FullName # FullName may be appended with / or \, determine if it is padded and remove it $padding_length = $archive_name.Length % 4 if ($padding_length -eq 0) { $is_dir = $false $base64_name = $archive_name } elseif ($padding_length -eq 1) { $is_dir = $true if ($archive_name.EndsWith("/") -or $archive_name.EndsWith("`\")) { $base64_name = $archive_name.Substring(0, $archive_name.Length - 1) } else { throw "invalid base64 archive name '$archive_name'" } } else { throw "invalid base64 length '$archive_name'" } # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_name = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_name)) # re-add the / to the entry full name if it was a directory if ($is_dir) { $decoded_archive_name = "$decoded_archive_name/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_name) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false) { if (-not $check_mode) { [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $entry_target_path, $true) } } } $archive.Dispose() # release the handle of the zip file } Function Extract-ZipLegacy($src, $dest) { if (-not (Test-Path -Path $dest)) { New-Item -Path $dest -ItemType Directory -WhatIf:$check_mode | Out-Null } $shell = New-Object -ComObject Shell.Application $zip = $shell.NameSpace($src) $dest_path = $shell.NameSpace($dest) foreach ($entry in $zip.Items()) { $is_dir = $entry.IsFolder $encoded_archive_entry = $entry.Name # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_entry = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encoded_archive_entry)) if ($is_dir) { $decoded_archive_entry = "$decoded_archive_entry/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_entry) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false -and (-not $check_mode)) { # https://msdn.microsoft.com/en-us/library/windows/desktop/bb787866.aspx # From Folder.CopyHere documentation, 1044 means: # - 1024: do not display a user interface if an error occurs # - 16: respond with "yes to all" for any dialog box that is displayed # - 4: do not display a progress dialog box $dest_path.CopyHere($entry, 1044) # once file is extraced, we need to rename it with non base64 name $combined_encoded_path = [System.IO.Path]::Combine($dest, $encoded_archive_entry) Move-Item -Path $combined_encoded_path -Destination $entry_target_path -Force | Out-Null } } } if ($copy_mode -eq "query") { # we only return a list of files/directories that need to be copied over # the source of the local file will be the key used $changed_files = @() $changed_directories = @() $changed_symlinks = @() foreach ($file in $files) { $filename = $file.dest $local_checksum = $file.checksum $filepath = Join-Path -Path $dest -ChildPath $filename if (Test-Path -Path $filepath -PathType Leaf) { if ($force) { $checksum = Get-FileChecksum -path $filepath if ($checksum -ne $local_checksum) { $will_change = $true $changed_files += $file } } } elseif (Test-Path -Path $filepath -PathType Container) { Fail-Json -obj $result -message "cannot copy file to dest '$filepath': object at path is already a directory" } else { $changed_files += $file } } foreach ($directory in $directories) { $dirname = $directory.dest $dirpath = Join-Path -Path $dest -ChildPath $dirname $parent_dir = [System.IO.Path]::GetDirectoryName($dirpath) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at parent directory path is already a file" } if (Test-Path -Path $dirpath -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at path is already a file" } elseif (-not (Test-Path -Path $dirpath -PathType Container)) { $changed_directories += $directory } } # TODO: Handle symlinks $result.files = $changed_files $result.directories = $changed_directories $result.symlinks = $changed_symlinks } elseif ($copy_mode -eq "explode") { # a single zip file containing the files and directories needs to be # expanded this will always result in a change as the calculation is done # on the win_copy action plugin and is only run if a change needs to occur if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot expand src zip file: '$src' as it does not exist" } # Detect if the PS zip assemblies are available or whether to use Shell $use_legacy = $false try { Add-Type -AssemblyName System.IO.Compression.FileSystem | Out-Null Add-Type -AssemblyName System.IO.Compression | Out-Null } catch { $use_legacy = $true } if ($use_legacy) { Extract-ZipLegacy -src $src -dest $dest } else { Extract-Zip -src $src -dest $dest } $result.changed = $true } elseif ($copy_mode -eq "remote") { # all copy actions are happening on the remote side (windows host), need # too copy source and dest using PS code $result.src = $src $result.dest = $dest if (-not (Test-Path -Path $src)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } if (Test-Path -Path $src -PathType Container) { # we are copying a directory or the contents of a directory $result.operation = 'folder_copy' if ($src.EndsWith("/") -or $src.EndsWith("`\")) { # copying the folder's contents to dest $diff = "" $child_files = Get-ChildItem -Path $src -Force foreach ($child_file in $child_files) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_file.Name if ($child_file.PSIsContainer) { $diff += Copy-Folder -source $child_file.FullName -dest $dest_child_path } else { $diff += (Copy-File -source $child_file.FullName -dest $dest_child_path).diff } } } else { # copying the folder and it's contents to dest $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest $diff = Copy-Folder -source $src -dest $dest } } else { # we are just copying a single file to dest $result.operation = 'file_copy' $source_basename = (Get-Item -Path $src -Force).Name $result.original_basename = $source_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\")) { $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest } else { # check if the parent dir exists, this is only done if src is a # file and dest if the path to a file (doesn't end with \ or /) $parent_dir = Split-Path -Path $dest if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } $copy_result = Copy-File -source $src -dest $dest $diff = $copy_result.diff $result.checksum = $copy_result.checksum } # the file might not exist if running in check mode if (-not $check_mode -or (Test-Path -Path $dest -PathType Leaf)) { $result.size = Get-FileSize -path $dest } else { $result.size = $null } if ($diff_mode) { $result.diff.prepared = $diff } } elseif ($copy_mode -eq "single") { # a single file is located in src and we need to copy to dest, this will # always result in a change as the calculation is done on the Ansible side # before this is run. This should also never run in check mode if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } # the dest parameter is a directory, we need to append original_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\") -or (Test-Path -Path $dest -PathType Container)) { $remote_dest = Join-Path -Path $dest -ChildPath $original_basename $parent_dir = Split-Path -Path $remote_dest # when dest ends with /, we need to create the destination directories if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { New-Item -Path $parent_dir -ItemType Directory | Out-Null } } else { $remote_dest = $dest $parent_dir = Split-Path -Path $remote_dest # check if the dest parent dirs exist, need to fail if they don't if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } Copy-Item -Path $src -Destination $remote_dest -Force | Out-Null $result.changed = $true } Exit-Json -obj $result ScriptBlock ID: ffd6d38a-4462-4c97-ab11-5b511d976656 Path:	4104	1		3	2	15	0	1982	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4748	932	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:30 PM	7f70462d-725d-0004-22d3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 599c84fc-50c2-44d7-8708-b1524421311f Path:	4104	1		3	2	15	0	1981	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4748	4480	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:30 PM	7f70462d-725d-0004-15d3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: c107fe93-393d-46e3-85f6-5ce19b3343c3 Path:	4104	1		3	2	15	0	1980	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4748	4480	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:29 PM	7f70462d-725d-0004-10d3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): ZWxzZSB7CiAgICAgICAgJHJlbW90ZV9kZXN0ID0gJGRlc3QKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgY2hlY2sgaWYgdGhlIGRlc3QgcGFyZW50IGRpcnMgZXhpc3QsIG5lZWQgdG8gZmFpbCBpZiB0aGV5IGRvbid0CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJvYmplY3QgYXQgZGVzdGluYXRpb24gcGFyZW50IGRpciAnJHBhcmVudF9kaXInIGlzIGN1cnJlbnRseSBhIGZpbGUiCiAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJEZXN0aW5hdGlvbiBkaXJlY3RvcnkgJyRwYXJlbnRfZGlyJyBkb2VzIG5vdCBleGlzdCIKICAgICAgICB9CiAgICB9CgogICAgQ29weS1JdGVtIC1QYXRoICRzcmMgLURlc3RpbmF0aW9uICRyZW1vdGVfZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "src": "C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1625575886.75-264318633726021\\source", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "dest": "C:\\eventlogcss.txt", "checksum": "d051fdb120afddc6f99086f6b8b905bce125cb45", "_ansible_module_name": "copy", "_ansible_debug": false, "_ansible_verbosity": 3, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_original_basename": "eventlogcss.txt", "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "mode": null, "_ansible_check_mode": false, "_ansible_shell_executable": "/bin/sh", "follow": false, "_ansible_tmpdir": "'C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1625575886.75-264318633726021'"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 2767665d-e8ed-4615-869b-ddb86f09e4c2 Path:	4104	1		3	2	15	0	1979	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4748	4480	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:29 PM	7f70462d-725d-0004-0ad3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): WlucyAnbGVuZ3RoJyAtZXEgJGZhbHNlKSkgewogICAgICAgICAgICAkc2l6ZSA9IDAKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkc2l6ZSA9ICgkZGlyX2ZpbGVzX3N1bSB8IE1lYXN1cmUtT2JqZWN0IC1wcm9wZXJ0eSBsZW5ndGggLXN1bSkuU3VtCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkc2l6ZSA9ICRmaWxlLkxlbmd0aAogICAgfQoKICAgICRzaXplCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwKCRzcmMsICRkZXN0KSB7CiAgICAkYXJjaGl2ZSA9IFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZV06Ok9wZW4oJHNyYywgW1N5c3RlbS5JTy5Db21wcmVzc2lvbi5aaXBBcmNoaXZlTW9kZV06OlJlYWQsIFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjgpCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJGFyY2hpdmUuRW50cmllcykgewogICAgICAgICRhcmNoaXZlX25hbWUgPSAkZW50cnkuRnVsbE5hbWUKCiAgICAgICAgIyBGdWxsTmFtZSBtYXkgYmUgYXBwZW5kZWQgd2l0aCAvIG9yIFwsIGRldGVybWluZSBpZiBpdCBpcyBwYWRkZWQgYW5kIHJlbW92ZSBpdAogICAgICAgICRwYWRkaW5nX2xlbmd0aCA9ICRhcmNoaXZlX25hbWUuTGVuZ3RoICUgNAogICAgICAgIGlmICgkcGFkZGluZ19sZW5ndGggLWVxIDApIHsKICAgICAgICAgICAgJGlzX2RpciA9ICRmYWxzZQogICAgICAgICAgICAkYmFzZTY0X25hbWUgPSAkYXJjaGl2ZV9uYW1lCiAgICAgICAgfSBlbHNlaWYgKCRwYWRkaW5nX2xlbmd0aCAtZXEgMSkgewogICAgICAgICAgICAkaXNfZGlyID0gJHRydWUKICAgICAgICAgICAgaWYgKCRhcmNoaXZlX25hbWUuRW5kc1dpdGgoIi8iKSAtb3IgJGFyY2hpdmVfbmFtZS5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAgICAgJGJhc2U2NF9uYW1lID0gJGFyY2hpdmVfbmFtZS5TdWJzdHJpbmcoMCwgJGFyY2hpdmVfbmFtZS5MZW5ndGggLSAxKQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgdGhyb3cgImludmFsaWQgYmFzZTY0IGFyY2hpdmUgbmFtZSAnJGFyY2hpdmVfbmFtZSciCiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICB0aHJvdyAiaW52YWxpZCBiYXNlNjQgbGVuZ3RoICckYXJjaGl2ZV9uYW1lJyIKICAgICAgICB9CgogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGJhc2U2NF9uYW1lKSkKICAgICAgICAjIHJlLWFkZCB0aGUgLyB0byB0aGUgZW50cnkgZnVsbCBuYW1lIGlmIGl0IHdhcyBhIGRpcmVjdG9yeQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9ICIkZGVjb2RlZF9hcmNoaXZlX25hbWUvIgogICAgICAgIH0KICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX25hbWUpCiAgICAgICAgJGVudHJ5X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGVudHJ5X3RhcmdldF9wYXRoKQoKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRlbnRyeV9kaXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRlbnRyeV9kaXIgLUl0ZW1UeXBlIERpcmVjdG9yeSAtV2hhdElmOiRjaGVja19tb2RlIHwgT3V0LU51bGwKICAgICAgICB9CgogICAgICAgIGlmICgkaXNfZGlyIC1lcSAkZmFsc2UpIHsKICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgICAgIFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZUV4dGVuc2lvbnNdOjpFeHRyYWN0VG9GaWxlKCRlbnRyeSwgJGVudHJ5X3RhcmdldF9wYXRoLCAkdHJ1ZSkKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KICAgICRhcmNoaXZlLkRpc3Bvc2UoKSAgIyByZWxlYXNlIHRoZSBoYW5kbGUgb2YgdGhlIHppcCBmaWxlCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwTGVnYWN5KCRzcmMsICRkZXN0KSB7CiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0KSkgewogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICB9CiAgICAkc2hlbGwgPSBOZXctT2JqZWN0IC1Db21PYmplY3QgU2hlbGwuQXBwbGljYXRpb24KICAgICR6aXAgPSAkc2hlbGwuTmFtZVNwYWNlKCRzcmMpCiAgICAkZGVzdF9wYXRoID0gJHNoZWxsLk5hbWVTcGFjZSgkZGVzdCkKCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJHppcC5JdGVtcygpKSB7CiAgICAgICAgJGlzX2RpciA9ICRlbnRyeS5Jc0ZvbGRlcgogICAgICAgICRlbmNvZGVkX2FyY2hpdmVfZW50cnkgPSAkZW50cnkuTmFtZQogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRlbmNvZGVkX2FyY2hpdmVfZW50cnkpKQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSAiJGRlY29kZWRfYXJjaGl2ZV9lbnRyeS8iCiAgICAgICAgfQoKICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX2VudHJ5KQogICAgICAgICRlbnRyeV9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRlbnRyeV90YXJnZXRfcGF0aCkKCiAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkZW50cnlfZGlyKSkgewogICAgICAgICAgICBOZXctSXRlbSAtUGF0aCAkZW50cnlfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfQoKICAgICAgICBpZiAoJGlzX2RpciAtZXEgJGZhbHNlIC1hbmQgKC1ub3QgJGNoZWNrX21vZGUpKSB7CiAgICAgICAgICAgICMgaHR0cHM6Ly9tc2RuLm1pY3Jvc29mdC5jb20vZW4tdXMvbGlicmFyeS93aW5kb3dzL2Rlc2t0b3AvYmI3ODc4NjYuYXNweAogICAgICAgICAgICAjIEZyb20gRm9sZGVyLkNvcHlIZXJlIGRvY3VtZW50YXRpb24sIDEwNDQgbWVhbnM6CiAgICAgICAgICAgICMgIC0gMTAyNDogZG8gbm90IGRpc3BsYXkgYSB1c2VyIGludGVyZmFjZSBpZiBhbiBlcnJvciBvY2N1cnMKICAgICAgICAgICAgIyAgLSAgIDE2OiByZXNwb25kIHdpdGggInllcyB0byBhbGwiIGZvciBhbnkgZGlhbG9nIGJveCB0aGF0IGlzIGRpc3BsYXllZAogICAgICAgICAgICAjICAtICAgIDQ6IGRvIG5vdCBkaXNwbGF5IGEgcHJvZ3Jlc3MgZGlhbG9nIGJveAogICAgICAgICAgICAkZGVzdF9wYXRoLkNvcHlIZXJlKCRlbnRyeSwgMTA0NCkKCiAgICAgICAgICAgICMgb25jZSBmaWxlIGlzIGV4dHJhY2VkLCB3ZSBuZWVkIHRvIHJlbmFtZSBpdCB3aXRoIG5vbiBiYXNlNjQgbmFtZQogICAgICAgICAgICAkY29tYmluZWRfZW5jb2RlZF9wYXRoID0gW1N5c3RlbS5JTy5QYXRoXTo6Q29tYmluZSgkZGVzdCwgJGVuY29kZWRfYXJjaGl2ZV9lbnRyeSkKICAgICAgICAgICAgTW92ZS1JdGVtIC1QYXRoICRjb21iaW5lZF9lbmNvZGVkX3BhdGggLURlc3RpbmF0aW9uICRlbnRyeV90YXJnZXRfcGF0aCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0KfQoKaWYgKCRjb3B5X21vZGUgLWVxICJxdWVyeSIpIHsKICAgICMgd2Ugb25seSByZXR1cm4gYSBsaXN0IG9mIGZpbGVzL2RpcmVjdG9yaWVzIHRoYXQgbmVlZCB0byBiZSBjb3BpZWQgb3ZlcgogICAgIyB0aGUgc291cmNlIG9mIHRoZSBsb2NhbCBmaWxlIHdpbGwgYmUgdGhlIGtleSB1c2VkCiAgICAkY2hhbmdlZF9maWxlcyA9IEAoKQogICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgPSBAKCkKICAgICRjaGFuZ2VkX3N5bWxpbmtzID0gQCgpCgogICAgZm9yZWFjaCAoJGZpbGUgaW4gJGZpbGVzKSB7CiAgICAgICAgJGZpbGVuYW1lID0gJGZpbGUuZGVzdAogICAgICAgICRsb2NhbF9jaGVja3N1bSA9ICRmaWxlLmNoZWNrc3VtCgogICAgICAgICRmaWxlcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoICRmaWxlbmFtZQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGZpbGVwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAgICAgICAgICRjaGVja3N1bSA9IEdldC1GaWxlQ2hlY2tzdW0gLXBhdGggJGZpbGVwYXRoCiAgICAgICAgICAgICAgICBpZiAoJGNoZWNrc3VtIC1uZSAkbG9jYWxfY2hlY2tzdW0pIHsKICAgICAgICAgICAgICAgICAgICAkd2lsbF9jaGFuZ2UgPSAkdHJ1ZQogICAgICAgICAgICAgICAgICAgICRjaGFuZ2VkX2ZpbGVzICs9ICRmaWxlCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRmaWxlcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZpbGUgdG8gZGVzdCAnJGZpbGVwYXRoJzogb2JqZWN0IGF0IHBhdGggaXMgYWxyZWFkeSBhIGRpcmVjdG9yeSIKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkY2hhbmdlZF9maWxlcyArPSAkZmlsZQogICAgICAgIH0KICAgIH0KCiAgICBmb3JlYWNoICgkZGlyZWN0b3J5IGluICRkaXJlY3RvcmllcykgewogICAgICAgICRkaXJuYW1lID0gJGRpcmVjdG9yeS5kZXN0CgogICAgICAgICRkaXJwYXRoID0gSm9pbi1QYXRoIC1QYXRoICRkZXN0IC1DaGlsZFBhdGggJGRpcm5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGRpcnBhdGgpCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgdG8gZGVzdCAnJGRpcnBhdGgnOiBvYmplY3QgYXQgcGFyZW50IGRpcmVjdG9yeSBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0KICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRkaXJwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZvbGRlciB0byBkZXN0ICckZGlycGF0aCc6IG9iamVjdCBhdCBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0gZWxzZWlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGRpcnBhdGggLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAgICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgKz0gJGRpcmVjdG9yeQogICAgICAgIH0KICAgIH0KCiAgICAjIFRPRE86IEhhbmRsZSBzeW1saW5rcwoKICAgICRyZXN1bHQuZmlsZXMgPSAkY2hhbmdlZF9maWxlcwogICAgJHJlc3VsdC5kaXJlY3RvcmllcyA9ICRjaGFuZ2VkX2RpcmVjdG9yaWVzCiAgICAkcmVzdWx0LnN5bWxpbmtzID0gJGNoYW5nZWRfc3ltbGlua3MKfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJleHBsb2RlIikgewogICAgIyBhIHNpbmdsZSB6aXAgZmlsZSBjb250YWluaW5nIHRoZSBmaWxlcyBhbmQgZGlyZWN0b3JpZXMgbmVlZHMgdG8gYmUKICAgICMgZXhwYW5kZWQgdGhpcyB3aWxsIGFsd2F5cyByZXN1bHQgaW4gYSBjaGFuZ2UgYXMgdGhlIGNhbGN1bGF0aW9uIGlzIGRvbmUKICAgICMgb24gdGhlIHdpbl9jb3B5IGFjdGlvbiBwbHVnaW4gYW5kIGlzIG9ubHkgcnVuIGlmIGEgY2hhbmdlIG5lZWRzIHRvIG9jY3VyCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRzcmMgLVBhdGhUeXBlIExlYWYpKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiQ2Fubm90IGV4cGFuZCBzcmMgemlwIGZpbGU6ICckc3JjJyBhcyBpdCBkb2VzIG5vdCBleGlzdCIKICAgIH0KCiAgICAjIERldGVjdCBpZiB0aGUgUFMgemlwIGFzc2VtYmxpZXMgYXJlIGF2YWlsYWJsZSBvciB3aGV0aGVyIHRvIHVzZSBTaGVsbAogICAgJHVzZV9sZWdhY3kgPSAkZmFsc2UKICAgIHRyeSB7CiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24uRmlsZVN5c3RlbSB8IE91dC1OdWxsCiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24gfCBPdXQtTnVsbAogICAgfSBjYXRjaCB7CiAgICAgICAgJHVzZV9sZWdhY3kgPSAkdHJ1ZQogICAgfQogICAgaWYgKCR1c2VfbGVnYWN5KSB7CiAgICAgICAgRXh0cmFjdC1aaXBMZWdhY3kgLXNyYyAkc3JjIC1kZXN0ICRkZXN0CiAgICB9IGVsc2UgewogICAgICAgIEV4dHJhY3QtWmlwIC1zcmMgJHNyYyAtZGVzdCAkZGVzdAogICAgfQoKICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCn0gZWxzZWlmICgkY29weV9tb2RlIC1lcSAicmVtb3RlIikgewogICAgIyBhbGwgY29weSBhY3Rpb25zIGFyZSBoYXBwZW5pbmcgb24gdGhlIHJlbW90ZSBzaWRlICh3aW5kb3dzIGhvc3QpLCBuZWVkCiAgICAjIHRvbyBjb3B5IHNvdXJjZSBhbmQgZGVzdCB1c2luZyBQUyBjb2RlCiAgICAkcmVzdWx0LnNyYyA9ICRzcmMKICAgICRyZXN1bHQuZGVzdCA9ICRkZXN0CgogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBDb250YWluZXIpIHsKICAgICAgICAjIHdlIGFyZSBjb3B5aW5nIGEgZGlyZWN0b3J5IG9yIHRoZSBjb250ZW50cyBvZiBhIGRpcmVjdG9yeQogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZvbGRlcl9jb3B5JwogICAgICAgIGlmICgkc3JjLkVuZHNXaXRoKCIvIikgLW9yICRzcmMuRW5kc1dpdGgoImBcIikpIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIncyBjb250ZW50cyB0byBkZXN0CiAgICAgICAgICAgICRkaWZmID0gIiIKICAgICAgICAgICAgJGNoaWxkX2ZpbGVzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZQogICAgICAgICAgICBmb3JlYWNoICgkY2hpbGRfZmlsZSBpbiAkY2hpbGRfZmlsZXMpIHsKICAgICAgICAgICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfZmlsZS5OYW1lCiAgICAgICAgICAgICAgICBpZiAoJGNoaWxkX2ZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgICAgICRkaWZmICs9IENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aAogICAgICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIgYW5kIGl0J3MgY29udGVudHMgdG8gZGVzdAogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgICAgICAkZGlmZiA9IENvcHktRm9sZGVyIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgIyB3ZSBhcmUganVzdCBjb3B5aW5nIGEgc2luZ2xlIGZpbGUgdG8gZGVzdAogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZpbGVfY29weScKCiAgICAgICAgJHNvdXJjZV9iYXNlbmFtZSA9IChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICRyZXN1bHQub3JpZ2luYWxfYmFzZW5hbWUgPSAkc291cmNlX2Jhc2VuYW1lCgogICAgICAgIGlmICgkZGVzdC5FbmRzV2l0aCgiLyIpIC1vciAkZGVzdC5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICMgY2hlY2sgaWYgdGhlIHBhcmVudCBkaXIgZXhpc3RzLCB0aGlzIGlzIG9ubHkgZG9uZSBpZiBzcmMgaXMgYQogICAgICAgICAgICAjIGZpbGUgYW5kIGRlc3QgaWYgdGhlIHBhdGggdG8gYSBmaWxlIChkb2Vzbid0IGVuZCB3aXRoIFwgb3IgLykKICAgICAgICAgICAgJHBhcmVudF9kaXIgPSBTcGxpdC1QYXRoIC1QYXRoICRkZXN0CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRGVzdGluYXRpb24gZGlyZWN0b3J5ICckcGFyZW50X2RpcicgZG9lcyBub3QgZXhpc3QiCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgJGNvcHlfcmVzdWx0ID0gQ29weS1GaWxlIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgICRkaWZmID0gJGNvcHlfcmVzdWx0LmRpZmYKICAgICAgICAkcmVzdWx0LmNoZWNrc3VtID0gJGNvcHlfcmVzdWx0LmNoZWNrc3VtCiAgICB9CgogICAgIyB0aGUgZmlsZSBtaWdodCBub3QgZXhpc3QgaWYgcnVubmluZyBpbiBjaGVjayBtb2RlCiAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSAtb3IgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikpIHsKICAgICAgICAkcmVzdWx0LnNpemUgPSBHZXQtRmlsZVNpemUgLXBhdGggJGRlc3QKICAgIH0gZWxzZSB7CiAgICAgICAgJHJlc3VsdC5zaXplID0gJG51bGwKICAgIH0KICAgIGlmICgkZGlmZl9tb2RlKSB7CiAgICAgICAgJHJlc3VsdC5kaWZmLnByZXBhcmVkID0gJGRpZmYKICAgIH0KfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJzaW5nbGUiKSB7CiAgICAjIGEgc2luZ2xlIGZpbGUgaXMgbG9jYXRlZCBpbiBzcmMgYW5kIHdlIG5lZWQgdG8gY29weSB0byBkZXN0LCB0aGlzIHdpbGwKICAgICMgYWx3YXlzIHJlc3VsdCBpbiBhIGNoYW5nZSBhcyB0aGUgY2FsY3VsYXRpb24gaXMgZG9uZSBvbiB0aGUgQW5zaWJsZSBzaWRlCiAgICAjIGJlZm9yZSB0aGlzIGlzIHJ1bi4gVGhpcyBzaG91bGQgYWxzbyBuZXZlciBydW4gaW4gY2hlY2sgbW9kZQogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBMZWFmKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgIyB0aGUgZGVzdCBwYXJhbWV0ZXIgaXMgYSBkaXJlY3RvcnksIHdlIG5lZWQgdG8gYXBwZW5kIG9yaWdpbmFsX2Jhc2VuYW1lCiAgICBpZiAoJGRlc3QuRW5kc1dpdGgoIi8iKSAtb3IgJGRlc3QuRW5kc1dpdGgoImBcIikgLW9yIChUZXN0LVBhdGggLVBhdGggJGRlc3QgLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAkcmVtb3RlX2Rlc3QgPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkb3JpZ2luYWxfYmFzZW5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgd2hlbiBkZXN0IGVuZHMgd2l0aCAvLCB3ZSBuZWVkIHRvIGNyZWF0ZSB0aGUgZGVzdGluYXRpb24gZGlyZWN0b3JpZXMKICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXJlbnRfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0g ScriptBlock ID: 2767665d-e8ed-4615-869b-ddb86f09e4c2 Path:	4104	1		3	2	15	0	1978	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4748	4480	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:29 PM	7f70462d-725d-0004-0ad3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): KICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTUsIEpvbiBIYXdrZXN3b3J0aCAoQGpoYXdrZXN3b3J0aCkgPGZpZ3NAdW5pdHkuZGVtb24uY28udWs+CiMgQ29weXJpZ2h0OiAoYykgMjAxNywgQW5zaWJsZSBQcm9qZWN0CiMgR05VIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgdjMuMCsgKHNlZSBDT1BZSU5HIG9yIGh0dHBzOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvZ3BsLTMuMC50eHQpCgojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxlZ2FjeQoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKJHBhcmFtcyA9IFBhcnNlLUFyZ3MgLWFyZ3VtZW50cyAkYXJncyAtc3VwcG9ydHNfY2hlY2tfbW9kZSAkdHJ1ZQokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtdHlwZSAiYm9vbCIgLWRlZmF1bHQgJGZhbHNlCiRkaWZmX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfZGlmZiIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQoKIyB0aGVyZSBhcmUgNCBtb2RlcyB0byB3aW5fY29weSB3aGljaCBhcmUgZHJpdmVuIGJ5IHRoZSBhY3Rpb24gcGx1Z2luczoKIyAgIGV4cGxvZGU6IHNyYyBpcyBhIHppcCBmaWxlIHdoaWNoIG5lZWRzIHRvIGJlIGV4dHJhY3RlZCB0byBkZXN0LCBmb3IgdXNlIHdpdGggbXVsdGlwbGUgZmlsZXMKIyAgIHF1ZXJ5OiB3aW5fY29weSBhY3Rpb24gcGx1Z2luIHdhbnRzIHRvIGdldCB0aGUgc3RhdGUgb2YgcmVtb3RlIGZpbGVzIHRvIGNoZWNrIHdoZXRoZXIgaXQgbmVlZHMgdG8gc2VuZCB0aGVtCiMgICByZW1vdGU6IGFsbCBjb3B5IGFjdGlvbiBpcyBoYXBwZW5pbmcgcmVtb3RlbHkgKHJlbW90ZV9zcmM9VHJ1ZSkKIyAgIHNpbmdsZTogYSBzaW5nbGUgZmlsZSBoYXMgYmVlbiBjb3BpZWQsIGFsc28gdXNlZCB3aXRoIHRlbXBsYXRlCiRjb3B5X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2NvcHlfbW9kZSIgLXR5cGUgInN0ciIgLWRlZmF1bHQgInNpbmdsZSIgLXZhbGlkYXRlc2V0ICJleHBsb2RlIiwicXVlcnkiLCJyZW1vdGUiLCJzaW5nbGUiCgojIHVzZWQgaW4gZXhwbG9kZSwgcmVtb3RlIGFuZCBzaW5nbGUgbW9kZQokc3JjID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInNyYyIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAoJGNvcHlfbW9kZSAtaW4gQCgiZXhwbG9kZSIsInByb2Nlc3MiLCJzaW5nbGUiKSkKJGRlc3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGVzdCIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAkdHJ1ZQoKIyB1c2VkIGluIHNpbmdsZSBtb2RlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCgojIHVzZWQgaW4gcXVlcnkgYW5kIHJlbW90ZSBtb2RlCiRmb3JjZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmb3JjZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCgojIHVzZWQgaW4gcXVlcnkgbW9kZSwgY29udGFpbnMgdGhlIGxvY2FsIGZpbGVzL2RpcmVjdG9yaWVzL3N5bWxpbmtzIHRoYXQgYXJlIHRvIGJlIGNvcGllZAokZmlsZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZmlsZXMiIC10eXBlICJsaXN0IgokZGlyZWN0b3JpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGlyZWN0b3JpZXMiIC10eXBlICJsaXN0Igokc3ltbGlua3MgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3ltbGlua3MiIC10eXBlICJsaXN0IgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCn0KCmlmICgkZGlmZl9tb2RlKSB7CiAgICAkcmVzdWx0LmRpZmYgPSBAe30KfQoKRnVuY3Rpb24gQ29weS1GaWxlKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9maWxlID0gJGZhbHNlCiAgICAkc291cmNlX2NoZWNrc3VtID0gJG51bGwKICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAkc291cmNlX2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkc291cmNlCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBkZXN0IGlzIGFscmVhZHkgYSBmb2xkZXIiCiAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgaWYgKCRmb3JjZSkgewogICAgICAgICAgICAkdGFyZ2V0X2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkZGVzdAogICAgICAgICAgICBpZiAoJHNvdXJjZV9jaGVja3N1bSAtbmUgJHRhcmdldF9jaGVja3N1bSkgewogICAgICAgICAgICAgICAgJGNvcHlfZmlsZSA9ICR0cnVlCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICRjb3B5X2ZpbGUgPSAkdHJ1ZQogICAgfQoKICAgIGlmICgkY29weV9maWxlKSB7CiAgICAgICAgJGZpbGVfZGlyID0gW1N5c3RlbS5JTy5QYXRoXTo6R2V0RGlyZWN0b3J5TmFtZSgkZGVzdCkKICAgICAgICAjIHZhbGlkYXRlIHRoZSBwYXJlbnQgZGlyIGlzIG5vdCBhIGZpbGUgYW5kIHRoYXQgaXQgZXhpc3RzCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZmlsZV9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRmaWxlX2RpcikpIHsKICAgICAgICAgICAgIyBkaXJlY3RvcnkgZG9lc24ndCBleGlzdCwgbmVlZCB0byBjcmVhdGUKICAgICAgICAgICAgTmV3LUl0ZW0gLVBhdGggJGZpbGVfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICIrJGZpbGVfZGlyXGBuIgogICAgICAgIH0KCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBSZW1vdmUtSXRlbSAtUGF0aCAkZGVzdCAtRm9yY2UgLVJlY3Vyc2UgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICItJGRlc3RgbiIKICAgICAgICB9CgogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICMgY2Fubm90IHJ1biB3aXRoIC1XaGF0SWY6JGNoZWNrX21vZGUgYXMgaWYgdGhlIHBhcmVudCBkaXIgZGlkbid0CiAgICAgICAgICAgICMgZXhpc3QgYW5kIHdhcyBjcmVhdGVkIGFib3ZlIHdvdWxkIHN0aWxsIG5vdCBleGlzdCBpbiBjaGVjayBtb2RlCiAgICAgICAgICAgIENvcHktSXRlbSAtUGF0aCAkc291cmNlIC1EZXN0aW5hdGlvbiAkZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgICAgICAkZGlmZiArPSAiKyRkZXN0YG4iCgogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgIyB1Z2x5IGJ1dCB0byBzYXZlIHVzIGZyb20gcnVubmluZyB0aGUgY2hlY2tzdW0gdHdpY2UsIGxldCdzIHJldHVybiBpdCBmb3IKICAgICMgdGhlIG1haW4gY29kZSB0byBhZGQgaXQgdG8gJHJlc3VsdAogICAgcmV0dXJuICxAeyBkaWZmID0gJGRpZmY7IGNoZWNrc3VtID0gJHNvdXJjZV9jaGVja3N1bSB9Cn0KCkZ1bmN0aW9uIENvcHktRm9sZGVyKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9mb2xkZXIgPSAkZmFsc2UKCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgJHBhcmVudF9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRkZXN0KQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgZnJvbSAnJHNvdXJjZScgdG8gJyRkZXN0JzogZGVzdCBpcyBhbHJlYWR5IGEgZmlsZSIKICAgICAgICB9CgogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBDb250YWluZXIgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgJGRpZmYgKz0gIiskZGVzdFxgbiIKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQoKICAgICRjaGlsZF9pdGVtcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJHNvdXJjZSAtRm9yY2UKICAgIGZvcmVhY2ggKCRjaGlsZF9pdGVtIGluICRjaGlsZF9pdGVtcykgewogICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfaXRlbS5OYW1lCiAgICAgICAgaWYgKCRjaGlsZF9pdGVtLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgJGRpZmYgKz0gKENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgIH0KICAgIH0KCiAgICByZXR1cm4gJGRpZmYKfQoKRnVuY3Rpb24gR2V0LUZpbGVTaXplKCRwYXRoKSB7CiAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRwYXRoIC1Gb3JjZQogICAgJHNpemUgPSAkbnVsbAogICAgaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAkZGlyX2ZpbGVzX3N1bSA9IEdldC1DaGlsZEl0ZW0gJGZpbGUuRnVsbE5hbWUgLVJlY3Vyc2UKICAgICAgICBpZiAoJGRpcl9maWxlc19zdW0gLWVxICRudWxsIC1vciAoJGRpcl9maWxlc19zdW0uUFNPYmplY3QuUHJvcGVydGllcy5uYW1lIC1jb250Y ScriptBlock ID: 2767665d-e8ed-4615-869b-ddb86f09e4c2 Path:	4104	1		3	2	15	0	1977	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4748	4480	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:29 PM	7f70462d-725d-0004-0ad3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiI ScriptBlock ID: 2767665d-e8ed-4615-869b-ddb86f09e4c2 Path:	4104	1		3	2	15	0	1976	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4748	4480	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:29 PM	7f70462d-725d-0004-0ad3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1975	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4748	4284	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:29 PM	7f70462d-725d-0004-08d3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4748 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1974	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4748	3040	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:29 PM	7f70462d-725d-0004-08d3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1973	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4748	4284	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:29 PM	7f70462d-725d-0004-08d3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): begin { $path = 'C:\Users\Admin\AppData\Local\Temp\ansible-tmp-1625575886.75-264318633726021\source' $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 $fd = [System.IO.File]::Create($path) $sha1 = [System.Security.Cryptography.SHA1CryptoServiceProvider]::Create() $bytes = @() #initialize for empty file case } process { $bytes = [System.Convert]::FromBase64String($input) $sha1.TransformBlock($bytes, 0, $bytes.Length, $bytes, 0) | Out-Null $fd.Write($bytes, 0, $bytes.Length) } end { $sha1.TransformFinalBlock($bytes, 0, 0) | Out-Null $hash = [System.BitConverter]::ToString($sha1.Hash).Replace("-", "").ToLowerInvariant() $fd.Close() Write-Output "{""sha1"":""$hash""}" } ScriptBlock ID: 7a44c486-fdc5-4a9c-afc1-d832d8c59be6 Path:	4104	1		3	2	15	0	1972	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4940	2464	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:29 PM	7f70462d-725d-0002-a00e-767f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1971	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4940	4600	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:29 PM	7f70462d-725d-0004-04d3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4940 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1970	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4940	2460	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:29 PM	7f70462d-725d-0004-04d3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1969	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4940	4600	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:28 PM	7f70462d-725d-0004-04d3-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: c5dbb365-f68f-4f81-acba-864ca774aebe Path:	4104	1		3	2	15	0	1968	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4036	5004	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:28 PM	7f70462d-725d-0002-940e-767f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): rivileges]::DisableAllPrivileges($process) [Ansible.PrivilegeUtil.Privileges]::EnablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process) [Ansible.PrivilegeUtil.Privileges]::RemovePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process, $new_state) Here is a brief explanation of each type of arg $process = The process handle to manipulate, use '[Ansible.PrivilegeUtils.Privileges]::GetCurrentProcess()' to get the current process handle $name = The name of the privilege, this is the constant value from https://docs.microsoft.com/en-us/windows/desktop/SecAuthZ/privilege-constants, e.g. SeAuditPrivilege $new_state = 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' The key is the constant name as a string, the value is a ternary boolean where true - will enable the privilege false - will disable the privilege null - will remove the privilege Each method that changes the privilege state will return a dictionary that can be used as the $new_state arg of SetTokenPrivileges to undo and revert back to the original state. If you remove a privilege then this is irreversible and won't be part of the returned dict #> [CmdletBinding()] # build the C# code to compile $namespace_import = ($ansible_privilege_util_namespaces | ForEach-Object { "using $_;" }) -join "`r`n" $platform_util = "$namespace_import`r`n`r`n$ansible_privilege_util_code" # FUTURE: find a better way to get the _ansible_remote_tmp variable # this is used to force csc to compile the C# code in the remote tmp # specified $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $platform_util $env:TMP = $original_tmp } Function Get-AnsiblePrivilege { <# .SYNOPSIS Get the status of a privilege for the current process. This returns $true - the privilege is enabled $false - the privilege is disabled $null - the privilege is removed from the token If Name is not a valid privilege name, this will throw an ArgumentException. .EXAMPLE Get-AnsiblePrivilege -Name SeDebugPrivilege #> [CmdletBinding()] param( [Parameter(Mandatory=$true)][String]$Name ) if (-not [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($Name)) { throw [System.ArgumentException] "Invalid privilege name '$Name'" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() $privilege_info = [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process_token) if ($privilege_info.ContainsKey($Name)) { $status = $privilege_info.$Name return $status.HasFlag([Ansible.PrivilegeUtil.PrivilegeAttributes]::Enabled) } else { return $null } } Function Set-AnsiblePrivilege { <# .SYNOPSIS Enables/Disables a privilege on the current process' token. If a privilege has been removed from the process token, this will throw an InvalidOperationException. .EXAMPLE # enable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $true # disable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $false #> [CmdletBinding(SupportsShouldProcess)] param( [Parameter(Mandatory=$true)][String]$Name, [Parameter(Mandatory=$true)][bool]$Value ) $action = switch($Value) { $true { "Enable" } $false { "Disable" } } $current_state = Get-AnsiblePrivilege -Name $Name if ($current_state -eq $Value) { return # no change needs to occur } elseif ($null -eq $current_state) { # once a privilege is removed from a token we cannot do anything with it throw [System.InvalidOperationException] "Cannot $($action.ToLower()) the privilege '$Name' as it has been removed from the token" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() if ($PSCmdlet.ShouldProcess($Name, "$action the privilege $Name")) { $new_state = New-Object -TypeName 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' $new_state.Add($Name, $Value) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process_token, $new_state) > $null } } Export-ModuleMember -Function Import-PrivilegeUtil, Get-AnsiblePrivilege, Set-AnsiblePrivilege ` -Variable ansible_privilege_util_namespaces, ansible_privilege_util_code ScriptBlock ID: 72f2dc66-20d2-462e-b67b-ddc8dc0c9528 Path:	4104	1		3	2	15	0	1967	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4036	5004	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:28 PM	7f70462d-725d-0000-66ac-757f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): # Copyright (c) 2018 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) # store in separate variables to make it easier for other module_utils to # share this code in their own c# code $ansible_privilege_util_namespaces = @( "Microsoft.Win32.SafeHandles", "System", "System.Collections.Generic", "System.Linq", "System.Runtime.InteropServices", "System.Security.Principal", "System.Text" ) $ansible_privilege_util_code = @' namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } } '@ Function Import-PrivilegeUtil { <# .SYNOPSIS Compiles the C# code that can be used to manage Windows privileges from an Ansible module. Once this function is called, the following PowerShell cmdlets can be used; Get-AnsiblePrivilege Set-AnsiblePrivilege The above cmdlets give the ability to manage permissions on the current process token but the underlying .NET classes are also exposed for greater control. The following functions can be used by calling the .NET class [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($name) [Ansible.PrivilegeUtil.Privileges]::DisablePrivilege($process, $name) [Ansible.PrivilegeUtil.P ScriptBlock ID: 72f2dc66-20d2-462e-b67b-ddc8dc0c9528 Path:	4104	1		3	2	15	0	1966	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4036	5004	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:28 PM	7f70462d-725d-0000-66ac-757f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) #Requires -Module Ansible.ModuleUtils.PrivilegeUtil Function Load-LinkUtils() { $link_util = @' using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } } '@ # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $link_util $env:TMP = $original_tmp Import-PrivilegeUtil # enable the SeBackupPrivilege if it is disabled $state = Get-AnsiblePrivilege -Name SeBackupPrivilege if ($state -eq $false) { Set-AnsiblePrivilege -Name SeBackupPrivilege -Value $true } } Function Get-Link($link_path) { $link_info = [Ansible.LinkUtil]::GetLinkInfo($link_path) return $link_info } Function Remove-Link($link_path) { [Ansible.LinkUtil]::DeleteLink($link_path) } Function New-Link($link_path, $link_target, $link_type) { if (-not (Test-Path -Path $link_target)) { throw "link_target '$link_target' does not exist, cannot create link" } switch($link_type) { "link" { $type = [Ansible.LinkType]::SymbolicLink } "junction" { if (Test-Path -Path $link_target -PathType Leaf) { throw "cannot set the target for a junction point to a file" } $type = [Ansible.LinkType]::JunctionPoint } "hard" { if (Test-Path -Path $link_target -PathType Container) { throw "cannot set the target for a hard link to a directory" } $type = [Ansible.LinkType]::HardLink } default { throw "invalid link_type option $($link_type): expecting link, junction, hard" } } [Ansible.LinkUtil]::CreateLink($link_path, $link_target, $type) } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 58624770-c240-452e-9591-31cd1f12d86b Path:	4104	1		3	2	15	0	1965	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4036	5004	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:28 PM	7f70462d-725d-0000-62ac-757f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 12d8aec2-393f-43da-a52a-bfd732c900b2 Path:	4104	1		3	2	15	0	1964	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4036	5004	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:28 PM	7f70462d-725d-0002-860e-767f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (7 of 7): AgICAgICRzdGF0LnNpemUgPSAkaW5mby5MZW5ndGgKCiAgICAgICAgaWYgKCRnZXRfbWQ1KSB7CiAgICAgICAgICAgIHRyeSB7CiAgICAgICAgICAgICAgICAkc3RhdC5tZDUgPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gIm1kNSIKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJmYWlsZWQgdG8gZ2V0IE1ENSBoYXNoIG9mIGZpbGUsIHJlbW92ZSBnZXRfbWQ1IHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICBpZiAoJGdldF9jaGVja3N1bSkgewogICAgICAgICAgICB0cnkgewogICAgICAgICAgICAgICAgJHN0YXQuY2hlY2tzdW0gPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gJGNoZWNrc3VtX2FsZ29yaXRobQogICAgICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImZhaWxlZCB0byBnZXQgaGFzaCBvZiBmaWxlLCBzZXQgZ2V0X2NoZWNrc3VtIHRvIEZhbHNlIHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KCiAgICAjIEdldCBzeW1ib2xpYyBsaW5rLCBqdW5jdGlvbiBwb2ludCwgaGFyZCBsaW5rIGluZm8KICAgIExvYWQtTGlua1V0aWxzCiAgICB0cnkgewogICAgICAgICRsaW5rX2luZm8gPSBHZXQtTGluayAtbGlua19wYXRoICRpbmZvLkZ1bGxOYW1lCiAgICB9IGNhdGNoIHsKICAgICAgICBBZGQtV2FybmluZyAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBjaGVjay9nZXQgbGluayBpbmZvIGZvciBmaWxlOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgIH0KICAgIGlmICgkbGlua19pbmZvIC1uZSAkbnVsbCkgewogICAgICAgIHN3aXRjaCAoJGxpbmtfaW5mby5UeXBlKSB7CiAgICAgICAgICAgICJTeW1ib2xpY0xpbmsiIHsKICAgICAgICAgICAgICAgICRzdGF0LmlzbG5rID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJKdW5jdGlvblBvaW50IiB7CiAgICAgICAgICAgICAgICAkc3RhdC5pc2p1bmN0aW9uID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJIYXJkTGluayIgewogICAgICAgICAgICAgICAgJHN0YXQubG5rX3R5cGUgPSAiaGFyZCIKICAgICAgICAgICAgICAgICRzdGF0Lm5saW5rID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cy5Db3VudAoKICAgICAgICAgICAgICAgICMgcmVtb3ZlIGN1cnJlbnQgcGF0aCBmcm9tIHRoZSB0YXJnZXRzCiAgICAgICAgICAgICAgICAkaGxua190YXJnZXRzID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cyB8IFdoZXJlLU9iamVjdCB7ICRfIC1uZSAkc3RhdC5wYXRoIH0KICAgICAgICAgICAgICAgICRzdGF0LmhsbmtfdGFyZ2V0cyA9IEAoJGhsbmtfdGFyZ2V0cykKICAgICAgICAgICAgICAgIGJyZWFrCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9CgogICAgJHJlc3VsdC5zdGF0ID0gJHN0YXQKfQoKRXhpdC1Kc29uICRyZXN1bHQK", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "stat", "_ansible_debug": false, "_ansible_verbosity": 3, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_shell_executable": "/bin/sh", "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "get_checksum": true, "_ansible_check_mode": false, "checksum_algo": "sha1", "follow": false, "path": "C:\\eventlogcss.txt", "_ansible_tmpdir": "'C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1625575886.75-264318633726021'"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 6b50f0f5-8149-4966-a886-cb0fc3937ae6 Path:	4104	1		3	2	15	0	1963	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4036	5004	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:28 PM	7f70462d-725d-0004-e5d2-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (6 of 7): tTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5GaWxlVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxpbmtVdGlsCgpmdW5jdGlvbiBEYXRlVG8tVGltZXN0YW1wKCRzdGFydF9kYXRlLCAkZW5kX2RhdGUpIHsKICAgIGlmICgkc3RhcnRfZGF0ZSAtYW5kICRlbmRfZGF0ZSkgewogICAgICAgIHJldHVybiAoTmV3LVRpbWVTcGFuIC1TdGFydCAkc3RhcnRfZGF0ZSAtRW5kICRlbmRfZGF0ZSkuVG90YWxTZWNvbmRzCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokcGF0aCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJwYXRoIiAtdHlwZSAicGF0aCIgLWZhaWxpZmVtcHR5ICR0cnVlIC1hbGlhc2VzICJkZXN0IiwibmFtZSIKJGdldF9tZDUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZ2V0X21kNSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQokZ2V0X2NoZWNrc3VtID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgImdldF9jaGVja3N1bSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCiRjaGVja3N1bV9hbGdvcml0aG0gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hlY2tzdW1fYWxnb3JpdGhtIiAtdHlwZSAic3RyIiAtZGVmYXVsdCAic2hhMSIgLXZhbGlkYXRlc2V0ICJtZDUiLCJzaGExIiwic2hhMjU2Iiwic2hhMzg0Iiwic2hhNTEyIgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCiAgICBzdGF0ID0gQHsKICAgICAgICBleGlzdHMgPSAkZmFsc2UKICAgIH0KfQoKIyBnZXRfbWQ1IHdpbGwgYmUgYW4gdW5kb2N1bWVudGVkIG9wdGlvbiBpbiAyLjkgdG8gYmUgcmVtb3ZlZCBhdCBhIGxhdGVyCiMgZGF0ZSBpZiBwb3NzaWJsZSAoMy4wKykKaWYgKEdldC1NZW1iZXIgLWlucHV0b2JqZWN0ICRwYXJhbXMgLW5hbWUgImdldF9tZDUiKSB7CiAgICBBZGQtRGVwcmVhY3Rpb25XYXJuaW5nIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiZ2V0X21kNSBoYXMgYmVlbiBkZXByZWNhdGVkIGFsb25nIHdpdGggdGhlIG1kNSByZXR1cm4gdmFsdWUsIHVzZSBnZXRfY2hlY2tzdW09VHJ1ZSBhbmQgY2hlY2tzdW1fYWxnb3JpdGhtPW1kNSBpbnN0ZWFkIiAtdmVyc2lvbiAyLjkKfQoKJGluZm8gPSBHZXQtQW5zaWJsZUl0ZW0gLVBhdGggJHBhdGggLUVycm9yQWN0aW9uIFNpbGVudGx5Q29udGludWUKSWYgKCRpbmZvIC1uZSAkbnVsbCkgewogICAgJGVwb2NoX2RhdGUgPSBHZXQtRGF0ZSAtRGF0ZSAiMDEvMDEvMTk3MCIKICAgICRhdHRyaWJ1dGVzID0gQCgpCiAgICBmb3JlYWNoICgkYXR0cmlidXRlIGluICgkaW5mby5BdHRyaWJ1dGVzIC1zcGxpdCAnLCcpKSB7CiAgICAgICAgJGF0dHJpYnV0ZXMgKz0gJGF0dHJpYnV0ZS5UcmltKCkKICAgIH0KCiAgICAjIGRlZmF1bHQgdmFsdWVzIHRoYXQgYXJlIGFsd2F5cyBzZXQsIHNwZWNpZmljIHZhbHVlcyBhcmUgc2V0IGJlbG93IHRoaXMKICAgICMgYnV0IGFyZSBrZXB0IGNvbW1lbnRlZCBmb3IgZWFzaWVyIHJlYWRhYmlsaXR5CiAgICAkc3RhdCA9IEB7CiAgICAgICAgZXhpc3RzID0gJHRydWUKICAgICAgICBhdHRyaWJ1dGVzID0gJGluZm8uQXR0cmlidXRlcy5Ub1N0cmluZygpCiAgICAgICAgaXNhcmNoaXZlID0gKCRhdHRyaWJ1dGVzIC1jb250YWlucyAiQXJjaGl2ZSIpCiAgICAgICAgaXNkaXIgPSAkZmFsc2UKICAgICAgICBpc2hpZGRlbiA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIkhpZGRlbiIpCiAgICAgICAgaXNqdW5jdGlvbiA9ICRmYWxzZQogICAgICAgIGlzbG5rID0gJGZhbHNlCiAgICAgICAgaXNyZWFkb25seSA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIlJlYWRPbmx5IikKICAgICAgICBpc3JlZyA9ICRmYWxzZQogICAgICAgIGlzc2hhcmVkID0gJGZhbHNlCiAgICAgICAgbmxpbmsgPSAxICAjIE51bWJlciBvZiBsaW5rcyB0byB0aGUgZmlsZSAoaGFyZCBsaW5rcyksIG92ZXJyaWRlbiBiZWxvdyBpZiBpc2xuawogICAgICAgICMgbG5rX3RhcmdldCA9IGlzbG5rIG9yIGlzanVuY3Rpb24gVGFyZ2V0IG9mIHRoZSBzeW1saW5rLiBOb3RlIHRoYXQgcmVsYXRpdmUgcGF0aHMgcmVtYWluIHJlbGF0aXZlCiAgICAgICAgIyBsbmtfc291cmNlID0gaXNsbmsgb3MgaXNqdW5jdGlvbiBUYXJnZXQgb2YgdGhlIHN5bWxpbmsgbm9ybWFsaXplZCBmb3IgdGhlIHJlbW90ZSBmaWxlc3lzdGVtCiAgICAgICAgaGxua190YXJnZXRzID0gQCgpCiAgICAgICAgY3JlYXRpb250aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkNyZWF0aW9uVGltZSkKICAgICAgICBsYXN0YWNjZXNzdGltZSA9IChEYXRlVG8tVGltZXN0YW1wIC1zdGFydF9kYXRlICRlcG9jaF9kYXRlIC1lbmRfZGF0ZSAkaW5mby5MYXN0QWNjZXNzVGltZSkKICAgICAgICBsYXN0d3JpdGV0aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkxhc3RXcml0ZVRpbWUpCiAgICAgICAgIyBzaXplID0gYSBmaWxlIGFuZCBkaXJlY3RvcnkgLSBjYWxjdWxhdGVkIGJlbG93CiAgICAgICAgcGF0aCA9ICRpbmZvLkZ1bGxOYW1lCiAgICAgICAgZmlsZW5hbWUgPSAkaW5mby5OYW1lCiAgICAgICAgIyBleHRlbnNpb24gPSBhIGZpbGUKICAgICAgICAjIG93bmVyID0gc2V0IG91dHNpdGUgdGhpcyBkaWN0IGluIGNhc2UgaXQgZmFpbHMKICAgICAgICAjIHNoYXJlbmFtZSA9IGEgZGlyZWN0b3J5IGFuZCBpc3NoYXJlZCBpcyBUcnVlCiAgICAgICAgIyBjaGVja3N1bSA9IGEgZmlsZSBhbmQgZ2V0X2NoZWNrc3VtOiBUcnVlCiAgICAgICAgIyBtZDUgPSBhIGZpbGUgYW5kIGdldF9tZDU6IFRydWUKICAgIH0KICAgICRzdGF0Lm93bmVyID0gJGluZm8uR2V0QWNjZXNzQ29udHJvbCgpLk93bmVyCgogICAgIyB2YWx1ZXMgdGhhdCBhcmUgc2V0IGFjY29yZGluZyB0byB0aGUgdHlwZSBvZiBmaWxlCiAgICBpZiAoJGluZm8uQXR0cmlidXRlcy5IYXNGbGFnKFtTeXN0ZW0uSU8uRmlsZUF0dHJpYnV0ZXNdOjpEaXJlY3RvcnkpKSB7CiAgICAgICAgJHN0YXQuaXNkaXIgPSAkdHJ1ZQogICAgICAgICRzaGFyZV9pbmZvID0gR2V0LVdtaU9iamVjdCAtQ2xhc3MgV2luMzJfU2hhcmUgLUZpbHRlciAiUGF0aD0nJCgkc3RhdC5wYXRoIC1yZXBsYWNlICdcXCcsICdcXCcpJyIKICAgICAgICBpZiAoJHNoYXJlX2luZm8gLW5lICRudWxsKSB7CiAgICAgICAgICAgICRzdGF0Lmlzc2hhcmVkID0gJHRydWUKICAgICAgICAgICAgJHN0YXQuc2hhcmVuYW1lID0gJHNoYXJlX2luZm8uTmFtZQogICAgICAgIH0KCiAgICAgICAgdHJ5IHsKICAgICAgICAgICAgJHNpemUgPSAwCiAgICAgICAgICAgIGZvcmVhY2ggKCRmaWxlIGluICRpbmZvLkVudW1lcmF0ZUZpbGVzKCIqIiwgW1N5c3RlbS5JTy5TZWFyY2hPcHRpb25dOjpBbGxEaXJlY3RvcmllcykpIHsKICAgICAgICAgICAgICAgICRzaXplICs9ICRmaWxlLkxlbmd0aAogICAgICAgICAgICB9CiAgICAgICAgICAgICRzdGF0LnNpemUgPSAkc2l6ZQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICAkc3RhdC5zaXplID0gMAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHN0YXQuZXh0ZW5zaW9uID0gJGluZm8uRXh0ZW5zaW9uCiAgICAgICAgJHN0YXQuaXNyZWcgPSAkdHJ1ZQogIC ScriptBlock ID: 6b50f0f5-8149-4966-a886-cb0fc3937ae6 Path:	4104	1		3	2	15	0	1962	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4036	5004	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:28 PM	7f70462d-725d-0004-e5d2-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 7): WUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUxpbmsoJGxpbmtfcGF0aCkgewogICAgJGxpbmtfaW5mbyA9IFtBbnNpYmxlLkxpbmtVdGlsXTo6R2V0TGlua0luZm8oJGxpbmtfcGF0aCkKICAgIHJldHVybiAkbGlua19pbmZvCn0KCkZ1bmN0aW9uIFJlbW92ZS1MaW5rKCRsaW5rX3BhdGgpIHsKICAgIFtBbnNpYmxlLkxpbmtVdGlsXTo6RGVsZXRlTGluaygkbGlua19wYXRoKQp9CgpGdW5jdGlvbiBOZXctTGluaygkbGlua19wYXRoLCAkbGlua190YXJnZXQsICRsaW5rX3R5cGUpIHsKICAgIGlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0KSkgewogICAgICAgIHRocm93ICJsaW5rX3RhcmdldCAnJGxpbmtfdGFyZ2V0JyBkb2VzIG5vdCBleGlzdCwgY2Fubm90IGNyZWF0ZSBsaW5rIgogICAgfQogICAgCiAgICBzd2l0Y2goJGxpbmtfdHlwZSkgewogICAgICAgICJsaW5rIiB7CiAgICAgICAgICAgICR0eXBlID0gW0Fuc2libGUuTGlua1R5cGVdOjpTeW1ib2xpY0xpbmsKICAgICAgICB9CiAgICAgICAgImp1bmN0aW9uIiB7CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGp1bmN0aW9uIHBvaW50IHRvIGEgZmlsZSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SnVuY3Rpb25Qb2ludAogICAgICAgIH0KICAgICAgICAiaGFyZCIgewogICAgICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRsaW5rX3RhcmdldCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGhhcmQgbGluayB0byBhIGRpcmVjdG9yeSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SGFyZExpbmsKICAgICAgICB9CiAgICAgICAgZGVmYXVsdCB7IHRocm93ICJpbnZhbGlkIGxpbmtfdHlwZSBvcHRpb24gJCgkbGlua190eXBlKTogZXhwZWN0aW5nIGxpbmssIGp1bmN0aW9uLCBoYXJkIiB9CiAgICB9CiAgICBbQW5zaWJsZS5MaW5rVXRpbF06OkNyZWF0ZUxpbmsoJGxpbmtfcGF0aCwgJGxpbmtfdGFyZ2V0LCAkdHlwZSkKfQoKIyB0aGlzIGxpbmUgbXVzdCBzdGF5IGF0IHRoZSBib3R0b20gdG8gZW5zdXJlIGFsbCBkZWZpbmVkIG1vZHVsZSBwYXJ0cyBhcmUgZXhwb3J0ZWQKRXhwb3J0LU1vZHVsZU1lbWJlciAtQWxpYXMgKiAtRnVuY3Rpb24gKiAtQ21kbGV0ICoK", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyA ScriptBlock ID: 6b50f0f5-8149-4966-a886-cb0fc3937ae6 Path:	4104	1		3	2	15	0	1961	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4036	5004	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:28 PM	7f70462d-725d-0004-e5d2-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 7): yhsaW5rUGF0aCk7CiAgICAgICAgICAgIGlmIChhdHRyLkhhc0ZsYWcoRmlsZUF0dHJpYnV0ZXMuUmVwYXJzZVBvaW50KSkKICAgICAgICAgICAgICAgIHJldHVybiBHZXRSZXBhcnNlUG9pbnRJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIGlmICghYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICByZXR1cm4gR2V0SGFyZExpbmtJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIHJldHVybiBudWxsOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUxpbmsoc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgYm9vbCBzdWNjZXNzOwogICAgICAgICAgICBGaWxlQXR0cmlidXRlcyBhdHRyID0gRmlsZS5HZXRBdHRyaWJ1dGVzKGxpbmtQYXRoKTsKICAgICAgICAgICAgaWYgKGF0dHIuSGFzRmxhZyhGaWxlQXR0cmlidXRlcy5EaXJlY3RvcnkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzdWNjZXNzID0gUmVtb3ZlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIHN1Y2Nlc3MgPSBEZWxldGVGaWxlKGxpbmtQYXRoKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgaWYgKCFzdWNjZXNzKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRmFpbGVkIHRvIGRlbGV0ZSBsaW5rIGF0IHswfSIsIGxpbmtQYXRoKSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgQ3JlYXRlTGluayhzdHJpbmcgbGlua1BhdGgsIFN0cmluZyBsaW5rVGFyZ2V0LCBMaW5rVHlwZSBsaW5rVHlwZSkKICAgICAgICB7CiAgICAgICAgICAgIHN3aXRjaCAobGlua1R5cGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGNhc2UgTGlua1R5cGUuU3ltYm9saWNMaW5rOgogICAgICAgICAgICAgICAgICAgIFVJbnQzMiBsaW5rRmxhZ3M7CiAgICAgICAgICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rVGFyZ2V0KTsKICAgICAgICAgICAgICAgICAgICBpZiAoYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICAgICAgICAgIGxpbmtGbGFncyA9IFNZTUJPTElDX0xJTktfRkxBR19ESVJFQ1RPUlk7CiAgICAgICAgICAgICAgICAgICAgZWxzZQogICAgICAgICAgICAgICAgICAgICAgICBsaW5rRmxhZ3MgPSBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRTsKCiAgICAgICAgICAgICAgICAgICAgaWYgKCFDcmVhdGVTeW1ib2xpY0xpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIGxpbmtGbGFncykpCiAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZVN5bWJvbGljTGluayh7MH0sIHsxfSwgezJ9KSBmYWlsZWQiLCBsaW5rUGF0aCwgbGlua1RhcmdldCwgbGlua0ZsYWdzKSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkp1bmN0aW9uUG9pbnQ6CiAgICAgICAgICAgICAgICAgICAgQ3JlYXRlSnVuY3Rpb25Qb2ludChsaW5rUGF0aCwgbGlua1RhcmdldCk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkhhcmRMaW5rOgogICAgICAgICAgICAgICAgICAgIGlmICghQ3JlYXRlSGFyZExpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlSGFyZExpbmsoezB9LCB7MX0pIGZhaWxlZCIsIGxpbmtQYXRoLCBsaW5rVGFyZ2V0KSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgIH0KICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIExpbmtJbmZvIEdldEhhcmRMaW5rSW5mbyhzdHJpbmcgbGlua1BhdGgpCiAgICAgICAgewogICAgICAgICAgICBVSW50MzIgbWF4UGF0aCA9IDI2MDsKICAgICAgICAgICAgTGlzdDxzdHJpbmc+IHJlc3VsdCA9IG5ldyBMaXN0PHN0cmluZz4oKTsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgc2IgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KW1heFBhdGgpOwogICAgICAgICAgICBVSW50MzIgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgaWYgKCFHZXRWb2x1bWVQYXRoTmFtZShsaW5rUGF0aCwgc2IsIHJlZiBzdHJpbmdMZW5ndGgpKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oIkdldFZvbHVtZVBhdGhOYW1lKCkgZmFpbGVkIik7CiAgICAgICAgICAgIHN0cmluZyB2b2x1bWUgPSBzYi5Ub1N0cmluZygpOwoKICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgSW50UHRyIGZpbmRIYW5kbGUgPSBGaW5kRmlyc3RGaWxlTmFtZVcobGlua1BhdGgsIDAsIHJlZiBzdHJpbmdMZW5ndGgsIHNiKTsKICAgICAgICAgICAgaWYgKGZpbmRIYW5kbGUuVG9JbnQ2NCgpICE9IElOVkFMSURfSEFORExFX1ZBTFVFKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBkbwogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nIGhhcmRMaW5rUGF0aCA9IHNiLlRvU3RyaW5nKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChoYXJkTGlua1BhdGguU3RhcnRzV2l0aCgiXFwiKSkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIGhhcmRMaW5rUGF0aCA9IGhhcmRMaW5rUGF0aC5TdWJzdHJpbmcoMSwgaGFyZExpbmtQYXRoLkxlbmd0aCAtIDEpOwoKICAgICAgICAgICAgICAgICAgICAgICAgcmVzdWx0LkFkZChQYXRoLkNvbWJpbmUodm9sdW1lLCBoYXJkTGlua1BhdGgpKTsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKCiAgICAgICAgICAgICAgICAgICAgfSB3aGlsZSAoRmluZE5leHRGaWxlTmFtZVcoZmluZEhhbmRsZSwgcmVmIHN0cmluZ0xlbmd0aCwgc2IpKTsKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBGaW5kQ2xvc2UoZmluZEhhbmRsZSk7CiAgICAgICAgICAgICAgICB9ICAgICAgICAgICAgICAgIAogICAgICAgICAgICB9CgogICAgICAgICAgICBpZiAocmVzdWx0LkNvdW50ID4gMSkKICAgICAgICAgICAgICAgIHJldHVybiBuZXcgTGlua0luZm8KICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBUeXBlID0gTGlua1R5cGUuSGFyZExpbmssCiAgICAgICAgICAgICAgICAgICAgSGFyZFRhcmdldHMgPSByZXN1bHQuVG9BcnJheSgpCiAgICAgICAgICAgICAgICB9OwoKICAgICAgICAgICAgcmV0dXJuIG51bGw7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBMaW5rSW5mbyBHZXRSZXBhcnNlUG9pbnRJbmZvKHN0cmluZyBsaW5rUGF0aCkKICAgICAgICB7CiAgICAgICAgICAgIFNhZmVGaWxlSGFuZGxlIGZpbGVIYW5kbGUgPSBDcmVhdGVGaWxlKAogICAgICAgICAgICAgICAgbGlua1BhdGgsCiAgICAgICAgICAgICAgICBGaWxlQWNjZXNzLlJlYWQsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuTm9uZSwKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgRmlsZU1vZGUuT3BlbiwKICAgICAgICAgICAgICAgIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgfCBGSUxFX0ZMQUdfQkFDS1VQX1NFTUFOVElDUywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKTsKCiAgICAgICAgICAgIGlmIChmaWxlSGFuZGxlLklzSW52YWxpZCkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZUZpbGUoezB9KSBmYWlsZWQiLCBsaW5rUGF0aCkpOyAgICAgICAgICAgIAoKICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfR0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICAgICAgMCwKICAgICAgICAgICAgICAgICAgICBvdXQgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIE1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgZm9yIGZpbGUgYXQgezB9IiwgbGlua1BhdGgpKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUuRGlzcG9zZSgpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBib29sIGlzUmVsYXRpdmUgPSBmYWxzZTsKICAgICAgICAgICAgaW50IHBhdGhPZmZzZXQgPSAwOwogICAgICAgICAgICBMaW5rVHlwZSBsaW5rVHlwZTsKICAgICAgICAgICAgaWYgKGJ1ZmZlci5SZXBhcnNlVGFnID09IElPX1JFUEFSU0VfVEFHX1NZTUxJTkspCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFVJbnQzMiBidWZmZXJGbGFncyA9IENvbnZlcnQuVG9VSW50MzIoYnVmZmVyLlBhdGhCdWZmZXJbMF0pICsgQ29udmVydC5Ub1VJbnQzMihidWZmZXIuUGF0aEJ1ZmZlclsxXSk7CiAgICAgICAgICAgICAgICBpZiAoYnVmZmVyRmxhZ3MgPT0gU1lNTElOS19GTEFHX1JFTEFUSVZFKQogICAgICAgICAgICAgICAgICAgIGlzUmVsYXRpdmUgPSB0cnVlOwogICAgICAgICAgICAgICAgcGF0aE9mZnNldCA9IDI7CiAgICAgICAgICAgICAgICBsaW5rVHlwZSA9IExpbmtUeXBlLlN5bWJvbGljTGluazsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlIGlmIChidWZmZXIuUmVwYXJzZVRhZyA9PSBJT19SRVBBUlNFX1RBR19NT1VOVF9QT0lOVCkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgbGlua1R5cGUgPSBMaW5rVHlwZS5KdW5jdGlvblBvaW50OwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIGVycm9yTWVzc2FnZSA9IFN0cmluZy5Gb3JtYXQoIkludmFsaWQgUmVwYXJzZSBUYWc6IHswfSIsIGJ1ZmZlci5SZXBhcnNlVGFnLlRvU3RyaW5nKCkpOwogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEV4Y2VwdGlvbihlcnJvck1lc3NhZ2UpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBzdHJpbmcgcHJpbnROYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlByaW50TmFtZU9mZnNldCAvIFNJWkVfT0ZfV0NIQVIpICsgcGF0aE9mZnNldCwgKGludCkoYnVmZmVyLlByaW50TmFtZUxlbmd0aCAvIFNJWkVfT0ZfV0NIQVIpKTsKICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0IC8gU0laRV9PRl9XQ0hBUikgKyBwYXRoT2Zmc2V0LCAoaW50KShidWZmZXIuU3Vic3RpdHV0ZU5hbWVMZW5ndGggLyBTSVpFX09GX1dDSEFSKSk7CgogICAgICAgICAgICAvLyBUT0RPOiBzaG91bGQgd2UgY2hlY2sgZm9yIFw/XFVOQ1xzZXJ2ZXIgZm9yIGNvbnZlcnQgaXQgdG8gdGhlIE5UIHN0eWxlIFxcc2VydmVyIHBhdGgKICAgICAgICAgICAgLy8gUmVtb3ZlIHRoZSBsZWFkaW5nIFdpbmRvd3Mgb2JqZWN0IGRpcmVjdG9yeSBcP1wgZnJvbSB0aGUgcGF0aCBpZiBwcmVzZW50CiAgICAgICAgICAgIHN0cmluZyB0YXJnZXRQYXRoID0gc3Vic3RpdHV0ZU5hbWU7CiAgICAgICAgICAgIGlmICh0YXJnZXRQYXRoLlN0YXJ0c1dpdGgoIlxcPz9cXCIpKQogICAgICAgICAgICAgICAgdGFyZ2V0UGF0aCA9IHRhcmdldFBhdGguU3Vic3RyaW5nKDQsIHRhcmdldFBhdGguTGVuZ3RoIC0gNCk7CgogICAgICAgICAgICBzdHJpbmcgYWJzb2x1dGVQYXRoID0gdGFyZ2V0UGF0aDsKICAgICAgICAgICAgaWYgKGlzUmVsYXRpdmUpCiAgICAgICAgICAgICAgICBhYnNvbHV0ZVBhdGggPSBQYXRoLkdldEZ1bGxQYXRoKFBhdGguQ29tYmluZShuZXcgRmlsZUluZm8obGlua1BhdGgpLkRpcmVjdG9yeS5GdWxsTmFtZSwgdGFyZ2V0UGF0aCkpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBMaW5rSW5mbwogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBUeXBlID0gbGlua1R5cGUsCiAgICAgICAgICAgICAgICBQcmludE5hbWUgPSBwcmludE5hbWUsCiAgICAgICAgICAgICAgICBTdWJzdGl0dXRlTmFtZSA9IHN1YnN0aXR1dGVOYW1lLAogICAgICAgICAgICAgICAgQWJzb2x1dGVQYXRoID0gYWJzb2x1dGVQYXRoLAogICAgICAgICAgICAgICAgVGFyZ2V0UGF0aCA9IHRhcmdldFBhdGgKICAgICAgICAgICAgfTsKICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIHZvaWQgQ3JlYXRlSnVuY3Rpb25Qb2ludChzdHJpbmcgbGlua1BhdGgsIHN0cmluZyBsaW5rVGFyZ2V0KQogICAgICAgIHsKICAgICAgICAgICAgLy8gV2UgbmVlZCB0byBjcmVhdGUgdGhlIGxpbmsgYXMgYSBkaXIgYmVmb3JlaGFuZAogICAgICAgICAgICBEaXJlY3RvcnkuQ3JlYXRlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgZmlsZUhhbmRsZSA9IENyZWF0ZUZpbGUoCiAgICAgICAgICAgICAgICBsaW5rUGF0aCwKICAgICAgICAgICAgICAgIEZpbGVBY2Nlc3MuV3JpdGUsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuUmVhZCB8IEZpbGVTaGFyZS5Xcml0ZSB8IEZpbGVTaGFyZS5Ob25lLAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICBGaWxlTW9kZS5PcGVuLAogICAgICAgICAgICAgICAgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgfCBGSUxFX0ZMQUdfT1BFTl9SRVBBUlNFX1BPSU5ULAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8pOwoKICAgICAgICAgICAgaWYgKGZpbGVIYW5kbGUuSXNJbnZhbGlkKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlRmlsZSh7MH0pIGZhaWxlZCIsIGxpbmtQYXRoKSk7CgogICAgICAgICAgICB0cnkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gIlxcPz9cXCIgKyBQYXRoLkdldEZ1bGxQYXRoKGxpbmtUYXJnZXQpOwogICAgICAgICAgICAgICAgc3RyaW5nIHByaW50TmFtZSA9IGxpbmtUYXJnZXQ7CgogICAgICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICAgICAgYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0ID0gMDsKICAgICAgICAgICAgICAgIGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCA9IChVSW50MTYpKHN1YnN0aXR1dGVOYW1lLkxlbmd0aCAqIFNJWkVfT0ZfV0NIQVIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZU9mZnNldCA9IChVSW50MTYpKGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCArIDIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZUxlbmd0aCA9IChVSW50MTYpKHByaW50TmFtZS5MZW5ndGggKiBTSVpFX09GX1dDSEFSKTsKCiAgICAgICAgICAgICAgICBidWZmZXIuUmVwYXJzZVRhZyA9IElPX1JFUEFSU0VfVEFHX01PVU5UX1BPSU5UOwogICAgICAgICAgICAgICAgYnVmZmVyLlJlcGFyc2VEYXRhTGVuZ3RoID0gKFVJbnQxNikoYnVmZmVyLlN1YnN0aXR1dGVOYW1lTGVuZ3RoICsgYnVmZmVyLlByaW50TmFtZUxlbmd0aCArIDEyKTsKICAgICAgICAgICAgICAgIGJ1ZmZlci5QYXRoQnVmZmVyID0gbmV3IGNoYXJbTUFYSU1VTV9SRVBBUlNFX0RBVEFfQlVGRkVSX1NJWkVdOwoKICAgICAgICAgICAgICAgIGJ5dGVbXSB1bmljb2RlQnl0ZXMgPSBFbmNvZGluZy5Vbmljb2RlLkdldEJ5dGVzKHN1YnN0aXR1dGVOYW1lICsgIlwwIiArIHByaW50TmFtZSk7CiAgICAgICAgICAgICAgICBjaGFyW10gcGF0aEJ1ZmZlciA9IEVuY29kaW5nLlVuaWNvZGUuR2V0Q2hhcnModW5pY29kZUJ5dGVzKTsKICAgICAgICAgICAgICAgIEFycmF5LkNvcHkocGF0aEJ1ZmZlciwgYnVmZmVyLlBhdGhCdWZmZXIsIHBhdGhCdWZmZXIuTGVuZ3RoKTsKCiAgICAgICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIChVSW50MzIpKGJ1ZmZlci5SZXBhcnNlRGF0YUxlbmd0aCArIDgpLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLCAwLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgdG8gY3JlYXRlIGp1bmN0aW9uIHBvaW50IGF0IHswfSB0byB7MX0iLCBsaW5rUGF0aCwgbGlua1RhcmdldCkpOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZmlsZUhhbmRsZS5EaXNwb3NlKCk7CiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9Cn0KJ0AKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRsaW5rX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKICAgIEltcG9ydC1Qcml2aWxlZ2VVdGlsCiAgICAjIGVuYWJsZSB0aGUgU2VCYWNrdXBQcml2aWxlZ2UgaWYgaXQgaXMgZGlzYWJsZWQKICAgICRzdGF0ZSA9IEdldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQmFja3VwUHJpdmlsZWdlCiAgICBpZiAoJHN0YXRlIC1lcSAkZmFsc2UpIHsKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZSAtTmFtZSBTZUJhY2t1cFByaXZpbGVnZSAtVmFsdWUgJHRyd ScriptBlock ID: 6b50f0f5-8149-4966-a886-cb0fc3937ae6 Path:	4104	1		3	2	15	0	1960	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4036	5004	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:28 PM	7f70462d-725d-0004-e5d2-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 7): SBhIHByaXZpbGVnZSB0aGVuIHRoaXMgaXMKICAgIGlycmV2ZXJzaWJsZSBhbmQgd29uJ3QgYmUgcGFydCBvZiB0aGUgcmV0dXJuZWQgZGljdAogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICAjIGJ1aWxkIHRoZSBDIyBjb2RlIHRvIGNvbXBpbGUKICAgICRuYW1lc3BhY2VfaW1wb3J0ID0gKCRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX25hbWVzcGFjZXMgfCBGb3JFYWNoLU9iamVjdCB7ICJ1c2luZyAkXzsiIH0pIC1qb2luICJgcmBuIgogICAgJHBsYXRmb3JtX3V0aWwgPSAiJG5hbWVzcGFjZV9pbXBvcnRgcmBuYHJgbiRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGUiCgogICAgIyBGVVRVUkU6IGZpbmQgYSBiZXR0ZXIgd2F5IHRvIGdldCB0aGUgX2Fuc2libGVfcmVtb3RlX3RtcCB2YXJpYWJsZQogICAgIyB0aGlzIGlzIHVzZWQgdG8gZm9yY2UgY3NjIHRvIGNvbXBpbGUgdGhlIEMjIGNvZGUgaW4gdGhlIHJlbW90ZSB0bXAKICAgICMgc3BlY2lmaWVkCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwbGF0Zm9ybV91dGlsCiAgICAkZW52OlRNUCA9ICRvcmlnaW5hbF90bXAKfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQcml2aWxlZ2UgewogICAgPCMKICAgIC5TWU5PUFNJUwogICAgR2V0IHRoZSBzdGF0dXMgb2YgYSBwcml2aWxlZ2UgZm9yIHRoZSBjdXJyZW50IHByb2Nlc3MuIFRoaXMgcmV0dXJucwogICAgICAgICR0cnVlIC0gdGhlIHByaXZpbGVnZSBpcyBlbmFibGVkCiAgICAgICAgJGZhbHNlIC0gdGhlIHByaXZpbGVnZSBpcyBkaXNhYmxlZAogICAgICAgICRudWxsIC0gdGhlIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gdGhlIHRva2VuCgogICAgSWYgTmFtZSBpcyBub3QgYSB2YWxpZCBwcml2aWxlZ2UgbmFtZSwgdGhpcyB3aWxsIHRocm93IGFuCiAgICBBcmd1bWVudEV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VEZWJ1Z1ByaXZpbGVnZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZQogICAgKQoKICAgIGlmICgtbm90IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkTmFtZSkpIHsKICAgICAgICB0aHJvdyBbU3lzdGVtLkFyZ3VtZW50RXhjZXB0aW9uXSAiSW52YWxpZCBwcml2aWxlZ2UgbmFtZSAnJE5hbWUnIgogICAgfQoKICAgICRwcm9jZXNzX3Rva2VuID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0Q3VycmVudFByb2Nlc3MoKQogICAgJHByaXZpbGVnZV9pbmZvID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2Vzc190b2tlbikKICAgIGlmICgkcHJpdmlsZWdlX2luZm8uQ29udGFpbnNLZXkoJE5hbWUpKSB7CiAgICAgICAgJHN0YXR1cyA9ICRwcml2aWxlZ2VfaW5mby4kTmFtZQogICAgICAgIHJldHVybiAkc3RhdHVzLkhhc0ZsYWcoW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VBdHRyaWJ1dGVzXTo6RW5hYmxlZCkKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRudWxsCiAgICB9Cn0KCkZ1bmN0aW9uIFNldC1BbnNpYmxlUHJpdmlsZWdlIHsKICAgIDwjCiAgICAuU1lOT1BTSVMKICAgIEVuYWJsZXMvRGlzYWJsZXMgYSBwcml2aWxlZ2Ugb24gdGhlIGN1cnJlbnQgcHJvY2VzcycgdG9rZW4uIElmIGEgcHJpdmlsZWdlCiAgICBoYXMgYmVlbiByZW1vdmVkIGZyb20gdGhlIHByb2Nlc3MgdG9rZW4sIHRoaXMgd2lsbCB0aHJvdyBhbgogICAgSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgIyBlbmFibGUgYSBwcml2aWxlZ2UKICAgIFNldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQ3JlYXRlU3ltYm9saWNMaW5rUHJpdmlsZWdlIC1WYWx1ZSAkdHJ1ZQoKICAgICMgZGlzYWJsZSBhIHByaXZpbGVnZQogICAgU2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VDcmVhdGVTeW1ib2xpY0xpbmtQcml2aWxlZ2UgLVZhbHVlICRmYWxzZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKFN1cHBvcnRzU2hvdWxkUHJvY2VzcyldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZSwKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW2Jvb2xdJFZhbHVlCiAgICApCgogICAgJGFjdGlvbiA9IHN3aXRjaCgkVmFsdWUpIHsKICAgICAgICAkdHJ1ZSB7ICJFbmFibGUiIH0KICAgICAgICAkZmFsc2UgeyAiRGlzYWJsZSIgfQogICAgfQoKICAgICRjdXJyZW50X3N0YXRlID0gR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgJE5hbWUKICAgIGlmICgkY3VycmVudF9zdGF0ZSAtZXEgJFZhbHVlKSB7CiAgICAgICAgcmV0dXJuICAjIG5vIGNoYW5nZSBuZWVkcyB0byBvY2N1cgogICAgfSBlbHNlaWYgKCRudWxsIC1lcSAkY3VycmVudF9zdGF0ZSkgewogICAgICAgICMgb25jZSBhIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gYSB0b2tlbiB3ZSBjYW5ub3QgZG8gYW55dGhpbmcgd2l0aCBpdAogICAgICAgIHRocm93IFtTeXN0ZW0uSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbl0gIkNhbm5vdCAkKCRhY3Rpb24uVG9Mb3dlcigpKSB0aGUgcHJpdmlsZWdlICckTmFtZScgYXMgaXQgaGFzIGJlZW4gcmVtb3ZlZCBmcm9tIHRoZSB0b2tlbiIKICAgIH0KCiAgICAkcHJvY2Vzc190b2tlbiA9IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCkKICAgIGlmICgkUFNDbWRsZXQuU2hvdWxkUHJvY2VzcygkTmFtZSwgIiRhY3Rpb24gdGhlIHByaXZpbGVnZSAkTmFtZSIpKSB7CiAgICAgICAgJG5ld19zdGF0ZSA9IE5ldy1PYmplY3QgLVR5cGVOYW1lICdTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5EaWN0aW9uYXJ5YDJbW1N5c3RlbS5TdHJpbmddLCBbU3lzdGVtLk51bGxhYmxlYDFbU3lzdGVtLkJvb2xlYW5dXV0nCiAgICAgICAgJG5ld19zdGF0ZS5BZGQoJE5hbWUsICRWYWx1ZSkKICAgICAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3NfdG9rZW4sICRuZXdfc3RhdGUpID4gJG51bGwKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gSW1wb3J0LVByaXZpbGVnZVV0aWwsIEdldC1BbnNpYmxlUHJpdmlsZWdlLCBTZXQtQW5zaWJsZVByaXZpbGVnZSBgCiAgICAtVmFyaWFibGUgYW5zaWJsZV9wcml2aWxlZ2VfdXRpbF9uYW1lc3BhY2VzLCBhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGU=", "Ansible.ModuleUtils.LinkUtil": "ICMgQ29weXJpZ2h0IChjKSAyMDE3IEFuc2libGUgUHJvamVjdAogIyBTaW1wbGlmaWVkIEJTRCBMaWNlbnNlIChzZWUgbGljZW5zZXMvc2ltcGxpZmllZF9ic2QudHh0IG9yIGh0dHBzOi8vb3BlbnNvdXJjZS5vcmcvbGljZW5zZXMvQlNELTItQ2xhdXNlKQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Qcml2aWxlZ2VVdGlsCgpGdW5jdGlvbiBMb2FkLUxpbmtVdGlscygpIHsKICAgICRsaW5rX3V0aWwgPSBAJwp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWM7CnVzaW5nIFN5c3RlbS5JTzsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwp1c2luZyBTeXN0ZW0uVGV4dDsKCm5hbWVzcGFjZSBBbnNpYmxlCnsKICAgIHB1YmxpYyBlbnVtIExpbmtUeXBlCiAgICB7CiAgICAgICAgU3ltYm9saWNMaW5rLAogICAgICAgIEp1bmN0aW9uUG9pbnQsCiAgICAgICAgSGFyZExpbmsKICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CgogICAgICAgIHB1YmxpYyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIExpbmtVdGlsV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgb3ZlcnJpZGUgc3RyaW5nIE1lc3NhZ2UgeyBnZXQgeyByZXR1cm4gX21zZzsgfSB9CiAgICAgICAgcHVibGljIHN0YXRpYyBleHBsaWNpdCBvcGVyYXRvciBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBMaW5rSW5mbwogICAgewogICAgICAgIHB1YmxpYyBMaW5rVHlwZSBUeXBlIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICBwdWJsaWMgc3RyaW5nIFByaW50TmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBTdWJzdGl0dXRlTmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBBYnNvbHV0ZVBhdGggeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIHB1YmxpYyBzdHJpbmcgVGFyZ2V0UGF0aCB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZ1tdIEhhcmRUYXJnZXRzIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgIH0KCiAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICBwdWJsaWMgc3RydWN0IFJFUEFSU0VfREFUQV9CVUZGRVIKICAgIHsKICAgICAgICBwdWJsaWMgVUludDMyIFJlcGFyc2VUYWc7CiAgICAgICAgcHVibGljIFVJbnQxNiBSZXBhcnNlRGF0YUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFJlc2VydmVkOwogICAgICAgIHB1YmxpYyBVSW50MTYgU3Vic3RpdHV0ZU5hbWVPZmZzZXQ7CiAgICAgICAgcHVibGljIFVJbnQxNiBTdWJzdGl0dXRlTmFtZUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZU9mZnNldDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZUxlbmd0aDsKCiAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkJ5VmFsQXJyYXksIFNpemVDb25zdCA9IExpbmtVdGlsLk1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFKV0KICAgICAgICBwdWJsaWMgY2hhcltdIFBhdGhCdWZmZXI7CiAgICB9CgogICAgcHVibGljIGNsYXNzIExpbmtVdGlsCiAgICB7CiAgICAgICAgcHVibGljIGNvbnN0IGludCBNQVhJTVVNX1JFUEFSU0VfREFUQV9CVUZGRVJfU0laRSA9IDEwMjQgKiAxNjsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgPSAweDAyMDAwMDAwOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgPSAweDAwMjAwMDAwOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBGU0NUTF9HRVRfUkVQQVJTRV9QT0lOVCA9IDB4MDAwOTAwQTg7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQgPSAweDAwMDkwMEE0OwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfREVWSUNFX0ZJTEVfU1lTVEVNID0gMHgwMDA5MDAwMDsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgSU9fUkVQQVJTRV9UQUdfTU9VTlRfUE9JTlQgPSAweEEwMDAwMDAzOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIElPX1JFUEFSU0VfVEFHX1NZTUxJTksgPSAweEEwMDAwMDBDOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1MSU5LX0ZMQUdfUkVMQVRJVkUgPSAweDAwMDAwMDAxOwoKICAgICAgICBwcml2YXRlIGNvbnN0IEludDY0IElOVkFMSURfSEFORExFX1ZBTFVFID0gLTE7CgogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIFNJWkVfT0ZfV0NIQVIgPSAyOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRSA9IDB4MDAwMDAwMDA7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgU1lNQk9MSUNfTElOS19GTEFHX0RJUkVDVE9SWSA9IDB4MDAwMDAwMDE7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBTYWZlRmlsZUhhbmRsZSBDcmVhdGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLlU0KV0gRmlsZUFjY2VzcyBkd0Rlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5VNCldIEZpbGVTaGFyZSBkd1NoYXJlTW9kZSwKICAgICAgICAgICAgSW50UHRyIGxwU2VjdXJpdHlBdHRyaWJ1dGVzLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuVTQpXSBGaWxlTW9kZSBkd0NyZWF0aW9uRGlzcG9zaXRpb24sCiAgICAgICAgICAgIFVJbnQzMiBkd0ZsYWdzQW5kQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGhUZW1wbGF0ZUZpbGUpOwoKICAgICAgICAvLyBVc2VkIGJ5IEdldFJlcGFyc2VQb2ludEluZm8oKQogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIERldmljZUlvQ29udHJvbCgKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaERldmljZSwKICAgICAgICAgICAgVUludDMyIGR3SW9Db250cm9sQ29kZSwKICAgICAgICAgICAgSW50UHRyIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgUkVQQVJTRV9EQVRBX0JVRkZFUiBscE91dEJ1ZmZlciwKICAgICAgICAgICAgVUludDMyIG5PdXRCdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgVUludDMyIGxwQnl0ZXNSZXR1cm5lZCwKICAgICAgICAgICAgSW50UHRyIGxwT3ZlcmxhcHBlZCk7CgogICAgICAgIC8vIFVzZWQgYnkgQ3JlYXRlSnVuY3Rpb25Qb2ludCgpCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIGJvb2wgRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICBTYWZlRmlsZUhhbmRsZSBoRGV2aWNlLAogICAgICAgICAgICBVSW50MzIgZHdJb0NvbnRyb2xDb2RlLAogICAgICAgICAgICBSRVBBUlNFX0RBVEFfQlVGRkVSIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBJbnRQdHIgbHBPdXRCdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuT3V0QnVmZmVyU2l6ZSwKICAgICAgICAgICAgb3V0IFVJbnQzMiBscEJ5dGVzUmV0dXJuZWQsCiAgICAgICAgICAgIEludFB0ciBscE92ZXJsYXBwZWQpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBHZXRWb2x1bWVQYXRoTmFtZSgKICAgICAgICAgICAgc3RyaW5nIGxwc3pGaWxlTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscHN6Vm9sdW1lUGF0aE5hbWUsCiAgICAgICAgICAgIHJlZiBVSW50MzIgY2NoQnVmZmVyTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIEludFB0ciBGaW5kRmlyc3RGaWxlTmFtZVcoCiAgICAgICAgICAgIHN0cmluZyBscEZpbGVOYW1lLAogICAgICAgICAgICBVSW50MzIgZHdGbGFncywKICAgICAgICAgICAgcmVmIFVJbnQzMiBTdHJpbmdMZW5ndGgsCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgTGlua05hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBGaW5kTmV4dEZpbGVOYW1lVygKICAgICAgICAgICAgSW50UHRyIGhGaW5kU3RyZWFtLAogICAgICAgICAgICByZWYgVUludDMyIFN0cmluZ0xlbmd0aCwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBMaW5rTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEZpbmRDbG9zZSgKICAgICAgICAgICAgSW50UHRyIGhGaW5kRmlsZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeSgKICAgICAgICAgICAgc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBEZWxldGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIENyZWF0ZVN5bWJvbGljTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwU3ltbGlua0ZpbGVOYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBUYXJnZXRGaWxlTmFtZSwKICAgICAgICAgICAgVUludDMyIGR3RmxhZ3MpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVIYXJkTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwRmlsZU5hbWUsCiAgICAgICAgICAgIHN0cmluZyBscEV4aXN0aW5nRmlsZU5hbWUsCiAgICAgICAgICAgIEludFB0ciBscFNlY3VyaXR5QXR0cmlidXRlcyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgTGlua0luZm8gR2V0TGlua0luZm8oc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlc ScriptBlock ID: 6b50f0f5-8149-4966-a886-cb0fc3937ae6 Path:	4104	1		3	2	15	0	1959	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4036	5004	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:28 PM	7f70462d-725d-0004-e5d2-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 7): CAgICAgICBOYXRpdmVNZXRob2RzLkNsb3NlSGFuZGxlKGhUb2tlbik7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgcmV0dXJuIGluZm87CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIFNhZmVXYWl0SGFuZGxlIEdldEN1cnJlbnRQcm9jZXNzKCkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBOYXRpdmVNZXRob2RzLkdldEN1cnJlbnRQcm9jZXNzKCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgUmVtb3ZlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgbnVsbCB9IH0pOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IFNldFRva2VuUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuLCBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IHN0YXRlKQogICAgICAgIHsKICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlQXR0ciA9IG5ldyBOYXRpdmVIZWxwZXJzLkxVSURfQU5EX0FUVFJJQlVURVNbc3RhdGUuQ291bnRdOwogICAgICAgICAgICBpbnQgaSA9IDA7CgogICAgICAgICAgICBmb3JlYWNoIChLZXlWYWx1ZVBhaXI8c3RyaW5nLCBib29sPz4gZW50cnkgaW4gc3RhdGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRCBsdWlkOwogICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIGVudHJ5LktleSwgb3V0IGx1aWQpKQogICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJMb29rdXBQcml2aWxlZ2VWYWx1ZSh7MH0pIGZhaWxlZCIsIGVudHJ5LktleSkpOwoKICAgICAgICAgICAgICAgIFByaXZpbGVnZUF0dHJpYnV0ZXMgYXR0cmlidXRlczsKICAgICAgICAgICAgICAgIHN3aXRjaCAoZW50cnkuVmFsdWUpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgY2FzZSB0cnVlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkOwogICAgICAgICAgICAgICAgICAgICAgICBicmVhazsKICAgICAgICAgICAgICAgICAgICBjYXNlIGZhbHNlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5EaXNhYmxlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICAgICAgZGVmYXVsdDoKICAgICAgICAgICAgICAgICAgICAgICAgYXR0cmlidXRlcyA9IFByaXZpbGVnZUF0dHJpYnV0ZXMuUmVtb3ZlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgcHJpdmlsZWdlQXR0cltpXS5MdWlkID0gbHVpZDsKICAgICAgICAgICAgICAgIHByaXZpbGVnZUF0dHJbaV0uQXR0cmlidXRlcyA9IGF0dHJpYnV0ZXM7CiAgICAgICAgICAgICAgICBpKys7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHJldHVybiBBZGp1c3RUb2tlblByaXZpbGVnZXModG9rZW4sIHByaXZpbGVnZUF0dHIpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBBZGp1c3RUb2tlblByaXZpbGVnZXMoU2FmZUhhbmRsZSB0b2tlbiwgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gbmV3U3RhdGUpCiAgICAgICAgewogICAgICAgICAgICBib29sIGRpc2FibGVBbGxQcml2aWxlZ2VzOwogICAgICAgICAgICBJbnRQdHIgbmV3U3RhdGVQdHI7CiAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1tdIG9sZFN0YXRlUHJpdmlsZWdlczsKICAgICAgICAgICAgVUludDMyIHJldHVybkxlbmd0aDsKCiAgICAgICAgICAgIGlmIChuZXdTdGF0ZSA9PSBudWxsKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBkaXNhYmxlQWxsUHJpdmlsZWdlcyA9IHRydWU7CiAgICAgICAgICAgICAgICBuZXdTdGF0ZVB0ciA9IEludFB0ci5aZXJvOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZGlzYWJsZUFsbFByaXZpbGVnZXMgPSBmYWxzZTsKCiAgICAgICAgICAgICAgICAvLyBOZWVkIHRvIG1hbnVhbGx5IG1hcnNoYWwgdGhlIGJ5dGVzIHJlcXVpcmVzIGZvciBuZXdTdGF0ZSBhcyB0aGUgY29uc3RhbnQgc2l6ZQogICAgICAgICAgICAgICAgLy8gb2YgTFVJRF9BTkRfQVRUUklCVVRFUyBpcyBzZXQgdG8gMSBhbmQgY2FuJ3QgYmUgb3ZlcnJpZGRlbiBhdCBydW50aW1lLCBUT0tFTl9QUklWSUxFR0VTCiAgICAgICAgICAgICAgICAvLyBhbHdheXMgY29udGFpbnMgYXQgbGVhc3QgMSBlbnRyeSBzbyB3ZSBuZWVkIHRvIGNhbGN1bGF0ZSB0aGUgZXh0cmEgc2l6ZSBpZiB0aGVyZSBhcmUKICAgICAgICAgICAgICAgIC8vIG5vcmUgdGhhbiAxIExVSURfQU5EX0FUVFJJQlVURVMgZW50cnkKICAgICAgICAgICAgICAgIGludCB0b2tlblByaXZpbGVnZXNTaXplID0gTWFyc2hhbC5TaXplT2YodHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgaW50IGx1aWRBdHRyU2l6ZSA9IDA7CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMSkKICAgICAgICAgICAgICAgICAgICBsdWlkQXR0clNpemUgPSBNYXJzaGFsLlNpemVPZih0eXBlb2YoTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTKSkgKiAobmV3U3RhdGUuTGVuZ3RoIC0gMSk7CiAgICAgICAgICAgICAgICBpbnQgdG90YWxTaXplID0gdG9rZW5Qcml2aWxlZ2VzU2l6ZSArIGx1aWRBdHRyU2l6ZTsKICAgICAgICAgICAgICAgIGJ5dGVbXSBuZXdTdGF0ZUJ5dGVzID0gbmV3IGJ5dGVbdG90YWxTaXplXTsKCiAgICAgICAgICAgICAgICAvLyBnZXQgdGhlIGZpcnN0IGVudHJ5IHRoYXQgaW5jbHVkZXMgdGhlIHN0cnVjdCBkZXRhaWxzCiAgICAgICAgICAgICAgICBOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMgdG9rZW5Qcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUygpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgUHJpdmlsZWdlQ291bnQgPSAoVUludDMyKW5ld1N0YXRlLkxlbmd0aCwKICAgICAgICAgICAgICAgICAgICBQcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1sxXSwKICAgICAgICAgICAgICAgIH07CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMCkKICAgICAgICAgICAgICAgICAgICB0b2tlblByaXZpbGVnZXMuUHJpdmlsZWdlc1swXSA9IG5ld1N0YXRlWzBdOwogICAgICAgICAgICAgICAgaW50IG9mZnNldCA9IFN0cnVjdHVyZVRvQnl0ZXModG9rZW5Qcml2aWxlZ2VzLCBuZXdTdGF0ZUJ5dGVzLCAwKTsKCiAgICAgICAgICAgICAgICAvLyBjb3B5IHRoZSByZW1haW5pbmcgTFVJRF9BTkRfQVRUUklCVVRFUyAoaWYgYW55KQogICAgICAgICAgICAgICAgZm9yIChpbnQgaSA9IDE7IGkgPCBuZXdTdGF0ZS5MZW5ndGg7IGkrKykKICAgICAgICAgICAgICAgICAgICBvZmZzZXQgKz0gU3RydWN0dXJlVG9CeXRlcyhuZXdTdGF0ZVtpXSwgbmV3U3RhdGVCeXRlcywgb2Zmc2V0KTsKCiAgICAgICAgICAgICAgICAvLyBmaW5hbGx5IGNyZWF0ZSB0aGUgcG9pbnRlciB0byB0aGUgYnl0ZSBhcnJheSB3ZSBqdXN0IGNyZWF0ZWQKICAgICAgICAgICAgICAgIG5ld1N0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwobmV3U3RhdGVCeXRlcy5MZW5ndGgpOwogICAgICAgICAgICAgICAgTWFyc2hhbC5Db3B5KG5ld1N0YXRlQnl0ZXMsIDAsIG5ld1N0YXRlUHRyLCBuZXdTdGF0ZUJ5dGVzLkxlbmd0aCk7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBJbnRQdHIgaFRva2VuID0gSW50UHRyLlplcm87CiAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuT3BlblByb2Nlc3NUb2tlbih0b2tlbiwgVG9rZW5BY2Nlc3NMZXZlbHMuUXVlcnkgfCBUb2tlbkFjY2Vzc0xldmVscy5BZGp1c3RQcml2aWxlZ2VzLCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIk9wZW5Qcm9jZXNzVG9rZW4oKSBmYWlsZWQgd2l0aCBRdWVyeSBhbmQgQWRqdXN0UHJpdmlsZWdlcyIpOwogICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgSW50UHRyIG9sZFN0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoMCk7CiAgICAgICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkFkanVzdFRva2VuUHJpdmlsZWdlcyhoVG9rZW4sIGRpc2FibGVBbGxQcml2aWxlZ2VzLCBuZXdTdGF0ZVB0ciwgMCwgb2xkU3RhdGVQdHIsIG91dCByZXR1cm5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChlcnJDb2RlICE9IDEyMikgLy8gRVJST1JfSU5TVUZGSUNJRU5UX0JVRkZFUgogICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKGVyckNvZGUsICJBZGp1c3RUb2tlblByaXZpbGVnZXMoKSBmYWlsZWQgdG8gZ2V0IG9sZCBzdGF0ZSBzaXplIik7CiAgICAgICAgICAgICAgICAgICAgfQoKICAgICAgICAgICAgICAgICAgICAvLyByZXNpemUgdGhlIG9sZFN0YXRlUHRyIGJhc2VkIG9uIHRoZSBsZW5ndGggcmV0dXJuZWQgZnJvbSBXaW5kb3dzCiAgICAgICAgICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChvbGRTdGF0ZVB0cik7CiAgICAgICAgICAgICAgICAgICAgb2xkU3RhdGVQdHIgPSBNYXJzaGFsLkFsbG9jSEdsb2JhbCgoaW50KXJldHVybkxlbmd0aCk7CiAgICAgICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBib29sIHJlcyA9IE5hdGl2ZU1ldGhvZHMuQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKGhUb2tlbiwgZGlzYWJsZUFsbFByaXZpbGVnZXMsIG5ld1N0YXRlUHRyLCByZXR1cm5MZW5ndGgsIG9sZFN0YXRlUHRyLCBvdXQgcmV0dXJuTGVuZ3RoKTsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBldmVuIHdoZW4gcmVzID09IHRydWUsIEVSUk9SX05PVF9BTExfQVNTSUdORUQgbWF5IGJlIHNldCBhcyB0aGUgbGFzdCBlcnJvciBjb2RlCiAgICAgICAgICAgICAgICAgICAgICAgIGlmICghcmVzIHx8IGVyckNvZGUgIT0gMCkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihlcnJDb2RlLCAiQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKCkgZmFpbGVkIik7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBNYXJzaGFsIHRoZSBvbGRTdGF0ZVB0ciB0byB0aGUgc3RydWN0CiAgICAgICAgICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUyBvbGRTdGF0ZSA9IChOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShvbGRTdGF0ZVB0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgICAgICBvbGRTdGF0ZVByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW29sZFN0YXRlLlByaXZpbGVnZUNvdW50XTsKICAgICAgICAgICAgICAgICAgICAgICAgUHRyVG9TdHJ1Y3R1cmVBcnJheShvbGRTdGF0ZVByaXZpbGVnZXMsIEludFB0ci5BZGQob2xkU3RhdGVQdHIsIE1hcnNoYWwuU2l6ZU9mKG9sZFN0YXRlLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBNYXJzaGFsLkZyZWVIR2xvYmFsKG9sZFN0YXRlUHRyKTsKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5DbG9zZUhhbmRsZShoVG9rZW4pOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaWYgKG5ld1N0YXRlUHRyICE9IEludFB0ci5aZXJvKQogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwobmV3U3RhdGVQdHIpOwogICAgICAgICAgICB9CgogICAgICAgICAgICByZXR1cm4gb2xkU3RhdGVQcml2aWxlZ2VzLlRvRGljdGlvbmFyeShwID0+IEdldFByaXZpbGVnZU5hbWUocC5MdWlkKSwgcCA9PiAoYm9vbD8pcC5BdHRyaWJ1dGVzLkhhc0ZsYWcoUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBzdHJpbmcgR2V0UHJpdmlsZWdlTmFtZShOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZCkKICAgICAgICB7CiAgICAgICAgICAgIFVJbnQzMiBuYW1lTGVuID0gMDsKICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5Mb29rdXBQcml2aWxlZ2VOYW1lKG51bGwsIHJlZiBsdWlkLCBudWxsLCByZWYgbmFtZUxlbik7CgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIG5hbWUgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KShuYW1lTGVuICsgMSkpOwogICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuTG9va3VwUHJpdmlsZWdlTmFtZShudWxsLCByZWYgbHVpZCwgbmFtZSwgcmVmIG5hbWVMZW4pKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJMb29rdXBQcml2aWxlZ2VOYW1lKCkgZmFpbGVkIik7CgogICAgICAgICAgICByZXR1cm4gbmFtZS5Ub1N0cmluZygpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBQdHJUb1N0cnVjdHVyZUFycmF5PFQ+KFRbXSBhcnJheSwgSW50UHRyIHB0cikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBwdHJPZmZzZXQgPSBwdHI7CiAgICAgICAgICAgIGZvciAoaW50IGkgPSAwOyBpIDwgYXJyYXkuTGVuZ3RoOyBpKyssIHB0ck9mZnNldCA9IEludFB0ci5BZGQocHRyT2Zmc2V0LCBNYXJzaGFsLlNpemVPZih0eXBlb2YoVCkpKSkKICAgICAgICAgICAgICAgIGFycmF5W2ldID0gKFQpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShwdHJPZmZzZXQsIHR5cGVvZihUKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBpbnQgU3RydWN0dXJlVG9CeXRlczxUPihUIHN0cnVjdHVyZSwgYnl0ZVtdIGFycmF5LCBpbnQgb2Zmc2V0KQogICAgICAgIHsKICAgICAgICAgICAgaW50IHNpemUgPSBNYXJzaGFsLlNpemVPZihzdHJ1Y3R1cmUpOwogICAgICAgICAgICBJbnRQdHIgc3RydWN0UHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoc2l6ZSk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBNYXJzaGFsLlN0cnVjdHVyZVRvUHRyKHN0cnVjdHVyZSwgc3RydWN0UHRyLCBmYWxzZSk7CiAgICAgICAgICAgICAgICBNYXJzaGFsLkNvcHkoc3RydWN0UHRyLCBhcnJheSwgb2Zmc2V0LCBzaXplKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwoc3RydWN0UHRyKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgcmV0dXJuIHNpemU7CiAgICAgICAgfQogICAgfQp9CidACgpGdW5jdGlvbiBJbXBvcnQtUHJpdmlsZWdlVXRpbCB7CiAgICA8IwogICAgLlNZTk9QU0lTCiAgICBDb21waWxlcyB0aGUgQyMgY29kZSB0aGF0IGNhbiBiZSB1c2VkIHRvIG1hbmFnZSBXaW5kb3dzIHByaXZpbGVnZXMgZnJvbSBhbgogICAgQW5zaWJsZSBtb2R1bGUuIE9uY2UgdGhpcyBmdW5jdGlvbiBpcyBjYWxsZWQsIHRoZSBmb2xsb3dpbmcgUG93ZXJTaGVsbAogICAgY21kbGV0cyBjYW4gYmUgdXNlZDsKCiAgICAgICAgR2V0LUFuc2libGVQcml2aWxlZ2UKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZQoKICAgIFRoZSBhYm92ZSBjbWRsZXRzIGdpdmUgdGhlIGFiaWxpdHkgdG8gbWFuYWdlIHBlcm1pc3Npb25zIG9uIHRoZSBjdXJyZW50CiAgICBwcm9jZXNzIHRva2VuIGJ1dCB0aGUgdW5kZXJseWluZyAuTkVUIGNsYXNzZXMgYXJlIGFsc28gZXhwb3NlZCBmb3IgZ3JlYXRlcgogICAgY29udHJvbC4gVGhlIGZvbGxvd2luZyBmdW5jdGlvbnMgY2FuIGJlIHVzZWQgYnkgY2FsbGluZyB0aGUgLk5FVCBjbGFzcwoKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkbmFtZSkKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkRpc2FibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6RGlzYWJsZUFsbFByaXZpbGVnZXMoJHByb2Nlc3MpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpFbmFibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2VzcykKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OlJlbW92ZVByaXZpbGVnZSgkcHJvY2VzcywgJG5hbWUpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3MsICRuZXdfc3RhdGUpCgogICAgSGVyZSBpcyBhIGJyaWVmIGV4cGxhbmF0aW9uIG9mIGVhY2ggdHlwZSBvZiBhcmcKICAgICRwcm9jZXNzID0gVGhlIHByb2Nlc3MgaGFuZGxlIHRvIG1hbmlwdWxhdGUsIHVzZSAnW0Fuc2libGUuUHJpdmlsZWdlVXRpbHMuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCknIHRvIGdldCB0aGUgY3VycmVudCBwcm9jZXNzIGhhbmRsZQogICAgJG5hbWUgPSBUaGUgbmFtZSBvZiB0aGUgcHJpdmlsZWdlLCB0aGlzIGlzIHRoZSBjb25zdGFudCB2YWx1ZSBmcm9tIGh0dHBzOi8vZG9jcy5taWNyb3NvZnQuY29tL2VuLXVzL3dpbmRvd3MvZGVza3RvcC9TZWNBdXRoWi9wcml2aWxlZ2UtY29uc3RhbnRzLCBlLmcuIFNlQXVkaXRQcml2aWxlZ2UKICAgICRuZXdfc3RhdGUgPSAnU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuRGljdGlvbmFyeWAyW1tTeXN0ZW0uU3RyaW5nXSwgW1N5c3RlbS5OdWxsYWJsZWAxW1N5c3RlbS5Cb29sZWFuXV1dJwogICAgICAgIFRoZSBrZXkgaXMgdGhlIGNvbnN0YW50IG5hbWUgYXMgYSBzdHJpbmcsIHRoZSB2YWx1ZSBpcyBhIHRlcm5hcnkgYm9vbGVhbiB3aGVyZQogICAgICAgICAgICB0cnVlIC0gd2lsbCBlbmFibGUgdGhlIHByaXZpbGVnZQogICAgICAgICAgICBmYWxzZSAtIHdpbGwgZGlzYWJsZSB0aGUgcHJpdmlsZWdlCiAgICAgICAgICAgIG51bGwgLSB3aWxsIHJlbW92ZSB0aGUgcHJpdmlsZWdlCgogICAgRWFjaCBtZXRob2QgdGhhdCBjaGFuZ2VzIHRoZSBwcml2aWxlZ2Ugc3RhdGUgd2lsbCByZXR1cm4gYSBkaWN0aW9uYXJ5IHRoYXQKICAgIGNhbiBiZSB1c2VkIGFzIHRoZSAkbmV3X3N0YXRlIGFyZyBvZiBTZXRUb2tlblByaXZpbGVnZXMgdG8gdW5kbyBhbmQgcmV2ZXJ0CiAgICBiYWNrIHRvIHRoZSBvcmlnaW5hbCBzdGF0ZS4gSWYgeW91IHJlbW92Z ScriptBlock ID: 6b50f0f5-8149-4966-a886-cb0fc3937ae6 Path:	4104	1		3	2	15	0	1958	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4036	5004	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:28 PM	7f70462d-725d-0004-e5d2-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 7): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.PrivilegeUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTggQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiMgc3RvcmUgaW4gc2VwYXJhdGUgdmFyaWFibGVzIHRvIG1ha2UgaXQgZWFzaWVyIGZvciBvdGhlciBtb2R1bGVfdXRpbHMgdG8KIyBzaGFyZSB0aGlzIGNvZGUgaW4gdGhlaXIgb3duIGMjIGNvZGUKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfbmFtZXNwYWNlcyA9IEAoCiAgICAiTWljcm9zb2Z0LldpbjMyLlNhZmVIYW5kbGVzIiwKICAgICJTeXN0ZW0iLAogICAgIlN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljIiwKICAgICJTeXN0ZW0uTGlucSIsCiAgICAiU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzIiwKICAgICJTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsIiwKICAgICJTeXN0ZW0uVGV4dCIKKQoKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfY29kZSA9IEAnCm5hbWVzcGFjZSBBbnNpYmxlLlByaXZpbGVnZVV0aWwKewogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gUHJpdmlsZWdlQXR0cmlidXRlcyA6IHVpbnQKICAgIHsKICAgICAgICBEaXNhYmxlZCA9IDB4MDAwMDAwMDAsCiAgICAgICAgRW5hYmxlZEJ5RGVmYXVsdCA9IDB4MDAwMDAwMDEsCiAgICAgICAgRW5hYmxlZCA9IDB4MDAwMDAwMDIsCiAgICAgICAgUmVtb3ZlZCA9IDB4MDAwMDAwMDQsCiAgICAgICAgVXNlZEZvckFjY2VzcyA9IDB4ODAwMDAwMDAsCiAgICB9CgogICAgaW50ZXJuYWwgY2xhc3MgTmF0aXZlSGVscGVycwogICAgewogICAgICAgIFtTdHJ1Y3RMYXlvdXQoTGF5b3V0S2luZC5TZXF1ZW50aWFsKV0KICAgICAgICBpbnRlcm5hbCBzdHJ1Y3QgTFVJRAogICAgICAgIHsKICAgICAgICAgICAgcHVibGljIFVJbnQzMiBMb3dQYXJ0OwogICAgICAgICAgICBwdWJsaWMgSW50MzIgSGlnaFBhcnQ7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IExVSURfQU5EX0FUVFJJQlVURVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBMVUlEIEx1aWQ7CiAgICAgICAgICAgIHB1YmxpYyBQcml2aWxlZ2VBdHRyaWJ1dGVzIEF0dHJpYnV0ZXM7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IFRPS0VOX1BSSVZJTEVHRVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBVSW50MzIgUHJpdmlsZWdlQ291bnQ7CiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5CeVZhbEFycmF5LCBTaXplQ29uc3QgPSAxKV0KICAgICAgICAgICAgcHVibGljIExVSURfQU5EX0FUVFJJQlVURVNbXSBQcml2aWxlZ2VzOwogICAgICAgIH0KICAgIH0KCiAgICBpbnRlcm5hbCBjbGFzcyBOYXRpdmVNZXRob2RzCiAgICB7CiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIEFkanVzdFRva2VuUHJpdmlsZWdlcygKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuQm9vbCldIGJvb2wgRGlzYWJsZUFsbFByaXZpbGVnZXMsCiAgICAgICAgICAgIEludFB0ciBOZXdTdGF0ZSwKICAgICAgICAgICAgVUludDMyIEJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgSW50UHRyIFByZXZpb3VzU3RhdGUsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIENsb3NlSGFuZGxlKAogICAgICAgICAgICBJbnRQdHIgaE9iamVjdCk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBTYWZlV2FpdEhhbmRsZSBHZXRDdXJyZW50UHJvY2VzcygpOwoKICAgICAgICBbRGxsSW1wb3J0KCJhZHZhcGkzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBpbnRlcm5hbCBzdGF0aWMgZXh0ZXJuIGJvb2wgR2V0VG9rZW5JbmZvcm1hdGlvbigKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBVSW50MzIgVG9rZW5JbmZvcm1hdGlvbkNsYXNzLAogICAgICAgICAgICBJbnRQdHIgVG9rZW5JbmZvcm1hdGlvbiwKICAgICAgICAgICAgVUludDMyIFRva2VuSW5mb3JtYXRpb25MZW5ndGgsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZU5hbWUoCiAgICAgICAgICAgIHN0cmluZyBscFN5c3RlbU5hbWUsCiAgICAgICAgICAgIHJlZiBOYXRpdmVIZWxwZXJzLkxVSUQgbHBMdWlkLAogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGxwTmFtZSwKICAgICAgICAgICAgcmVmIFVJbnQzMiBjY2hOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZVZhbHVlKAogICAgICAgICAgICBzdHJpbmcgbHBTeXN0ZW1OYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBOYW1lLAogICAgICAgICAgICBvdXQgTmF0aXZlSGVscGVycy5MVUlEIGxwTHVpZCk7CgogICAgICAgIFtEbGxJbXBvcnQoImFkdmFwaTMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIGludGVybmFsIHN0YXRpYyBleHRlcm4gYm9vbCBPcGVuUHJvY2Vzc1Rva2VuKAogICAgICAgICAgICBTYWZlSGFuZGxlIFByb2Nlc3NIYW5kbGUsCiAgICAgICAgICAgIFRva2VuQWNjZXNzTGV2ZWxzIERlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIG91dCBJbnRQdHIgVG9rZW5IYW5kbGUpOwogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KICAgICAgICBwdWJsaWMgV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQogICAgICAgIHB1YmxpYyBvdmVycmlkZSBzdHJpbmcgTWVzc2FnZSB7IGdldCB7IHJldHVybiBfbXNnOyB9IH0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4cGxpY2l0IG9wZXJhdG9yIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgV2luMzJFeGNlcHRpb24obWVzc2FnZSk7IH0KICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgUHJpdmlsZWdlcwogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIHJlYWRvbmx5IFVJbnQzMiBUT0tFTl9QUklWSUxFR0VTID0gMzsKCgogICAgICAgIHB1YmxpYyBzdGF0aWMgYm9vbCBDaGVja1ByaXZpbGVnZU5hbWUoc3RyaW5nIG5hbWUpCiAgICAgICAgewogICAgICAgICAgICBOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZDsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIG5hbWUsIG91dCBsdWlkKSkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICBpZiAoZXJyQ29kZSAhPSAxMzEzKSAgLy8gRVJST1JfTk9fU1VDSF9QUklWSUxFR0UKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oZXJyQ29kZSwgU3RyaW5nLkZvcm1hdCgiTG9va3VwUHJpdmlsZWdlVmFsdWUoezB9KSBmYWlsZWQiLCBuYW1lKSk7CiAgICAgICAgICAgICAgICByZXR1cm4gZmFsc2U7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZWxzZQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICByZXR1cm4gdHJ1ZTsKICAgICAgICAgICAgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IERpc2FibGVQcml2aWxlZ2UoU2FmZUhhbmRsZSB0b2tlbiwgc3RyaW5nIHByaXZpbGVnZSkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgZmFsc2UgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBEaXNhYmxlQWxsUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuKQogICAgICAgIHsKICAgICAgICAgICAgcmV0dXJuIEFkanVzdFRva2VuUHJpdmlsZWdlcyh0b2tlbiwgbnVsbCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIERpY3Rpb25hcnk8c3RyaW5nLCBib29sPz4gRW5hYmxlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICByZXR1cm4gU2V0VG9rZW5Qcml2aWxlZ2VzKHRva2VuLCBuZXcgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PigpIHsgeyBwcml2aWxlZ2UsIHRydWUgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IEdldEFsbFByaXZpbGVnZUluZm8oU2FmZUhhbmRsZSB0b2tlbikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBoVG9rZW4gPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLk9wZW5Qcm9jZXNzVG9rZW4odG9rZW4sIFRva2VuQWNjZXNzTGV2ZWxzLlF1ZXJ5LCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiT3BlblByb2Nlc3NUb2tlbigpIGZhaWxlZCIpOwoKICAgICAgICAgICAgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IGluZm8gPSBuZXcgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+KCk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBVSW50MzIgdG9rZW5MZW5ndGggPSAwOwogICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5HZXRUb2tlbkluZm9ybWF0aW9uKGhUb2tlbiwgVE9LRU5fUFJJVklMRUdFUywgSW50UHRyLlplcm8sIDAsIG91dCB0b2tlbkxlbmd0aCk7CgogICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlczsKICAgICAgICAgICAgICAgIEludFB0ciBwcml2aWxlZ2VzUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoKGludCl0b2tlbkxlbmd0aCk7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuR2V0VG9rZW5JbmZvcm1hdGlvbihoVG9rZW4sIFRPS0VOX1BSSVZJTEVHRVMsIHByaXZpbGVnZXNQdHIsIHRva2VuTGVuZ3RoLCBvdXQgdG9rZW5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkdldFRva2VuSW5mb3JtYXRpb24oKSBmb3IgVE9LRU5fUFJJVklMRUdFUyBmYWlsZWQiKTsKCiAgICAgICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTIHByaXZpbGVnZUluZm8gPSAoTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTKU1hcnNoYWwuUHRyVG9TdHJ1Y3R1cmUocHJpdmlsZWdlc1B0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgIHByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW3ByaXZpbGVnZUluZm8uUHJpdmlsZWdlQ291bnRdOwogICAgICAgICAgICAgICAgICAgIFB0clRvU3RydWN0dXJlQXJyYXkocHJpdmlsZWdlcywgSW50UHRyLkFkZChwcml2aWxlZ2VzUHRyLCBNYXJzaGFsLlNpemVPZihwcml2aWxlZ2VJbmZvLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwocHJpdmlsZWdlc1B0cik7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgaW5mbyA9IHByaXZpbGVnZXMuVG9EaWN0aW9uYXJ5KHAgPT4gR2V0UHJpdmlsZWdlTmFtZShwLkx1aWQpLCBwID0+IHAuQXR0cmlidXRlcyk7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICB7CiAgICAgICAgI ScriptBlock ID: 6b50f0f5-8149-4966-a886-cb0fc3937ae6 Path:	4104	1		3	2	15	0	1957	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4036	5004	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:28 PM	7f70462d-725d-0004-e5d2-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1956	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4036	3064	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:27 PM	7f70462d-725d-0000-5dac-757f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4036 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1955	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4036	4884	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:27 PM	7f70462d-725d-0000-5dac-757f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1954	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4036	3064	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:27 PM	7f70462d-725d-0000-5dac-757f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1953	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4824	1664	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:27 PM	7f70462d-725d-0004-d7d2-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4824 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1952	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4824	3044	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:27 PM	7f70462d-725d-0004-d7d2-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1951	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4824	1664	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:27 PM	7f70462d-725d-0004-d7d2-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1950	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3608	4400	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:27 PM	7f70462d-725d-0004-d6d2-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3608 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1949	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3608	4628	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:26 PM	7f70462d-725d-0004-d6d2-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1948	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3608	4400	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:26 PM	7f70462d-725d-0004-d6d2-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.DirectoryServices.AccountManagement" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 56b46f4f-ead0-46c3-81bb-6690097c7aac Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = ac1bd27f-5bf9-4f58-afbd-e5a53d8d5c12 Pipeline ID = 5 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 35 User = HV-CINDER-79963\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1947	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2644	1624	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:22 PM	7f70462d-725d-0003-e38f-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $_.$guid_key -eq $adapter.SettingID } ScriptBlock ID: 7627eb4f-c363-4166-b323-9c7cdc39f191 Path:	4104	1		3	2	15	0	1946	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2644	1624	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:22 PM	7f70462d-725d-0003-dd8f-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Error Message = The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: The term 'facter' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. Fully Qualified Error ID = CommandNotFoundException,Microsoft.PowerShell.Commands.GetCommandCommand Context: Severity = Warning Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 56b46f4f-ead0-46c3-81bb-6690097c7aac Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = ac1bd27f-5bf9-4f58-afbd-e5a53d8d5c12 Pipeline ID = 5 Command Name = Get-Command Command Type = Cmdlet Script Name = Command Path = Sequence Number = 33 User = HV-CINDER-79963\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4100	1		3	106	19	0	1945	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2644	1624	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:22 PM	7f70462d-725d-0003-da8f-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	To be used when an exception is raised	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2018, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy Function Get-CustomFacts { [cmdletBinding()] param ( [Parameter(mandatory=$false)] $factpath = $null ) if (-not (Test-Path -Path $factpath)) { Fail-Json $result "The path $factpath does not exist. Typo?" } $FactsFiles = Get-ChildItem -Path $factpath | Where-Object -FilterScript {($PSItem.PSIsContainer -eq $false) -and ($PSItem.Extension -eq '.ps1')} foreach ($FactsFile in $FactsFiles) { $out = & $($FactsFile.FullName) $result.ansible_facts.Add("ansible_$(($FactsFile.Name).Split('.')[0])", $out) } } Function Get-MachineSid { # The Machine SID is stored in HKLM:\SECURITY\SAM\Domains\Account and is # only accessible by the Local System account. This method get's the local # admin account (ends with -500) and lops it off to get the machine sid. $admins_sid = "S-1-5-32-544" $admin_group = ([Security.Principal.SecurityIdentifier]$admins_sid).Translate([Security.Principal.NTAccount]).Value Add-Type -AssemblyName System.DirectoryServices.AccountManagement $principal_context = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext([System.DirectoryServices.AccountManagement.ContextType]::Machine) $group_principal = New-Object -TypeName System.DirectoryServices.AccountManagement.GroupPrincipal($principal_context, $admin_group) $searcher = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalSearcher($group_principal) $groups = $searcher.FindOne() $machine_sid = $null foreach ($user in $groups.Members) { $user_sid = $user.Sid if ($user_sid.Value.EndsWith("-500")) { $machine_sid = $user_sid.AccountDomainSid.Value break } } return $machine_sid } $cim_instances = @{} Function Get-LazyCimInstance([string]$instance_name, [string]$namespace="Root\CIMV2") { if(-not $cim_instances.ContainsKey($instance_name)) { $cim_instances[$instance_name] = $(Get-CimInstance -Namespace $namespace -ClassName $instance_name) } return $cim_instances[$instance_name] } $result = @{ ansible_facts = @{ } changed = $false } $grouped_subsets = @{ min=[System.Collections.Generic.List[string]]@('date_time','distribution','dns','env','local','platform','powershell_version','user') network=[System.Collections.Generic.List[string]]@('all_ipv4_addresses','all_ipv6_addresses','interfaces','windows_domain', 'winrm') hardware=[System.Collections.Generic.List[string]]@('bios','memory','processor','uptime') external=[System.Collections.Generic.List[string]]@('facter') } # build "all" set from everything mentioned in the group- this means every value must be in at least one subset to be considered legal $all_set = [System.Collections.Generic.HashSet[string]]@() foreach($kv in $grouped_subsets.GetEnumerator()) { [void] $all_set.UnionWith($kv.Value) } # dynamically create an "all" subset now that we know what should be in it $grouped_subsets['all'] = [System.Collections.Generic.List[string]]$all_set # start with all, build up gather and exclude subsets $gather_subset = [System.Collections.Generic.HashSet[string]]$grouped_subsets.all $explicit_subset = [System.Collections.Generic.HashSet[string]]@() $exclude_subset = [System.Collections.Generic.HashSet[string]]@() $params = Parse-Args $args -supports_check_mode $true $factpath = Get-AnsibleParam -obj $params -name "fact_path" -type "path" $gather_subset_source = Get-AnsibleParam -obj $params -name "gather_subset" -type "list" -default "all" foreach($item in $gather_subset_source) { if(([string]$item).StartsWith("!")) { $item = ([string]$item).Substring(1) if($item -eq "all") { $all_minus_min = [System.Collections.Generic.HashSet[string]]@($all_set) [void] $all_minus_min.ExceptWith($grouped_subsets.min) [void] $exclude_subset.UnionWith($all_minus_min) } elseif($grouped_subsets.ContainsKey($item)) { [void] $exclude_subset.UnionWith($grouped_subsets[$item]) } elseif($all_set.Contains($item)) { [void] $exclude_subset.Add($item) } # NB: invalid exclude values are ignored, since that's what posix setup does } else { if($grouped_subsets.ContainsKey($item)) { [void] $explicit_subset.UnionWith($grouped_subsets[$item]) } elseif($all_set.Contains($item)) { [void] $explicit_subset.Add($item) } else { # NB: POSIX setup fails on invalid value; we warn, because we don't implement the same set as POSIX # and we don't have platform-specific config for this... Add-Warning $result "invalid value $item specified in gather_subset" } } } [void] $gather_subset.ExceptWith($exclude_subset) [void] $gather_subset.UnionWith($explicit_subset) $ansible_facts = @{ gather_subset=@($gather_subset_source) module_setup=$true } $osversion = [Environment]::OSVersion if($gather_subset.Contains('all_ipv4_addresses') -or $gather_subset.Contains('all_ipv6_addresses')) { $netcfg = Get-LazyCimInstance Win32_NetworkAdapterConfiguration # TODO: split v4/v6 properly, return in separate keys $ips = @() Foreach ($ip in $netcfg.IPAddress) { If ($ip) { $ips += $ip } } $ansible_facts += @{ ansible_ip_addresses = $ips } } if($gather_subset.Contains('bios')) { $win32_bios = Get-LazyCimInstance Win32_Bios $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $ansible_facts += @{ ansible_bios_date = $win32_bios.ReleaseDate.ToString("MM/dd/yyyy") ansible_bios_version = $win32_bios.SMBIOSBIOSVersion ansible_product_name = $win32_cs.Model.Trim() ansible_product_serial = $win32_bios.SerialNumber # ansible_product_version = ([string] $win32_cs.SystemFamily) } } if($gather_subset.Contains('date_time')) { $datetime = (Get-Date) $datetime_utc = $datetime.ToUniversalTime() $date = @{ date = $datetime.ToString("yyyy-MM-dd") day = $datetime.ToString("dd") epoch = (Get-Date -UFormat "%s") hour = $datetime.ToString("HH") iso8601 = $datetime_utc.ToString("yyyy-MM-ddTHH:mm:ssZ") iso8601_basic = $datetime.ToString("yyyyMMddTHHmmssffffff") iso8601_basic_short = $datetime.ToString("yyyyMMddTHHmmss") iso8601_micro = $datetime_utc.ToString("yyyy-MM-ddTHH:mm:ss.ffffffZ") minute = $datetime.ToString("mm") month = $datetime.ToString("MM") second = $datetime.ToString("ss") time = $datetime.ToString("HH:mm:ss") tz = ([System.TimeZoneInfo]::Local.Id) tz_offset = $datetime.ToString("zzzz") # Ensure that the weekday is in English weekday = $datetime.ToString("dddd", [System.Globalization.CultureInfo]::InvariantCulture) weekday_number = (Get-Date -UFormat "%w") weeknumber = (Get-Date -UFormat "%W") year = $datetime.ToString("yyyy") } $ansible_facts += @{ ansible_date_time = $date } } if($gather_subset.Contains('distribution')) { $win32_os = Get-LazyCimInstance Win32_OperatingSystem $product_type = switch($win32_os.ProductType) { 1 { "workstation" } 2 { "domain_controller" } 3 { "server" } default { "unknown" } } $ansible_facts += @{ ansible_distribution = $win32_os.Caption ansible_distribution_version = $osversion.Version.ToString() ansible_distribution_major_version = $osversion.Version.Major.ToString() ansible_os_family = "Windows" ansible_os_name = ($win32_os.Name.Split('|')[0]).Trim() ansible_os_product_type = $product_type } } if($gather_subset.Contains('env')) { $env_vars = @{ } foreach ($item in Get-ChildItem Env:) { $name = $item | select -ExpandProperty Name # Powershell ConvertTo-Json fails if string ends with \ $value = ($item | select -ExpandProperty Value).TrimEnd("\") $env_vars.Add($name, $value) } $ansible_facts += @{ ansible_env = $env_vars } } if($gather_subset.Contains('facter')) { # See if Facter is on the System Path Try { $facter_exe = Get-Command facter -ErrorAction Stop $facter_installed = $true } Catch { $facter_installed = $false } # Get JSON from Facter, and parse it out. if ($facter_installed) { &facter -j | Tee-Object -Variable facter_output | Out-Null $facts = "$facter_output" | ConvertFrom-Json ForEach($fact in $facts.PSObject.Properties) { $fact_name = $fact.Name $ansible_facts.Add("facter_$fact_name", $fact.Value) } } } if($gather_subset.Contains('interfaces')) { $netcfg = Get-LazyCimInstance Win32_NetworkAdapterConfiguration $ActiveNetcfg = @() $ActiveNetcfg += $netcfg | where {$_.ipaddress -ne $null} $namespaces = Get-LazyCimInstance __Namespace -namespace root if ($namespaces | Where-Object { $_.Name -eq "StandardCimv" }) { $net_adapters = Get-LazyCimInstance MSFT_NetAdapter -namespace Root\StandardCimv2 $guid_key = "InterfaceGUID" $name_key = "Name" } else { $net_adapters = Get-LazyCimInstance Win32_NetworkAdapter $guid_key = "GUID" $name_key = "NetConnectionID" } $formattednetcfg = @() foreach ($adapter in $ActiveNetcfg) { $thisadapter = @{ default_gateway = $null connection_name = $null dns_domain = $adapter.dnsdomain interface_index = $adapter.InterfaceIndex interface_name = $adapter.description macaddress = $adapter.macaddress } if ($adapter.defaultIPGateway) { $thisadapter.default_gateway = $adapter.DefaultIPGateway[0].ToString() } $net_adapter = $net_adapters | Where-Object { $_.$guid_key -eq $adapter.SettingID } if ($net_adapter) { $thisadapter.connection_name = $net_adapter.$name_key } $formattednetcfg += $thisadapter } $ansible_facts += @{ ansible_interfaces = $formattednetcfg } } if ($gather_subset.Contains("local") -and $factpath -ne $null) { # Get any custom facts; results are updated in the Get-CustomFacts -factpath $factpath } if($gather_subset.Contains('memory')) { $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $win32_os = Get-LazyCimInstance Win32_OperatingSystem $ansible_facts += @{ # Win32_PhysicalMemory is empty on some virtual platforms ansible_memtotal_mb = ([math]::round($win32_cs.TotalPhysicalMemory / 1024 / 1024)) ansible_swaptotal_mb = ([math]::round($win32_os.TotalSwapSpaceSize / 1024 / 1024)) } } if($gather_subset.Contains('platform')) { $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $win32_os = Get-LazyCimInstance Win32_OperatingSystem $ip_props = [System.Net.NetworkInformation.IPGlobalProperties]::GetIPGlobalProperties() $ansible_facts += @{ ansible_architecture = $win32_os.OSArchitecture ansible_domain = $ip_props.DomainName ansible_fqdn = ($ip_props.Hostname + "." + $ip_props.DomainName) ansible_hostname = $env:COMPUTERNAME ansible_kernel = $osversion.Version.ToString() ansible_nodename = ($ip_props.HostName + "." + $ip_props.DomainName) ansible_machine_id = Get-MachineSid ansible_owner_contact = ([string] $win32_cs.PrimaryOwnerContact) ansible_owner_name = ([string] $win32_cs.PrimaryOwnerName) # FUTURE: should this live in its own subset? ansible_reboot_pending = (Get-PendingRebootStatus) ansible_system = $osversion.Platform.ToString() ansible_system_description = ([string] $win32_os.Description) ansible_system_vendor = $win32_cs.Manufacturer } } if($gather_subset.Contains('powershell_version')) { $ansible_facts += @{ ansible_powershell_version = ($PSVersionTable.PSVersion.Major) } } if($gather_subset.Contains('processor')) { $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $win32_cpu = Get-LazyCimInstance Win32_Processor if ($win32_cpu -is [array]) { # multi-socket, pick first $win32_cpu = $win32_cpu[0] } $cpu_list = @( ) for ($i=1; $i -le ($win32_cpu.NumberOfLogicalProcessors / $win32_cs.NumberOfProcessors); $i++) { $cpu_list += $win32_cpu.Manufacturer $cpu_list += $win32_cpu.Name } $ansible_facts += @{ ansible_processor = $cpu_list ansible_processor_cores = $win32_cpu.NumberOfCores ansible_processor_count = $win32_cs.NumberOfProcessors ansible_processor_threads_per_core = ($win32_cpu.NumberOfLogicalProcessors / $win32_cs.NumberOfProcessors / $win32_cpu.NumberOfCores) ansible_processor_vcpus = ($win32_cpu.NumberOfLogicalProcessors / $win32_cs.NumberOfProcessors) } } if($gather_subset.Contains('uptime')) { $win32_os = Get-LazyCimInstance Win32_OperatingSystem $ansible_facts += @{ ansible_lastboot = $win32_os.lastbootuptime.ToString("u") ansible_uptime_seconds = $([System.Convert]::ToInt64($(Get-Date).Subtract($win32_os.lastbootuptime).TotalSeconds)) } } if($gather_subset.Contains('user')) { $user = [Security.Principal.WindowsIdentity]::GetCurrent() $ansible_facts += @{ ansible_user_dir = $env:userprofile # Win32_UserAccount.FullName is probably the right thing here, but it can be expensive to get on large domains ansible_user_gecos = "" ansible_user_id = $env:username ansible_user_sid = $user.User.Value } } if($gather_subset.Contains('windows_domain')) { $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $domain_roles = @{ 0 = "Stand-alone workstation" 1 = "Member workstation" 2 = "Stand-alone server" 3 = "Member server" 4 = "Backup domain controller" 5 = "Primary domain controller" } $domain_role = $domain_roles.Get_Item([Int32]$win32_cs.DomainRole) $ansible_facts += @{ ansible_windows_domain = $win32_cs.Domain ansible_windows_domain_member = $win32_cs.PartOfDomain ansible_windows_domain_role = $domain_role } } if($gather_subset.Contains('winrm')) { $winrm_https_listener_parent_paths = Get-ChildItem -Path WSMan:\localhost\Listener -Recurse | Where-Object {$_.PSChildName -eq "Transport" -and $_.Value -eq "HTTPS"} | select PSParentPath if ($winrm_https_listener_parent_paths -isnot [array]) { $winrm_https_listener_parent_paths = @($winrm_https_listener_parent_paths) } $winrm_https_listener_paths = @() foreach ($winrm_https_listener_parent_path in $winrm_https_listener_parent_paths) { $winrm_https_listener_paths += $winrm_https_listener_parent_path.PSParentPath.Substring($winrm_https_listener_parent_path.PSParentPath.LastIndexOf("\")) } $https_listeners = @() foreach ($winrm_https_listener_path in $winrm_https_listener_paths) { $https_listeners += Get-ChildItem -Path "WSMan:\localhost\Listener$winrm_https_listener_path" } $winrm_cert_thumbprints = @() foreach ($https_listener in $https_listeners) { $winrm_cert_thumbprints += $https_listener | where {$_.Name -EQ "CertificateThumbprint" } | select Value } $winrm_cert_expiry = @() foreach ($winrm_cert_thumbprint in $winrm_cert_thumbprints) { Try { $winrm_cert_expiry += Get-ChildItem -Path Cert:\LocalMachine\My | where Thumbprint -EQ $winrm_cert_thumbprint.Value.ToString().ToUpper() | select NotAfter } Catch {} } $winrm_cert_expirations = $winrm_cert_expiry | Sort-Object NotAfter if ($winrm_cert_expirations) { # this fact was renamed from ansible_winrm_certificate_expires due to collision with ansible_winrm_X connection var pattern $ansible_facts.Add("ansible_win_rm_certificate_expires", $winrm_cert_expirations[0].NotAfter.ToString("yyyy-MM-dd HH:mm:ss")) } } $result.ansible_facts += $ansible_facts Exit-Json $result ScriptBlock ID: 38f995c5-8477-47c9-922b-cb2ac474a835 Path:	4104	1		3	2	15	0	1944	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2644	1624	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:21 PM	7f70462d-725d-0003-728f-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: d51be116-d936-4e7e-8c37-05763c75e2cb Path:	4104	1		3	2	15	0	1943	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2644	532	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:21 PM	7f70462d-725d-0003-658f-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 8c564a77-9efb-41d9-bd0f-3cb9bafeac2e Path:	4104	1		3	2	15	0	1942	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2644	532	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:21 PM	7f70462d-725d-0003-568f-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): 0ZW0KICAgICR3aW4zMl9vcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfT3BlcmF0aW5nU3lzdGVtCiAgICAkaXBfcHJvcHMgPSBbU3lzdGVtLk5ldC5OZXR3b3JrSW5mb3JtYXRpb24uSVBHbG9iYWxQcm9wZXJ0aWVzXTo6R2V0SVBHbG9iYWxQcm9wZXJ0aWVzKCkKCiAgICAkYW5zaWJsZV9mYWN0cyArPSBAewogICAgICAgIGFuc2libGVfYXJjaGl0ZWN0dXJlID0gJHdpbjMyX29zLk9TQXJjaGl0ZWN0dXJlCiAgICAgICAgYW5zaWJsZV9kb21haW4gPSAkaXBfcHJvcHMuRG9tYWluTmFtZQogICAgICAgIGFuc2libGVfZnFkbiA9ICgkaXBfcHJvcHMuSG9zdG5hbWUgKyAiLiIgKyAkaXBfcHJvcHMuRG9tYWluTmFtZSkKICAgICAgICBhbnNpYmxlX2hvc3RuYW1lID0gJGVudjpDT01QVVRFUk5BTUUKICAgICAgICBhbnNpYmxlX2tlcm5lbCA9ICRvc3ZlcnNpb24uVmVyc2lvbi5Ub1N0cmluZygpCiAgICAgICAgYW5zaWJsZV9ub2RlbmFtZSA9ICgkaXBfcHJvcHMuSG9zdE5hbWUgKyAiLiIgKyAkaXBfcHJvcHMuRG9tYWluTmFtZSkKICAgICAgICBhbnNpYmxlX21hY2hpbmVfaWQgPSBHZXQtTWFjaGluZVNpZAogICAgICAgIGFuc2libGVfb3duZXJfY29udGFjdCA9IChbc3RyaW5nXSAkd2luMzJfY3MuUHJpbWFyeU93bmVyQ29udGFjdCkKICAgICAgICBhbnNpYmxlX293bmVyX25hbWUgPSAoW3N0cmluZ10gJHdpbjMyX2NzLlByaW1hcnlPd25lck5hbWUpCiAgICAgICAgIyBGVVRVUkU6IHNob3VsZCB0aGlzIGxpdmUgaW4gaXRzIG93biBzdWJzZXQ/CiAgICAgICAgYW5zaWJsZV9yZWJvb3RfcGVuZGluZyA9IChHZXQtUGVuZGluZ1JlYm9vdFN0YXR1cykKICAgICAgICBhbnNpYmxlX3N5c3RlbSA9ICRvc3ZlcnNpb24uUGxhdGZvcm0uVG9TdHJpbmcoKQogICAgICAgIGFuc2libGVfc3lzdGVtX2Rlc2NyaXB0aW9uID0gKFtzdHJpbmddICR3aW4zMl9vcy5EZXNjcmlwdGlvbikKICAgICAgICBhbnNpYmxlX3N5c3RlbV92ZW5kb3IgPSAkd2luMzJfY3MuTWFudWZhY3R1cmVyCiAgICB9Cn0KCmlmKCRnYXRoZXJfc3Vic2V0LkNvbnRhaW5zKCdwb3dlcnNoZWxsX3ZlcnNpb24nKSkgewogICAgJGFuc2libGVfZmFjdHMgKz0gQHsKICAgICAgICBhbnNpYmxlX3Bvd2Vyc2hlbGxfdmVyc2lvbiA9ICgkUFNWZXJzaW9uVGFibGUuUFNWZXJzaW9uLk1ham9yKQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygncHJvY2Vzc29yJykpIHsKICAgICR3aW4zMl9jcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfQ29tcHV0ZXJTeXN0ZW0KICAgICR3aW4zMl9jcHUgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX1Byb2Nlc3NvcgogICAgaWYgKCR3aW4zMl9jcHUgLWlzIFthcnJheV0pIHsKICAgICAgICAjIG11bHRpLXNvY2tldCwgcGljayBmaXJzdAogICAgICAgICR3aW4zMl9jcHUgPSAkd2luMzJfY3B1WzBdCiAgICB9CgogICAgJGNwdV9saXN0ID0gQCggKQogICAgZm9yICgkaT0xOyAkaSAtbGUgKCR3aW4zMl9jcHUuTnVtYmVyT2ZMb2dpY2FsUHJvY2Vzc29ycyAvICR3aW4zMl9jcy5OdW1iZXJPZlByb2Nlc3NvcnMpOyAkaSsrKSB7CiAgICAgICAgJGNwdV9saXN0ICs9ICR3aW4zMl9jcHUuTWFudWZhY3R1cmVyCiAgICAgICAgJGNwdV9saXN0ICs9ICR3aW4zMl9jcHUuTmFtZQogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9wcm9jZXNzb3IgPSAkY3B1X2xpc3QKICAgICAgICBhbnNpYmxlX3Byb2Nlc3Nvcl9jb3JlcyA9ICR3aW4zMl9jcHUuTnVtYmVyT2ZDb3JlcwogICAgICAgIGFuc2libGVfcHJvY2Vzc29yX2NvdW50ID0gJHdpbjMyX2NzLk51bWJlck9mUHJvY2Vzc29ycwogICAgICAgIGFuc2libGVfcHJvY2Vzc29yX3RocmVhZHNfcGVyX2NvcmUgPSAoJHdpbjMyX2NwdS5OdW1iZXJPZkxvZ2ljYWxQcm9jZXNzb3JzIC8gJHdpbjMyX2NzLk51bWJlck9mUHJvY2Vzc29ycyAvICR3aW4zMl9jcHUuTnVtYmVyT2ZDb3JlcykKICAgICAgICBhbnNpYmxlX3Byb2Nlc3Nvcl92Y3B1cyA9ICgkd2luMzJfY3B1Lk51bWJlck9mTG9naWNhbFByb2Nlc3NvcnMgLyAkd2luMzJfY3MuTnVtYmVyT2ZQcm9jZXNzb3JzKQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygndXB0aW1lJykpIHsKICAgICR3aW4zMl9vcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfT3BlcmF0aW5nU3lzdGVtCiAgICAkYW5zaWJsZV9mYWN0cyArPSBAewogICAgICAgIGFuc2libGVfbGFzdGJvb3QgPSAkd2luMzJfb3MubGFzdGJvb3R1cHRpbWUuVG9TdHJpbmcoInUiKQogICAgICAgIGFuc2libGVfdXB0aW1lX3NlY29uZHMgPSAkKFtTeXN0ZW0uQ29udmVydF06OlRvSW50NjQoJChHZXQtRGF0ZSkuU3VidHJhY3QoJHdpbjMyX29zLmxhc3Rib290dXB0aW1lKS5Ub3RhbFNlY29uZHMpKQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygndXNlcicpKSB7CiAgICAkdXNlciA9IFtTZWN1cml0eS5QcmluY2lwYWwuV2luZG93c0lkZW50aXR5XTo6R2V0Q3VycmVudCgpCiAgICAkYW5zaWJsZV9mYWN0cyArPSBAewogICAgICAgIGFuc2libGVfdXNlcl9kaXIgPSAkZW52OnVzZXJwcm9maWxlCiAgICAgICAgIyBXaW4zMl9Vc2VyQWNjb3VudC5GdWxsTmFtZSBpcyBwcm9iYWJseSB0aGUgcmlnaHQgdGhpbmcgaGVyZSwgYnV0IGl0IGNhbiBiZSBleHBlbnNpdmUgdG8gZ2V0IG9uIGxhcmdlIGRvbWFpbnMKICAgICAgICBhbnNpYmxlX3VzZXJfZ2Vjb3MgPSAiIgogICAgICAgIGFuc2libGVfdXNlcl9pZCA9ICRlbnY6dXNlcm5hbWUKICAgICAgICBhbnNpYmxlX3VzZXJfc2lkID0gJHVzZXIuVXNlci5WYWx1ZQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygnd2luZG93c19kb21haW4nKSkgewogICAgJHdpbjMyX2NzID0gR2V0LUxhenlDaW1JbnN0YW5jZSBXaW4zMl9Db21wdXRlclN5c3RlbQogICAgJGRvbWFpbl9yb2xlcyA9IEB7CiAgICAgICAgMCA9ICJTdGFuZC1hbG9uZSB3b3Jrc3RhdGlvbiIKICAgICAgICAxID0gIk1lbWJlciB3b3Jrc3RhdGlvbiIKICAgICAgICAyID0gIlN0YW5kLWFsb25lIHNlcnZlciIKICAgICAgICAzID0gIk1lbWJlciBzZXJ2ZXIiCiAgICAgICAgNCA9ICJCYWNrdXAgZG9tYWluIGNvbnRyb2xsZXIiCiAgICAgICAgNSA9ICJQcmltYXJ5IGRvbWFpbiBjb250cm9sbGVyIgogICAgfQoKICAgICRkb21haW5fcm9sZSA9ICRkb21haW5fcm9sZXMuR2V0X0l0ZW0oW0ludDMyXSR3aW4zMl9jcy5Eb21haW5Sb2xlKQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV93aW5kb3dzX2RvbWFpbiA9ICR3aW4zMl9jcy5Eb21haW4KICAgICAgICBhbnNpYmxlX3dpbmRvd3NfZG9tYWluX21lbWJlciA9ICR3aW4zMl9jcy5QYXJ0T2ZEb21haW4KICAgICAgICBhbnNpYmxlX3dpbmRvd3NfZG9tYWluX3JvbGUgPSAkZG9tYWluX3JvbGUKICAgIH0KfQoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ3dpbnJtJykpIHsKCiAgICAkd2lucm1faHR0cHNfbGlzdGVuZXJfcGFyZW50X3BhdGhzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCBXU01hbjpcbG9jYWxob3N0XExpc3RlbmVyIC1SZWN1cnNlIHwgV2hlcmUtT2JqZWN0IHskXy5QU0NoaWxkTmFtZSAtZXEgIlRyYW5zcG9ydCIgLWFuZCAkXy5WYWx1ZSAtZXEgIkhUVFBTIn0gfCBzZWxlY3QgUFNQYXJlbnRQYXRoCiAgICBpZiAoJHdpbnJtX2h0dHBzX2xpc3RlbmVyX3BhcmVudF9wYXRocyAtaXNub3QgW2FycmF5XSkgewogICAgICAgJHdpbnJtX2h0dHBzX2xpc3RlbmVyX3BhcmVudF9wYXRocyA9IEAoJHdpbnJtX2h0dHBzX2xpc3RlbmVyX3BhcmVudF9wYXRocykKICAgIH0KCiAgICAkd2lucm1faHR0cHNfbGlzdGVuZXJfcGF0aHMgPSBAKCkKICAgIGZvcmVhY2ggKCR3aW5ybV9odHRwc19saXN0ZW5lcl9wYXJlbnRfcGF0aCBpbiAkd2lucm1faHR0cHNfbGlzdGVuZXJfcGFyZW50X3BhdGhzKSB7CiAgICAgICAgJHdpbnJtX2h0dHBzX2xpc3RlbmVyX3BhdGhzICs9ICR3aW5ybV9odHRwc19saXN0ZW5lcl9wYXJlbnRfcGF0aC5QU1BhcmVudFBhdGguU3Vic3RyaW5nKCR3aW5ybV9odHRwc19saXN0ZW5lcl9wYXJlbnRfcGF0aC5QU1BhcmVudFBhdGguTGFzdEluZGV4T2YoIlwiKSkKICAgIH0KCiAgICAkaHR0cHNfbGlzdGVuZXJzID0gQCgpCiAgICBmb3JlYWNoICgkd2lucm1faHR0cHNfbGlzdGVuZXJfcGF0aCBpbiAkd2lucm1faHR0cHNfbGlzdGVuZXJfcGF0aHMpIHsKICAgICAgICAkaHR0cHNfbGlzdGVuZXJzICs9IEdldC1DaGlsZEl0ZW0gLVBhdGggIldTTWFuOlxsb2NhbGhvc3RcTGlzdGVuZXIkd2lucm1faHR0cHNfbGlzdGVuZXJfcGF0aCIKICAgIH0KCiAgICAkd2lucm1fY2VydF90aHVtYnByaW50cyA9IEAoKQogICAgZm9yZWFjaCAoJGh0dHBzX2xpc3RlbmVyIGluICRodHRwc19saXN0ZW5lcnMpIHsKICAgICAgICAkd2lucm1fY2VydF90aHVtYnByaW50cyArPSAkaHR0cHNfbGlzdGVuZXIgfCB3aGVyZSB7JF8uTmFtZSAtRVEgIkNlcnRpZmljYXRlVGh1bWJwcmludCIgfSB8IHNlbGVjdCBWYWx1ZQogICAgfQoKICAgICR3aW5ybV9jZXJ0X2V4cGlyeSA9IEAoKQogICAgZm9yZWFjaCAoJHdpbnJtX2NlcnRfdGh1bWJwcmludCBpbiAkd2lucm1fY2VydF90aHVtYnByaW50cykgewogICAgICAgIFRyeSB7CiAgICAgICAgICAgICR3aW5ybV9jZXJ0X2V4cGlyeSArPSBHZXQtQ2hpbGRJdGVtIC1QYXRoIENlcnQ6XExvY2FsTWFjaGluZVxNeSB8IHdoZXJlIFRodW1icHJpbnQgLUVRICR3aW5ybV9jZXJ0X3RodW1icHJpbnQuVmFsdWUuVG9TdHJpbmcoKS5Ub1VwcGVyKCkgfCBzZWxlY3QgTm90QWZ0ZXIKICAgICAgICB9IENhdGNoIHt9CiAgICB9CgogICAgJHdpbnJtX2NlcnRfZXhwaXJhdGlvbnMgPSAkd2lucm1fY2VydF9leHBpcnkgfCBTb3J0LU9iamVjdCBOb3RBZnRlcgogICAgaWYgKCR3aW5ybV9jZXJ0X2V4cGlyYXRpb25zKSB7CiAgICAgICAgIyB0aGlzIGZhY3Qgd2FzIHJlbmFtZWQgZnJvbSBhbnNpYmxlX3dpbnJtX2NlcnRpZmljYXRlX2V4cGlyZXMgZHVlIHRvIGNvbGxpc2lvbiB3aXRoIGFuc2libGVfd2lucm1fWCBjb25uZWN0aW9uIHZhciBwYXR0ZXJuCiAgICAgICAgJGFuc2libGVfZmFjdHMuQWRkKCJhbnNpYmxlX3dpbl9ybV9jZXJ0aWZpY2F0ZV9leHBpcmVzIiwgJHdpbnJtX2NlcnRfZXhwaXJhdGlvbnNbMF0uTm90QWZ0ZXIuVG9TdHJpbmcoInl5eXktTU0tZGQgSEg6bW06c3MiKSkKICAgIH0KfQoKJHJlc3VsdC5hbnNpYmxlX2ZhY3RzICs9ICRhbnNpYmxlX2ZhY3RzCgpFeGl0LUpzb24gJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "gather_timeout": 10, "_ansible_module_name": "setup", "_ansible_remote_tmp": "%TEMP%", "_ansible_verbosity": 3, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "gather_subset": ["all"], "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: b6e7ec0c-3332-450b-bc81-8221aa8add22 Path:	4104	1		3	2	15	0	1941	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2644	532	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:20 PM	7f70462d-725d-0003-508f-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): b3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTgsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKCkZ1bmN0aW9uIEdldC1DdXN0b21GYWN0cyB7CiAgW2NtZGxldEJpbmRpbmcoKV0KICBwYXJhbSAoCiAgICBbUGFyYW1ldGVyKG1hbmRhdG9yeT0kZmFsc2UpXQogICAgJGZhY3RwYXRoID0gJG51bGwKICApCgogIGlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGZhY3RwYXRoKSkgewogICAgRmFpbC1Kc29uICRyZXN1bHQgIlRoZSBwYXRoICRmYWN0cGF0aCBkb2VzIG5vdCBleGlzdC4gVHlwbz8iCiAgfQoKICAkRmFjdHNGaWxlcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJGZhY3RwYXRoIHwgV2hlcmUtT2JqZWN0IC1GaWx0ZXJTY3JpcHQgeygkUFNJdGVtLlBTSXNDb250YWluZXIgLWVxICRmYWxzZSkgLWFuZCAoJFBTSXRlbS5FeHRlbnNpb24gLWVxICcucHMxJyl9CgogIGZvcmVhY2ggKCRGYWN0c0ZpbGUgaW4gJEZhY3RzRmlsZXMpIHsKICAgICAgJG91dCA9ICYgJCgkRmFjdHNGaWxlLkZ1bGxOYW1lKQogICAgICAkcmVzdWx0LmFuc2libGVfZmFjdHMuQWRkKCJhbnNpYmxlXyQoKCRGYWN0c0ZpbGUuTmFtZSkuU3BsaXQoJy4nKVswXSkiLCAkb3V0KQogIH0KfQoKRnVuY3Rpb24gR2V0LU1hY2hpbmVTaWQgewogICAgIyBUaGUgTWFjaGluZSBTSUQgaXMgc3RvcmVkIGluIEhLTE06XFNFQ1VSSVRZXFNBTVxEb21haW5zXEFjY291bnQgYW5kIGlzCiAgICAjIG9ubHkgYWNjZXNzaWJsZSBieSB0aGUgTG9jYWwgU3lzdGVtIGFjY291bnQuIFRoaXMgbWV0aG9kIGdldCdzIHRoZSBsb2NhbAogICAgIyBhZG1pbiBhY2NvdW50IChlbmRzIHdpdGggLTUwMCkgYW5kIGxvcHMgaXQgb2ZmIHRvIGdldCB0aGUgbWFjaGluZSBzaWQuCgogICAgJGFkbWluc19zaWQgPSAiUy0xLTUtMzItNTQ0IgogICAgJGFkbWluX2dyb3VwID0gKFtTZWN1cml0eS5QcmluY2lwYWwuU2VjdXJpdHlJZGVudGlmaWVyXSRhZG1pbnNfc2lkKS5UcmFuc2xhdGUoW1NlY3VyaXR5LlByaW5jaXBhbC5OVEFjY291bnRdKS5WYWx1ZSAKCiAgICBBZGQtVHlwZSAtQXNzZW1ibHlOYW1lIFN5c3RlbS5EaXJlY3RvcnlTZXJ2aWNlcy5BY2NvdW50TWFuYWdlbWVudAogICAgJHByaW5jaXBhbF9jb250ZXh0ID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLkRpcmVjdG9yeVNlcnZpY2VzLkFjY291bnRNYW5hZ2VtZW50LlByaW5jaXBhbENvbnRleHQoW1N5c3RlbS5EaXJlY3RvcnlTZXJ2aWNlcy5BY2NvdW50TWFuYWdlbWVudC5Db250ZXh0VHlwZV06Ok1hY2hpbmUpCiAgICAkZ3JvdXBfcHJpbmNpcGFsID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLkRpcmVjdG9yeVNlcnZpY2VzLkFjY291bnRNYW5hZ2VtZW50Lkdyb3VwUHJpbmNpcGFsKCRwcmluY2lwYWxfY29udGV4dCwgJGFkbWluX2dyb3VwKQogICAgJHNlYXJjaGVyID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLkRpcmVjdG9yeVNlcnZpY2VzLkFjY291bnRNYW5hZ2VtZW50LlByaW5jaXBhbFNlYXJjaGVyKCRncm91cF9wcmluY2lwYWwpCiAgICAkZ3JvdXBzID0gJHNlYXJjaGVyLkZpbmRPbmUoKQoKICAgICRtYWNoaW5lX3NpZCA9ICRudWxsCiAgICBmb3JlYWNoICgkdXNlciBpbiAkZ3JvdXBzLk1lbWJlcnMpIHsKICAgICAgICAkdXNlcl9zaWQgPSAkdXNlci5TaWQKICAgICAgICBpZiAoJHVzZXJfc2lkLlZhbHVlLkVuZHNXaXRoKCItNTAwIikpIHsKICAgICAgICAgICAgJG1hY2hpbmVfc2lkID0gJHVzZXJfc2lkLkFjY291bnREb21haW5TaWQuVmFsdWUKICAgICAgICAgICAgYnJlYWsKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICRtYWNoaW5lX3NpZAp9CgokY2ltX2luc3RhbmNlcyA9IEB7fQoKRnVuY3Rpb24gR2V0LUxhenlDaW1JbnN0YW5jZShbc3RyaW5nXSRpbnN0YW5jZV9uYW1lLCBbc3RyaW5nXSRuYW1lc3BhY2U9IlJvb3RcQ0lNVjIiKSB7CiAgICBpZigtbm90ICRjaW1faW5zdGFuY2VzLkNvbnRhaW5zS2V5KCRpbnN0YW5jZV9uYW1lKSkgewogICAgICAgICRjaW1faW5zdGFuY2VzWyRpbnN0YW5jZV9uYW1lXSA9ICQoR2V0LUNpbUluc3RhbmNlIC1OYW1lc3BhY2UgJG5hbWVzcGFjZSAtQ2xhc3NOYW1lICRpbnN0YW5jZV9uYW1lKQogICAgfQoKICAgIHJldHVybiAkY2ltX2luc3RhbmNlc1skaW5zdGFuY2VfbmFtZV0KfQoKJHJlc3VsdCA9IEB7CiAgICBhbnNpYmxlX2ZhY3RzID0gQHsgfQogICAgY2hhbmdlZCA9ICRmYWxzZQp9CgokZ3JvdXBlZF9zdWJzZXRzID0gQHsKICAgIG1pbj1bU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuTGlzdFtzdHJpbmddXUAoJ2RhdGVfdGltZScsJ2Rpc3RyaWJ1dGlvbicsJ2RucycsJ2VudicsJ2xvY2FsJywncGxhdGZvcm0nLCdwb3dlcnNoZWxsX3ZlcnNpb24nLCd1c2VyJykKICAgIG5ldHdvcms9W1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkxpc3Rbc3RyaW5nXV1AKCdhbGxfaXB2NF9hZGRyZXNzZXMnLCdhbGxfaXB2Nl9hZGRyZXNzZXMnLCdpbnRlcmZhY2VzJywnd2luZG93c19kb21haW4nLCAnd2lucm0nKQogICAgaGFyZHdhcmU9W1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkxpc3Rbc3RyaW5nXV1AKCdiaW9zJywnbWVtb3J5JywncHJvY2Vzc29yJywndXB0aW1lJykKICAgIGV4dGVybmFsPVtTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5MaXN0W3N0cmluZ11dQCgnZmFjdGVyJykKfQoKIyBidWlsZCAiYWxsIiBzZXQgZnJvbSBldmVyeXRoaW5nIG1lbnRpb25lZCBpbiB0aGUgZ3JvdXAtIHRoaXMgbWVhbnMgZXZlcnkgdmFsdWUgbXVzdCBiZSBpbiBhdCBsZWFzdCBvbmUgc3Vic2V0IHRvIGJlIGNvbnNpZGVyZWQgbGVnYWwKJGFsbF9zZXQgPSBbU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuSGFzaFNldFtzdHJpbmddXUAoKQoKZm9yZWFjaCgka3YgaW4gJGdyb3VwZWRfc3Vic2V0cy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgIFt2b2lkXSAkYWxsX3NldC5VbmlvbldpdGgoJGt2LlZhbHVlKQp9CgojIGR5bmFtaWNhbGx5IGNyZWF0ZSBhbiAiYWxsIiBzdWJzZXQgbm93IHRoYXQgd2Uga25vdyB3aGF0IHNob3VsZCBiZSBpbiBpdAokZ3JvdXBlZF9zdWJzZXRzWydhbGwnXSA9IFtTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5MaXN0W3N0cmluZ11dJGFsbF9zZXQKCiMgc3RhcnQgd2l0aCBhbGwsIGJ1aWxkIHVwIGdhdGhlciBhbmQgZXhjbHVkZSBzdWJzZXRzCiRnYXRoZXJfc3Vic2V0ID0gW1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkhhc2hTZXRbc3RyaW5nXV0kZ3JvdXBlZF9zdWJzZXRzLmFsbAokZXhwbGljaXRfc3Vic2V0ID0gW1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkhhc2hTZXRbc3RyaW5nXV1AKCkKJGV4Y2x1ZGVfc3Vic2V0ID0gW1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkhhc2hTZXRbc3RyaW5nXV1AKCkKCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCiRmYWN0cGF0aCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmYWN0X3BhdGgiIC10eXBlICJwYXRoIgokZ2F0aGVyX3N1YnNldF9zb3VyY2UgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZ2F0aGVyX3N1YnNldCIgLXR5cGUgImxpc3QiIC1kZWZhdWx0ICJhbGwiCgpmb3JlYWNoKCRpdGVtIGluICRnYXRoZXJfc3Vic2V0X3NvdXJjZSkgewogICAgaWYoKFtzdHJpbmddJGl0ZW0pLlN0YXJ0c1dpdGgoIiEiKSkgewogICAgICAgICRpdGVtID0gKFtzdHJpbmddJGl0ZW0pLlN1YnN0cmluZygxKQogICAgICAgIGlmKCRpdGVtIC1lcSAiYWxsIikgewogICAgICAgICAgICAkYWxsX21pbnVzX21pbiA9IFtTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5IYXNoU2V0W3N0cmluZ11dQCgkYWxsX3NldCkKICAgICAgICAgICAgW3ZvaWRdICRhbGxfbWludXNfbWluLkV4Y2VwdFdpdGgoJGdyb3VwZWRfc3Vic2V0cy5taW4pCiAgICAgICAgICAgIFt2b2lkXSAkZXhjbHVkZV9zdWJzZXQuVW5pb25XaXRoKCRhbGxfbWludXNfbWluKQogICAgICAgIH0KICAgICAgICBlbHNlaWYoJGdyb3VwZWRfc3Vic2V0cy5Db250YWluc0tleSgkaXRlbSkpIHsKICAgICAgICAgICAgW3ZvaWRdICRleGNsdWRlX3N1YnNldC5VbmlvbldpdGgoJGdyb3VwZWRfc3Vic2V0c1skaXRlbV0pCiAgICAgICAgfQogICAgICAgIGVsc2VpZigkYWxsX3NldC5Db250YWlucygkaXRlbSkpIHsKICAgICAgICAgICAgW3ZvaWRdICRleGNsdWRlX3N1YnNldC5BZGQoJGl0ZW0pCiAgICAgICAgfQogICAgICAgICMgTkI6IGludmFsaWQgZXhjbHVkZSB2YWx1ZXMgYXJlIGlnbm9yZWQsIHNpbmNlIHRoYXQncyB3aGF0IHBvc2l4IHNldHVwIGRvZXMKICAgIH0KICAgIGVsc2UgewogICAgICAgIGlmKCRncm91cGVkX3N1YnNldHMuQ29udGFpbnNLZXkoJGl0ZW0pKSB7CiAgICAgICAgICAgIFt2b2lkXSAkZXhwbGljaXRfc3Vic2V0LlVuaW9uV2l0aCgkZ3JvdXBlZF9zdWJzZXRzWyRpdGVtXSkKICAgICAgICB9CiAgICAgICAgZWxzZWlmKCRhbGxfc2V0LkNvbnRhaW5zKCRpdGVtKSkgewogICAgICAgICAgICBbdm9pZF0gJGV4cGxpY2l0X3N1YnNldC5BZGQoJGl0ZW0pCiAgICAgICAgfQogICAgICAgIGVsc2UgewogICAgICAgICAgICAjIE5COiBQT1NJWCBzZXR1cCBmYWlscyBvbiBpbnZhbGlkIHZhbHVlOyB3ZSB3YXJuLCBiZWNhdXNlIHdlIGRvbid0IGltcGxlbWVudCB0aGUgc2FtZSBzZXQgYXMgUE9TSVgKICAgICAgICAgICAgIyBhbmQgd2UgZG9uJ3QgaGF2ZSBwbGF0Zm9ybS1zcGVjaWZpYyBjb25maWcgZm9yIHRoaXMuLi4KICAgICAgICAgICAgQWRkLVdhcm5pbmcgJHJlc3VsdCAiaW52YWxpZCB2YWx1ZSAkaXRlbSBzcGVjaWZpZWQgaW4gZ2F0aGVyX3N1YnNldCIKICAgICAgICB9CiAgICB9Cn0KClt2b2lkXSAkZ2F0aGVyX3N1YnNldC5FeGNlcHRXaXRoKCRleGNsdWRlX3N1YnNldCkKW3ZvaWRdICRnYXRoZXJfc3Vic2V0LlVuaW9uV2l0aCgkZXhwbGljaXRfc3Vic2V0KQoKJGFuc2libGVfZmFjdHMgPSBAewogICAgZ2F0aGVyX3N1YnNldD1AKCRnYXRoZXJfc3Vic2V0X3NvdXJjZSkKICAgIG1vZHVsZV9zZXR1cD0kdHJ1ZQp9Cgokb3N2ZXJzaW9uID0gW0Vudmlyb25tZW50XTo6T1NWZXJzaW9uCgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygnYWxsX2lwdjRfYWRkcmVzc2VzJykgLW9yICRnYXRoZXJfc3Vic2V0LkNvbnRhaW5zKCdhbGxfaXB2Nl9hZGRyZXNzZXMnKSkgewogICAgJG5ldGNmZyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfTmV0d29ya0FkYXB0ZXJDb25maWd1cmF0aW9uCiAgICAKICAgICMgVE9ETzogc3BsaXQgdjQvdjYgcHJvcGVybHksIHJldHVybiBpbiBzZXBhcmF0ZSBrZXlzCiAgICAkaXBzID0gQCgpCiAgICBGb3JlYWNoICgkaXAgaW4gJG5ldGNmZy5JUEFkZHJlc3MpIHsKICAgICAgICBJZiAoJGlwKSB7CiAgICAgICAgICAgICRpcHMgKz0gJGlwCiAgICAgICAgfQogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9pcF9hZGRyZXNzZXMgPSAkaXBzCiAgICB9Cn0KCmlmKCRnYXRoZXJfc3Vic2V0LkNvbnRhaW5zKCdiaW9zJykpIHsKICAgICR3aW4zMl9iaW9zID0gR2V0LUxhenlDaW1JbnN0YW5jZSBXaW4zMl9CaW9zCiAgICAkd2luMzJfY3MgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX0NvbXB1dGVyU3lzdGVtCiAgICAkYW5zaWJsZV9mYWN0cyArPSBAewogICAgICAgIGFuc2libGVfYmlvc19kYXRlID0gJHdpbjMyX2Jpb3MuUmVsZWFzZURhdGUuVG9TdHJpbmcoIk1NL2RkL3l5eXkiKQogICAgICAgIGFuc2libGVfYmlvc192ZXJzaW9uID0gJHdpbjMyX2Jpb3MuU01CSU9TQklPU1ZlcnNpb24KICAgICAgICBhbnNpYmxlX3Byb2R1Y3RfbmFtZSA9ICR3aW4zMl9jcy5Nb2RlbC5UcmltKCkKICAgICAgICBhbnNpYmxlX3Byb2R1Y3Rfc2VyaWFsID0gJHdpbjMyX2Jpb3MuU2VyaWFsTnVtYmVyCiAgICAgICAgIyBhbnNpYmxlX3Byb2R1Y3RfdmVyc2lvbiA9IChbc3RyaW5nXSAkd2luMzJfY3MuU3lzdGVtRmFtaWx5KQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygnZGF0ZV90aW1lJykpIHsKICAgICRkYXRldGltZSA9IChHZXQtRGF0ZSkKICAgICRkYXRldGltZV91dGMgPSAkZGF0ZXRpbWUuVG9Vbml2ZXJzYWxUaW1lKCkKICAgICRkYXRlID0gQHsKICAgICAgICBkYXRlID0gJGRhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIikKICAgICAgICBkYXkgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoImRkIikKICAgICAgICBlcG9jaCA9IChHZXQtRGF0ZSAtVUZvcm1hdCAiJXMiKQogICAgICAgIGhvdXIgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoIkhIIikKICAgICAgICBpc284NjAxID0gJGRhdGV0aW1lX3V0Yy5Ub1N0cmluZygieXl5eS1NTS1kZFRISDptbTpzc1oiKQogICAgICAgIGlzbzg2MDFfYmFzaWMgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXlNTWRkVEhIbW1zc2ZmZmZmZiIpCiAgICAgICAgaXNvODYwMV9iYXNpY19zaG9ydCA9ICRkYXRldGltZS5Ub1N0cmluZygieXl5eU1NZGRUSEhtbXNzIikKICAgICAgICBpc284NjAxX21pY3JvID0gJGRhdGV0aW1lX3V0Yy5Ub1N0cmluZygieXl5eS1NTS1kZFRISDptbTpzcy5mZmZmZmZaIikKICAgICAgICBtaW51dGUgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoIm1tIikKICAgICAgICBtb250aCA9ICRkYXRldGltZS5Ub1N0cmluZygiTU0iKQogICAgICAgIHNlY29uZCA9ICRkYXRldGltZS5Ub1N0cmluZygic3MiKQogICAgICAgIHRpbWUgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoIkhIOm1tOnNzIikKICAgICAgICB0eiA9IChbU3lzdGVtLlRpbWVab25lSW5mb106OkxvY2FsLklkKQogICAgICAgIHR6X29mZnNldCA9ICRkYXRldGltZS5Ub1N0cmluZygienp6eiIpCiAgICAgICAgIyBFbnN1cmUgdGhhdCB0aGUgd2Vla2RheSBpcyBpbiBFbmdsaXNoCiAgICAgICAgd2Vla2RheSA9ICRkYXRldGltZS5Ub1N0cmluZygiZGRkZCIsIFtTeXN0ZW0uR2xvYmFsaXphdGlvbi5DdWx0dXJlSW5mb106OkludmFyaWFudEN1bHR1cmUpCiAgICAgICAgd2Vla2RheV9udW1iZXIgPSAoR2V0LURhdGUgLVVGb3JtYXQgIiV3IikKICAgICAgICB3ZWVrbnVtYmVyID0gKEdldC1EYXRlIC1VRm9ybWF0ICIlVyIpCiAgICAgICAgeWVhciA9ICRkYXRldGltZS5Ub1N0cmluZygieXl5eSIpCiAgICB9CgogICAgJGFuc2libGVfZmFjdHMgKz0gQHsKICAgICAgICBhbnNpYmxlX2RhdGVfdGltZSA9ICRkYXRlCiAgICB9Cn0KCmlmKCRnYXRoZXJfc3Vic2V0LkNvbnRhaW5zKCdkaXN0cmlidXRpb24nKSkgewogICAgJHdpbjMyX29zID0gR2V0LUxhenlDaW1JbnN0YW5jZSBXaW4zMl9PcGVyYXRpbmdTeXN0ZW0KICAgICRwcm9kdWN0X3R5cGUgPSBzd2l0Y2goJHdpbjMyX29zLlByb2R1Y3RUeXBlKSB7CiAgICAgICAgMSB7ICJ3b3Jrc3RhdGlvbiIgfQogICAgICAgIDIgeyAiZG9tYWluX2NvbnRyb2xsZXIiIH0KICAgICAgICAzIHsgInNlcnZlciIgfQogICAgICAgIGRlZmF1bHQgeyAidW5rbm93biIgfQogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9kaXN0cmlidXRpb24gPSAkd2luMzJfb3MuQ2FwdGlvbgogICAgICAgIGFuc2libGVfZGlzdHJpYnV0aW9uX3ZlcnNpb24gPSAkb3N2ZXJzaW9uLlZlcnNpb24uVG9TdHJpbmcoKQogICAgICAgIGFuc2libGVfZGlzdHJpYnV0aW9uX21ham9yX3ZlcnNpb24gPSAkb3N2ZXJzaW9uLlZlcnNpb24uTWFqb3IuVG9TdHJpbmcoKQogICAgICAgIGFuc2libGVfb3NfZmFtaWx5ID0gIldpbmRvd3MiCiAgICAgICAgYW5zaWJsZV9vc19uYW1lID0gKCR3aW4zMl9vcy5OYW1lLlNwbGl0KCd8JylbMF0pLlRyaW0oKQogICAgICAgIGFuc2libGVfb3NfcHJvZHVjdF90eXBlID0gJHByb2R1Y3RfdHlwZQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygnZW52JykpIHsKICAgICRlbnZfdmFycyA9IEB7IH0KICAgIGZvcmVhY2ggKCRpdGVtIGluIEdldC1DaGlsZEl0ZW0gRW52OikgewogICAgICAgICRuYW1lID0gJGl0ZW0gfCBzZWxlY3QgLUV4cGFuZFByb3BlcnR5IE5hbWUKICAgICAgICAjIFBvd2Vyc2hlbGwgQ29udmVydFRvLUpzb24gZmFpbHMgaWYgc3RyaW5nIGVuZHMgd2l0aCBcCiAgICAgICAgJHZhbHVlID0gKCRpdGVtIHwgc2VsZWN0IC1FeHBhbmRQcm9wZXJ0eSBWYWx1ZSkuVHJpbUVuZCgiXCIpCiAgICAgICAgJGVudl92YXJzLkFkZCgkbmFtZSwgJHZhbHVlKQogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9lbnYgPSAkZW52X3ZhcnMKICAgIH0KfQoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ2ZhY3RlcicpKSB7CiAgICAjIFNlZSBpZiBGYWN0ZXIgaXMgb24gdGhlIFN5c3RlbSBQYXRoCiAgICBUcnkgewogICAgICAgICRmYWN0ZXJfZXhlID0gR2V0LUNvbW1hbmQgZmFjdGVyIC1FcnJvckFjdGlvbiBTdG9wCiAgICAgICAgJGZhY3Rlcl9pbnN0YWxsZWQgPSAkdHJ1ZQogICAgfSBDYXRjaCB7CiAgICAgICAgJGZhY3Rlcl9pbnN0YWxsZWQgPSAkZmFsc2UKICAgIH0KCiAgICAjIEdldCBKU09OIGZyb20gRmFjdGVyLCBhbmQgcGFyc2UgaXQgb3V0LgogICAgaWYgKCRmYWN0ZXJfaW5zdGFsbGVkKSB7CiAgICAgICAgJmZhY3RlciAtaiB8IFRlZS1PYmplY3QgIC1WYXJpYWJsZSBmYWN0ZXJfb3V0cHV0IHwgT3V0LU51bGwKICAgICAgICAkZmFjdHMgPSAiJGZhY3Rlcl9vdXRwdXQiIHwgQ29udmVydEZyb20tSnNvbgogICAgICAgIEZvckVhY2goJGZhY3QgaW4gJGZhY3RzLlBTT2JqZWN0LlByb3BlcnRpZXMpIHsKICAgICAgICAgICAgJGZhY3RfbmFtZSA9ICRmYWN0Lk5hbWUKICAgICAgICAgICAgJGFuc2libGVfZmFjdHMuQWRkKCJmYWN0ZXJfJGZhY3RfbmFtZSIsICRmYWN0LlZhbHVlKQogICAgICAgIH0KICAgIH0KfQoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ2ludGVyZmFjZXMnKSkgewogICAgJG5ldGNmZyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfTmV0d29ya0FkYXB0ZXJDb25maWd1cmF0aW9uCiAgICAkQWN0aXZlTmV0Y2ZnID0gQCgpCiAgICAkQWN0aXZlTmV0Y2ZnICs9ICRuZXRjZmcgfCB3aGVyZSB7JF8uaXBhZGRyZXNzIC1uZSAkbnVsbH0KCiAgICAkbmFtZXNwYWNlcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgX19OYW1lc3BhY2UgLW5hbWVzcGFjZSByb290CiAgICBpZiAoJG5hbWVzcGFjZXMgfCBXaGVyZS1PYmplY3QgeyAkXy5OYW1lIC1lcSAiU3RhbmRhcmRDaW12IiB9KSB7CiAgICAgICAgJG5ldF9hZGFwdGVycyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgTVNGVF9OZXRBZGFwdGVyIC1uYW1lc3BhY2UgUm9vdFxTdGFuZGFyZENpbXYyCiAgICAgICAgJGd1aWRfa2V5ID0gIkludGVyZmFjZUdVSUQiCiAgICAgICAgJG5hbWVfa2V5ID0gIk5hbWUiCiAgICB9IGVsc2UgewogICAgICAgICRuZXRfYWRhcHRlcnMgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX05ldHdvcmtBZGFwdGVyICAgICAgICAKICAgICAgICAkZ3VpZF9rZXkgPSAiR1VJRCIKICAgICAgICAkbmFtZV9rZXkgPSAiTmV0Q29ubmVjdGlvbklEIgogICAgfQoKICAgICRmb3JtYXR0ZWRuZXRjZmcgPSBAKCkKICAgIGZvcmVhY2ggKCRhZGFwdGVyIGluICRBY3RpdmVOZXRjZmcpCiAgICB7CiAgICAgICAgJHRoaXNhZGFwdGVyID0gQHsKICAgICAgICAgICAgZGVmYXVsdF9nYXRld2F5ID0gJG51bGwKICAgICAgICAgICAgY29ubmVjdGlvbl9uYW1lID0gJG51bGwKICAgICAgICAgICAgZG5zX2RvbWFpbiA9ICRhZGFwdGVyLmRuc2RvbWFpbgogICAgICAgICAgICBpbnRlcmZhY2VfaW5kZXggPSAkYWRhcHRlci5JbnRlcmZhY2VJbmRleAogICAgICAgICAgICBpbnRlcmZhY2VfbmFtZSA9ICRhZGFwdGVyLmRlc2NyaXB0aW9uCiAgICAgICAgICAgIG1hY2FkZHJlc3MgPSAkYWRhcHRlci5tYWNhZGRyZXNzCiAgICAgICAgfQoKICAgICAgICBpZiAoJGFkYXB0ZXIuZGVmYXVsdElQR2F0ZXdheSkKICAgICAgICB7CiAgICAgICAgICAgICR0aGlzYWRhcHRlci5kZWZhdWx0X2dhdGV3YXkgPSAkYWRhcHRlci5EZWZhdWx0SVBHYXRld2F5WzBdLlRvU3RyaW5nKCkKICAgICAgICB9CiAgICAgICAgJG5ldF9hZGFwdGVyID0gJG5ldF9hZGFwdGVycyB8IFdoZXJlLU9iamVjdCB7ICRfLiRndWlkX2tleSAtZXEgJGFkYXB0ZXIuU2V0dGluZ0lEIH0KICAgICAgICBpZiAoJG5ldF9hZGFwdGVyKSB7CiAgICAgICAgICAgICR0aGlzYWRhcHRlci5jb25uZWN0aW9uX25hbWUgPSAkbmV0X2FkYXB0ZXIuJG5hbWVfa2V5CiAgICAgICAgfQoKICAgICAgICAkZm9ybWF0dGVkbmV0Y2ZnICs9ICR0aGlzYWRhcHRlcgogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9pbnRlcmZhY2VzID0gJGZvcm1hdHRlZG5ldGNmZwogICAgfQp9CgppZiAoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoImxvY2FsIikgLWFuZCAkZmFjdHBhdGggLW5lICRudWxsKSB7CiAgICAjIEdldCBhbnkgY3VzdG9tIGZhY3RzOyByZXN1bHRzIGFyZSB1cGRhdGVkIGluIHRoZQogICAgR2V0LUN1c3RvbUZhY3RzIC1mYWN0cGF0aCAkZmFjdHBhdGgKfQoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ21lbW9yeScpKSB7CiAgICAkd2luMzJfY3MgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX0NvbXB1dGVyU3lzdGVtCiAgICAkd2luMzJfb3MgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX09wZXJhdGluZ1N5c3RlbQogICAgJGFuc2libGVfZmFjdHMgKz0gQHsKICAgICAgICAjIFdpbjMyX1BoeXNpY2FsTWVtb3J5IGlzIGVtcHR5IG9uIHNvbWUgdmlydHVhbCBwbGF0Zm9ybXMKICAgICAgICBhbnNpYmxlX21lbXRvdGFsX21iID0gKFttYXRoXTo6cm91bmQoJHdpbjMyX2NzLlRvdGFsUGh5c2ljYWxNZW1vcnkgLyAxMDI0IC8gMTAyNCkpCiAgICAgICAgYW5zaWJsZV9zd2FwdG90YWxfbWIgPSAoW21hdGhdOjpyb3VuZCgkd2luMzJfb3MuVG90YWxTd2FwU3BhY2VTaXplIC8gMTAyNCAvIDEwMjQpKQogICAgfQp9CgoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ3BsYXRmb3JtJykpIHsKICAgICR3aW4zMl9jcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfQ29tcHV0ZXJTeXN ScriptBlock ID: b6e7ec0c-3332-450b-bc81-8221aa8add22 Path:	4104	1		3	2	15	0	1940	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2644	532	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:20 PM	7f70462d-725d-0003-508f-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQ ScriptBlock ID: b6e7ec0c-3332-450b-bc81-8221aa8add22 Path:	4104	1		3	2	15	0	1939	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2644	532	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:20 PM	7f70462d-725d-0003-508f-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1938	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2644	2940	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:20 PM	7f70462d-725d-0004-c2d2-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2644 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1937	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2644	4936	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:20 PM	7f70462d-725d-0004-c2d2-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1936	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2644	2940	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:51:20 PM	7f70462d-725d-0004-c2d2-747f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1935	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1076	1188	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:16 PM	7f70462d-725d-0002-7492-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1076 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1934	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1076	220	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:16 PM	7f70462d-725d-0002-7492-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1933	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1076	1188	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:16 PM	7f70462d-725d-0002-7492-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = feab9b53-7f45-418e-aa83-f9e44fe47edf Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = fd85fdfa-bb49-4d61-84b8-d69a8cda7e54 Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = HV-CINDER-79963\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1932	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2476	4816	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:16 PM	7f70462d-725d-0001-6456-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: ec02244d-288b-4528-9741-b4ebf747b7d7 Path:	4104	1		3	2	15	0	1931	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2476	4928	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:16 PM	7f70462d-725d-0003-db92-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 169db3fe-67fe-43e9-b6c8-aee60424b88f Path:	4104	1		3	2	15	0	1930	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2476	4928	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:16 PM	7f70462d-725d-0003-d492-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: f2a9e008-adb9-4155-9a60-3426b687d900 Path:	4104	1		3	2	15	0	1929	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2476	4928	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:15 PM	7f70462d-725d-0000-385e-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 5): -Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 6599a2c0-c046-4d0f-8080-001cb03e9032 Path:	4104	1		3	2	15	0	1928	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2476	4928	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:15 PM	7f70462d-725d-0000-335e-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 5): ICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "Get-Service neutron-hyperv-agent | %{$_.Status}", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo ScriptBlock ID: 6599a2c0-c046-4d0f-8080-001cb03e9032 Path:	4104	1		3	2	15	0	1927	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2476	4928	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:15 PM	7f70462d-725d-0000-335e-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 5): gIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAg ScriptBlock ID: 6599a2c0-c046-4d0f-8080-001cb03e9032 Path:	4104	1		3	2	15	0	1926	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2476	4928	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:15 PM	7f70462d-725d-0000-335e-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 5): PSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICA ScriptBlock ID: 6599a2c0-c046-4d0f-8080-001cb03e9032 Path:	4104	1		3	2	15	0	1925	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2476	4928	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:15 PM	7f70462d-725d-0000-335e-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 5): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3Mg ScriptBlock ID: 6599a2c0-c046-4d0f-8080-001cb03e9032 Path:	4104	1		3	2	15	0	1924	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2476	4928	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:15 PM	7f70462d-725d-0000-335e-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1923	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2476	4384	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:15 PM	7f70462d-725d-0001-4b56-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2476 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1922	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2476	4352	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:15 PM	7f70462d-725d-0001-4b56-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1921	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2476	4384	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:15 PM	7f70462d-725d-0001-4b56-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.Linq; using System.Runtime.InteropServices; using System.Security.Principal; using System.Text; namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = d52fa4e7-d27e-4e79-addc-2928dc81e0cb Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 0af181e6-7c25-4f84-8789-b9472985b60f Pipeline ID = 8 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 36 User = HV-CINDER-79963\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1920	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2020	2016	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:14 PM	7f70462d-725d-0004-606c-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = d52fa4e7-d27e-4e79-addc-2928dc81e0cb Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 0af181e6-7c25-4f84-8789-b9472985b60f Pipeline ID = 8 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = HV-CINDER-79963\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1919	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2020	2016	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:14 PM	7f70462d-725d-0004-5e6c-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: abb2a71c-73ec-4c25-b1ad-75f98fa3dc89 Path:	4104	1		3	2	15	0	1918	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2020	4140	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:13 PM	7f70462d-725d-0002-6492-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): te_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $platform_util $env:TMP = $original_tmp } Function Get-AnsiblePrivilege { <# .SYNOPSIS Get the status of a privilege for the current process. This returns $true - the privilege is enabled $false - the privilege is disabled $null - the privilege is removed from the token If Name is not a valid privilege name, this will throw an ArgumentException. .EXAMPLE Get-AnsiblePrivilege -Name SeDebugPrivilege #> [CmdletBinding()] param( [Parameter(Mandatory=$true)][String]$Name ) if (-not [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($Name)) { throw [System.ArgumentException] "Invalid privilege name '$Name'" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() $privilege_info = [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process_token) if ($privilege_info.ContainsKey($Name)) { $status = $privilege_info.$Name return $status.HasFlag([Ansible.PrivilegeUtil.PrivilegeAttributes]::Enabled) } else { return $null } } Function Set-AnsiblePrivilege { <# .SYNOPSIS Enables/Disables a privilege on the current process' token. If a privilege has been removed from the process token, this will throw an InvalidOperationException. .EXAMPLE # enable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $true # disable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $false #> [CmdletBinding(SupportsShouldProcess)] param( [Parameter(Mandatory=$true)][String]$Name, [Parameter(Mandatory=$true)][bool]$Value ) $action = switch($Value) { $true { "Enable" } $false { "Disable" } } $current_state = Get-AnsiblePrivilege -Name $Name if ($current_state -eq $Value) { return # no change needs to occur } elseif ($null -eq $current_state) { # once a privilege is removed from a token we cannot do anything with it throw [System.InvalidOperationException] "Cannot $($action.ToLower()) the privilege '$Name' as it has been removed from the token" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() if ($PSCmdlet.ShouldProcess($Name, "$action the privilege $Name")) { $new_state = New-Object -TypeName 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' $new_state.Add($Name, $Value) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process_token, $new_state) > $null } } Export-ModuleMember -Function Import-PrivilegeUtil, Get-AnsiblePrivilege, Set-AnsiblePrivilege ` -Variable ansible_privilege_util_namespaces, ansible_privilege_util_code ScriptBlock ID: 6c58d74d-a6b8-40aa-bd57-6518e2bb99d6 Path:	4104	1		3	2	15	0	1917	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2020	4140	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:13 PM	7f70462d-725d-0001-3c56-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): # Copyright (c) 2018 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) # store in separate variables to make it easier for other module_utils to # share this code in their own c# code $ansible_privilege_util_namespaces = @( "Microsoft.Win32.SafeHandles", "System", "System.Collections.Generic", "System.Linq", "System.Runtime.InteropServices", "System.Security.Principal", "System.Text" ) $ansible_privilege_util_code = @' namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } } '@ Function Import-PrivilegeUtil { <# .SYNOPSIS Compiles the C# code that can be used to manage Windows privileges from an Ansible module. Once this function is called, the following PowerShell cmdlets can be used; Get-AnsiblePrivilege Set-AnsiblePrivilege The above cmdlets give the ability to manage permissions on the current process token but the underlying .NET classes are also exposed for greater control. The following functions can be used by calling the .NET class [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($name) [Ansible.PrivilegeUtil.Privileges]::DisablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::DisableAllPrivileges($process) [Ansible.PrivilegeUtil.Privileges]::EnablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process) [Ansible.PrivilegeUtil.Privileges]::RemovePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process, $new_state) Here is a brief explanation of each type of arg $process = The process handle to manipulate, use '[Ansible.PrivilegeUtils.Privileges]::GetCurrentProcess()' to get the current process handle $name = The name of the privilege, this is the constant value from https://docs.microsoft.com/en-us/windows/desktop/SecAuthZ/privilege-constants, e.g. SeAuditPrivilege $new_state = 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' The key is the constant name as a string, the value is a ternary boolean where true - will enable the privilege false - will disable the privilege null - will remove the privilege Each method that changes the privilege state will return a dictionary that can be used as the $new_state arg of SetTokenPrivileges to undo and revert back to the original state. If you remove a privilege then this is irreversible and won't be part of the returned dict #> [CmdletBinding()] # build the C# code to compile $namespace_import = ($ansible_privilege_util_namespaces | ForEach-Object { "using $_;" }) -join "`r`n" $platform_util = "$namespace_import`r`n`r`n$ansible_privilege_util_code" # FUTURE: find a better way to get the _ansible_remote_tmp variable # this is used to force csc to compile the C# code in the remote tmp # specified $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remo ScriptBlock ID: 6c58d74d-a6b8-40aa-bd57-6518e2bb99d6 Path:	4104	1		3	2	15	0	1916	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2020	4140	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:13 PM	7f70462d-725d-0001-3c56-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) #Requires -Module Ansible.ModuleUtils.PrivilegeUtil Function Load-LinkUtils() { $link_util = @' using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } } '@ # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $link_util $env:TMP = $original_tmp Import-PrivilegeUtil # enable the SeBackupPrivilege if it is disabled $state = Get-AnsiblePrivilege -Name SeBackupPrivilege if ($state -eq $false) { Set-AnsiblePrivilege -Name SeBackupPrivilege -Value $true } } Function Get-Link($link_path) { $link_info = [Ansible.LinkUtil]::GetLinkInfo($link_path) return $link_info } Function Remove-Link($link_path) { [Ansible.LinkUtil]::DeleteLink($link_path) } Function New-Link($link_path, $link_target, $link_type) { if (-not (Test-Path -Path $link_target)) { throw "link_target '$link_target' does not exist, cannot create link" } switch($link_type) { "link" { $type = [Ansible.LinkType]::SymbolicLink } "junction" { if (Test-Path -Path $link_target -PathType Leaf) { throw "cannot set the target for a junction point to a file" } $type = [Ansible.LinkType]::JunctionPoint } "hard" { if (Test-Path -Path $link_target -PathType Container) { throw "cannot set the target for a hard link to a directory" } $type = [Ansible.LinkType]::HardLink } default { throw "invalid link_type option $($link_type): expecting link, junction, hard" } } [Ansible.LinkUtil]::CreateLink($link_path, $link_target, $type) } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 049bc873-2b25-42a9-8e7f-a6a86e956a1a Path:	4104	1		3	2	15	0	1915	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2020	4140	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:13 PM	7f70462d-725d-0002-6092-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 02275a4e-f676-4501-92fd-f7ee929bf7c5 Path:	4104	1		3	2	15	0	1914	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2020	4140	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:13 PM	7f70462d-725d-0001-2e56-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 5): hcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5GaWxlVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxpbmtVdGlsCgpmdW5jdGlvbiBEYXRlVG8tVGltZXN0YW1wKCRzdGFydF9kYXRlLCAkZW5kX2RhdGUpIHsKICAgIGlmICgkc3RhcnRfZGF0ZSAtYW5kICRlbmRfZGF0ZSkgewogICAgICAgIHJldHVybiAoTmV3LVRpbWVTcGFuIC1TdGFydCAkc3RhcnRfZGF0ZSAtRW5kICRlbmRfZGF0ZSkuVG90YWxTZWNvbmRzCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokcGF0aCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJwYXRoIiAtdHlwZSAicGF0aCIgLWZhaWxpZmVtcHR5ICR0cnVlIC1hbGlhc2VzICJkZXN0IiwibmFtZSIKJGdldF9tZDUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZ2V0X21kNSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQokZ2V0X2NoZWNrc3VtID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgImdldF9jaGVja3N1bSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCiRjaGVja3N1bV9hbGdvcml0aG0gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hlY2tzdW1fYWxnb3JpdGhtIiAtdHlwZSAic3RyIiAtZGVmYXVsdCAic2hhMSIgLXZhbGlkYXRlc2V0ICJtZDUiLCJzaGExIiwic2hhMjU2Iiwic2hhMzg0Iiwic2hhNTEyIgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCiAgICBzdGF0ID0gQHsKICAgICAgICBleGlzdHMgPSAkZmFsc2UKICAgIH0KfQoKIyBnZXRfbWQ1IHdpbGwgYmUgYW4gdW5kb2N1bWVudGVkIG9wdGlvbiBpbiAyLjkgdG8gYmUgcmVtb3ZlZCBhdCBhIGxhdGVyCiMgZGF0ZSBpZiBwb3NzaWJsZSAoMy4wKykKaWYgKEdldC1NZW1iZXIgLWlucHV0b2JqZWN0ICRwYXJhbXMgLW5hbWUgImdldF9tZDUiKSB7CiAgICBBZGQtRGVwcmVhY3Rpb25XYXJuaW5nIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiZ2V0X21kNSBoYXMgYmVlbiBkZXByZWNhdGVkIGFsb25nIHdpdGggdGhlIG1kNSByZXR1cm4gdmFsdWUsIHVzZSBnZXRfY2hlY2tzdW09VHJ1ZSBhbmQgY2hlY2tzdW1fYWxnb3JpdGhtPW1kNSBpbnN0ZWFkIiAtdmVyc2lvbiAyLjkKfQoKJGluZm8gPSBHZXQtQW5zaWJsZUl0ZW0gLVBhdGggJHBhdGggLUVycm9yQWN0aW9uIFNpbGVudGx5Q29udGludWUKSWYgKCRpbmZvIC1uZSAkbnVsbCkgewogICAgJGVwb2NoX2RhdGUgPSBHZXQtRGF0ZSAtRGF0ZSAiMDEvMDEvMTk3MCIKICAgICRhdHRyaWJ1dGVzID0gQCgpCiAgICBmb3JlYWNoICgkYXR0cmlidXRlIGluICgkaW5mby5BdHRyaWJ1dGVzIC1zcGxpdCAnLCcpKSB7CiAgICAgICAgJGF0dHJpYnV0ZXMgKz0gJGF0dHJpYnV0ZS5UcmltKCkKICAgIH0KCiAgICAjIGRlZmF1bHQgdmFsdWVzIHRoYXQgYXJlIGFsd2F5cyBzZXQsIHNwZWNpZmljIHZhbHVlcyBhcmUgc2V0IGJlbG93IHRoaXMKICAgICMgYnV0IGFyZSBrZXB0IGNvbW1lbnRlZCBmb3IgZWFzaWVyIHJlYWRhYmlsaXR5CiAgICAkc3RhdCA9IEB7CiAgICAgICAgZXhpc3RzID0gJHRydWUKICAgICAgICBhdHRyaWJ1dGVzID0gJGluZm8uQXR0cmlidXRlcy5Ub1N0cmluZygpCiAgICAgICAgaXNhcmNoaXZlID0gKCRhdHRyaWJ1dGVzIC1jb250YWlucyAiQXJjaGl2ZSIpCiAgICAgICAgaXNkaXIgPSAkZmFsc2UKICAgICAgICBpc2hpZGRlbiA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIkhpZGRlbiIpCiAgICAgICAgaXNqdW5jdGlvbiA9ICRmYWxzZQogICAgICAgIGlzbG5rID0gJGZhbHNlCiAgICAgICAgaXNyZWFkb25seSA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIlJlYWRPbmx5IikKICAgICAgICBpc3JlZyA9ICRmYWxzZQogICAgICAgIGlzc2hhcmVkID0gJGZhbHNlCiAgICAgICAgbmxpbmsgPSAxICAjIE51bWJlciBvZiBsaW5rcyB0byB0aGUgZmlsZSAoaGFyZCBsaW5rcyksIG92ZXJyaWRlbiBiZWxvdyBpZiBpc2xuawogICAgICAgICMgbG5rX3RhcmdldCA9IGlzbG5rIG9yIGlzanVuY3Rpb24gVGFyZ2V0IG9mIHRoZSBzeW1saW5rLiBOb3RlIHRoYXQgcmVsYXRpdmUgcGF0aHMgcmVtYWluIHJlbGF0aXZlCiAgICAgICAgIyBsbmtfc291cmNlID0gaXNsbmsgb3MgaXNqdW5jdGlvbiBUYXJnZXQgb2YgdGhlIHN5bWxpbmsgbm9ybWFsaXplZCBmb3IgdGhlIHJlbW90ZSBmaWxlc3lzdGVtCiAgICAgICAgaGxua190YXJnZXRzID0gQCgpCiAgICAgICAgY3JlYXRpb250aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkNyZWF0aW9uVGltZSkKICAgICAgICBsYXN0YWNjZXNzdGltZSA9IChEYXRlVG8tVGltZXN0YW1wIC1zdGFydF9kYXRlICRlcG9jaF9kYXRlIC1lbmRfZGF0ZSAkaW5mby5MYXN0QWNjZXNzVGltZSkKICAgICAgICBsYXN0d3JpdGV0aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkxhc3RXcml0ZVRpbWUpCiAgICAgICAgIyBzaXplID0gYSBmaWxlIGFuZCBkaXJlY3RvcnkgLSBjYWxjdWxhdGVkIGJlbG93CiAgICAgICAgcGF0aCA9ICRpbmZvLkZ1bGxOYW1lCiAgICAgICAgZmlsZW5hbWUgPSAkaW5mby5OYW1lCiAgICAgICAgIyBleHRlbnNpb24gPSBhIGZpbGUKICAgICAgICAjIG93bmVyID0gc2V0IG91dHNpdGUgdGhpcyBkaWN0IGluIGNhc2UgaXQgZmFpbHMKICAgICAgICAjIHNoYXJlbmFtZSA9IGEgZGlyZWN0b3J5IGFuZCBpc3NoYXJlZCBpcyBUcnVlCiAgICAgICAgIyBjaGVja3N1bSA9IGEgZmlsZSBhbmQgZ2V0X2NoZWNrc3VtOiBUcnVlCiAgICAgICAgIyBtZDUgPSBhIGZpbGUgYW5kIGdldF9tZDU6IFRydWUKICAgIH0KICAgICRzdGF0Lm93bmVyID0gJGluZm8uR2V0QWNjZXNzQ29udHJvbCgpLk93bmVyCgogICAgIyB2YWx1ZXMgdGhhdCBhcmUgc2V0IGFjY29yZGluZyB0byB0aGUgdHlwZSBvZiBmaWxlCiAgICBpZiAoJGluZm8uQXR0cmlidXRlcy5IYXNGbGFnKFtTeXN0ZW0uSU8uRmlsZUF0dHJpYnV0ZXNdOjpEaXJlY3RvcnkpKSB7CiAgICAgICAgJHN0YXQuaXNkaXIgPSAkdHJ1ZQogICAgICAgICRzaGFyZV9pbmZvID0gR2V0LVdtaU9iamVjdCAtQ2xhc3MgV2luMzJfU2hhcmUgLUZpbHRlciAiUGF0aD0nJCgkc3RhdC5wYXRoIC1yZXBsYWNlICdcXCcsICdcXCcpJyIKICAgICAgICBpZiAoJHNoYXJlX2luZm8gLW5lICRudWxsKSB7CiAgICAgICAgICAgICRzdGF0Lmlzc2hhcmVkID0gJHRydWUKICAgICAgICAgICAgJHN0YXQuc2hhcmVuYW1lID0gJHNoYXJlX2luZm8uTmFtZQogICAgICAgIH0KCiAgICAgICAgdHJ5IHsKICAgICAgICAgICAgJHNpemUgPSAwCiAgICAgICAgICAgIGZvcmVhY2ggKCRmaWxlIGluICRpbmZvLkVudW1lcmF0ZUZpbGVzKCIqIiwgW1N5c3RlbS5JTy5TZWFyY2hPcHRpb25dOjpBbGxEaXJlY3RvcmllcykpIHsKICAgICAgICAgICAgICAgICRzaXplICs9ICRmaWxlLkxlbmd0aAogICAgICAgICAgICB9CiAgICAgICAgICAgICRzdGF0LnNpemUgPSAkc2l6ZQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICAkc3RhdC5zaXplID0gMAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHN0YXQuZXh0ZW5zaW9uID0gJGluZm8uRXh0ZW5zaW9uCiAgICAgICAgJHN0YXQuaXNyZWcgPSAkdHJ1ZQogICAgICAgICRzdGF0LnNpemUgPSAkaW5mby5MZW5ndGgKCiAgICAgICAgaWYgKCRnZXRfbWQ1KSB7CiAgICAgICAgICAgIHRyeSB7CiAgICAgICAgICAgICAgICAkc3RhdC5tZDUgPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gIm1kNSIKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJmYWlsZWQgdG8gZ2V0IE1ENSBoYXNoIG9mIGZpbGUsIHJlbW92ZSBnZXRfbWQ1IHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICBpZiAoJGdldF9jaGVja3N1bSkgewogICAgICAgICAgICB0cnkgewogICAgICAgICAgICAgICAgJHN0YXQuY2hlY2tzdW0gPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gJGNoZWNrc3VtX2FsZ29yaXRobQogICAgICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImZhaWxlZCB0byBnZXQgaGFzaCBvZiBmaWxlLCBzZXQgZ2V0X2NoZWNrc3VtIHRvIEZhbHNlIHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KCiAgICAjIEdldCBzeW1ib2xpYyBsaW5rLCBqdW5jdGlvbiBwb2ludCwgaGFyZCBsaW5rIGluZm8KICAgIExvYWQtTGlua1V0aWxzCiAgICB0cnkgewogICAgICAgICRsaW5rX2luZm8gPSBHZXQtTGluayAtbGlua19wYXRoICRpbmZvLkZ1bGxOYW1lCiAgICB9IGNhdGNoIHsKICAgICAgICBBZGQtV2FybmluZyAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBjaGVjay9nZXQgbGluayBpbmZvIGZvciBmaWxlOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgIH0KICAgIGlmICgkbGlua19pbmZvIC1uZSAkbnVsbCkgewogICAgICAgIHN3aXRjaCAoJGxpbmtfaW5mby5UeXBlKSB7CiAgICAgICAgICAgICJTeW1ib2xpY0xpbmsiIHsKICAgICAgICAgICAgICAgICRzdGF0LmlzbG5rID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJKdW5jdGlvblBvaW50IiB7CiAgICAgICAgICAgICAgICAkc3RhdC5pc2p1bmN0aW9uID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJIYXJkTGluayIgewogICAgICAgICAgICAgICAgJHN0YXQubG5rX3R5cGUgPSAiaGFyZCIKICAgICAgICAgICAgICAgICRzdGF0Lm5saW5rID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cy5Db3VudAoKICAgICAgICAgICAgICAgICMgcmVtb3ZlIGN1cnJlbnQgcGF0aCBmcm9tIHRoZSB0YXJnZXRzCiAgICAgICAgICAgICAgICAkaGxua190YXJnZXRzID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cyB8IFdoZXJlLU9iamVjdCB7ICRfIC1uZSAkc3RhdC5wYXRoIH0KICAgICAgICAgICAgICAgICRzdGF0LmhsbmtfdGFyZ2V0cyA9IEAoJGhsbmtfdGFyZ2V0cykKICAgICAgICAgICAgICAgIGJyZWFrCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9CgogICAgJHJlc3VsdC5zdGF0ID0gJHN0YXQKfQoKRXhpdC1Kc29uICRyZXN1bHQK", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_stat", "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_check_mode": false, "get_checksum": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "path": "c:\\openstack\\log\\neutron-hyperv-agent.log", "get_md5": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: f61f9889-e11d-4fae-80e5-abf5eacd48c7 Path:	4104	1		3	2	15	0	1913	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2020	4140	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:13 PM	7f70462d-725d-0001-2856-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 5): HlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SnVuY3Rpb25Qb2ludAogICAgICAgIH0KICAgICAgICAiaGFyZCIgewogICAgICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRsaW5rX3RhcmdldCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGhhcmQgbGluayB0byBhIGRpcmVjdG9yeSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SGFyZExpbmsKICAgICAgICB9CiAgICAgICAgZGVmYXVsdCB7IHRocm93ICJpbnZhbGlkIGxpbmtfdHlwZSBvcHRpb24gJCgkbGlua190eXBlKTogZXhwZWN0aW5nIGxpbmssIGp1bmN0aW9uLCBoYXJkIiB9CiAgICB9CiAgICBbQW5zaWJsZS5MaW5rVXRpbF06OkNyZWF0ZUxpbmsoJGxpbmtfcGF0aCwgJGxpbmtfdGFyZ2V0LCAkdHlwZSkKfQoKIyB0aGlzIGxpbmUgbXVzdCBzdGF5IGF0IHRoZSBib3R0b20gdG8gZW5zdXJlIGFsbCBkZWZpbmVkIG1vZHVsZSBwYXJ0cyBhcmUgZXhwb3J0ZWQKRXhwb3J0LU1vZHVsZU1lbWJlciAtQWxpYXMgKiAtRnVuY3Rpb24gKiAtQ21kbGV0ICoK", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAp ScriptBlock ID: f61f9889-e11d-4fae-80e5-abf5eacd48c7 Path:	4104	1		3	2	15	0	1912	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2020	4140	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:13 PM	7f70462d-725d-0001-2856-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 5): WF0aW9uRGlzcG9zaXRpb24sCiAgICAgICAgICAgIFVJbnQzMiBkd0ZsYWdzQW5kQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGhUZW1wbGF0ZUZpbGUpOwoKICAgICAgICAvLyBVc2VkIGJ5IEdldFJlcGFyc2VQb2ludEluZm8oKQogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIERldmljZUlvQ29udHJvbCgKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaERldmljZSwKICAgICAgICAgICAgVUludDMyIGR3SW9Db250cm9sQ29kZSwKICAgICAgICAgICAgSW50UHRyIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgUkVQQVJTRV9EQVRBX0JVRkZFUiBscE91dEJ1ZmZlciwKICAgICAgICAgICAgVUludDMyIG5PdXRCdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgVUludDMyIGxwQnl0ZXNSZXR1cm5lZCwKICAgICAgICAgICAgSW50UHRyIGxwT3ZlcmxhcHBlZCk7CgogICAgICAgIC8vIFVzZWQgYnkgQ3JlYXRlSnVuY3Rpb25Qb2ludCgpCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIGJvb2wgRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICBTYWZlRmlsZUhhbmRsZSBoRGV2aWNlLAogICAgICAgICAgICBVSW50MzIgZHdJb0NvbnRyb2xDb2RlLAogICAgICAgICAgICBSRVBBUlNFX0RBVEFfQlVGRkVSIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBJbnRQdHIgbHBPdXRCdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuT3V0QnVmZmVyU2l6ZSwKICAgICAgICAgICAgb3V0IFVJbnQzMiBscEJ5dGVzUmV0dXJuZWQsCiAgICAgICAgICAgIEludFB0ciBscE92ZXJsYXBwZWQpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBHZXRWb2x1bWVQYXRoTmFtZSgKICAgICAgICAgICAgc3RyaW5nIGxwc3pGaWxlTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscHN6Vm9sdW1lUGF0aE5hbWUsCiAgICAgICAgICAgIHJlZiBVSW50MzIgY2NoQnVmZmVyTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIEludFB0ciBGaW5kRmlyc3RGaWxlTmFtZVcoCiAgICAgICAgICAgIHN0cmluZyBscEZpbGVOYW1lLAogICAgICAgICAgICBVSW50MzIgZHdGbGFncywKICAgICAgICAgICAgcmVmIFVJbnQzMiBTdHJpbmdMZW5ndGgsCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgTGlua05hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBGaW5kTmV4dEZpbGVOYW1lVygKICAgICAgICAgICAgSW50UHRyIGhGaW5kU3RyZWFtLAogICAgICAgICAgICByZWYgVUludDMyIFN0cmluZ0xlbmd0aCwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBMaW5rTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEZpbmRDbG9zZSgKICAgICAgICAgICAgSW50UHRyIGhGaW5kRmlsZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeSgKICAgICAgICAgICAgc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBEZWxldGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIENyZWF0ZVN5bWJvbGljTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwU3ltbGlua0ZpbGVOYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBUYXJnZXRGaWxlTmFtZSwKICAgICAgICAgICAgVUludDMyIGR3RmxhZ3MpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVIYXJkTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwRmlsZU5hbWUsCiAgICAgICAgICAgIHN0cmluZyBscEV4aXN0aW5nRmlsZU5hbWUsCiAgICAgICAgICAgIEludFB0ciBscFNlY3VyaXR5QXR0cmlidXRlcyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgTGlua0luZm8gR2V0TGlua0luZm8oc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rUGF0aCk7CiAgICAgICAgICAgIGlmIChhdHRyLkhhc0ZsYWcoRmlsZUF0dHJpYnV0ZXMuUmVwYXJzZVBvaW50KSkKICAgICAgICAgICAgICAgIHJldHVybiBHZXRSZXBhcnNlUG9pbnRJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIGlmICghYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICByZXR1cm4gR2V0SGFyZExpbmtJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIHJldHVybiBudWxsOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUxpbmsoc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgYm9vbCBzdWNjZXNzOwogICAgICAgICAgICBGaWxlQXR0cmlidXRlcyBhdHRyID0gRmlsZS5HZXRBdHRyaWJ1dGVzKGxpbmtQYXRoKTsKICAgICAgICAgICAgaWYgKGF0dHIuSGFzRmxhZyhGaWxlQXR0cmlidXRlcy5EaXJlY3RvcnkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzdWNjZXNzID0gUmVtb3ZlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIHN1Y2Nlc3MgPSBEZWxldGVGaWxlKGxpbmtQYXRoKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgaWYgKCFzdWNjZXNzKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRmFpbGVkIHRvIGRlbGV0ZSBsaW5rIGF0IHswfSIsIGxpbmtQYXRoKSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgQ3JlYXRlTGluayhzdHJpbmcgbGlua1BhdGgsIFN0cmluZyBsaW5rVGFyZ2V0LCBMaW5rVHlwZSBsaW5rVHlwZSkKICAgICAgICB7CiAgICAgICAgICAgIHN3aXRjaCAobGlua1R5cGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGNhc2UgTGlua1R5cGUuU3ltYm9saWNMaW5rOgogICAgICAgICAgICAgICAgICAgIFVJbnQzMiBsaW5rRmxhZ3M7CiAgICAgICAgICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rVGFyZ2V0KTsKICAgICAgICAgICAgICAgICAgICBpZiAoYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICAgICAgICAgIGxpbmtGbGFncyA9IFNZTUJPTElDX0xJTktfRkxBR19ESVJFQ1RPUlk7CiAgICAgICAgICAgICAgICAgICAgZWxzZQogICAgICAgICAgICAgICAgICAgICAgICBsaW5rRmxhZ3MgPSBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRTsKCiAgICAgICAgICAgICAgICAgICAgaWYgKCFDcmVhdGVTeW1ib2xpY0xpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIGxpbmtGbGFncykpCiAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZVN5bWJvbGljTGluayh7MH0sIHsxfSwgezJ9KSBmYWlsZWQiLCBsaW5rUGF0aCwgbGlua1RhcmdldCwgbGlua0ZsYWdzKSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkp1bmN0aW9uUG9pbnQ6CiAgICAgICAgICAgICAgICAgICAgQ3JlYXRlSnVuY3Rpb25Qb2ludChsaW5rUGF0aCwgbGlua1RhcmdldCk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkhhcmRMaW5rOgogICAgICAgICAgICAgICAgICAgIGlmICghQ3JlYXRlSGFyZExpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlSGFyZExpbmsoezB9LCB7MX0pIGZhaWxlZCIsIGxpbmtQYXRoLCBsaW5rVGFyZ2V0KSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgIH0KICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIExpbmtJbmZvIEdldEhhcmRMaW5rSW5mbyhzdHJpbmcgbGlua1BhdGgpCiAgICAgICAgewogICAgICAgICAgICBVSW50MzIgbWF4UGF0aCA9IDI2MDsKICAgICAgICAgICAgTGlzdDxzdHJpbmc+IHJlc3VsdCA9IG5ldyBMaXN0PHN0cmluZz4oKTsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgc2IgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KW1heFBhdGgpOwogICAgICAgICAgICBVSW50MzIgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgaWYgKCFHZXRWb2x1bWVQYXRoTmFtZShsaW5rUGF0aCwgc2IsIHJlZiBzdHJpbmdMZW5ndGgpKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oIkdldFZvbHVtZVBhdGhOYW1lKCkgZmFpbGVkIik7CiAgICAgICAgICAgIHN0cmluZyB2b2x1bWUgPSBzYi5Ub1N0cmluZygpOwoKICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgSW50UHRyIGZpbmRIYW5kbGUgPSBGaW5kRmlyc3RGaWxlTmFtZVcobGlua1BhdGgsIDAsIHJlZiBzdHJpbmdMZW5ndGgsIHNiKTsKICAgICAgICAgICAgaWYgKGZpbmRIYW5kbGUuVG9JbnQ2NCgpICE9IElOVkFMSURfSEFORExFX1ZBTFVFKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBkbwogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nIGhhcmRMaW5rUGF0aCA9IHNiLlRvU3RyaW5nKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChoYXJkTGlua1BhdGguU3RhcnRzV2l0aCgiXFwiKSkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIGhhcmRMaW5rUGF0aCA9IGhhcmRMaW5rUGF0aC5TdWJzdHJpbmcoMSwgaGFyZExpbmtQYXRoLkxlbmd0aCAtIDEpOwoKICAgICAgICAgICAgICAgICAgICAgICAgcmVzdWx0LkFkZChQYXRoLkNvbWJpbmUodm9sdW1lLCBoYXJkTGlua1BhdGgpKTsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKCiAgICAgICAgICAgICAgICAgICAgfSB3aGlsZSAoRmluZE5leHRGaWxlTmFtZVcoZmluZEhhbmRsZSwgcmVmIHN0cmluZ0xlbmd0aCwgc2IpKTsKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBGaW5kQ2xvc2UoZmluZEhhbmRsZSk7CiAgICAgICAgICAgICAgICB9ICAgICAgICAgICAgICAgIAogICAgICAgICAgICB9CgogICAgICAgICAgICBpZiAocmVzdWx0LkNvdW50ID4gMSkKICAgICAgICAgICAgICAgIHJldHVybiBuZXcgTGlua0luZm8KICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBUeXBlID0gTGlua1R5cGUuSGFyZExpbmssCiAgICAgICAgICAgICAgICAgICAgSGFyZFRhcmdldHMgPSByZXN1bHQuVG9BcnJheSgpCiAgICAgICAgICAgICAgICB9OwoKICAgICAgICAgICAgcmV0dXJuIG51bGw7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBMaW5rSW5mbyBHZXRSZXBhcnNlUG9pbnRJbmZvKHN0cmluZyBsaW5rUGF0aCkKICAgICAgICB7CiAgICAgICAgICAgIFNhZmVGaWxlSGFuZGxlIGZpbGVIYW5kbGUgPSBDcmVhdGVGaWxlKAogICAgICAgICAgICAgICAgbGlua1BhdGgsCiAgICAgICAgICAgICAgICBGaWxlQWNjZXNzLlJlYWQsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuTm9uZSwKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgRmlsZU1vZGUuT3BlbiwKICAgICAgICAgICAgICAgIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgfCBGSUxFX0ZMQUdfQkFDS1VQX1NFTUFOVElDUywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKTsKCiAgICAgICAgICAgIGlmIChmaWxlSGFuZGxlLklzSW52YWxpZCkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZUZpbGUoezB9KSBmYWlsZWQiLCBsaW5rUGF0aCkpOyAgICAgICAgICAgIAoKICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfR0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICAgICAgMCwKICAgICAgICAgICAgICAgICAgICBvdXQgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIE1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgZm9yIGZpbGUgYXQgezB9IiwgbGlua1BhdGgpKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUuRGlzcG9zZSgpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBib29sIGlzUmVsYXRpdmUgPSBmYWxzZTsKICAgICAgICAgICAgaW50IHBhdGhPZmZzZXQgPSAwOwogICAgICAgICAgICBMaW5rVHlwZSBsaW5rVHlwZTsKICAgICAgICAgICAgaWYgKGJ1ZmZlci5SZXBhcnNlVGFnID09IElPX1JFUEFSU0VfVEFHX1NZTUxJTkspCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFVJbnQzMiBidWZmZXJGbGFncyA9IENvbnZlcnQuVG9VSW50MzIoYnVmZmVyLlBhdGhCdWZmZXJbMF0pICsgQ29udmVydC5Ub1VJbnQzMihidWZmZXIuUGF0aEJ1ZmZlclsxXSk7CiAgICAgICAgICAgICAgICBpZiAoYnVmZmVyRmxhZ3MgPT0gU1lNTElOS19GTEFHX1JFTEFUSVZFKQogICAgICAgICAgICAgICAgICAgIGlzUmVsYXRpdmUgPSB0cnVlOwogICAgICAgICAgICAgICAgcGF0aE9mZnNldCA9IDI7CiAgICAgICAgICAgICAgICBsaW5rVHlwZSA9IExpbmtUeXBlLlN5bWJvbGljTGluazsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlIGlmIChidWZmZXIuUmVwYXJzZVRhZyA9PSBJT19SRVBBUlNFX1RBR19NT1VOVF9QT0lOVCkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgbGlua1R5cGUgPSBMaW5rVHlwZS5KdW5jdGlvblBvaW50OwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIGVycm9yTWVzc2FnZSA9IFN0cmluZy5Gb3JtYXQoIkludmFsaWQgUmVwYXJzZSBUYWc6IHswfSIsIGJ1ZmZlci5SZXBhcnNlVGFnLlRvU3RyaW5nKCkpOwogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEV4Y2VwdGlvbihlcnJvck1lc3NhZ2UpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBzdHJpbmcgcHJpbnROYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlByaW50TmFtZU9mZnNldCAvIFNJWkVfT0ZfV0NIQVIpICsgcGF0aE9mZnNldCwgKGludCkoYnVmZmVyLlByaW50TmFtZUxlbmd0aCAvIFNJWkVfT0ZfV0NIQVIpKTsKICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0IC8gU0laRV9PRl9XQ0hBUikgKyBwYXRoT2Zmc2V0LCAoaW50KShidWZmZXIuU3Vic3RpdHV0ZU5hbWVMZW5ndGggLyBTSVpFX09GX1dDSEFSKSk7CgogICAgICAgICAgICAvLyBUT0RPOiBzaG91bGQgd2UgY2hlY2sgZm9yIFw/XFVOQ1xzZXJ2ZXIgZm9yIGNvbnZlcnQgaXQgdG8gdGhlIE5UIHN0eWxlIFxcc2VydmVyIHBhdGgKICAgICAgICAgICAgLy8gUmVtb3ZlIHRoZSBsZWFkaW5nIFdpbmRvd3Mgb2JqZWN0IGRpcmVjdG9yeSBcP1wgZnJvbSB0aGUgcGF0aCBpZiBwcmVzZW50CiAgICAgICAgICAgIHN0cmluZyB0YXJnZXRQYXRoID0gc3Vic3RpdHV0ZU5hbWU7CiAgICAgICAgICAgIGlmICh0YXJnZXRQYXRoLlN0YXJ0c1dpdGgoIlxcPz9cXCIpKQogICAgICAgICAgICAgICAgdGFyZ2V0UGF0aCA9IHRhcmdldFBhdGguU3Vic3RyaW5nKDQsIHRhcmdldFBhdGguTGVuZ3RoIC0gNCk7CgogICAgICAgICAgICBzdHJpbmcgYWJzb2x1dGVQYXRoID0gdGFyZ2V0UGF0aDsKICAgICAgICAgICAgaWYgKGlzUmVsYXRpdmUpCiAgICAgICAgICAgICAgICBhYnNvbHV0ZVBhdGggPSBQYXRoLkdldEZ1bGxQYXRoKFBhdGguQ29tYmluZShuZXcgRmlsZUluZm8obGlua1BhdGgpLkRpcmVjdG9yeS5GdWxsTmFtZSwgdGFyZ2V0UGF0aCkpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBMaW5rSW5mbwogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBUeXBlID0gbGlua1R5cGUsCiAgICAgICAgICAgICAgICBQcmludE5hbWUgPSBwcmludE5hbWUsCiAgICAgICAgICAgICAgICBTdWJzdGl0dXRlTmFtZSA9IHN1YnN0aXR1dGVOYW1lLAogICAgICAgICAgICAgICAgQWJzb2x1dGVQYXRoID0gYWJzb2x1dGVQYXRoLAogICAgICAgICAgICAgICAgVGFyZ2V0UGF0aCA9IHRhcmdldFBhdGgKICAgICAgICAgICAgfTsKICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIHZvaWQgQ3JlYXRlSnVuY3Rpb25Qb2ludChzdHJpbmcgbGlua1BhdGgsIHN0cmluZyBsaW5rVGFyZ2V0KQogICAgICAgIHsKICAgICAgICAgICAgLy8gV2UgbmVlZCB0byBjcmVhdGUgdGhlIGxpbmsgYXMgYSBkaXIgYmVmb3JlaGFuZAogICAgICAgICAgICBEaXJlY3RvcnkuQ3JlYXRlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgZmlsZUhhbmRsZSA9IENyZWF0ZUZpbGUoCiAgICAgICAgICAgICAgICBsaW5rUGF0aCwKICAgICAgICAgICAgICAgIEZpbGVBY2Nlc3MuV3JpdGUsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuUmVhZCB8IEZpbGVTaGFyZS5Xcml0ZSB8IEZpbGVTaGFyZS5Ob25lLAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICBGaWxlTW9kZS5PcGVuLAogICAgICAgICAgICAgICAgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgfCBGSUxFX0ZMQUdfT1BFTl9SRVBBUlNFX1BPSU5ULAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8pOwoKICAgICAgICAgICAgaWYgKGZpbGVIYW5kbGUuSXNJbnZhbGlkKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlRmlsZSh7MH0pIGZhaWxlZCIsIGxpbmtQYXRoKSk7CgogICAgICAgICAgICB0cnkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gIlxcPz9cXCIgKyBQYXRoLkdldEZ1bGxQYXRoKGxpbmtUYXJnZXQpOwogICAgICAgICAgICAgICAgc3RyaW5nIHByaW50TmFtZSA9IGxpbmtUYXJnZXQ7CgogICAgICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICAgICAgYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0ID0gMDsKICAgICAgICAgICAgICAgIGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCA9IChVSW50MTYpKHN1YnN0aXR1dGVOYW1lLkxlbmd0aCAqIFNJWkVfT0ZfV0NIQVIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZU9mZnNldCA9IChVSW50MTYpKGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCArIDIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZUxlbmd0aCA9IChVSW50MTYpKHByaW50TmFtZS5MZW5ndGggKiBTSVpFX09GX1dDSEFSKTsKCiAgICAgICAgICAgICAgICBidWZmZXIuUmVwYXJzZVRhZyA9IElPX1JFUEFSU0VfVEFHX01PVU5UX1BPSU5UOwogICAgICAgICAgICAgICAgYnVmZmVyLlJlcGFyc2VEYXRhTGVuZ3RoID0gKFVJbnQxNikoYnVmZmVyLlN1YnN0aXR1dGVOYW1lTGVuZ3RoICsgYnVmZmVyLlByaW50TmFtZUxlbmd0aCArIDEyKTsKICAgICAgICAgICAgICAgIGJ1ZmZlci5QYXRoQnVmZmVyID0gbmV3IGNoYXJbTUFYSU1VTV9SRVBBUlNFX0RBVEFfQlVGRkVSX1NJWkVdOwoKICAgICAgICAgICAgICAgIGJ5dGVbXSB1bmljb2RlQnl0ZXMgPSBFbmNvZGluZy5Vbmljb2RlLkdldEJ5dGVzKHN1YnN0aXR1dGVOYW1lICsgIlwwIiArIHByaW50TmFtZSk7CiAgICAgICAgICAgICAgICBjaGFyW10gcGF0aEJ1ZmZlciA9IEVuY29kaW5nLlVuaWNvZGUuR2V0Q2hhcnModW5pY29kZUJ5dGVzKTsKICAgICAgICAgICAgICAgIEFycmF5LkNvcHkocGF0aEJ1ZmZlciwgYnVmZmVyLlBhdGhCdWZmZXIsIHBhdGhCdWZmZXIuTGVuZ3RoKTsKCiAgICAgICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIChVSW50MzIpKGJ1ZmZlci5SZXBhcnNlRGF0YUxlbmd0aCArIDgpLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLCAwLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgdG8gY3JlYXRlIGp1bmN0aW9uIHBvaW50IGF0IHswfSB0byB7MX0iLCBsaW5rUGF0aCwgbGlua1RhcmdldCkpOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZmlsZUhhbmRsZS5EaXNwb3NlKCk7CiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9Cn0KJ0AKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRsaW5rX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKICAgIEltcG9ydC1Qcml2aWxlZ2VVdGlsCiAgICAjIGVuYWJsZSB0aGUgU2VCYWNrdXBQcml2aWxlZ2UgaWYgaXQgaXMgZGlzYWJsZWQKICAgICRzdGF0ZSA9IEdldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQmFja3VwUHJpdmlsZWdlCiAgICBpZiAoJHN0YXRlIC1lcSAkZmFsc2UpIHsKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZSAtTmFtZSBTZUJhY2t1cFByaXZpbGVnZSAtVmFsdWUgJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUxpbmsoJGxpbmtfcGF0aCkgewogICAgJGxpbmtfaW5mbyA9IFtBbnNpYmxlLkxpbmtVdGlsXTo6R2V0TGlua0luZm8oJGxpbmtfcGF0aCkKICAgIHJldHVybiAkbGlua19pbmZvCn0KCkZ1bmN0aW9uIFJlbW92ZS1MaW5rKCRsaW5rX3BhdGgpIHsKICAgIFtBbnNpYmxlLkxpbmtVdGlsXTo6RGVsZXRlTGluaygkbGlua19wYXRoKQp9CgpGdW5jdGlvbiBOZXctTGluaygkbGlua19wYXRoLCAkbGlua190YXJnZXQsICRsaW5rX3R5cGUpIHsKICAgIGlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0KSkgewogICAgICAgIHRocm93ICJsaW5rX3RhcmdldCAnJGxpbmtfdGFyZ2V0JyBkb2VzIG5vdCBleGlzdCwgY2Fubm90IGNyZWF0ZSBsaW5rIgogICAgfQogICAgCiAgICBzd2l0Y2goJGxpbmtfdHlwZSkgewogICAgICAgICJsaW5rIiB7CiAgICAgICAgICAgICR0eXBlID0gW0Fuc2libGUuTGlua1R5cGVdOjpTeW1ib2xpY0xpbmsKICAgICAgICB9CiAgICAgICAgImp1bmN0aW9uIiB7CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGp1bmN0aW9uIHBvaW50IHRvIGEgZmlsZSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkd ScriptBlock ID: f61f9889-e11d-4fae-80e5-abf5eacd48c7 Path:	4104	1		3	2	15	0	1911	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2020	4140	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:13 PM	7f70462d-725d-0001-2856-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 5): CBuZXdTdGF0ZUJ5dGVzLCAwKTsKCiAgICAgICAgICAgICAgICAvLyBjb3B5IHRoZSByZW1haW5pbmcgTFVJRF9BTkRfQVRUUklCVVRFUyAoaWYgYW55KQogICAgICAgICAgICAgICAgZm9yIChpbnQgaSA9IDE7IGkgPCBuZXdTdGF0ZS5MZW5ndGg7IGkrKykKICAgICAgICAgICAgICAgICAgICBvZmZzZXQgKz0gU3RydWN0dXJlVG9CeXRlcyhuZXdTdGF0ZVtpXSwgbmV3U3RhdGVCeXRlcywgb2Zmc2V0KTsKCiAgICAgICAgICAgICAgICAvLyBmaW5hbGx5IGNyZWF0ZSB0aGUgcG9pbnRlciB0byB0aGUgYnl0ZSBhcnJheSB3ZSBqdXN0IGNyZWF0ZWQKICAgICAgICAgICAgICAgIG5ld1N0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwobmV3U3RhdGVCeXRlcy5MZW5ndGgpOwogICAgICAgICAgICAgICAgTWFyc2hhbC5Db3B5KG5ld1N0YXRlQnl0ZXMsIDAsIG5ld1N0YXRlUHRyLCBuZXdTdGF0ZUJ5dGVzLkxlbmd0aCk7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBJbnRQdHIgaFRva2VuID0gSW50UHRyLlplcm87CiAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuT3BlblByb2Nlc3NUb2tlbih0b2tlbiwgVG9rZW5BY2Nlc3NMZXZlbHMuUXVlcnkgfCBUb2tlbkFjY2Vzc0xldmVscy5BZGp1c3RQcml2aWxlZ2VzLCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIk9wZW5Qcm9jZXNzVG9rZW4oKSBmYWlsZWQgd2l0aCBRdWVyeSBhbmQgQWRqdXN0UHJpdmlsZWdlcyIpOwogICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgSW50UHRyIG9sZFN0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoMCk7CiAgICAgICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkFkanVzdFRva2VuUHJpdmlsZWdlcyhoVG9rZW4sIGRpc2FibGVBbGxQcml2aWxlZ2VzLCBuZXdTdGF0ZVB0ciwgMCwgb2xkU3RhdGVQdHIsIG91dCByZXR1cm5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChlcnJDb2RlICE9IDEyMikgLy8gRVJST1JfSU5TVUZGSUNJRU5UX0JVRkZFUgogICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKGVyckNvZGUsICJBZGp1c3RUb2tlblByaXZpbGVnZXMoKSBmYWlsZWQgdG8gZ2V0IG9sZCBzdGF0ZSBzaXplIik7CiAgICAgICAgICAgICAgICAgICAgfQoKICAgICAgICAgICAgICAgICAgICAvLyByZXNpemUgdGhlIG9sZFN0YXRlUHRyIGJhc2VkIG9uIHRoZSBsZW5ndGggcmV0dXJuZWQgZnJvbSBXaW5kb3dzCiAgICAgICAgICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChvbGRTdGF0ZVB0cik7CiAgICAgICAgICAgICAgICAgICAgb2xkU3RhdGVQdHIgPSBNYXJzaGFsLkFsbG9jSEdsb2JhbCgoaW50KXJldHVybkxlbmd0aCk7CiAgICAgICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBib29sIHJlcyA9IE5hdGl2ZU1ldGhvZHMuQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKGhUb2tlbiwgZGlzYWJsZUFsbFByaXZpbGVnZXMsIG5ld1N0YXRlUHRyLCByZXR1cm5MZW5ndGgsIG9sZFN0YXRlUHRyLCBvdXQgcmV0dXJuTGVuZ3RoKTsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBldmVuIHdoZW4gcmVzID09IHRydWUsIEVSUk9SX05PVF9BTExfQVNTSUdORUQgbWF5IGJlIHNldCBhcyB0aGUgbGFzdCBlcnJvciBjb2RlCiAgICAgICAgICAgICAgICAgICAgICAgIGlmICghcmVzIHx8IGVyckNvZGUgIT0gMCkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihlcnJDb2RlLCAiQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKCkgZmFpbGVkIik7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBNYXJzaGFsIHRoZSBvbGRTdGF0ZVB0ciB0byB0aGUgc3RydWN0CiAgICAgICAgICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUyBvbGRTdGF0ZSA9IChOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShvbGRTdGF0ZVB0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgICAgICBvbGRTdGF0ZVByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW29sZFN0YXRlLlByaXZpbGVnZUNvdW50XTsKICAgICAgICAgICAgICAgICAgICAgICAgUHRyVG9TdHJ1Y3R1cmVBcnJheShvbGRTdGF0ZVByaXZpbGVnZXMsIEludFB0ci5BZGQob2xkU3RhdGVQdHIsIE1hcnNoYWwuU2l6ZU9mKG9sZFN0YXRlLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBNYXJzaGFsLkZyZWVIR2xvYmFsKG9sZFN0YXRlUHRyKTsKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5DbG9zZUhhbmRsZShoVG9rZW4pOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaWYgKG5ld1N0YXRlUHRyICE9IEludFB0ci5aZXJvKQogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwobmV3U3RhdGVQdHIpOwogICAgICAgICAgICB9CgogICAgICAgICAgICByZXR1cm4gb2xkU3RhdGVQcml2aWxlZ2VzLlRvRGljdGlvbmFyeShwID0+IEdldFByaXZpbGVnZU5hbWUocC5MdWlkKSwgcCA9PiAoYm9vbD8pcC5BdHRyaWJ1dGVzLkhhc0ZsYWcoUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBzdHJpbmcgR2V0UHJpdmlsZWdlTmFtZShOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZCkKICAgICAgICB7CiAgICAgICAgICAgIFVJbnQzMiBuYW1lTGVuID0gMDsKICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5Mb29rdXBQcml2aWxlZ2VOYW1lKG51bGwsIHJlZiBsdWlkLCBudWxsLCByZWYgbmFtZUxlbik7CgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIG5hbWUgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KShuYW1lTGVuICsgMSkpOwogICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuTG9va3VwUHJpdmlsZWdlTmFtZShudWxsLCByZWYgbHVpZCwgbmFtZSwgcmVmIG5hbWVMZW4pKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJMb29rdXBQcml2aWxlZ2VOYW1lKCkgZmFpbGVkIik7CgogICAgICAgICAgICByZXR1cm4gbmFtZS5Ub1N0cmluZygpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBQdHJUb1N0cnVjdHVyZUFycmF5PFQ+KFRbXSBhcnJheSwgSW50UHRyIHB0cikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBwdHJPZmZzZXQgPSBwdHI7CiAgICAgICAgICAgIGZvciAoaW50IGkgPSAwOyBpIDwgYXJyYXkuTGVuZ3RoOyBpKyssIHB0ck9mZnNldCA9IEludFB0ci5BZGQocHRyT2Zmc2V0LCBNYXJzaGFsLlNpemVPZih0eXBlb2YoVCkpKSkKICAgICAgICAgICAgICAgIGFycmF5W2ldID0gKFQpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShwdHJPZmZzZXQsIHR5cGVvZihUKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBpbnQgU3RydWN0dXJlVG9CeXRlczxUPihUIHN0cnVjdHVyZSwgYnl0ZVtdIGFycmF5LCBpbnQgb2Zmc2V0KQogICAgICAgIHsKICAgICAgICAgICAgaW50IHNpemUgPSBNYXJzaGFsLlNpemVPZihzdHJ1Y3R1cmUpOwogICAgICAgICAgICBJbnRQdHIgc3RydWN0UHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoc2l6ZSk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBNYXJzaGFsLlN0cnVjdHVyZVRvUHRyKHN0cnVjdHVyZSwgc3RydWN0UHRyLCBmYWxzZSk7CiAgICAgICAgICAgICAgICBNYXJzaGFsLkNvcHkoc3RydWN0UHRyLCBhcnJheSwgb2Zmc2V0LCBzaXplKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwoc3RydWN0UHRyKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgcmV0dXJuIHNpemU7CiAgICAgICAgfQogICAgfQp9CidACgpGdW5jdGlvbiBJbXBvcnQtUHJpdmlsZWdlVXRpbCB7CiAgICA8IwogICAgLlNZTk9QU0lTCiAgICBDb21waWxlcyB0aGUgQyMgY29kZSB0aGF0IGNhbiBiZSB1c2VkIHRvIG1hbmFnZSBXaW5kb3dzIHByaXZpbGVnZXMgZnJvbSBhbgogICAgQW5zaWJsZSBtb2R1bGUuIE9uY2UgdGhpcyBmdW5jdGlvbiBpcyBjYWxsZWQsIHRoZSBmb2xsb3dpbmcgUG93ZXJTaGVsbAogICAgY21kbGV0cyBjYW4gYmUgdXNlZDsKCiAgICAgICAgR2V0LUFuc2libGVQcml2aWxlZ2UKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZQoKICAgIFRoZSBhYm92ZSBjbWRsZXRzIGdpdmUgdGhlIGFiaWxpdHkgdG8gbWFuYWdlIHBlcm1pc3Npb25zIG9uIHRoZSBjdXJyZW50CiAgICBwcm9jZXNzIHRva2VuIGJ1dCB0aGUgdW5kZXJseWluZyAuTkVUIGNsYXNzZXMgYXJlIGFsc28gZXhwb3NlZCBmb3IgZ3JlYXRlcgogICAgY29udHJvbC4gVGhlIGZvbGxvd2luZyBmdW5jdGlvbnMgY2FuIGJlIHVzZWQgYnkgY2FsbGluZyB0aGUgLk5FVCBjbGFzcwoKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkbmFtZSkKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkRpc2FibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6RGlzYWJsZUFsbFByaXZpbGVnZXMoJHByb2Nlc3MpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpFbmFibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2VzcykKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OlJlbW92ZVByaXZpbGVnZSgkcHJvY2VzcywgJG5hbWUpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3MsICRuZXdfc3RhdGUpCgogICAgSGVyZSBpcyBhIGJyaWVmIGV4cGxhbmF0aW9uIG9mIGVhY2ggdHlwZSBvZiBhcmcKICAgICRwcm9jZXNzID0gVGhlIHByb2Nlc3MgaGFuZGxlIHRvIG1hbmlwdWxhdGUsIHVzZSAnW0Fuc2libGUuUHJpdmlsZWdlVXRpbHMuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCknIHRvIGdldCB0aGUgY3VycmVudCBwcm9jZXNzIGhhbmRsZQogICAgJG5hbWUgPSBUaGUgbmFtZSBvZiB0aGUgcHJpdmlsZWdlLCB0aGlzIGlzIHRoZSBjb25zdGFudCB2YWx1ZSBmcm9tIGh0dHBzOi8vZG9jcy5taWNyb3NvZnQuY29tL2VuLXVzL3dpbmRvd3MvZGVza3RvcC9TZWNBdXRoWi9wcml2aWxlZ2UtY29uc3RhbnRzLCBlLmcuIFNlQXVkaXRQcml2aWxlZ2UKICAgICRuZXdfc3RhdGUgPSAnU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuRGljdGlvbmFyeWAyW1tTeXN0ZW0uU3RyaW5nXSwgW1N5c3RlbS5OdWxsYWJsZWAxW1N5c3RlbS5Cb29sZWFuXV1dJwogICAgICAgIFRoZSBrZXkgaXMgdGhlIGNvbnN0YW50IG5hbWUgYXMgYSBzdHJpbmcsIHRoZSB2YWx1ZSBpcyBhIHRlcm5hcnkgYm9vbGVhbiB3aGVyZQogICAgICAgICAgICB0cnVlIC0gd2lsbCBlbmFibGUgdGhlIHByaXZpbGVnZQogICAgICAgICAgICBmYWxzZSAtIHdpbGwgZGlzYWJsZSB0aGUgcHJpdmlsZWdlCiAgICAgICAgICAgIG51bGwgLSB3aWxsIHJlbW92ZSB0aGUgcHJpdmlsZWdlCgogICAgRWFjaCBtZXRob2QgdGhhdCBjaGFuZ2VzIHRoZSBwcml2aWxlZ2Ugc3RhdGUgd2lsbCByZXR1cm4gYSBkaWN0aW9uYXJ5IHRoYXQKICAgIGNhbiBiZSB1c2VkIGFzIHRoZSAkbmV3X3N0YXRlIGFyZyBvZiBTZXRUb2tlblByaXZpbGVnZXMgdG8gdW5kbyBhbmQgcmV2ZXJ0CiAgICBiYWNrIHRvIHRoZSBvcmlnaW5hbCBzdGF0ZS4gSWYgeW91IHJlbW92ZSBhIHByaXZpbGVnZSB0aGVuIHRoaXMgaXMKICAgIGlycmV2ZXJzaWJsZSBhbmQgd29uJ3QgYmUgcGFydCBvZiB0aGUgcmV0dXJuZWQgZGljdAogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICAjIGJ1aWxkIHRoZSBDIyBjb2RlIHRvIGNvbXBpbGUKICAgICRuYW1lc3BhY2VfaW1wb3J0ID0gKCRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX25hbWVzcGFjZXMgfCBGb3JFYWNoLU9iamVjdCB7ICJ1c2luZyAkXzsiIH0pIC1qb2luICJgcmBuIgogICAgJHBsYXRmb3JtX3V0aWwgPSAiJG5hbWVzcGFjZV9pbXBvcnRgcmBuYHJgbiRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGUiCgogICAgIyBGVVRVUkU6IGZpbmQgYSBiZXR0ZXIgd2F5IHRvIGdldCB0aGUgX2Fuc2libGVfcmVtb3RlX3RtcCB2YXJpYWJsZQogICAgIyB0aGlzIGlzIHVzZWQgdG8gZm9yY2UgY3NjIHRvIGNvbXBpbGUgdGhlIEMjIGNvZGUgaW4gdGhlIHJlbW90ZSB0bXAKICAgICMgc3BlY2lmaWVkCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwbGF0Zm9ybV91dGlsCiAgICAkZW52OlRNUCA9ICRvcmlnaW5hbF90bXAKfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQcml2aWxlZ2UgewogICAgPCMKICAgIC5TWU5PUFNJUwogICAgR2V0IHRoZSBzdGF0dXMgb2YgYSBwcml2aWxlZ2UgZm9yIHRoZSBjdXJyZW50IHByb2Nlc3MuIFRoaXMgcmV0dXJucwogICAgICAgICR0cnVlIC0gdGhlIHByaXZpbGVnZSBpcyBlbmFibGVkCiAgICAgICAgJGZhbHNlIC0gdGhlIHByaXZpbGVnZSBpcyBkaXNhYmxlZAogICAgICAgICRudWxsIC0gdGhlIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gdGhlIHRva2VuCgogICAgSWYgTmFtZSBpcyBub3QgYSB2YWxpZCBwcml2aWxlZ2UgbmFtZSwgdGhpcyB3aWxsIHRocm93IGFuCiAgICBBcmd1bWVudEV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VEZWJ1Z1ByaXZpbGVnZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZQogICAgKQoKICAgIGlmICgtbm90IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkTmFtZSkpIHsKICAgICAgICB0aHJvdyBbU3lzdGVtLkFyZ3VtZW50RXhjZXB0aW9uXSAiSW52YWxpZCBwcml2aWxlZ2UgbmFtZSAnJE5hbWUnIgogICAgfQoKICAgICRwcm9jZXNzX3Rva2VuID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0Q3VycmVudFByb2Nlc3MoKQogICAgJHByaXZpbGVnZV9pbmZvID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2Vzc190b2tlbikKICAgIGlmICgkcHJpdmlsZWdlX2luZm8uQ29udGFpbnNLZXkoJE5hbWUpKSB7CiAgICAgICAgJHN0YXR1cyA9ICRwcml2aWxlZ2VfaW5mby4kTmFtZQogICAgICAgIHJldHVybiAkc3RhdHVzLkhhc0ZsYWcoW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VBdHRyaWJ1dGVzXTo6RW5hYmxlZCkKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRudWxsCiAgICB9Cn0KCkZ1bmN0aW9uIFNldC1BbnNpYmxlUHJpdmlsZWdlIHsKICAgIDwjCiAgICAuU1lOT1BTSVMKICAgIEVuYWJsZXMvRGlzYWJsZXMgYSBwcml2aWxlZ2Ugb24gdGhlIGN1cnJlbnQgcHJvY2VzcycgdG9rZW4uIElmIGEgcHJpdmlsZWdlCiAgICBoYXMgYmVlbiByZW1vdmVkIGZyb20gdGhlIHByb2Nlc3MgdG9rZW4sIHRoaXMgd2lsbCB0aHJvdyBhbgogICAgSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgIyBlbmFibGUgYSBwcml2aWxlZ2UKICAgIFNldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQ3JlYXRlU3ltYm9saWNMaW5rUHJpdmlsZWdlIC1WYWx1ZSAkdHJ1ZQoKICAgICMgZGlzYWJsZSBhIHByaXZpbGVnZQogICAgU2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VDcmVhdGVTeW1ib2xpY0xpbmtQcml2aWxlZ2UgLVZhbHVlICRmYWxzZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKFN1cHBvcnRzU2hvdWxkUHJvY2VzcyldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZSwKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW2Jvb2xdJFZhbHVlCiAgICApCgogICAgJGFjdGlvbiA9IHN3aXRjaCgkVmFsdWUpIHsKICAgICAgICAkdHJ1ZSB7ICJFbmFibGUiIH0KICAgICAgICAkZmFsc2UgeyAiRGlzYWJsZSIgfQogICAgfQoKICAgICRjdXJyZW50X3N0YXRlID0gR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgJE5hbWUKICAgIGlmICgkY3VycmVudF9zdGF0ZSAtZXEgJFZhbHVlKSB7CiAgICAgICAgcmV0dXJuICAjIG5vIGNoYW5nZSBuZWVkcyB0byBvY2N1cgogICAgfSBlbHNlaWYgKCRudWxsIC1lcSAkY3VycmVudF9zdGF0ZSkgewogICAgICAgICMgb25jZSBhIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gYSB0b2tlbiB3ZSBjYW5ub3QgZG8gYW55dGhpbmcgd2l0aCBpdAogICAgICAgIHRocm93IFtTeXN0ZW0uSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbl0gIkNhbm5vdCAkKCRhY3Rpb24uVG9Mb3dlcigpKSB0aGUgcHJpdmlsZWdlICckTmFtZScgYXMgaXQgaGFzIGJlZW4gcmVtb3ZlZCBmcm9tIHRoZSB0b2tlbiIKICAgIH0KCiAgICAkcHJvY2Vzc190b2tlbiA9IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCkKICAgIGlmICgkUFNDbWRsZXQuU2hvdWxkUHJvY2VzcygkTmFtZSwgIiRhY3Rpb24gdGhlIHByaXZpbGVnZSAkTmFtZSIpKSB7CiAgICAgICAgJG5ld19zdGF0ZSA9IE5ldy1PYmplY3QgLVR5cGVOYW1lICdTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5EaWN0aW9uYXJ5YDJbW1N5c3RlbS5TdHJpbmddLCBbU3lzdGVtLk51bGxhYmxlYDFbU3lzdGVtLkJvb2xlYW5dXV0nCiAgICAgICAgJG5ld19zdGF0ZS5BZGQoJE5hbWUsICRWYWx1ZSkKICAgICAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3NfdG9rZW4sICRuZXdfc3RhdGUpID4gJG51bGwKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gSW1wb3J0LVByaXZpbGVnZVV0aWwsIEdldC1BbnNpYmxlUHJpdmlsZWdlLCBTZXQtQW5zaWJsZVByaXZpbGVnZSBgCiAgICAtVmFyaWFibGUgYW5zaWJsZV9wcml2aWxlZ2VfdXRpbF9uYW1lc3BhY2VzLCBhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGU=", "Ansible.ModuleUtils.LinkUtil": "ICMgQ29weXJpZ2h0IChjKSAyMDE3IEFuc2libGUgUHJvamVjdAogIyBTaW1wbGlmaWVkIEJTRCBMaWNlbnNlIChzZWUgbGljZW5zZXMvc2ltcGxpZmllZF9ic2QudHh0IG9yIGh0dHBzOi8vb3BlbnNvdXJjZS5vcmcvbGljZW5zZXMvQlNELTItQ2xhdXNlKQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Qcml2aWxlZ2VVdGlsCgpGdW5jdGlvbiBMb2FkLUxpbmtVdGlscygpIHsKICAgICRsaW5rX3V0aWwgPSBAJwp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWM7CnVzaW5nIFN5c3RlbS5JTzsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwp1c2luZyBTeXN0ZW0uVGV4dDsKCm5hbWVzcGFjZSBBbnNpYmxlCnsKICAgIHB1YmxpYyBlbnVtIExpbmtUeXBlCiAgICB7CiAgICAgICAgU3ltYm9saWNMaW5rLAogICAgICAgIEp1bmN0aW9uUG9pbnQsCiAgICAgICAgSGFyZExpbmsKICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CgogICAgICAgIHB1YmxpYyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIExpbmtVdGlsV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgb3ZlcnJpZGUgc3RyaW5nIE1lc3NhZ2UgeyBnZXQgeyByZXR1cm4gX21zZzsgfSB9CiAgICAgICAgcHVibGljIHN0YXRpYyBleHBsaWNpdCBvcGVyYXRvciBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBMaW5rSW5mbwogICAgewogICAgICAgIHB1YmxpYyBMaW5rVHlwZSBUeXBlIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICBwdWJsaWMgc3RyaW5nIFByaW50TmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBTdWJzdGl0dXRlTmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBBYnNvbHV0ZVBhdGggeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIHB1YmxpYyBzdHJpbmcgVGFyZ2V0UGF0aCB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZ1tdIEhhcmRUYXJnZXRzIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgIH0KCiAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICBwdWJsaWMgc3RydWN0IFJFUEFSU0VfREFUQV9CVUZGRVIKICAgIHsKICAgICAgICBwdWJsaWMgVUludDMyIFJlcGFyc2VUYWc7CiAgICAgICAgcHVibGljIFVJbnQxNiBSZXBhcnNlRGF0YUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFJlc2VydmVkOwogICAgICAgIHB1YmxpYyBVSW50MTYgU3Vic3RpdHV0ZU5hbWVPZmZzZXQ7CiAgICAgICAgcHVibGljIFVJbnQxNiBTdWJzdGl0dXRlTmFtZUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZU9mZnNldDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZUxlbmd0aDsKCiAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkJ5VmFsQXJyYXksIFNpemVDb25zdCA9IExpbmtVdGlsLk1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFKV0KICAgICAgICBwdWJsaWMgY2hhcltdIFBhdGhCdWZmZXI7CiAgICB9CgogICAgcHVibGljIGNsYXNzIExpbmtVdGlsCiAgICB7CiAgICAgICAgcHVibGljIGNvbnN0IGludCBNQVhJTVVNX1JFUEFSU0VfREFUQV9CVUZGRVJfU0laRSA9IDEwMjQgKiAxNjsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgPSAweDAyMDAwMDAwOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgPSAweDAwMjAwMDAwOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBGU0NUTF9HRVRfUkVQQVJTRV9QT0lOVCA9IDB4MDAwOTAwQTg7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQgPSAweDAwMDkwMEE0OwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfREVWSUNFX0ZJTEVfU1lTVEVNID0gMHgwMDA5MDAwMDsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgSU9fUkVQQVJTRV9UQUdfTU9VTlRfUE9JTlQgPSAweEEwMDAwMDAzOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIElPX1JFUEFSU0VfVEFHX1NZTUxJTksgPSAweEEwMDAwMDBDOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1MSU5LX0ZMQUdfUkVMQVRJVkUgPSAweDAwMDAwMDAxOwoKICAgICAgICBwcml2YXRlIGNvbnN0IEludDY0IElOVkFMSURfSEFORExFX1ZBTFVFID0gLTE7CgogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIFNJWkVfT0ZfV0NIQVIgPSAyOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRSA9IDB4MDAwMDAwMDA7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgU1lNQk9MSUNfTElOS19GTEFHX0RJUkVDVE9SWSA9IDB4MDAwMDAwMDE7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBTYWZlRmlsZUhhbmRsZSBDcmVhdGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLlU0KV0gRmlsZUFjY2VzcyBkd0Rlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5VNCldIEZpbGVTaGFyZSBkd1NoYXJlTW9kZSwKICAgICAgICAgICAgSW50UHRyIGxwU2VjdXJpdHlBdHRyaWJ1dGVzLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuVTQpXSBGaWxlTW9kZSBkd0NyZ ScriptBlock ID: f61f9889-e11d-4fae-80e5-abf5eacd48c7 Path:	4104	1		3	2	15	0	1910	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2020	4140	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:13 PM	7f70462d-725d-0001-2856-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 5): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.PrivilegeUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTggQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiMgc3RvcmUgaW4gc2VwYXJhdGUgdmFyaWFibGVzIHRvIG1ha2UgaXQgZWFzaWVyIGZvciBvdGhlciBtb2R1bGVfdXRpbHMgdG8KIyBzaGFyZSB0aGlzIGNvZGUgaW4gdGhlaXIgb3duIGMjIGNvZGUKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfbmFtZXNwYWNlcyA9IEAoCiAgICAiTWljcm9zb2Z0LldpbjMyLlNhZmVIYW5kbGVzIiwKICAgICJTeXN0ZW0iLAogICAgIlN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljIiwKICAgICJTeXN0ZW0uTGlucSIsCiAgICAiU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzIiwKICAgICJTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsIiwKICAgICJTeXN0ZW0uVGV4dCIKKQoKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfY29kZSA9IEAnCm5hbWVzcGFjZSBBbnNpYmxlLlByaXZpbGVnZVV0aWwKewogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gUHJpdmlsZWdlQXR0cmlidXRlcyA6IHVpbnQKICAgIHsKICAgICAgICBEaXNhYmxlZCA9IDB4MDAwMDAwMDAsCiAgICAgICAgRW5hYmxlZEJ5RGVmYXVsdCA9IDB4MDAwMDAwMDEsCiAgICAgICAgRW5hYmxlZCA9IDB4MDAwMDAwMDIsCiAgICAgICAgUmVtb3ZlZCA9IDB4MDAwMDAwMDQsCiAgICAgICAgVXNlZEZvckFjY2VzcyA9IDB4ODAwMDAwMDAsCiAgICB9CgogICAgaW50ZXJuYWwgY2xhc3MgTmF0aXZlSGVscGVycwogICAgewogICAgICAgIFtTdHJ1Y3RMYXlvdXQoTGF5b3V0S2luZC5TZXF1ZW50aWFsKV0KICAgICAgICBpbnRlcm5hbCBzdHJ1Y3QgTFVJRAogICAgICAgIHsKICAgICAgICAgICAgcHVibGljIFVJbnQzMiBMb3dQYXJ0OwogICAgICAgICAgICBwdWJsaWMgSW50MzIgSGlnaFBhcnQ7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IExVSURfQU5EX0FUVFJJQlVURVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBMVUlEIEx1aWQ7CiAgICAgICAgICAgIHB1YmxpYyBQcml2aWxlZ2VBdHRyaWJ1dGVzIEF0dHJpYnV0ZXM7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IFRPS0VOX1BSSVZJTEVHRVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBVSW50MzIgUHJpdmlsZWdlQ291bnQ7CiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5CeVZhbEFycmF5LCBTaXplQ29uc3QgPSAxKV0KICAgICAgICAgICAgcHVibGljIExVSURfQU5EX0FUVFJJQlVURVNbXSBQcml2aWxlZ2VzOwogICAgICAgIH0KICAgIH0KCiAgICBpbnRlcm5hbCBjbGFzcyBOYXRpdmVNZXRob2RzCiAgICB7CiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIEFkanVzdFRva2VuUHJpdmlsZWdlcygKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuQm9vbCldIGJvb2wgRGlzYWJsZUFsbFByaXZpbGVnZXMsCiAgICAgICAgICAgIEludFB0ciBOZXdTdGF0ZSwKICAgICAgICAgICAgVUludDMyIEJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgSW50UHRyIFByZXZpb3VzU3RhdGUsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIENsb3NlSGFuZGxlKAogICAgICAgICAgICBJbnRQdHIgaE9iamVjdCk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBTYWZlV2FpdEhhbmRsZSBHZXRDdXJyZW50UHJvY2VzcygpOwoKICAgICAgICBbRGxsSW1wb3J0KCJhZHZhcGkzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBpbnRlcm5hbCBzdGF0aWMgZXh0ZXJuIGJvb2wgR2V0VG9rZW5JbmZvcm1hdGlvbigKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBVSW50MzIgVG9rZW5JbmZvcm1hdGlvbkNsYXNzLAogICAgICAgICAgICBJbnRQdHIgVG9rZW5JbmZvcm1hdGlvbiwKICAgICAgICAgICAgVUludDMyIFRva2VuSW5mb3JtYXRpb25MZW5ndGgsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZU5hbWUoCiAgICAgICAgICAgIHN0cmluZyBscFN5c3RlbU5hbWUsCiAgICAgICAgICAgIHJlZiBOYXRpdmVIZWxwZXJzLkxVSUQgbHBMdWlkLAogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGxwTmFtZSwKICAgICAgICAgICAgcmVmIFVJbnQzMiBjY2hOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZVZhbHVlKAogICAgICAgICAgICBzdHJpbmcgbHBTeXN0ZW1OYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBOYW1lLAogICAgICAgICAgICBvdXQgTmF0aXZlSGVscGVycy5MVUlEIGxwTHVpZCk7CgogICAgICAgIFtEbGxJbXBvcnQoImFkdmFwaTMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIGludGVybmFsIHN0YXRpYyBleHRlcm4gYm9vbCBPcGVuUHJvY2Vzc1Rva2VuKAogICAgICAgICAgICBTYWZlSGFuZGxlIFByb2Nlc3NIYW5kbGUsCiAgICAgICAgICAgIFRva2VuQWNjZXNzTGV2ZWxzIERlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIG91dCBJbnRQdHIgVG9rZW5IYW5kbGUpOwogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KICAgICAgICBwdWJsaWMgV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQogICAgICAgIHB1YmxpYyBvdmVycmlkZSBzdHJpbmcgTWVzc2FnZSB7IGdldCB7IHJldHVybiBfbXNnOyB9IH0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4cGxpY2l0IG9wZXJhdG9yIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgV2luMzJFeGNlcHRpb24obWVzc2FnZSk7IH0KICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgUHJpdmlsZWdlcwogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIHJlYWRvbmx5IFVJbnQzMiBUT0tFTl9QUklWSUxFR0VTID0gMzsKCgogICAgICAgIHB1YmxpYyBzdGF0aWMgYm9vbCBDaGVja1ByaXZpbGVnZU5hbWUoc3RyaW5nIG5hbWUpCiAgICAgICAgewogICAgICAgICAgICBOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZDsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIG5hbWUsIG91dCBsdWlkKSkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICBpZiAoZXJyQ29kZSAhPSAxMzEzKSAgLy8gRVJST1JfTk9fU1VDSF9QUklWSUxFR0UKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oZXJyQ29kZSwgU3RyaW5nLkZvcm1hdCgiTG9va3VwUHJpdmlsZWdlVmFsdWUoezB9KSBmYWlsZWQiLCBuYW1lKSk7CiAgICAgICAgICAgICAgICByZXR1cm4gZmFsc2U7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZWxzZQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICByZXR1cm4gdHJ1ZTsKICAgICAgICAgICAgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IERpc2FibGVQcml2aWxlZ2UoU2FmZUhhbmRsZSB0b2tlbiwgc3RyaW5nIHByaXZpbGVnZSkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgZmFsc2UgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBEaXNhYmxlQWxsUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuKQogICAgICAgIHsKICAgICAgICAgICAgcmV0dXJuIEFkanVzdFRva2VuUHJpdmlsZWdlcyh0b2tlbiwgbnVsbCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIERpY3Rpb25hcnk8c3RyaW5nLCBib29sPz4gRW5hYmxlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICByZXR1cm4gU2V0VG9rZW5Qcml2aWxlZ2VzKHRva2VuLCBuZXcgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PigpIHsgeyBwcml2aWxlZ2UsIHRydWUgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IEdldEFsbFByaXZpbGVnZUluZm8oU2FmZUhhbmRsZSB0b2tlbikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBoVG9rZW4gPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLk9wZW5Qcm9jZXNzVG9rZW4odG9rZW4sIFRva2VuQWNjZXNzTGV2ZWxzLlF1ZXJ5LCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiT3BlblByb2Nlc3NUb2tlbigpIGZhaWxlZCIpOwoKICAgICAgICAgICAgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IGluZm8gPSBuZXcgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+KCk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBVSW50MzIgdG9rZW5MZW5ndGggPSAwOwogICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5HZXRUb2tlbkluZm9ybWF0aW9uKGhUb2tlbiwgVE9LRU5fUFJJVklMRUdFUywgSW50UHRyLlplcm8sIDAsIG91dCB0b2tlbkxlbmd0aCk7CgogICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlczsKICAgICAgICAgICAgICAgIEludFB0ciBwcml2aWxlZ2VzUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoKGludCl0b2tlbkxlbmd0aCk7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuR2V0VG9rZW5JbmZvcm1hdGlvbihoVG9rZW4sIFRPS0VOX1BSSVZJTEVHRVMsIHByaXZpbGVnZXNQdHIsIHRva2VuTGVuZ3RoLCBvdXQgdG9rZW5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkdldFRva2VuSW5mb3JtYXRpb24oKSBmb3IgVE9LRU5fUFJJVklMRUdFUyBmYWlsZWQiKTsKCiAgICAgICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTIHByaXZpbGVnZUluZm8gPSAoTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTKU1hcnNoYWwuUHRyVG9TdHJ1Y3R1cmUocHJpdmlsZWdlc1B0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgIHByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW3ByaXZpbGVnZUluZm8uUHJpdmlsZWdlQ291bnRdOwogICAgICAgICAgICAgICAgICAgIFB0clRvU3RydWN0dXJlQXJyYXkocHJpdmlsZWdlcywgSW50UHRyLkFkZChwcml2aWxlZ2VzUHRyLCBNYXJzaGFsLlNpemVPZihwcml2aWxlZ2VJbmZvLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwocHJpdmlsZWdlc1B0cik7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgaW5mbyA9IHByaXZpbGVnZXMuVG9EaWN0aW9uYXJ5KHAgPT4gR2V0UHJpdmlsZWdlTmFtZShwLkx1aWQpLCBwID0+IHAuQXR0cmlidXRlcyk7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBOYXRpdmVNZXRob2RzLkNsb3NlSGFuZGxlKGhUb2tlbik7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgcmV0dXJuIGluZm87CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIFNhZmVXYWl0SGFuZGxlIEdldEN1cnJlbnRQcm9jZXNzKCkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBOYXRpdmVNZXRob2RzLkdldEN1cnJlbnRQcm9jZXNzKCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgUmVtb3ZlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgbnVsbCB9IH0pOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IFNldFRva2VuUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuLCBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IHN0YXRlKQogICAgICAgIHsKICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlQXR0ciA9IG5ldyBOYXRpdmVIZWxwZXJzLkxVSURfQU5EX0FUVFJJQlVURVNbc3RhdGUuQ291bnRdOwogICAgICAgICAgICBpbnQgaSA9IDA7CgogICAgICAgICAgICBmb3JlYWNoIChLZXlWYWx1ZVBhaXI8c3RyaW5nLCBib29sPz4gZW50cnkgaW4gc3RhdGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRCBsdWlkOwogICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIGVudHJ5LktleSwgb3V0IGx1aWQpKQogICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJMb29rdXBQcml2aWxlZ2VWYWx1ZSh7MH0pIGZhaWxlZCIsIGVudHJ5LktleSkpOwoKICAgICAgICAgICAgICAgIFByaXZpbGVnZUF0dHJpYnV0ZXMgYXR0cmlidXRlczsKICAgICAgICAgICAgICAgIHN3aXRjaCAoZW50cnkuVmFsdWUpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgY2FzZSB0cnVlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkOwogICAgICAgICAgICAgICAgICAgICAgICBicmVhazsKICAgICAgICAgICAgICAgICAgICBjYXNlIGZhbHNlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5EaXNhYmxlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICAgICAgZGVmYXVsdDoKICAgICAgICAgICAgICAgICAgICAgICAgYXR0cmlidXRlcyA9IFByaXZpbGVnZUF0dHJpYnV0ZXMuUmVtb3ZlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgcHJpdmlsZWdlQXR0cltpXS5MdWlkID0gbHVpZDsKICAgICAgICAgICAgICAgIHByaXZpbGVnZUF0dHJbaV0uQXR0cmlidXRlcyA9IGF0dHJpYnV0ZXM7CiAgICAgICAgICAgICAgICBpKys7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHJldHVybiBBZGp1c3RUb2tlblByaXZpbGVnZXModG9rZW4sIHByaXZpbGVnZUF0dHIpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBBZGp1c3RUb2tlblByaXZpbGVnZXMoU2FmZUhhbmRsZSB0b2tlbiwgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gbmV3U3RhdGUpCiAgICAgICAgewogICAgICAgICAgICBib29sIGRpc2FibGVBbGxQcml2aWxlZ2VzOwogICAgICAgICAgICBJbnRQdHIgbmV3U3RhdGVQdHI7CiAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1tdIG9sZFN0YXRlUHJpdmlsZWdlczsKICAgICAgICAgICAgVUludDMyIHJldHVybkxlbmd0aDsKCiAgICAgICAgICAgIGlmIChuZXdTdGF0ZSA9PSBudWxsKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBkaXNhYmxlQWxsUHJpdmlsZWdlcyA9IHRydWU7CiAgICAgICAgICAgICAgICBuZXdTdGF0ZVB0ciA9IEludFB0ci5aZXJvOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZGlzYWJsZUFsbFByaXZpbGVnZXMgPSBmYWxzZTsKCiAgICAgICAgICAgICAgICAvLyBOZWVkIHRvIG1hbnVhbGx5IG1hcnNoYWwgdGhlIGJ5dGVzIHJlcXVpcmVzIGZvciBuZXdTdGF0ZSBhcyB0aGUgY29uc3RhbnQgc2l6ZQogICAgICAgICAgICAgICAgLy8gb2YgTFVJRF9BTkRfQVRUUklCVVRFUyBpcyBzZXQgdG8gMSBhbmQgY2FuJ3QgYmUgb3ZlcnJpZGRlbiBhdCBydW50aW1lLCBUT0tFTl9QUklWSUxFR0VTCiAgICAgICAgICAgICAgICAvLyBhbHdheXMgY29udGFpbnMgYXQgbGVhc3QgMSBlbnRyeSBzbyB3ZSBuZWVkIHRvIGNhbGN1bGF0ZSB0aGUgZXh0cmEgc2l6ZSBpZiB0aGVyZSBhcmUKICAgICAgICAgICAgICAgIC8vIG5vcmUgdGhhbiAxIExVSURfQU5EX0FUVFJJQlVURVMgZW50cnkKICAgICAgICAgICAgICAgIGludCB0b2tlblByaXZpbGVnZXNTaXplID0gTWFyc2hhbC5TaXplT2YodHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgaW50IGx1aWRBdHRyU2l6ZSA9IDA7CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMSkKICAgICAgICAgICAgICAgICAgICBsdWlkQXR0clNpemUgPSBNYXJzaGFsLlNpemVPZih0eXBlb2YoTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTKSkgKiAobmV3U3RhdGUuTGVuZ3RoIC0gMSk7CiAgICAgICAgICAgICAgICBpbnQgdG90YWxTaXplID0gdG9rZW5Qcml2aWxlZ2VzU2l6ZSArIGx1aWRBdHRyU2l6ZTsKICAgICAgICAgICAgICAgIGJ5dGVbXSBuZXdTdGF0ZUJ5dGVzID0gbmV3IGJ5dGVbdG90YWxTaXplXTsKCiAgICAgICAgICAgICAgICAvLyBnZXQgdGhlIGZpcnN0IGVudHJ5IHRoYXQgaW5jbHVkZXMgdGhlIHN0cnVjdCBkZXRhaWxzCiAgICAgICAgICAgICAgICBOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMgdG9rZW5Qcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUygpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgUHJpdmlsZWdlQ291bnQgPSAoVUludDMyKW5ld1N0YXRlLkxlbmd0aCwKICAgICAgICAgICAgICAgICAgICBQcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1sxXSwKICAgICAgICAgICAgICAgIH07CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMCkKICAgICAgICAgICAgICAgICAgICB0b2tlblByaXZpbGVnZXMuUHJpdmlsZWdlc1swXSA9IG5ld1N0YXRlWzBdOwogICAgICAgICAgICAgICAgaW50IG9mZnNldCA9IFN0cnVjdHVyZVRvQnl0ZXModG9rZW5Qcml2aWxlZ2VzL ScriptBlock ID: f61f9889-e11d-4fae-80e5-abf5eacd48c7 Path:	4104	1		3	2	15	0	1909	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2020	4140	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:13 PM	7f70462d-725d-0001-2856-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1908	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2020	168	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:13 PM	7f70462d-725d-0002-5b92-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2020 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1907	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2020	4884	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:13 PM	7f70462d-725d-0002-5b92-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1906	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2020	168	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:13 PM	7f70462d-725d-0002-5b92-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1905	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4484	600	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:11 PM	7f70462d-725d-0001-2156-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4484 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1904	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4484	2464	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:11 PM	7f70462d-725d-0001-2156-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1903	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4484	600	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:11 PM	7f70462d-725d-0001-2156-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 7ee7ef26-0ccf-4482-8ac5-b2a3fad89446 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 3dbfb056-c151-43ee-9588-7a52c52b4f43 Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = HV-CINDER-79963\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1902	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3740	4996	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:11 PM	7f70462d-725d-0002-4a92-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 504723b4-8b67-42a2-b85c-add39e35fc04 Path:	4104	1		3	2	15	0	1901	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3740	4852	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:10 PM	7f70462d-725d-0000-115e-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 354541af-12b7-4535-a7eb-2859834dc5a5 Path:	4104	1		3	2	15	0	1900	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3740	4852	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:10 PM	7f70462d-725d-0001-1a56-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 0c7da77e-8113-487e-8f97-55cbbb478f22 Path:	4104	1		3	2	15	0	1899	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3740	4852	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:10 PM	7f70462d-725d-0000-005e-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): CAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "Get-Service neutron-hyperv-agent | %{$_.Status}", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: fb05f5cb-cd3f-4858-bfbc-6b9302bb1a6d Path:	4104	1		3	2	15	0	1898	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3740	4852	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:10 PM	7f70462d-725d-0000-fa5d-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): GFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKI ScriptBlock ID: fb05f5cb-cd3f-4858-bfbc-6b9302bb1a6d Path:	4104	1		3	2	15	0	1897	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3740	4852	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:10 PM	7f70462d-725d-0000-fa5d-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): vdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4c ScriptBlock ID: fb05f5cb-cd3f-4858-bfbc-6b9302bb1a6d Path:	4104	1		3	2	15	0	1896	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3740	4852	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:10 PM	7f70462d-725d-0000-fa5d-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJ ScriptBlock ID: fb05f5cb-cd3f-4858-bfbc-6b9302bb1a6d Path:	4104	1		3	2	15	0	1895	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3740	4852	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:10 PM	7f70462d-725d-0000-fa5d-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1894	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3740	5032	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:10 PM	7f70462d-725d-0002-3892-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3740 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1893	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3740	4768	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:10 PM	7f70462d-725d-0002-3892-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1892	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3740	5032	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:10 PM	7f70462d-725d-0002-3892-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.Linq; using System.Runtime.InteropServices; using System.Security.Principal; using System.Text; namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = f3db1cc3-bfc6-47a6-bfdf-b977fff48f95 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = ae458e59-fc4f-46b3-8afd-e7d8b8c9b1e2 Pipeline ID = 8 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 36 User = HV-CINDER-79963\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1891	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4452	2292	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:09 PM	7f70462d-725d-0002-3592-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = f3db1cc3-bfc6-47a6-bfdf-b977fff48f95 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = ae458e59-fc4f-46b3-8afd-e7d8b8c9b1e2 Pipeline ID = 8 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = HV-CINDER-79963\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1890	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4452	2292	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:09 PM	7f70462d-725d-0001-0656-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 0b79fd97-4374-4e27-b489-5f6134c2a89e Path:	4104	1		3	2	15	0	1889	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4452	1672	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:08 PM	7f70462d-725d-0004-076c-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process, $new_state) Here is a brief explanation of each type of arg $process = The process handle to manipulate, use '[Ansible.PrivilegeUtils.Privileges]::GetCurrentProcess()' to get the current process handle $name = The name of the privilege, this is the constant value from https://docs.microsoft.com/en-us/windows/desktop/SecAuthZ/privilege-constants, e.g. SeAuditPrivilege $new_state = 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' The key is the constant name as a string, the value is a ternary boolean where true - will enable the privilege false - will disable the privilege null - will remove the privilege Each method that changes the privilege state will return a dictionary that can be used as the $new_state arg of SetTokenPrivileges to undo and revert back to the original state. If you remove a privilege then this is irreversible and won't be part of the returned dict #> [CmdletBinding()] # build the C# code to compile $namespace_import = ($ansible_privilege_util_namespaces | ForEach-Object { "using $_;" }) -join "`r`n" $platform_util = "$namespace_import`r`n`r`n$ansible_privilege_util_code" # FUTURE: find a better way to get the _ansible_remote_tmp variable # this is used to force csc to compile the C# code in the remote tmp # specified $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $platform_util $env:TMP = $original_tmp } Function Get-AnsiblePrivilege { <# .SYNOPSIS Get the status of a privilege for the current process. This returns $true - the privilege is enabled $false - the privilege is disabled $null - the privilege is removed from the token If Name is not a valid privilege name, this will throw an ArgumentException. .EXAMPLE Get-AnsiblePrivilege -Name SeDebugPrivilege #> [CmdletBinding()] param( [Parameter(Mandatory=$true)][String]$Name ) if (-not [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($Name)) { throw [System.ArgumentException] "Invalid privilege name '$Name'" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() $privilege_info = [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process_token) if ($privilege_info.ContainsKey($Name)) { $status = $privilege_info.$Name return $status.HasFlag([Ansible.PrivilegeUtil.PrivilegeAttributes]::Enabled) } else { return $null } } Function Set-AnsiblePrivilege { <# .SYNOPSIS Enables/Disables a privilege on the current process' token. If a privilege has been removed from the process token, this will throw an InvalidOperationException. .EXAMPLE # enable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $true # disable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $false #> [CmdletBinding(SupportsShouldProcess)] param( [Parameter(Mandatory=$true)][String]$Name, [Parameter(Mandatory=$true)][bool]$Value ) $action = switch($Value) { $true { "Enable" } $false { "Disable" } } $current_state = Get-AnsiblePrivilege -Name $Name if ($current_state -eq $Value) { return # no change needs to occur } elseif ($null -eq $current_state) { # once a privilege is removed from a token we cannot do anything with it throw [System.InvalidOperationException] "Cannot $($action.ToLower()) the privilege '$Name' as it has been removed from the token" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() if ($PSCmdlet.ShouldProcess($Name, "$action the privilege $Name")) { $new_state = New-Object -TypeName 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' $new_state.Add($Name, $Value) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process_token, $new_state) > $null } } Export-ModuleMember -Function Import-PrivilegeUtil, Get-AnsiblePrivilege, Set-AnsiblePrivilege ` -Variable ansible_privilege_util_namespaces, ansible_privilege_util_code ScriptBlock ID: ae704aa2-3329-4baf-893d-06e6cea325f9 Path:	4104	1		3	2	15	0	1888	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4452	1672	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:08 PM	7f70462d-725d-0004-036c-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): # Copyright (c) 2018 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) # store in separate variables to make it easier for other module_utils to # share this code in their own c# code $ansible_privilege_util_namespaces = @( "Microsoft.Win32.SafeHandles", "System", "System.Collections.Generic", "System.Linq", "System.Runtime.InteropServices", "System.Security.Principal", "System.Text" ) $ansible_privilege_util_code = @' namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } } '@ Function Import-PrivilegeUtil { <# .SYNOPSIS Compiles the C# code that can be used to manage Windows privileges from an Ansible module. Once this function is called, the following PowerShell cmdlets can be used; Get-AnsiblePrivilege Set-AnsiblePrivilege The above cmdlets give the ability to manage permissions on the current process token but the underlying .NET classes are also exposed for greater control. The following functions can be used by calling the .NET class [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($name) [Ansible.PrivilegeUtil.Privileges]::DisablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::DisableAllPrivileges($process) [Ansible.PrivilegeUtil.Privileges]::EnablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process) [Ansible.PrivilegeUtil.Privileges]::RemovePrivilege($process, $name) ScriptBlock ID: ae704aa2-3329-4baf-893d-06e6cea325f9 Path:	4104	1		3	2	15	0	1887	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4452	1672	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:08 PM	7f70462d-725d-0004-036c-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) #Requires -Module Ansible.ModuleUtils.PrivilegeUtil Function Load-LinkUtils() { $link_util = @' using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } } '@ # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $link_util $env:TMP = $original_tmp Import-PrivilegeUtil # enable the SeBackupPrivilege if it is disabled $state = Get-AnsiblePrivilege -Name SeBackupPrivilege if ($state -eq $false) { Set-AnsiblePrivilege -Name SeBackupPrivilege -Value $true } } Function Get-Link($link_path) { $link_info = [Ansible.LinkUtil]::GetLinkInfo($link_path) return $link_info } Function Remove-Link($link_path) { [Ansible.LinkUtil]::DeleteLink($link_path) } Function New-Link($link_path, $link_target, $link_type) { if (-not (Test-Path -Path $link_target)) { throw "link_target '$link_target' does not exist, cannot create link" } switch($link_type) { "link" { $type = [Ansible.LinkType]::SymbolicLink } "junction" { if (Test-Path -Path $link_target -PathType Leaf) { throw "cannot set the target for a junction point to a file" } $type = [Ansible.LinkType]::JunctionPoint } "hard" { if (Test-Path -Path $link_target -PathType Container) { throw "cannot set the target for a hard link to a directory" } $type = [Ansible.LinkType]::HardLink } default { throw "invalid link_type option $($link_type): expecting link, junction, hard" } } [Ansible.LinkUtil]::CreateLink($link_path, $link_target, $type) } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: c0d21fb8-8923-4edd-89e1-4105f706d8ae Path:	4104	1		3	2	15	0	1886	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4452	1672	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:08 PM	7f70462d-725d-0004-ff6b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 962cc53f-f621-499e-a4ab-e7e845383e4e Path:	4104	1		3	2	15	0	1885	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4452	1672	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:08 PM	7f70462d-725d-0004-f06b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (8 of 8): hcmVkID0gJGZhbHNlCiAgICAgICAgbmxpbmsgPSAxICAjIE51bWJlciBvZiBsaW5rcyB0byB0aGUgZmlsZSAoaGFyZCBsaW5rcyksIG92ZXJyaWRlbiBiZWxvdyBpZiBpc2xuawogICAgICAgICMgbG5rX3RhcmdldCA9IGlzbG5rIG9yIGlzanVuY3Rpb24gVGFyZ2V0IG9mIHRoZSBzeW1saW5rLiBOb3RlIHRoYXQgcmVsYXRpdmUgcGF0aHMgcmVtYWluIHJlbGF0aXZlCiAgICAgICAgIyBsbmtfc291cmNlID0gaXNsbmsgb3MgaXNqdW5jdGlvbiBUYXJnZXQgb2YgdGhlIHN5bWxpbmsgbm9ybWFsaXplZCBmb3IgdGhlIHJlbW90ZSBmaWxlc3lzdGVtCiAgICAgICAgaGxua190YXJnZXRzID0gQCgpCiAgICAgICAgY3JlYXRpb250aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkNyZWF0aW9uVGltZSkKICAgICAgICBsYXN0YWNjZXNzdGltZSA9IChEYXRlVG8tVGltZXN0YW1wIC1zdGFydF9kYXRlICRlcG9jaF9kYXRlIC1lbmRfZGF0ZSAkaW5mby5MYXN0QWNjZXNzVGltZSkKICAgICAgICBsYXN0d3JpdGV0aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkxhc3RXcml0ZVRpbWUpCiAgICAgICAgIyBzaXplID0gYSBmaWxlIGFuZCBkaXJlY3RvcnkgLSBjYWxjdWxhdGVkIGJlbG93CiAgICAgICAgcGF0aCA9ICRpbmZvLkZ1bGxOYW1lCiAgICAgICAgZmlsZW5hbWUgPSAkaW5mby5OYW1lCiAgICAgICAgIyBleHRlbnNpb24gPSBhIGZpbGUKICAgICAgICAjIG93bmVyID0gc2V0IG91dHNpdGUgdGhpcyBkaWN0IGluIGNhc2UgaXQgZmFpbHMKICAgICAgICAjIHNoYXJlbmFtZSA9IGEgZGlyZWN0b3J5IGFuZCBpc3NoYXJlZCBpcyBUcnVlCiAgICAgICAgIyBjaGVja3N1bSA9IGEgZmlsZSBhbmQgZ2V0X2NoZWNrc3VtOiBUcnVlCiAgICAgICAgIyBtZDUgPSBhIGZpbGUgYW5kIGdldF9tZDU6IFRydWUKICAgIH0KICAgICRzdGF0Lm93bmVyID0gJGluZm8uR2V0QWNjZXNzQ29udHJvbCgpLk93bmVyCgogICAgIyB2YWx1ZXMgdGhhdCBhcmUgc2V0IGFjY29yZGluZyB0byB0aGUgdHlwZSBvZiBmaWxlCiAgICBpZiAoJGluZm8uQXR0cmlidXRlcy5IYXNGbGFnKFtTeXN0ZW0uSU8uRmlsZUF0dHJpYnV0ZXNdOjpEaXJlY3RvcnkpKSB7CiAgICAgICAgJHN0YXQuaXNkaXIgPSAkdHJ1ZQogICAgICAgICRzaGFyZV9pbmZvID0gR2V0LVdtaU9iamVjdCAtQ2xhc3MgV2luMzJfU2hhcmUgLUZpbHRlciAiUGF0aD0nJCgkc3RhdC5wYXRoIC1yZXBsYWNlICdcXCcsICdcXCcpJyIKICAgICAgICBpZiAoJHNoYXJlX2luZm8gLW5lICRudWxsKSB7CiAgICAgICAgICAgICRzdGF0Lmlzc2hhcmVkID0gJHRydWUKICAgICAgICAgICAgJHN0YXQuc2hhcmVuYW1lID0gJHNoYXJlX2luZm8uTmFtZQogICAgICAgIH0KCiAgICAgICAgdHJ5IHsKICAgICAgICAgICAgJHNpemUgPSAwCiAgICAgICAgICAgIGZvcmVhY2ggKCRmaWxlIGluICRpbmZvLkVudW1lcmF0ZUZpbGVzKCIqIiwgW1N5c3RlbS5JTy5TZWFyY2hPcHRpb25dOjpBbGxEaXJlY3RvcmllcykpIHsKICAgICAgICAgICAgICAgICRzaXplICs9ICRmaWxlLkxlbmd0aAogICAgICAgICAgICB9CiAgICAgICAgICAgICRzdGF0LnNpemUgPSAkc2l6ZQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICAkc3RhdC5zaXplID0gMAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHN0YXQuZXh0ZW5zaW9uID0gJGluZm8uRXh0ZW5zaW9uCiAgICAgICAgJHN0YXQuaXNyZWcgPSAkdHJ1ZQogICAgICAgICRzdGF0LnNpemUgPSAkaW5mby5MZW5ndGgKCiAgICAgICAgaWYgKCRnZXRfbWQ1KSB7CiAgICAgICAgICAgIHRyeSB7CiAgICAgICAgICAgICAgICAkc3RhdC5tZDUgPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gIm1kNSIKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJmYWlsZWQgdG8gZ2V0IE1ENSBoYXNoIG9mIGZpbGUsIHJlbW92ZSBnZXRfbWQ1IHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICBpZiAoJGdldF9jaGVja3N1bSkgewogICAgICAgICAgICB0cnkgewogICAgICAgICAgICAgICAgJHN0YXQuY2hlY2tzdW0gPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gJGNoZWNrc3VtX2FsZ29yaXRobQogICAgICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImZhaWxlZCB0byBnZXQgaGFzaCBvZiBmaWxlLCBzZXQgZ2V0X2NoZWNrc3VtIHRvIEZhbHNlIHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KCiAgICAjIEdldCBzeW1ib2xpYyBsaW5rLCBqdW5jdGlvbiBwb2ludCwgaGFyZCBsaW5rIGluZm8KICAgIExvYWQtTGlua1V0aWxzCiAgICB0cnkgewogICAgICAgICRsaW5rX2luZm8gPSBHZXQtTGluayAtbGlua19wYXRoICRpbmZvLkZ1bGxOYW1lCiAgICB9IGNhdGNoIHsKICAgICAgICBBZGQtV2FybmluZyAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBjaGVjay9nZXQgbGluayBpbmZvIGZvciBmaWxlOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgIH0KICAgIGlmICgkbGlua19pbmZvIC1uZSAkbnVsbCkgewogICAgICAgIHN3aXRjaCAoJGxpbmtfaW5mby5UeXBlKSB7CiAgICAgICAgICAgICJTeW1ib2xpY0xpbmsiIHsKICAgICAgICAgICAgICAgICRzdGF0LmlzbG5rID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJKdW5jdGlvblBvaW50IiB7CiAgICAgICAgICAgICAgICAkc3RhdC5pc2p1bmN0aW9uID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJIYXJkTGluayIgewogICAgICAgICAgICAgICAgJHN0YXQubG5rX3R5cGUgPSAiaGFyZCIKICAgICAgICAgICAgICAgICRzdGF0Lm5saW5rID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cy5Db3VudAoKICAgICAgICAgICAgICAgICMgcmVtb3ZlIGN1cnJlbnQgcGF0aCBmcm9tIHRoZSB0YXJnZXRzCiAgICAgICAgICAgICAgICAkaGxua190YXJnZXRzID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cyB8IFdoZXJlLU9iamVjdCB7ICRfIC1uZSAkc3RhdC5wYXRoIH0KICAgICAgICAgICAgICAgICRzdGF0LmhsbmtfdGFyZ2V0cyA9IEAoJGhsbmtfdGFyZ2V0cykKICAgICAgICAgICAgICAgIGJyZWFrCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9CgogICAgJHJlc3VsdC5zdGF0ID0gJHN0YXQKfQoKRXhpdC1Kc29uICRyZXN1bHQK", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_stat", "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_check_mode": false, "get_checksum": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "path": "c:\\openstack\\log\\neutron-hyperv-agent.log", "get_md5": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 7493d4b3-2271-4b28-b40b-054333441cca Path:	4104	1		3	2	15	0	1884	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4452	1672	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:08 PM	7f70462d-725d-0004-ea6b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (7 of 8): W5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5GaWxlVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxpbmtVdGlsCgpmdW5jdGlvbiBEYXRlVG8tVGltZXN0YW1wKCRzdGFydF9kYXRlLCAkZW5kX2RhdGUpIHsKICAgIGlmICgkc3RhcnRfZGF0ZSAtYW5kICRlbmRfZGF0ZSkgewogICAgICAgIHJldHVybiAoTmV3LVRpbWVTcGFuIC1TdGFydCAkc3RhcnRfZGF0ZSAtRW5kICRlbmRfZGF0ZSkuVG90YWxTZWNvbmRzCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokcGF0aCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJwYXRoIiAtdHlwZSAicGF0aCIgLWZhaWxpZmVtcHR5ICR0cnVlIC1hbGlhc2VzICJkZXN0IiwibmFtZSIKJGdldF9tZDUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZ2V0X21kNSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQokZ2V0X2NoZWNrc3VtID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgImdldF9jaGVja3N1bSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCiRjaGVja3N1bV9hbGdvcml0aG0gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hlY2tzdW1fYWxnb3JpdGhtIiAtdHlwZSAic3RyIiAtZGVmYXVsdCAic2hhMSIgLXZhbGlkYXRlc2V0ICJtZDUiLCJzaGExIiwic2hhMjU2Iiwic2hhMzg0Iiwic2hhNTEyIgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCiAgICBzdGF0ID0gQHsKICAgICAgICBleGlzdHMgPSAkZmFsc2UKICAgIH0KfQoKIyBnZXRfbWQ1IHdpbGwgYmUgYW4gdW5kb2N1bWVudGVkIG9wdGlvbiBpbiAyLjkgdG8gYmUgcmVtb3ZlZCBhdCBhIGxhdGVyCiMgZGF0ZSBpZiBwb3NzaWJsZSAoMy4wKykKaWYgKEdldC1NZW1iZXIgLWlucHV0b2JqZWN0ICRwYXJhbXMgLW5hbWUgImdldF9tZDUiKSB7CiAgICBBZGQtRGVwcmVhY3Rpb25XYXJuaW5nIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiZ2V0X21kNSBoYXMgYmVlbiBkZXByZWNhdGVkIGFsb25nIHdpdGggdGhlIG1kNSByZXR1cm4gdmFsdWUsIHVzZSBnZXRfY2hlY2tzdW09VHJ1ZSBhbmQgY2hlY2tzdW1fYWxnb3JpdGhtPW1kNSBpbnN0ZWFkIiAtdmVyc2lvbiAyLjkKfQoKJGluZm8gPSBHZXQtQW5zaWJsZUl0ZW0gLVBhdGggJHBhdGggLUVycm9yQWN0aW9uIFNpbGVudGx5Q29udGludWUKSWYgKCRpbmZvIC1uZSAkbnVsbCkgewogICAgJGVwb2NoX2RhdGUgPSBHZXQtRGF0ZSAtRGF0ZSAiMDEvMDEvMTk3MCIKICAgICRhdHRyaWJ1dGVzID0gQCgpCiAgICBmb3JlYWNoICgkYXR0cmlidXRlIGluICgkaW5mby5BdHRyaWJ1dGVzIC1zcGxpdCAnLCcpKSB7CiAgICAgICAgJGF0dHJpYnV0ZXMgKz0gJGF0dHJpYnV0ZS5UcmltKCkKICAgIH0KCiAgICAjIGRlZmF1bHQgdmFsdWVzIHRoYXQgYXJlIGFsd2F5cyBzZXQsIHNwZWNpZmljIHZhbHVlcyBhcmUgc2V0IGJlbG93IHRoaXMKICAgICMgYnV0IGFyZSBrZXB0IGNvbW1lbnRlZCBmb3IgZWFzaWVyIHJlYWRhYmlsaXR5CiAgICAkc3RhdCA9IEB7CiAgICAgICAgZXhpc3RzID0gJHRydWUKICAgICAgICBhdHRyaWJ1dGVzID0gJGluZm8uQXR0cmlidXRlcy5Ub1N0cmluZygpCiAgICAgICAgaXNhcmNoaXZlID0gKCRhdHRyaWJ1dGVzIC1jb250YWlucyAiQXJjaGl2ZSIpCiAgICAgICAgaXNkaXIgPSAkZmFsc2UKICAgICAgICBpc2hpZGRlbiA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIkhpZGRlbiIpCiAgICAgICAgaXNqdW5jdGlvbiA9ICRmYWxzZQogICAgICAgIGlzbG5rID0gJGZhbHNlCiAgICAgICAgaXNyZWFkb25seSA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIlJlYWRPbmx5IikKICAgICAgICBpc3JlZyA9ICRmYWxzZQogICAgICAgIGlzc2h ScriptBlock ID: 7493d4b3-2271-4b28-b40b-054333441cca Path:	4104	1		3	2	15	0	1883	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4452	1672	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:08 PM	7f70462d-725d-0004-ea6b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (6 of 8): F0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQ ScriptBlock ID: 7493d4b3-2271-4b28-b40b-054333441cca Path:	4104	1		3	2	15	0	1882	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4452	1672	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:08 PM	7f70462d-725d-0004-ea6b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 8): mRsZSk7CiAgICAgICAgICAgICAgICB9ICAgICAgICAgICAgICAgIAogICAgICAgICAgICB9CgogICAgICAgICAgICBpZiAocmVzdWx0LkNvdW50ID4gMSkKICAgICAgICAgICAgICAgIHJldHVybiBuZXcgTGlua0luZm8KICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBUeXBlID0gTGlua1R5cGUuSGFyZExpbmssCiAgICAgICAgICAgICAgICAgICAgSGFyZFRhcmdldHMgPSByZXN1bHQuVG9BcnJheSgpCiAgICAgICAgICAgICAgICB9OwoKICAgICAgICAgICAgcmV0dXJuIG51bGw7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBMaW5rSW5mbyBHZXRSZXBhcnNlUG9pbnRJbmZvKHN0cmluZyBsaW5rUGF0aCkKICAgICAgICB7CiAgICAgICAgICAgIFNhZmVGaWxlSGFuZGxlIGZpbGVIYW5kbGUgPSBDcmVhdGVGaWxlKAogICAgICAgICAgICAgICAgbGlua1BhdGgsCiAgICAgICAgICAgICAgICBGaWxlQWNjZXNzLlJlYWQsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuTm9uZSwKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgRmlsZU1vZGUuT3BlbiwKICAgICAgICAgICAgICAgIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgfCBGSUxFX0ZMQUdfQkFDS1VQX1NFTUFOVElDUywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKTsKCiAgICAgICAgICAgIGlmIChmaWxlSGFuZGxlLklzSW52YWxpZCkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZUZpbGUoezB9KSBmYWlsZWQiLCBsaW5rUGF0aCkpOyAgICAgICAgICAgIAoKICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfR0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICAgICAgMCwKICAgICAgICAgICAgICAgICAgICBvdXQgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIE1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgZm9yIGZpbGUgYXQgezB9IiwgbGlua1BhdGgpKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUuRGlzcG9zZSgpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBib29sIGlzUmVsYXRpdmUgPSBmYWxzZTsKICAgICAgICAgICAgaW50IHBhdGhPZmZzZXQgPSAwOwogICAgICAgICAgICBMaW5rVHlwZSBsaW5rVHlwZTsKICAgICAgICAgICAgaWYgKGJ1ZmZlci5SZXBhcnNlVGFnID09IElPX1JFUEFSU0VfVEFHX1NZTUxJTkspCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFVJbnQzMiBidWZmZXJGbGFncyA9IENvbnZlcnQuVG9VSW50MzIoYnVmZmVyLlBhdGhCdWZmZXJbMF0pICsgQ29udmVydC5Ub1VJbnQzMihidWZmZXIuUGF0aEJ1ZmZlclsxXSk7CiAgICAgICAgICAgICAgICBpZiAoYnVmZmVyRmxhZ3MgPT0gU1lNTElOS19GTEFHX1JFTEFUSVZFKQogICAgICAgICAgICAgICAgICAgIGlzUmVsYXRpdmUgPSB0cnVlOwogICAgICAgICAgICAgICAgcGF0aE9mZnNldCA9IDI7CiAgICAgICAgICAgICAgICBsaW5rVHlwZSA9IExpbmtUeXBlLlN5bWJvbGljTGluazsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlIGlmIChidWZmZXIuUmVwYXJzZVRhZyA9PSBJT19SRVBBUlNFX1RBR19NT1VOVF9QT0lOVCkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgbGlua1R5cGUgPSBMaW5rVHlwZS5KdW5jdGlvblBvaW50OwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIGVycm9yTWVzc2FnZSA9IFN0cmluZy5Gb3JtYXQoIkludmFsaWQgUmVwYXJzZSBUYWc6IHswfSIsIGJ1ZmZlci5SZXBhcnNlVGFnLlRvU3RyaW5nKCkpOwogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEV4Y2VwdGlvbihlcnJvck1lc3NhZ2UpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBzdHJpbmcgcHJpbnROYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlByaW50TmFtZU9mZnNldCAvIFNJWkVfT0ZfV0NIQVIpICsgcGF0aE9mZnNldCwgKGludCkoYnVmZmVyLlByaW50TmFtZUxlbmd0aCAvIFNJWkVfT0ZfV0NIQVIpKTsKICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0IC8gU0laRV9PRl9XQ0hBUikgKyBwYXRoT2Zmc2V0LCAoaW50KShidWZmZXIuU3Vic3RpdHV0ZU5hbWVMZW5ndGggLyBTSVpFX09GX1dDSEFSKSk7CgogICAgICAgICAgICAvLyBUT0RPOiBzaG91bGQgd2UgY2hlY2sgZm9yIFw/XFVOQ1xzZXJ2ZXIgZm9yIGNvbnZlcnQgaXQgdG8gdGhlIE5UIHN0eWxlIFxcc2VydmVyIHBhdGgKICAgICAgICAgICAgLy8gUmVtb3ZlIHRoZSBsZWFkaW5nIFdpbmRvd3Mgb2JqZWN0IGRpcmVjdG9yeSBcP1wgZnJvbSB0aGUgcGF0aCBpZiBwcmVzZW50CiAgICAgICAgICAgIHN0cmluZyB0YXJnZXRQYXRoID0gc3Vic3RpdHV0ZU5hbWU7CiAgICAgICAgICAgIGlmICh0YXJnZXRQYXRoLlN0YXJ0c1dpdGgoIlxcPz9cXCIpKQogICAgICAgICAgICAgICAgdGFyZ2V0UGF0aCA9IHRhcmdldFBhdGguU3Vic3RyaW5nKDQsIHRhcmdldFBhdGguTGVuZ3RoIC0gNCk7CgogICAgICAgICAgICBzdHJpbmcgYWJzb2x1dGVQYXRoID0gdGFyZ2V0UGF0aDsKICAgICAgICAgICAgaWYgKGlzUmVsYXRpdmUpCiAgICAgICAgICAgICAgICBhYnNvbHV0ZVBhdGggPSBQYXRoLkdldEZ1bGxQYXRoKFBhdGguQ29tYmluZShuZXcgRmlsZUluZm8obGlua1BhdGgpLkRpcmVjdG9yeS5GdWxsTmFtZSwgdGFyZ2V0UGF0aCkpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBMaW5rSW5mbwogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBUeXBlID0gbGlua1R5cGUsCiAgICAgICAgICAgICAgICBQcmludE5hbWUgPSBwcmludE5hbWUsCiAgICAgICAgICAgICAgICBTdWJzdGl0dXRlTmFtZSA9IHN1YnN0aXR1dGVOYW1lLAogICAgICAgICAgICAgICAgQWJzb2x1dGVQYXRoID0gYWJzb2x1dGVQYXRoLAogICAgICAgICAgICAgICAgVGFyZ2V0UGF0aCA9IHRhcmdldFBhdGgKICAgICAgICAgICAgfTsKICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIHZvaWQgQ3JlYXRlSnVuY3Rpb25Qb2ludChzdHJpbmcgbGlua1BhdGgsIHN0cmluZyBsaW5rVGFyZ2V0KQogICAgICAgIHsKICAgICAgICAgICAgLy8gV2UgbmVlZCB0byBjcmVhdGUgdGhlIGxpbmsgYXMgYSBkaXIgYmVmb3JlaGFuZAogICAgICAgICAgICBEaXJlY3RvcnkuQ3JlYXRlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgZmlsZUhhbmRsZSA9IENyZWF0ZUZpbGUoCiAgICAgICAgICAgICAgICBsaW5rUGF0aCwKICAgICAgICAgICAgICAgIEZpbGVBY2Nlc3MuV3JpdGUsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuUmVhZCB8IEZpbGVTaGFyZS5Xcml0ZSB8IEZpbGVTaGFyZS5Ob25lLAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICBGaWxlTW9kZS5PcGVuLAogICAgICAgICAgICAgICAgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgfCBGSUxFX0ZMQUdfT1BFTl9SRVBBUlNFX1BPSU5ULAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8pOwoKICAgICAgICAgICAgaWYgKGZpbGVIYW5kbGUuSXNJbnZhbGlkKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlRmlsZSh7MH0pIGZhaWxlZCIsIGxpbmtQYXRoKSk7CgogICAgICAgICAgICB0cnkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gIlxcPz9cXCIgKyBQYXRoLkdldEZ1bGxQYXRoKGxpbmtUYXJnZXQpOwogICAgICAgICAgICAgICAgc3RyaW5nIHByaW50TmFtZSA9IGxpbmtUYXJnZXQ7CgogICAgICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICAgICAgYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0ID0gMDsKICAgICAgICAgICAgICAgIGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCA9IChVSW50MTYpKHN1YnN0aXR1dGVOYW1lLkxlbmd0aCAqIFNJWkVfT0ZfV0NIQVIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZU9mZnNldCA9IChVSW50MTYpKGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCArIDIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZUxlbmd0aCA9IChVSW50MTYpKHByaW50TmFtZS5MZW5ndGggKiBTSVpFX09GX1dDSEFSKTsKCiAgICAgICAgICAgICAgICBidWZmZXIuUmVwYXJzZVRhZyA9IElPX1JFUEFSU0VfVEFHX01PVU5UX1BPSU5UOwogICAgICAgICAgICAgICAgYnVmZmVyLlJlcGFyc2VEYXRhTGVuZ3RoID0gKFVJbnQxNikoYnVmZmVyLlN1YnN0aXR1dGVOYW1lTGVuZ3RoICsgYnVmZmVyLlByaW50TmFtZUxlbmd0aCArIDEyKTsKICAgICAgICAgICAgICAgIGJ1ZmZlci5QYXRoQnVmZmVyID0gbmV3IGNoYXJbTUFYSU1VTV9SRVBBUlNFX0RBVEFfQlVGRkVSX1NJWkVdOwoKICAgICAgICAgICAgICAgIGJ5dGVbXSB1bmljb2RlQnl0ZXMgPSBFbmNvZGluZy5Vbmljb2RlLkdldEJ5dGVzKHN1YnN0aXR1dGVOYW1lICsgIlwwIiArIHByaW50TmFtZSk7CiAgICAgICAgICAgICAgICBjaGFyW10gcGF0aEJ1ZmZlciA9IEVuY29kaW5nLlVuaWNvZGUuR2V0Q2hhcnModW5pY29kZUJ5dGVzKTsKICAgICAgICAgICAgICAgIEFycmF5LkNvcHkocGF0aEJ1ZmZlciwgYnVmZmVyLlBhdGhCdWZmZXIsIHBhdGhCdWZmZXIuTGVuZ3RoKTsKCiAgICAgICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIChVSW50MzIpKGJ1ZmZlci5SZXBhcnNlRGF0YUxlbmd0aCArIDgpLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLCAwLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgdG8gY3JlYXRlIGp1bmN0aW9uIHBvaW50IGF0IHswfSB0byB7MX0iLCBsaW5rUGF0aCwgbGlua1RhcmdldCkpOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZmlsZUhhbmRsZS5EaXNwb3NlKCk7CiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9Cn0KJ0AKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRsaW5rX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKICAgIEltcG9ydC1Qcml2aWxlZ2VVdGlsCiAgICAjIGVuYWJsZSB0aGUgU2VCYWNrdXBQcml2aWxlZ2UgaWYgaXQgaXMgZGlzYWJsZWQKICAgICRzdGF0ZSA9IEdldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQmFja3VwUHJpdmlsZWdlCiAgICBpZiAoJHN0YXRlIC1lcSAkZmFsc2UpIHsKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZSAtTmFtZSBTZUJhY2t1cFByaXZpbGVnZSAtVmFsdWUgJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUxpbmsoJGxpbmtfcGF0aCkgewogICAgJGxpbmtfaW5mbyA9IFtBbnNpYmxlLkxpbmtVdGlsXTo6R2V0TGlua0luZm8oJGxpbmtfcGF0aCkKICAgIHJldHVybiAkbGlua19pbmZvCn0KCkZ1bmN0aW9uIFJlbW92ZS1MaW5rKCRsaW5rX3BhdGgpIHsKICAgIFtBbnNpYmxlLkxpbmtVdGlsXTo6RGVsZXRlTGluaygkbGlua19wYXRoKQp9CgpGdW5jdGlvbiBOZXctTGluaygkbGlua19wYXRoLCAkbGlua190YXJnZXQsICRsaW5rX3R5cGUpIHsKICAgIGlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0KSkgewogICAgICAgIHRocm93ICJsaW5rX3RhcmdldCAnJGxpbmtfdGFyZ2V0JyBkb2VzIG5vdCBleGlzdCwgY2Fubm90IGNyZWF0ZSBsaW5rIgogICAgfQogICAgCiAgICBzd2l0Y2goJGxpbmtfdHlwZSkgewogICAgICAgICJsaW5rIiB7CiAgICAgICAgICAgICR0eXBlID0gW0Fuc2libGUuTGlua1R5cGVdOjpTeW1ib2xpY0xpbmsKICAgICAgICB9CiAgICAgICAgImp1bmN0aW9uIiB7CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGp1bmN0aW9uIHBvaW50IHRvIGEgZmlsZSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SnVuY3Rpb25Qb2ludAogICAgICAgIH0KICAgICAgICAiaGFyZCIgewogICAgICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRsaW5rX3RhcmdldCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGhhcmQgbGluayB0byBhIGRpcmVjdG9yeSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SGFyZExpbmsKICAgICAgICB9CiAgICAgICAgZGVmYXVsdCB7IHRocm93ICJpbnZhbGlkIGxpbmtfdHlwZSBvcHRpb24gJCgkbGlua190eXBlKTogZXhwZWN0aW5nIGxpbmssIGp1bmN0aW9uLCBoYXJkIiB9CiAgICB9CiAgICBbQW5zaWJsZS5MaW5rVXRpbF06OkNyZWF0ZUxpbmsoJGxpbmtfcGF0aCwgJGxpbmtfdGFyZ2V0LCAkdHlwZSkKfQoKIyB0aGlzIGxpbmUgbXVzdCBzdGF5IGF0IHRoZSBib3R0b20gdG8gZW5zdXJlIGFsbCBkZWZpbmVkIG1vZHVsZSBwYXJ0cyBhcmUgZXhwb3J0ZWQKRXhwb3J0LU1vZHVsZU1lbWJlciAtQWxpYXMgKiAtRnVuY3Rpb24gKiAtQ21kbGV0ICoK", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LU ScriptBlock ID: 7493d4b3-2271-4b28-b40b-054333441cca Path:	4104	1		3	2	15	0	1881	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4452	1672	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:08 PM	7f70462d-725d-0004-ea6b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 8): AgfQoKICAgIHB1YmxpYyBjbGFzcyBMaW5rSW5mbwogICAgewogICAgICAgIHB1YmxpYyBMaW5rVHlwZSBUeXBlIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICBwdWJsaWMgc3RyaW5nIFByaW50TmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBTdWJzdGl0dXRlTmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBBYnNvbHV0ZVBhdGggeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIHB1YmxpYyBzdHJpbmcgVGFyZ2V0UGF0aCB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZ1tdIEhhcmRUYXJnZXRzIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgIH0KCiAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICBwdWJsaWMgc3RydWN0IFJFUEFSU0VfREFUQV9CVUZGRVIKICAgIHsKICAgICAgICBwdWJsaWMgVUludDMyIFJlcGFyc2VUYWc7CiAgICAgICAgcHVibGljIFVJbnQxNiBSZXBhcnNlRGF0YUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFJlc2VydmVkOwogICAgICAgIHB1YmxpYyBVSW50MTYgU3Vic3RpdHV0ZU5hbWVPZmZzZXQ7CiAgICAgICAgcHVibGljIFVJbnQxNiBTdWJzdGl0dXRlTmFtZUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZU9mZnNldDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZUxlbmd0aDsKCiAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkJ5VmFsQXJyYXksIFNpemVDb25zdCA9IExpbmtVdGlsLk1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFKV0KICAgICAgICBwdWJsaWMgY2hhcltdIFBhdGhCdWZmZXI7CiAgICB9CgogICAgcHVibGljIGNsYXNzIExpbmtVdGlsCiAgICB7CiAgICAgICAgcHVibGljIGNvbnN0IGludCBNQVhJTVVNX1JFUEFSU0VfREFUQV9CVUZGRVJfU0laRSA9IDEwMjQgKiAxNjsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgPSAweDAyMDAwMDAwOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgPSAweDAwMjAwMDAwOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBGU0NUTF9HRVRfUkVQQVJTRV9QT0lOVCA9IDB4MDAwOTAwQTg7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQgPSAweDAwMDkwMEE0OwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfREVWSUNFX0ZJTEVfU1lTVEVNID0gMHgwMDA5MDAwMDsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgSU9fUkVQQVJTRV9UQUdfTU9VTlRfUE9JTlQgPSAweEEwMDAwMDAzOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIElPX1JFUEFSU0VfVEFHX1NZTUxJTksgPSAweEEwMDAwMDBDOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1MSU5LX0ZMQUdfUkVMQVRJVkUgPSAweDAwMDAwMDAxOwoKICAgICAgICBwcml2YXRlIGNvbnN0IEludDY0IElOVkFMSURfSEFORExFX1ZBTFVFID0gLTE7CgogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIFNJWkVfT0ZfV0NIQVIgPSAyOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRSA9IDB4MDAwMDAwMDA7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgU1lNQk9MSUNfTElOS19GTEFHX0RJUkVDVE9SWSA9IDB4MDAwMDAwMDE7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBTYWZlRmlsZUhhbmRsZSBDcmVhdGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLlU0KV0gRmlsZUFjY2VzcyBkd0Rlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5VNCldIEZpbGVTaGFyZSBkd1NoYXJlTW9kZSwKICAgICAgICAgICAgSW50UHRyIGxwU2VjdXJpdHlBdHRyaWJ1dGVzLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuVTQpXSBGaWxlTW9kZSBkd0NyZWF0aW9uRGlzcG9zaXRpb24sCiAgICAgICAgICAgIFVJbnQzMiBkd0ZsYWdzQW5kQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGhUZW1wbGF0ZUZpbGUpOwoKICAgICAgICAvLyBVc2VkIGJ5IEdldFJlcGFyc2VQb2ludEluZm8oKQogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIERldmljZUlvQ29udHJvbCgKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaERldmljZSwKICAgICAgICAgICAgVUludDMyIGR3SW9Db250cm9sQ29kZSwKICAgICAgICAgICAgSW50UHRyIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgUkVQQVJTRV9EQVRBX0JVRkZFUiBscE91dEJ1ZmZlciwKICAgICAgICAgICAgVUludDMyIG5PdXRCdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgVUludDMyIGxwQnl0ZXNSZXR1cm5lZCwKICAgICAgICAgICAgSW50UHRyIGxwT3ZlcmxhcHBlZCk7CgogICAgICAgIC8vIFVzZWQgYnkgQ3JlYXRlSnVuY3Rpb25Qb2ludCgpCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIGJvb2wgRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICBTYWZlRmlsZUhhbmRsZSBoRGV2aWNlLAogICAgICAgICAgICBVSW50MzIgZHdJb0NvbnRyb2xDb2RlLAogICAgICAgICAgICBSRVBBUlNFX0RBVEFfQlVGRkVSIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBJbnRQdHIgbHBPdXRCdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuT3V0QnVmZmVyU2l6ZSwKICAgICAgICAgICAgb3V0IFVJbnQzMiBscEJ5dGVzUmV0dXJuZWQsCiAgICAgICAgICAgIEludFB0ciBscE92ZXJsYXBwZWQpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBHZXRWb2x1bWVQYXRoTmFtZSgKICAgICAgICAgICAgc3RyaW5nIGxwc3pGaWxlTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscHN6Vm9sdW1lUGF0aE5hbWUsCiAgICAgICAgICAgIHJlZiBVSW50MzIgY2NoQnVmZmVyTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIEludFB0ciBGaW5kRmlyc3RGaWxlTmFtZVcoCiAgICAgICAgICAgIHN0cmluZyBscEZpbGVOYW1lLAogICAgICAgICAgICBVSW50MzIgZHdGbGFncywKICAgICAgICAgICAgcmVmIFVJbnQzMiBTdHJpbmdMZW5ndGgsCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgTGlua05hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBGaW5kTmV4dEZpbGVOYW1lVygKICAgICAgICAgICAgSW50UHRyIGhGaW5kU3RyZWFtLAogICAgICAgICAgICByZWYgVUludDMyIFN0cmluZ0xlbmd0aCwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBMaW5rTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEZpbmRDbG9zZSgKICAgICAgICAgICAgSW50UHRyIGhGaW5kRmlsZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeSgKICAgICAgICAgICAgc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBEZWxldGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIENyZWF0ZVN5bWJvbGljTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwU3ltbGlua0ZpbGVOYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBUYXJnZXRGaWxlTmFtZSwKICAgICAgICAgICAgVUludDMyIGR3RmxhZ3MpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVIYXJkTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwRmlsZU5hbWUsCiAgICAgICAgICAgIHN0cmluZyBscEV4aXN0aW5nRmlsZU5hbWUsCiAgICAgICAgICAgIEludFB0ciBscFNlY3VyaXR5QXR0cmlidXRlcyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgTGlua0luZm8gR2V0TGlua0luZm8oc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rUGF0aCk7CiAgICAgICAgICAgIGlmIChhdHRyLkhhc0ZsYWcoRmlsZUF0dHJpYnV0ZXMuUmVwYXJzZVBvaW50KSkKICAgICAgICAgICAgICAgIHJldHVybiBHZXRSZXBhcnNlUG9pbnRJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIGlmICghYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICByZXR1cm4gR2V0SGFyZExpbmtJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIHJldHVybiBudWxsOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUxpbmsoc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgYm9vbCBzdWNjZXNzOwogICAgICAgICAgICBGaWxlQXR0cmlidXRlcyBhdHRyID0gRmlsZS5HZXRBdHRyaWJ1dGVzKGxpbmtQYXRoKTsKICAgICAgICAgICAgaWYgKGF0dHIuSGFzRmxhZyhGaWxlQXR0cmlidXRlcy5EaXJlY3RvcnkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzdWNjZXNzID0gUmVtb3ZlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIHN1Y2Nlc3MgPSBEZWxldGVGaWxlKGxpbmtQYXRoKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgaWYgKCFzdWNjZXNzKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRmFpbGVkIHRvIGRlbGV0ZSBsaW5rIGF0IHswfSIsIGxpbmtQYXRoKSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgQ3JlYXRlTGluayhzdHJpbmcgbGlua1BhdGgsIFN0cmluZyBsaW5rVGFyZ2V0LCBMaW5rVHlwZSBsaW5rVHlwZSkKICAgICAgICB7CiAgICAgICAgICAgIHN3aXRjaCAobGlua1R5cGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGNhc2UgTGlua1R5cGUuU3ltYm9saWNMaW5rOgogICAgICAgICAgICAgICAgICAgIFVJbnQzMiBsaW5rRmxhZ3M7CiAgICAgICAgICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rVGFyZ2V0KTsKICAgICAgICAgICAgICAgICAgICBpZiAoYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICAgICAgICAgIGxpbmtGbGFncyA9IFNZTUJPTElDX0xJTktfRkxBR19ESVJFQ1RPUlk7CiAgICAgICAgICAgICAgICAgICAgZWxzZQogICAgICAgICAgICAgICAgICAgICAgICBsaW5rRmxhZ3MgPSBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRTsKCiAgICAgICAgICAgICAgICAgICAgaWYgKCFDcmVhdGVTeW1ib2xpY0xpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIGxpbmtGbGFncykpCiAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZVN5bWJvbGljTGluayh7MH0sIHsxfSwgezJ9KSBmYWlsZWQiLCBsaW5rUGF0aCwgbGlua1RhcmdldCwgbGlua0ZsYWdzKSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkp1bmN0aW9uUG9pbnQ6CiAgICAgICAgICAgICAgICAgICAgQ3JlYXRlSnVuY3Rpb25Qb2ludChsaW5rUGF0aCwgbGlua1RhcmdldCk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkhhcmRMaW5rOgogICAgICAgICAgICAgICAgICAgIGlmICghQ3JlYXRlSGFyZExpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlSGFyZExpbmsoezB9LCB7MX0pIGZhaWxlZCIsIGxpbmtQYXRoLCBsaW5rVGFyZ2V0KSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgIH0KICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIExpbmtJbmZvIEdldEhhcmRMaW5rSW5mbyhzdHJpbmcgbGlua1BhdGgpCiAgICAgICAgewogICAgICAgICAgICBVSW50MzIgbWF4UGF0aCA9IDI2MDsKICAgICAgICAgICAgTGlzdDxzdHJpbmc+IHJlc3VsdCA9IG5ldyBMaXN0PHN0cmluZz4oKTsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgc2IgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KW1heFBhdGgpOwogICAgICAgICAgICBVSW50MzIgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgaWYgKCFHZXRWb2x1bWVQYXRoTmFtZShsaW5rUGF0aCwgc2IsIHJlZiBzdHJpbmdMZW5ndGgpKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oIkdldFZvbHVtZVBhdGhOYW1lKCkgZmFpbGVkIik7CiAgICAgICAgICAgIHN0cmluZyB2b2x1bWUgPSBzYi5Ub1N0cmluZygpOwoKICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgSW50UHRyIGZpbmRIYW5kbGUgPSBGaW5kRmlyc3RGaWxlTmFtZVcobGlua1BhdGgsIDAsIHJlZiBzdHJpbmdMZW5ndGgsIHNiKTsKICAgICAgICAgICAgaWYgKGZpbmRIYW5kbGUuVG9JbnQ2NCgpICE9IElOVkFMSURfSEFORExFX1ZBTFVFKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBkbwogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nIGhhcmRMaW5rUGF0aCA9IHNiLlRvU3RyaW5nKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChoYXJkTGlua1BhdGguU3RhcnRzV2l0aCgiXFwiKSkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIGhhcmRMaW5rUGF0aCA9IGhhcmRMaW5rUGF0aC5TdWJzdHJpbmcoMSwgaGFyZExpbmtQYXRoLkxlbmd0aCAtIDEpOwoKICAgICAgICAgICAgICAgICAgICAgICAgcmVzdWx0LkFkZChQYXRoLkNvbWJpbmUodm9sdW1lLCBoYXJkTGlua1BhdGgpKTsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKCiAgICAgICAgICAgICAgICAgICAgfSB3aGlsZSAoRmluZE5leHRGaWxlTmFtZVcoZmluZEhhbmRsZSwgcmVmIHN0cmluZ0xlbmd0aCwgc2IpKTsKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBGaW5kQ2xvc2UoZmluZEhhb ScriptBlock ID: 7493d4b3-2271-4b28-b40b-054333441cca Path:	4104	1		3	2	15	0	1880	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4452	1672	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:08 PM	7f70462d-725d-0004-ea6b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 8): yeShwID0+IEdldFByaXZpbGVnZU5hbWUocC5MdWlkKSwgcCA9PiAoYm9vbD8pcC5BdHRyaWJ1dGVzLkhhc0ZsYWcoUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBzdHJpbmcgR2V0UHJpdmlsZWdlTmFtZShOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZCkKICAgICAgICB7CiAgICAgICAgICAgIFVJbnQzMiBuYW1lTGVuID0gMDsKICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5Mb29rdXBQcml2aWxlZ2VOYW1lKG51bGwsIHJlZiBsdWlkLCBudWxsLCByZWYgbmFtZUxlbik7CgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIG5hbWUgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KShuYW1lTGVuICsgMSkpOwogICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuTG9va3VwUHJpdmlsZWdlTmFtZShudWxsLCByZWYgbHVpZCwgbmFtZSwgcmVmIG5hbWVMZW4pKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJMb29rdXBQcml2aWxlZ2VOYW1lKCkgZmFpbGVkIik7CgogICAgICAgICAgICByZXR1cm4gbmFtZS5Ub1N0cmluZygpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBQdHJUb1N0cnVjdHVyZUFycmF5PFQ+KFRbXSBhcnJheSwgSW50UHRyIHB0cikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBwdHJPZmZzZXQgPSBwdHI7CiAgICAgICAgICAgIGZvciAoaW50IGkgPSAwOyBpIDwgYXJyYXkuTGVuZ3RoOyBpKyssIHB0ck9mZnNldCA9IEludFB0ci5BZGQocHRyT2Zmc2V0LCBNYXJzaGFsLlNpemVPZih0eXBlb2YoVCkpKSkKICAgICAgICAgICAgICAgIGFycmF5W2ldID0gKFQpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShwdHJPZmZzZXQsIHR5cGVvZihUKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBpbnQgU3RydWN0dXJlVG9CeXRlczxUPihUIHN0cnVjdHVyZSwgYnl0ZVtdIGFycmF5LCBpbnQgb2Zmc2V0KQogICAgICAgIHsKICAgICAgICAgICAgaW50IHNpemUgPSBNYXJzaGFsLlNpemVPZihzdHJ1Y3R1cmUpOwogICAgICAgICAgICBJbnRQdHIgc3RydWN0UHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoc2l6ZSk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBNYXJzaGFsLlN0cnVjdHVyZVRvUHRyKHN0cnVjdHVyZSwgc3RydWN0UHRyLCBmYWxzZSk7CiAgICAgICAgICAgICAgICBNYXJzaGFsLkNvcHkoc3RydWN0UHRyLCBhcnJheSwgb2Zmc2V0LCBzaXplKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwoc3RydWN0UHRyKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgcmV0dXJuIHNpemU7CiAgICAgICAgfQogICAgfQp9CidACgpGdW5jdGlvbiBJbXBvcnQtUHJpdmlsZWdlVXRpbCB7CiAgICA8IwogICAgLlNZTk9QU0lTCiAgICBDb21waWxlcyB0aGUgQyMgY29kZSB0aGF0IGNhbiBiZSB1c2VkIHRvIG1hbmFnZSBXaW5kb3dzIHByaXZpbGVnZXMgZnJvbSBhbgogICAgQW5zaWJsZSBtb2R1bGUuIE9uY2UgdGhpcyBmdW5jdGlvbiBpcyBjYWxsZWQsIHRoZSBmb2xsb3dpbmcgUG93ZXJTaGVsbAogICAgY21kbGV0cyBjYW4gYmUgdXNlZDsKCiAgICAgICAgR2V0LUFuc2libGVQcml2aWxlZ2UKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZQoKICAgIFRoZSBhYm92ZSBjbWRsZXRzIGdpdmUgdGhlIGFiaWxpdHkgdG8gbWFuYWdlIHBlcm1pc3Npb25zIG9uIHRoZSBjdXJyZW50CiAgICBwcm9jZXNzIHRva2VuIGJ1dCB0aGUgdW5kZXJseWluZyAuTkVUIGNsYXNzZXMgYXJlIGFsc28gZXhwb3NlZCBmb3IgZ3JlYXRlcgogICAgY29udHJvbC4gVGhlIGZvbGxvd2luZyBmdW5jdGlvbnMgY2FuIGJlIHVzZWQgYnkgY2FsbGluZyB0aGUgLk5FVCBjbGFzcwoKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkbmFtZSkKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkRpc2FibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6RGlzYWJsZUFsbFByaXZpbGVnZXMoJHByb2Nlc3MpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpFbmFibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2VzcykKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OlJlbW92ZVByaXZpbGVnZSgkcHJvY2VzcywgJG5hbWUpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3MsICRuZXdfc3RhdGUpCgogICAgSGVyZSBpcyBhIGJyaWVmIGV4cGxhbmF0aW9uIG9mIGVhY2ggdHlwZSBvZiBhcmcKICAgICRwcm9jZXNzID0gVGhlIHByb2Nlc3MgaGFuZGxlIHRvIG1hbmlwdWxhdGUsIHVzZSAnW0Fuc2libGUuUHJpdmlsZWdlVXRpbHMuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCknIHRvIGdldCB0aGUgY3VycmVudCBwcm9jZXNzIGhhbmRsZQogICAgJG5hbWUgPSBUaGUgbmFtZSBvZiB0aGUgcHJpdmlsZWdlLCB0aGlzIGlzIHRoZSBjb25zdGFudCB2YWx1ZSBmcm9tIGh0dHBzOi8vZG9jcy5taWNyb3NvZnQuY29tL2VuLXVzL3dpbmRvd3MvZGVza3RvcC9TZWNBdXRoWi9wcml2aWxlZ2UtY29uc3RhbnRzLCBlLmcuIFNlQXVkaXRQcml2aWxlZ2UKICAgICRuZXdfc3RhdGUgPSAnU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuRGljdGlvbmFyeWAyW1tTeXN0ZW0uU3RyaW5nXSwgW1N5c3RlbS5OdWxsYWJsZWAxW1N5c3RlbS5Cb29sZWFuXV1dJwogICAgICAgIFRoZSBrZXkgaXMgdGhlIGNvbnN0YW50IG5hbWUgYXMgYSBzdHJpbmcsIHRoZSB2YWx1ZSBpcyBhIHRlcm5hcnkgYm9vbGVhbiB3aGVyZQogICAgICAgICAgICB0cnVlIC0gd2lsbCBlbmFibGUgdGhlIHByaXZpbGVnZQogICAgICAgICAgICBmYWxzZSAtIHdpbGwgZGlzYWJsZSB0aGUgcHJpdmlsZWdlCiAgICAgICAgICAgIG51bGwgLSB3aWxsIHJlbW92ZSB0aGUgcHJpdmlsZWdlCgogICAgRWFjaCBtZXRob2QgdGhhdCBjaGFuZ2VzIHRoZSBwcml2aWxlZ2Ugc3RhdGUgd2lsbCByZXR1cm4gYSBkaWN0aW9uYXJ5IHRoYXQKICAgIGNhbiBiZSB1c2VkIGFzIHRoZSAkbmV3X3N0YXRlIGFyZyBvZiBTZXRUb2tlblByaXZpbGVnZXMgdG8gdW5kbyBhbmQgcmV2ZXJ0CiAgICBiYWNrIHRvIHRoZSBvcmlnaW5hbCBzdGF0ZS4gSWYgeW91IHJlbW92ZSBhIHByaXZpbGVnZSB0aGVuIHRoaXMgaXMKICAgIGlycmV2ZXJzaWJsZSBhbmQgd29uJ3QgYmUgcGFydCBvZiB0aGUgcmV0dXJuZWQgZGljdAogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICAjIGJ1aWxkIHRoZSBDIyBjb2RlIHRvIGNvbXBpbGUKICAgICRuYW1lc3BhY2VfaW1wb3J0ID0gKCRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX25hbWVzcGFjZXMgfCBGb3JFYWNoLU9iamVjdCB7ICJ1c2luZyAkXzsiIH0pIC1qb2luICJgcmBuIgogICAgJHBsYXRmb3JtX3V0aWwgPSAiJG5hbWVzcGFjZV9pbXBvcnRgcmBuYHJgbiRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGUiCgogICAgIyBGVVRVUkU6IGZpbmQgYSBiZXR0ZXIgd2F5IHRvIGdldCB0aGUgX2Fuc2libGVfcmVtb3RlX3RtcCB2YXJpYWJsZQogICAgIyB0aGlzIGlzIHVzZWQgdG8gZm9yY2UgY3NjIHRvIGNvbXBpbGUgdGhlIEMjIGNvZGUgaW4gdGhlIHJlbW90ZSB0bXAKICAgICMgc3BlY2lmaWVkCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwbGF0Zm9ybV91dGlsCiAgICAkZW52OlRNUCA9ICRvcmlnaW5hbF90bXAKfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQcml2aWxlZ2UgewogICAgPCMKICAgIC5TWU5PUFNJUwogICAgR2V0IHRoZSBzdGF0dXMgb2YgYSBwcml2aWxlZ2UgZm9yIHRoZSBjdXJyZW50IHByb2Nlc3MuIFRoaXMgcmV0dXJucwogICAgICAgICR0cnVlIC0gdGhlIHByaXZpbGVnZSBpcyBlbmFibGVkCiAgICAgICAgJGZhbHNlIC0gdGhlIHByaXZpbGVnZSBpcyBkaXNhYmxlZAogICAgICAgICRudWxsIC0gdGhlIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gdGhlIHRva2VuCgogICAgSWYgTmFtZSBpcyBub3QgYSB2YWxpZCBwcml2aWxlZ2UgbmFtZSwgdGhpcyB3aWxsIHRocm93IGFuCiAgICBBcmd1bWVudEV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VEZWJ1Z1ByaXZpbGVnZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZQogICAgKQoKICAgIGlmICgtbm90IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkTmFtZSkpIHsKICAgICAgICB0aHJvdyBbU3lzdGVtLkFyZ3VtZW50RXhjZXB0aW9uXSAiSW52YWxpZCBwcml2aWxlZ2UgbmFtZSAnJE5hbWUnIgogICAgfQoKICAgICRwcm9jZXNzX3Rva2VuID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0Q3VycmVudFByb2Nlc3MoKQogICAgJHByaXZpbGVnZV9pbmZvID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2Vzc190b2tlbikKICAgIGlmICgkcHJpdmlsZWdlX2luZm8uQ29udGFpbnNLZXkoJE5hbWUpKSB7CiAgICAgICAgJHN0YXR1cyA9ICRwcml2aWxlZ2VfaW5mby4kTmFtZQogICAgICAgIHJldHVybiAkc3RhdHVzLkhhc0ZsYWcoW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VBdHRyaWJ1dGVzXTo6RW5hYmxlZCkKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRudWxsCiAgICB9Cn0KCkZ1bmN0aW9uIFNldC1BbnNpYmxlUHJpdmlsZWdlIHsKICAgIDwjCiAgICAuU1lOT1BTSVMKICAgIEVuYWJsZXMvRGlzYWJsZXMgYSBwcml2aWxlZ2Ugb24gdGhlIGN1cnJlbnQgcHJvY2VzcycgdG9rZW4uIElmIGEgcHJpdmlsZWdlCiAgICBoYXMgYmVlbiByZW1vdmVkIGZyb20gdGhlIHByb2Nlc3MgdG9rZW4sIHRoaXMgd2lsbCB0aHJvdyBhbgogICAgSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgIyBlbmFibGUgYSBwcml2aWxlZ2UKICAgIFNldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQ3JlYXRlU3ltYm9saWNMaW5rUHJpdmlsZWdlIC1WYWx1ZSAkdHJ1ZQoKICAgICMgZGlzYWJsZSBhIHByaXZpbGVnZQogICAgU2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VDcmVhdGVTeW1ib2xpY0xpbmtQcml2aWxlZ2UgLVZhbHVlICRmYWxzZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKFN1cHBvcnRzU2hvdWxkUHJvY2VzcyldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZSwKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW2Jvb2xdJFZhbHVlCiAgICApCgogICAgJGFjdGlvbiA9IHN3aXRjaCgkVmFsdWUpIHsKICAgICAgICAkdHJ1ZSB7ICJFbmFibGUiIH0KICAgICAgICAkZmFsc2UgeyAiRGlzYWJsZSIgfQogICAgfQoKICAgICRjdXJyZW50X3N0YXRlID0gR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgJE5hbWUKICAgIGlmICgkY3VycmVudF9zdGF0ZSAtZXEgJFZhbHVlKSB7CiAgICAgICAgcmV0dXJuICAjIG5vIGNoYW5nZSBuZWVkcyB0byBvY2N1cgogICAgfSBlbHNlaWYgKCRudWxsIC1lcSAkY3VycmVudF9zdGF0ZSkgewogICAgICAgICMgb25jZSBhIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gYSB0b2tlbiB3ZSBjYW5ub3QgZG8gYW55dGhpbmcgd2l0aCBpdAogICAgICAgIHRocm93IFtTeXN0ZW0uSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbl0gIkNhbm5vdCAkKCRhY3Rpb24uVG9Mb3dlcigpKSB0aGUgcHJpdmlsZWdlICckTmFtZScgYXMgaXQgaGFzIGJlZW4gcmVtb3ZlZCBmcm9tIHRoZSB0b2tlbiIKICAgIH0KCiAgICAkcHJvY2Vzc190b2tlbiA9IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCkKICAgIGlmICgkUFNDbWRsZXQuU2hvdWxkUHJvY2VzcygkTmFtZSwgIiRhY3Rpb24gdGhlIHByaXZpbGVnZSAkTmFtZSIpKSB7CiAgICAgICAgJG5ld19zdGF0ZSA9IE5ldy1PYmplY3QgLVR5cGVOYW1lICdTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5EaWN0aW9uYXJ5YDJbW1N5c3RlbS5TdHJpbmddLCBbU3lzdGVtLk51bGxhYmxlYDFbU3lzdGVtLkJvb2xlYW5dXV0nCiAgICAgICAgJG5ld19zdGF0ZS5BZGQoJE5hbWUsICRWYWx1ZSkKICAgICAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3NfdG9rZW4sICRuZXdfc3RhdGUpID4gJG51bGwKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gSW1wb3J0LVByaXZpbGVnZVV0aWwsIEdldC1BbnNpYmxlUHJpdmlsZWdlLCBTZXQtQW5zaWJsZVByaXZpbGVnZSBgCiAgICAtVmFyaWFibGUgYW5zaWJsZV9wcml2aWxlZ2VfdXRpbF9uYW1lc3BhY2VzLCBhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGU=", "Ansible.ModuleUtils.LinkUtil": "ICMgQ29weXJpZ2h0IChjKSAyMDE3IEFuc2libGUgUHJvamVjdAogIyBTaW1wbGlmaWVkIEJTRCBMaWNlbnNlIChzZWUgbGljZW5zZXMvc2ltcGxpZmllZF9ic2QudHh0IG9yIGh0dHBzOi8vb3BlbnNvdXJjZS5vcmcvbGljZW5zZXMvQlNELTItQ2xhdXNlKQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Qcml2aWxlZ2VVdGlsCgpGdW5jdGlvbiBMb2FkLUxpbmtVdGlscygpIHsKICAgICRsaW5rX3V0aWwgPSBAJwp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWM7CnVzaW5nIFN5c3RlbS5JTzsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwp1c2luZyBTeXN0ZW0uVGV4dDsKCm5hbWVzcGFjZSBBbnNpYmxlCnsKICAgIHB1YmxpYyBlbnVtIExpbmtUeXBlCiAgICB7CiAgICAgICAgU3ltYm9saWNMaW5rLAogICAgICAgIEp1bmN0aW9uUG9pbnQsCiAgICAgICAgSGFyZExpbmsKICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CgogICAgICAgIHB1YmxpYyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIExpbmtVdGlsV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgb3ZlcnJpZGUgc3RyaW5nIE1lc3NhZ2UgeyBnZXQgeyByZXR1cm4gX21zZzsgfSB9CiAgICAgICAgcHVibGljIHN0YXRpYyBleHBsaWNpdCBvcGVyYXRvciBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogIC ScriptBlock ID: 7493d4b3-2271-4b28-b40b-054333441cca Path:	4104	1		3	2	15	0	1879	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4452	1672	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:08 PM	7f70462d-725d-0004-ea6b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 8): bmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IEdldEFsbFByaXZpbGVnZUluZm8oU2FmZUhhbmRsZSB0b2tlbikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBoVG9rZW4gPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLk9wZW5Qcm9jZXNzVG9rZW4odG9rZW4sIFRva2VuQWNjZXNzTGV2ZWxzLlF1ZXJ5LCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiT3BlblByb2Nlc3NUb2tlbigpIGZhaWxlZCIpOwoKICAgICAgICAgICAgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IGluZm8gPSBuZXcgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+KCk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBVSW50MzIgdG9rZW5MZW5ndGggPSAwOwogICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5HZXRUb2tlbkluZm9ybWF0aW9uKGhUb2tlbiwgVE9LRU5fUFJJVklMRUdFUywgSW50UHRyLlplcm8sIDAsIG91dCB0b2tlbkxlbmd0aCk7CgogICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlczsKICAgICAgICAgICAgICAgIEludFB0ciBwcml2aWxlZ2VzUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoKGludCl0b2tlbkxlbmd0aCk7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuR2V0VG9rZW5JbmZvcm1hdGlvbihoVG9rZW4sIFRPS0VOX1BSSVZJTEVHRVMsIHByaXZpbGVnZXNQdHIsIHRva2VuTGVuZ3RoLCBvdXQgdG9rZW5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkdldFRva2VuSW5mb3JtYXRpb24oKSBmb3IgVE9LRU5fUFJJVklMRUdFUyBmYWlsZWQiKTsKCiAgICAgICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTIHByaXZpbGVnZUluZm8gPSAoTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTKU1hcnNoYWwuUHRyVG9TdHJ1Y3R1cmUocHJpdmlsZWdlc1B0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgIHByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW3ByaXZpbGVnZUluZm8uUHJpdmlsZWdlQ291bnRdOwogICAgICAgICAgICAgICAgICAgIFB0clRvU3RydWN0dXJlQXJyYXkocHJpdmlsZWdlcywgSW50UHRyLkFkZChwcml2aWxlZ2VzUHRyLCBNYXJzaGFsLlNpemVPZihwcml2aWxlZ2VJbmZvLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwocHJpdmlsZWdlc1B0cik7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgaW5mbyA9IHByaXZpbGVnZXMuVG9EaWN0aW9uYXJ5KHAgPT4gR2V0UHJpdmlsZWdlTmFtZShwLkx1aWQpLCBwID0+IHAuQXR0cmlidXRlcyk7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBOYXRpdmVNZXRob2RzLkNsb3NlSGFuZGxlKGhUb2tlbik7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgcmV0dXJuIGluZm87CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIFNhZmVXYWl0SGFuZGxlIEdldEN1cnJlbnRQcm9jZXNzKCkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBOYXRpdmVNZXRob2RzLkdldEN1cnJlbnRQcm9jZXNzKCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgUmVtb3ZlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgbnVsbCB9IH0pOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IFNldFRva2VuUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuLCBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IHN0YXRlKQogICAgICAgIHsKICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlQXR0ciA9IG5ldyBOYXRpdmVIZWxwZXJzLkxVSURfQU5EX0FUVFJJQlVURVNbc3RhdGUuQ291bnRdOwogICAgICAgICAgICBpbnQgaSA9IDA7CgogICAgICAgICAgICBmb3JlYWNoIChLZXlWYWx1ZVBhaXI8c3RyaW5nLCBib29sPz4gZW50cnkgaW4gc3RhdGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRCBsdWlkOwogICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIGVudHJ5LktleSwgb3V0IGx1aWQpKQogICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJMb29rdXBQcml2aWxlZ2VWYWx1ZSh7MH0pIGZhaWxlZCIsIGVudHJ5LktleSkpOwoKICAgICAgICAgICAgICAgIFByaXZpbGVnZUF0dHJpYnV0ZXMgYXR0cmlidXRlczsKICAgICAgICAgICAgICAgIHN3aXRjaCAoZW50cnkuVmFsdWUpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgY2FzZSB0cnVlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkOwogICAgICAgICAgICAgICAgICAgICAgICBicmVhazsKICAgICAgICAgICAgICAgICAgICBjYXNlIGZhbHNlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5EaXNhYmxlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICAgICAgZGVmYXVsdDoKICAgICAgICAgICAgICAgICAgICAgICAgYXR0cmlidXRlcyA9IFByaXZpbGVnZUF0dHJpYnV0ZXMuUmVtb3ZlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgcHJpdmlsZWdlQXR0cltpXS5MdWlkID0gbHVpZDsKICAgICAgICAgICAgICAgIHByaXZpbGVnZUF0dHJbaV0uQXR0cmlidXRlcyA9IGF0dHJpYnV0ZXM7CiAgICAgICAgICAgICAgICBpKys7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHJldHVybiBBZGp1c3RUb2tlblByaXZpbGVnZXModG9rZW4sIHByaXZpbGVnZUF0dHIpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBBZGp1c3RUb2tlblByaXZpbGVnZXMoU2FmZUhhbmRsZSB0b2tlbiwgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gbmV3U3RhdGUpCiAgICAgICAgewogICAgICAgICAgICBib29sIGRpc2FibGVBbGxQcml2aWxlZ2VzOwogICAgICAgICAgICBJbnRQdHIgbmV3U3RhdGVQdHI7CiAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1tdIG9sZFN0YXRlUHJpdmlsZWdlczsKICAgICAgICAgICAgVUludDMyIHJldHVybkxlbmd0aDsKCiAgICAgICAgICAgIGlmIChuZXdTdGF0ZSA9PSBudWxsKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBkaXNhYmxlQWxsUHJpdmlsZWdlcyA9IHRydWU7CiAgICAgICAgICAgICAgICBuZXdTdGF0ZVB0ciA9IEludFB0ci5aZXJvOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZGlzYWJsZUFsbFByaXZpbGVnZXMgPSBmYWxzZTsKCiAgICAgICAgICAgICAgICAvLyBOZWVkIHRvIG1hbnVhbGx5IG1hcnNoYWwgdGhlIGJ5dGVzIHJlcXVpcmVzIGZvciBuZXdTdGF0ZSBhcyB0aGUgY29uc3RhbnQgc2l6ZQogICAgICAgICAgICAgICAgLy8gb2YgTFVJRF9BTkRfQVRUUklCVVRFUyBpcyBzZXQgdG8gMSBhbmQgY2FuJ3QgYmUgb3ZlcnJpZGRlbiBhdCBydW50aW1lLCBUT0tFTl9QUklWSUxFR0VTCiAgICAgICAgICAgICAgICAvLyBhbHdheXMgY29udGFpbnMgYXQgbGVhc3QgMSBlbnRyeSBzbyB3ZSBuZWVkIHRvIGNhbGN1bGF0ZSB0aGUgZXh0cmEgc2l6ZSBpZiB0aGVyZSBhcmUKICAgICAgICAgICAgICAgIC8vIG5vcmUgdGhhbiAxIExVSURfQU5EX0FUVFJJQlVURVMgZW50cnkKICAgICAgICAgICAgICAgIGludCB0b2tlblByaXZpbGVnZXNTaXplID0gTWFyc2hhbC5TaXplT2YodHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgaW50IGx1aWRBdHRyU2l6ZSA9IDA7CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMSkKICAgICAgICAgICAgICAgICAgICBsdWlkQXR0clNpemUgPSBNYXJzaGFsLlNpemVPZih0eXBlb2YoTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTKSkgKiAobmV3U3RhdGUuTGVuZ3RoIC0gMSk7CiAgICAgICAgICAgICAgICBpbnQgdG90YWxTaXplID0gdG9rZW5Qcml2aWxlZ2VzU2l6ZSArIGx1aWRBdHRyU2l6ZTsKICAgICAgICAgICAgICAgIGJ5dGVbXSBuZXdTdGF0ZUJ5dGVzID0gbmV3IGJ5dGVbdG90YWxTaXplXTsKCiAgICAgICAgICAgICAgICAvLyBnZXQgdGhlIGZpcnN0IGVudHJ5IHRoYXQgaW5jbHVkZXMgdGhlIHN0cnVjdCBkZXRhaWxzCiAgICAgICAgICAgICAgICBOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMgdG9rZW5Qcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUygpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgUHJpdmlsZWdlQ291bnQgPSAoVUludDMyKW5ld1N0YXRlLkxlbmd0aCwKICAgICAgICAgICAgICAgICAgICBQcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1sxXSwKICAgICAgICAgICAgICAgIH07CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMCkKICAgICAgICAgICAgICAgICAgICB0b2tlblByaXZpbGVnZXMuUHJpdmlsZWdlc1swXSA9IG5ld1N0YXRlWzBdOwogICAgICAgICAgICAgICAgaW50IG9mZnNldCA9IFN0cnVjdHVyZVRvQnl0ZXModG9rZW5Qcml2aWxlZ2VzLCBuZXdTdGF0ZUJ5dGVzLCAwKTsKCiAgICAgICAgICAgICAgICAvLyBjb3B5IHRoZSByZW1haW5pbmcgTFVJRF9BTkRfQVRUUklCVVRFUyAoaWYgYW55KQogICAgICAgICAgICAgICAgZm9yIChpbnQgaSA9IDE7IGkgPCBuZXdTdGF0ZS5MZW5ndGg7IGkrKykKICAgICAgICAgICAgICAgICAgICBvZmZzZXQgKz0gU3RydWN0dXJlVG9CeXRlcyhuZXdTdGF0ZVtpXSwgbmV3U3RhdGVCeXRlcywgb2Zmc2V0KTsKCiAgICAgICAgICAgICAgICAvLyBmaW5hbGx5IGNyZWF0ZSB0aGUgcG9pbnRlciB0byB0aGUgYnl0ZSBhcnJheSB3ZSBqdXN0IGNyZWF0ZWQKICAgICAgICAgICAgICAgIG5ld1N0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwobmV3U3RhdGVCeXRlcy5MZW5ndGgpOwogICAgICAgICAgICAgICAgTWFyc2hhbC5Db3B5KG5ld1N0YXRlQnl0ZXMsIDAsIG5ld1N0YXRlUHRyLCBuZXdTdGF0ZUJ5dGVzLkxlbmd0aCk7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBJbnRQdHIgaFRva2VuID0gSW50UHRyLlplcm87CiAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuT3BlblByb2Nlc3NUb2tlbih0b2tlbiwgVG9rZW5BY2Nlc3NMZXZlbHMuUXVlcnkgfCBUb2tlbkFjY2Vzc0xldmVscy5BZGp1c3RQcml2aWxlZ2VzLCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIk9wZW5Qcm9jZXNzVG9rZW4oKSBmYWlsZWQgd2l0aCBRdWVyeSBhbmQgQWRqdXN0UHJpdmlsZWdlcyIpOwogICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgSW50UHRyIG9sZFN0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoMCk7CiAgICAgICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkFkanVzdFRva2VuUHJpdmlsZWdlcyhoVG9rZW4sIGRpc2FibGVBbGxQcml2aWxlZ2VzLCBuZXdTdGF0ZVB0ciwgMCwgb2xkU3RhdGVQdHIsIG91dCByZXR1cm5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChlcnJDb2RlICE9IDEyMikgLy8gRVJST1JfSU5TVUZGSUNJRU5UX0JVRkZFUgogICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKGVyckNvZGUsICJBZGp1c3RUb2tlblByaXZpbGVnZXMoKSBmYWlsZWQgdG8gZ2V0IG9sZCBzdGF0ZSBzaXplIik7CiAgICAgICAgICAgICAgICAgICAgfQoKICAgICAgICAgICAgICAgICAgICAvLyByZXNpemUgdGhlIG9sZFN0YXRlUHRyIGJhc2VkIG9uIHRoZSBsZW5ndGggcmV0dXJuZWQgZnJvbSBXaW5kb3dzCiAgICAgICAgICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChvbGRTdGF0ZVB0cik7CiAgICAgICAgICAgICAgICAgICAgb2xkU3RhdGVQdHIgPSBNYXJzaGFsLkFsbG9jSEdsb2JhbCgoaW50KXJldHVybkxlbmd0aCk7CiAgICAgICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBib29sIHJlcyA9IE5hdGl2ZU1ldGhvZHMuQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKGhUb2tlbiwgZGlzYWJsZUFsbFByaXZpbGVnZXMsIG5ld1N0YXRlUHRyLCByZXR1cm5MZW5ndGgsIG9sZFN0YXRlUHRyLCBvdXQgcmV0dXJuTGVuZ3RoKTsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBldmVuIHdoZW4gcmVzID09IHRydWUsIEVSUk9SX05PVF9BTExfQVNTSUdORUQgbWF5IGJlIHNldCBhcyB0aGUgbGFzdCBlcnJvciBjb2RlCiAgICAgICAgICAgICAgICAgICAgICAgIGlmICghcmVzIHx8IGVyckNvZGUgIT0gMCkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihlcnJDb2RlLCAiQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKCkgZmFpbGVkIik7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBNYXJzaGFsIHRoZSBvbGRTdGF0ZVB0ciB0byB0aGUgc3RydWN0CiAgICAgICAgICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUyBvbGRTdGF0ZSA9IChOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShvbGRTdGF0ZVB0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgICAgICBvbGRTdGF0ZVByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW29sZFN0YXRlLlByaXZpbGVnZUNvdW50XTsKICAgICAgICAgICAgICAgICAgICAgICAgUHRyVG9TdHJ1Y3R1cmVBcnJheShvbGRTdGF0ZVByaXZpbGVnZXMsIEludFB0ci5BZGQob2xkU3RhdGVQdHIsIE1hcnNoYWwuU2l6ZU9mKG9sZFN0YXRlLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBNYXJzaGFsLkZyZWVIR2xvYmFsKG9sZFN0YXRlUHRyKTsKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5DbG9zZUhhbmRsZShoVG9rZW4pOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaWYgKG5ld1N0YXRlUHRyICE9IEludFB0ci5aZXJvKQogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwobmV3U3RhdGVQdHIpOwogICAgICAgICAgICB9CgogICAgICAgICAgICByZXR1cm4gb2xkU3RhdGVQcml2aWxlZ2VzLlRvRGljdGlvbmF ScriptBlock ID: 7493d4b3-2271-4b28-b40b-054333441cca Path:	4104	1		3	2	15	0	1878	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4452	1672	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:08 PM	7f70462d-725d-0004-ea6b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 8): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.PrivilegeUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTggQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiMgc3RvcmUgaW4gc2VwYXJhdGUgdmFyaWFibGVzIHRvIG1ha2UgaXQgZWFzaWVyIGZvciBvdGhlciBtb2R1bGVfdXRpbHMgdG8KIyBzaGFyZSB0aGlzIGNvZGUgaW4gdGhlaXIgb3duIGMjIGNvZGUKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfbmFtZXNwYWNlcyA9IEAoCiAgICAiTWljcm9zb2Z0LldpbjMyLlNhZmVIYW5kbGVzIiwKICAgICJTeXN0ZW0iLAogICAgIlN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljIiwKICAgICJTeXN0ZW0uTGlucSIsCiAgICAiU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzIiwKICAgICJTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsIiwKICAgICJTeXN0ZW0uVGV4dCIKKQoKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfY29kZSA9IEAnCm5hbWVzcGFjZSBBbnNpYmxlLlByaXZpbGVnZVV0aWwKewogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gUHJpdmlsZWdlQXR0cmlidXRlcyA6IHVpbnQKICAgIHsKICAgICAgICBEaXNhYmxlZCA9IDB4MDAwMDAwMDAsCiAgICAgICAgRW5hYmxlZEJ5RGVmYXVsdCA9IDB4MDAwMDAwMDEsCiAgICAgICAgRW5hYmxlZCA9IDB4MDAwMDAwMDIsCiAgICAgICAgUmVtb3ZlZCA9IDB4MDAwMDAwMDQsCiAgICAgICAgVXNlZEZvckFjY2VzcyA9IDB4ODAwMDAwMDAsCiAgICB9CgogICAgaW50ZXJuYWwgY2xhc3MgTmF0aXZlSGVscGVycwogICAgewogICAgICAgIFtTdHJ1Y3RMYXlvdXQoTGF5b3V0S2luZC5TZXF1ZW50aWFsKV0KICAgICAgICBpbnRlcm5hbCBzdHJ1Y3QgTFVJRAogICAgICAgIHsKICAgICAgICAgICAgcHVibGljIFVJbnQzMiBMb3dQYXJ0OwogICAgICAgICAgICBwdWJsaWMgSW50MzIgSGlnaFBhcnQ7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IExVSURfQU5EX0FUVFJJQlVURVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBMVUlEIEx1aWQ7CiAgICAgICAgICAgIHB1YmxpYyBQcml2aWxlZ2VBdHRyaWJ1dGVzIEF0dHJpYnV0ZXM7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IFRPS0VOX1BSSVZJTEVHRVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBVSW50MzIgUHJpdmlsZWdlQ291bnQ7CiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5CeVZhbEFycmF5LCBTaXplQ29uc3QgPSAxKV0KICAgICAgICAgICAgcHVibGljIExVSURfQU5EX0FUVFJJQlVURVNbXSBQcml2aWxlZ2VzOwogICAgICAgIH0KICAgIH0KCiAgICBpbnRlcm5hbCBjbGFzcyBOYXRpdmVNZXRob2RzCiAgICB7CiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIEFkanVzdFRva2VuUHJpdmlsZWdlcygKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuQm9vbCldIGJvb2wgRGlzYWJsZUFsbFByaXZpbGVnZXMsCiAgICAgICAgICAgIEludFB0ciBOZXdTdGF0ZSwKICAgICAgICAgICAgVUludDMyIEJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgSW50UHRyIFByZXZpb3VzU3RhdGUsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIENsb3NlSGFuZGxlKAogICAgICAgICAgICBJbnRQdHIgaE9iamVjdCk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBTYWZlV2FpdEhhbmRsZSBHZXRDdXJyZW50UHJvY2VzcygpOwoKICAgICAgICBbRGxsSW1wb3J0KCJhZHZhcGkzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBpbnRlcm5hbCBzdGF0aWMgZXh0ZXJuIGJvb2wgR2V0VG9rZW5JbmZvcm1hdGlvbigKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBVSW50MzIgVG9rZW5JbmZvcm1hdGlvbkNsYXNzLAogICAgICAgICAgICBJbnRQdHIgVG9rZW5JbmZvcm1hdGlvbiwKICAgICAgICAgICAgVUludDMyIFRva2VuSW5mb3JtYXRpb25MZW5ndGgsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZU5hbWUoCiAgICAgICAgICAgIHN0cmluZyBscFN5c3RlbU5hbWUsCiAgICAgICAgICAgIHJlZiBOYXRpdmVIZWxwZXJzLkxVSUQgbHBMdWlkLAogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGxwTmFtZSwKICAgICAgICAgICAgcmVmIFVJbnQzMiBjY2hOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZVZhbHVlKAogICAgICAgICAgICBzdHJpbmcgbHBTeXN0ZW1OYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBOYW1lLAogICAgICAgICAgICBvdXQgTmF0aXZlSGVscGVycy5MVUlEIGxwTHVpZCk7CgogICAgICAgIFtEbGxJbXBvcnQoImFkdmFwaTMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIGludGVybmFsIHN0YXRpYyBleHRlcm4gYm9vbCBPcGVuUHJvY2Vzc1Rva2VuKAogICAgICAgICAgICBTYWZlSGFuZGxlIFByb2Nlc3NIYW5kbGUsCiAgICAgICAgICAgIFRva2VuQWNjZXNzTGV2ZWxzIERlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIG91dCBJbnRQdHIgVG9rZW5IYW5kbGUpOwogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KICAgICAgICBwdWJsaWMgV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQogICAgICAgIHB1YmxpYyBvdmVycmlkZSBzdHJpbmcgTWVzc2FnZSB7IGdldCB7IHJldHVybiBfbXNnOyB9IH0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4cGxpY2l0IG9wZXJhdG9yIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgV2luMzJFeGNlcHRpb24obWVzc2FnZSk7IH0KICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgUHJpdmlsZWdlcwogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIHJlYWRvbmx5IFVJbnQzMiBUT0tFTl9QUklWSUxFR0VTID0gMzsKCgogICAgICAgIHB1YmxpYyBzdGF0aWMgYm9vbCBDaGVja1ByaXZpbGVnZU5hbWUoc3RyaW5nIG5hbWUpCiAgICAgICAgewogICAgICAgICAgICBOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZDsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIG5hbWUsIG91dCBsdWlkKSkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICBpZiAoZXJyQ29kZSAhPSAxMzEzKSAgLy8gRVJST1JfTk9fU1VDSF9QUklWSUxFR0UKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oZXJyQ29kZSwgU3RyaW5nLkZvcm1hdCgiTG9va3VwUHJpdmlsZWdlVmFsdWUoezB9KSBmYWlsZWQiLCBuYW1lKSk7CiAgICAgICAgICAgICAgICByZXR1cm4gZmFsc2U7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZWxzZQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICByZXR1cm4gdHJ1ZTsKICAgICAgICAgICAgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IERpc2FibGVQcml2aWxlZ2UoU2FmZUhhbmRsZSB0b2tlbiwgc3RyaW5nIHByaXZpbGVnZSkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgZmFsc2UgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBEaXNhYmxlQWxsUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuKQogICAgICAgIHsKICAgICAgICAgICAgcmV0dXJuIEFkanVzdFRva2VuUHJpdmlsZWdlcyh0b2tlbiwgbnVsbCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIERpY3Rpb25hcnk8c3RyaW5nLCBib29sPz4gRW5hYmxlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICByZXR1cm4gU2V0VG9rZW5Qcml2aWxlZ2VzKHRva2VuLCBuZXcgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PigpIHsgeyBwcml2aWxlZ2UsIHRydWUgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlv ScriptBlock ID: 7493d4b3-2271-4b28-b40b-054333441cca Path:	4104	1		3	2	15	0	1877	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4452	1672	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:08 PM	7f70462d-725d-0004-ea6b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1876	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4452	3896	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:08 PM	7f70462d-725d-0003-8a92-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4452 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1875	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4452	2560	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:07 PM	7f70462d-725d-0003-8a92-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1874	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4452	3896	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:07 PM	7f70462d-725d-0003-8a92-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1873	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	740	4132	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:06 PM	7f70462d-725d-0002-2892-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 740 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1872	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	740	3564	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:06 PM	7f70462d-725d-0002-2892-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1871	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	740	4132	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:06 PM	7f70462d-725d-0002-2892-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 7194d006-b912-4738-b3a0-59964e9b2cd7 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 65b7bbd7-5822-4842-8eb7-f324a47d44f0 Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = HV-CINDER-79963\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1870	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	772	4264	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:06 PM	7f70462d-725d-0003-7b92-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 47a6ccd4-c66a-4570-aaef-e7d297bbc952 Path:	4104	1		3	2	15	0	1869	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	772	1384	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:05 PM	7f70462d-725d-0001-cb55-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 673bfd2b-88be-40c3-b7ed-5a50526a5048 Path:	4104	1		3	2	15	0	1868	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	772	1384	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:05 PM	7f70462d-725d-0001-c455-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 7169b552-6a3b-4a02-855b-bee74ac32928 Path:	4104	1		3	2	15	0	1867	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	772	1384	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:05 PM	7f70462d-725d-0001-b555-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): zovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "Get-Service cinder-backup | %{$_.Status}", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 9568f6a6-fa8d-411b-bdae-1d58d406ed21 Path:	4104	1		3	2	15	0	1866	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	772	1384	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:05 PM	7f70462d-725d-0001-af55-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): 0XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwc ScriptBlock ID: 9568f6a6-fa8d-411b-bdae-1d58d406ed21 Path:	4104	1		3	2	15	0	1865	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	772	1384	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:05 PM	7f70462d-725d-0001-af55-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): Agc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW5 ScriptBlock ID: 9568f6a6-fa8d-411b-bdae-1d58d406ed21 Path:	4104	1		3	2	15	0	1864	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	772	1384	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:05 PM	7f70462d-725d-0001-af55-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgIC ScriptBlock ID: 9568f6a6-fa8d-411b-bdae-1d58d406ed21 Path:	4104	1		3	2	15	0	1863	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	772	1384	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:05 PM	7f70462d-725d-0001-af55-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1862	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	772	4812	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:05 PM	7f70462d-725d-0003-6892-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 772 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1861	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	772	4064	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:05 PM	7f70462d-725d-0003-6892-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1860	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	772	4812	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:05 PM	7f70462d-725d-0003-6892-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.Linq; using System.Runtime.InteropServices; using System.Security.Principal; using System.Text; namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 287df248-748b-45eb-9125-5f0a8cf374dc Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 5dc4ec4a-9cc6-4463-b055-9ddd1002e852 Pipeline ID = 8 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 36 User = HV-CINDER-79963\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1859	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5080	3676	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:04 PM	7f70462d-725d-0002-1b92-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 287df248-748b-45eb-9125-5f0a8cf374dc Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 5dc4ec4a-9cc6-4463-b055-9ddd1002e852 Pipeline ID = 8 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = HV-CINDER-79963\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1858	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5080	3676	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:04 PM	7f70462d-725d-0002-1792-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 145fab12-1c32-4de1-811d-6c8c8b0b7a59 Path:	4104	1		3	2	15	0	1857	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5080	5024	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:03 PM	7f70462d-725d-0005-e859-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } } '@ Function Import-PrivilegeUtil { <# .SYNOPSIS Compiles the C# code that can be used to manage Windows privileges from an Ansible module. Once this function is called, the following PowerShell cmdlets can be used; Get-AnsiblePrivilege Set-AnsiblePrivilege The above cmdlets give the ability to manage permissions on the current process token but the underlying .NET classes are also exposed for greater control. The following functions can be used by calling the .NET class [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($name) [Ansible.PrivilegeUtil.Privileges]::DisablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::DisableAllPrivileges($process) [Ansible.PrivilegeUtil.Privileges]::EnablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process) [Ansible.PrivilegeUtil.Privileges]::RemovePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process, $new_state) Here is a brief explanation of each type of arg $process = The process handle to manipulate, use '[Ansible.PrivilegeUtils.Privileges]::GetCurrentProcess()' to get the current process handle $name = The name of the privilege, this is the constant value from https://docs.microsoft.com/en-us/windows/desktop/SecAuthZ/privilege-constants, e.g. SeAuditPrivilege $new_state = 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' The key is the constant name as a string, the value is a ternary boolean where true - will enable the privilege false - will disable the privilege null - will remove the privilege Each method that changes the privilege state will return a dictionary that can be used as the $new_state arg of SetTokenPrivileges to undo and revert back to the original state. If you remove a privilege then this is irreversible and won't be part of the returned dict #> [CmdletBinding()] # build the C# code to compile $namespace_import = ($ansible_privilege_util_namespaces | ForEach-Object { "using $_;" }) -join "`r`n" $platform_util = "$namespace_import`r`n`r`n$ansible_privilege_util_code" # FUTURE: find a better way to get the _ansible_remote_tmp variable # this is used to force csc to compile the C# code in the remote tmp # specified $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $platform_util $env:TMP = $original_tmp } Function Get-AnsiblePrivilege { <# .SYNOPSIS Get the status of a privilege for the current process. This returns $true - the privilege is enabled $false - the privilege is disabled $null - the privilege is removed from the token If Name is not a valid privilege name, this will throw an ArgumentException. .EXAMPLE Get-AnsiblePrivilege -Name SeDebugPrivilege #> [CmdletBinding()] param( [Parameter(Mandatory=$true)][String]$Name ) if (-not [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($Name)) { throw [System.ArgumentException] "Invalid privilege name '$Name'" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() $privilege_info = [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process_token) if ($privilege_info.ContainsKey($Name)) { $status = $privilege_info.$Name return $status.HasFlag([Ansible.PrivilegeUtil.PrivilegeAttributes]::Enabled) } else { return $null } } Function Set-AnsiblePrivilege { <# .SYNOPSIS Enables/Disables a privilege on the current process' token. If a privilege has been removed from the process token, this will throw an InvalidOperationException. .EXAMPLE # enable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $true # disable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $false #> [CmdletBinding(SupportsShouldProcess)] param( [Parameter(Mandatory=$true)][String]$Name, [Parameter(Mandatory=$true)][bool]$Value ) $action = switch($Value) { $true { "Enable" } $false { "Disable" } } $current_state = Get-AnsiblePrivilege -Name $Name if ($current_state -eq $Value) { return # no change needs to occur } elseif ($null -eq $current_state) { # once a privilege is removed from a token we cannot do anything with it throw [System.InvalidOperationException] "Cannot $($action.ToLower()) the privilege '$Name' as it has been removed from the token" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() if ($PSCmdlet.ShouldProcess($Name, "$action the privilege $Name")) { $new_state = New-Object -TypeName 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' $new_state.Add($Name, $Value) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process_token, $new_state) > $null } } Export-ModuleMember -Function Import-PrivilegeUtil, Get-AnsiblePrivilege, Set-AnsiblePrivilege ` -Variable ansible_privilege_util_namespaces, ansible_privilege_util_code ScriptBlock ID: e8575504-235a-44e6-af22-33d7a5615b4c Path:	4104	1		3	2	15	0	1856	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5080	5024	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:03 PM	7f70462d-725d-0005-e459-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): # Copyright (c) 2018 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) # store in separate variables to make it easier for other module_utils to # share this code in their own c# code $ansible_privilege_util_namespaces = @( "Microsoft.Win32.SafeHandles", "System", "System.Collections.Generic", "System.Linq", "System.Runtime.InteropServices", "System.Security.Principal", "System.Text" ) $ansible_privilege_util_code = @' namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { ScriptBlock ID: e8575504-235a-44e6-af22-33d7a5615b4c Path:	4104	1		3	2	15	0	1855	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5080	5024	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:03 PM	7f70462d-725d-0005-e459-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) #Requires -Module Ansible.ModuleUtils.PrivilegeUtil Function Load-LinkUtils() { $link_util = @' using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } } '@ # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $link_util $env:TMP = $original_tmp Import-PrivilegeUtil # enable the SeBackupPrivilege if it is disabled $state = Get-AnsiblePrivilege -Name SeBackupPrivilege if ($state -eq $false) { Set-AnsiblePrivilege -Name SeBackupPrivilege -Value $true } } Function Get-Link($link_path) { $link_info = [Ansible.LinkUtil]::GetLinkInfo($link_path) return $link_info } Function Remove-Link($link_path) { [Ansible.LinkUtil]::DeleteLink($link_path) } Function New-Link($link_path, $link_target, $link_type) { if (-not (Test-Path -Path $link_target)) { throw "link_target '$link_target' does not exist, cannot create link" } switch($link_type) { "link" { $type = [Ansible.LinkType]::SymbolicLink } "junction" { if (Test-Path -Path $link_target -PathType Leaf) { throw "cannot set the target for a junction point to a file" } $type = [Ansible.LinkType]::JunctionPoint } "hard" { if (Test-Path -Path $link_target -PathType Container) { throw "cannot set the target for a hard link to a directory" } $type = [Ansible.LinkType]::HardLink } default { throw "invalid link_type option $($link_type): expecting link, junction, hard" } } [Ansible.LinkUtil]::CreateLink($link_path, $link_target, $type) } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 0d972d05-70ba-4aa5-a318-975f2f6ef27b Path:	4104	1		3	2	15	0	1854	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5080	5024	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:03 PM	7f70462d-725d-0005-e059-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 7c944a4f-e81e-4fea-9649-fa4583566685 Path:	4104	1		3	2	15	0	1853	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5080	5024	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:03 PM	7f70462d-725d-0005-d159-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 5): 1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5GaWxlVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxpbmtVdGlsCgpmdW5jdGlvbiBEYXRlVG8tVGltZXN0YW1wKCRzdGFydF9kYXRlLCAkZW5kX2RhdGUpIHsKICAgIGlmICgkc3RhcnRfZGF0ZSAtYW5kICRlbmRfZGF0ZSkgewogICAgICAgIHJldHVybiAoTmV3LVRpbWVTcGFuIC1TdGFydCAkc3RhcnRfZGF0ZSAtRW5kICRlbmRfZGF0ZSkuVG90YWxTZWNvbmRzCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokcGF0aCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJwYXRoIiAtdHlwZSAicGF0aCIgLWZhaWxpZmVtcHR5ICR0cnVlIC1hbGlhc2VzICJkZXN0IiwibmFtZSIKJGdldF9tZDUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZ2V0X21kNSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQokZ2V0X2NoZWNrc3VtID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgImdldF9jaGVja3N1bSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCiRjaGVja3N1bV9hbGdvcml0aG0gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hlY2tzdW1fYWxnb3JpdGhtIiAtdHlwZSAic3RyIiAtZGVmYXVsdCAic2hhMSIgLXZhbGlkYXRlc2V0ICJtZDUiLCJzaGExIiwic2hhMjU2Iiwic2hhMzg0Iiwic2hhNTEyIgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCiAgICBzdGF0ID0gQHsKICAgICAgICBleGlzdHMgPSAkZmFsc2UKICAgIH0KfQoKIyBnZXRfbWQ1IHdpbGwgYmUgYW4gdW5kb2N1bWVudGVkIG9wdGlvbiBpbiAyLjkgdG8gYmUgcmVtb3ZlZCBhdCBhIGxhdGVyCiMgZGF0ZSBpZiBwb3NzaWJsZSAoMy4wKykKaWYgKEdldC1NZW1iZXIgLWlucHV0b2JqZWN0ICRwYXJhbXMgLW5hbWUgImdldF9tZDUiKSB7CiAgICBBZGQtRGVwcmVhY3Rpb25XYXJuaW5nIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiZ2V0X21kNSBoYXMgYmVlbiBkZXByZWNhdGVkIGFsb25nIHdpdGggdGhlIG1kNSByZXR1cm4gdmFsdWUsIHVzZSBnZXRfY2hlY2tzdW09VHJ1ZSBhbmQgY2hlY2tzdW1fYWxnb3JpdGhtPW1kNSBpbnN0ZWFkIiAtdmVyc2lvbiAyLjkKfQoKJGluZm8gPSBHZXQtQW5zaWJsZUl0ZW0gLVBhdGggJHBhdGggLUVycm9yQWN0aW9uIFNpbGVudGx5Q29udGludWUKSWYgKCRpbmZvIC1uZSAkbnVsbCkgewogICAgJGVwb2NoX2RhdGUgPSBHZXQtRGF0ZSAtRGF0ZSAiMDEvMDEvMTk3MCIKICAgICRhdHRyaWJ1dGVzID0gQCgpCiAgICBmb3JlYWNoICgkYXR0cmlidXRlIGluICgkaW5mby5BdHRyaWJ1dGVzIC1zcGxpdCAnLCcpKSB7CiAgICAgICAgJGF0dHJpYnV0ZXMgKz0gJGF0dHJpYnV0ZS5UcmltKCkKICAgIH0KCiAgICAjIGRlZmF1bHQgdmFsdWVzIHRoYXQgYXJlIGFsd2F5cyBzZXQsIHNwZWNpZmljIHZhbHVlcyBhcmUgc2V0IGJlbG93IHRoaXMKICAgICMgYnV0IGFyZSBrZXB0IGNvbW1lbnRlZCBmb3IgZWFzaWVyIHJlYWRhYmlsaXR5CiAgICAkc3RhdCA9IEB7CiAgICAgICAgZXhpc3RzID0gJHRydWUKICAgICAgICBhdHRyaWJ1dGVzID0gJGluZm8uQXR0cmlidXRlcy5Ub1N0cmluZygpCiAgICAgICAgaXNhcmNoaXZlID0gKCRhdHRyaWJ1dGVzIC1jb250YWlucyAiQXJjaGl2ZSIpCiAgICAgICAgaXNkaXIgPSAkZmFsc2UKICAgICAgICBpc2hpZGRlbiA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIkhpZGRlbiIpCiAgICAgICAgaXNqdW5jdGlvbiA9ICRmYWxzZQogICAgICAgIGlzbG5rID0gJGZhbHNlCiAgICAgICAgaXNyZWFkb25seSA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIlJlYWRPbmx5IikKICAgICAgICBpc3JlZyA9ICRmYWxzZQogICAgICAgIGlzc2hhcmVkID0gJGZhbHNlCiAgICAgICAgbmxpbmsgPSAxICAjIE51bWJlciBvZiBsaW5rcyB0byB0aGUgZmlsZSAoaGFyZCBsaW5rcyksIG92ZXJyaWRlbiBiZWxvdyBpZiBpc2xuawogICAgICAgICMgbG5rX3RhcmdldCA9IGlzbG5rIG9yIGlzanVuY3Rpb24gVGFyZ2V0IG9mIHRoZSBzeW1saW5rLiBOb3RlIHRoYXQgcmVsYXRpdmUgcGF0aHMgcmVtYWluIHJlbGF0aXZlCiAgICAgICAgIyBsbmtfc291cmNlID0gaXNsbmsgb3MgaXNqdW5jdGlvbiBUYXJnZXQgb2YgdGhlIHN5bWxpbmsgbm9ybWFsaXplZCBmb3IgdGhlIHJlbW90ZSBmaWxlc3lzdGVtCiAgICAgICAgaGxua190YXJnZXRzID0gQCgpCiAgICAgICAgY3JlYXRpb250aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkNyZWF0aW9uVGltZSkKICAgICAgICBsYXN0YWNjZXNzdGltZSA9IChEYXRlVG8tVGltZXN0YW1wIC1zdGFydF9kYXRlICRlcG9jaF9kYXRlIC1lbmRfZGF0ZSAkaW5mby5MYXN0QWNjZXNzVGltZSkKICAgICAgICBsYXN0d3JpdGV0aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkxhc3RXcml0ZVRpbWUpCiAgICAgICAgIyBzaXplID0gYSBmaWxlIGFuZCBkaXJlY3RvcnkgLSBjYWxjdWxhdGVkIGJlbG93CiAgICAgICAgcGF0aCA9ICRpbmZvLkZ1bGxOYW1lCiAgICAgICAgZmlsZW5hbWUgPSAkaW5mby5OYW1lCiAgICAgICAgIyBleHRlbnNpb24gPSBhIGZpbGUKICAgICAgICAjIG93bmVyID0gc2V0IG91dHNpdGUgdGhpcyBkaWN0IGluIGNhc2UgaXQgZmFpbHMKICAgICAgICAjIHNoYXJlbmFtZSA9IGEgZGlyZWN0b3J5IGFuZCBpc3NoYXJlZCBpcyBUcnVlCiAgICAgICAgIyBjaGVja3N1bSA9IGEgZmlsZSBhbmQgZ2V0X2NoZWNrc3VtOiBUcnVlCiAgICAgICAgIyBtZDUgPSBhIGZpbGUgYW5kIGdldF9tZDU6IFRydWUKICAgIH0KICAgICRzdGF0Lm93bmVyID0gJGluZm8uR2V0QWNjZXNzQ29udHJvbCgpLk93bmVyCgogICAgIyB2YWx1ZXMgdGhhdCBhcmUgc2V0IGFjY29yZGluZyB0byB0aGUgdHlwZSBvZiBmaWxlCiAgICBpZiAoJGluZm8uQXR0cmlidXRlcy5IYXNGbGFnKFtTeXN0ZW0uSU8uRmlsZUF0dHJpYnV0ZXNdOjpEaXJlY3RvcnkpKSB7CiAgICAgICAgJHN0YXQuaXNkaXIgPSAkdHJ1ZQogICAgICAgICRzaGFyZV9pbmZvID0gR2V0LVdtaU9iamVjdCAtQ2xhc3MgV2luMzJfU2hhcmUgLUZpbHRlciAiUGF0aD0nJCgkc3RhdC5wYXRoIC1yZXBsYWNlICdcXCcsICdcXCcpJyIKICAgICAgICBpZiAoJHNoYXJlX2luZm8gLW5lICRudWxsKSB7CiAgICAgICAgICAgICRzdGF0Lmlzc2hhcmVkID0gJHRydWUKICAgICAgICAgICAgJHN0YXQuc2hhcmVuYW1lID0gJHNoYXJlX2luZm8uTmFtZQogICAgICAgIH0KCiAgICAgICAgdHJ5IHsKICAgICAgICAgICAgJHNpemUgPSAwCiAgICAgICAgICAgIGZvcmVhY2ggKCRmaWxlIGluICRpbmZvLkVudW1lcmF0ZUZpbGVzKCIqIiwgW1N5c3RlbS5JTy5TZWFyY2hPcHRpb25dOjpBbGxEaXJlY3RvcmllcykpIHsKICAgICAgICAgICAgICAgICRzaXplICs9ICRmaWxlLkxlbmd0aAogICAgICAgICAgICB9CiAgICAgICAgICAgICRzdGF0LnNpemUgPSAkc2l6ZQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICAkc3RhdC5zaXplID0gMAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHN0YXQuZXh0ZW5zaW9uID0gJGluZm8uRXh0ZW5zaW9uCiAgICAgICAgJHN0YXQuaXNyZWcgPSAkdHJ1ZQogICAgICAgICRzdGF0LnNpemUgPSAkaW5mby5MZW5ndGgKCiAgICAgICAgaWYgKCRnZXRfbWQ1KSB7CiAgICAgICAgICAgIHRyeSB7CiAgICAgICAgICAgICAgICAkc3RhdC5tZDUgPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gIm1kNSIKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJmYWlsZWQgdG8gZ2V0IE1ENSBoYXNoIG9mIGZpbGUsIHJlbW92ZSBnZXRfbWQ1IHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICBpZiAoJGdldF9jaGVja3N1bSkgewogICAgICAgICAgICB0cnkgewogICAgICAgICAgICAgICAgJHN0YXQuY2hlY2tzdW0gPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gJGNoZWNrc3VtX2FsZ29yaXRobQogICAgICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImZhaWxlZCB0byBnZXQgaGFzaCBvZiBmaWxlLCBzZXQgZ2V0X2NoZWNrc3VtIHRvIEZhbHNlIHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KCiAgICAjIEdldCBzeW1ib2xpYyBsaW5rLCBqdW5jdGlvbiBwb2ludCwgaGFyZCBsaW5rIGluZm8KICAgIExvYWQtTGlua1V0aWxzCiAgICB0cnkgewogICAgICAgICRsaW5rX2luZm8gPSBHZXQtTGluayAtbGlua19wYXRoICRpbmZvLkZ1bGxOYW1lCiAgICB9IGNhdGNoIHsKICAgICAgICBBZGQtV2FybmluZyAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBjaGVjay9nZXQgbGluayBpbmZvIGZvciBmaWxlOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgIH0KICAgIGlmICgkbGlua19pbmZvIC1uZSAkbnVsbCkgewogICAgICAgIHN3aXRjaCAoJGxpbmtfaW5mby5UeXBlKSB7CiAgICAgICAgICAgICJTeW1ib2xpY0xpbmsiIHsKICAgICAgICAgICAgICAgICRzdGF0LmlzbG5rID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJKdW5jdGlvblBvaW50IiB7CiAgICAgICAgICAgICAgICAkc3RhdC5pc2p1bmN0aW9uID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJIYXJkTGluayIgewogICAgICAgICAgICAgICAgJHN0YXQubG5rX3R5cGUgPSAiaGFyZCIKICAgICAgICAgICAgICAgICRzdGF0Lm5saW5rID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cy5Db3VudAoKICAgICAgICAgICAgICAgICMgcmVtb3ZlIGN1cnJlbnQgcGF0aCBmcm9tIHRoZSB0YXJnZXRzCiAgICAgICAgICAgICAgICAkaGxua190YXJnZXRzID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cyB8IFdoZXJlLU9iamVjdCB7ICRfIC1uZSAkc3RhdC5wYXRoIH0KICAgICAgICAgICAgICAgICRzdGF0LmhsbmtfdGFyZ2V0cyA9IEAoJGhsbmtfdGFyZ2V0cykKICAgICAgICAgICAgICAgIGJyZWFrCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9CgogICAgJHJlc3VsdC5zdGF0ID0gJHN0YXQKfQoKRXhpdC1Kc29uICRyZXN1bHQK", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_stat", "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_check_mode": false, "get_checksum": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "path": "c:\\openstack\\log\\cinder-backup.log", "get_md5": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: a405e001-45e2-4120-95fa-6ee3bc7d3e32 Path:	4104	1		3	2	15	0	1852	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5080	5024	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:03 PM	7f70462d-725d-0001-9455-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 5): nNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ ScriptBlock ID: a405e001-45e2-4120-95fa-6ee3bc7d3e32 Path:	4104	1		3	2	15	0	1851	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5080	5024	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:03 PM	7f70462d-725d-0001-9455-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 5): AogICAgICAgICAgICBvdXQgVUludDMyIGxwQnl0ZXNSZXR1cm5lZCwKICAgICAgICAgICAgSW50UHRyIGxwT3ZlcmxhcHBlZCk7CgogICAgICAgIC8vIFVzZWQgYnkgQ3JlYXRlSnVuY3Rpb25Qb2ludCgpCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIGJvb2wgRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICBTYWZlRmlsZUhhbmRsZSBoRGV2aWNlLAogICAgICAgICAgICBVSW50MzIgZHdJb0NvbnRyb2xDb2RlLAogICAgICAgICAgICBSRVBBUlNFX0RBVEFfQlVGRkVSIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBJbnRQdHIgbHBPdXRCdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuT3V0QnVmZmVyU2l6ZSwKICAgICAgICAgICAgb3V0IFVJbnQzMiBscEJ5dGVzUmV0dXJuZWQsCiAgICAgICAgICAgIEludFB0ciBscE92ZXJsYXBwZWQpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBHZXRWb2x1bWVQYXRoTmFtZSgKICAgICAgICAgICAgc3RyaW5nIGxwc3pGaWxlTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscHN6Vm9sdW1lUGF0aE5hbWUsCiAgICAgICAgICAgIHJlZiBVSW50MzIgY2NoQnVmZmVyTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIEludFB0ciBGaW5kRmlyc3RGaWxlTmFtZVcoCiAgICAgICAgICAgIHN0cmluZyBscEZpbGVOYW1lLAogICAgICAgICAgICBVSW50MzIgZHdGbGFncywKICAgICAgICAgICAgcmVmIFVJbnQzMiBTdHJpbmdMZW5ndGgsCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgTGlua05hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBGaW5kTmV4dEZpbGVOYW1lVygKICAgICAgICAgICAgSW50UHRyIGhGaW5kU3RyZWFtLAogICAgICAgICAgICByZWYgVUludDMyIFN0cmluZ0xlbmd0aCwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBMaW5rTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEZpbmRDbG9zZSgKICAgICAgICAgICAgSW50UHRyIGhGaW5kRmlsZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeSgKICAgICAgICAgICAgc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBEZWxldGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIENyZWF0ZVN5bWJvbGljTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwU3ltbGlua0ZpbGVOYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBUYXJnZXRGaWxlTmFtZSwKICAgICAgICAgICAgVUludDMyIGR3RmxhZ3MpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVIYXJkTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwRmlsZU5hbWUsCiAgICAgICAgICAgIHN0cmluZyBscEV4aXN0aW5nRmlsZU5hbWUsCiAgICAgICAgICAgIEludFB0ciBscFNlY3VyaXR5QXR0cmlidXRlcyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgTGlua0luZm8gR2V0TGlua0luZm8oc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rUGF0aCk7CiAgICAgICAgICAgIGlmIChhdHRyLkhhc0ZsYWcoRmlsZUF0dHJpYnV0ZXMuUmVwYXJzZVBvaW50KSkKICAgICAgICAgICAgICAgIHJldHVybiBHZXRSZXBhcnNlUG9pbnRJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIGlmICghYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICByZXR1cm4gR2V0SGFyZExpbmtJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIHJldHVybiBudWxsOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUxpbmsoc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgYm9vbCBzdWNjZXNzOwogICAgICAgICAgICBGaWxlQXR0cmlidXRlcyBhdHRyID0gRmlsZS5HZXRBdHRyaWJ1dGVzKGxpbmtQYXRoKTsKICAgICAgICAgICAgaWYgKGF0dHIuSGFzRmxhZyhGaWxlQXR0cmlidXRlcy5EaXJlY3RvcnkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzdWNjZXNzID0gUmVtb3ZlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIHN1Y2Nlc3MgPSBEZWxldGVGaWxlKGxpbmtQYXRoKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgaWYgKCFzdWNjZXNzKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRmFpbGVkIHRvIGRlbGV0ZSBsaW5rIGF0IHswfSIsIGxpbmtQYXRoKSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgQ3JlYXRlTGluayhzdHJpbmcgbGlua1BhdGgsIFN0cmluZyBsaW5rVGFyZ2V0LCBMaW5rVHlwZSBsaW5rVHlwZSkKICAgICAgICB7CiAgICAgICAgICAgIHN3aXRjaCAobGlua1R5cGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGNhc2UgTGlua1R5cGUuU3ltYm9saWNMaW5rOgogICAgICAgICAgICAgICAgICAgIFVJbnQzMiBsaW5rRmxhZ3M7CiAgICAgICAgICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rVGFyZ2V0KTsKICAgICAgICAgICAgICAgICAgICBpZiAoYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICAgICAgICAgIGxpbmtGbGFncyA9IFNZTUJPTElDX0xJTktfRkxBR19ESVJFQ1RPUlk7CiAgICAgICAgICAgICAgICAgICAgZWxzZQogICAgICAgICAgICAgICAgICAgICAgICBsaW5rRmxhZ3MgPSBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRTsKCiAgICAgICAgICAgICAgICAgICAgaWYgKCFDcmVhdGVTeW1ib2xpY0xpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIGxpbmtGbGFncykpCiAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZVN5bWJvbGljTGluayh7MH0sIHsxfSwgezJ9KSBmYWlsZWQiLCBsaW5rUGF0aCwgbGlua1RhcmdldCwgbGlua0ZsYWdzKSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkp1bmN0aW9uUG9pbnQ6CiAgICAgICAgICAgICAgICAgICAgQ3JlYXRlSnVuY3Rpb25Qb2ludChsaW5rUGF0aCwgbGlua1RhcmdldCk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkhhcmRMaW5rOgogICAgICAgICAgICAgICAgICAgIGlmICghQ3JlYXRlSGFyZExpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlSGFyZExpbmsoezB9LCB7MX0pIGZhaWxlZCIsIGxpbmtQYXRoLCBsaW5rVGFyZ2V0KSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgIH0KICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIExpbmtJbmZvIEdldEhhcmRMaW5rSW5mbyhzdHJpbmcgbGlua1BhdGgpCiAgICAgICAgewogICAgICAgICAgICBVSW50MzIgbWF4UGF0aCA9IDI2MDsKICAgICAgICAgICAgTGlzdDxzdHJpbmc+IHJlc3VsdCA9IG5ldyBMaXN0PHN0cmluZz4oKTsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgc2IgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KW1heFBhdGgpOwogICAgICAgICAgICBVSW50MzIgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgaWYgKCFHZXRWb2x1bWVQYXRoTmFtZShsaW5rUGF0aCwgc2IsIHJlZiBzdHJpbmdMZW5ndGgpKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oIkdldFZvbHVtZVBhdGhOYW1lKCkgZmFpbGVkIik7CiAgICAgICAgICAgIHN0cmluZyB2b2x1bWUgPSBzYi5Ub1N0cmluZygpOwoKICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgSW50UHRyIGZpbmRIYW5kbGUgPSBGaW5kRmlyc3RGaWxlTmFtZVcobGlua1BhdGgsIDAsIHJlZiBzdHJpbmdMZW5ndGgsIHNiKTsKICAgICAgICAgICAgaWYgKGZpbmRIYW5kbGUuVG9JbnQ2NCgpICE9IElOVkFMSURfSEFORExFX1ZBTFVFKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBkbwogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nIGhhcmRMaW5rUGF0aCA9IHNiLlRvU3RyaW5nKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChoYXJkTGlua1BhdGguU3RhcnRzV2l0aCgiXFwiKSkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIGhhcmRMaW5rUGF0aCA9IGhhcmRMaW5rUGF0aC5TdWJzdHJpbmcoMSwgaGFyZExpbmtQYXRoLkxlbmd0aCAtIDEpOwoKICAgICAgICAgICAgICAgICAgICAgICAgcmVzdWx0LkFkZChQYXRoLkNvbWJpbmUodm9sdW1lLCBoYXJkTGlua1BhdGgpKTsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKCiAgICAgICAgICAgICAgICAgICAgfSB3aGlsZSAoRmluZE5leHRGaWxlTmFtZVcoZmluZEhhbmRsZSwgcmVmIHN0cmluZ0xlbmd0aCwgc2IpKTsKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBGaW5kQ2xvc2UoZmluZEhhbmRsZSk7CiAgICAgICAgICAgICAgICB9ICAgICAgICAgICAgICAgIAogICAgICAgICAgICB9CgogICAgICAgICAgICBpZiAocmVzdWx0LkNvdW50ID4gMSkKICAgICAgICAgICAgICAgIHJldHVybiBuZXcgTGlua0luZm8KICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBUeXBlID0gTGlua1R5cGUuSGFyZExpbmssCiAgICAgICAgICAgICAgICAgICAgSGFyZFRhcmdldHMgPSByZXN1bHQuVG9BcnJheSgpCiAgICAgICAgICAgICAgICB9OwoKICAgICAgICAgICAgcmV0dXJuIG51bGw7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBMaW5rSW5mbyBHZXRSZXBhcnNlUG9pbnRJbmZvKHN0cmluZyBsaW5rUGF0aCkKICAgICAgICB7CiAgICAgICAgICAgIFNhZmVGaWxlSGFuZGxlIGZpbGVIYW5kbGUgPSBDcmVhdGVGaWxlKAogICAgICAgICAgICAgICAgbGlua1BhdGgsCiAgICAgICAgICAgICAgICBGaWxlQWNjZXNzLlJlYWQsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuTm9uZSwKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgRmlsZU1vZGUuT3BlbiwKICAgICAgICAgICAgICAgIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgfCBGSUxFX0ZMQUdfQkFDS1VQX1NFTUFOVElDUywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKTsKCiAgICAgICAgICAgIGlmIChmaWxlSGFuZGxlLklzSW52YWxpZCkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZUZpbGUoezB9KSBmYWlsZWQiLCBsaW5rUGF0aCkpOyAgICAgICAgICAgIAoKICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfR0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICAgICAgMCwKICAgICAgICAgICAgICAgICAgICBvdXQgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIE1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgZm9yIGZpbGUgYXQgezB9IiwgbGlua1BhdGgpKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUuRGlzcG9zZSgpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBib29sIGlzUmVsYXRpdmUgPSBmYWxzZTsKICAgICAgICAgICAgaW50IHBhdGhPZmZzZXQgPSAwOwogICAgICAgICAgICBMaW5rVHlwZSBsaW5rVHlwZTsKICAgICAgICAgICAgaWYgKGJ1ZmZlci5SZXBhcnNlVGFnID09IElPX1JFUEFSU0VfVEFHX1NZTUxJTkspCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFVJbnQzMiBidWZmZXJGbGFncyA9IENvbnZlcnQuVG9VSW50MzIoYnVmZmVyLlBhdGhCdWZmZXJbMF0pICsgQ29udmVydC5Ub1VJbnQzMihidWZmZXIuUGF0aEJ1ZmZlclsxXSk7CiAgICAgICAgICAgICAgICBpZiAoYnVmZmVyRmxhZ3MgPT0gU1lNTElOS19GTEFHX1JFTEFUSVZFKQogICAgICAgICAgICAgICAgICAgIGlzUmVsYXRpdmUgPSB0cnVlOwogICAgICAgICAgICAgICAgcGF0aE9mZnNldCA9IDI7CiAgICAgICAgICAgICAgICBsaW5rVHlwZSA9IExpbmtUeXBlLlN5bWJvbGljTGluazsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlIGlmIChidWZmZXIuUmVwYXJzZVRhZyA9PSBJT19SRVBBUlNFX1RBR19NT1VOVF9QT0lOVCkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgbGlua1R5cGUgPSBMaW5rVHlwZS5KdW5jdGlvblBvaW50OwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIGVycm9yTWVzc2FnZSA9IFN0cmluZy5Gb3JtYXQoIkludmFsaWQgUmVwYXJzZSBUYWc6IHswfSIsIGJ1ZmZlci5SZXBhcnNlVGFnLlRvU3RyaW5nKCkpOwogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEV4Y2VwdGlvbihlcnJvck1lc3NhZ2UpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBzdHJpbmcgcHJpbnROYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlByaW50TmFtZU9mZnNldCAvIFNJWkVfT0ZfV0NIQVIpICsgcGF0aE9mZnNldCwgKGludCkoYnVmZmVyLlByaW50TmFtZUxlbmd0aCAvIFNJWkVfT0ZfV0NIQVIpKTsKICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0IC8gU0laRV9PRl9XQ0hBUikgKyBwYXRoT2Zmc2V0LCAoaW50KShidWZmZXIuU3Vic3RpdHV0ZU5hbWVMZW5ndGggLyBTSVpFX09GX1dDSEFSKSk7CgogICAgICAgICAgICAvLyBUT0RPOiBzaG91bGQgd2UgY2hlY2sgZm9yIFw/XFVOQ1xzZXJ2ZXIgZm9yIGNvbnZlcnQgaXQgdG8gdGhlIE5UIHN0eWxlIFxcc2VydmVyIHBhdGgKICAgICAgICAgICAgLy8gUmVtb3ZlIHRoZSBsZWFkaW5nIFdpbmRvd3Mgb2JqZWN0IGRpcmVjdG9yeSBcP1wgZnJvbSB0aGUgcGF0aCBpZiBwcmVzZW50CiAgICAgICAgICAgIHN0cmluZyB0YXJnZXRQYXRoID0gc3Vic3RpdHV0ZU5hbWU7CiAgICAgICAgICAgIGlmICh0YXJnZXRQYXRoLlN0YXJ0c1dpdGgoIlxcPz9cXCIpKQogICAgICAgICAgICAgICAgdGFyZ2V0UGF0aCA9IHRhcmdldFBhdGguU3Vic3RyaW5nKDQsIHRhcmdldFBhdGguTGVuZ3RoIC0gNCk7CgogICAgICAgICAgICBzdHJpbmcgYWJzb2x1dGVQYXRoID0gdGFyZ2V0UGF0aDsKICAgICAgICAgICAgaWYgKGlzUmVsYXRpdmUpCiAgICAgICAgICAgICAgICBhYnNvbHV0ZVBhdGggPSBQYXRoLkdldEZ1bGxQYXRoKFBhdGguQ29tYmluZShuZXcgRmlsZUluZm8obGlua1BhdGgpLkRpcmVjdG9yeS5GdWxsTmFtZSwgdGFyZ2V0UGF0aCkpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBMaW5rSW5mbwogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBUeXBlID0gbGlua1R5cGUsCiAgICAgICAgICAgICAgICBQcmludE5hbWUgPSBwcmludE5hbWUsCiAgICAgICAgICAgICAgICBTdWJzdGl0dXRlTmFtZSA9IHN1YnN0aXR1dGVOYW1lLAogICAgICAgICAgICAgICAgQWJzb2x1dGVQYXRoID0gYWJzb2x1dGVQYXRoLAogICAgICAgICAgICAgICAgVGFyZ2V0UGF0aCA9IHRhcmdldFBhdGgKICAgICAgICAgICAgfTsKICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIHZvaWQgQ3JlYXRlSnVuY3Rpb25Qb2ludChzdHJpbmcgbGlua1BhdGgsIHN0cmluZyBsaW5rVGFyZ2V0KQogICAgICAgIHsKICAgICAgICAgICAgLy8gV2UgbmVlZCB0byBjcmVhdGUgdGhlIGxpbmsgYXMgYSBkaXIgYmVmb3JlaGFuZAogICAgICAgICAgICBEaXJlY3RvcnkuQ3JlYXRlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgZmlsZUhhbmRsZSA9IENyZWF0ZUZpbGUoCiAgICAgICAgICAgICAgICBsaW5rUGF0aCwKICAgICAgICAgICAgICAgIEZpbGVBY2Nlc3MuV3JpdGUsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuUmVhZCB8IEZpbGVTaGFyZS5Xcml0ZSB8IEZpbGVTaGFyZS5Ob25lLAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICBGaWxlTW9kZS5PcGVuLAogICAgICAgICAgICAgICAgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgfCBGSUxFX0ZMQUdfT1BFTl9SRVBBUlNFX1BPSU5ULAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8pOwoKICAgICAgICAgICAgaWYgKGZpbGVIYW5kbGUuSXNJbnZhbGlkKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlRmlsZSh7MH0pIGZhaWxlZCIsIGxpbmtQYXRoKSk7CgogICAgICAgICAgICB0cnkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gIlxcPz9cXCIgKyBQYXRoLkdldEZ1bGxQYXRoKGxpbmtUYXJnZXQpOwogICAgICAgICAgICAgICAgc3RyaW5nIHByaW50TmFtZSA9IGxpbmtUYXJnZXQ7CgogICAgICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICAgICAgYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0ID0gMDsKICAgICAgICAgICAgICAgIGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCA9IChVSW50MTYpKHN1YnN0aXR1dGVOYW1lLkxlbmd0aCAqIFNJWkVfT0ZfV0NIQVIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZU9mZnNldCA9IChVSW50MTYpKGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCArIDIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZUxlbmd0aCA9IChVSW50MTYpKHByaW50TmFtZS5MZW5ndGggKiBTSVpFX09GX1dDSEFSKTsKCiAgICAgICAgICAgICAgICBidWZmZXIuUmVwYXJzZVRhZyA9IElPX1JFUEFSU0VfVEFHX01PVU5UX1BPSU5UOwogICAgICAgICAgICAgICAgYnVmZmVyLlJlcGFyc2VEYXRhTGVuZ3RoID0gKFVJbnQxNikoYnVmZmVyLlN1YnN0aXR1dGVOYW1lTGVuZ3RoICsgYnVmZmVyLlByaW50TmFtZUxlbmd0aCArIDEyKTsKICAgICAgICAgICAgICAgIGJ1ZmZlci5QYXRoQnVmZmVyID0gbmV3IGNoYXJbTUFYSU1VTV9SRVBBUlNFX0RBVEFfQlVGRkVSX1NJWkVdOwoKICAgICAgICAgICAgICAgIGJ5dGVbXSB1bmljb2RlQnl0ZXMgPSBFbmNvZGluZy5Vbmljb2RlLkdldEJ5dGVzKHN1YnN0aXR1dGVOYW1lICsgIlwwIiArIHByaW50TmFtZSk7CiAgICAgICAgICAgICAgICBjaGFyW10gcGF0aEJ1ZmZlciA9IEVuY29kaW5nLlVuaWNvZGUuR2V0Q2hhcnModW5pY29kZUJ5dGVzKTsKICAgICAgICAgICAgICAgIEFycmF5LkNvcHkocGF0aEJ1ZmZlciwgYnVmZmVyLlBhdGhCdWZmZXIsIHBhdGhCdWZmZXIuTGVuZ3RoKTsKCiAgICAgICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIChVSW50MzIpKGJ1ZmZlci5SZXBhcnNlRGF0YUxlbmd0aCArIDgpLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLCAwLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgdG8gY3JlYXRlIGp1bmN0aW9uIHBvaW50IGF0IHswfSB0byB7MX0iLCBsaW5rUGF0aCwgbGlua1RhcmdldCkpOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZmlsZUhhbmRsZS5EaXNwb3NlKCk7CiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9Cn0KJ0AKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRsaW5rX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKICAgIEltcG9ydC1Qcml2aWxlZ2VVdGlsCiAgICAjIGVuYWJsZSB0aGUgU2VCYWNrdXBQcml2aWxlZ2UgaWYgaXQgaXMgZGlzYWJsZWQKICAgICRzdGF0ZSA9IEdldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQmFja3VwUHJpdmlsZWdlCiAgICBpZiAoJHN0YXRlIC1lcSAkZmFsc2UpIHsKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZSAtTmFtZSBTZUJhY2t1cFByaXZpbGVnZSAtVmFsdWUgJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUxpbmsoJGxpbmtfcGF0aCkgewogICAgJGxpbmtfaW5mbyA9IFtBbnNpYmxlLkxpbmtVdGlsXTo6R2V0TGlua0luZm8oJGxpbmtfcGF0aCkKICAgIHJldHVybiAkbGlua19pbmZvCn0KCkZ1bmN0aW9uIFJlbW92ZS1MaW5rKCRsaW5rX3BhdGgpIHsKICAgIFtBbnNpYmxlLkxpbmtVdGlsXTo6RGVsZXRlTGluaygkbGlua19wYXRoKQp9CgpGdW5jdGlvbiBOZXctTGluaygkbGlua19wYXRoLCAkbGlua190YXJnZXQsICRsaW5rX3R5cGUpIHsKICAgIGlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0KSkgewogICAgICAgIHRocm93ICJsaW5rX3RhcmdldCAnJGxpbmtfdGFyZ2V0JyBkb2VzIG5vdCBleGlzdCwgY2Fubm90IGNyZWF0ZSBsaW5rIgogICAgfQogICAgCiAgICBzd2l0Y2goJGxpbmtfdHlwZSkgewogICAgICAgICJsaW5rIiB7CiAgICAgICAgICAgICR0eXBlID0gW0Fuc2libGUuTGlua1R5cGVdOjpTeW1ib2xpY0xpbmsKICAgICAgICB9CiAgICAgICAgImp1bmN0aW9uIiB7CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGp1bmN0aW9uIHBvaW50IHRvIGEgZmlsZSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SnVuY3Rpb25Qb2ludAogICAgICAgIH0KICAgICAgICAiaGFyZCIgewogICAgICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRsaW5rX3RhcmdldCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGhhcmQgbGluayB0byBhIGRpcmVjdG9yeSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SGFyZExpbmsKICAgICAgICB9CiAgICAgICAgZGVmYXVsdCB7IHRocm93ICJpbnZhbGlkIGxpbmtfdHlwZSBvcHRpb24gJCgkbGlua190eXBlKTogZXhwZWN0aW5nIGxpbmssIGp1bmN0aW9uLCBoYXJkIiB9CiAgICB9CiAgICBbQW5zaWJsZS5MaW5rVXRpbF06OkNyZWF0ZUxpbmsoJGxpbmtfcGF0aCwgJGxpbmtfdGFyZ2V0LCAkdHlwZSkKfQoKIyB0aGlzIGxpbmUgbXVzdCBzdGF5IGF0IHRoZSBib3R0b20gdG8gZW5zdXJlIGFsbCBkZWZpbmVkIG1vZHVsZSBwYXJ0cyBhcmUgZXhwb3J0ZWQKRXhwb3J0LU1vZHVsZU1lbWJlciAtQWxpYXMgKiAtRnVuY3Rpb24gKiAtQ21kbGV0ICoK", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlb ScriptBlock ID: a405e001-45e2-4120-95fa-6ee3bc7d3e32 Path:	4104	1		3	2	15	0	1850	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5080	5024	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:03 PM	7f70462d-725d-0001-9455-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 5): gICAvLyBmaW5hbGx5IGNyZWF0ZSB0aGUgcG9pbnRlciB0byB0aGUgYnl0ZSBhcnJheSB3ZSBqdXN0IGNyZWF0ZWQKICAgICAgICAgICAgICAgIG5ld1N0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwobmV3U3RhdGVCeXRlcy5MZW5ndGgpOwogICAgICAgICAgICAgICAgTWFyc2hhbC5Db3B5KG5ld1N0YXRlQnl0ZXMsIDAsIG5ld1N0YXRlUHRyLCBuZXdTdGF0ZUJ5dGVzLkxlbmd0aCk7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBJbnRQdHIgaFRva2VuID0gSW50UHRyLlplcm87CiAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuT3BlblByb2Nlc3NUb2tlbih0b2tlbiwgVG9rZW5BY2Nlc3NMZXZlbHMuUXVlcnkgfCBUb2tlbkFjY2Vzc0xldmVscy5BZGp1c3RQcml2aWxlZ2VzLCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIk9wZW5Qcm9jZXNzVG9rZW4oKSBmYWlsZWQgd2l0aCBRdWVyeSBhbmQgQWRqdXN0UHJpdmlsZWdlcyIpOwogICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgSW50UHRyIG9sZFN0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoMCk7CiAgICAgICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkFkanVzdFRva2VuUHJpdmlsZWdlcyhoVG9rZW4sIGRpc2FibGVBbGxQcml2aWxlZ2VzLCBuZXdTdGF0ZVB0ciwgMCwgb2xkU3RhdGVQdHIsIG91dCByZXR1cm5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChlcnJDb2RlICE9IDEyMikgLy8gRVJST1JfSU5TVUZGSUNJRU5UX0JVRkZFUgogICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKGVyckNvZGUsICJBZGp1c3RUb2tlblByaXZpbGVnZXMoKSBmYWlsZWQgdG8gZ2V0IG9sZCBzdGF0ZSBzaXplIik7CiAgICAgICAgICAgICAgICAgICAgfQoKICAgICAgICAgICAgICAgICAgICAvLyByZXNpemUgdGhlIG9sZFN0YXRlUHRyIGJhc2VkIG9uIHRoZSBsZW5ndGggcmV0dXJuZWQgZnJvbSBXaW5kb3dzCiAgICAgICAgICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChvbGRTdGF0ZVB0cik7CiAgICAgICAgICAgICAgICAgICAgb2xkU3RhdGVQdHIgPSBNYXJzaGFsLkFsbG9jSEdsb2JhbCgoaW50KXJldHVybkxlbmd0aCk7CiAgICAgICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBib29sIHJlcyA9IE5hdGl2ZU1ldGhvZHMuQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKGhUb2tlbiwgZGlzYWJsZUFsbFByaXZpbGVnZXMsIG5ld1N0YXRlUHRyLCByZXR1cm5MZW5ndGgsIG9sZFN0YXRlUHRyLCBvdXQgcmV0dXJuTGVuZ3RoKTsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBldmVuIHdoZW4gcmVzID09IHRydWUsIEVSUk9SX05PVF9BTExfQVNTSUdORUQgbWF5IGJlIHNldCBhcyB0aGUgbGFzdCBlcnJvciBjb2RlCiAgICAgICAgICAgICAgICAgICAgICAgIGlmICghcmVzIHx8IGVyckNvZGUgIT0gMCkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihlcnJDb2RlLCAiQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKCkgZmFpbGVkIik7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBNYXJzaGFsIHRoZSBvbGRTdGF0ZVB0ciB0byB0aGUgc3RydWN0CiAgICAgICAgICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUyBvbGRTdGF0ZSA9IChOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShvbGRTdGF0ZVB0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgICAgICBvbGRTdGF0ZVByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW29sZFN0YXRlLlByaXZpbGVnZUNvdW50XTsKICAgICAgICAgICAgICAgICAgICAgICAgUHRyVG9TdHJ1Y3R1cmVBcnJheShvbGRTdGF0ZVByaXZpbGVnZXMsIEludFB0ci5BZGQob2xkU3RhdGVQdHIsIE1hcnNoYWwuU2l6ZU9mKG9sZFN0YXRlLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBNYXJzaGFsLkZyZWVIR2xvYmFsKG9sZFN0YXRlUHRyKTsKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5DbG9zZUhhbmRsZShoVG9rZW4pOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaWYgKG5ld1N0YXRlUHRyICE9IEludFB0ci5aZXJvKQogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwobmV3U3RhdGVQdHIpOwogICAgICAgICAgICB9CgogICAgICAgICAgICByZXR1cm4gb2xkU3RhdGVQcml2aWxlZ2VzLlRvRGljdGlvbmFyeShwID0+IEdldFByaXZpbGVnZU5hbWUocC5MdWlkKSwgcCA9PiAoYm9vbD8pcC5BdHRyaWJ1dGVzLkhhc0ZsYWcoUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBzdHJpbmcgR2V0UHJpdmlsZWdlTmFtZShOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZCkKICAgICAgICB7CiAgICAgICAgICAgIFVJbnQzMiBuYW1lTGVuID0gMDsKICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5Mb29rdXBQcml2aWxlZ2VOYW1lKG51bGwsIHJlZiBsdWlkLCBudWxsLCByZWYgbmFtZUxlbik7CgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIG5hbWUgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KShuYW1lTGVuICsgMSkpOwogICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuTG9va3VwUHJpdmlsZWdlTmFtZShudWxsLCByZWYgbHVpZCwgbmFtZSwgcmVmIG5hbWVMZW4pKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJMb29rdXBQcml2aWxlZ2VOYW1lKCkgZmFpbGVkIik7CgogICAgICAgICAgICByZXR1cm4gbmFtZS5Ub1N0cmluZygpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBQdHJUb1N0cnVjdHVyZUFycmF5PFQ+KFRbXSBhcnJheSwgSW50UHRyIHB0cikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBwdHJPZmZzZXQgPSBwdHI7CiAgICAgICAgICAgIGZvciAoaW50IGkgPSAwOyBpIDwgYXJyYXkuTGVuZ3RoOyBpKyssIHB0ck9mZnNldCA9IEludFB0ci5BZGQocHRyT2Zmc2V0LCBNYXJzaGFsLlNpemVPZih0eXBlb2YoVCkpKSkKICAgICAgICAgICAgICAgIGFycmF5W2ldID0gKFQpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShwdHJPZmZzZXQsIHR5cGVvZihUKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBpbnQgU3RydWN0dXJlVG9CeXRlczxUPihUIHN0cnVjdHVyZSwgYnl0ZVtdIGFycmF5LCBpbnQgb2Zmc2V0KQogICAgICAgIHsKICAgICAgICAgICAgaW50IHNpemUgPSBNYXJzaGFsLlNpemVPZihzdHJ1Y3R1cmUpOwogICAgICAgICAgICBJbnRQdHIgc3RydWN0UHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoc2l6ZSk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBNYXJzaGFsLlN0cnVjdHVyZVRvUHRyKHN0cnVjdHVyZSwgc3RydWN0UHRyLCBmYWxzZSk7CiAgICAgICAgICAgICAgICBNYXJzaGFsLkNvcHkoc3RydWN0UHRyLCBhcnJheSwgb2Zmc2V0LCBzaXplKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwoc3RydWN0UHRyKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgcmV0dXJuIHNpemU7CiAgICAgICAgfQogICAgfQp9CidACgpGdW5jdGlvbiBJbXBvcnQtUHJpdmlsZWdlVXRpbCB7CiAgICA8IwogICAgLlNZTk9QU0lTCiAgICBDb21waWxlcyB0aGUgQyMgY29kZSB0aGF0IGNhbiBiZSB1c2VkIHRvIG1hbmFnZSBXaW5kb3dzIHByaXZpbGVnZXMgZnJvbSBhbgogICAgQW5zaWJsZSBtb2R1bGUuIE9uY2UgdGhpcyBmdW5jdGlvbiBpcyBjYWxsZWQsIHRoZSBmb2xsb3dpbmcgUG93ZXJTaGVsbAogICAgY21kbGV0cyBjYW4gYmUgdXNlZDsKCiAgICAgICAgR2V0LUFuc2libGVQcml2aWxlZ2UKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZQoKICAgIFRoZSBhYm92ZSBjbWRsZXRzIGdpdmUgdGhlIGFiaWxpdHkgdG8gbWFuYWdlIHBlcm1pc3Npb25zIG9uIHRoZSBjdXJyZW50CiAgICBwcm9jZXNzIHRva2VuIGJ1dCB0aGUgdW5kZXJseWluZyAuTkVUIGNsYXNzZXMgYXJlIGFsc28gZXhwb3NlZCBmb3IgZ3JlYXRlcgogICAgY29udHJvbC4gVGhlIGZvbGxvd2luZyBmdW5jdGlvbnMgY2FuIGJlIHVzZWQgYnkgY2FsbGluZyB0aGUgLk5FVCBjbGFzcwoKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkbmFtZSkKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkRpc2FibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6RGlzYWJsZUFsbFByaXZpbGVnZXMoJHByb2Nlc3MpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpFbmFibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2VzcykKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OlJlbW92ZVByaXZpbGVnZSgkcHJvY2VzcywgJG5hbWUpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3MsICRuZXdfc3RhdGUpCgogICAgSGVyZSBpcyBhIGJyaWVmIGV4cGxhbmF0aW9uIG9mIGVhY2ggdHlwZSBvZiBhcmcKICAgICRwcm9jZXNzID0gVGhlIHByb2Nlc3MgaGFuZGxlIHRvIG1hbmlwdWxhdGUsIHVzZSAnW0Fuc2libGUuUHJpdmlsZWdlVXRpbHMuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCknIHRvIGdldCB0aGUgY3VycmVudCBwcm9jZXNzIGhhbmRsZQogICAgJG5hbWUgPSBUaGUgbmFtZSBvZiB0aGUgcHJpdmlsZWdlLCB0aGlzIGlzIHRoZSBjb25zdGFudCB2YWx1ZSBmcm9tIGh0dHBzOi8vZG9jcy5taWNyb3NvZnQuY29tL2VuLXVzL3dpbmRvd3MvZGVza3RvcC9TZWNBdXRoWi9wcml2aWxlZ2UtY29uc3RhbnRzLCBlLmcuIFNlQXVkaXRQcml2aWxlZ2UKICAgICRuZXdfc3RhdGUgPSAnU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuRGljdGlvbmFyeWAyW1tTeXN0ZW0uU3RyaW5nXSwgW1N5c3RlbS5OdWxsYWJsZWAxW1N5c3RlbS5Cb29sZWFuXV1dJwogICAgICAgIFRoZSBrZXkgaXMgdGhlIGNvbnN0YW50IG5hbWUgYXMgYSBzdHJpbmcsIHRoZSB2YWx1ZSBpcyBhIHRlcm5hcnkgYm9vbGVhbiB3aGVyZQogICAgICAgICAgICB0cnVlIC0gd2lsbCBlbmFibGUgdGhlIHByaXZpbGVnZQogICAgICAgICAgICBmYWxzZSAtIHdpbGwgZGlzYWJsZSB0aGUgcHJpdmlsZWdlCiAgICAgICAgICAgIG51bGwgLSB3aWxsIHJlbW92ZSB0aGUgcHJpdmlsZWdlCgogICAgRWFjaCBtZXRob2QgdGhhdCBjaGFuZ2VzIHRoZSBwcml2aWxlZ2Ugc3RhdGUgd2lsbCByZXR1cm4gYSBkaWN0aW9uYXJ5IHRoYXQKICAgIGNhbiBiZSB1c2VkIGFzIHRoZSAkbmV3X3N0YXRlIGFyZyBvZiBTZXRUb2tlblByaXZpbGVnZXMgdG8gdW5kbyBhbmQgcmV2ZXJ0CiAgICBiYWNrIHRvIHRoZSBvcmlnaW5hbCBzdGF0ZS4gSWYgeW91IHJlbW92ZSBhIHByaXZpbGVnZSB0aGVuIHRoaXMgaXMKICAgIGlycmV2ZXJzaWJsZSBhbmQgd29uJ3QgYmUgcGFydCBvZiB0aGUgcmV0dXJuZWQgZGljdAogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICAjIGJ1aWxkIHRoZSBDIyBjb2RlIHRvIGNvbXBpbGUKICAgICRuYW1lc3BhY2VfaW1wb3J0ID0gKCRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX25hbWVzcGFjZXMgfCBGb3JFYWNoLU9iamVjdCB7ICJ1c2luZyAkXzsiIH0pIC1qb2luICJgcmBuIgogICAgJHBsYXRmb3JtX3V0aWwgPSAiJG5hbWVzcGFjZV9pbXBvcnRgcmBuYHJgbiRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGUiCgogICAgIyBGVVRVUkU6IGZpbmQgYSBiZXR0ZXIgd2F5IHRvIGdldCB0aGUgX2Fuc2libGVfcmVtb3RlX3RtcCB2YXJpYWJsZQogICAgIyB0aGlzIGlzIHVzZWQgdG8gZm9yY2UgY3NjIHRvIGNvbXBpbGUgdGhlIEMjIGNvZGUgaW4gdGhlIHJlbW90ZSB0bXAKICAgICMgc3BlY2lmaWVkCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwbGF0Zm9ybV91dGlsCiAgICAkZW52OlRNUCA9ICRvcmlnaW5hbF90bXAKfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQcml2aWxlZ2UgewogICAgPCMKICAgIC5TWU5PUFNJUwogICAgR2V0IHRoZSBzdGF0dXMgb2YgYSBwcml2aWxlZ2UgZm9yIHRoZSBjdXJyZW50IHByb2Nlc3MuIFRoaXMgcmV0dXJucwogICAgICAgICR0cnVlIC0gdGhlIHByaXZpbGVnZSBpcyBlbmFibGVkCiAgICAgICAgJGZhbHNlIC0gdGhlIHByaXZpbGVnZSBpcyBkaXNhYmxlZAogICAgICAgICRudWxsIC0gdGhlIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gdGhlIHRva2VuCgogICAgSWYgTmFtZSBpcyBub3QgYSB2YWxpZCBwcml2aWxlZ2UgbmFtZSwgdGhpcyB3aWxsIHRocm93IGFuCiAgICBBcmd1bWVudEV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VEZWJ1Z1ByaXZpbGVnZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZQogICAgKQoKICAgIGlmICgtbm90IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkTmFtZSkpIHsKICAgICAgICB0aHJvdyBbU3lzdGVtLkFyZ3VtZW50RXhjZXB0aW9uXSAiSW52YWxpZCBwcml2aWxlZ2UgbmFtZSAnJE5hbWUnIgogICAgfQoKICAgICRwcm9jZXNzX3Rva2VuID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0Q3VycmVudFByb2Nlc3MoKQogICAgJHByaXZpbGVnZV9pbmZvID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2Vzc190b2tlbikKICAgIGlmICgkcHJpdmlsZWdlX2luZm8uQ29udGFpbnNLZXkoJE5hbWUpKSB7CiAgICAgICAgJHN0YXR1cyA9ICRwcml2aWxlZ2VfaW5mby4kTmFtZQogICAgICAgIHJldHVybiAkc3RhdHVzLkhhc0ZsYWcoW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VBdHRyaWJ1dGVzXTo6RW5hYmxlZCkKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRudWxsCiAgICB9Cn0KCkZ1bmN0aW9uIFNldC1BbnNpYmxlUHJpdmlsZWdlIHsKICAgIDwjCiAgICAuU1lOT1BTSVMKICAgIEVuYWJsZXMvRGlzYWJsZXMgYSBwcml2aWxlZ2Ugb24gdGhlIGN1cnJlbnQgcHJvY2VzcycgdG9rZW4uIElmIGEgcHJpdmlsZWdlCiAgICBoYXMgYmVlbiByZW1vdmVkIGZyb20gdGhlIHByb2Nlc3MgdG9rZW4sIHRoaXMgd2lsbCB0aHJvdyBhbgogICAgSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgIyBlbmFibGUgYSBwcml2aWxlZ2UKICAgIFNldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQ3JlYXRlU3ltYm9saWNMaW5rUHJpdmlsZWdlIC1WYWx1ZSAkdHJ1ZQoKICAgICMgZGlzYWJsZSBhIHByaXZpbGVnZQogICAgU2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VDcmVhdGVTeW1ib2xpY0xpbmtQcml2aWxlZ2UgLVZhbHVlICRmYWxzZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKFN1cHBvcnRzU2hvdWxkUHJvY2VzcyldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZSwKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW2Jvb2xdJFZhbHVlCiAgICApCgogICAgJGFjdGlvbiA9IHN3aXRjaCgkVmFsdWUpIHsKICAgICAgICAkdHJ1ZSB7ICJFbmFibGUiIH0KICAgICAgICAkZmFsc2UgeyAiRGlzYWJsZSIgfQogICAgfQoKICAgICRjdXJyZW50X3N0YXRlID0gR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgJE5hbWUKICAgIGlmICgkY3VycmVudF9zdGF0ZSAtZXEgJFZhbHVlKSB7CiAgICAgICAgcmV0dXJuICAjIG5vIGNoYW5nZSBuZWVkcyB0byBvY2N1cgogICAgfSBlbHNlaWYgKCRudWxsIC1lcSAkY3VycmVudF9zdGF0ZSkgewogICAgICAgICMgb25jZSBhIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gYSB0b2tlbiB3ZSBjYW5ub3QgZG8gYW55dGhpbmcgd2l0aCBpdAogICAgICAgIHRocm93IFtTeXN0ZW0uSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbl0gIkNhbm5vdCAkKCRhY3Rpb24uVG9Mb3dlcigpKSB0aGUgcHJpdmlsZWdlICckTmFtZScgYXMgaXQgaGFzIGJlZW4gcmVtb3ZlZCBmcm9tIHRoZSB0b2tlbiIKICAgIH0KCiAgICAkcHJvY2Vzc190b2tlbiA9IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCkKICAgIGlmICgkUFNDbWRsZXQuU2hvdWxkUHJvY2VzcygkTmFtZSwgIiRhY3Rpb24gdGhlIHByaXZpbGVnZSAkTmFtZSIpKSB7CiAgICAgICAgJG5ld19zdGF0ZSA9IE5ldy1PYmplY3QgLVR5cGVOYW1lICdTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5EaWN0aW9uYXJ5YDJbW1N5c3RlbS5TdHJpbmddLCBbU3lzdGVtLk51bGxhYmxlYDFbU3lzdGVtLkJvb2xlYW5dXV0nCiAgICAgICAgJG5ld19zdGF0ZS5BZGQoJE5hbWUsICRWYWx1ZSkKICAgICAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3NfdG9rZW4sICRuZXdfc3RhdGUpID4gJG51bGwKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gSW1wb3J0LVByaXZpbGVnZVV0aWwsIEdldC1BbnNpYmxlUHJpdmlsZWdlLCBTZXQtQW5zaWJsZVByaXZpbGVnZSBgCiAgICAtVmFyaWFibGUgYW5zaWJsZV9wcml2aWxlZ2VfdXRpbF9uYW1lc3BhY2VzLCBhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGU=", "Ansible.ModuleUtils.LinkUtil": "ICMgQ29weXJpZ2h0IChjKSAyMDE3IEFuc2libGUgUHJvamVjdAogIyBTaW1wbGlmaWVkIEJTRCBMaWNlbnNlIChzZWUgbGljZW5zZXMvc2ltcGxpZmllZF9ic2QudHh0IG9yIGh0dHBzOi8vb3BlbnNvdXJjZS5vcmcvbGljZW5zZXMvQlNELTItQ2xhdXNlKQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Qcml2aWxlZ2VVdGlsCgpGdW5jdGlvbiBMb2FkLUxpbmtVdGlscygpIHsKICAgICRsaW5rX3V0aWwgPSBAJwp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWM7CnVzaW5nIFN5c3RlbS5JTzsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwp1c2luZyBTeXN0ZW0uVGV4dDsKCm5hbWVzcGFjZSBBbnNpYmxlCnsKICAgIHB1YmxpYyBlbnVtIExpbmtUeXBlCiAgICB7CiAgICAgICAgU3ltYm9saWNMaW5rLAogICAgICAgIEp1bmN0aW9uUG9pbnQsCiAgICAgICAgSGFyZExpbmsKICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CgogICAgICAgIHB1YmxpYyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIExpbmtVdGlsV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgb3ZlcnJpZGUgc3RyaW5nIE1lc3NhZ2UgeyBnZXQgeyByZXR1cm4gX21zZzsgfSB9CiAgICAgICAgcHVibGljIHN0YXRpYyBleHBsaWNpdCBvcGVyYXRvciBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBMaW5rSW5mbwogICAgewogICAgICAgIHB1YmxpYyBMaW5rVHlwZSBUeXBlIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICBwdWJsaWMgc3RyaW5nIFByaW50TmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBTdWJzdGl0dXRlTmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBBYnNvbHV0ZVBhdGggeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIHB1YmxpYyBzdHJpbmcgVGFyZ2V0UGF0aCB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZ1tdIEhhcmRUYXJnZXRzIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgIH0KCiAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICBwdWJsaWMgc3RydWN0IFJFUEFSU0VfREFUQV9CVUZGRVIKICAgIHsKICAgICAgICBwdWJsaWMgVUludDMyIFJlcGFyc2VUYWc7CiAgICAgICAgcHVibGljIFVJbnQxNiBSZXBhcnNlRGF0YUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFJlc2VydmVkOwogICAgICAgIHB1YmxpYyBVSW50MTYgU3Vic3RpdHV0ZU5hbWVPZmZzZXQ7CiAgICAgICAgcHVibGljIFVJbnQxNiBTdWJzdGl0dXRlTmFtZUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZU9mZnNldDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZUxlbmd0aDsKCiAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkJ5VmFsQXJyYXksIFNpemVDb25zdCA9IExpbmtVdGlsLk1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFKV0KICAgICAgICBwdWJsaWMgY2hhcltdIFBhdGhCdWZmZXI7CiAgICB9CgogICAgcHVibGljIGNsYXNzIExpbmtVdGlsCiAgICB7CiAgICAgICAgcHVibGljIGNvbnN0IGludCBNQVhJTVVNX1JFUEFSU0VfREFUQV9CVUZGRVJfU0laRSA9IDEwMjQgKiAxNjsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgPSAweDAyMDAwMDAwOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgPSAweDAwMjAwMDAwOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBGU0NUTF9HRVRfUkVQQVJTRV9QT0lOVCA9IDB4MDAwOTAwQTg7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQgPSAweDAwMDkwMEE0OwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfREVWSUNFX0ZJTEVfU1lTVEVNID0gMHgwMDA5MDAwMDsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgSU9fUkVQQVJTRV9UQUdfTU9VTlRfUE9JTlQgPSAweEEwMDAwMDAzOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIElPX1JFUEFSU0VfVEFHX1NZTUxJTksgPSAweEEwMDAwMDBDOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1MSU5LX0ZMQUdfUkVMQVRJVkUgPSAweDAwMDAwMDAxOwoKICAgICAgICBwcml2YXRlIGNvbnN0IEludDY0IElOVkFMSURfSEFORExFX1ZBTFVFID0gLTE7CgogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIFNJWkVfT0ZfV0NIQVIgPSAyOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRSA9IDB4MDAwMDAwMDA7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgU1lNQk9MSUNfTElOS19GTEFHX0RJUkVDVE9SWSA9IDB4MDAwMDAwMDE7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBTYWZlRmlsZUhhbmRsZSBDcmVhdGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLlU0KV0gRmlsZUFjY2VzcyBkd0Rlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5VNCldIEZpbGVTaGFyZSBkd1NoYXJlTW9kZSwKICAgICAgICAgICAgSW50UHRyIGxwU2VjdXJpdHlBdHRyaWJ1dGVzLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuVTQpXSBGaWxlTW9kZSBkd0NyZWF0aW9uRGlzcG9zaXRpb24sCiAgICAgICAgICAgIFVJbnQzMiBkd0ZsYWdzQW5kQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGhUZW1wbGF0ZUZpbGUpOwoKICAgICAgICAvLyBVc2VkIGJ5IEdldFJlcGFyc2VQb2ludEluZm8oKQogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIERldmljZUlvQ29udHJvbCgKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaERldmljZSwKICAgICAgICAgICAgVUludDMyIGR3SW9Db250cm9sQ29kZSwKICAgICAgICAgICAgSW50UHRyIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgUkVQQVJTRV9EQVRBX0JVRkZFUiBscE91dEJ1ZmZlciwKICAgICAgICAgICAgVUludDMyIG5PdXRCdWZmZXJTaXplL ScriptBlock ID: a405e001-45e2-4120-95fa-6ee3bc7d3e32 Path:	4104	1		3	2	15	0	1849	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5080	5024	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:03 PM	7f70462d-725d-0001-9455-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 5): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.PrivilegeUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTggQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiMgc3RvcmUgaW4gc2VwYXJhdGUgdmFyaWFibGVzIHRvIG1ha2UgaXQgZWFzaWVyIGZvciBvdGhlciBtb2R1bGVfdXRpbHMgdG8KIyBzaGFyZSB0aGlzIGNvZGUgaW4gdGhlaXIgb3duIGMjIGNvZGUKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfbmFtZXNwYWNlcyA9IEAoCiAgICAiTWljcm9zb2Z0LldpbjMyLlNhZmVIYW5kbGVzIiwKICAgICJTeXN0ZW0iLAogICAgIlN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljIiwKICAgICJTeXN0ZW0uTGlucSIsCiAgICAiU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzIiwKICAgICJTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsIiwKICAgICJTeXN0ZW0uVGV4dCIKKQoKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfY29kZSA9IEAnCm5hbWVzcGFjZSBBbnNpYmxlLlByaXZpbGVnZVV0aWwKewogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gUHJpdmlsZWdlQXR0cmlidXRlcyA6IHVpbnQKICAgIHsKICAgICAgICBEaXNhYmxlZCA9IDB4MDAwMDAwMDAsCiAgICAgICAgRW5hYmxlZEJ5RGVmYXVsdCA9IDB4MDAwMDAwMDEsCiAgICAgICAgRW5hYmxlZCA9IDB4MDAwMDAwMDIsCiAgICAgICAgUmVtb3ZlZCA9IDB4MDAwMDAwMDQsCiAgICAgICAgVXNlZEZvckFjY2VzcyA9IDB4ODAwMDAwMDAsCiAgICB9CgogICAgaW50ZXJuYWwgY2xhc3MgTmF0aXZlSGVscGVycwogICAgewogICAgICAgIFtTdHJ1Y3RMYXlvdXQoTGF5b3V0S2luZC5TZXF1ZW50aWFsKV0KICAgICAgICBpbnRlcm5hbCBzdHJ1Y3QgTFVJRAogICAgICAgIHsKICAgICAgICAgICAgcHVibGljIFVJbnQzMiBMb3dQYXJ0OwogICAgICAgICAgICBwdWJsaWMgSW50MzIgSGlnaFBhcnQ7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IExVSURfQU5EX0FUVFJJQlVURVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBMVUlEIEx1aWQ7CiAgICAgICAgICAgIHB1YmxpYyBQcml2aWxlZ2VBdHRyaWJ1dGVzIEF0dHJpYnV0ZXM7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IFRPS0VOX1BSSVZJTEVHRVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBVSW50MzIgUHJpdmlsZWdlQ291bnQ7CiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5CeVZhbEFycmF5LCBTaXplQ29uc3QgPSAxKV0KICAgICAgICAgICAgcHVibGljIExVSURfQU5EX0FUVFJJQlVURVNbXSBQcml2aWxlZ2VzOwogICAgICAgIH0KICAgIH0KCiAgICBpbnRlcm5hbCBjbGFzcyBOYXRpdmVNZXRob2RzCiAgICB7CiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIEFkanVzdFRva2VuUHJpdmlsZWdlcygKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuQm9vbCldIGJvb2wgRGlzYWJsZUFsbFByaXZpbGVnZXMsCiAgICAgICAgICAgIEludFB0ciBOZXdTdGF0ZSwKICAgICAgICAgICAgVUludDMyIEJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgSW50UHRyIFByZXZpb3VzU3RhdGUsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIENsb3NlSGFuZGxlKAogICAgICAgICAgICBJbnRQdHIgaE9iamVjdCk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBTYWZlV2FpdEhhbmRsZSBHZXRDdXJyZW50UHJvY2VzcygpOwoKICAgICAgICBbRGxsSW1wb3J0KCJhZHZhcGkzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBpbnRlcm5hbCBzdGF0aWMgZXh0ZXJuIGJvb2wgR2V0VG9rZW5JbmZvcm1hdGlvbigKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBVSW50MzIgVG9rZW5JbmZvcm1hdGlvbkNsYXNzLAogICAgICAgICAgICBJbnRQdHIgVG9rZW5JbmZvcm1hdGlvbiwKICAgICAgICAgICAgVUludDMyIFRva2VuSW5mb3JtYXRpb25MZW5ndGgsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZU5hbWUoCiAgICAgICAgICAgIHN0cmluZyBscFN5c3RlbU5hbWUsCiAgICAgICAgICAgIHJlZiBOYXRpdmVIZWxwZXJzLkxVSUQgbHBMdWlkLAogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGxwTmFtZSwKICAgICAgICAgICAgcmVmIFVJbnQzMiBjY2hOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZVZhbHVlKAogICAgICAgICAgICBzdHJpbmcgbHBTeXN0ZW1OYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBOYW1lLAogICAgICAgICAgICBvdXQgTmF0aXZlSGVscGVycy5MVUlEIGxwTHVpZCk7CgogICAgICAgIFtEbGxJbXBvcnQoImFkdmFwaTMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIGludGVybmFsIHN0YXRpYyBleHRlcm4gYm9vbCBPcGVuUHJvY2Vzc1Rva2VuKAogICAgICAgICAgICBTYWZlSGFuZGxlIFByb2Nlc3NIYW5kbGUsCiAgICAgICAgICAgIFRva2VuQWNjZXNzTGV2ZWxzIERlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIG91dCBJbnRQdHIgVG9rZW5IYW5kbGUpOwogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KICAgICAgICBwdWJsaWMgV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQogICAgICAgIHB1YmxpYyBvdmVycmlkZSBzdHJpbmcgTWVzc2FnZSB7IGdldCB7IHJldHVybiBfbXNnOyB9IH0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4cGxpY2l0IG9wZXJhdG9yIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgV2luMzJFeGNlcHRpb24obWVzc2FnZSk7IH0KICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgUHJpdmlsZWdlcwogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIHJlYWRvbmx5IFVJbnQzMiBUT0tFTl9QUklWSUxFR0VTID0gMzsKCgogICAgICAgIHB1YmxpYyBzdGF0aWMgYm9vbCBDaGVja1ByaXZpbGVnZU5hbWUoc3RyaW5nIG5hbWUpCiAgICAgICAgewogICAgICAgICAgICBOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZDsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIG5hbWUsIG91dCBsdWlkKSkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICBpZiAoZXJyQ29kZSAhPSAxMzEzKSAgLy8gRVJST1JfTk9fU1VDSF9QUklWSUxFR0UKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oZXJyQ29kZSwgU3RyaW5nLkZvcm1hdCgiTG9va3VwUHJpdmlsZWdlVmFsdWUoezB9KSBmYWlsZWQiLCBuYW1lKSk7CiAgICAgICAgICAgICAgICByZXR1cm4gZmFsc2U7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZWxzZQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICByZXR1cm4gdHJ1ZTsKICAgICAgICAgICAgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IERpc2FibGVQcml2aWxlZ2UoU2FmZUhhbmRsZSB0b2tlbiwgc3RyaW5nIHByaXZpbGVnZSkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgZmFsc2UgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBEaXNhYmxlQWxsUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuKQogICAgICAgIHsKICAgICAgICAgICAgcmV0dXJuIEFkanVzdFRva2VuUHJpdmlsZWdlcyh0b2tlbiwgbnVsbCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIERpY3Rpb25hcnk8c3RyaW5nLCBib29sPz4gRW5hYmxlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICByZXR1cm4gU2V0VG9rZW5Qcml2aWxlZ2VzKHRva2VuLCBuZXcgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PigpIHsgeyBwcml2aWxlZ2UsIHRydWUgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IEdldEFsbFByaXZpbGVnZUluZm8oU2FmZUhhbmRsZSB0b2tlbikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBoVG9rZW4gPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLk9wZW5Qcm9jZXNzVG9rZW4odG9rZW4sIFRva2VuQWNjZXNzTGV2ZWxzLlF1ZXJ5LCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiT3BlblByb2Nlc3NUb2tlbigpIGZhaWxlZCIpOwoKICAgICAgICAgICAgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IGluZm8gPSBuZXcgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+KCk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBVSW50MzIgdG9rZW5MZW5ndGggPSAwOwogICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5HZXRUb2tlbkluZm9ybWF0aW9uKGhUb2tlbiwgVE9LRU5fUFJJVklMRUdFUywgSW50UHRyLlplcm8sIDAsIG91dCB0b2tlbkxlbmd0aCk7CgogICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlczsKICAgICAgICAgICAgICAgIEludFB0ciBwcml2aWxlZ2VzUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoKGludCl0b2tlbkxlbmd0aCk7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuR2V0VG9rZW5JbmZvcm1hdGlvbihoVG9rZW4sIFRPS0VOX1BSSVZJTEVHRVMsIHByaXZpbGVnZXNQdHIsIHRva2VuTGVuZ3RoLCBvdXQgdG9rZW5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkdldFRva2VuSW5mb3JtYXRpb24oKSBmb3IgVE9LRU5fUFJJVklMRUdFUyBmYWlsZWQiKTsKCiAgICAgICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTIHByaXZpbGVnZUluZm8gPSAoTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTKU1hcnNoYWwuUHRyVG9TdHJ1Y3R1cmUocHJpdmlsZWdlc1B0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgIHByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW3ByaXZpbGVnZUluZm8uUHJpdmlsZWdlQ291bnRdOwogICAgICAgICAgICAgICAgICAgIFB0clRvU3RydWN0dXJlQXJyYXkocHJpdmlsZWdlcywgSW50UHRyLkFkZChwcml2aWxlZ2VzUHRyLCBNYXJzaGFsLlNpemVPZihwcml2aWxlZ2VJbmZvLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwocHJpdmlsZWdlc1B0cik7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgaW5mbyA9IHByaXZpbGVnZXMuVG9EaWN0aW9uYXJ5KHAgPT4gR2V0UHJpdmlsZWdlTmFtZShwLkx1aWQpLCBwID0+IHAuQXR0cmlidXRlcyk7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBOYXRpdmVNZXRob2RzLkNsb3NlSGFuZGxlKGhUb2tlbik7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgcmV0dXJuIGluZm87CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIFNhZmVXYWl0SGFuZGxlIEdldEN1cnJlbnRQcm9jZXNzKCkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBOYXRpdmVNZXRob2RzLkdldEN1cnJlbnRQcm9jZXNzKCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgUmVtb3ZlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgbnVsbCB9IH0pOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IFNldFRva2VuUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuLCBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IHN0YXRlKQogICAgICAgIHsKICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlQXR0ciA9IG5ldyBOYXRpdmVIZWxwZXJzLkxVSURfQU5EX0FUVFJJQlVURVNbc3RhdGUuQ291bnRdOwogICAgICAgICAgICBpbnQgaSA9IDA7CgogICAgICAgICAgICBmb3JlYWNoIChLZXlWYWx1ZVBhaXI8c3RyaW5nLCBib29sPz4gZW50cnkgaW4gc3RhdGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRCBsdWlkOwogICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIGVudHJ5LktleSwgb3V0IGx1aWQpKQogICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJMb29rdXBQcml2aWxlZ2VWYWx1ZSh7MH0pIGZhaWxlZCIsIGVudHJ5LktleSkpOwoKICAgICAgICAgICAgICAgIFByaXZpbGVnZUF0dHJpYnV0ZXMgYXR0cmlidXRlczsKICAgICAgICAgICAgICAgIHN3aXRjaCAoZW50cnkuVmFsdWUpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgY2FzZSB0cnVlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkOwogICAgICAgICAgICAgICAgICAgICAgICBicmVhazsKICAgICAgICAgICAgICAgICAgICBjYXNlIGZhbHNlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5EaXNhYmxlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICAgICAgZGVmYXVsdDoKICAgICAgICAgICAgICAgICAgICAgICAgYXR0cmlidXRlcyA9IFByaXZpbGVnZUF0dHJpYnV0ZXMuUmVtb3ZlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgcHJpdmlsZWdlQXR0cltpXS5MdWlkID0gbHVpZDsKICAgICAgICAgICAgICAgIHByaXZpbGVnZUF0dHJbaV0uQXR0cmlidXRlcyA9IGF0dHJpYnV0ZXM7CiAgICAgICAgICAgICAgICBpKys7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHJldHVybiBBZGp1c3RUb2tlblByaXZpbGVnZXModG9rZW4sIHByaXZpbGVnZUF0dHIpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBBZGp1c3RUb2tlblByaXZpbGVnZXMoU2FmZUhhbmRsZSB0b2tlbiwgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gbmV3U3RhdGUpCiAgICAgICAgewogICAgICAgICAgICBib29sIGRpc2FibGVBbGxQcml2aWxlZ2VzOwogICAgICAgICAgICBJbnRQdHIgbmV3U3RhdGVQdHI7CiAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1tdIG9sZFN0YXRlUHJpdmlsZWdlczsKICAgICAgICAgICAgVUludDMyIHJldHVybkxlbmd0aDsKCiAgICAgICAgICAgIGlmIChuZXdTdGF0ZSA9PSBudWxsKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBkaXNhYmxlQWxsUHJpdmlsZWdlcyA9IHRydWU7CiAgICAgICAgICAgICAgICBuZXdTdGF0ZVB0ciA9IEludFB0ci5aZXJvOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZGlzYWJsZUFsbFByaXZpbGVnZXMgPSBmYWxzZTsKCiAgICAgICAgICAgICAgICAvLyBOZWVkIHRvIG1hbnVhbGx5IG1hcnNoYWwgdGhlIGJ5dGVzIHJlcXVpcmVzIGZvciBuZXdTdGF0ZSBhcyB0aGUgY29uc3RhbnQgc2l6ZQogICAgICAgICAgICAgICAgLy8gb2YgTFVJRF9BTkRfQVRUUklCVVRFUyBpcyBzZXQgdG8gMSBhbmQgY2FuJ3QgYmUgb3ZlcnJpZGRlbiBhdCBydW50aW1lLCBUT0tFTl9QUklWSUxFR0VTCiAgICAgICAgICAgICAgICAvLyBhbHdheXMgY29udGFpbnMgYXQgbGVhc3QgMSBlbnRyeSBzbyB3ZSBuZWVkIHRvIGNhbGN1bGF0ZSB0aGUgZXh0cmEgc2l6ZSBpZiB0aGVyZSBhcmUKICAgICAgICAgICAgICAgIC8vIG5vcmUgdGhhbiAxIExVSURfQU5EX0FUVFJJQlVURVMgZW50cnkKICAgICAgICAgICAgICAgIGludCB0b2tlblByaXZpbGVnZXNTaXplID0gTWFyc2hhbC5TaXplT2YodHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgaW50IGx1aWRBdHRyU2l6ZSA9IDA7CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMSkKICAgICAgICAgICAgICAgICAgICBsdWlkQXR0clNpemUgPSBNYXJzaGFsLlNpemVPZih0eXBlb2YoTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTKSkgKiAobmV3U3RhdGUuTGVuZ3RoIC0gMSk7CiAgICAgICAgICAgICAgICBpbnQgdG90YWxTaXplID0gdG9rZW5Qcml2aWxlZ2VzU2l6ZSArIGx1aWRBdHRyU2l6ZTsKICAgICAgICAgICAgICAgIGJ5dGVbXSBuZXdTdGF0ZUJ5dGVzID0gbmV3IGJ5dGVbdG90YWxTaXplXTsKCiAgICAgICAgICAgICAgICAvLyBnZXQgdGhlIGZpcnN0IGVudHJ5IHRoYXQgaW5jbHVkZXMgdGhlIHN0cnVjdCBkZXRhaWxzCiAgICAgICAgICAgICAgICBOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMgdG9rZW5Qcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUygpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgUHJpdmlsZWdlQ291bnQgPSAoVUludDMyKW5ld1N0YXRlLkxlbmd0aCwKICAgICAgICAgICAgICAgICAgICBQcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1sxXSwKICAgICAgICAgICAgICAgIH07CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMCkKICAgICAgICAgICAgICAgICAgICB0b2tlblByaXZpbGVnZXMuUHJpdmlsZWdlc1swXSA9IG5ld1N0YXRlWzBdOwogICAgICAgICAgICAgICAgaW50IG9mZnNldCA9IFN0cnVjdHVyZVRvQnl0ZXModG9rZW5Qcml2aWxlZ2VzLCBuZXdTdGF0ZUJ5dGVzLCAwKTsKCiAgICAgICAgICAgICAgICAvLyBjb3B5IHRoZSByZW1haW5pbmcgTFVJRF9BTkRfQVRUUklCVVRFUyAoaWYgYW55KQogICAgICAgICAgICAgICAgZm9yIChpbnQgaSA9IDE7IGkgPCBuZXdTdGF0ZS5MZW5ndGg7IGkrKykKICAgICAgICAgICAgICAgICAgICBvZmZzZXQgKz0gU3RydWN0dXJlVG9CeXRlcyhuZXdTdGF0ZVtpXSwgbmV3U3RhdGVCeXRlcywgb2Zmc2V0KTsKCiAgICAgICAgICAgICA ScriptBlock ID: a405e001-45e2-4120-95fa-6ee3bc7d3e32 Path:	4104	1		3	2	15	0	1848	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5080	5024	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:03 PM	7f70462d-725d-0001-9455-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1847	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5080	3044	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:02 PM	7f70462d-725d-0002-fc91-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 5080 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1846	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5080	1188	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:02 PM	7f70462d-725d-0002-fc91-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1845	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5080	3044	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:02 PM	7f70462d-725d-0002-fc91-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1844	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4944	3608	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:01 PM	7f70462d-725d-0002-f891-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4944 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1843	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4944	4368	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:01 PM	7f70462d-725d-0002-f891-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1842	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4944	3608	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:01 PM	7f70462d-725d-0002-f891-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 01642ef6-d0db-403d-afe4-9a9d973aeaea Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 35a58cee-239c-4920-9f15-ce826d06f24d Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = HV-CINDER-79963\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1841	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4732	4836	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:01 PM	7f70462d-725d-0000-c05d-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 8665b03f-6194-44ef-aeda-d9a0a4345d7e Path:	4104	1		3	2	15	0	1840	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4732	504	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:00 PM	7f70462d-725d-0004-a86b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: dae9046b-3d4b-4d54-b082-b6a358a39d08 Path:	4104	1		3	2	15	0	1839	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4732	504	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:00 PM	7f70462d-725d-0004-a16b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: a1ed670c-94fa-4805-8d02-7cc3d4c16ad7 Path:	4104	1		3	2	15	0	1838	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4732	504	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:00 PM	7f70462d-725d-0004-926b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (6 of 6): e $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: a0370fe9-cf97-4a7b-b771-a7d14b5963a0 Path:	4104	1		3	2	15	0	1837	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4732	504	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:00 PM	7f70462d-725d-0004-8c6b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 6): CAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "Get-Service cinder-volume | %{$_.Status}", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Nam ScriptBlock ID: a0370fe9-cf97-4a7b-b771-a7d14b5963a0 Path:	4104	1		3	2	15	0	1836	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4732	504	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:00 PM	7f70462d-725d-0004-8c6b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 6): gfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKI ScriptBlock ID: a0370fe9-cf97-4a7b-b771-a7d14b5963a0 Path:	4104	1		3	2	15	0	1835	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4732	504	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:00 PM	7f70462d-725d-0004-8c6b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 6): gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICA ScriptBlock ID: a0370fe9-cf97-4a7b-b771-a7d14b5963a0 Path:	4104	1		3	2	15	0	1834	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4732	504	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:00 PM	7f70462d-725d-0004-8c6b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 6): S5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0 ScriptBlock ID: a0370fe9-cf97-4a7b-b771-a7d14b5963a0 Path:	4104	1		3	2	15	0	1833	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4732	504	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:00 PM	7f70462d-725d-0004-8c6b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 6): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZ ScriptBlock ID: a0370fe9-cf97-4a7b-b771-a7d14b5963a0 Path:	4104	1		3	2	15	0	1832	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4732	504	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:00 PM	7f70462d-725d-0004-8c6b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1831	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4732	3920	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:32:00 PM	7f70462d-725d-0002-f791-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4732 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1830	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4732	656	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:59 PM	7f70462d-725d-0002-f791-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1829	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4732	3920	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:59 PM	7f70462d-725d-0002-f791-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.Linq; using System.Runtime.InteropServices; using System.Security.Principal; using System.Text; namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 7630f64b-967c-4d85-a009-57a7e0a877af Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 0804dd92-feae-4cbb-9f7a-d41c7cfa7ccc Pipeline ID = 8 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 36 User = HV-CINDER-79963\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1828	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1968	2504	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:59 PM	7f70462d-725d-0000-a05d-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 7630f64b-967c-4d85-a009-57a7e0a877af Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 0804dd92-feae-4cbb-9f7a-d41c7cfa7ccc Pipeline ID = 8 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = HV-CINDER-79963\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1827	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1968	2504	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:58 PM	7f70462d-725d-0005-b559-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 31e65d62-e537-4eb7-becb-c0b221b4b698 Path:	4104	1		3	2	15	0	1826	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1968	4152	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:58 PM	7f70462d-725d-0002-c791-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): g .NET classes are also exposed for greater control. The following functions can be used by calling the .NET class [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($name) [Ansible.PrivilegeUtil.Privileges]::DisablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::DisableAllPrivileges($process) [Ansible.PrivilegeUtil.Privileges]::EnablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process) [Ansible.PrivilegeUtil.Privileges]::RemovePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process, $new_state) Here is a brief explanation of each type of arg $process = The process handle to manipulate, use '[Ansible.PrivilegeUtils.Privileges]::GetCurrentProcess()' to get the current process handle $name = The name of the privilege, this is the constant value from https://docs.microsoft.com/en-us/windows/desktop/SecAuthZ/privilege-constants, e.g. SeAuditPrivilege $new_state = 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' The key is the constant name as a string, the value is a ternary boolean where true - will enable the privilege false - will disable the privilege null - will remove the privilege Each method that changes the privilege state will return a dictionary that can be used as the $new_state arg of SetTokenPrivileges to undo and revert back to the original state. If you remove a privilege then this is irreversible and won't be part of the returned dict #> [CmdletBinding()] # build the C# code to compile $namespace_import = ($ansible_privilege_util_namespaces | ForEach-Object { "using $_;" }) -join "`r`n" $platform_util = "$namespace_import`r`n`r`n$ansible_privilege_util_code" # FUTURE: find a better way to get the _ansible_remote_tmp variable # this is used to force csc to compile the C# code in the remote tmp # specified $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $platform_util $env:TMP = $original_tmp } Function Get-AnsiblePrivilege { <# .SYNOPSIS Get the status of a privilege for the current process. This returns $true - the privilege is enabled $false - the privilege is disabled $null - the privilege is removed from the token If Name is not a valid privilege name, this will throw an ArgumentException. .EXAMPLE Get-AnsiblePrivilege -Name SeDebugPrivilege #> [CmdletBinding()] param( [Parameter(Mandatory=$true)][String]$Name ) if (-not [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($Name)) { throw [System.ArgumentException] "Invalid privilege name '$Name'" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() $privilege_info = [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process_token) if ($privilege_info.ContainsKey($Name)) { $status = $privilege_info.$Name return $status.HasFlag([Ansible.PrivilegeUtil.PrivilegeAttributes]::Enabled) } else { return $null } } Function Set-AnsiblePrivilege { <# .SYNOPSIS Enables/Disables a privilege on the current process' token. If a privilege has been removed from the process token, this will throw an InvalidOperationException. .EXAMPLE # enable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $true # disable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $false #> [CmdletBinding(SupportsShouldProcess)] param( [Parameter(Mandatory=$true)][String]$Name, [Parameter(Mandatory=$true)][bool]$Value ) $action = switch($Value) { $true { "Enable" } $false { "Disable" } } $current_state = Get-AnsiblePrivilege -Name $Name if ($current_state -eq $Value) { return # no change needs to occur } elseif ($null -eq $current_state) { # once a privilege is removed from a token we cannot do anything with it throw [System.InvalidOperationException] "Cannot $($action.ToLower()) the privilege '$Name' as it has been removed from the token" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() if ($PSCmdlet.ShouldProcess($Name, "$action the privilege $Name")) { $new_state = New-Object -TypeName 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' $new_state.Add($Name, $Value) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process_token, $new_state) > $null } } Export-ModuleMember -Function Import-PrivilegeUtil, Get-AnsiblePrivilege, Set-AnsiblePrivilege ` -Variable ansible_privilege_util_namespaces, ansible_privilege_util_code ScriptBlock ID: 61b7c7d3-8fba-4f87-8f8c-13d839413162 Path:	4104	1		3	2	15	0	1825	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1968	4152	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:58 PM	7f70462d-725d-0002-c391-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): # Copyright (c) 2018 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) # store in separate variables to make it easier for other module_utils to # share this code in their own c# code $ansible_privilege_util_namespaces = @( "Microsoft.Win32.SafeHandles", "System", "System.Collections.Generic", "System.Linq", "System.Runtime.InteropServices", "System.Security.Principal", "System.Text" ) $ansible_privilege_util_code = @' namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } } '@ Function Import-PrivilegeUtil { <# .SYNOPSIS Compiles the C# code that can be used to manage Windows privileges from an Ansible module. Once this function is called, the following PowerShell cmdlets can be used; Get-AnsiblePrivilege Set-AnsiblePrivilege The above cmdlets give the ability to manage permissions on the current process token but the underlyin ScriptBlock ID: 61b7c7d3-8fba-4f87-8f8c-13d839413162 Path:	4104	1		3	2	15	0	1824	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1968	4152	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:58 PM	7f70462d-725d-0002-c391-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) #Requires -Module Ansible.ModuleUtils.PrivilegeUtil Function Load-LinkUtils() { $link_util = @' using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } } '@ # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $link_util $env:TMP = $original_tmp Import-PrivilegeUtil # enable the SeBackupPrivilege if it is disabled $state = Get-AnsiblePrivilege -Name SeBackupPrivilege if ($state -eq $false) { Set-AnsiblePrivilege -Name SeBackupPrivilege -Value $true } } Function Get-Link($link_path) { $link_info = [Ansible.LinkUtil]::GetLinkInfo($link_path) return $link_info } Function Remove-Link($link_path) { [Ansible.LinkUtil]::DeleteLink($link_path) } Function New-Link($link_path, $link_target, $link_type) { if (-not (Test-Path -Path $link_target)) { throw "link_target '$link_target' does not exist, cannot create link" } switch($link_type) { "link" { $type = [Ansible.LinkType]::SymbolicLink } "junction" { if (Test-Path -Path $link_target -PathType Leaf) { throw "cannot set the target for a junction point to a file" } $type = [Ansible.LinkType]::JunctionPoint } "hard" { if (Test-Path -Path $link_target -PathType Container) { throw "cannot set the target for a hard link to a directory" } $type = [Ansible.LinkType]::HardLink } default { throw "invalid link_type option $($link_type): expecting link, junction, hard" } } [Ansible.LinkUtil]::CreateLink($link_path, $link_target, $type) } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 36c5baed-7e31-42ab-9359-86d39c20edf3 Path:	4104	1		3	2	15	0	1823	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1968	4152	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:58 PM	7f70462d-725d-0002-bf91-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 071798d0-1df7-4f0a-8d29-b5e9139e6834 Path:	4104	1		3	2	15	0	1822	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1968	4152	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:58 PM	7f70462d-725d-0002-b091-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (8 of 8): k ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: c8e57e67-c3bb-4c1b-b368-360b8b5fe079 Path:	4104	1		3	2	15	0	1821	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1968	4152	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:57 PM	7f70462d-725d-0002-aa91-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (7 of 8): CBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5GaWxlVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxpbmtVdGlsCgpmdW5jdGlvbiBEYXRlVG8tVGltZXN0YW1wKCRzdGFydF9kYXRlLCAkZW5kX2RhdGUpIHsKICAgIGlmICgkc3RhcnRfZGF0ZSAtYW5kICRlbmRfZGF0ZSkgewogICAgICAgIHJldHVybiAoTmV3LVRpbWVTcGFuIC1TdGFydCAkc3RhcnRfZGF0ZSAtRW5kICRlbmRfZGF0ZSkuVG90YWxTZWNvbmRzCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokcGF0aCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJwYXRoIiAtdHlwZSAicGF0aCIgLWZhaWxpZmVtcHR5ICR0cnVlIC1hbGlhc2VzICJkZXN0IiwibmFtZSIKJGdldF9tZDUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZ2V0X21kNSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQokZ2V0X2NoZWNrc3VtID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgImdldF9jaGVja3N1bSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCiRjaGVja3N1bV9hbGdvcml0aG0gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hlY2tzdW1fYWxnb3JpdGhtIiAtdHlwZSAic3RyIiAtZGVmYXVsdCAic2hhMSIgLXZhbGlkYXRlc2V0ICJtZDUiLCJzaGExIiwic2hhMjU2Iiwic2hhMzg0Iiwic2hhNTEyIgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCiAgICBzdGF0ID0gQHsKICAgICAgICBleGlzdHMgPSAkZmFsc2UKICAgIH0KfQoKIyBnZXRfbWQ1IHdpbGwgYmUgYW4gdW5kb2N1bWVudGVkIG9wdGlvbiBpbiAyLjkgdG8gYmUgcmVtb3ZlZCBhdCBhIGxhdGVyCiMgZGF0ZSBpZiBwb3NzaWJsZSAoMy4wKykKaWYgKEdldC1NZW1iZXIgLWlucHV0b2JqZWN0ICRwYXJhbXMgLW5hbWUgImdldF9tZDUiKSB7CiAgICBBZGQtRGVwcmVhY3Rpb25XYXJuaW5nIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiZ2V0X21kNSBoYXMgYmVlbiBkZXByZWNhdGVkIGFsb25nIHdpdGggdGhlIG1kNSByZXR1cm4gdmFsdWUsIHVzZSBnZXRfY2hlY2tzdW09VHJ1ZSBhbmQgY2hlY2tzdW1fYWxnb3JpdGhtPW1kNSBpbnN0ZWFkIiAtdmVyc2lvbiAyLjkKfQoKJGluZm8gPSBHZXQtQW5zaWJsZUl0ZW0gLVBhdGggJHBhdGggLUVycm9yQWN0aW9uIFNpbGVudGx5Q29udGludWUKSWYgKCRpbmZvIC1uZSAkbnVsbCkgewogICAgJGVwb2NoX2RhdGUgPSBHZXQtRGF0ZSAtRGF0ZSAiMDEvMDEvMTk3MCIKICAgICRhdHRyaWJ1dGVzID0gQCgpCiAgICBmb3JlYWNoICgkYXR0cmlidXRlIGluICgkaW5mby5BdHRyaWJ1dGVzIC1zcGxpdCAnLCcpKSB7CiAgICAgICAgJGF0dHJpYnV0ZXMgKz0gJGF0dHJpYnV0ZS5UcmltKCkKICAgIH0KCiAgICAjIGRlZmF1bHQgdmFsdWVzIHRoYXQgYXJlIGFsd2F5cyBzZXQsIHNwZWNpZmljIHZhbHVlcyBhcmUgc2V0IGJlbG93IHRoaXMKICAgICMgYnV0IGFyZSBrZXB0IGNvbW1lbnRlZCBmb3IgZWFzaWVyIHJlYWRhYmlsaXR5CiAgICAkc3RhdCA9IEB7CiAgICAgICAgZXhpc3RzID0gJHRydWUKICAgICAgICBhdHRyaWJ1dGVzID0gJGluZm8uQXR0cmlidXRlcy5Ub1N0cmluZygpCiAgICAgICAgaXNhcmNoaXZlID0gKCRhdHRyaWJ1dGVzIC1jb250YWlucyAiQXJjaGl2ZSIpCiAgICAgICAgaXNkaXIgPSAkZmFsc2UKICAgICAgICBpc2hpZGRlbiA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIkhpZGRlbiIpCiAgICAgICAgaXNqdW5jdGlvbiA9ICRmYWxzZQogICAgICAgIGlzbG5rID0gJGZhbHNlCiAgICAgICAgaXNyZWFkb25seSA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIlJlYWRPbmx5IikKICAgICAgICBpc3JlZyA9ICRmYWxzZQogICAgICAgIGlzc2hhcmVkID0gJGZhbHNlCiAgICAgICAgbmxpbmsgPSAxICAjIE51bWJlciBvZiBsaW5rcyB0byB0aGUgZmlsZSAoaGFyZCBsaW5rcyksIG92ZXJyaWRlbiBiZWxvdyBpZiBpc2xuawogICAgICAgICMgbG5rX3RhcmdldCA9IGlzbG5rIG9yIGlzanVuY3Rpb24gVGFyZ2V0IG9mIHRoZSBzeW1saW5rLiBOb3RlIHRoYXQgcmVsYXRpdmUgcGF0aHMgcmVtYWluIHJlbGF0aXZlCiAgICAgICAgIyBsbmtfc291cmNlID0gaXNsbmsgb3MgaXNqdW5jdGlvbiBUYXJnZXQgb2YgdGhlIHN5bWxpbmsgbm9ybWFsaXplZCBmb3IgdGhlIHJlbW90ZSBmaWxlc3lzdGVtCiAgICAgICAgaGxua190YXJnZXRzID0gQCgpCiAgICAgICAgY3JlYXRpb250aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkNyZWF0aW9uVGltZSkKICAgICAgICBsYXN0YWNjZXNzdGltZSA9IChEYXRlVG8tVGltZXN0YW1wIC1zdGFydF9kYXRlICRlcG9jaF9kYXRlIC1lbmRfZGF0ZSAkaW5mby5MYXN0QWNjZXNzVGltZSkKICAgICAgICBsYXN0d3JpdGV0aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkxhc3RXcml0ZVRpbWUpCiAgICAgICAgIyBzaXplID0gYSBmaWxlIGFuZCBkaXJlY3RvcnkgLSBjYWxjdWxhdGVkIGJlbG93CiAgICAgICAgcGF0aCA9ICRpbmZvLkZ1bGxOYW1lCiAgICAgICAgZmlsZW5hbWUgPSAkaW5mby5OYW1lCiAgICAgICAgIyBleHRlbnNpb24gPSBhIGZpbGUKICAgICAgICAjIG93bmVyID0gc2V0IG91dHNpdGUgdGhpcyBkaWN0IGluIGNhc2UgaXQgZmFpbHMKICAgICAgICAjIHNoYXJlbmFtZSA9IGEgZGlyZWN0b3J5IGFuZCBpc3NoYXJlZCBpcyBUcnVlCiAgICAgICAgIyBjaGVja3N1bSA9IGEgZmlsZSBhbmQgZ2V0X2NoZWNrc3VtOiBUcnVlCiAgICAgICAgIyBtZDUgPSBhIGZpbGUgYW5kIGdldF9tZDU6IFRydWUKICAgIH0KICAgICRzdGF0Lm93bmVyID0gJGluZm8uR2V0QWNjZXNzQ29udHJvbCgpLk93bmVyCgogICAgIyB2YWx1ZXMgdGhhdCBhcmUgc2V0IGFjY29yZGluZyB0byB0aGUgdHlwZSBvZiBmaWxlCiAgICBpZiAoJGluZm8uQXR0cmlidXRlcy5IYXNGbGFnKFtTeXN0ZW0uSU8uRmlsZUF0dHJpYnV0ZXNdOjpEaXJlY3RvcnkpKSB7CiAgICAgICAgJHN0YXQuaXNkaXIgPSAkdHJ1ZQogICAgICAgICRzaGFyZV9pbmZvID0gR2V0LVdtaU9iamVjdCAtQ2xhc3MgV2luMzJfU2hhcmUgLUZpbHRlciAiUGF0aD0nJCgkc3RhdC5wYXRoIC1yZXBsYWNlICdcXCcsICdcXCcpJyIKICAgICAgICBpZiAoJHNoYXJlX2luZm8gLW5lICRudWxsKSB7CiAgICAgICAgICAgICRzdGF0Lmlzc2hhcmVkID0gJHRydWUKICAgICAgICAgICAgJHN0YXQuc2hhcmVuYW1lID0gJHNoYXJlX2luZm8uTmFtZQogICAgICAgIH0KCiAgICAgICAgdHJ5IHsKICAgICAgICAgICAgJHNpemUgPSAwCiAgICAgICAgICAgIGZvcmVhY2ggKCRmaWxlIGluICRpbmZvLkVudW1lcmF0ZUZpbGVzKCIqIiwgW1N5c3RlbS5JTy5TZWFyY2hPcHRpb25dOjpBbGxEaXJlY3RvcmllcykpIHsKICAgICAgICAgICAgICAgICRzaXplICs9ICRmaWxlLkxlbmd0aAogICAgICAgICAgICB9CiAgICAgICAgICAgICRzdGF0LnNpemUgPSAkc2l6ZQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICAkc3RhdC5zaXplID0gMAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHN0YXQuZXh0ZW5zaW9uID0gJGluZm8uRXh0ZW5zaW9uCiAgICAgICAgJHN0YXQuaXNyZWcgPSAkdHJ1ZQogICAgICAgICRzdGF0LnNpemUgPSAkaW5mby5MZW5ndGgKCiAgICAgICAgaWYgKCRnZXRfbWQ1KSB7CiAgICAgICAgICAgIHRyeSB7CiAgICAgICAgICAgICAgICAkc3RhdC5tZDUgPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gIm1kNSIKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJmYWlsZWQgdG8gZ2V0IE1ENSBoYXNoIG9mIGZpbGUsIHJlbW92ZSBnZXRfbWQ1IHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICBpZiAoJGdldF9jaGVja3N1bSkgewogICAgICAgICAgICB0cnkgewogICAgICAgICAgICAgICAgJHN0YXQuY2hlY2tzdW0gPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gJGNoZWNrc3VtX2FsZ29yaXRobQogICAgICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImZhaWxlZCB0byBnZXQgaGFzaCBvZiBmaWxlLCBzZXQgZ2V0X2NoZWNrc3VtIHRvIEZhbHNlIHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KCiAgICAjIEdldCBzeW1ib2xpYyBsaW5rLCBqdW5jdGlvbiBwb2ludCwgaGFyZCBsaW5rIGluZm8KICAgIExvYWQtTGlua1V0aWxzCiAgICB0cnkgewogICAgICAgICRsaW5rX2luZm8gPSBHZXQtTGluayAtbGlua19wYXRoICRpbmZvLkZ1bGxOYW1lCiAgICB9IGNhdGNoIHsKICAgICAgICBBZGQtV2FybmluZyAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBjaGVjay9nZXQgbGluayBpbmZvIGZvciBmaWxlOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgIH0KICAgIGlmICgkbGlua19pbmZvIC1uZSAkbnVsbCkgewogICAgICAgIHN3aXRjaCAoJGxpbmtfaW5mby5UeXBlKSB7CiAgICAgICAgICAgICJTeW1ib2xpY0xpbmsiIHsKICAgICAgICAgICAgICAgICRzdGF0LmlzbG5rID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJKdW5jdGlvblBvaW50IiB7CiAgICAgICAgICAgICAgICAkc3RhdC5pc2p1bmN0aW9uID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJIYXJkTGluayIgewogICAgICAgICAgICAgICAgJHN0YXQubG5rX3R5cGUgPSAiaGFyZCIKICAgICAgICAgICAgICAgICRzdGF0Lm5saW5rID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cy5Db3VudAoKICAgICAgICAgICAgICAgICMgcmVtb3ZlIGN1cnJlbnQgcGF0aCBmcm9tIHRoZSB0YXJnZXRzCiAgICAgICAgICAgICAgICAkaGxua190YXJnZXRzID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cyB8IFdoZXJlLU9iamVjdCB7ICRfIC1uZSAkc3RhdC5wYXRoIH0KICAgICAgICAgICAgICAgICRzdGF0LmhsbmtfdGFyZ2V0cyA9IEAoJGhsbmtfdGFyZ2V0cykKICAgICAgICAgICAgICAgIGJyZWFrCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9CgogICAgJHJlc3VsdC5zdGF0ID0gJHN0YXQKfQoKRXhpdC1Kc29uICRyZXN1bHQK", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_stat", "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_check_mode": false, "get_checksum": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "path": "c:\\openstack\\log\\cinder-volume.log", "get_md5": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBloc ScriptBlock ID: c8e57e67-c3bb-4c1b-b368-360b8b5fe079 Path:	4104	1		3	2	15	0	1820	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1968	4152	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:57 PM	7f70462d-725d-0002-aa91-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (6 of 8): IC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15L ScriptBlock ID: c8e57e67-c3bb-4c1b-b368-360b8b5fe079 Path:	4104	1		3	2	15	0	1819	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1968	4152	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:57 PM	7f70462d-725d-0002-aa91-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 8): CkpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBMaW5rSW5mbwogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBUeXBlID0gbGlua1R5cGUsCiAgICAgICAgICAgICAgICBQcmludE5hbWUgPSBwcmludE5hbWUsCiAgICAgICAgICAgICAgICBTdWJzdGl0dXRlTmFtZSA9IHN1YnN0aXR1dGVOYW1lLAogICAgICAgICAgICAgICAgQWJzb2x1dGVQYXRoID0gYWJzb2x1dGVQYXRoLAogICAgICAgICAgICAgICAgVGFyZ2V0UGF0aCA9IHRhcmdldFBhdGgKICAgICAgICAgICAgfTsKICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIHZvaWQgQ3JlYXRlSnVuY3Rpb25Qb2ludChzdHJpbmcgbGlua1BhdGgsIHN0cmluZyBsaW5rVGFyZ2V0KQogICAgICAgIHsKICAgICAgICAgICAgLy8gV2UgbmVlZCB0byBjcmVhdGUgdGhlIGxpbmsgYXMgYSBkaXIgYmVmb3JlaGFuZAogICAgICAgICAgICBEaXJlY3RvcnkuQ3JlYXRlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgZmlsZUhhbmRsZSA9IENyZWF0ZUZpbGUoCiAgICAgICAgICAgICAgICBsaW5rUGF0aCwKICAgICAgICAgICAgICAgIEZpbGVBY2Nlc3MuV3JpdGUsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuUmVhZCB8IEZpbGVTaGFyZS5Xcml0ZSB8IEZpbGVTaGFyZS5Ob25lLAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICBGaWxlTW9kZS5PcGVuLAogICAgICAgICAgICAgICAgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgfCBGSUxFX0ZMQUdfT1BFTl9SRVBBUlNFX1BPSU5ULAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8pOwoKICAgICAgICAgICAgaWYgKGZpbGVIYW5kbGUuSXNJbnZhbGlkKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlRmlsZSh7MH0pIGZhaWxlZCIsIGxpbmtQYXRoKSk7CgogICAgICAgICAgICB0cnkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gIlxcPz9cXCIgKyBQYXRoLkdldEZ1bGxQYXRoKGxpbmtUYXJnZXQpOwogICAgICAgICAgICAgICAgc3RyaW5nIHByaW50TmFtZSA9IGxpbmtUYXJnZXQ7CgogICAgICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICAgICAgYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0ID0gMDsKICAgICAgICAgICAgICAgIGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCA9IChVSW50MTYpKHN1YnN0aXR1dGVOYW1lLkxlbmd0aCAqIFNJWkVfT0ZfV0NIQVIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZU9mZnNldCA9IChVSW50MTYpKGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCArIDIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZUxlbmd0aCA9IChVSW50MTYpKHByaW50TmFtZS5MZW5ndGggKiBTSVpFX09GX1dDSEFSKTsKCiAgICAgICAgICAgICAgICBidWZmZXIuUmVwYXJzZVRhZyA9IElPX1JFUEFSU0VfVEFHX01PVU5UX1BPSU5UOwogICAgICAgICAgICAgICAgYnVmZmVyLlJlcGFyc2VEYXRhTGVuZ3RoID0gKFVJbnQxNikoYnVmZmVyLlN1YnN0aXR1dGVOYW1lTGVuZ3RoICsgYnVmZmVyLlByaW50TmFtZUxlbmd0aCArIDEyKTsKICAgICAgICAgICAgICAgIGJ1ZmZlci5QYXRoQnVmZmVyID0gbmV3IGNoYXJbTUFYSU1VTV9SRVBBUlNFX0RBVEFfQlVGRkVSX1NJWkVdOwoKICAgICAgICAgICAgICAgIGJ5dGVbXSB1bmljb2RlQnl0ZXMgPSBFbmNvZGluZy5Vbmljb2RlLkdldEJ5dGVzKHN1YnN0aXR1dGVOYW1lICsgIlwwIiArIHByaW50TmFtZSk7CiAgICAgICAgICAgICAgICBjaGFyW10gcGF0aEJ1ZmZlciA9IEVuY29kaW5nLlVuaWNvZGUuR2V0Q2hhcnModW5pY29kZUJ5dGVzKTsKICAgICAgICAgICAgICAgIEFycmF5LkNvcHkocGF0aEJ1ZmZlciwgYnVmZmVyLlBhdGhCdWZmZXIsIHBhdGhCdWZmZXIuTGVuZ3RoKTsKCiAgICAgICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIChVSW50MzIpKGJ1ZmZlci5SZXBhcnNlRGF0YUxlbmd0aCArIDgpLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLCAwLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgdG8gY3JlYXRlIGp1bmN0aW9uIHBvaW50IGF0IHswfSB0byB7MX0iLCBsaW5rUGF0aCwgbGlua1RhcmdldCkpOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZmlsZUhhbmRsZS5EaXNwb3NlKCk7CiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9Cn0KJ0AKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRsaW5rX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKICAgIEltcG9ydC1Qcml2aWxlZ2VVdGlsCiAgICAjIGVuYWJsZSB0aGUgU2VCYWNrdXBQcml2aWxlZ2UgaWYgaXQgaXMgZGlzYWJsZWQKICAgICRzdGF0ZSA9IEdldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQmFja3VwUHJpdmlsZWdlCiAgICBpZiAoJHN0YXRlIC1lcSAkZmFsc2UpIHsKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZSAtTmFtZSBTZUJhY2t1cFByaXZpbGVnZSAtVmFsdWUgJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUxpbmsoJGxpbmtfcGF0aCkgewogICAgJGxpbmtfaW5mbyA9IFtBbnNpYmxlLkxpbmtVdGlsXTo6R2V0TGlua0luZm8oJGxpbmtfcGF0aCkKICAgIHJldHVybiAkbGlua19pbmZvCn0KCkZ1bmN0aW9uIFJlbW92ZS1MaW5rKCRsaW5rX3BhdGgpIHsKICAgIFtBbnNpYmxlLkxpbmtVdGlsXTo6RGVsZXRlTGluaygkbGlua19wYXRoKQp9CgpGdW5jdGlvbiBOZXctTGluaygkbGlua19wYXRoLCAkbGlua190YXJnZXQsICRsaW5rX3R5cGUpIHsKICAgIGlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0KSkgewogICAgICAgIHRocm93ICJsaW5rX3RhcmdldCAnJGxpbmtfdGFyZ2V0JyBkb2VzIG5vdCBleGlzdCwgY2Fubm90IGNyZWF0ZSBsaW5rIgogICAgfQogICAgCiAgICBzd2l0Y2goJGxpbmtfdHlwZSkgewogICAgICAgICJsaW5rIiB7CiAgICAgICAgICAgICR0eXBlID0gW0Fuc2libGUuTGlua1R5cGVdOjpTeW1ib2xpY0xpbmsKICAgICAgICB9CiAgICAgICAgImp1bmN0aW9uIiB7CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGp1bmN0aW9uIHBvaW50IHRvIGEgZmlsZSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SnVuY3Rpb25Qb2ludAogICAgICAgIH0KICAgICAgICAiaGFyZCIgewogICAgICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRsaW5rX3RhcmdldCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGhhcmQgbGluayB0byBhIGRpcmVjdG9yeSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SGFyZExpbmsKICAgICAgICB9CiAgICAgICAgZGVmYXVsdCB7IHRocm93ICJpbnZhbGlkIGxpbmtfdHlwZSBvcHRpb24gJCgkbGlua190eXBlKTogZXhwZWN0aW5nIGxpbmssIGp1bmN0aW9uLCBoYXJkIiB9CiAgICB9CiAgICBbQW5zaWJsZS5MaW5rVXRpbF06OkNyZWF0ZUxpbmsoJGxpbmtfcGF0aCwgJGxpbmtfdGFyZ2V0LCAkdHlwZSkKfQoKIyB0aGlzIGxpbmUgbXVzdCBzdGF5IGF0IHRoZSBib3R0b20gdG8gZW5zdXJlIGFsbCBkZWZpbmVkIG1vZHVsZSBwYXJ0cyBhcmUgZXhwb3J0ZWQKRXhwb3J0LU1vZHVsZU1lbWJlciAtQWxpYXMgKiAtRnVuY3Rpb24gKiAtQ21kbGV0ICoK", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2Jq ScriptBlock ID: c8e57e67-c3bb-4c1b-b368-360b8b5fe079 Path:	4104	1		3	2	15	0	1818	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1968	4152	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:57 PM	7f70462d-725d-0002-aa91-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 8): dHJvbCgKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaERldmljZSwKICAgICAgICAgICAgVUludDMyIGR3SW9Db250cm9sQ29kZSwKICAgICAgICAgICAgSW50UHRyIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgUkVQQVJTRV9EQVRBX0JVRkZFUiBscE91dEJ1ZmZlciwKICAgICAgICAgICAgVUludDMyIG5PdXRCdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgVUludDMyIGxwQnl0ZXNSZXR1cm5lZCwKICAgICAgICAgICAgSW50UHRyIGxwT3ZlcmxhcHBlZCk7CgogICAgICAgIC8vIFVzZWQgYnkgQ3JlYXRlSnVuY3Rpb25Qb2ludCgpCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIGJvb2wgRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICBTYWZlRmlsZUhhbmRsZSBoRGV2aWNlLAogICAgICAgICAgICBVSW50MzIgZHdJb0NvbnRyb2xDb2RlLAogICAgICAgICAgICBSRVBBUlNFX0RBVEFfQlVGRkVSIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBJbnRQdHIgbHBPdXRCdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuT3V0QnVmZmVyU2l6ZSwKICAgICAgICAgICAgb3V0IFVJbnQzMiBscEJ5dGVzUmV0dXJuZWQsCiAgICAgICAgICAgIEludFB0ciBscE92ZXJsYXBwZWQpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBHZXRWb2x1bWVQYXRoTmFtZSgKICAgICAgICAgICAgc3RyaW5nIGxwc3pGaWxlTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscHN6Vm9sdW1lUGF0aE5hbWUsCiAgICAgICAgICAgIHJlZiBVSW50MzIgY2NoQnVmZmVyTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIEludFB0ciBGaW5kRmlyc3RGaWxlTmFtZVcoCiAgICAgICAgICAgIHN0cmluZyBscEZpbGVOYW1lLAogICAgICAgICAgICBVSW50MzIgZHdGbGFncywKICAgICAgICAgICAgcmVmIFVJbnQzMiBTdHJpbmdMZW5ndGgsCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgTGlua05hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBGaW5kTmV4dEZpbGVOYW1lVygKICAgICAgICAgICAgSW50UHRyIGhGaW5kU3RyZWFtLAogICAgICAgICAgICByZWYgVUludDMyIFN0cmluZ0xlbmd0aCwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBMaW5rTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEZpbmRDbG9zZSgKICAgICAgICAgICAgSW50UHRyIGhGaW5kRmlsZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeSgKICAgICAgICAgICAgc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBEZWxldGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIENyZWF0ZVN5bWJvbGljTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwU3ltbGlua0ZpbGVOYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBUYXJnZXRGaWxlTmFtZSwKICAgICAgICAgICAgVUludDMyIGR3RmxhZ3MpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVIYXJkTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwRmlsZU5hbWUsCiAgICAgICAgICAgIHN0cmluZyBscEV4aXN0aW5nRmlsZU5hbWUsCiAgICAgICAgICAgIEludFB0ciBscFNlY3VyaXR5QXR0cmlidXRlcyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgTGlua0luZm8gR2V0TGlua0luZm8oc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rUGF0aCk7CiAgICAgICAgICAgIGlmIChhdHRyLkhhc0ZsYWcoRmlsZUF0dHJpYnV0ZXMuUmVwYXJzZVBvaW50KSkKICAgICAgICAgICAgICAgIHJldHVybiBHZXRSZXBhcnNlUG9pbnRJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIGlmICghYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICByZXR1cm4gR2V0SGFyZExpbmtJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIHJldHVybiBudWxsOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUxpbmsoc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgYm9vbCBzdWNjZXNzOwogICAgICAgICAgICBGaWxlQXR0cmlidXRlcyBhdHRyID0gRmlsZS5HZXRBdHRyaWJ1dGVzKGxpbmtQYXRoKTsKICAgICAgICAgICAgaWYgKGF0dHIuSGFzRmxhZyhGaWxlQXR0cmlidXRlcy5EaXJlY3RvcnkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzdWNjZXNzID0gUmVtb3ZlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIHN1Y2Nlc3MgPSBEZWxldGVGaWxlKGxpbmtQYXRoKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgaWYgKCFzdWNjZXNzKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRmFpbGVkIHRvIGRlbGV0ZSBsaW5rIGF0IHswfSIsIGxpbmtQYXRoKSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgQ3JlYXRlTGluayhzdHJpbmcgbGlua1BhdGgsIFN0cmluZyBsaW5rVGFyZ2V0LCBMaW5rVHlwZSBsaW5rVHlwZSkKICAgICAgICB7CiAgICAgICAgICAgIHN3aXRjaCAobGlua1R5cGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGNhc2UgTGlua1R5cGUuU3ltYm9saWNMaW5rOgogICAgICAgICAgICAgICAgICAgIFVJbnQzMiBsaW5rRmxhZ3M7CiAgICAgICAgICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rVGFyZ2V0KTsKICAgICAgICAgICAgICAgICAgICBpZiAoYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICAgICAgICAgIGxpbmtGbGFncyA9IFNZTUJPTElDX0xJTktfRkxBR19ESVJFQ1RPUlk7CiAgICAgICAgICAgICAgICAgICAgZWxzZQogICAgICAgICAgICAgICAgICAgICAgICBsaW5rRmxhZ3MgPSBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRTsKCiAgICAgICAgICAgICAgICAgICAgaWYgKCFDcmVhdGVTeW1ib2xpY0xpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIGxpbmtGbGFncykpCiAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZVN5bWJvbGljTGluayh7MH0sIHsxfSwgezJ9KSBmYWlsZWQiLCBsaW5rUGF0aCwgbGlua1RhcmdldCwgbGlua0ZsYWdzKSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkp1bmN0aW9uUG9pbnQ6CiAgICAgICAgICAgICAgICAgICAgQ3JlYXRlSnVuY3Rpb25Qb2ludChsaW5rUGF0aCwgbGlua1RhcmdldCk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkhhcmRMaW5rOgogICAgICAgICAgICAgICAgICAgIGlmICghQ3JlYXRlSGFyZExpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlSGFyZExpbmsoezB9LCB7MX0pIGZhaWxlZCIsIGxpbmtQYXRoLCBsaW5rVGFyZ2V0KSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgIH0KICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIExpbmtJbmZvIEdldEhhcmRMaW5rSW5mbyhzdHJpbmcgbGlua1BhdGgpCiAgICAgICAgewogICAgICAgICAgICBVSW50MzIgbWF4UGF0aCA9IDI2MDsKICAgICAgICAgICAgTGlzdDxzdHJpbmc+IHJlc3VsdCA9IG5ldyBMaXN0PHN0cmluZz4oKTsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgc2IgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KW1heFBhdGgpOwogICAgICAgICAgICBVSW50MzIgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgaWYgKCFHZXRWb2x1bWVQYXRoTmFtZShsaW5rUGF0aCwgc2IsIHJlZiBzdHJpbmdMZW5ndGgpKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oIkdldFZvbHVtZVBhdGhOYW1lKCkgZmFpbGVkIik7CiAgICAgICAgICAgIHN0cmluZyB2b2x1bWUgPSBzYi5Ub1N0cmluZygpOwoKICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgSW50UHRyIGZpbmRIYW5kbGUgPSBGaW5kRmlyc3RGaWxlTmFtZVcobGlua1BhdGgsIDAsIHJlZiBzdHJpbmdMZW5ndGgsIHNiKTsKICAgICAgICAgICAgaWYgKGZpbmRIYW5kbGUuVG9JbnQ2NCgpICE9IElOVkFMSURfSEFORExFX1ZBTFVFKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBkbwogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nIGhhcmRMaW5rUGF0aCA9IHNiLlRvU3RyaW5nKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChoYXJkTGlua1BhdGguU3RhcnRzV2l0aCgiXFwiKSkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIGhhcmRMaW5rUGF0aCA9IGhhcmRMaW5rUGF0aC5TdWJzdHJpbmcoMSwgaGFyZExpbmtQYXRoLkxlbmd0aCAtIDEpOwoKICAgICAgICAgICAgICAgICAgICAgICAgcmVzdWx0LkFkZChQYXRoLkNvbWJpbmUodm9sdW1lLCBoYXJkTGlua1BhdGgpKTsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKCiAgICAgICAgICAgICAgICAgICAgfSB3aGlsZSAoRmluZE5leHRGaWxlTmFtZVcoZmluZEhhbmRsZSwgcmVmIHN0cmluZ0xlbmd0aCwgc2IpKTsKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBGaW5kQ2xvc2UoZmluZEhhbmRsZSk7CiAgICAgICAgICAgICAgICB9ICAgICAgICAgICAgICAgIAogICAgICAgICAgICB9CgogICAgICAgICAgICBpZiAocmVzdWx0LkNvdW50ID4gMSkKICAgICAgICAgICAgICAgIHJldHVybiBuZXcgTGlua0luZm8KICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBUeXBlID0gTGlua1R5cGUuSGFyZExpbmssCiAgICAgICAgICAgICAgICAgICAgSGFyZFRhcmdldHMgPSByZXN1bHQuVG9BcnJheSgpCiAgICAgICAgICAgICAgICB9OwoKICAgICAgICAgICAgcmV0dXJuIG51bGw7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBMaW5rSW5mbyBHZXRSZXBhcnNlUG9pbnRJbmZvKHN0cmluZyBsaW5rUGF0aCkKICAgICAgICB7CiAgICAgICAgICAgIFNhZmVGaWxlSGFuZGxlIGZpbGVIYW5kbGUgPSBDcmVhdGVGaWxlKAogICAgICAgICAgICAgICAgbGlua1BhdGgsCiAgICAgICAgICAgICAgICBGaWxlQWNjZXNzLlJlYWQsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuTm9uZSwKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgRmlsZU1vZGUuT3BlbiwKICAgICAgICAgICAgICAgIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgfCBGSUxFX0ZMQUdfQkFDS1VQX1NFTUFOVElDUywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKTsKCiAgICAgICAgICAgIGlmIChmaWxlSGFuZGxlLklzSW52YWxpZCkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZUZpbGUoezB9KSBmYWlsZWQiLCBsaW5rUGF0aCkpOyAgICAgICAgICAgIAoKICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfR0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICAgICAgMCwKICAgICAgICAgICAgICAgICAgICBvdXQgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIE1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgZm9yIGZpbGUgYXQgezB9IiwgbGlua1BhdGgpKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUuRGlzcG9zZSgpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBib29sIGlzUmVsYXRpdmUgPSBmYWxzZTsKICAgICAgICAgICAgaW50IHBhdGhPZmZzZXQgPSAwOwogICAgICAgICAgICBMaW5rVHlwZSBsaW5rVHlwZTsKICAgICAgICAgICAgaWYgKGJ1ZmZlci5SZXBhcnNlVGFnID09IElPX1JFUEFSU0VfVEFHX1NZTUxJTkspCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFVJbnQzMiBidWZmZXJGbGFncyA9IENvbnZlcnQuVG9VSW50MzIoYnVmZmVyLlBhdGhCdWZmZXJbMF0pICsgQ29udmVydC5Ub1VJbnQzMihidWZmZXIuUGF0aEJ1ZmZlclsxXSk7CiAgICAgICAgICAgICAgICBpZiAoYnVmZmVyRmxhZ3MgPT0gU1lNTElOS19GTEFHX1JFTEFUSVZFKQogICAgICAgICAgICAgICAgICAgIGlzUmVsYXRpdmUgPSB0cnVlOwogICAgICAgICAgICAgICAgcGF0aE9mZnNldCA9IDI7CiAgICAgICAgICAgICAgICBsaW5rVHlwZSA9IExpbmtUeXBlLlN5bWJvbGljTGluazsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlIGlmIChidWZmZXIuUmVwYXJzZVRhZyA9PSBJT19SRVBBUlNFX1RBR19NT1VOVF9QT0lOVCkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgbGlua1R5cGUgPSBMaW5rVHlwZS5KdW5jdGlvblBvaW50OwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIGVycm9yTWVzc2FnZSA9IFN0cmluZy5Gb3JtYXQoIkludmFsaWQgUmVwYXJzZSBUYWc6IHswfSIsIGJ1ZmZlci5SZXBhcnNlVGFnLlRvU3RyaW5nKCkpOwogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEV4Y2VwdGlvbihlcnJvck1lc3NhZ2UpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBzdHJpbmcgcHJpbnROYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlByaW50TmFtZU9mZnNldCAvIFNJWkVfT0ZfV0NIQVIpICsgcGF0aE9mZnNldCwgKGludCkoYnVmZmVyLlByaW50TmFtZUxlbmd0aCAvIFNJWkVfT0ZfV0NIQVIpKTsKICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0IC8gU0laRV9PRl9XQ0hBUikgKyBwYXRoT2Zmc2V0LCAoaW50KShidWZmZXIuU3Vic3RpdHV0ZU5hbWVMZW5ndGggLyBTSVpFX09GX1dDSEFSKSk7CgogICAgICAgICAgICAvLyBUT0RPOiBzaG91bGQgd2UgY2hlY2sgZm9yIFw/XFVOQ1xzZXJ2ZXIgZm9yIGNvbnZlcnQgaXQgdG8gdGhlIE5UIHN0eWxlIFxcc2VydmVyIHBhdGgKICAgICAgICAgICAgLy8gUmVtb3ZlIHRoZSBsZWFkaW5nIFdpbmRvd3Mgb2JqZWN0IGRpcmVjdG9yeSBcP1wgZnJvbSB0aGUgcGF0aCBpZiBwcmVzZW50CiAgICAgICAgICAgIHN0cmluZyB0YXJnZXRQYXRoID0gc3Vic3RpdHV0ZU5hbWU7CiAgICAgICAgICAgIGlmICh0YXJnZXRQYXRoLlN0YXJ0c1dpdGgoIlxcPz9cXCIpKQogICAgICAgICAgICAgICAgdGFyZ2V0UGF0aCA9IHRhcmdldFBhdGguU3Vic3RyaW5nKDQsIHRhcmdldFBhdGguTGVuZ3RoIC0gNCk7CgogICAgICAgICAgICBzdHJpbmcgYWJzb2x1dGVQYXRoID0gdGFyZ2V0UGF0aDsKICAgICAgICAgICAgaWYgKGlzUmVsYXRpdmUpCiAgICAgICAgICAgICAgICBhYnNvbHV0ZVBhdGggPSBQYXRoLkdldEZ1bGxQYXRoKFBhdGguQ29tYmluZShuZXcgRmlsZUluZm8obGlua1BhdGgpLkRpcmVjdG9yeS5GdWxsTmFtZSwgdGFyZ2V0UGF0a ScriptBlock ID: c8e57e67-c3bb-4c1b-b368-360b8b5fe079 Path:	4104	1		3	2	15	0	1817	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1968	4152	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:57 PM	7f70462d-725d-0002-aa91-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 8): sbAogICAgY21kbGV0cyBjYW4gYmUgdXNlZDsKCiAgICAgICAgR2V0LUFuc2libGVQcml2aWxlZ2UKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZQoKICAgIFRoZSBhYm92ZSBjbWRsZXRzIGdpdmUgdGhlIGFiaWxpdHkgdG8gbWFuYWdlIHBlcm1pc3Npb25zIG9uIHRoZSBjdXJyZW50CiAgICBwcm9jZXNzIHRva2VuIGJ1dCB0aGUgdW5kZXJseWluZyAuTkVUIGNsYXNzZXMgYXJlIGFsc28gZXhwb3NlZCBmb3IgZ3JlYXRlcgogICAgY29udHJvbC4gVGhlIGZvbGxvd2luZyBmdW5jdGlvbnMgY2FuIGJlIHVzZWQgYnkgY2FsbGluZyB0aGUgLk5FVCBjbGFzcwoKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkbmFtZSkKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkRpc2FibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6RGlzYWJsZUFsbFByaXZpbGVnZXMoJHByb2Nlc3MpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpFbmFibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2VzcykKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OlJlbW92ZVByaXZpbGVnZSgkcHJvY2VzcywgJG5hbWUpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3MsICRuZXdfc3RhdGUpCgogICAgSGVyZSBpcyBhIGJyaWVmIGV4cGxhbmF0aW9uIG9mIGVhY2ggdHlwZSBvZiBhcmcKICAgICRwcm9jZXNzID0gVGhlIHByb2Nlc3MgaGFuZGxlIHRvIG1hbmlwdWxhdGUsIHVzZSAnW0Fuc2libGUuUHJpdmlsZWdlVXRpbHMuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCknIHRvIGdldCB0aGUgY3VycmVudCBwcm9jZXNzIGhhbmRsZQogICAgJG5hbWUgPSBUaGUgbmFtZSBvZiB0aGUgcHJpdmlsZWdlLCB0aGlzIGlzIHRoZSBjb25zdGFudCB2YWx1ZSBmcm9tIGh0dHBzOi8vZG9jcy5taWNyb3NvZnQuY29tL2VuLXVzL3dpbmRvd3MvZGVza3RvcC9TZWNBdXRoWi9wcml2aWxlZ2UtY29uc3RhbnRzLCBlLmcuIFNlQXVkaXRQcml2aWxlZ2UKICAgICRuZXdfc3RhdGUgPSAnU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuRGljdGlvbmFyeWAyW1tTeXN0ZW0uU3RyaW5nXSwgW1N5c3RlbS5OdWxsYWJsZWAxW1N5c3RlbS5Cb29sZWFuXV1dJwogICAgICAgIFRoZSBrZXkgaXMgdGhlIGNvbnN0YW50IG5hbWUgYXMgYSBzdHJpbmcsIHRoZSB2YWx1ZSBpcyBhIHRlcm5hcnkgYm9vbGVhbiB3aGVyZQogICAgICAgICAgICB0cnVlIC0gd2lsbCBlbmFibGUgdGhlIHByaXZpbGVnZQogICAgICAgICAgICBmYWxzZSAtIHdpbGwgZGlzYWJsZSB0aGUgcHJpdmlsZWdlCiAgICAgICAgICAgIG51bGwgLSB3aWxsIHJlbW92ZSB0aGUgcHJpdmlsZWdlCgogICAgRWFjaCBtZXRob2QgdGhhdCBjaGFuZ2VzIHRoZSBwcml2aWxlZ2Ugc3RhdGUgd2lsbCByZXR1cm4gYSBkaWN0aW9uYXJ5IHRoYXQKICAgIGNhbiBiZSB1c2VkIGFzIHRoZSAkbmV3X3N0YXRlIGFyZyBvZiBTZXRUb2tlblByaXZpbGVnZXMgdG8gdW5kbyBhbmQgcmV2ZXJ0CiAgICBiYWNrIHRvIHRoZSBvcmlnaW5hbCBzdGF0ZS4gSWYgeW91IHJlbW92ZSBhIHByaXZpbGVnZSB0aGVuIHRoaXMgaXMKICAgIGlycmV2ZXJzaWJsZSBhbmQgd29uJ3QgYmUgcGFydCBvZiB0aGUgcmV0dXJuZWQgZGljdAogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICAjIGJ1aWxkIHRoZSBDIyBjb2RlIHRvIGNvbXBpbGUKICAgICRuYW1lc3BhY2VfaW1wb3J0ID0gKCRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX25hbWVzcGFjZXMgfCBGb3JFYWNoLU9iamVjdCB7ICJ1c2luZyAkXzsiIH0pIC1qb2luICJgcmBuIgogICAgJHBsYXRmb3JtX3V0aWwgPSAiJG5hbWVzcGFjZV9pbXBvcnRgcmBuYHJgbiRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGUiCgogICAgIyBGVVRVUkU6IGZpbmQgYSBiZXR0ZXIgd2F5IHRvIGdldCB0aGUgX2Fuc2libGVfcmVtb3RlX3RtcCB2YXJpYWJsZQogICAgIyB0aGlzIGlzIHVzZWQgdG8gZm9yY2UgY3NjIHRvIGNvbXBpbGUgdGhlIEMjIGNvZGUgaW4gdGhlIHJlbW90ZSB0bXAKICAgICMgc3BlY2lmaWVkCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwbGF0Zm9ybV91dGlsCiAgICAkZW52OlRNUCA9ICRvcmlnaW5hbF90bXAKfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQcml2aWxlZ2UgewogICAgPCMKICAgIC5TWU5PUFNJUwogICAgR2V0IHRoZSBzdGF0dXMgb2YgYSBwcml2aWxlZ2UgZm9yIHRoZSBjdXJyZW50IHByb2Nlc3MuIFRoaXMgcmV0dXJucwogICAgICAgICR0cnVlIC0gdGhlIHByaXZpbGVnZSBpcyBlbmFibGVkCiAgICAgICAgJGZhbHNlIC0gdGhlIHByaXZpbGVnZSBpcyBkaXNhYmxlZAogICAgICAgICRudWxsIC0gdGhlIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gdGhlIHRva2VuCgogICAgSWYgTmFtZSBpcyBub3QgYSB2YWxpZCBwcml2aWxlZ2UgbmFtZSwgdGhpcyB3aWxsIHRocm93IGFuCiAgICBBcmd1bWVudEV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VEZWJ1Z1ByaXZpbGVnZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZQogICAgKQoKICAgIGlmICgtbm90IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkTmFtZSkpIHsKICAgICAgICB0aHJvdyBbU3lzdGVtLkFyZ3VtZW50RXhjZXB0aW9uXSAiSW52YWxpZCBwcml2aWxlZ2UgbmFtZSAnJE5hbWUnIgogICAgfQoKICAgICRwcm9jZXNzX3Rva2VuID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0Q3VycmVudFByb2Nlc3MoKQogICAgJHByaXZpbGVnZV9pbmZvID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2Vzc190b2tlbikKICAgIGlmICgkcHJpdmlsZWdlX2luZm8uQ29udGFpbnNLZXkoJE5hbWUpKSB7CiAgICAgICAgJHN0YXR1cyA9ICRwcml2aWxlZ2VfaW5mby4kTmFtZQogICAgICAgIHJldHVybiAkc3RhdHVzLkhhc0ZsYWcoW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VBdHRyaWJ1dGVzXTo6RW5hYmxlZCkKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRudWxsCiAgICB9Cn0KCkZ1bmN0aW9uIFNldC1BbnNpYmxlUHJpdmlsZWdlIHsKICAgIDwjCiAgICAuU1lOT1BTSVMKICAgIEVuYWJsZXMvRGlzYWJsZXMgYSBwcml2aWxlZ2Ugb24gdGhlIGN1cnJlbnQgcHJvY2VzcycgdG9rZW4uIElmIGEgcHJpdmlsZWdlCiAgICBoYXMgYmVlbiByZW1vdmVkIGZyb20gdGhlIHByb2Nlc3MgdG9rZW4sIHRoaXMgd2lsbCB0aHJvdyBhbgogICAgSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgIyBlbmFibGUgYSBwcml2aWxlZ2UKICAgIFNldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQ3JlYXRlU3ltYm9saWNMaW5rUHJpdmlsZWdlIC1WYWx1ZSAkdHJ1ZQoKICAgICMgZGlzYWJsZSBhIHByaXZpbGVnZQogICAgU2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VDcmVhdGVTeW1ib2xpY0xpbmtQcml2aWxlZ2UgLVZhbHVlICRmYWxzZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKFN1cHBvcnRzU2hvdWxkUHJvY2VzcyldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZSwKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW2Jvb2xdJFZhbHVlCiAgICApCgogICAgJGFjdGlvbiA9IHN3aXRjaCgkVmFsdWUpIHsKICAgICAgICAkdHJ1ZSB7ICJFbmFibGUiIH0KICAgICAgICAkZmFsc2UgeyAiRGlzYWJsZSIgfQogICAgfQoKICAgICRjdXJyZW50X3N0YXRlID0gR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgJE5hbWUKICAgIGlmICgkY3VycmVudF9zdGF0ZSAtZXEgJFZhbHVlKSB7CiAgICAgICAgcmV0dXJuICAjIG5vIGNoYW5nZSBuZWVkcyB0byBvY2N1cgogICAgfSBlbHNlaWYgKCRudWxsIC1lcSAkY3VycmVudF9zdGF0ZSkgewogICAgICAgICMgb25jZSBhIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gYSB0b2tlbiB3ZSBjYW5ub3QgZG8gYW55dGhpbmcgd2l0aCBpdAogICAgICAgIHRocm93IFtTeXN0ZW0uSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbl0gIkNhbm5vdCAkKCRhY3Rpb24uVG9Mb3dlcigpKSB0aGUgcHJpdmlsZWdlICckTmFtZScgYXMgaXQgaGFzIGJlZW4gcmVtb3ZlZCBmcm9tIHRoZSB0b2tlbiIKICAgIH0KCiAgICAkcHJvY2Vzc190b2tlbiA9IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCkKICAgIGlmICgkUFNDbWRsZXQuU2hvdWxkUHJvY2VzcygkTmFtZSwgIiRhY3Rpb24gdGhlIHByaXZpbGVnZSAkTmFtZSIpKSB7CiAgICAgICAgJG5ld19zdGF0ZSA9IE5ldy1PYmplY3QgLVR5cGVOYW1lICdTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5EaWN0aW9uYXJ5YDJbW1N5c3RlbS5TdHJpbmddLCBbU3lzdGVtLk51bGxhYmxlYDFbU3lzdGVtLkJvb2xlYW5dXV0nCiAgICAgICAgJG5ld19zdGF0ZS5BZGQoJE5hbWUsICRWYWx1ZSkKICAgICAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3NfdG9rZW4sICRuZXdfc3RhdGUpID4gJG51bGwKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gSW1wb3J0LVByaXZpbGVnZVV0aWwsIEdldC1BbnNpYmxlUHJpdmlsZWdlLCBTZXQtQW5zaWJsZVByaXZpbGVnZSBgCiAgICAtVmFyaWFibGUgYW5zaWJsZV9wcml2aWxlZ2VfdXRpbF9uYW1lc3BhY2VzLCBhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGU=", "Ansible.ModuleUtils.LinkUtil": "ICMgQ29weXJpZ2h0IChjKSAyMDE3IEFuc2libGUgUHJvamVjdAogIyBTaW1wbGlmaWVkIEJTRCBMaWNlbnNlIChzZWUgbGljZW5zZXMvc2ltcGxpZmllZF9ic2QudHh0IG9yIGh0dHBzOi8vb3BlbnNvdXJjZS5vcmcvbGljZW5zZXMvQlNELTItQ2xhdXNlKQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Qcml2aWxlZ2VVdGlsCgpGdW5jdGlvbiBMb2FkLUxpbmtVdGlscygpIHsKICAgICRsaW5rX3V0aWwgPSBAJwp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWM7CnVzaW5nIFN5c3RlbS5JTzsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwp1c2luZyBTeXN0ZW0uVGV4dDsKCm5hbWVzcGFjZSBBbnNpYmxlCnsKICAgIHB1YmxpYyBlbnVtIExpbmtUeXBlCiAgICB7CiAgICAgICAgU3ltYm9saWNMaW5rLAogICAgICAgIEp1bmN0aW9uUG9pbnQsCiAgICAgICAgSGFyZExpbmsKICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CgogICAgICAgIHB1YmxpYyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIExpbmtVdGlsV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgb3ZlcnJpZGUgc3RyaW5nIE1lc3NhZ2UgeyBnZXQgeyByZXR1cm4gX21zZzsgfSB9CiAgICAgICAgcHVibGljIHN0YXRpYyBleHBsaWNpdCBvcGVyYXRvciBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBMaW5rSW5mbwogICAgewogICAgICAgIHB1YmxpYyBMaW5rVHlwZSBUeXBlIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICBwdWJsaWMgc3RyaW5nIFByaW50TmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBTdWJzdGl0dXRlTmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBBYnNvbHV0ZVBhdGggeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIHB1YmxpYyBzdHJpbmcgVGFyZ2V0UGF0aCB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZ1tdIEhhcmRUYXJnZXRzIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgIH0KCiAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICBwdWJsaWMgc3RydWN0IFJFUEFSU0VfREFUQV9CVUZGRVIKICAgIHsKICAgICAgICBwdWJsaWMgVUludDMyIFJlcGFyc2VUYWc7CiAgICAgICAgcHVibGljIFVJbnQxNiBSZXBhcnNlRGF0YUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFJlc2VydmVkOwogICAgICAgIHB1YmxpYyBVSW50MTYgU3Vic3RpdHV0ZU5hbWVPZmZzZXQ7CiAgICAgICAgcHVibGljIFVJbnQxNiBTdWJzdGl0dXRlTmFtZUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZU9mZnNldDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZUxlbmd0aDsKCiAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkJ5VmFsQXJyYXksIFNpemVDb25zdCA9IExpbmtVdGlsLk1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFKV0KICAgICAgICBwdWJsaWMgY2hhcltdIFBhdGhCdWZmZXI7CiAgICB9CgogICAgcHVibGljIGNsYXNzIExpbmtVdGlsCiAgICB7CiAgICAgICAgcHVibGljIGNvbnN0IGludCBNQVhJTVVNX1JFUEFSU0VfREFUQV9CVUZGRVJfU0laRSA9IDEwMjQgKiAxNjsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgPSAweDAyMDAwMDAwOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgPSAweDAwMjAwMDAwOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBGU0NUTF9HRVRfUkVQQVJTRV9QT0lOVCA9IDB4MDAwOTAwQTg7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQgPSAweDAwMDkwMEE0OwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfREVWSUNFX0ZJTEVfU1lTVEVNID0gMHgwMDA5MDAwMDsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgSU9fUkVQQVJTRV9UQUdfTU9VTlRfUE9JTlQgPSAweEEwMDAwMDAzOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIElPX1JFUEFSU0VfVEFHX1NZTUxJTksgPSAweEEwMDAwMDBDOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1MSU5LX0ZMQUdfUkVMQVRJVkUgPSAweDAwMDAwMDAxOwoKICAgICAgICBwcml2YXRlIGNvbnN0IEludDY0IElOVkFMSURfSEFORExFX1ZBTFVFID0gLTE7CgogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIFNJWkVfT0ZfV0NIQVIgPSAyOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRSA9IDB4MDAwMDAwMDA7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgU1lNQk9MSUNfTElOS19GTEFHX0RJUkVDVE9SWSA9IDB4MDAwMDAwMDE7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBTYWZlRmlsZUhhbmRsZSBDcmVhdGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLlU0KV0gRmlsZUFjY2VzcyBkd0Rlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5VNCldIEZpbGVTaGFyZSBkd1NoYXJlTW9kZSwKICAgICAgICAgICAgSW50UHRyIGxwU2VjdXJpdHlBdHRyaWJ1dGVzLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuVTQpXSBGaWxlTW9kZSBkd0NyZWF0aW9uRGlzcG9zaXRpb24sCiAgICAgICAgICAgIFVJbnQzMiBkd0ZsYWdzQW5kQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGhUZW1wbGF0ZUZpbGUpOwoKICAgICAgICAvLyBVc2VkIGJ5IEdldFJlcGFyc2VQb2ludEluZm8oKQogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIERldmljZUlvQ29u ScriptBlock ID: c8e57e67-c3bb-4c1b-b368-360b8b5fe079 Path:	4104	1		3	2	15	0	1816	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1968	4152	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:57 PM	7f70462d-725d-0002-aa91-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 8): 9rZW4sIFRPS0VOX1BSSVZJTEVHRVMsIHByaXZpbGVnZXNQdHIsIHRva2VuTGVuZ3RoLCBvdXQgdG9rZW5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkdldFRva2VuSW5mb3JtYXRpb24oKSBmb3IgVE9LRU5fUFJJVklMRUdFUyBmYWlsZWQiKTsKCiAgICAgICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTIHByaXZpbGVnZUluZm8gPSAoTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTKU1hcnNoYWwuUHRyVG9TdHJ1Y3R1cmUocHJpdmlsZWdlc1B0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgIHByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW3ByaXZpbGVnZUluZm8uUHJpdmlsZWdlQ291bnRdOwogICAgICAgICAgICAgICAgICAgIFB0clRvU3RydWN0dXJlQXJyYXkocHJpdmlsZWdlcywgSW50UHRyLkFkZChwcml2aWxlZ2VzUHRyLCBNYXJzaGFsLlNpemVPZihwcml2aWxlZ2VJbmZvLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwocHJpdmlsZWdlc1B0cik7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgaW5mbyA9IHByaXZpbGVnZXMuVG9EaWN0aW9uYXJ5KHAgPT4gR2V0UHJpdmlsZWdlTmFtZShwLkx1aWQpLCBwID0+IHAuQXR0cmlidXRlcyk7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBOYXRpdmVNZXRob2RzLkNsb3NlSGFuZGxlKGhUb2tlbik7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgcmV0dXJuIGluZm87CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIFNhZmVXYWl0SGFuZGxlIEdldEN1cnJlbnRQcm9jZXNzKCkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBOYXRpdmVNZXRob2RzLkdldEN1cnJlbnRQcm9jZXNzKCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgUmVtb3ZlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgbnVsbCB9IH0pOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IFNldFRva2VuUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuLCBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IHN0YXRlKQogICAgICAgIHsKICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlQXR0ciA9IG5ldyBOYXRpdmVIZWxwZXJzLkxVSURfQU5EX0FUVFJJQlVURVNbc3RhdGUuQ291bnRdOwogICAgICAgICAgICBpbnQgaSA9IDA7CgogICAgICAgICAgICBmb3JlYWNoIChLZXlWYWx1ZVBhaXI8c3RyaW5nLCBib29sPz4gZW50cnkgaW4gc3RhdGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRCBsdWlkOwogICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIGVudHJ5LktleSwgb3V0IGx1aWQpKQogICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJMb29rdXBQcml2aWxlZ2VWYWx1ZSh7MH0pIGZhaWxlZCIsIGVudHJ5LktleSkpOwoKICAgICAgICAgICAgICAgIFByaXZpbGVnZUF0dHJpYnV0ZXMgYXR0cmlidXRlczsKICAgICAgICAgICAgICAgIHN3aXRjaCAoZW50cnkuVmFsdWUpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgY2FzZSB0cnVlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkOwogICAgICAgICAgICAgICAgICAgICAgICBicmVhazsKICAgICAgICAgICAgICAgICAgICBjYXNlIGZhbHNlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5EaXNhYmxlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICAgICAgZGVmYXVsdDoKICAgICAgICAgICAgICAgICAgICAgICAgYXR0cmlidXRlcyA9IFByaXZpbGVnZUF0dHJpYnV0ZXMuUmVtb3ZlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgcHJpdmlsZWdlQXR0cltpXS5MdWlkID0gbHVpZDsKICAgICAgICAgICAgICAgIHByaXZpbGVnZUF0dHJbaV0uQXR0cmlidXRlcyA9IGF0dHJpYnV0ZXM7CiAgICAgICAgICAgICAgICBpKys7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHJldHVybiBBZGp1c3RUb2tlblByaXZpbGVnZXModG9rZW4sIHByaXZpbGVnZUF0dHIpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBBZGp1c3RUb2tlblByaXZpbGVnZXMoU2FmZUhhbmRsZSB0b2tlbiwgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gbmV3U3RhdGUpCiAgICAgICAgewogICAgICAgICAgICBib29sIGRpc2FibGVBbGxQcml2aWxlZ2VzOwogICAgICAgICAgICBJbnRQdHIgbmV3U3RhdGVQdHI7CiAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1tdIG9sZFN0YXRlUHJpdmlsZWdlczsKICAgICAgICAgICAgVUludDMyIHJldHVybkxlbmd0aDsKCiAgICAgICAgICAgIGlmIChuZXdTdGF0ZSA9PSBudWxsKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBkaXNhYmxlQWxsUHJpdmlsZWdlcyA9IHRydWU7CiAgICAgICAgICAgICAgICBuZXdTdGF0ZVB0ciA9IEludFB0ci5aZXJvOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZGlzYWJsZUFsbFByaXZpbGVnZXMgPSBmYWxzZTsKCiAgICAgICAgICAgICAgICAvLyBOZWVkIHRvIG1hbnVhbGx5IG1hcnNoYWwgdGhlIGJ5dGVzIHJlcXVpcmVzIGZvciBuZXdTdGF0ZSBhcyB0aGUgY29uc3RhbnQgc2l6ZQogICAgICAgICAgICAgICAgLy8gb2YgTFVJRF9BTkRfQVRUUklCVVRFUyBpcyBzZXQgdG8gMSBhbmQgY2FuJ3QgYmUgb3ZlcnJpZGRlbiBhdCBydW50aW1lLCBUT0tFTl9QUklWSUxFR0VTCiAgICAgICAgICAgICAgICAvLyBhbHdheXMgY29udGFpbnMgYXQgbGVhc3QgMSBlbnRyeSBzbyB3ZSBuZWVkIHRvIGNhbGN1bGF0ZSB0aGUgZXh0cmEgc2l6ZSBpZiB0aGVyZSBhcmUKICAgICAgICAgICAgICAgIC8vIG5vcmUgdGhhbiAxIExVSURfQU5EX0FUVFJJQlVURVMgZW50cnkKICAgICAgICAgICAgICAgIGludCB0b2tlblByaXZpbGVnZXNTaXplID0gTWFyc2hhbC5TaXplT2YodHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgaW50IGx1aWRBdHRyU2l6ZSA9IDA7CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMSkKICAgICAgICAgICAgICAgICAgICBsdWlkQXR0clNpemUgPSBNYXJzaGFsLlNpemVPZih0eXBlb2YoTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTKSkgKiAobmV3U3RhdGUuTGVuZ3RoIC0gMSk7CiAgICAgICAgICAgICAgICBpbnQgdG90YWxTaXplID0gdG9rZW5Qcml2aWxlZ2VzU2l6ZSArIGx1aWRBdHRyU2l6ZTsKICAgICAgICAgICAgICAgIGJ5dGVbXSBuZXdTdGF0ZUJ5dGVzID0gbmV3IGJ5dGVbdG90YWxTaXplXTsKCiAgICAgICAgICAgICAgICAvLyBnZXQgdGhlIGZpcnN0IGVudHJ5IHRoYXQgaW5jbHVkZXMgdGhlIHN0cnVjdCBkZXRhaWxzCiAgICAgICAgICAgICAgICBOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMgdG9rZW5Qcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUygpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgUHJpdmlsZWdlQ291bnQgPSAoVUludDMyKW5ld1N0YXRlLkxlbmd0aCwKICAgICAgICAgICAgICAgICAgICBQcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1sxXSwKICAgICAgICAgICAgICAgIH07CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMCkKICAgICAgICAgICAgICAgICAgICB0b2tlblByaXZpbGVnZXMuUHJpdmlsZWdlc1swXSA9IG5ld1N0YXRlWzBdOwogICAgICAgICAgICAgICAgaW50IG9mZnNldCA9IFN0cnVjdHVyZVRvQnl0ZXModG9rZW5Qcml2aWxlZ2VzLCBuZXdTdGF0ZUJ5dGVzLCAwKTsKCiAgICAgICAgICAgICAgICAvLyBjb3B5IHRoZSByZW1haW5pbmcgTFVJRF9BTkRfQVRUUklCVVRFUyAoaWYgYW55KQogICAgICAgICAgICAgICAgZm9yIChpbnQgaSA9IDE7IGkgPCBuZXdTdGF0ZS5MZW5ndGg7IGkrKykKICAgICAgICAgICAgICAgICAgICBvZmZzZXQgKz0gU3RydWN0dXJlVG9CeXRlcyhuZXdTdGF0ZVtpXSwgbmV3U3RhdGVCeXRlcywgb2Zmc2V0KTsKCiAgICAgICAgICAgICAgICAvLyBmaW5hbGx5IGNyZWF0ZSB0aGUgcG9pbnRlciB0byB0aGUgYnl0ZSBhcnJheSB3ZSBqdXN0IGNyZWF0ZWQKICAgICAgICAgICAgICAgIG5ld1N0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwobmV3U3RhdGVCeXRlcy5MZW5ndGgpOwogICAgICAgICAgICAgICAgTWFyc2hhbC5Db3B5KG5ld1N0YXRlQnl0ZXMsIDAsIG5ld1N0YXRlUHRyLCBuZXdTdGF0ZUJ5dGVzLkxlbmd0aCk7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBJbnRQdHIgaFRva2VuID0gSW50UHRyLlplcm87CiAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuT3BlblByb2Nlc3NUb2tlbih0b2tlbiwgVG9rZW5BY2Nlc3NMZXZlbHMuUXVlcnkgfCBUb2tlbkFjY2Vzc0xldmVscy5BZGp1c3RQcml2aWxlZ2VzLCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIk9wZW5Qcm9jZXNzVG9rZW4oKSBmYWlsZWQgd2l0aCBRdWVyeSBhbmQgQWRqdXN0UHJpdmlsZWdlcyIpOwogICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgSW50UHRyIG9sZFN0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoMCk7CiAgICAgICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkFkanVzdFRva2VuUHJpdmlsZWdlcyhoVG9rZW4sIGRpc2FibGVBbGxQcml2aWxlZ2VzLCBuZXdTdGF0ZVB0ciwgMCwgb2xkU3RhdGVQdHIsIG91dCByZXR1cm5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChlcnJDb2RlICE9IDEyMikgLy8gRVJST1JfSU5TVUZGSUNJRU5UX0JVRkZFUgogICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKGVyckNvZGUsICJBZGp1c3RUb2tlblByaXZpbGVnZXMoKSBmYWlsZWQgdG8gZ2V0IG9sZCBzdGF0ZSBzaXplIik7CiAgICAgICAgICAgICAgICAgICAgfQoKICAgICAgICAgICAgICAgICAgICAvLyByZXNpemUgdGhlIG9sZFN0YXRlUHRyIGJhc2VkIG9uIHRoZSBsZW5ndGggcmV0dXJuZWQgZnJvbSBXaW5kb3dzCiAgICAgICAgICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChvbGRTdGF0ZVB0cik7CiAgICAgICAgICAgICAgICAgICAgb2xkU3RhdGVQdHIgPSBNYXJzaGFsLkFsbG9jSEdsb2JhbCgoaW50KXJldHVybkxlbmd0aCk7CiAgICAgICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBib29sIHJlcyA9IE5hdGl2ZU1ldGhvZHMuQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKGhUb2tlbiwgZGlzYWJsZUFsbFByaXZpbGVnZXMsIG5ld1N0YXRlUHRyLCByZXR1cm5MZW5ndGgsIG9sZFN0YXRlUHRyLCBvdXQgcmV0dXJuTGVuZ3RoKTsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBldmVuIHdoZW4gcmVzID09IHRydWUsIEVSUk9SX05PVF9BTExfQVNTSUdORUQgbWF5IGJlIHNldCBhcyB0aGUgbGFzdCBlcnJvciBjb2RlCiAgICAgICAgICAgICAgICAgICAgICAgIGlmICghcmVzIHx8IGVyckNvZGUgIT0gMCkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihlcnJDb2RlLCAiQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKCkgZmFpbGVkIik7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBNYXJzaGFsIHRoZSBvbGRTdGF0ZVB0ciB0byB0aGUgc3RydWN0CiAgICAgICAgICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUyBvbGRTdGF0ZSA9IChOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShvbGRTdGF0ZVB0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgICAgICBvbGRTdGF0ZVByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW29sZFN0YXRlLlByaXZpbGVnZUNvdW50XTsKICAgICAgICAgICAgICAgICAgICAgICAgUHRyVG9TdHJ1Y3R1cmVBcnJheShvbGRTdGF0ZVByaXZpbGVnZXMsIEludFB0ci5BZGQob2xkU3RhdGVQdHIsIE1hcnNoYWwuU2l6ZU9mKG9sZFN0YXRlLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBNYXJzaGFsLkZyZWVIR2xvYmFsKG9sZFN0YXRlUHRyKTsKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5DbG9zZUhhbmRsZShoVG9rZW4pOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaWYgKG5ld1N0YXRlUHRyICE9IEludFB0ci5aZXJvKQogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwobmV3U3RhdGVQdHIpOwogICAgICAgICAgICB9CgogICAgICAgICAgICByZXR1cm4gb2xkU3RhdGVQcml2aWxlZ2VzLlRvRGljdGlvbmFyeShwID0+IEdldFByaXZpbGVnZU5hbWUocC5MdWlkKSwgcCA9PiAoYm9vbD8pcC5BdHRyaWJ1dGVzLkhhc0ZsYWcoUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBzdHJpbmcgR2V0UHJpdmlsZWdlTmFtZShOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZCkKICAgICAgICB7CiAgICAgICAgICAgIFVJbnQzMiBuYW1lTGVuID0gMDsKICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5Mb29rdXBQcml2aWxlZ2VOYW1lKG51bGwsIHJlZiBsdWlkLCBudWxsLCByZWYgbmFtZUxlbik7CgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIG5hbWUgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KShuYW1lTGVuICsgMSkpOwogICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuTG9va3VwUHJpdmlsZWdlTmFtZShudWxsLCByZWYgbHVpZCwgbmFtZSwgcmVmIG5hbWVMZW4pKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJMb29rdXBQcml2aWxlZ2VOYW1lKCkgZmFpbGVkIik7CgogICAgICAgICAgICByZXR1cm4gbmFtZS5Ub1N0cmluZygpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBQdHJUb1N0cnVjdHVyZUFycmF5PFQ+KFRbXSBhcnJheSwgSW50UHRyIHB0cikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBwdHJPZmZzZXQgPSBwdHI7CiAgICAgICAgICAgIGZvciAoaW50IGkgPSAwOyBpIDwgYXJyYXkuTGVuZ3RoOyBpKyssIHB0ck9mZnNldCA9IEludFB0ci5BZGQocHRyT2Zmc2V0LCBNYXJzaGFsLlNpemVPZih0eXBlb2YoVCkpKSkKICAgICAgICAgICAgICAgIGFycmF5W2ldID0gKFQpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShwdHJPZmZzZXQsIHR5cGVvZihUKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBpbnQgU3RydWN0dXJlVG9CeXRlczxUPihUIHN0cnVjdHVyZSwgYnl0ZVtdIGFycmF5LCBpbnQgb2Zmc2V0KQogICAgICAgIHsKICAgICAgICAgICAgaW50IHNpemUgPSBNYXJzaGFsLlNpemVPZihzdHJ1Y3R1cmUpOwogICAgICAgICAgICBJbnRQdHIgc3RydWN0UHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoc2l6ZSk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBNYXJzaGFsLlN0cnVjdHVyZVRvUHRyKHN0cnVjdHVyZSwgc3RydWN0UHRyLCBmYWxzZSk7CiAgICAgICAgICAgICAgICBNYXJzaGFsLkNvcHkoc3RydWN0UHRyLCBhcnJheSwgb2Zmc2V0LCBzaXplKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwoc3RydWN0UHRyKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgcmV0dXJuIHNpemU7CiAgICAgICAgfQogICAgfQp9CidACgpGdW5jdGlvbiBJbXBvcnQtUHJpdmlsZWdlVXRpbCB7CiAgICA8IwogICAgLlNZTk9QU0lTCiAgICBDb21waWxlcyB0aGUgQyMgY29kZSB0aGF0IGNhbiBiZSB1c2VkIHRvIG1hbmFnZSBXaW5kb3dzIHByaXZpbGVnZXMgZnJvbSBhbgogICAgQW5zaWJsZSBtb2R1bGUuIE9uY2UgdGhpcyBmdW5jdGlvbiBpcyBjYWxsZWQsIHRoZSBmb2xsb3dpbmcgUG93ZXJTaGV ScriptBlock ID: c8e57e67-c3bb-4c1b-b368-360b8b5fe079 Path:	4104	1		3	2	15	0	1815	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1968	4152	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:57 PM	7f70462d-725d-0002-aa91-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 8): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.PrivilegeUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTggQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiMgc3RvcmUgaW4gc2VwYXJhdGUgdmFyaWFibGVzIHRvIG1ha2UgaXQgZWFzaWVyIGZvciBvdGhlciBtb2R1bGVfdXRpbHMgdG8KIyBzaGFyZSB0aGlzIGNvZGUgaW4gdGhlaXIgb3duIGMjIGNvZGUKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfbmFtZXNwYWNlcyA9IEAoCiAgICAiTWljcm9zb2Z0LldpbjMyLlNhZmVIYW5kbGVzIiwKICAgICJTeXN0ZW0iLAogICAgIlN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljIiwKICAgICJTeXN0ZW0uTGlucSIsCiAgICAiU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzIiwKICAgICJTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsIiwKICAgICJTeXN0ZW0uVGV4dCIKKQoKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfY29kZSA9IEAnCm5hbWVzcGFjZSBBbnNpYmxlLlByaXZpbGVnZVV0aWwKewogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gUHJpdmlsZWdlQXR0cmlidXRlcyA6IHVpbnQKICAgIHsKICAgICAgICBEaXNhYmxlZCA9IDB4MDAwMDAwMDAsCiAgICAgICAgRW5hYmxlZEJ5RGVmYXVsdCA9IDB4MDAwMDAwMDEsCiAgICAgICAgRW5hYmxlZCA9IDB4MDAwMDAwMDIsCiAgICAgICAgUmVtb3ZlZCA9IDB4MDAwMDAwMDQsCiAgICAgICAgVXNlZEZvckFjY2VzcyA9IDB4ODAwMDAwMDAsCiAgICB9CgogICAgaW50ZXJuYWwgY2xhc3MgTmF0aXZlSGVscGVycwogICAgewogICAgICAgIFtTdHJ1Y3RMYXlvdXQoTGF5b3V0S2luZC5TZXF1ZW50aWFsKV0KICAgICAgICBpbnRlcm5hbCBzdHJ1Y3QgTFVJRAogICAgICAgIHsKICAgICAgICAgICAgcHVibGljIFVJbnQzMiBMb3dQYXJ0OwogICAgICAgICAgICBwdWJsaWMgSW50MzIgSGlnaFBhcnQ7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IExVSURfQU5EX0FUVFJJQlVURVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBMVUlEIEx1aWQ7CiAgICAgICAgICAgIHB1YmxpYyBQcml2aWxlZ2VBdHRyaWJ1dGVzIEF0dHJpYnV0ZXM7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IFRPS0VOX1BSSVZJTEVHRVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBVSW50MzIgUHJpdmlsZWdlQ291bnQ7CiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5CeVZhbEFycmF5LCBTaXplQ29uc3QgPSAxKV0KICAgICAgICAgICAgcHVibGljIExVSURfQU5EX0FUVFJJQlVURVNbXSBQcml2aWxlZ2VzOwogICAgICAgIH0KICAgIH0KCiAgICBpbnRlcm5hbCBjbGFzcyBOYXRpdmVNZXRob2RzCiAgICB7CiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIEFkanVzdFRva2VuUHJpdmlsZWdlcygKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuQm9vbCldIGJvb2wgRGlzYWJsZUFsbFByaXZpbGVnZXMsCiAgICAgICAgICAgIEludFB0ciBOZXdTdGF0ZSwKICAgICAgICAgICAgVUludDMyIEJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgSW50UHRyIFByZXZpb3VzU3RhdGUsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIENsb3NlSGFuZGxlKAogICAgICAgICAgICBJbnRQdHIgaE9iamVjdCk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBTYWZlV2FpdEhhbmRsZSBHZXRDdXJyZW50UHJvY2VzcygpOwoKICAgICAgICBbRGxsSW1wb3J0KCJhZHZhcGkzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBpbnRlcm5hbCBzdGF0aWMgZXh0ZXJuIGJvb2wgR2V0VG9rZW5JbmZvcm1hdGlvbigKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBVSW50MzIgVG9rZW5JbmZvcm1hdGlvbkNsYXNzLAogICAgICAgICAgICBJbnRQdHIgVG9rZW5JbmZvcm1hdGlvbiwKICAgICAgICAgICAgVUludDMyIFRva2VuSW5mb3JtYXRpb25MZW5ndGgsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZU5hbWUoCiAgICAgICAgICAgIHN0cmluZyBscFN5c3RlbU5hbWUsCiAgICAgICAgICAgIHJlZiBOYXRpdmVIZWxwZXJzLkxVSUQgbHBMdWlkLAogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGxwTmFtZSwKICAgICAgICAgICAgcmVmIFVJbnQzMiBjY2hOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZVZhbHVlKAogICAgICAgICAgICBzdHJpbmcgbHBTeXN0ZW1OYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBOYW1lLAogICAgICAgICAgICBvdXQgTmF0aXZlSGVscGVycy5MVUlEIGxwTHVpZCk7CgogICAgICAgIFtEbGxJbXBvcnQoImFkdmFwaTMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIGludGVybmFsIHN0YXRpYyBleHRlcm4gYm9vbCBPcGVuUHJvY2Vzc1Rva2VuKAogICAgICAgICAgICBTYWZlSGFuZGxlIFByb2Nlc3NIYW5kbGUsCiAgICAgICAgICAgIFRva2VuQWNjZXNzTGV2ZWxzIERlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIG91dCBJbnRQdHIgVG9rZW5IYW5kbGUpOwogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KICAgICAgICBwdWJsaWMgV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQogICAgICAgIHB1YmxpYyBvdmVycmlkZSBzdHJpbmcgTWVzc2FnZSB7IGdldCB7IHJldHVybiBfbXNnOyB9IH0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4cGxpY2l0IG9wZXJhdG9yIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgV2luMzJFeGNlcHRpb24obWVzc2FnZSk7IH0KICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgUHJpdmlsZWdlcwogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIHJlYWRvbmx5IFVJbnQzMiBUT0tFTl9QUklWSUxFR0VTID0gMzsKCgogICAgICAgIHB1YmxpYyBzdGF0aWMgYm9vbCBDaGVja1ByaXZpbGVnZU5hbWUoc3RyaW5nIG5hbWUpCiAgICAgICAgewogICAgICAgICAgICBOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZDsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIG5hbWUsIG91dCBsdWlkKSkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICBpZiAoZXJyQ29kZSAhPSAxMzEzKSAgLy8gRVJST1JfTk9fU1VDSF9QUklWSUxFR0UKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oZXJyQ29kZSwgU3RyaW5nLkZvcm1hdCgiTG9va3VwUHJpdmlsZWdlVmFsdWUoezB9KSBmYWlsZWQiLCBuYW1lKSk7CiAgICAgICAgICAgICAgICByZXR1cm4gZmFsc2U7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZWxzZQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICByZXR1cm4gdHJ1ZTsKICAgICAgICAgICAgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IERpc2FibGVQcml2aWxlZ2UoU2FmZUhhbmRsZSB0b2tlbiwgc3RyaW5nIHByaXZpbGVnZSkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgZmFsc2UgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBEaXNhYmxlQWxsUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuKQogICAgICAgIHsKICAgICAgICAgICAgcmV0dXJuIEFkanVzdFRva2VuUHJpdmlsZWdlcyh0b2tlbiwgbnVsbCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIERpY3Rpb25hcnk8c3RyaW5nLCBib29sPz4gRW5hYmxlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICByZXR1cm4gU2V0VG9rZW5Qcml2aWxlZ2VzKHRva2VuLCBuZXcgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PigpIHsgeyBwcml2aWxlZ2UsIHRydWUgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IEdldEFsbFByaXZpbGVnZUluZm8oU2FmZUhhbmRsZSB0b2tlbikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBoVG9rZW4gPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLk9wZW5Qcm9jZXNzVG9rZW4odG9rZW4sIFRva2VuQWNjZXNzTGV2ZWxzLlF1ZXJ5LCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiT3BlblByb2Nlc3NUb2tlbigpIGZhaWxlZCIpOwoKICAgICAgICAgICAgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IGluZm8gPSBuZXcgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+KCk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBVSW50MzIgdG9rZW5MZW5ndGggPSAwOwogICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5HZXRUb2tlbkluZm9ybWF0aW9uKGhUb2tlbiwgVE9LRU5fUFJJVklMRUdFUywgSW50UHRyLlplcm8sIDAsIG91dCB0b2tlbkxlbmd0aCk7CgogICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlczsKICAgICAgICAgICAgICAgIEludFB0ciBwcml2aWxlZ2VzUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoKGludCl0b2tlbkxlbmd0aCk7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuR2V0VG9rZW5JbmZvcm1hdGlvbihoVG ScriptBlock ID: c8e57e67-c3bb-4c1b-b368-360b8b5fe079 Path:	4104	1		3	2	15	0	1814	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1968	4152	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:57 PM	7f70462d-725d-0002-aa91-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1813	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1968	1336	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:57 PM	7f70462d-725d-0003-3c92-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1968 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1812	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1968	4172	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:57 PM	7f70462d-725d-0003-3c92-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1811	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1968	1336	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:57 PM	7f70462d-725d-0003-3c92-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1810	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4128	2084	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:56 PM	7f70462d-725d-0002-9a91-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4128 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1809	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4128	4120	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:56 PM	7f70462d-725d-0002-9a91-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1808	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4128	2084	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:56 PM	7f70462d-725d-0002-9a91-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 72129fd6-e8f7-413d-9639-392e2c67f816 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = bf7a3745-6482-43fa-b242-e98cfbb8756c Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = HV-CINDER-79963\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1807	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2944	2296	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:56 PM	7f70462d-725d-0001-6955-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 35156853-714d-4b3b-96fd-60b2920c445f Path:	4104	1		3	2	15	0	1806	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2944	4696	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:55 PM	7f70462d-725d-0004-676b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: fc04220d-1a4e-489d-b5a8-4b1c8cbb5ad5 Path:	4104	1		3	2	15	0	1805	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2944	4696	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:55 PM	7f70462d-725d-0004-606b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: c01d0f05-0729-44a5-93c3-f1a35da7ddd8 Path:	4104	1		3	2	15	0	1804	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2944	4696	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:55 PM	7f70462d-725d-0005-8b59-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 5): mV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "Get-Service nova-compute | %{$_.Status}", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: e6baa724-adb0-47b4-89b1-08be44d01dd8 Path:	4104	1		3	2	15	0	1803	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2944	4696	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:55 PM	7f70462d-725d-0005-8559-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 5): ICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgc ScriptBlock ID: e6baa724-adb0-47b4-89b1-08be44d01dd8 Path:	4104	1		3	2	15	0	1802	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2944	4696	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:55 PM	7f70462d-725d-0005-8559-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 5): 3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdl ScriptBlock ID: e6baa724-adb0-47b4-89b1-08be44d01dd8 Path:	4104	1		3	2	15	0	1801	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2944	4696	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:55 PM	7f70462d-725d-0005-8559-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 5): ZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX ScriptBlock ID: e6baa724-adb0-47b4-89b1-08be44d01dd8 Path:	4104	1		3	2	15	0	1800	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2944	4696	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:55 PM	7f70462d-725d-0005-8559-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 5): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBT ScriptBlock ID: e6baa724-adb0-47b4-89b1-08be44d01dd8 Path:	4104	1		3	2	15	0	1799	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2944	4696	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:55 PM	7f70462d-725d-0005-8559-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1798	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2944	1156	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:54 PM	7f70462d-725d-0002-9691-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2944 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1797	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2944	2292	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:54 PM	7f70462d-725d-0002-9691-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1796	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2944	1156	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:54 PM	7f70462d-725d-0002-9691-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.Linq; using System.Runtime.InteropServices; using System.Security.Principal; using System.Text; namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 0515d8c2-4190-4181-b191-a070052e3a69 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = d780f95a-dc95-47fe-a43d-bea25ff0b7f1 Pipeline ID = 8 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 36 User = HV-CINDER-79963\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1795	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1412	972	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:53 PM	7f70462d-725d-0005-7e59-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 0515d8c2-4190-4181-b191-a070052e3a69 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = d780f95a-dc95-47fe-a43d-bea25ff0b7f1 Pipeline ID = 8 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = HV-CINDER-79963\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1794	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1412	972	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:53 PM	7f70462d-725d-0004-496b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 2214fa5f-dd96-48b2-824b-0ebed6b95de6 Path:	4104	1		3	2	15	0	1793	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1412	1688	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:53 PM	7f70462d-725d-0001-3455-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): anipulate, use '[Ansible.PrivilegeUtils.Privileges]::GetCurrentProcess()' to get the current process handle $name = The name of the privilege, this is the constant value from https://docs.microsoft.com/en-us/windows/desktop/SecAuthZ/privilege-constants, e.g. SeAuditPrivilege $new_state = 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' The key is the constant name as a string, the value is a ternary boolean where true - will enable the privilege false - will disable the privilege null - will remove the privilege Each method that changes the privilege state will return a dictionary that can be used as the $new_state arg of SetTokenPrivileges to undo and revert back to the original state. If you remove a privilege then this is irreversible and won't be part of the returned dict #> [CmdletBinding()] # build the C# code to compile $namespace_import = ($ansible_privilege_util_namespaces | ForEach-Object { "using $_;" }) -join "`r`n" $platform_util = "$namespace_import`r`n`r`n$ansible_privilege_util_code" # FUTURE: find a better way to get the _ansible_remote_tmp variable # this is used to force csc to compile the C# code in the remote tmp # specified $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $platform_util $env:TMP = $original_tmp } Function Get-AnsiblePrivilege { <# .SYNOPSIS Get the status of a privilege for the current process. This returns $true - the privilege is enabled $false - the privilege is disabled $null - the privilege is removed from the token If Name is not a valid privilege name, this will throw an ArgumentException. .EXAMPLE Get-AnsiblePrivilege -Name SeDebugPrivilege #> [CmdletBinding()] param( [Parameter(Mandatory=$true)][String]$Name ) if (-not [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($Name)) { throw [System.ArgumentException] "Invalid privilege name '$Name'" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() $privilege_info = [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process_token) if ($privilege_info.ContainsKey($Name)) { $status = $privilege_info.$Name return $status.HasFlag([Ansible.PrivilegeUtil.PrivilegeAttributes]::Enabled) } else { return $null } } Function Set-AnsiblePrivilege { <# .SYNOPSIS Enables/Disables a privilege on the current process' token. If a privilege has been removed from the process token, this will throw an InvalidOperationException. .EXAMPLE # enable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $true # disable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $false #> [CmdletBinding(SupportsShouldProcess)] param( [Parameter(Mandatory=$true)][String]$Name, [Parameter(Mandatory=$true)][bool]$Value ) $action = switch($Value) { $true { "Enable" } $false { "Disable" } } $current_state = Get-AnsiblePrivilege -Name $Name if ($current_state -eq $Value) { return # no change needs to occur } elseif ($null -eq $current_state) { # once a privilege is removed from a token we cannot do anything with it throw [System.InvalidOperationException] "Cannot $($action.ToLower()) the privilege '$Name' as it has been removed from the token" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() if ($PSCmdlet.ShouldProcess($Name, "$action the privilege $Name")) { $new_state = New-Object -TypeName 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' $new_state.Add($Name, $Value) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process_token, $new_state) > $null } } Export-ModuleMember -Function Import-PrivilegeUtil, Get-AnsiblePrivilege, Set-AnsiblePrivilege ` -Variable ansible_privilege_util_namespaces, ansible_privilege_util_code ScriptBlock ID: 7be8b490-0b6a-4b78-8cbf-0d111e68332b Path:	4104	1		3	2	15	0	1792	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1412	1688	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:53 PM	7f70462d-725d-0001-3055-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): # Copyright (c) 2018 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) # store in separate variables to make it easier for other module_utils to # share this code in their own c# code $ansible_privilege_util_namespaces = @( "Microsoft.Win32.SafeHandles", "System", "System.Collections.Generic", "System.Linq", "System.Runtime.InteropServices", "System.Security.Principal", "System.Text" ) $ansible_privilege_util_code = @' namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } } '@ Function Import-PrivilegeUtil { <# .SYNOPSIS Compiles the C# code that can be used to manage Windows privileges from an Ansible module. Once this function is called, the following PowerShell cmdlets can be used; Get-AnsiblePrivilege Set-AnsiblePrivilege The above cmdlets give the ability to manage permissions on the current process token but the underlying .NET classes are also exposed for greater control. The following functions can be used by calling the .NET class [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($name) [Ansible.PrivilegeUtil.Privileges]::DisablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::DisableAllPrivileges($process) [Ansible.PrivilegeUtil.Privileges]::EnablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process) [Ansible.PrivilegeUtil.Privileges]::RemovePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process, $new_state) Here is a brief explanation of each type of arg $process = The process handle to m ScriptBlock ID: 7be8b490-0b6a-4b78-8cbf-0d111e68332b Path:	4104	1		3	2	15	0	1791	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1412	1688	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:53 PM	7f70462d-725d-0001-3055-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) #Requires -Module Ansible.ModuleUtils.PrivilegeUtil Function Load-LinkUtils() { $link_util = @' using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } } '@ # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $link_util $env:TMP = $original_tmp Import-PrivilegeUtil # enable the SeBackupPrivilege if it is disabled $state = Get-AnsiblePrivilege -Name SeBackupPrivilege if ($state -eq $false) { Set-AnsiblePrivilege -Name SeBackupPrivilege -Value $true } } Function Get-Link($link_path) { $link_info = [Ansible.LinkUtil]::GetLinkInfo($link_path) return $link_info } Function Remove-Link($link_path) { [Ansible.LinkUtil]::DeleteLink($link_path) } Function New-Link($link_path, $link_target, $link_type) { if (-not (Test-Path -Path $link_target)) { throw "link_target '$link_target' does not exist, cannot create link" } switch($link_type) { "link" { $type = [Ansible.LinkType]::SymbolicLink } "junction" { if (Test-Path -Path $link_target -PathType Leaf) { throw "cannot set the target for a junction point to a file" } $type = [Ansible.LinkType]::JunctionPoint } "hard" { if (Test-Path -Path $link_target -PathType Container) { throw "cannot set the target for a hard link to a directory" } $type = [Ansible.LinkType]::HardLink } default { throw "invalid link_type option $($link_type): expecting link, junction, hard" } } [Ansible.LinkUtil]::CreateLink($link_path, $link_target, $type) } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: b5808efe-cc11-434f-ab27-e29b52ee76ae Path:	4104	1		3	2	15	0	1790	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1412	1688	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:53 PM	7f70462d-725d-0001-2c55-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 98cb037a-d6ed-48ed-a4ea-067e6bf4693e Path:	4104	1		3	2	15	0	1789	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1412	1688	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:52 PM	7f70462d-725d-0001-1d55-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (6 of 6): 1lCiAgICAgICAgZmlsZW5hbWUgPSAkaW5mby5OYW1lCiAgICAgICAgIyBleHRlbnNpb24gPSBhIGZpbGUKICAgICAgICAjIG93bmVyID0gc2V0IG91dHNpdGUgdGhpcyBkaWN0IGluIGNhc2UgaXQgZmFpbHMKICAgICAgICAjIHNoYXJlbmFtZSA9IGEgZGlyZWN0b3J5IGFuZCBpc3NoYXJlZCBpcyBUcnVlCiAgICAgICAgIyBjaGVja3N1bSA9IGEgZmlsZSBhbmQgZ2V0X2NoZWNrc3VtOiBUcnVlCiAgICAgICAgIyBtZDUgPSBhIGZpbGUgYW5kIGdldF9tZDU6IFRydWUKICAgIH0KICAgICRzdGF0Lm93bmVyID0gJGluZm8uR2V0QWNjZXNzQ29udHJvbCgpLk93bmVyCgogICAgIyB2YWx1ZXMgdGhhdCBhcmUgc2V0IGFjY29yZGluZyB0byB0aGUgdHlwZSBvZiBmaWxlCiAgICBpZiAoJGluZm8uQXR0cmlidXRlcy5IYXNGbGFnKFtTeXN0ZW0uSU8uRmlsZUF0dHJpYnV0ZXNdOjpEaXJlY3RvcnkpKSB7CiAgICAgICAgJHN0YXQuaXNkaXIgPSAkdHJ1ZQogICAgICAgICRzaGFyZV9pbmZvID0gR2V0LVdtaU9iamVjdCAtQ2xhc3MgV2luMzJfU2hhcmUgLUZpbHRlciAiUGF0aD0nJCgkc3RhdC5wYXRoIC1yZXBsYWNlICdcXCcsICdcXCcpJyIKICAgICAgICBpZiAoJHNoYXJlX2luZm8gLW5lICRudWxsKSB7CiAgICAgICAgICAgICRzdGF0Lmlzc2hhcmVkID0gJHRydWUKICAgICAgICAgICAgJHN0YXQuc2hhcmVuYW1lID0gJHNoYXJlX2luZm8uTmFtZQogICAgICAgIH0KCiAgICAgICAgdHJ5IHsKICAgICAgICAgICAgJHNpemUgPSAwCiAgICAgICAgICAgIGZvcmVhY2ggKCRmaWxlIGluICRpbmZvLkVudW1lcmF0ZUZpbGVzKCIqIiwgW1N5c3RlbS5JTy5TZWFyY2hPcHRpb25dOjpBbGxEaXJlY3RvcmllcykpIHsKICAgICAgICAgICAgICAgICRzaXplICs9ICRmaWxlLkxlbmd0aAogICAgICAgICAgICB9CiAgICAgICAgICAgICRzdGF0LnNpemUgPSAkc2l6ZQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICAkc3RhdC5zaXplID0gMAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHN0YXQuZXh0ZW5zaW9uID0gJGluZm8uRXh0ZW5zaW9uCiAgICAgICAgJHN0YXQuaXNyZWcgPSAkdHJ1ZQogICAgICAgICRzdGF0LnNpemUgPSAkaW5mby5MZW5ndGgKCiAgICAgICAgaWYgKCRnZXRfbWQ1KSB7CiAgICAgICAgICAgIHRyeSB7CiAgICAgICAgICAgICAgICAkc3RhdC5tZDUgPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gIm1kNSIKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJmYWlsZWQgdG8gZ2V0IE1ENSBoYXNoIG9mIGZpbGUsIHJlbW92ZSBnZXRfbWQ1IHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICBpZiAoJGdldF9jaGVja3N1bSkgewogICAgICAgICAgICB0cnkgewogICAgICAgICAgICAgICAgJHN0YXQuY2hlY2tzdW0gPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gJGNoZWNrc3VtX2FsZ29yaXRobQogICAgICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImZhaWxlZCB0byBnZXQgaGFzaCBvZiBmaWxlLCBzZXQgZ2V0X2NoZWNrc3VtIHRvIEZhbHNlIHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KCiAgICAjIEdldCBzeW1ib2xpYyBsaW5rLCBqdW5jdGlvbiBwb2ludCwgaGFyZCBsaW5rIGluZm8KICAgIExvYWQtTGlua1V0aWxzCiAgICB0cnkgewogICAgICAgICRsaW5rX2luZm8gPSBHZXQtTGluayAtbGlua19wYXRoICRpbmZvLkZ1bGxOYW1lCiAgICB9IGNhdGNoIHsKICAgICAgICBBZGQtV2FybmluZyAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBjaGVjay9nZXQgbGluayBpbmZvIGZvciBmaWxlOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgIH0KICAgIGlmICgkbGlua19pbmZvIC1uZSAkbnVsbCkgewogICAgICAgIHN3aXRjaCAoJGxpbmtfaW5mby5UeXBlKSB7CiAgICAgICAgICAgICJTeW1ib2xpY0xpbmsiIHsKICAgICAgICAgICAgICAgICRzdGF0LmlzbG5rID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJKdW5jdGlvblBvaW50IiB7CiAgICAgICAgICAgICAgICAkc3RhdC5pc2p1bmN0aW9uID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJIYXJkTGluayIgewogICAgICAgICAgICAgICAgJHN0YXQubG5rX3R5cGUgPSAiaGFyZCIKICAgICAgICAgICAgICAgICRzdGF0Lm5saW5rID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cy5Db3VudAoKICAgICAgICAgICAgICAgICMgcmVtb3ZlIGN1cnJlbnQgcGF0aCBmcm9tIHRoZSB0YXJnZXRzCiAgICAgICAgICAgICAgICAkaGxua190YXJnZXRzID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cyB8IFdoZXJlLU9iamVjdCB7ICRfIC1uZSAkc3RhdC5wYXRoIH0KICAgICAgICAgICAgICAgICRzdGF0LmhsbmtfdGFyZ2V0cyA9IEAoJGhsbmtfdGFyZ2V0cykKICAgICAgICAgICAgICAgIGJyZWFrCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9CgogICAgJHJlc3VsdC5zdGF0ID0gJHN0YXQKfQoKRXhpdC1Kc29uICRyZXN1bHQK", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_stat", "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_check_mode": false, "get_checksum": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "path": "c:\\openstack\\log\\nova-compute.log", "get_md5": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 9fa3a0f4-d5af-441c-9b39-4700976c1c8b Path:	4104	1		3	2	15	0	1788	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1412	1688	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:52 PM	7f70462d-725d-0001-1755-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 6): tZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5GaWxlVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxpbmtVdGlsCgpmdW5jdGlvbiBEYXRlVG8tVGltZXN0YW1wKCRzdGFydF9kYXRlLCAkZW5kX2RhdGUpIHsKICAgIGlmICgkc3RhcnRfZGF0ZSAtYW5kICRlbmRfZGF0ZSkgewogICAgICAgIHJldHVybiAoTmV3LVRpbWVTcGFuIC1TdGFydCAkc3RhcnRfZGF0ZSAtRW5kICRlbmRfZGF0ZSkuVG90YWxTZWNvbmRzCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokcGF0aCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJwYXRoIiAtdHlwZSAicGF0aCIgLWZhaWxpZmVtcHR5ICR0cnVlIC1hbGlhc2VzICJkZXN0IiwibmFtZSIKJGdldF9tZDUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZ2V0X21kNSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQokZ2V0X2NoZWNrc3VtID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgImdldF9jaGVja3N1bSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCiRjaGVja3N1bV9hbGdvcml0aG0gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hlY2tzdW1fYWxnb3JpdGhtIiAtdHlwZSAic3RyIiAtZGVmYXVsdCAic2hhMSIgLXZhbGlkYXRlc2V0ICJtZDUiLCJzaGExIiwic2hhMjU2Iiwic2hhMzg0Iiwic2hhNTEyIgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCiAgICBzdGF0ID0gQHsKICAgICAgICBleGlzdHMgPSAkZmFsc2UKICAgIH0KfQoKIyBnZXRfbWQ1IHdpbGwgYmUgYW4gdW5kb2N1bWVudGVkIG9wdGlvbiBpbiAyLjkgdG8gYmUgcmVtb3ZlZCBhdCBhIGxhdGVyCiMgZGF0ZSBpZiBwb3NzaWJsZSAoMy4wKykKaWYgKEdldC1NZW1iZXIgLWlucHV0b2JqZWN0ICRwYXJhbXMgLW5hbWUgImdldF9tZDUiKSB7CiAgICBBZGQtRGVwcmVhY3Rpb25XYXJuaW5nIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiZ2V0X21kNSBoYXMgYmVlbiBkZXByZWNhdGVkIGFsb25nIHdpdGggdGhlIG1kNSByZXR1cm4gdmFsdWUsIHVzZSBnZXRfY2hlY2tzdW09VHJ1ZSBhbmQgY2hlY2tzdW1fYWxnb3JpdGhtPW1kNSBpbnN0ZWFkIiAtdmVyc2lvbiAyLjkKfQoKJGluZm8gPSBHZXQtQW5zaWJsZUl0ZW0gLVBhdGggJHBhdGggLUVycm9yQWN0aW9uIFNpbGVudGx5Q29udGludWUKSWYgKCRpbmZvIC1uZSAkbnVsbCkgewogICAgJGVwb2NoX2RhdGUgPSBHZXQtRGF0ZSAtRGF0ZSAiMDEvMDEvMTk3MCIKICAgICRhdHRyaWJ1dGVzID0gQCgpCiAgICBmb3JlYWNoICgkYXR0cmlidXRlIGluICgkaW5mby5BdHRyaWJ1dGVzIC1zcGxpdCAnLCcpKSB7CiAgICAgICAgJGF0dHJpYnV0ZXMgKz0gJGF0dHJpYnV0ZS5UcmltKCkKICAgIH0KCiAgICAjIGRlZmF1bHQgdmFsdWVzIHRoYXQgYXJlIGFsd2F5cyBzZXQsIHNwZWNpZmljIHZhbHVlcyBhcmUgc2V0IGJlbG93IHRoaXMKICAgICMgYnV0IGFyZSBrZXB0IGNvbW1lbnRlZCBmb3IgZWFzaWVyIHJlYWRhYmlsaXR5CiAgICAkc3RhdCA9IEB7CiAgICAgICAgZXhpc3RzID0gJHRydWUKICAgICAgICBhdHRyaWJ1dGVzID0gJGluZm8uQXR0cmlidXRlcy5Ub1N0cmluZygpCiAgICAgICAgaXNhcmNoaXZlID0gKCRhdHRyaWJ1dGVzIC1jb250YWlucyAiQXJjaGl2ZSIpCiAgICAgICAgaXNkaXIgPSAkZmFsc2UKICAgICAgICBpc2hpZGRlbiA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIkhpZGRlbiIpCiAgICAgICAgaXNqdW5jdGlvbiA9ICRmYWxzZQogICAgICAgIGlzbG5rID0gJGZhbHNlCiAgICAgICAgaXNyZWFkb25seSA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIlJlYWRPbmx5IikKICAgICAgICBpc3JlZyA9ICRmYWxzZQogICAgICAgIGlzc2hhcmVkID0gJGZhbHNlCiAgICAgICAgbmxpbmsgPSAxICAjIE51bWJlciBvZiBsaW5rcyB0byB0aGUgZmlsZSAoaGFyZCBsaW5rcyksIG92ZXJyaWRlbiBiZWxvdyBpZiBpc2xuawogICAgICAgICMgbG5rX3RhcmdldCA9IGlzbG5rIG9yIGlzanVuY3Rpb24gVGFyZ2V0IG9mIHRoZSBzeW1saW5rLiBOb3RlIHRoYXQgcmVsYXRpdmUgcGF0aHMgcmVtYWluIHJlbGF0aXZlCiAgICAgICAgIyBsbmtfc291cmNlID0gaXNsbmsgb3MgaXNqdW5jdGlvbiBUYXJnZXQgb2YgdGhlIHN5bWxpbmsgbm9ybWFsaXplZCBmb3IgdGhlIHJlbW90ZSBmaWxlc3lzdGVtCiAgICAgICAgaGxua190YXJnZXRzID0gQCgpCiAgICAgICAgY3JlYXRpb250aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkNyZWF0aW9uVGltZSkKICAgICAgICBsYXN0YWNjZXNzdGltZSA9IChEYXRlVG8tVGltZXN0YW1wIC1zdGFydF9kYXRlICRlcG9jaF9kYXRlIC1lbmRfZGF0ZSAkaW5mby5MYXN0QWNjZXNzVGltZSkKICAgICAgICBsYXN0d3JpdGV0aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkxhc3RXcml0ZVRpbWUpCiAgICAgICAgIyBzaXplID0gYSBmaWxlIGFuZCBkaXJlY3RvcnkgLSBjYWxjdWxhdGVkIGJlbG93CiAgICAgICAgcGF0aCA9ICRpbmZvLkZ1bGxOYW ScriptBlock ID: 9fa3a0f4-d5af-441c-9b39-4700976c1c8b Path:	4104	1		3	2	15	0	1787	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1412	1688	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:52 PM	7f70462d-725d-0001-1755-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 6): CAgICAgICAgICAgICAgbGlua1R5cGUgPSBMaW5rVHlwZS5KdW5jdGlvblBvaW50OwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIGVycm9yTWVzc2FnZSA9IFN0cmluZy5Gb3JtYXQoIkludmFsaWQgUmVwYXJzZSBUYWc6IHswfSIsIGJ1ZmZlci5SZXBhcnNlVGFnLlRvU3RyaW5nKCkpOwogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEV4Y2VwdGlvbihlcnJvck1lc3NhZ2UpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBzdHJpbmcgcHJpbnROYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlByaW50TmFtZU9mZnNldCAvIFNJWkVfT0ZfV0NIQVIpICsgcGF0aE9mZnNldCwgKGludCkoYnVmZmVyLlByaW50TmFtZUxlbmd0aCAvIFNJWkVfT0ZfV0NIQVIpKTsKICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0IC8gU0laRV9PRl9XQ0hBUikgKyBwYXRoT2Zmc2V0LCAoaW50KShidWZmZXIuU3Vic3RpdHV0ZU5hbWVMZW5ndGggLyBTSVpFX09GX1dDSEFSKSk7CgogICAgICAgICAgICAvLyBUT0RPOiBzaG91bGQgd2UgY2hlY2sgZm9yIFw/XFVOQ1xzZXJ2ZXIgZm9yIGNvbnZlcnQgaXQgdG8gdGhlIE5UIHN0eWxlIFxcc2VydmVyIHBhdGgKICAgICAgICAgICAgLy8gUmVtb3ZlIHRoZSBsZWFkaW5nIFdpbmRvd3Mgb2JqZWN0IGRpcmVjdG9yeSBcP1wgZnJvbSB0aGUgcGF0aCBpZiBwcmVzZW50CiAgICAgICAgICAgIHN0cmluZyB0YXJnZXRQYXRoID0gc3Vic3RpdHV0ZU5hbWU7CiAgICAgICAgICAgIGlmICh0YXJnZXRQYXRoLlN0YXJ0c1dpdGgoIlxcPz9cXCIpKQogICAgICAgICAgICAgICAgdGFyZ2V0UGF0aCA9IHRhcmdldFBhdGguU3Vic3RyaW5nKDQsIHRhcmdldFBhdGguTGVuZ3RoIC0gNCk7CgogICAgICAgICAgICBzdHJpbmcgYWJzb2x1dGVQYXRoID0gdGFyZ2V0UGF0aDsKICAgICAgICAgICAgaWYgKGlzUmVsYXRpdmUpCiAgICAgICAgICAgICAgICBhYnNvbHV0ZVBhdGggPSBQYXRoLkdldEZ1bGxQYXRoKFBhdGguQ29tYmluZShuZXcgRmlsZUluZm8obGlua1BhdGgpLkRpcmVjdG9yeS5GdWxsTmFtZSwgdGFyZ2V0UGF0aCkpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBMaW5rSW5mbwogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBUeXBlID0gbGlua1R5cGUsCiAgICAgICAgICAgICAgICBQcmludE5hbWUgPSBwcmludE5hbWUsCiAgICAgICAgICAgICAgICBTdWJzdGl0dXRlTmFtZSA9IHN1YnN0aXR1dGVOYW1lLAogICAgICAgICAgICAgICAgQWJzb2x1dGVQYXRoID0gYWJzb2x1dGVQYXRoLAogICAgICAgICAgICAgICAgVGFyZ2V0UGF0aCA9IHRhcmdldFBhdGgKICAgICAgICAgICAgfTsKICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIHZvaWQgQ3JlYXRlSnVuY3Rpb25Qb2ludChzdHJpbmcgbGlua1BhdGgsIHN0cmluZyBsaW5rVGFyZ2V0KQogICAgICAgIHsKICAgICAgICAgICAgLy8gV2UgbmVlZCB0byBjcmVhdGUgdGhlIGxpbmsgYXMgYSBkaXIgYmVmb3JlaGFuZAogICAgICAgICAgICBEaXJlY3RvcnkuQ3JlYXRlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgZmlsZUhhbmRsZSA9IENyZWF0ZUZpbGUoCiAgICAgICAgICAgICAgICBsaW5rUGF0aCwKICAgICAgICAgICAgICAgIEZpbGVBY2Nlc3MuV3JpdGUsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuUmVhZCB8IEZpbGVTaGFyZS5Xcml0ZSB8IEZpbGVTaGFyZS5Ob25lLAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICBGaWxlTW9kZS5PcGVuLAogICAgICAgICAgICAgICAgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgfCBGSUxFX0ZMQUdfT1BFTl9SRVBBUlNFX1BPSU5ULAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8pOwoKICAgICAgICAgICAgaWYgKGZpbGVIYW5kbGUuSXNJbnZhbGlkKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlRmlsZSh7MH0pIGZhaWxlZCIsIGxpbmtQYXRoKSk7CgogICAgICAgICAgICB0cnkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gIlxcPz9cXCIgKyBQYXRoLkdldEZ1bGxQYXRoKGxpbmtUYXJnZXQpOwogICAgICAgICAgICAgICAgc3RyaW5nIHByaW50TmFtZSA9IGxpbmtUYXJnZXQ7CgogICAgICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICAgICAgYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0ID0gMDsKICAgICAgICAgICAgICAgIGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCA9IChVSW50MTYpKHN1YnN0aXR1dGVOYW1lLkxlbmd0aCAqIFNJWkVfT0ZfV0NIQVIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZU9mZnNldCA9IChVSW50MTYpKGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCArIDIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZUxlbmd0aCA9IChVSW50MTYpKHByaW50TmFtZS5MZW5ndGggKiBTSVpFX09GX1dDSEFSKTsKCiAgICAgICAgICAgICAgICBidWZmZXIuUmVwYXJzZVRhZyA9IElPX1JFUEFSU0VfVEFHX01PVU5UX1BPSU5UOwogICAgICAgICAgICAgICAgYnVmZmVyLlJlcGFyc2VEYXRhTGVuZ3RoID0gKFVJbnQxNikoYnVmZmVyLlN1YnN0aXR1dGVOYW1lTGVuZ3RoICsgYnVmZmVyLlByaW50TmFtZUxlbmd0aCArIDEyKTsKICAgICAgICAgICAgICAgIGJ1ZmZlci5QYXRoQnVmZmVyID0gbmV3IGNoYXJbTUFYSU1VTV9SRVBBUlNFX0RBVEFfQlVGRkVSX1NJWkVdOwoKICAgICAgICAgICAgICAgIGJ5dGVbXSB1bmljb2RlQnl0ZXMgPSBFbmNvZGluZy5Vbmljb2RlLkdldEJ5dGVzKHN1YnN0aXR1dGVOYW1lICsgIlwwIiArIHByaW50TmFtZSk7CiAgICAgICAgICAgICAgICBjaGFyW10gcGF0aEJ1ZmZlciA9IEVuY29kaW5nLlVuaWNvZGUuR2V0Q2hhcnModW5pY29kZUJ5dGVzKTsKICAgICAgICAgICAgICAgIEFycmF5LkNvcHkocGF0aEJ1ZmZlciwgYnVmZmVyLlBhdGhCdWZmZXIsIHBhdGhCdWZmZXIuTGVuZ3RoKTsKCiAgICAgICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIChVSW50MzIpKGJ1ZmZlci5SZXBhcnNlRGF0YUxlbmd0aCArIDgpLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLCAwLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgdG8gY3JlYXRlIGp1bmN0aW9uIHBvaW50IGF0IHswfSB0byB7MX0iLCBsaW5rUGF0aCwgbGlua1RhcmdldCkpOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZmlsZUhhbmRsZS5EaXNwb3NlKCk7CiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9Cn0KJ0AKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRsaW5rX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKICAgIEltcG9ydC1Qcml2aWxlZ2VVdGlsCiAgICAjIGVuYWJsZSB0aGUgU2VCYWNrdXBQcml2aWxlZ2UgaWYgaXQgaXMgZGlzYWJsZWQKICAgICRzdGF0ZSA9IEdldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQmFja3VwUHJpdmlsZWdlCiAgICBpZiAoJHN0YXRlIC1lcSAkZmFsc2UpIHsKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZSAtTmFtZSBTZUJhY2t1cFByaXZpbGVnZSAtVmFsdWUgJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUxpbmsoJGxpbmtfcGF0aCkgewogICAgJGxpbmtfaW5mbyA9IFtBbnNpYmxlLkxpbmtVdGlsXTo6R2V0TGlua0luZm8oJGxpbmtfcGF0aCkKICAgIHJldHVybiAkbGlua19pbmZvCn0KCkZ1bmN0aW9uIFJlbW92ZS1MaW5rKCRsaW5rX3BhdGgpIHsKICAgIFtBbnNpYmxlLkxpbmtVdGlsXTo6RGVsZXRlTGluaygkbGlua19wYXRoKQp9CgpGdW5jdGlvbiBOZXctTGluaygkbGlua19wYXRoLCAkbGlua190YXJnZXQsICRsaW5rX3R5cGUpIHsKICAgIGlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0KSkgewogICAgICAgIHRocm93ICJsaW5rX3RhcmdldCAnJGxpbmtfdGFyZ2V0JyBkb2VzIG5vdCBleGlzdCwgY2Fubm90IGNyZWF0ZSBsaW5rIgogICAgfQogICAgCiAgICBzd2l0Y2goJGxpbmtfdHlwZSkgewogICAgICAgICJsaW5rIiB7CiAgICAgICAgICAgICR0eXBlID0gW0Fuc2libGUuTGlua1R5cGVdOjpTeW1ib2xpY0xpbmsKICAgICAgICB9CiAgICAgICAgImp1bmN0aW9uIiB7CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGp1bmN0aW9uIHBvaW50IHRvIGEgZmlsZSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SnVuY3Rpb25Qb2ludAogICAgICAgIH0KICAgICAgICAiaGFyZCIgewogICAgICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRsaW5rX3RhcmdldCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGhhcmQgbGluayB0byBhIGRpcmVjdG9yeSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SGFyZExpbmsKICAgICAgICB9CiAgICAgICAgZGVmYXVsdCB7IHRocm93ICJpbnZhbGlkIGxpbmtfdHlwZSBvcHRpb24gJCgkbGlua190eXBlKTogZXhwZWN0aW5nIGxpbmssIGp1bmN0aW9uLCBoYXJkIiB9CiAgICB9CiAgICBbQW5zaWJsZS5MaW5rVXRpbF06OkNyZWF0ZUxpbmsoJGxpbmtfcGF0aCwgJGxpbmtfdGFyZ2V0LCAkdHlwZSkKfQoKIyB0aGlzIGxpbmUgbXVzdCBzdGF5IGF0IHRoZSBib3R0b20gdG8gZW5zdXJlIGFsbCBkZWZpbmVkIG1vZHVsZSBwYXJ0cyBhcmUgZXhwb3J0ZWQKRXhwb3J0LU1vZHVsZU1lbWJlciAtQWxpYXMgKiAtRnVuY3Rpb24gKiAtQ21kbGV0ICoK", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWx ScriptBlock ID: 9fa3a0f4-d5af-441c-9b39-4700976c1c8b Path:	4104	1		3	2	15	0	1786	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1412	1688	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:52 PM	7f70462d-725d-0001-1755-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 6): W4sICRuZXdfc3RhdGUpID4gJG51bGwKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gSW1wb3J0LVByaXZpbGVnZVV0aWwsIEdldC1BbnNpYmxlUHJpdmlsZWdlLCBTZXQtQW5zaWJsZVByaXZpbGVnZSBgCiAgICAtVmFyaWFibGUgYW5zaWJsZV9wcml2aWxlZ2VfdXRpbF9uYW1lc3BhY2VzLCBhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGU=", "Ansible.ModuleUtils.LinkUtil": "ICMgQ29weXJpZ2h0IChjKSAyMDE3IEFuc2libGUgUHJvamVjdAogIyBTaW1wbGlmaWVkIEJTRCBMaWNlbnNlIChzZWUgbGljZW5zZXMvc2ltcGxpZmllZF9ic2QudHh0IG9yIGh0dHBzOi8vb3BlbnNvdXJjZS5vcmcvbGljZW5zZXMvQlNELTItQ2xhdXNlKQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Qcml2aWxlZ2VVdGlsCgpGdW5jdGlvbiBMb2FkLUxpbmtVdGlscygpIHsKICAgICRsaW5rX3V0aWwgPSBAJwp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWM7CnVzaW5nIFN5c3RlbS5JTzsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwp1c2luZyBTeXN0ZW0uVGV4dDsKCm5hbWVzcGFjZSBBbnNpYmxlCnsKICAgIHB1YmxpYyBlbnVtIExpbmtUeXBlCiAgICB7CiAgICAgICAgU3ltYm9saWNMaW5rLAogICAgICAgIEp1bmN0aW9uUG9pbnQsCiAgICAgICAgSGFyZExpbmsKICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CgogICAgICAgIHB1YmxpYyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIExpbmtVdGlsV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgb3ZlcnJpZGUgc3RyaW5nIE1lc3NhZ2UgeyBnZXQgeyByZXR1cm4gX21zZzsgfSB9CiAgICAgICAgcHVibGljIHN0YXRpYyBleHBsaWNpdCBvcGVyYXRvciBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBMaW5rSW5mbwogICAgewogICAgICAgIHB1YmxpYyBMaW5rVHlwZSBUeXBlIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICBwdWJsaWMgc3RyaW5nIFByaW50TmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBTdWJzdGl0dXRlTmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBBYnNvbHV0ZVBhdGggeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIHB1YmxpYyBzdHJpbmcgVGFyZ2V0UGF0aCB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZ1tdIEhhcmRUYXJnZXRzIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgIH0KCiAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICBwdWJsaWMgc3RydWN0IFJFUEFSU0VfREFUQV9CVUZGRVIKICAgIHsKICAgICAgICBwdWJsaWMgVUludDMyIFJlcGFyc2VUYWc7CiAgICAgICAgcHVibGljIFVJbnQxNiBSZXBhcnNlRGF0YUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFJlc2VydmVkOwogICAgICAgIHB1YmxpYyBVSW50MTYgU3Vic3RpdHV0ZU5hbWVPZmZzZXQ7CiAgICAgICAgcHVibGljIFVJbnQxNiBTdWJzdGl0dXRlTmFtZUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZU9mZnNldDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZUxlbmd0aDsKCiAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkJ5VmFsQXJyYXksIFNpemVDb25zdCA9IExpbmtVdGlsLk1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFKV0KICAgICAgICBwdWJsaWMgY2hhcltdIFBhdGhCdWZmZXI7CiAgICB9CgogICAgcHVibGljIGNsYXNzIExpbmtVdGlsCiAgICB7CiAgICAgICAgcHVibGljIGNvbnN0IGludCBNQVhJTVVNX1JFUEFSU0VfREFUQV9CVUZGRVJfU0laRSA9IDEwMjQgKiAxNjsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgPSAweDAyMDAwMDAwOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgPSAweDAwMjAwMDAwOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBGU0NUTF9HRVRfUkVQQVJTRV9QT0lOVCA9IDB4MDAwOTAwQTg7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQgPSAweDAwMDkwMEE0OwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfREVWSUNFX0ZJTEVfU1lTVEVNID0gMHgwMDA5MDAwMDsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgSU9fUkVQQVJTRV9UQUdfTU9VTlRfUE9JTlQgPSAweEEwMDAwMDAzOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIElPX1JFUEFSU0VfVEFHX1NZTUxJTksgPSAweEEwMDAwMDBDOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1MSU5LX0ZMQUdfUkVMQVRJVkUgPSAweDAwMDAwMDAxOwoKICAgICAgICBwcml2YXRlIGNvbnN0IEludDY0IElOVkFMSURfSEFORExFX1ZBTFVFID0gLTE7CgogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIFNJWkVfT0ZfV0NIQVIgPSAyOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRSA9IDB4MDAwMDAwMDA7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgU1lNQk9MSUNfTElOS19GTEFHX0RJUkVDVE9SWSA9IDB4MDAwMDAwMDE7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBTYWZlRmlsZUhhbmRsZSBDcmVhdGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLlU0KV0gRmlsZUFjY2VzcyBkd0Rlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5VNCldIEZpbGVTaGFyZSBkd1NoYXJlTW9kZSwKICAgICAgICAgICAgSW50UHRyIGxwU2VjdXJpdHlBdHRyaWJ1dGVzLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuVTQpXSBGaWxlTW9kZSBkd0NyZWF0aW9uRGlzcG9zaXRpb24sCiAgICAgICAgICAgIFVJbnQzMiBkd0ZsYWdzQW5kQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGhUZW1wbGF0ZUZpbGUpOwoKICAgICAgICAvLyBVc2VkIGJ5IEdldFJlcGFyc2VQb2ludEluZm8oKQogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIERldmljZUlvQ29udHJvbCgKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaERldmljZSwKICAgICAgICAgICAgVUludDMyIGR3SW9Db250cm9sQ29kZSwKICAgICAgICAgICAgSW50UHRyIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgUkVQQVJTRV9EQVRBX0JVRkZFUiBscE91dEJ1ZmZlciwKICAgICAgICAgICAgVUludDMyIG5PdXRCdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgVUludDMyIGxwQnl0ZXNSZXR1cm5lZCwKICAgICAgICAgICAgSW50UHRyIGxwT3ZlcmxhcHBlZCk7CgogICAgICAgIC8vIFVzZWQgYnkgQ3JlYXRlSnVuY3Rpb25Qb2ludCgpCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIGJvb2wgRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICBTYWZlRmlsZUhhbmRsZSBoRGV2aWNlLAogICAgICAgICAgICBVSW50MzIgZHdJb0NvbnRyb2xDb2RlLAogICAgICAgICAgICBSRVBBUlNFX0RBVEFfQlVGRkVSIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBJbnRQdHIgbHBPdXRCdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuT3V0QnVmZmVyU2l6ZSwKICAgICAgICAgICAgb3V0IFVJbnQzMiBscEJ5dGVzUmV0dXJuZWQsCiAgICAgICAgICAgIEludFB0ciBscE92ZXJsYXBwZWQpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBHZXRWb2x1bWVQYXRoTmFtZSgKICAgICAgICAgICAgc3RyaW5nIGxwc3pGaWxlTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscHN6Vm9sdW1lUGF0aE5hbWUsCiAgICAgICAgICAgIHJlZiBVSW50MzIgY2NoQnVmZmVyTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIEludFB0ciBGaW5kRmlyc3RGaWxlTmFtZVcoCiAgICAgICAgICAgIHN0cmluZyBscEZpbGVOYW1lLAogICAgICAgICAgICBVSW50MzIgZHdGbGFncywKICAgICAgICAgICAgcmVmIFVJbnQzMiBTdHJpbmdMZW5ndGgsCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgTGlua05hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBGaW5kTmV4dEZpbGVOYW1lVygKICAgICAgICAgICAgSW50UHRyIGhGaW5kU3RyZWFtLAogICAgICAgICAgICByZWYgVUludDMyIFN0cmluZ0xlbmd0aCwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBMaW5rTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEZpbmRDbG9zZSgKICAgICAgICAgICAgSW50UHRyIGhGaW5kRmlsZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeSgKICAgICAgICAgICAgc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBEZWxldGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIENyZWF0ZVN5bWJvbGljTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwU3ltbGlua0ZpbGVOYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBUYXJnZXRGaWxlTmFtZSwKICAgICAgICAgICAgVUludDMyIGR3RmxhZ3MpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVIYXJkTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwRmlsZU5hbWUsCiAgICAgICAgICAgIHN0cmluZyBscEV4aXN0aW5nRmlsZU5hbWUsCiAgICAgICAgICAgIEludFB0ciBscFNlY3VyaXR5QXR0cmlidXRlcyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgTGlua0luZm8gR2V0TGlua0luZm8oc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rUGF0aCk7CiAgICAgICAgICAgIGlmIChhdHRyLkhhc0ZsYWcoRmlsZUF0dHJpYnV0ZXMuUmVwYXJzZVBvaW50KSkKICAgICAgICAgICAgICAgIHJldHVybiBHZXRSZXBhcnNlUG9pbnRJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIGlmICghYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICByZXR1cm4gR2V0SGFyZExpbmtJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIHJldHVybiBudWxsOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUxpbmsoc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgYm9vbCBzdWNjZXNzOwogICAgICAgICAgICBGaWxlQXR0cmlidXRlcyBhdHRyID0gRmlsZS5HZXRBdHRyaWJ1dGVzKGxpbmtQYXRoKTsKICAgICAgICAgICAgaWYgKGF0dHIuSGFzRmxhZyhGaWxlQXR0cmlidXRlcy5EaXJlY3RvcnkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzdWNjZXNzID0gUmVtb3ZlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIHN1Y2Nlc3MgPSBEZWxldGVGaWxlKGxpbmtQYXRoKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgaWYgKCFzdWNjZXNzKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRmFpbGVkIHRvIGRlbGV0ZSBsaW5rIGF0IHswfSIsIGxpbmtQYXRoKSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgQ3JlYXRlTGluayhzdHJpbmcgbGlua1BhdGgsIFN0cmluZyBsaW5rVGFyZ2V0LCBMaW5rVHlwZSBsaW5rVHlwZSkKICAgICAgICB7CiAgICAgICAgICAgIHN3aXRjaCAobGlua1R5cGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGNhc2UgTGlua1R5cGUuU3ltYm9saWNMaW5rOgogICAgICAgICAgICAgICAgICAgIFVJbnQzMiBsaW5rRmxhZ3M7CiAgICAgICAgICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rVGFyZ2V0KTsKICAgICAgICAgICAgICAgICAgICBpZiAoYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICAgICAgICAgIGxpbmtGbGFncyA9IFNZTUJPTElDX0xJTktfRkxBR19ESVJFQ1RPUlk7CiAgICAgICAgICAgICAgICAgICAgZWxzZQogICAgICAgICAgICAgICAgICAgICAgICBsaW5rRmxhZ3MgPSBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRTsKCiAgICAgICAgICAgICAgICAgICAgaWYgKCFDcmVhdGVTeW1ib2xpY0xpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIGxpbmtGbGFncykpCiAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZVN5bWJvbGljTGluayh7MH0sIHsxfSwgezJ9KSBmYWlsZWQiLCBsaW5rUGF0aCwgbGlua1RhcmdldCwgbGlua0ZsYWdzKSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkp1bmN0aW9uUG9pbnQ6CiAgICAgICAgICAgICAgICAgICAgQ3JlYXRlSnVuY3Rpb25Qb2ludChsaW5rUGF0aCwgbGlua1RhcmdldCk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkhhcmRMaW5rOgogICAgICAgICAgICAgICAgICAgIGlmICghQ3JlYXRlSGFyZExpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlSGFyZExpbmsoezB9LCB7MX0pIGZhaWxlZCIsIGxpbmtQYXRoLCBsaW5rVGFyZ2V0KSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgIH0KICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIExpbmtJbmZvIEdldEhhcmRMaW5rSW5mbyhzdHJpbmcgbGlua1BhdGgpCiAgICAgICAgewogICAgICAgICAgICBVSW50MzIgbWF4UGF0aCA9IDI2MDsKICAgICAgICAgICAgTGlzdDxzdHJpbmc+IHJlc3VsdCA9IG5ldyBMaXN0PHN0cmluZz4oKTsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgc2IgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KW1heFBhdGgpOwogICAgICAgICAgICBVSW50MzIgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgaWYgKCFHZXRWb2x1bWVQYXRoTmFtZShsaW5rUGF0aCwgc2IsIHJlZiBzdHJpbmdMZW5ndGgpKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oIkdldFZvbHVtZVBhdGhOYW1lKCkgZmFpbGVkIik7CiAgICAgICAgICAgIHN0cmluZyB2b2x1bWUgPSBzYi5Ub1N0cmluZygpOwoKICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgSW50UHRyIGZpbmRIYW5kbGUgPSBGaW5kRmlyc3RGaWxlTmFtZVcobGlua1BhdGgsIDAsIHJlZiBzdHJpbmdMZW5ndGgsIHNiKTsKICAgICAgICAgICAgaWYgKGZpbmRIYW5kbGUuVG9JbnQ2NCgpICE9IElOVkFMSURfSEFORExFX1ZBTFVFKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBkbwogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nIGhhcmRMaW5rUGF0aCA9IHNiLlRvU3RyaW5nKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChoYXJkTGlua1BhdGguU3RhcnRzV2l0aCgiXFwiKSkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIGhhcmRMaW5rUGF0aCA9IGhhcmRMaW5rUGF0aC5TdWJzdHJpbmcoMSwgaGFyZExpbmtQYXRoLkxlbmd0aCAtIDEpOwoKICAgICAgICAgICAgICAgICAgICAgICAgcmVzdWx0LkFkZChQYXRoLkNvbWJpbmUodm9sdW1lLCBoYXJkTGlua1BhdGgpKTsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKCiAgICAgICAgICAgICAgICAgICAgfSB3aGlsZSAoRmluZE5leHRGaWxlTmFtZVcoZmluZEhhbmRsZSwgcmVmIHN0cmluZ0xlbmd0aCwgc2IpKTsKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBGaW5kQ2xvc2UoZmluZEhhbmRsZSk7CiAgICAgICAgICAgICAgICB9ICAgICAgICAgICAgICAgIAogICAgICAgICAgICB9CgogICAgICAgICAgICBpZiAocmVzdWx0LkNvdW50ID4gMSkKICAgICAgICAgICAgICAgIHJldHVybiBuZXcgTGlua0luZm8KICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBUeXBlID0gTGlua1R5cGUuSGFyZExpbmssCiAgICAgICAgICAgICAgICAgICAgSGFyZFRhcmdldHMgPSByZXN1bHQuVG9BcnJheSgpCiAgICAgICAgICAgICAgICB9OwoKICAgICAgICAgICAgcmV0dXJuIG51bGw7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBMaW5rSW5mbyBHZXRSZXBhcnNlUG9pbnRJbmZvKHN0cmluZyBsaW5rUGF0aCkKICAgICAgICB7CiAgICAgICAgICAgIFNhZmVGaWxlSGFuZGxlIGZpbGVIYW5kbGUgPSBDcmVhdGVGaWxlKAogICAgICAgICAgICAgICAgbGlua1BhdGgsCiAgICAgICAgICAgICAgICBGaWxlQWNjZXNzLlJlYWQsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuTm9uZSwKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgRmlsZU1vZGUuT3BlbiwKICAgICAgICAgICAgICAgIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgfCBGSUxFX0ZMQUdfQkFDS1VQX1NFTUFOVElDUywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKTsKCiAgICAgICAgICAgIGlmIChmaWxlSGFuZGxlLklzSW52YWxpZCkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZUZpbGUoezB9KSBmYWlsZWQiLCBsaW5rUGF0aCkpOyAgICAgICAgICAgIAoKICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfR0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICAgICAgMCwKICAgICAgICAgICAgICAgICAgICBvdXQgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIE1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgZm9yIGZpbGUgYXQgezB9IiwgbGlua1BhdGgpKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUuRGlzcG9zZSgpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBib29sIGlzUmVsYXRpdmUgPSBmYWxzZTsKICAgICAgICAgICAgaW50IHBhdGhPZmZzZXQgPSAwOwogICAgICAgICAgICBMaW5rVHlwZSBsaW5rVHlwZTsKICAgICAgICAgICAgaWYgKGJ1ZmZlci5SZXBhcnNlVGFnID09IElPX1JFUEFSU0VfVEFHX1NZTUxJTkspCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFVJbnQzMiBidWZmZXJGbGFncyA9IENvbnZlcnQuVG9VSW50MzIoYnVmZmVyLlBhdGhCdWZmZXJbMF0pICsgQ29udmVydC5Ub1VJbnQzMihidWZmZXIuUGF0aEJ1ZmZlclsxXSk7CiAgICAgICAgICAgICAgICBpZiAoYnVmZmVyRmxhZ3MgPT0gU1lNTElOS19GTEFHX1JFTEFUSVZFKQogICAgICAgICAgICAgICAgICAgIGlzUmVsYXRpdmUgPSB0cnVlOwogICAgICAgICAgICAgICAgcGF0aE9mZnNldCA9IDI7CiAgICAgICAgICAgICAgICBsaW5rVHlwZSA9IExpbmtUeXBlLlN5bWJvbGljTGluazsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlIGlmIChidWZmZXIuUmVwYXJzZVRhZyA9PSBJT19SRVBBUlNFX1RBR19NT1VOVF9QT0lOVCkKICAgICAgICAgICAgewogI ScriptBlock ID: 9fa3a0f4-d5af-441c-9b39-4700976c1c8b Path:	4104	1		3	2	15	0	1785	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1412	1688	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:52 PM	7f70462d-725d-0001-1755-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 6): GVnZXMoU2FmZUhhbmRsZSB0b2tlbiwgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gbmV3U3RhdGUpCiAgICAgICAgewogICAgICAgICAgICBib29sIGRpc2FibGVBbGxQcml2aWxlZ2VzOwogICAgICAgICAgICBJbnRQdHIgbmV3U3RhdGVQdHI7CiAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1tdIG9sZFN0YXRlUHJpdmlsZWdlczsKICAgICAgICAgICAgVUludDMyIHJldHVybkxlbmd0aDsKCiAgICAgICAgICAgIGlmIChuZXdTdGF0ZSA9PSBudWxsKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBkaXNhYmxlQWxsUHJpdmlsZWdlcyA9IHRydWU7CiAgICAgICAgICAgICAgICBuZXdTdGF0ZVB0ciA9IEludFB0ci5aZXJvOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZGlzYWJsZUFsbFByaXZpbGVnZXMgPSBmYWxzZTsKCiAgICAgICAgICAgICAgICAvLyBOZWVkIHRvIG1hbnVhbGx5IG1hcnNoYWwgdGhlIGJ5dGVzIHJlcXVpcmVzIGZvciBuZXdTdGF0ZSBhcyB0aGUgY29uc3RhbnQgc2l6ZQogICAgICAgICAgICAgICAgLy8gb2YgTFVJRF9BTkRfQVRUUklCVVRFUyBpcyBzZXQgdG8gMSBhbmQgY2FuJ3QgYmUgb3ZlcnJpZGRlbiBhdCBydW50aW1lLCBUT0tFTl9QUklWSUxFR0VTCiAgICAgICAgICAgICAgICAvLyBhbHdheXMgY29udGFpbnMgYXQgbGVhc3QgMSBlbnRyeSBzbyB3ZSBuZWVkIHRvIGNhbGN1bGF0ZSB0aGUgZXh0cmEgc2l6ZSBpZiB0aGVyZSBhcmUKICAgICAgICAgICAgICAgIC8vIG5vcmUgdGhhbiAxIExVSURfQU5EX0FUVFJJQlVURVMgZW50cnkKICAgICAgICAgICAgICAgIGludCB0b2tlblByaXZpbGVnZXNTaXplID0gTWFyc2hhbC5TaXplT2YodHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgaW50IGx1aWRBdHRyU2l6ZSA9IDA7CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMSkKICAgICAgICAgICAgICAgICAgICBsdWlkQXR0clNpemUgPSBNYXJzaGFsLlNpemVPZih0eXBlb2YoTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTKSkgKiAobmV3U3RhdGUuTGVuZ3RoIC0gMSk7CiAgICAgICAgICAgICAgICBpbnQgdG90YWxTaXplID0gdG9rZW5Qcml2aWxlZ2VzU2l6ZSArIGx1aWRBdHRyU2l6ZTsKICAgICAgICAgICAgICAgIGJ5dGVbXSBuZXdTdGF0ZUJ5dGVzID0gbmV3IGJ5dGVbdG90YWxTaXplXTsKCiAgICAgICAgICAgICAgICAvLyBnZXQgdGhlIGZpcnN0IGVudHJ5IHRoYXQgaW5jbHVkZXMgdGhlIHN0cnVjdCBkZXRhaWxzCiAgICAgICAgICAgICAgICBOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMgdG9rZW5Qcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUygpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgUHJpdmlsZWdlQ291bnQgPSAoVUludDMyKW5ld1N0YXRlLkxlbmd0aCwKICAgICAgICAgICAgICAgICAgICBQcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1sxXSwKICAgICAgICAgICAgICAgIH07CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMCkKICAgICAgICAgICAgICAgICAgICB0b2tlblByaXZpbGVnZXMuUHJpdmlsZWdlc1swXSA9IG5ld1N0YXRlWzBdOwogICAgICAgICAgICAgICAgaW50IG9mZnNldCA9IFN0cnVjdHVyZVRvQnl0ZXModG9rZW5Qcml2aWxlZ2VzLCBuZXdTdGF0ZUJ5dGVzLCAwKTsKCiAgICAgICAgICAgICAgICAvLyBjb3B5IHRoZSByZW1haW5pbmcgTFVJRF9BTkRfQVRUUklCVVRFUyAoaWYgYW55KQogICAgICAgICAgICAgICAgZm9yIChpbnQgaSA9IDE7IGkgPCBuZXdTdGF0ZS5MZW5ndGg7IGkrKykKICAgICAgICAgICAgICAgICAgICBvZmZzZXQgKz0gU3RydWN0dXJlVG9CeXRlcyhuZXdTdGF0ZVtpXSwgbmV3U3RhdGVCeXRlcywgb2Zmc2V0KTsKCiAgICAgICAgICAgICAgICAvLyBmaW5hbGx5IGNyZWF0ZSB0aGUgcG9pbnRlciB0byB0aGUgYnl0ZSBhcnJheSB3ZSBqdXN0IGNyZWF0ZWQKICAgICAgICAgICAgICAgIG5ld1N0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwobmV3U3RhdGVCeXRlcy5MZW5ndGgpOwogICAgICAgICAgICAgICAgTWFyc2hhbC5Db3B5KG5ld1N0YXRlQnl0ZXMsIDAsIG5ld1N0YXRlUHRyLCBuZXdTdGF0ZUJ5dGVzLkxlbmd0aCk7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBJbnRQdHIgaFRva2VuID0gSW50UHRyLlplcm87CiAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuT3BlblByb2Nlc3NUb2tlbih0b2tlbiwgVG9rZW5BY2Nlc3NMZXZlbHMuUXVlcnkgfCBUb2tlbkFjY2Vzc0xldmVscy5BZGp1c3RQcml2aWxlZ2VzLCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIk9wZW5Qcm9jZXNzVG9rZW4oKSBmYWlsZWQgd2l0aCBRdWVyeSBhbmQgQWRqdXN0UHJpdmlsZWdlcyIpOwogICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgSW50UHRyIG9sZFN0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoMCk7CiAgICAgICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkFkanVzdFRva2VuUHJpdmlsZWdlcyhoVG9rZW4sIGRpc2FibGVBbGxQcml2aWxlZ2VzLCBuZXdTdGF0ZVB0ciwgMCwgb2xkU3RhdGVQdHIsIG91dCByZXR1cm5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChlcnJDb2RlICE9IDEyMikgLy8gRVJST1JfSU5TVUZGSUNJRU5UX0JVRkZFUgogICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKGVyckNvZGUsICJBZGp1c3RUb2tlblByaXZpbGVnZXMoKSBmYWlsZWQgdG8gZ2V0IG9sZCBzdGF0ZSBzaXplIik7CiAgICAgICAgICAgICAgICAgICAgfQoKICAgICAgICAgICAgICAgICAgICAvLyByZXNpemUgdGhlIG9sZFN0YXRlUHRyIGJhc2VkIG9uIHRoZSBsZW5ndGggcmV0dXJuZWQgZnJvbSBXaW5kb3dzCiAgICAgICAgICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChvbGRTdGF0ZVB0cik7CiAgICAgICAgICAgICAgICAgICAgb2xkU3RhdGVQdHIgPSBNYXJzaGFsLkFsbG9jSEdsb2JhbCgoaW50KXJldHVybkxlbmd0aCk7CiAgICAgICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBib29sIHJlcyA9IE5hdGl2ZU1ldGhvZHMuQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKGhUb2tlbiwgZGlzYWJsZUFsbFByaXZpbGVnZXMsIG5ld1N0YXRlUHRyLCByZXR1cm5MZW5ndGgsIG9sZFN0YXRlUHRyLCBvdXQgcmV0dXJuTGVuZ3RoKTsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBldmVuIHdoZW4gcmVzID09IHRydWUsIEVSUk9SX05PVF9BTExfQVNTSUdORUQgbWF5IGJlIHNldCBhcyB0aGUgbGFzdCBlcnJvciBjb2RlCiAgICAgICAgICAgICAgICAgICAgICAgIGlmICghcmVzIHx8IGVyckNvZGUgIT0gMCkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihlcnJDb2RlLCAiQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKCkgZmFpbGVkIik7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBNYXJzaGFsIHRoZSBvbGRTdGF0ZVB0ciB0byB0aGUgc3RydWN0CiAgICAgICAgICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUyBvbGRTdGF0ZSA9IChOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShvbGRTdGF0ZVB0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgICAgICBvbGRTdGF0ZVByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW29sZFN0YXRlLlByaXZpbGVnZUNvdW50XTsKICAgICAgICAgICAgICAgICAgICAgICAgUHRyVG9TdHJ1Y3R1cmVBcnJheShvbGRTdGF0ZVByaXZpbGVnZXMsIEludFB0ci5BZGQob2xkU3RhdGVQdHIsIE1hcnNoYWwuU2l6ZU9mKG9sZFN0YXRlLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBNYXJzaGFsLkZyZWVIR2xvYmFsKG9sZFN0YXRlUHRyKTsKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5DbG9zZUhhbmRsZShoVG9rZW4pOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaWYgKG5ld1N0YXRlUHRyICE9IEludFB0ci5aZXJvKQogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwobmV3U3RhdGVQdHIpOwogICAgICAgICAgICB9CgogICAgICAgICAgICByZXR1cm4gb2xkU3RhdGVQcml2aWxlZ2VzLlRvRGljdGlvbmFyeShwID0+IEdldFByaXZpbGVnZU5hbWUocC5MdWlkKSwgcCA9PiAoYm9vbD8pcC5BdHRyaWJ1dGVzLkhhc0ZsYWcoUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBzdHJpbmcgR2V0UHJpdmlsZWdlTmFtZShOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZCkKICAgICAgICB7CiAgICAgICAgICAgIFVJbnQzMiBuYW1lTGVuID0gMDsKICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5Mb29rdXBQcml2aWxlZ2VOYW1lKG51bGwsIHJlZiBsdWlkLCBudWxsLCByZWYgbmFtZUxlbik7CgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIG5hbWUgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KShuYW1lTGVuICsgMSkpOwogICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuTG9va3VwUHJpdmlsZWdlTmFtZShudWxsLCByZWYgbHVpZCwgbmFtZSwgcmVmIG5hbWVMZW4pKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJMb29rdXBQcml2aWxlZ2VOYW1lKCkgZmFpbGVkIik7CgogICAgICAgICAgICByZXR1cm4gbmFtZS5Ub1N0cmluZygpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBQdHJUb1N0cnVjdHVyZUFycmF5PFQ+KFRbXSBhcnJheSwgSW50UHRyIHB0cikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBwdHJPZmZzZXQgPSBwdHI7CiAgICAgICAgICAgIGZvciAoaW50IGkgPSAwOyBpIDwgYXJyYXkuTGVuZ3RoOyBpKyssIHB0ck9mZnNldCA9IEludFB0ci5BZGQocHRyT2Zmc2V0LCBNYXJzaGFsLlNpemVPZih0eXBlb2YoVCkpKSkKICAgICAgICAgICAgICAgIGFycmF5W2ldID0gKFQpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShwdHJPZmZzZXQsIHR5cGVvZihUKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBpbnQgU3RydWN0dXJlVG9CeXRlczxUPihUIHN0cnVjdHVyZSwgYnl0ZVtdIGFycmF5LCBpbnQgb2Zmc2V0KQogICAgICAgIHsKICAgICAgICAgICAgaW50IHNpemUgPSBNYXJzaGFsLlNpemVPZihzdHJ1Y3R1cmUpOwogICAgICAgICAgICBJbnRQdHIgc3RydWN0UHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoc2l6ZSk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBNYXJzaGFsLlN0cnVjdHVyZVRvUHRyKHN0cnVjdHVyZSwgc3RydWN0UHRyLCBmYWxzZSk7CiAgICAgICAgICAgICAgICBNYXJzaGFsLkNvcHkoc3RydWN0UHRyLCBhcnJheSwgb2Zmc2V0LCBzaXplKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwoc3RydWN0UHRyKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgcmV0dXJuIHNpemU7CiAgICAgICAgfQogICAgfQp9CidACgpGdW5jdGlvbiBJbXBvcnQtUHJpdmlsZWdlVXRpbCB7CiAgICA8IwogICAgLlNZTk9QU0lTCiAgICBDb21waWxlcyB0aGUgQyMgY29kZSB0aGF0IGNhbiBiZSB1c2VkIHRvIG1hbmFnZSBXaW5kb3dzIHByaXZpbGVnZXMgZnJvbSBhbgogICAgQW5zaWJsZSBtb2R1bGUuIE9uY2UgdGhpcyBmdW5jdGlvbiBpcyBjYWxsZWQsIHRoZSBmb2xsb3dpbmcgUG93ZXJTaGVsbAogICAgY21kbGV0cyBjYW4gYmUgdXNlZDsKCiAgICAgICAgR2V0LUFuc2libGVQcml2aWxlZ2UKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZQoKICAgIFRoZSBhYm92ZSBjbWRsZXRzIGdpdmUgdGhlIGFiaWxpdHkgdG8gbWFuYWdlIHBlcm1pc3Npb25zIG9uIHRoZSBjdXJyZW50CiAgICBwcm9jZXNzIHRva2VuIGJ1dCB0aGUgdW5kZXJseWluZyAuTkVUIGNsYXNzZXMgYXJlIGFsc28gZXhwb3NlZCBmb3IgZ3JlYXRlcgogICAgY29udHJvbC4gVGhlIGZvbGxvd2luZyBmdW5jdGlvbnMgY2FuIGJlIHVzZWQgYnkgY2FsbGluZyB0aGUgLk5FVCBjbGFzcwoKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkbmFtZSkKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkRpc2FibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6RGlzYWJsZUFsbFByaXZpbGVnZXMoJHByb2Nlc3MpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpFbmFibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2VzcykKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OlJlbW92ZVByaXZpbGVnZSgkcHJvY2VzcywgJG5hbWUpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3MsICRuZXdfc3RhdGUpCgogICAgSGVyZSBpcyBhIGJyaWVmIGV4cGxhbmF0aW9uIG9mIGVhY2ggdHlwZSBvZiBhcmcKICAgICRwcm9jZXNzID0gVGhlIHByb2Nlc3MgaGFuZGxlIHRvIG1hbmlwdWxhdGUsIHVzZSAnW0Fuc2libGUuUHJpdmlsZWdlVXRpbHMuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCknIHRvIGdldCB0aGUgY3VycmVudCBwcm9jZXNzIGhhbmRsZQogICAgJG5hbWUgPSBUaGUgbmFtZSBvZiB0aGUgcHJpdmlsZWdlLCB0aGlzIGlzIHRoZSBjb25zdGFudCB2YWx1ZSBmcm9tIGh0dHBzOi8vZG9jcy5taWNyb3NvZnQuY29tL2VuLXVzL3dpbmRvd3MvZGVza3RvcC9TZWNBdXRoWi9wcml2aWxlZ2UtY29uc3RhbnRzLCBlLmcuIFNlQXVkaXRQcml2aWxlZ2UKICAgICRuZXdfc3RhdGUgPSAnU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuRGljdGlvbmFyeWAyW1tTeXN0ZW0uU3RyaW5nXSwgW1N5c3RlbS5OdWxsYWJsZWAxW1N5c3RlbS5Cb29sZWFuXV1dJwogICAgICAgIFRoZSBrZXkgaXMgdGhlIGNvbnN0YW50IG5hbWUgYXMgYSBzdHJpbmcsIHRoZSB2YWx1ZSBpcyBhIHRlcm5hcnkgYm9vbGVhbiB3aGVyZQogICAgICAgICAgICB0cnVlIC0gd2lsbCBlbmFibGUgdGhlIHByaXZpbGVnZQogICAgICAgICAgICBmYWxzZSAtIHdpbGwgZGlzYWJsZSB0aGUgcHJpdmlsZWdlCiAgICAgICAgICAgIG51bGwgLSB3aWxsIHJlbW92ZSB0aGUgcHJpdmlsZWdlCgogICAgRWFjaCBtZXRob2QgdGhhdCBjaGFuZ2VzIHRoZSBwcml2aWxlZ2Ugc3RhdGUgd2lsbCByZXR1cm4gYSBkaWN0aW9uYXJ5IHRoYXQKICAgIGNhbiBiZSB1c2VkIGFzIHRoZSAkbmV3X3N0YXRlIGFyZyBvZiBTZXRUb2tlblByaXZpbGVnZXMgdG8gdW5kbyBhbmQgcmV2ZXJ0CiAgICBiYWNrIHRvIHRoZSBvcmlnaW5hbCBzdGF0ZS4gSWYgeW91IHJlbW92ZSBhIHByaXZpbGVnZSB0aGVuIHRoaXMgaXMKICAgIGlycmV2ZXJzaWJsZSBhbmQgd29uJ3QgYmUgcGFydCBvZiB0aGUgcmV0dXJuZWQgZGljdAogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICAjIGJ1aWxkIHRoZSBDIyBjb2RlIHRvIGNvbXBpbGUKICAgICRuYW1lc3BhY2VfaW1wb3J0ID0gKCRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX25hbWVzcGFjZXMgfCBGb3JFYWNoLU9iamVjdCB7ICJ1c2luZyAkXzsiIH0pIC1qb2luICJgcmBuIgogICAgJHBsYXRmb3JtX3V0aWwgPSAiJG5hbWVzcGFjZV9pbXBvcnRgcmBuYHJgbiRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGUiCgogICAgIyBGVVRVUkU6IGZpbmQgYSBiZXR0ZXIgd2F5IHRvIGdldCB0aGUgX2Fuc2libGVfcmVtb3RlX3RtcCB2YXJpYWJsZQogICAgIyB0aGlzIGlzIHVzZWQgdG8gZm9yY2UgY3NjIHRvIGNvbXBpbGUgdGhlIEMjIGNvZGUgaW4gdGhlIHJlbW90ZSB0bXAKICAgICMgc3BlY2lmaWVkCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwbGF0Zm9ybV91dGlsCiAgICAkZW52OlRNUCA9ICRvcmlnaW5hbF90bXAKfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQcml2aWxlZ2UgewogICAgPCMKICAgIC5TWU5PUFNJUwogICAgR2V0IHRoZSBzdGF0dXMgb2YgYSBwcml2aWxlZ2UgZm9yIHRoZSBjdXJyZW50IHByb2Nlc3MuIFRoaXMgcmV0dXJucwogICAgICAgICR0cnVlIC0gdGhlIHByaXZpbGVnZSBpcyBlbmFibGVkCiAgICAgICAgJGZhbHNlIC0gdGhlIHByaXZpbGVnZSBpcyBkaXNhYmxlZAogICAgICAgICRudWxsIC0gdGhlIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gdGhlIHRva2VuCgogICAgSWYgTmFtZSBpcyBub3QgYSB2YWxpZCBwcml2aWxlZ2UgbmFtZSwgdGhpcyB3aWxsIHRocm93IGFuCiAgICBBcmd1bWVudEV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VEZWJ1Z1ByaXZpbGVnZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZQogICAgKQoKICAgIGlmICgtbm90IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkTmFtZSkpIHsKICAgICAgICB0aHJvdyBbU3lzdGVtLkFyZ3VtZW50RXhjZXB0aW9uXSAiSW52YWxpZCBwcml2aWxlZ2UgbmFtZSAnJE5hbWUnIgogICAgfQoKICAgICRwcm9jZXNzX3Rva2VuID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0Q3VycmVudFByb2Nlc3MoKQogICAgJHByaXZpbGVnZV9pbmZvID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2Vzc190b2tlbikKICAgIGlmICgkcHJpdmlsZWdlX2luZm8uQ29udGFpbnNLZXkoJE5hbWUpKSB7CiAgICAgICAgJHN0YXR1cyA9ICRwcml2aWxlZ2VfaW5mby4kTmFtZQogICAgICAgIHJldHVybiAkc3RhdHVzLkhhc0ZsYWcoW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VBdHRyaWJ1dGVzXTo6RW5hYmxlZCkKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRudWxsCiAgICB9Cn0KCkZ1bmN0aW9uIFNldC1BbnNpYmxlUHJpdmlsZWdlIHsKICAgIDwjCiAgICAuU1lOT1BTSVMKICAgIEVuYWJsZXMvRGlzYWJsZXMgYSBwcml2aWxlZ2Ugb24gdGhlIGN1cnJlbnQgcHJvY2VzcycgdG9rZW4uIElmIGEgcHJpdmlsZWdlCiAgICBoYXMgYmVlbiByZW1vdmVkIGZyb20gdGhlIHByb2Nlc3MgdG9rZW4sIHRoaXMgd2lsbCB0aHJvdyBhbgogICAgSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgIyBlbmFibGUgYSBwcml2aWxlZ2UKICAgIFNldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQ3JlYXRlU3ltYm9saWNMaW5rUHJpdmlsZWdlIC1WYWx1ZSAkdHJ1ZQoKICAgICMgZGlzYWJsZSBhIHByaXZpbGVnZQogICAgU2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VDcmVhdGVTeW1ib2xpY0xpbmtQcml2aWxlZ2UgLVZhbHVlICRmYWxzZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKFN1cHBvcnRzU2hvdWxkUHJvY2VzcyldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZSwKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW2Jvb2xdJFZhbHVlCiAgICApCgogICAgJGFjdGlvbiA9IHN3aXRjaCgkVmFsdWUpIHsKICAgICAgICAkdHJ1ZSB7ICJFbmFibGUiIH0KICAgICAgICAkZmFsc2UgeyAiRGlzYWJsZSIgfQogICAgfQoKICAgICRjdXJyZW50X3N0YXRlID0gR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgJE5hbWUKICAgIGlmICgkY3VycmVudF9zdGF0ZSAtZXEgJFZhbHVlKSB7CiAgICAgICAgcmV0dXJuICAjIG5vIGNoYW5nZSBuZWVkcyB0byBvY2N1cgogICAgfSBlbHNlaWYgKCRudWxsIC1lcSAkY3VycmVudF9zdGF0ZSkgewogICAgICAgICMgb25jZSBhIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gYSB0b2tlbiB3ZSBjYW5ub3QgZG8gYW55dGhpbmcgd2l0aCBpdAogICAgICAgIHRocm93IFtTeXN0ZW0uSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbl0gIkNhbm5vdCAkKCRhY3Rpb24uVG9Mb3dlcigpKSB0aGUgcHJpdmlsZWdlICckTmFtZScgYXMgaXQgaGFzIGJlZW4gcmVtb3ZlZCBmcm9tIHRoZSB0b2tlbiIKICAgIH0KCiAgICAkcHJvY2Vzc190b2tlbiA9IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCkKICAgIGlmICgkUFNDbWRsZXQuU2hvdWxkUHJvY2VzcygkTmFtZSwgIiRhY3Rpb24gdGhlIHByaXZpbGVnZSAkTmFtZSIpKSB7CiAgICAgICAgJG5ld19zdGF0ZSA9IE5ldy1PYmplY3QgLVR5cGVOYW1lICdTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5EaWN0aW9uYXJ5YDJbW1N5c3RlbS5TdHJpbmddLCBbU3lzdGVtLk51bGxhYmxlYDFbU3lzdGVtLkJvb2xlYW5dXV0nCiAgICAgICAgJG5ld19zdGF0ZS5BZGQoJE5hbWUsICRWYWx1ZSkKICAgICAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3NfdG9rZ ScriptBlock ID: 9fa3a0f4-d5af-441c-9b39-4700976c1c8b Path:	4104	1		3	2	15	0	1784	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1412	1688	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:52 PM	7f70462d-725d-0001-1755-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 6): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.PrivilegeUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTggQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiMgc3RvcmUgaW4gc2VwYXJhdGUgdmFyaWFibGVzIHRvIG1ha2UgaXQgZWFzaWVyIGZvciBvdGhlciBtb2R1bGVfdXRpbHMgdG8KIyBzaGFyZSB0aGlzIGNvZGUgaW4gdGhlaXIgb3duIGMjIGNvZGUKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfbmFtZXNwYWNlcyA9IEAoCiAgICAiTWljcm9zb2Z0LldpbjMyLlNhZmVIYW5kbGVzIiwKICAgICJTeXN0ZW0iLAogICAgIlN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljIiwKICAgICJTeXN0ZW0uTGlucSIsCiAgICAiU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzIiwKICAgICJTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsIiwKICAgICJTeXN0ZW0uVGV4dCIKKQoKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfY29kZSA9IEAnCm5hbWVzcGFjZSBBbnNpYmxlLlByaXZpbGVnZVV0aWwKewogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gUHJpdmlsZWdlQXR0cmlidXRlcyA6IHVpbnQKICAgIHsKICAgICAgICBEaXNhYmxlZCA9IDB4MDAwMDAwMDAsCiAgICAgICAgRW5hYmxlZEJ5RGVmYXVsdCA9IDB4MDAwMDAwMDEsCiAgICAgICAgRW5hYmxlZCA9IDB4MDAwMDAwMDIsCiAgICAgICAgUmVtb3ZlZCA9IDB4MDAwMDAwMDQsCiAgICAgICAgVXNlZEZvckFjY2VzcyA9IDB4ODAwMDAwMDAsCiAgICB9CgogICAgaW50ZXJuYWwgY2xhc3MgTmF0aXZlSGVscGVycwogICAgewogICAgICAgIFtTdHJ1Y3RMYXlvdXQoTGF5b3V0S2luZC5TZXF1ZW50aWFsKV0KICAgICAgICBpbnRlcm5hbCBzdHJ1Y3QgTFVJRAogICAgICAgIHsKICAgICAgICAgICAgcHVibGljIFVJbnQzMiBMb3dQYXJ0OwogICAgICAgICAgICBwdWJsaWMgSW50MzIgSGlnaFBhcnQ7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IExVSURfQU5EX0FUVFJJQlVURVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBMVUlEIEx1aWQ7CiAgICAgICAgICAgIHB1YmxpYyBQcml2aWxlZ2VBdHRyaWJ1dGVzIEF0dHJpYnV0ZXM7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IFRPS0VOX1BSSVZJTEVHRVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBVSW50MzIgUHJpdmlsZWdlQ291bnQ7CiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5CeVZhbEFycmF5LCBTaXplQ29uc3QgPSAxKV0KICAgICAgICAgICAgcHVibGljIExVSURfQU5EX0FUVFJJQlVURVNbXSBQcml2aWxlZ2VzOwogICAgICAgIH0KICAgIH0KCiAgICBpbnRlcm5hbCBjbGFzcyBOYXRpdmVNZXRob2RzCiAgICB7CiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIEFkanVzdFRva2VuUHJpdmlsZWdlcygKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuQm9vbCldIGJvb2wgRGlzYWJsZUFsbFByaXZpbGVnZXMsCiAgICAgICAgICAgIEludFB0ciBOZXdTdGF0ZSwKICAgICAgICAgICAgVUludDMyIEJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgSW50UHRyIFByZXZpb3VzU3RhdGUsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIENsb3NlSGFuZGxlKAogICAgICAgICAgICBJbnRQdHIgaE9iamVjdCk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBTYWZlV2FpdEhhbmRsZSBHZXRDdXJyZW50UHJvY2VzcygpOwoKICAgICAgICBbRGxsSW1wb3J0KCJhZHZhcGkzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBpbnRlcm5hbCBzdGF0aWMgZXh0ZXJuIGJvb2wgR2V0VG9rZW5JbmZvcm1hdGlvbigKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBVSW50MzIgVG9rZW5JbmZvcm1hdGlvbkNsYXNzLAogICAgICAgICAgICBJbnRQdHIgVG9rZW5JbmZvcm1hdGlvbiwKICAgICAgICAgICAgVUludDMyIFRva2VuSW5mb3JtYXRpb25MZW5ndGgsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZU5hbWUoCiAgICAgICAgICAgIHN0cmluZyBscFN5c3RlbU5hbWUsCiAgICAgICAgICAgIHJlZiBOYXRpdmVIZWxwZXJzLkxVSUQgbHBMdWlkLAogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGxwTmFtZSwKICAgICAgICAgICAgcmVmIFVJbnQzMiBjY2hOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZVZhbHVlKAogICAgICAgICAgICBzdHJpbmcgbHBTeXN0ZW1OYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBOYW1lLAogICAgICAgICAgICBvdXQgTmF0aXZlSGVscGVycy5MVUlEIGxwTHVpZCk7CgogICAgICAgIFtEbGxJbXBvcnQoImFkdmFwaTMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIGludGVybmFsIHN0YXRpYyBleHRlcm4gYm9vbCBPcGVuUHJvY2Vzc1Rva2VuKAogICAgICAgICAgICBTYWZlSGFuZGxlIFByb2Nlc3NIYW5kbGUsCiAgICAgICAgICAgIFRva2VuQWNjZXNzTGV2ZWxzIERlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIG91dCBJbnRQdHIgVG9rZW5IYW5kbGUpOwogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KICAgICAgICBwdWJsaWMgV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQogICAgICAgIHB1YmxpYyBvdmVycmlkZSBzdHJpbmcgTWVzc2FnZSB7IGdldCB7IHJldHVybiBfbXNnOyB9IH0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4cGxpY2l0IG9wZXJhdG9yIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgV2luMzJFeGNlcHRpb24obWVzc2FnZSk7IH0KICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgUHJpdmlsZWdlcwogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIHJlYWRvbmx5IFVJbnQzMiBUT0tFTl9QUklWSUxFR0VTID0gMzsKCgogICAgICAgIHB1YmxpYyBzdGF0aWMgYm9vbCBDaGVja1ByaXZpbGVnZU5hbWUoc3RyaW5nIG5hbWUpCiAgICAgICAgewogICAgICAgICAgICBOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZDsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIG5hbWUsIG91dCBsdWlkKSkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICBpZiAoZXJyQ29kZSAhPSAxMzEzKSAgLy8gRVJST1JfTk9fU1VDSF9QUklWSUxFR0UKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oZXJyQ29kZSwgU3RyaW5nLkZvcm1hdCgiTG9va3VwUHJpdmlsZWdlVmFsdWUoezB9KSBmYWlsZWQiLCBuYW1lKSk7CiAgICAgICAgICAgICAgICByZXR1cm4gZmFsc2U7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZWxzZQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICByZXR1cm4gdHJ1ZTsKICAgICAgICAgICAgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IERpc2FibGVQcml2aWxlZ2UoU2FmZUhhbmRsZSB0b2tlbiwgc3RyaW5nIHByaXZpbGVnZSkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgZmFsc2UgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBEaXNhYmxlQWxsUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuKQogICAgICAgIHsKICAgICAgICAgICAgcmV0dXJuIEFkanVzdFRva2VuUHJpdmlsZWdlcyh0b2tlbiwgbnVsbCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIERpY3Rpb25hcnk8c3RyaW5nLCBib29sPz4gRW5hYmxlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICByZXR1cm4gU2V0VG9rZW5Qcml2aWxlZ2VzKHRva2VuLCBuZXcgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PigpIHsgeyBwcml2aWxlZ2UsIHRydWUgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IEdldEFsbFByaXZpbGVnZUluZm8oU2FmZUhhbmRsZSB0b2tlbikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBoVG9rZW4gPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLk9wZW5Qcm9jZXNzVG9rZW4odG9rZW4sIFRva2VuQWNjZXNzTGV2ZWxzLlF1ZXJ5LCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiT3BlblByb2Nlc3NUb2tlbigpIGZhaWxlZCIpOwoKICAgICAgICAgICAgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IGluZm8gPSBuZXcgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+KCk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBVSW50MzIgdG9rZW5MZW5ndGggPSAwOwogICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5HZXRUb2tlbkluZm9ybWF0aW9uKGhUb2tlbiwgVE9LRU5fUFJJVklMRUdFUywgSW50UHRyLlplcm8sIDAsIG91dCB0b2tlbkxlbmd0aCk7CgogICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlczsKICAgICAgICAgICAgICAgIEludFB0ciBwcml2aWxlZ2VzUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoKGludCl0b2tlbkxlbmd0aCk7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuR2V0VG9rZW5JbmZvcm1hdGlvbihoVG9rZW4sIFRPS0VOX1BSSVZJTEVHRVMsIHByaXZpbGVnZXNQdHIsIHRva2VuTGVuZ3RoLCBvdXQgdG9rZW5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkdldFRva2VuSW5mb3JtYXRpb24oKSBmb3IgVE9LRU5fUFJJVklMRUdFUyBmYWlsZWQiKTsKCiAgICAgICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTIHByaXZpbGVnZUluZm8gPSAoTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTKU1hcnNoYWwuUHRyVG9TdHJ1Y3R1cmUocHJpdmlsZWdlc1B0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgIHByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW3ByaXZpbGVnZUluZm8uUHJpdmlsZWdlQ291bnRdOwogICAgICAgICAgICAgICAgICAgIFB0clRvU3RydWN0dXJlQXJyYXkocHJpdmlsZWdlcywgSW50UHRyLkFkZChwcml2aWxlZ2VzUHRyLCBNYXJzaGFsLlNpemVPZihwcml2aWxlZ2VJbmZvLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwocHJpdmlsZWdlc1B0cik7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgaW5mbyA9IHByaXZpbGVnZXMuVG9EaWN0aW9uYXJ5KHAgPT4gR2V0UHJpdmlsZWdlTmFtZShwLkx1aWQpLCBwID0+IHAuQXR0cmlidXRlcyk7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBOYXRpdmVNZXRob2RzLkNsb3NlSGFuZGxlKGhUb2tlbik7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgcmV0dXJuIGluZm87CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIFNhZmVXYWl0SGFuZGxlIEdldEN1cnJlbnRQcm9jZXNzKCkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBOYXRpdmVNZXRob2RzLkdldEN1cnJlbnRQcm9jZXNzKCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgUmVtb3ZlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgbnVsbCB9IH0pOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IFNldFRva2VuUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuLCBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IHN0YXRlKQogICAgICAgIHsKICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlQXR0ciA9IG5ldyBOYXRpdmVIZWxwZXJzLkxVSURfQU5EX0FUVFJJQlVURVNbc3RhdGUuQ291bnRdOwogICAgICAgICAgICBpbnQgaSA9IDA7CgogICAgICAgICAgICBmb3JlYWNoIChLZXlWYWx1ZVBhaXI8c3RyaW5nLCBib29sPz4gZW50cnkgaW4gc3RhdGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRCBsdWlkOwogICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIGVudHJ5LktleSwgb3V0IGx1aWQpKQogICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJMb29rdXBQcml2aWxlZ2VWYWx1ZSh7MH0pIGZhaWxlZCIsIGVudHJ5LktleSkpOwoKICAgICAgICAgICAgICAgIFByaXZpbGVnZUF0dHJpYnV0ZXMgYXR0cmlidXRlczsKICAgICAgICAgICAgICAgIHN3aXRjaCAoZW50cnkuVmFsdWUpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgY2FzZSB0cnVlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkOwogICAgICAgICAgICAgICAgICAgICAgICBicmVhazsKICAgICAgICAgICAgICAgICAgICBjYXNlIGZhbHNlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5EaXNhYmxlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICAgICAgZGVmYXVsdDoKICAgICAgICAgICAgICAgICAgICAgICAgYXR0cmlidXRlcyA9IFByaXZpbGVnZUF0dHJpYnV0ZXMuUmVtb3ZlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgcHJpdmlsZWdlQXR0cltpXS5MdWlkID0gbHVpZDsKICAgICAgICAgICAgICAgIHByaXZpbGVnZUF0dHJbaV0uQXR0cmlidXRlcyA9IGF0dHJpYnV0ZXM7CiAgICAgICAgICAgICAgICBpKys7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHJldHVybiBBZGp1c3RUb2tlblByaXZpbGVnZXModG9rZW4sIHByaXZpbGVnZUF0dHIpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBBZGp1c3RUb2tlblByaXZpb ScriptBlock ID: 9fa3a0f4-d5af-441c-9b39-4700976c1c8b Path:	4104	1		3	2	15	0	1783	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1412	1688	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:52 PM	7f70462d-725d-0001-1755-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1782	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1412	740	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:52 PM	7f70462d-725d-0002-8291-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1412 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1781	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1412	1944	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:52 PM	7f70462d-725d-0002-8291-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1780	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1412	740	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:52 PM	7f70462d-725d-0002-8291-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.DirectoryServices.AccountManagement" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 7809ab0e-9d04-4785-b891-46e07004f5e7 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = e8f0e172-06e3-4c66-9c42-bc29a0ec14f4 Pipeline ID = 5 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 35 User = HV-CINDER-79963\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1779	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4224	1344	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:46 PM	7f70462d-725d-0002-4991-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $_.$guid_key -eq $adapter.SettingID } ScriptBlock ID: 2de7051a-b108-48f4-b1de-6252d048c25a Path:	4104	1		3	2	15	0	1778	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4224	1344	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:46 PM	7f70462d-725d-0001-0b55-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Error Message = The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: The term 'facter' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. Fully Qualified Error ID = CommandNotFoundException,Microsoft.PowerShell.Commands.GetCommandCommand Context: Severity = Warning Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 7809ab0e-9d04-4785-b891-46e07004f5e7 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = e8f0e172-06e3-4c66-9c42-bc29a0ec14f4 Pipeline ID = 5 Command Name = Get-Command Command Type = Cmdlet Script Name = Command Path = Sequence Number = 33 User = HV-CINDER-79963\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4100	1		3	106	19	0	1777	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4224	1344	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:46 PM	7f70462d-725d-0002-3c91-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	To be used when an exception is raised	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2018, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy Function Get-CustomFacts { [cmdletBinding()] param ( [Parameter(mandatory=$false)] $factpath = $null ) if (-not (Test-Path -Path $factpath)) { Fail-Json $result "The path $factpath does not exist. Typo?" } $FactsFiles = Get-ChildItem -Path $factpath | Where-Object -FilterScript {($PSItem.PSIsContainer -eq $false) -and ($PSItem.Extension -eq '.ps1')} foreach ($FactsFile in $FactsFiles) { $out = & $($FactsFile.FullName) $result.ansible_facts.Add("ansible_$(($FactsFile.Name).Split('.')[0])", $out) } } Function Get-MachineSid { # The Machine SID is stored in HKLM:\SECURITY\SAM\Domains\Account and is # only accessible by the Local System account. This method get's the local # admin account (ends with -500) and lops it off to get the machine sid. $admins_sid = "S-1-5-32-544" $admin_group = ([Security.Principal.SecurityIdentifier]$admins_sid).Translate([Security.Principal.NTAccount]).Value Add-Type -AssemblyName System.DirectoryServices.AccountManagement $principal_context = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext([System.DirectoryServices.AccountManagement.ContextType]::Machine) $group_principal = New-Object -TypeName System.DirectoryServices.AccountManagement.GroupPrincipal($principal_context, $admin_group) $searcher = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalSearcher($group_principal) $groups = $searcher.FindOne() $machine_sid = $null foreach ($user in $groups.Members) { $user_sid = $user.Sid if ($user_sid.Value.EndsWith("-500")) { $machine_sid = $user_sid.AccountDomainSid.Value break } } return $machine_sid } $cim_instances = @{} Function Get-LazyCimInstance([string]$instance_name, [string]$namespace="Root\CIMV2") { if(-not $cim_instances.ContainsKey($instance_name)) { $cim_instances[$instance_name] = $(Get-CimInstance -Namespace $namespace -ClassName $instance_name) } return $cim_instances[$instance_name] } $result = @{ ansible_facts = @{ } changed = $false } $grouped_subsets = @{ min=[System.Collections.Generic.List[string]]@('date_time','distribution','dns','env','local','platform','powershell_version','user') network=[System.Collections.Generic.List[string]]@('all_ipv4_addresses','all_ipv6_addresses','interfaces','windows_domain', 'winrm') hardware=[System.Collections.Generic.List[string]]@('bios','memory','processor','uptime') external=[System.Collections.Generic.List[string]]@('facter') } # build "all" set from everything mentioned in the group- this means every value must be in at least one subset to be considered legal $all_set = [System.Collections.Generic.HashSet[string]]@() foreach($kv in $grouped_subsets.GetEnumerator()) { [void] $all_set.UnionWith($kv.Value) } # dynamically create an "all" subset now that we know what should be in it $grouped_subsets['all'] = [System.Collections.Generic.List[string]]$all_set # start with all, build up gather and exclude subsets $gather_subset = [System.Collections.Generic.HashSet[string]]$grouped_subsets.all $explicit_subset = [System.Collections.Generic.HashSet[string]]@() $exclude_subset = [System.Collections.Generic.HashSet[string]]@() $params = Parse-Args $args -supports_check_mode $true $factpath = Get-AnsibleParam -obj $params -name "fact_path" -type "path" $gather_subset_source = Get-AnsibleParam -obj $params -name "gather_subset" -type "list" -default "all" foreach($item in $gather_subset_source) { if(([string]$item).StartsWith("!")) { $item = ([string]$item).Substring(1) if($item -eq "all") { $all_minus_min = [System.Collections.Generic.HashSet[string]]@($all_set) [void] $all_minus_min.ExceptWith($grouped_subsets.min) [void] $exclude_subset.UnionWith($all_minus_min) } elseif($grouped_subsets.ContainsKey($item)) { [void] $exclude_subset.UnionWith($grouped_subsets[$item]) } elseif($all_set.Contains($item)) { [void] $exclude_subset.Add($item) } # NB: invalid exclude values are ignored, since that's what posix setup does } else { if($grouped_subsets.ContainsKey($item)) { [void] $explicit_subset.UnionWith($grouped_subsets[$item]) } elseif($all_set.Contains($item)) { [void] $explicit_subset.Add($item) } else { # NB: POSIX setup fails on invalid value; we warn, because we don't implement the same set as POSIX # and we don't have platform-specific config for this... Add-Warning $result "invalid value $item specified in gather_subset" } } } [void] $gather_subset.ExceptWith($exclude_subset) [void] $gather_subset.UnionWith($explicit_subset) $ansible_facts = @{ gather_subset=@($gather_subset_source) module_setup=$true } $osversion = [Environment]::OSVersion if($gather_subset.Contains('all_ipv4_addresses') -or $gather_subset.Contains('all_ipv6_addresses')) { $netcfg = Get-LazyCimInstance Win32_NetworkAdapterConfiguration # TODO: split v4/v6 properly, return in separate keys $ips = @() Foreach ($ip in $netcfg.IPAddress) { If ($ip) { $ips += $ip } } $ansible_facts += @{ ansible_ip_addresses = $ips } } if($gather_subset.Contains('bios')) { $win32_bios = Get-LazyCimInstance Win32_Bios $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $ansible_facts += @{ ansible_bios_date = $win32_bios.ReleaseDate.ToString("MM/dd/yyyy") ansible_bios_version = $win32_bios.SMBIOSBIOSVersion ansible_product_name = $win32_cs.Model.Trim() ansible_product_serial = $win32_bios.SerialNumber # ansible_product_version = ([string] $win32_cs.SystemFamily) } } if($gather_subset.Contains('date_time')) { $datetime = (Get-Date) $datetime_utc = $datetime.ToUniversalTime() $date = @{ date = $datetime.ToString("yyyy-MM-dd") day = $datetime.ToString("dd") epoch = (Get-Date -UFormat "%s") hour = $datetime.ToString("HH") iso8601 = $datetime_utc.ToString("yyyy-MM-ddTHH:mm:ssZ") iso8601_basic = $datetime.ToString("yyyyMMddTHHmmssffffff") iso8601_basic_short = $datetime.ToString("yyyyMMddTHHmmss") iso8601_micro = $datetime_utc.ToString("yyyy-MM-ddTHH:mm:ss.ffffffZ") minute = $datetime.ToString("mm") month = $datetime.ToString("MM") second = $datetime.ToString("ss") time = $datetime.ToString("HH:mm:ss") tz = ([System.TimeZoneInfo]::Local.Id) tz_offset = $datetime.ToString("zzzz") # Ensure that the weekday is in English weekday = $datetime.ToString("dddd", [System.Globalization.CultureInfo]::InvariantCulture) weekday_number = (Get-Date -UFormat "%w") weeknumber = (Get-Date -UFormat "%W") year = $datetime.ToString("yyyy") } $ansible_facts += @{ ansible_date_time = $date } } if($gather_subset.Contains('distribution')) { $win32_os = Get-LazyCimInstance Win32_OperatingSystem $product_type = switch($win32_os.ProductType) { 1 { "workstation" } 2 { "domain_controller" } 3 { "server" } default { "unknown" } } $ansible_facts += @{ ansible_distribution = $win32_os.Caption ansible_distribution_version = $osversion.Version.ToString() ansible_distribution_major_version = $osversion.Version.Major.ToString() ansible_os_family = "Windows" ansible_os_name = ($win32_os.Name.Split('|')[0]).Trim() ansible_os_product_type = $product_type } } if($gather_subset.Contains('env')) { $env_vars = @{ } foreach ($item in Get-ChildItem Env:) { $name = $item | select -ExpandProperty Name # Powershell ConvertTo-Json fails if string ends with \ $value = ($item | select -ExpandProperty Value).TrimEnd("\") $env_vars.Add($name, $value) } $ansible_facts += @{ ansible_env = $env_vars } } if($gather_subset.Contains('facter')) { # See if Facter is on the System Path Try { $facter_exe = Get-Command facter -ErrorAction Stop $facter_installed = $true } Catch { $facter_installed = $false } # Get JSON from Facter, and parse it out. if ($facter_installed) { &facter -j | Tee-Object -Variable facter_output | Out-Null $facts = "$facter_output" | ConvertFrom-Json ForEach($fact in $facts.PSObject.Properties) { $fact_name = $fact.Name $ansible_facts.Add("facter_$fact_name", $fact.Value) } } } if($gather_subset.Contains('interfaces')) { $netcfg = Get-LazyCimInstance Win32_NetworkAdapterConfiguration $ActiveNetcfg = @() $ActiveNetcfg += $netcfg | where {$_.ipaddress -ne $null} $namespaces = Get-LazyCimInstance __Namespace -namespace root if ($namespaces | Where-Object { $_.Name -eq "StandardCimv" }) { $net_adapters = Get-LazyCimInstance MSFT_NetAdapter -namespace Root\StandardCimv2 $guid_key = "InterfaceGUID" $name_key = "Name" } else { $net_adapters = Get-LazyCimInstance Win32_NetworkAdapter $guid_key = "GUID" $name_key = "NetConnectionID" } $formattednetcfg = @() foreach ($adapter in $ActiveNetcfg) { $thisadapter = @{ default_gateway = $null connection_name = $null dns_domain = $adapter.dnsdomain interface_index = $adapter.InterfaceIndex interface_name = $adapter.description macaddress = $adapter.macaddress } if ($adapter.defaultIPGateway) { $thisadapter.default_gateway = $adapter.DefaultIPGateway[0].ToString() } $net_adapter = $net_adapters | Where-Object { $_.$guid_key -eq $adapter.SettingID } if ($net_adapter) { $thisadapter.connection_name = $net_adapter.$name_key } $formattednetcfg += $thisadapter } $ansible_facts += @{ ansible_interfaces = $formattednetcfg } } if ($gather_subset.Contains("local") -and $factpath -ne $null) { # Get any custom facts; results are updated in the Get-CustomFacts -factpath $factpath } if($gather_subset.Contains('memory')) { $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $win32_os = Get-LazyCimInstance Win32_OperatingSystem $ansible_facts += @{ # Win32_PhysicalMemory is empty on some virtual platforms ansible_memtotal_mb = ([math]::round($win32_cs.TotalPhysicalMemory / 1024 / 1024)) ansible_swaptotal_mb = ([math]::round($win32_os.TotalSwapSpaceSize / 1024 / 1024)) } } if($gather_subset.Contains('platform')) { $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $win32_os = Get-LazyCimInstance Win32_OperatingSystem $ip_props = [System.Net.NetworkInformation.IPGlobalProperties]::GetIPGlobalProperties() $ansible_facts += @{ ansible_architecture = $win32_os.OSArchitecture ansible_domain = $ip_props.DomainName ansible_fqdn = ($ip_props.Hostname + "." + $ip_props.DomainName) ansible_hostname = $env:COMPUTERNAME ansible_kernel = $osversion.Version.ToString() ansible_nodename = ($ip_props.HostName + "." + $ip_props.DomainName) ansible_machine_id = Get-MachineSid ansible_owner_contact = ([string] $win32_cs.PrimaryOwnerContact) ansible_owner_name = ([string] $win32_cs.PrimaryOwnerName) # FUTURE: should this live in its own subset? ansible_reboot_pending = (Get-PendingRebootStatus) ansible_system = $osversion.Platform.ToString() ansible_system_description = ([string] $win32_os.Description) ansible_system_vendor = $win32_cs.Manufacturer } } if($gather_subset.Contains('powershell_version')) { $ansible_facts += @{ ansible_powershell_version = ($PSVersionTable.PSVersion.Major) } } if($gather_subset.Contains('processor')) { $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $win32_cpu = Get-LazyCimInstance Win32_Processor if ($win32_cpu -is [array]) { # multi-socket, pick first $win32_cpu = $win32_cpu[0] } $cpu_list = @( ) for ($i=1; $i -le ($win32_cpu.NumberOfLogicalProcessors / $win32_cs.NumberOfProcessors); $i++) { $cpu_list += $win32_cpu.Manufacturer $cpu_list += $win32_cpu.Name } $ansible_facts += @{ ansible_processor = $cpu_list ansible_processor_cores = $win32_cpu.NumberOfCores ansible_processor_count = $win32_cs.NumberOfProcessors ansible_processor_threads_per_core = ($win32_cpu.NumberOfLogicalProcessors / $win32_cs.NumberOfProcessors / $win32_cpu.NumberOfCores) ansible_processor_vcpus = ($win32_cpu.NumberOfLogicalProcessors / $win32_cs.NumberOfProcessors) } } if($gather_subset.Contains('uptime')) { $win32_os = Get-LazyCimInstance Win32_OperatingSystem $ansible_facts += @{ ansible_lastboot = $win32_os.lastbootuptime.ToString("u") ansible_uptime_seconds = $([System.Convert]::ToInt64($(Get-Date).Subtract($win32_os.lastbootuptime).TotalSeconds)) } } if($gather_subset.Contains('user')) { $user = [Security.Principal.WindowsIdentity]::GetCurrent() $ansible_facts += @{ ansible_user_dir = $env:userprofile # Win32_UserAccount.FullName is probably the right thing here, but it can be expensive to get on large domains ansible_user_gecos = "" ansible_user_id = $env:username ansible_user_sid = $user.User.Value } } if($gather_subset.Contains('windows_domain')) { $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $domain_roles = @{ 0 = "Stand-alone workstation" 1 = "Member workstation" 2 = "Stand-alone server" 3 = "Member server" 4 = "Backup domain controller" 5 = "Primary domain controller" } $domain_role = $domain_roles.Get_Item([Int32]$win32_cs.DomainRole) $ansible_facts += @{ ansible_windows_domain = $win32_cs.Domain ansible_windows_domain_member = $win32_cs.PartOfDomain ansible_windows_domain_role = $domain_role } } if($gather_subset.Contains('winrm')) { $winrm_https_listener_parent_paths = Get-ChildItem -Path WSMan:\localhost\Listener -Recurse | Where-Object {$_.PSChildName -eq "Transport" -and $_.Value -eq "HTTPS"} | select PSParentPath if ($winrm_https_listener_parent_paths -isnot [array]) { $winrm_https_listener_parent_paths = @($winrm_https_listener_parent_paths) } $winrm_https_listener_paths = @() foreach ($winrm_https_listener_parent_path in $winrm_https_listener_parent_paths) { $winrm_https_listener_paths += $winrm_https_listener_parent_path.PSParentPath.Substring($winrm_https_listener_parent_path.PSParentPath.LastIndexOf("\")) } $https_listeners = @() foreach ($winrm_https_listener_path in $winrm_https_listener_paths) { $https_listeners += Get-ChildItem -Path "WSMan:\localhost\Listener$winrm_https_listener_path" } $winrm_cert_thumbprints = @() foreach ($https_listener in $https_listeners) { $winrm_cert_thumbprints += $https_listener | where {$_.Name -EQ "CertificateThumbprint" } | select Value } $winrm_cert_expiry = @() foreach ($winrm_cert_thumbprint in $winrm_cert_thumbprints) { Try { $winrm_cert_expiry += Get-ChildItem -Path Cert:\LocalMachine\My | where Thumbprint -EQ $winrm_cert_thumbprint.Value.ToString().ToUpper() | select NotAfter } Catch {} } $winrm_cert_expirations = $winrm_cert_expiry | Sort-Object NotAfter if ($winrm_cert_expirations) { # this fact was renamed from ansible_winrm_certificate_expires due to collision with ansible_winrm_X connection var pattern $ansible_facts.Add("ansible_win_rm_certificate_expires", $winrm_cert_expirations[0].NotAfter.ToString("yyyy-MM-dd HH:mm:ss")) } } $result.ansible_facts += $ansible_facts Exit-Json $result ScriptBlock ID: ac2901be-7db1-4fc3-91a8-519aa7d50629 Path:	4104	1		3	2	15	0	1776	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4224	1344	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:45 PM	7f70462d-725d-0002-d590-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: fbdfc752-946c-4f9c-a689-50c73d8d93ad Path:	4104	1		3	2	15	0	1775	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4224	5024	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:45 PM	7f70462d-725d-0002-c890-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 084241c3-ca6e-4318-997b-f51c5136d1e8 Path:	4104	1		3	2	15	0	1774	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4224	5024	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:45 PM	7f70462d-725d-0002-b990-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): gQHsKICAgICAgICBhbnNpYmxlX2RhdGVfdGltZSA9ICRkYXRlCiAgICB9Cn0KCmlmKCRnYXRoZXJfc3Vic2V0LkNvbnRhaW5zKCdkaXN0cmlidXRpb24nKSkgewogICAgJHdpbjMyX29zID0gR2V0LUxhenlDaW1JbnN0YW5jZSBXaW4zMl9PcGVyYXRpbmdTeXN0ZW0KICAgICRwcm9kdWN0X3R5cGUgPSBzd2l0Y2goJHdpbjMyX29zLlByb2R1Y3RUeXBlKSB7CiAgICAgICAgMSB7ICJ3b3Jrc3RhdGlvbiIgfQogICAgICAgIDIgeyAiZG9tYWluX2NvbnRyb2xsZXIiIH0KICAgICAgICAzIHsgInNlcnZlciIgfQogICAgICAgIGRlZmF1bHQgeyAidW5rbm93biIgfQogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9kaXN0cmlidXRpb24gPSAkd2luMzJfb3MuQ2FwdGlvbgogICAgICAgIGFuc2libGVfZGlzdHJpYnV0aW9uX3ZlcnNpb24gPSAkb3N2ZXJzaW9uLlZlcnNpb24uVG9TdHJpbmcoKQogICAgICAgIGFuc2libGVfZGlzdHJpYnV0aW9uX21ham9yX3ZlcnNpb24gPSAkb3N2ZXJzaW9uLlZlcnNpb24uTWFqb3IuVG9TdHJpbmcoKQogICAgICAgIGFuc2libGVfb3NfZmFtaWx5ID0gIldpbmRvd3MiCiAgICAgICAgYW5zaWJsZV9vc19uYW1lID0gKCR3aW4zMl9vcy5OYW1lLlNwbGl0KCd8JylbMF0pLlRyaW0oKQogICAgICAgIGFuc2libGVfb3NfcHJvZHVjdF90eXBlID0gJHByb2R1Y3RfdHlwZQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygnZW52JykpIHsKICAgICRlbnZfdmFycyA9IEB7IH0KICAgIGZvcmVhY2ggKCRpdGVtIGluIEdldC1DaGlsZEl0ZW0gRW52OikgewogICAgICAgICRuYW1lID0gJGl0ZW0gfCBzZWxlY3QgLUV4cGFuZFByb3BlcnR5IE5hbWUKICAgICAgICAjIFBvd2Vyc2hlbGwgQ29udmVydFRvLUpzb24gZmFpbHMgaWYgc3RyaW5nIGVuZHMgd2l0aCBcCiAgICAgICAgJHZhbHVlID0gKCRpdGVtIHwgc2VsZWN0IC1FeHBhbmRQcm9wZXJ0eSBWYWx1ZSkuVHJpbUVuZCgiXCIpCiAgICAgICAgJGVudl92YXJzLkFkZCgkbmFtZSwgJHZhbHVlKQogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9lbnYgPSAkZW52X3ZhcnMKICAgIH0KfQoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ2ZhY3RlcicpKSB7CiAgICAjIFNlZSBpZiBGYWN0ZXIgaXMgb24gdGhlIFN5c3RlbSBQYXRoCiAgICBUcnkgewogICAgICAgICRmYWN0ZXJfZXhlID0gR2V0LUNvbW1hbmQgZmFjdGVyIC1FcnJvckFjdGlvbiBTdG9wCiAgICAgICAgJGZhY3Rlcl9pbnN0YWxsZWQgPSAkdHJ1ZQogICAgfSBDYXRjaCB7CiAgICAgICAgJGZhY3Rlcl9pbnN0YWxsZWQgPSAkZmFsc2UKICAgIH0KCiAgICAjIEdldCBKU09OIGZyb20gRmFjdGVyLCBhbmQgcGFyc2UgaXQgb3V0LgogICAgaWYgKCRmYWN0ZXJfaW5zdGFsbGVkKSB7CiAgICAgICAgJmZhY3RlciAtaiB8IFRlZS1PYmplY3QgIC1WYXJpYWJsZSBmYWN0ZXJfb3V0cHV0IHwgT3V0LU51bGwKICAgICAgICAkZmFjdHMgPSAiJGZhY3Rlcl9vdXRwdXQiIHwgQ29udmVydEZyb20tSnNvbgogICAgICAgIEZvckVhY2goJGZhY3QgaW4gJGZhY3RzLlBTT2JqZWN0LlByb3BlcnRpZXMpIHsKICAgICAgICAgICAgJGZhY3RfbmFtZSA9ICRmYWN0Lk5hbWUKICAgICAgICAgICAgJGFuc2libGVfZmFjdHMuQWRkKCJmYWN0ZXJfJGZhY3RfbmFtZSIsICRmYWN0LlZhbHVlKQogICAgICAgIH0KICAgIH0KfQoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ2ludGVyZmFjZXMnKSkgewogICAgJG5ldGNmZyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfTmV0d29ya0FkYXB0ZXJDb25maWd1cmF0aW9uCiAgICAkQWN0aXZlTmV0Y2ZnID0gQCgpCiAgICAkQWN0aXZlTmV0Y2ZnICs9ICRuZXRjZmcgfCB3aGVyZSB7JF8uaXBhZGRyZXNzIC1uZSAkbnVsbH0KCiAgICAkbmFtZXNwYWNlcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgX19OYW1lc3BhY2UgLW5hbWVzcGFjZSByb290CiAgICBpZiAoJG5hbWVzcGFjZXMgfCBXaGVyZS1PYmplY3QgeyAkXy5OYW1lIC1lcSAiU3RhbmRhcmRDaW12IiB9KSB7CiAgICAgICAgJG5ldF9hZGFwdGVycyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgTVNGVF9OZXRBZGFwdGVyIC1uYW1lc3BhY2UgUm9vdFxTdGFuZGFyZENpbXYyCiAgICAgICAgJGd1aWRfa2V5ID0gIkludGVyZmFjZUdVSUQiCiAgICAgICAgJG5hbWVfa2V5ID0gIk5hbWUiCiAgICB9IGVsc2UgewogICAgICAgICRuZXRfYWRhcHRlcnMgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX05ldHdvcmtBZGFwdGVyICAgICAgICAKICAgICAgICAkZ3VpZF9rZXkgPSAiR1VJRCIKICAgICAgICAkbmFtZV9rZXkgPSAiTmV0Q29ubmVjdGlvbklEIgogICAgfQoKICAgICRmb3JtYXR0ZWRuZXRjZmcgPSBAKCkKICAgIGZvcmVhY2ggKCRhZGFwdGVyIGluICRBY3RpdmVOZXRjZmcpCiAgICB7CiAgICAgICAgJHRoaXNhZGFwdGVyID0gQHsKICAgICAgICAgICAgZGVmYXVsdF9nYXRld2F5ID0gJG51bGwKICAgICAgICAgICAgY29ubmVjdGlvbl9uYW1lID0gJG51bGwKICAgICAgICAgICAgZG5zX2RvbWFpbiA9ICRhZGFwdGVyLmRuc2RvbWFpbgogICAgICAgICAgICBpbnRlcmZhY2VfaW5kZXggPSAkYWRhcHRlci5JbnRlcmZhY2VJbmRleAogICAgICAgICAgICBpbnRlcmZhY2VfbmFtZSA9ICRhZGFwdGVyLmRlc2NyaXB0aW9uCiAgICAgICAgICAgIG1hY2FkZHJlc3MgPSAkYWRhcHRlci5tYWNhZGRyZXNzCiAgICAgICAgfQoKICAgICAgICBpZiAoJGFkYXB0ZXIuZGVmYXVsdElQR2F0ZXdheSkKICAgICAgICB7CiAgICAgICAgICAgICR0aGlzYWRhcHRlci5kZWZhdWx0X2dhdGV3YXkgPSAkYWRhcHRlci5EZWZhdWx0SVBHYXRld2F5WzBdLlRvU3RyaW5nKCkKICAgICAgICB9CiAgICAgICAgJG5ldF9hZGFwdGVyID0gJG5ldF9hZGFwdGVycyB8IFdoZXJlLU9iamVjdCB7ICRfLiRndWlkX2tleSAtZXEgJGFkYXB0ZXIuU2V0dGluZ0lEIH0KICAgICAgICBpZiAoJG5ldF9hZGFwdGVyKSB7CiAgICAgICAgICAgICR0aGlzYWRhcHRlci5jb25uZWN0aW9uX25hbWUgPSAkbmV0X2FkYXB0ZXIuJG5hbWVfa2V5CiAgICAgICAgfQoKICAgICAgICAkZm9ybWF0dGVkbmV0Y2ZnICs9ICR0aGlzYWRhcHRlcgogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9pbnRlcmZhY2VzID0gJGZvcm1hdHRlZG5ldGNmZwogICAgfQp9CgppZiAoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoImxvY2FsIikgLWFuZCAkZmFjdHBhdGggLW5lICRudWxsKSB7CiAgICAjIEdldCBhbnkgY3VzdG9tIGZhY3RzOyByZXN1bHRzIGFyZSB1cGRhdGVkIGluIHRoZQogICAgR2V0LUN1c3RvbUZhY3RzIC1mYWN0cGF0aCAkZmFjdHBhdGgKfQoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ21lbW9yeScpKSB7CiAgICAkd2luMzJfY3MgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX0NvbXB1dGVyU3lzdGVtCiAgICAkd2luMzJfb3MgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX09wZXJhdGluZ1N5c3RlbQogICAgJGFuc2libGVfZmFjdHMgKz0gQHsKICAgICAgICAjIFdpbjMyX1BoeXNpY2FsTWVtb3J5IGlzIGVtcHR5IG9uIHNvbWUgdmlydHVhbCBwbGF0Zm9ybXMKICAgICAgICBhbnNpYmxlX21lbXRvdGFsX21iID0gKFttYXRoXTo6cm91bmQoJHdpbjMyX2NzLlRvdGFsUGh5c2ljYWxNZW1vcnkgLyAxMDI0IC8gMTAyNCkpCiAgICAgICAgYW5zaWJsZV9zd2FwdG90YWxfbWIgPSAoW21hdGhdOjpyb3VuZCgkd2luMzJfb3MuVG90YWxTd2FwU3BhY2VTaXplIC8gMTAyNCAvIDEwMjQpKQogICAgfQp9CgoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ3BsYXRmb3JtJykpIHsKICAgICR3aW4zMl9jcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfQ29tcHV0ZXJTeXN0ZW0KICAgICR3aW4zMl9vcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfT3BlcmF0aW5nU3lzdGVtCiAgICAkaXBfcHJvcHMgPSBbU3lzdGVtLk5ldC5OZXR3b3JrSW5mb3JtYXRpb24uSVBHbG9iYWxQcm9wZXJ0aWVzXTo6R2V0SVBHbG9iYWxQcm9wZXJ0aWVzKCkKCiAgICAkYW5zaWJsZV9mYWN0cyArPSBAewogICAgICAgIGFuc2libGVfYXJjaGl0ZWN0dXJlID0gJHdpbjMyX29zLk9TQXJjaGl0ZWN0dXJlCiAgICAgICAgYW5zaWJsZV9kb21haW4gPSAkaXBfcHJvcHMuRG9tYWluTmFtZQogICAgICAgIGFuc2libGVfZnFkbiA9ICgkaXBfcHJvcHMuSG9zdG5hbWUgKyAiLiIgKyAkaXBfcHJvcHMuRG9tYWluTmFtZSkKICAgICAgICBhbnNpYmxlX2hvc3RuYW1lID0gJGVudjpDT01QVVRFUk5BTUUKICAgICAgICBhbnNpYmxlX2tlcm5lbCA9ICRvc3ZlcnNpb24uVmVyc2lvbi5Ub1N0cmluZygpCiAgICAgICAgYW5zaWJsZV9ub2RlbmFtZSA9ICgkaXBfcHJvcHMuSG9zdE5hbWUgKyAiLiIgKyAkaXBfcHJvcHMuRG9tYWluTmFtZSkKICAgICAgICBhbnNpYmxlX21hY2hpbmVfaWQgPSBHZXQtTWFjaGluZVNpZAogICAgICAgIGFuc2libGVfb3duZXJfY29udGFjdCA9IChbc3RyaW5nXSAkd2luMzJfY3MuUHJpbWFyeU93bmVyQ29udGFjdCkKICAgICAgICBhbnNpYmxlX293bmVyX25hbWUgPSAoW3N0cmluZ10gJHdpbjMyX2NzLlByaW1hcnlPd25lck5hbWUpCiAgICAgICAgIyBGVVRVUkU6IHNob3VsZCB0aGlzIGxpdmUgaW4gaXRzIG93biBzdWJzZXQ/CiAgICAgICAgYW5zaWJsZV9yZWJvb3RfcGVuZGluZyA9IChHZXQtUGVuZGluZ1JlYm9vdFN0YXR1cykKICAgICAgICBhbnNpYmxlX3N5c3RlbSA9ICRvc3ZlcnNpb24uUGxhdGZvcm0uVG9TdHJpbmcoKQogICAgICAgIGFuc2libGVfc3lzdGVtX2Rlc2NyaXB0aW9uID0gKFtzdHJpbmddICR3aW4zMl9vcy5EZXNjcmlwdGlvbikKICAgICAgICBhbnNpYmxlX3N5c3RlbV92ZW5kb3IgPSAkd2luMzJfY3MuTWFudWZhY3R1cmVyCiAgICB9Cn0KCmlmKCRnYXRoZXJfc3Vic2V0LkNvbnRhaW5zKCdwb3dlcnNoZWxsX3ZlcnNpb24nKSkgewogICAgJGFuc2libGVfZmFjdHMgKz0gQHsKICAgICAgICBhbnNpYmxlX3Bvd2Vyc2hlbGxfdmVyc2lvbiA9ICgkUFNWZXJzaW9uVGFibGUuUFNWZXJzaW9uLk1ham9yKQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygncHJvY2Vzc29yJykpIHsKICAgICR3aW4zMl9jcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfQ29tcHV0ZXJTeXN0ZW0KICAgICR3aW4zMl9jcHUgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX1Byb2Nlc3NvcgogICAgaWYgKCR3aW4zMl9jcHUgLWlzIFthcnJheV0pIHsKICAgICAgICAjIG11bHRpLXNvY2tldCwgcGljayBmaXJzdAogICAgICAgICR3aW4zMl9jcHUgPSAkd2luMzJfY3B1WzBdCiAgICB9CgogICAgJGNwdV9saXN0ID0gQCggKQogICAgZm9yICgkaT0xOyAkaSAtbGUgKCR3aW4zMl9jcHUuTnVtYmVyT2ZMb2dpY2FsUHJvY2Vzc29ycyAvICR3aW4zMl9jcy5OdW1iZXJPZlByb2Nlc3NvcnMpOyAkaSsrKSB7CiAgICAgICAgJGNwdV9saXN0ICs9ICR3aW4zMl9jcHUuTWFudWZhY3R1cmVyCiAgICAgICAgJGNwdV9saXN0ICs9ICR3aW4zMl9jcHUuTmFtZQogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9wcm9jZXNzb3IgPSAkY3B1X2xpc3QKICAgICAgICBhbnNpYmxlX3Byb2Nlc3Nvcl9jb3JlcyA9ICR3aW4zMl9jcHUuTnVtYmVyT2ZDb3JlcwogICAgICAgIGFuc2libGVfcHJvY2Vzc29yX2NvdW50ID0gJHdpbjMyX2NzLk51bWJlck9mUHJvY2Vzc29ycwogICAgICAgIGFuc2libGVfcHJvY2Vzc29yX3RocmVhZHNfcGVyX2NvcmUgPSAoJHdpbjMyX2NwdS5OdW1iZXJPZkxvZ2ljYWxQcm9jZXNzb3JzIC8gJHdpbjMyX2NzLk51bWJlck9mUHJvY2Vzc29ycyAvICR3aW4zMl9jcHUuTnVtYmVyT2ZDb3JlcykKICAgICAgICBhbnNpYmxlX3Byb2Nlc3Nvcl92Y3B1cyA9ICgkd2luMzJfY3B1Lk51bWJlck9mTG9naWNhbFByb2Nlc3NvcnMgLyAkd2luMzJfY3MuTnVtYmVyT2ZQcm9jZXNzb3JzKQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygndXB0aW1lJykpIHsKICAgICR3aW4zMl9vcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfT3BlcmF0aW5nU3lzdGVtCiAgICAkYW5zaWJsZV9mYWN0cyArPSBAewogICAgICAgIGFuc2libGVfbGFzdGJvb3QgPSAkd2luMzJfb3MubGFzdGJvb3R1cHRpbWUuVG9TdHJpbmcoInUiKQogICAgICAgIGFuc2libGVfdXB0aW1lX3NlY29uZHMgPSAkKFtTeXN0ZW0uQ29udmVydF06OlRvSW50NjQoJChHZXQtRGF0ZSkuU3VidHJhY3QoJHdpbjMyX29zLmxhc3Rib290dXB0aW1lKS5Ub3RhbFNlY29uZHMpKQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygndXNlcicpKSB7CiAgICAkdXNlciA9IFtTZWN1cml0eS5QcmluY2lwYWwuV2luZG93c0lkZW50aXR5XTo6R2V0Q3VycmVudCgpCiAgICAkYW5zaWJsZV9mYWN0cyArPSBAewogICAgICAgIGFuc2libGVfdXNlcl9kaXIgPSAkZW52OnVzZXJwcm9maWxlCiAgICAgICAgIyBXaW4zMl9Vc2VyQWNjb3VudC5GdWxsTmFtZSBpcyBwcm9iYWJseSB0aGUgcmlnaHQgdGhpbmcgaGVyZSwgYnV0IGl0IGNhbiBiZSBleHBlbnNpdmUgdG8gZ2V0IG9uIGxhcmdlIGRvbWFpbnMKICAgICAgICBhbnNpYmxlX3VzZXJfZ2Vjb3MgPSAiIgogICAgICAgIGFuc2libGVfdXNlcl9pZCA9ICRlbnY6dXNlcm5hbWUKICAgICAgICBhbnNpYmxlX3VzZXJfc2lkID0gJHVzZXIuVXNlci5WYWx1ZQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygnd2luZG93c19kb21haW4nKSkgewogICAgJHdpbjMyX2NzID0gR2V0LUxhenlDaW1JbnN0YW5jZSBXaW4zMl9Db21wdXRlclN5c3RlbQogICAgJGRvbWFpbl9yb2xlcyA9IEB7CiAgICAgICAgMCA9ICJTdGFuZC1hbG9uZSB3b3Jrc3RhdGlvbiIKICAgICAgICAxID0gIk1lbWJlciB3b3Jrc3RhdGlvbiIKICAgICAgICAyID0gIlN0YW5kLWFsb25lIHNlcnZlciIKICAgICAgICAzID0gIk1lbWJlciBzZXJ2ZXIiCiAgICAgICAgNCA9ICJCYWNrdXAgZG9tYWluIGNvbnRyb2xsZXIiCiAgICAgICAgNSA9ICJQcmltYXJ5IGRvbWFpbiBjb250cm9sbGVyIgogICAgfQoKICAgICRkb21haW5fcm9sZSA9ICRkb21haW5fcm9sZXMuR2V0X0l0ZW0oW0ludDMyXSR3aW4zMl9jcy5Eb21haW5Sb2xlKQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV93aW5kb3dzX2RvbWFpbiA9ICR3aW4zMl9jcy5Eb21haW4KICAgICAgICBhbnNpYmxlX3dpbmRvd3NfZG9tYWluX21lbWJlciA9ICR3aW4zMl9jcy5QYXJ0T2ZEb21haW4KICAgICAgICBhbnNpYmxlX3dpbmRvd3NfZG9tYWluX3JvbGUgPSAkZG9tYWluX3JvbGUKICAgIH0KfQoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ3dpbnJtJykpIHsKCiAgICAkd2lucm1faHR0cHNfbGlzdGVuZXJfcGFyZW50X3BhdGhzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCBXU01hbjpcbG9jYWxob3N0XExpc3RlbmVyIC1SZWN1cnNlIHwgV2hlcmUtT2JqZWN0IHskXy5QU0NoaWxkTmFtZSAtZXEgIlRyYW5zcG9ydCIgLWFuZCAkXy5WYWx1ZSAtZXEgIkhUVFBTIn0gfCBzZWxlY3QgUFNQYXJlbnRQYXRoCiAgICBpZiAoJHdpbnJtX2h0dHBzX2xpc3RlbmVyX3BhcmVudF9wYXRocyAtaXNub3QgW2FycmF5XSkgewogICAgICAgJHdpbnJtX2h0dHBzX2xpc3RlbmVyX3BhcmVudF9wYXRocyA9IEAoJHdpbnJtX2h0dHBzX2xpc3RlbmVyX3BhcmVudF9wYXRocykKICAgIH0KCiAgICAkd2lucm1faHR0cHNfbGlzdGVuZXJfcGF0aHMgPSBAKCkKICAgIGZvcmVhY2ggKCR3aW5ybV9odHRwc19saXN0ZW5lcl9wYXJlbnRfcGF0aCBpbiAkd2lucm1faHR0cHNfbGlzdGVuZXJfcGFyZW50X3BhdGhzKSB7CiAgICAgICAgJHdpbnJtX2h0dHBzX2xpc3RlbmVyX3BhdGhzICs9ICR3aW5ybV9odHRwc19saXN0ZW5lcl9wYXJlbnRfcGF0aC5QU1BhcmVudFBhdGguU3Vic3RyaW5nKCR3aW5ybV9odHRwc19saXN0ZW5lcl9wYXJlbnRfcGF0aC5QU1BhcmVudFBhdGguTGFzdEluZGV4T2YoIlwiKSkKICAgIH0KCiAgICAkaHR0cHNfbGlzdGVuZXJzID0gQCgpCiAgICBmb3JlYWNoICgkd2lucm1faHR0cHNfbGlzdGVuZXJfcGF0aCBpbiAkd2lucm1faHR0cHNfbGlzdGVuZXJfcGF0aHMpIHsKICAgICAgICAkaHR0cHNfbGlzdGVuZXJzICs9IEdldC1DaGlsZEl0ZW0gLVBhdGggIldTTWFuOlxsb2NhbGhvc3RcTGlzdGVuZXIkd2lucm1faHR0cHNfbGlzdGVuZXJfcGF0aCIKICAgIH0KCiAgICAkd2lucm1fY2VydF90aHVtYnByaW50cyA9IEAoKQogICAgZm9yZWFjaCAoJGh0dHBzX2xpc3RlbmVyIGluICRodHRwc19saXN0ZW5lcnMpIHsKICAgICAgICAkd2lucm1fY2VydF90aHVtYnByaW50cyArPSAkaHR0cHNfbGlzdGVuZXIgfCB3aGVyZSB7JF8uTmFtZSAtRVEgIkNlcnRpZmljYXRlVGh1bWJwcmludCIgfSB8IHNlbGVjdCBWYWx1ZQogICAgfQoKICAgICR3aW5ybV9jZXJ0X2V4cGlyeSA9IEAoKQogICAgZm9yZWFjaCAoJHdpbnJtX2NlcnRfdGh1bWJwcmludCBpbiAkd2lucm1fY2VydF90aHVtYnByaW50cykgewogICAgICAgIFRyeSB7CiAgICAgICAgICAgICR3aW5ybV9jZXJ0X2V4cGlyeSArPSBHZXQtQ2hpbGRJdGVtIC1QYXRoIENlcnQ6XExvY2FsTWFjaGluZVxNeSB8IHdoZXJlIFRodW1icHJpbnQgLUVRICR3aW5ybV9jZXJ0X3RodW1icHJpbnQuVmFsdWUuVG9TdHJpbmcoKS5Ub1VwcGVyKCkgfCBzZWxlY3QgTm90QWZ0ZXIKICAgICAgICB9IENhdGNoIHt9CiAgICB9CgogICAgJHdpbnJtX2NlcnRfZXhwaXJhdGlvbnMgPSAkd2lucm1fY2VydF9leHBpcnkgfCBTb3J0LU9iamVjdCBOb3RBZnRlcgogICAgaWYgKCR3aW5ybV9jZXJ0X2V4cGlyYXRpb25zKSB7CiAgICAgICAgIyB0aGlzIGZhY3Qgd2FzIHJlbmFtZWQgZnJvbSBhbnNpYmxlX3dpbnJtX2NlcnRpZmljYXRlX2V4cGlyZXMgZHVlIHRvIGNvbGxpc2lvbiB3aXRoIGFuc2libGVfd2lucm1fWCBjb25uZWN0aW9uIHZhciBwYXR0ZXJuCiAgICAgICAgJGFuc2libGVfZmFjdHMuQWRkKCJhbnNpYmxlX3dpbl9ybV9jZXJ0aWZpY2F0ZV9leHBpcmVzIiwgJHdpbnJtX2NlcnRfZXhwaXJhdGlvbnNbMF0uTm90QWZ0ZXIuVG9TdHJpbmcoInl5eXktTU0tZGQgSEg6bW06c3MiKSkKICAgIH0KfQoKJHJlc3VsdC5hbnNpYmxlX2ZhY3RzICs9ICRhbnNpYmxlX2ZhY3RzCgpFeGl0LUpzb24gJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "gather_timeout": 10, "_ansible_module_name": "setup", "_ansible_remote_tmp": "%TEMP%", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "gather_subset": ["all"], "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 41acf53b-4f9a-4816-a188-d77c85e2dcc3 Path:	4104	1		3	2	15	0	1773	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4224	5024	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:45 PM	7f70462d-725d-0004-1d6b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): ICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTgsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKCkZ1bmN0aW9uIEdldC1DdXN0b21GYWN0cyB7CiAgW2NtZGxldEJpbmRpbmcoKV0KICBwYXJhbSAoCiAgICBbUGFyYW1ldGVyKG1hbmRhdG9yeT0kZmFsc2UpXQogICAgJGZhY3RwYXRoID0gJG51bGwKICApCgogIGlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGZhY3RwYXRoKSkgewogICAgRmFpbC1Kc29uICRyZXN1bHQgIlRoZSBwYXRoICRmYWN0cGF0aCBkb2VzIG5vdCBleGlzdC4gVHlwbz8iCiAgfQoKICAkRmFjdHNGaWxlcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJGZhY3RwYXRoIHwgV2hlcmUtT2JqZWN0IC1GaWx0ZXJTY3JpcHQgeygkUFNJdGVtLlBTSXNDb250YWluZXIgLWVxICRmYWxzZSkgLWFuZCAoJFBTSXRlbS5FeHRlbnNpb24gLWVxICcucHMxJyl9CgogIGZvcmVhY2ggKCRGYWN0c0ZpbGUgaW4gJEZhY3RzRmlsZXMpIHsKICAgICAgJG91dCA9ICYgJCgkRmFjdHNGaWxlLkZ1bGxOYW1lKQogICAgICAkcmVzdWx0LmFuc2libGVfZmFjdHMuQWRkKCJhbnNpYmxlXyQoKCRGYWN0c0ZpbGUuTmFtZSkuU3BsaXQoJy4nKVswXSkiLCAkb3V0KQogIH0KfQoKRnVuY3Rpb24gR2V0LU1hY2hpbmVTaWQgewogICAgIyBUaGUgTWFjaGluZSBTSUQgaXMgc3RvcmVkIGluIEhLTE06XFNFQ1VSSVRZXFNBTVxEb21haW5zXEFjY291bnQgYW5kIGlzCiAgICAjIG9ubHkgYWNjZXNzaWJsZSBieSB0aGUgTG9jYWwgU3lzdGVtIGFjY291bnQuIFRoaXMgbWV0aG9kIGdldCdzIHRoZSBsb2NhbAogICAgIyBhZG1pbiBhY2NvdW50IChlbmRzIHdpdGggLTUwMCkgYW5kIGxvcHMgaXQgb2ZmIHRvIGdldCB0aGUgbWFjaGluZSBzaWQuCgogICAgJGFkbWluc19zaWQgPSAiUy0xLTUtMzItNTQ0IgogICAgJGFkbWluX2dyb3VwID0gKFtTZWN1cml0eS5QcmluY2lwYWwuU2VjdXJpdHlJZGVudGlmaWVyXSRhZG1pbnNfc2lkKS5UcmFuc2xhdGUoW1NlY3VyaXR5LlByaW5jaXBhbC5OVEFjY291bnRdKS5WYWx1ZSAKCiAgICBBZGQtVHlwZSAtQXNzZW1ibHlOYW1lIFN5c3RlbS5EaXJlY3RvcnlTZXJ2aWNlcy5BY2NvdW50TWFuYWdlbWVudAogICAgJHByaW5jaXBhbF9jb250ZXh0ID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLkRpcmVjdG9yeVNlcnZpY2VzLkFjY291bnRNYW5hZ2VtZW50LlByaW5jaXBhbENvbnRleHQoW1N5c3RlbS5EaXJlY3RvcnlTZXJ2aWNlcy5BY2NvdW50TWFuYWdlbWVudC5Db250ZXh0VHlwZV06Ok1hY2hpbmUpCiAgICAkZ3JvdXBfcHJpbmNpcGFsID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLkRpcmVjdG9yeVNlcnZpY2VzLkFjY291bnRNYW5hZ2VtZW50Lkdyb3VwUHJpbmNpcGFsKCRwcmluY2lwYWxfY29udGV4dCwgJGFkbWluX2dyb3VwKQogICAgJHNlYXJjaGVyID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLkRpcmVjdG9yeVNlcnZpY2VzLkFjY291bnRNYW5hZ2VtZW50LlByaW5jaXBhbFNlYXJjaGVyKCRncm91cF9wcmluY2lwYWwpCiAgICAkZ3JvdXBzID0gJHNlYXJjaGVyLkZpbmRPbmUoKQoKICAgICRtYWNoaW5lX3NpZCA9ICRudWxsCiAgICBmb3JlYWNoICgkdXNlciBpbiAkZ3JvdXBzLk1lbWJlcnMpIHsKICAgICAgICAkdXNlcl9zaWQgPSAkdXNlci5TaWQKICAgICAgICBpZiAoJHVzZXJfc2lkLlZhbHVlLkVuZHNXaXRoKCItNTAwIikpIHsKICAgICAgICAgICAgJG1hY2hpbmVfc2lkID0gJHVzZXJfc2lkLkFjY291bnREb21haW5TaWQuVmFsdWUKICAgICAgICAgICAgYnJlYWsKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICRtYWNoaW5lX3NpZAp9CgokY2ltX2luc3RhbmNlcyA9IEB7fQoKRnVuY3Rpb24gR2V0LUxhenlDaW1JbnN0YW5jZShbc3RyaW5nXSRpbnN0YW5jZV9uYW1lLCBbc3RyaW5nXSRuYW1lc3BhY2U9IlJvb3RcQ0lNVjIiKSB7CiAgICBpZigtbm90ICRjaW1faW5zdGFuY2VzLkNvbnRhaW5zS2V5KCRpbnN0YW5jZV9uYW1lKSkgewogICAgICAgICRjaW1faW5zdGFuY2VzWyRpbnN0YW5jZV9uYW1lXSA9ICQoR2V0LUNpbUluc3RhbmNlIC1OYW1lc3BhY2UgJG5hbWVzcGFjZSAtQ2xhc3NOYW1lICRpbnN0YW5jZV9uYW1lKQogICAgfQoKICAgIHJldHVybiAkY2ltX2luc3RhbmNlc1skaW5zdGFuY2VfbmFtZV0KfQoKJHJlc3VsdCA9IEB7CiAgICBhbnNpYmxlX2ZhY3RzID0gQHsgfQogICAgY2hhbmdlZCA9ICRmYWxzZQp9CgokZ3JvdXBlZF9zdWJzZXRzID0gQHsKICAgIG1pbj1bU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuTGlzdFtzdHJpbmddXUAoJ2RhdGVfdGltZScsJ2Rpc3RyaWJ1dGlvbicsJ2RucycsJ2VudicsJ2xvY2FsJywncGxhdGZvcm0nLCdwb3dlcnNoZWxsX3ZlcnNpb24nLCd1c2VyJykKICAgIG5ldHdvcms9W1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkxpc3Rbc3RyaW5nXV1AKCdhbGxfaXB2NF9hZGRyZXNzZXMnLCdhbGxfaXB2Nl9hZGRyZXNzZXMnLCdpbnRlcmZhY2VzJywnd2luZG93c19kb21haW4nLCAnd2lucm0nKQogICAgaGFyZHdhcmU9W1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkxpc3Rbc3RyaW5nXV1AKCdiaW9zJywnbWVtb3J5JywncHJvY2Vzc29yJywndXB0aW1lJykKICAgIGV4dGVybmFsPVtTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5MaXN0W3N0cmluZ11dQCgnZmFjdGVyJykKfQoKIyBidWlsZCAiYWxsIiBzZXQgZnJvbSBldmVyeXRoaW5nIG1lbnRpb25lZCBpbiB0aGUgZ3JvdXAtIHRoaXMgbWVhbnMgZXZlcnkgdmFsdWUgbXVzdCBiZSBpbiBhdCBsZWFzdCBvbmUgc3Vic2V0IHRvIGJlIGNvbnNpZGVyZWQgbGVnYWwKJGFsbF9zZXQgPSBbU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuSGFzaFNldFtzdHJpbmddXUAoKQoKZm9yZWFjaCgka3YgaW4gJGdyb3VwZWRfc3Vic2V0cy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgIFt2b2lkXSAkYWxsX3NldC5VbmlvbldpdGgoJGt2LlZhbHVlKQp9CgojIGR5bmFtaWNhbGx5IGNyZWF0ZSBhbiAiYWxsIiBzdWJzZXQgbm93IHRoYXQgd2Uga25vdyB3aGF0IHNob3VsZCBiZSBpbiBpdAokZ3JvdXBlZF9zdWJzZXRzWydhbGwnXSA9IFtTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5MaXN0W3N0cmluZ11dJGFsbF9zZXQKCiMgc3RhcnQgd2l0aCBhbGwsIGJ1aWxkIHVwIGdhdGhlciBhbmQgZXhjbHVkZSBzdWJzZXRzCiRnYXRoZXJfc3Vic2V0ID0gW1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkhhc2hTZXRbc3RyaW5nXV0kZ3JvdXBlZF9zdWJzZXRzLmFsbAokZXhwbGljaXRfc3Vic2V0ID0gW1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkhhc2hTZXRbc3RyaW5nXV1AKCkKJGV4Y2x1ZGVfc3Vic2V0ID0gW1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkhhc2hTZXRbc3RyaW5nXV1AKCkKCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCiRmYWN0cGF0aCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmYWN0X3BhdGgiIC10eXBlICJwYXRoIgokZ2F0aGVyX3N1YnNldF9zb3VyY2UgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZ2F0aGVyX3N1YnNldCIgLXR5cGUgImxpc3QiIC1kZWZhdWx0ICJhbGwiCgpmb3JlYWNoKCRpdGVtIGluICRnYXRoZXJfc3Vic2V0X3NvdXJjZSkgewogICAgaWYoKFtzdHJpbmddJGl0ZW0pLlN0YXJ0c1dpdGgoIiEiKSkgewogICAgICAgICRpdGVtID0gKFtzdHJpbmddJGl0ZW0pLlN1YnN0cmluZygxKQogICAgICAgIGlmKCRpdGVtIC1lcSAiYWxsIikgewogICAgICAgICAgICAkYWxsX21pbnVzX21pbiA9IFtTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5IYXNoU2V0W3N0cmluZ11dQCgkYWxsX3NldCkKICAgICAgICAgICAgW3ZvaWRdICRhbGxfbWludXNfbWluLkV4Y2VwdFdpdGgoJGdyb3VwZWRfc3Vic2V0cy5taW4pCiAgICAgICAgICAgIFt2b2lkXSAkZXhjbHVkZV9zdWJzZXQuVW5pb25XaXRoKCRhbGxfbWludXNfbWluKQogICAgICAgIH0KICAgICAgICBlbHNlaWYoJGdyb3VwZWRfc3Vic2V0cy5Db250YWluc0tleSgkaXRlbSkpIHsKICAgICAgICAgICAgW3ZvaWRdICRleGNsdWRlX3N1YnNldC5VbmlvbldpdGgoJGdyb3VwZWRfc3Vic2V0c1skaXRlbV0pCiAgICAgICAgfQogICAgICAgIGVsc2VpZigkYWxsX3NldC5Db250YWlucygkaXRlbSkpIHsKICAgICAgICAgICAgW3ZvaWRdICRleGNsdWRlX3N1YnNldC5BZGQoJGl0ZW0pCiAgICAgICAgfQogICAgICAgICMgTkI6IGludmFsaWQgZXhjbHVkZSB2YWx1ZXMgYXJlIGlnbm9yZWQsIHNpbmNlIHRoYXQncyB3aGF0IHBvc2l4IHNldHVwIGRvZXMKICAgIH0KICAgIGVsc2UgewogICAgICAgIGlmKCRncm91cGVkX3N1YnNldHMuQ29udGFpbnNLZXkoJGl0ZW0pKSB7CiAgICAgICAgICAgIFt2b2lkXSAkZXhwbGljaXRfc3Vic2V0LlVuaW9uV2l0aCgkZ3JvdXBlZF9zdWJzZXRzWyRpdGVtXSkKICAgICAgICB9CiAgICAgICAgZWxzZWlmKCRhbGxfc2V0LkNvbnRhaW5zKCRpdGVtKSkgewogICAgICAgICAgICBbdm9pZF0gJGV4cGxpY2l0X3N1YnNldC5BZGQoJGl0ZW0pCiAgICAgICAgfQogICAgICAgIGVsc2UgewogICAgICAgICAgICAjIE5COiBQT1NJWCBzZXR1cCBmYWlscyBvbiBpbnZhbGlkIHZhbHVlOyB3ZSB3YXJuLCBiZWNhdXNlIHdlIGRvbid0IGltcGxlbWVudCB0aGUgc2FtZSBzZXQgYXMgUE9TSVgKICAgICAgICAgICAgIyBhbmQgd2UgZG9uJ3QgaGF2ZSBwbGF0Zm9ybS1zcGVjaWZpYyBjb25maWcgZm9yIHRoaXMuLi4KICAgICAgICAgICAgQWRkLVdhcm5pbmcgJHJlc3VsdCAiaW52YWxpZCB2YWx1ZSAkaXRlbSBzcGVjaWZpZWQgaW4gZ2F0aGVyX3N1YnNldCIKICAgICAgICB9CiAgICB9Cn0KClt2b2lkXSAkZ2F0aGVyX3N1YnNldC5FeGNlcHRXaXRoKCRleGNsdWRlX3N1YnNldCkKW3ZvaWRdICRnYXRoZXJfc3Vic2V0LlVuaW9uV2l0aCgkZXhwbGljaXRfc3Vic2V0KQoKJGFuc2libGVfZmFjdHMgPSBAewogICAgZ2F0aGVyX3N1YnNldD1AKCRnYXRoZXJfc3Vic2V0X3NvdXJjZSkKICAgIG1vZHVsZV9zZXR1cD0kdHJ1ZQp9Cgokb3N2ZXJzaW9uID0gW0Vudmlyb25tZW50XTo6T1NWZXJzaW9uCgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygnYWxsX2lwdjRfYWRkcmVzc2VzJykgLW9yICRnYXRoZXJfc3Vic2V0LkNvbnRhaW5zKCdhbGxfaXB2Nl9hZGRyZXNzZXMnKSkgewogICAgJG5ldGNmZyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfTmV0d29ya0FkYXB0ZXJDb25maWd1cmF0aW9uCiAgICAKICAgICMgVE9ETzogc3BsaXQgdjQvdjYgcHJvcGVybHksIHJldHVybiBpbiBzZXBhcmF0ZSBrZXlzCiAgICAkaXBzID0gQCgpCiAgICBGb3JlYWNoICgkaXAgaW4gJG5ldGNmZy5JUEFkZHJlc3MpIHsKICAgICAgICBJZiAoJGlwKSB7CiAgICAgICAgICAgICRpcHMgKz0gJGlwCiAgICAgICAgfQogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9pcF9hZGRyZXNzZXMgPSAkaXBzCiAgICB9Cn0KCmlmKCRnYXRoZXJfc3Vic2V0LkNvbnRhaW5zKCdiaW9zJykpIHsKICAgICR3aW4zMl9iaW9zID0gR2V0LUxhenlDaW1JbnN0YW5jZSBXaW4zMl9CaW9zCiAgICAkd2luMzJfY3MgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX0NvbXB1dGVyU3lzdGVtCiAgICAkYW5zaWJsZV9mYWN0cyArPSBAewogICAgICAgIGFuc2libGVfYmlvc19kYXRlID0gJHdpbjMyX2Jpb3MuUmVsZWFzZURhdGUuVG9TdHJpbmcoIk1NL2RkL3l5eXkiKQogICAgICAgIGFuc2libGVfYmlvc192ZXJzaW9uID0gJHdpbjMyX2Jpb3MuU01CSU9TQklPU1ZlcnNpb24KICAgICAgICBhbnNpYmxlX3Byb2R1Y3RfbmFtZSA9ICR3aW4zMl9jcy5Nb2RlbC5UcmltKCkKICAgICAgICBhbnNpYmxlX3Byb2R1Y3Rfc2VyaWFsID0gJHdpbjMyX2Jpb3MuU2VyaWFsTnVtYmVyCiAgICAgICAgIyBhbnNpYmxlX3Byb2R1Y3RfdmVyc2lvbiA9IChbc3RyaW5nXSAkd2luMzJfY3MuU3lzdGVtRmFtaWx5KQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygnZGF0ZV90aW1lJykpIHsKICAgICRkYXRldGltZSA9IChHZXQtRGF0ZSkKICAgICRkYXRldGltZV91dGMgPSAkZGF0ZXRpbWUuVG9Vbml2ZXJzYWxUaW1lKCkKICAgICRkYXRlID0gQHsKICAgICAgICBkYXRlID0gJGRhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIikKICAgICAgICBkYXkgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoImRkIikKICAgICAgICBlcG9jaCA9IChHZXQtRGF0ZSAtVUZvcm1hdCAiJXMiKQogICAgICAgIGhvdXIgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoIkhIIikKICAgICAgICBpc284NjAxID0gJGRhdGV0aW1lX3V0Yy5Ub1N0cmluZygieXl5eS1NTS1kZFRISDptbTpzc1oiKQogICAgICAgIGlzbzg2MDFfYmFzaWMgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXlNTWRkVEhIbW1zc2ZmZmZmZiIpCiAgICAgICAgaXNvODYwMV9iYXNpY19zaG9ydCA9ICRkYXRldGltZS5Ub1N0cmluZygieXl5eU1NZGRUSEhtbXNzIikKICAgICAgICBpc284NjAxX21pY3JvID0gJGRhdGV0aW1lX3V0Yy5Ub1N0cmluZygieXl5eS1NTS1kZFRISDptbTpzcy5mZmZmZmZaIikKICAgICAgICBtaW51dGUgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoIm1tIikKICAgICAgICBtb250aCA9ICRkYXRldGltZS5Ub1N0cmluZygiTU0iKQogICAgICAgIHNlY29uZCA9ICRkYXRldGltZS5Ub1N0cmluZygic3MiKQogICAgICAgIHRpbWUgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoIkhIOm1tOnNzIikKICAgICAgICB0eiA9IChbU3lzdGVtLlRpbWVab25lSW5mb106OkxvY2FsLklkKQogICAgICAgIHR6X29mZnNldCA9ICRkYXRldGltZS5Ub1N0cmluZygienp6eiIpCiAgICAgICAgIyBFbnN1cmUgdGhhdCB0aGUgd2Vla2RheSBpcyBpbiBFbmdsaXNoCiAgICAgICAgd2Vla2RheSA9ICRkYXRldGltZS5Ub1N0cmluZygiZGRkZCIsIFtTeXN0ZW0uR2xvYmFsaXphdGlvbi5DdWx0dXJlSW5mb106OkludmFyaWFudEN1bHR1cmUpCiAgICAgICAgd2Vla2RheV9udW1iZXIgPSAoR2V0LURhdGUgLVVGb3JtYXQgIiV3IikKICAgICAgICB3ZWVrbnVtYmVyID0gKEdldC1EYXRlIC1VRm9ybWF0ICIlVyIpCiAgICAgICAgeWVhciA9ICRkYXRldGltZS5Ub1N0cmluZygieXl5eSIpCiAgICB9CgogICAgJGFuc2libGVfZmFjdHMgKz0 ScriptBlock ID: 41acf53b-4f9a-4816-a188-d77c85e2dcc3 Path:	4104	1		3	2	15	0	1772	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4224	5024	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:45 PM	7f70462d-725d-0004-1d6b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAg ScriptBlock ID: 41acf53b-4f9a-4816-a188-d77c85e2dcc3 Path:	4104	1		3	2	15	0	1771	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4224	5024	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:45 PM	7f70462d-725d-0004-1d6b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1770	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4224	4928	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:45 PM	7f70462d-725d-0003-1a92-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4224 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1769	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4224	4036	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:45 PM	7f70462d-725d-0003-1a92-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1768	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4224	4928	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:45 PM	7f70462d-725d-0003-1a92-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 33235103-20dd-4629-95bb-b95cf617345c Path:	4104	1		3	2	15	0	1767	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	836	4052	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:08 PM	7f70462d-725d-0001-f554-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: a1b0106a-68c7-4f36-ac41-c845c5997f64 Path:	4104	1		3	2	15	0	1766	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	836	4052	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:07 PM	7f70462d-725d-0003-0f92-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 5): b24gLXN2YyAkc3ZjCn0gZWxzZSB7CiAgICAkcmVzdWx0LmV4aXN0cyA9ICRmYWxzZQogICAgaWYgKCRzdGF0ZSAtbmUgJ2Fic2VudCcpIHsKICAgICAgICAjIENoZWNrIGlmIHBhdGggaXMgZGVmaW5lZCwgaWYgc28gY3JlYXRlIHRoZSBzZXJ2aWNlCiAgICAgICAgaWYgKCRwYXRoIC1uZSAkbnVsbCkgewogICAgICAgICAgICB0cnkgewogICAgICAgICAgICAgICAgTmV3LVNlcnZpY2UgLU5hbWUgJG5hbWUgLUJpbmFyeVBhdGhuYW1lICRwYXRoIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAkXy5FeGNlcHRpb24uTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCgogICAgICAgICAgICAkc3ZjID0gR2V0LVNlcnZpY2UgfCBXaGVyZS1PYmplY3QgeyAkXy5OYW1lIC1lcSAkbmFtZSB9CiAgICAgICAgICAgIFNldC1TZXJ2aWNlQ29uZmlndXJhdGlvbiAtc3ZjICRzdmMKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAjIFdlIHdpbGwgb25seSByZWFjaCBoZXJlIGlmIHRoZSBzZXJ2aWNlIGlzIGluc3RhbGxlZCBhbmQgdGhlIHN0YXRlIGlzIG5vdCBhYnNlbnQKICAgICAgICAgICAgIyBXaWxsIGNoZWNrIGlmIGFueSBvZiB0aGUgZGVmYXVsdCBhY3Rpb25zIGFyZSBzZXQgYW5kIGZhaWwgYXMgd2UgY2Fubm90IGFjdGlvbiBpdAogICAgICAgICAgICBpZiAoJHN0YXJ0X21vZGUgLW5lICRudWxsIC1vcgogICAgICAgICAgICAgICAgJHN0YXRlIC1uZSAkbnVsbCAtb3IKICAgICAgICAgICAgICAgICR1c2VybmFtZSAtbmUgJG51bGwgLW9yCiAgICAgICAgICAgICAgICAkcGFzc3dvcmQgLW5lICRudWxsIC1vcgogICAgICAgICAgICAgICAgJGRpc3BsYXlfbmFtZSAtbmUgJG51bGwgLW9yCiAgICAgICAgICAgICAgICAkZGVzY3JpcHRpb24gLW5lICRudWxsIC1vcgogICAgICAgICAgICAgICAgJGRlc2t0b3BfaW50ZXJhY3QgLW5lICRmYWxzZSAtb3IKICAgICAgICAgICAgICAgICRkZXBlbmRlbmNpZXMgLW5lICRudWxsIC1vcgogICAgICAgICAgICAgICAgJGRlcGVuZGVuY3lfYWN0aW9uIC1uZSAnc2V0JykgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJTZXJ2aWNlICckbmFtZScgaXMgbm90IGluc3RhbGxlZCwgbmVlZCB0byBzZXQgJ3BhdGgnIHRvIGNyZWF0ZSBhIG5ldyBzZXJ2aWNlIgogICAgICAgICAgICB9CiAgICAgICAgfQogICAgfQp9CgojIEFmdGVyIG1ha2luZyBhIGNoYW5nZSwgbGV0J3MgZ2V0IHRoZSBzZXJ2aWNlIGluZm8gYWdhaW4gdW5sZXNzIHdlIGRlbGV0ZWQgaXQKaWYgKCRzdGF0ZSAtZXEgJ2Fic2VudCcpIHsKICAgICMgUmVjcmVhdGUgcmVzdWx0IHNvIGl0IGRvZXNuJ3QgaGF2ZSB0aGUgZXh0cmEgbWV0YSBkYXRhIG5vdyB0aGF0IGlzIGhhcyBiZWVuIGRlbGV0ZWQKICAgICRjaGFuZ2VkID0gJHJlc3VsdC5jaGFuZ2VkCiAgICAkcmVzdWx0ID0gQHsKICAgICAgICBjaGFuZ2VkID0gJGNoYW5nZWQKICAgICAgICBleGlzdHMgPSAkZmFsc2UKICAgIH0KfSBlbHNlaWYgKCRzdmMgLW5lICRudWxsKSB7CiAgICBHZXQtU2VydmljZUluZm8gLW5hbWUgJG5hbWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "_ansible_check_mode": false, "display_name": "neutron-hyperv-agent", "_ansible_module_name": "win_service", "state": "started", "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "username": "LocalSystem", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "description": "OpenStack Neutron Hyper-V Agent Service", "_ansible_syslog_facility": "LOG_USER", "_ansible_keep_remote_files": false, "_ansible_socket": null, "path": "c:\\openstack\\bin\\OpenStackService.exe neutron-hyperv-agent c:\\python37\\scripts\\neutron-hyperv-agent.exe --config-file c:\\openstack\\etc\\neutron-hyperv-agent.conf", "password": "", "_ansible_no_log": false, "name": "neutron-hyperv-agent", "start_mode": "auto", "_ansible_verbosity": 2, "_ansible_diff": false, "_ansible_remote_tmp": "%TEMP%", "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 9045486e-4735-46d9-b5f7-ad029c3b19d2 Path:	4104	1		3	2	15	0	1765	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	836	4052	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:07 PM	7f70462d-725d-0003-0992-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 5): SAtV2hhdElmOiRjaGVja19tb2RlCiAgICAgICAgICAgICMgT3JpZ2luYWwgc3RhcnQgdXAgdHlwZSB3YXMgbm90IGF1dG8gb3IgYXV0byAoZGVsYXllZCksIG5lZWQgdG8gY2hhbmdlIHRvIGF1dG8gYW5kIGFkZCBkZWxheWVkIGtleQogICAgICAgICAgICB9IGVsc2VpZiAoJHN0YXJ0X21vZGUgLWVxICdkZWxheWVkJykgewogICAgICAgICAgICAgICAgJHN2YyB8IFNldC1TZXJ2aWNlIC1TdGFydHVwVHlwZSAiYXV0byIgLVdoYXRJZjokY2hlY2tfbW9kZQogICAgICAgICAgICAgICAgU2V0LUl0ZW1Qcm9wZXJ0eSAtTGl0ZXJhbFBhdGggJGRlbGF5ZWRfa2V5IC1OYW1lICJEZWxheWVkQXV0b3N0YXJ0IiAtVmFsdWUgMSAtV2hhdElmOiRjaGVja19tb2RlCiAgICAgICAgICAgICMgT3JpZ2luYWwgc3RhcnQgdXAgdHlwZSB3YXMgbm90IHdoYXQgd2Ugd2VyZSBsb29raW5nIGZvciwganVzdCBjaGFuZ2UgdG8gdGhhdCB0eXBlCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICAkc3ZjIHwgU2V0LVNlcnZpY2UgLVN0YXJ0dXBUeXBlICRzdGFydF9tb2RlIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAgICAgfQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAkXy5FeGNlcHRpb24uTWVzc2FnZQogICAgICAgIH0KICAgICAgICAKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQp9CgpGdW5jdGlvbiBTZXQtU2VydmljZUFjY291bnQoJHdtaV9zdmMsICR1c2VybmFtZV9zaWQsICR1c2VybmFtZSwgJHBhc3N3b3JkKSB7CiAgICBpZiAoJHJlc3VsdC51c2VybmFtZSAtZXEgIkxvY2FsU3lzdGVtIikgewogICAgICAgICRhY3R1YWxfc2lkID0gIlMtMS01LTE4IgogICAgfSBlbHNlIHsKICAgICAgICAkYWN0dWFsX3NpZCA9IENvbnZlcnQtVG9TSUQgLWFjY291bnRfbmFtZSAkcmVzdWx0LnVzZXJuYW1lCiAgICB9CgogICAgaWYgKCRhY3R1YWxfc2lkIC1uZSAkdXNlcm5hbWVfc2lkKSB7CiAgICAgICAgJGNoYW5nZV9hcmd1bWVudHMgPSBAewogICAgICAgICAgICBTdGFydE5hbWUgPSAkdXNlcm5hbWUKICAgICAgICAgICAgU3RhcnRQYXNzd29yZCA9ICRwYXNzd29yZAogICAgICAgICAgICBEZXNrdG9wSW50ZXJhY3QgPSAkcmVzdWx0LmRlc2t0b3BfaW50ZXJhY3QKICAgICAgICB9CiAgICAgICAgIyBuZWVkIHRvIGRpc2FibGUgZGVza3RvcCBpbnRlcmFjdCB3aGVuIG5vdCB1c2luZyB0aGUgU1lTVEVNIGFjY291bnQKICAgICAgICBpZiAoJHVzZXJuYW1lX3NpZCAtbmUgIlMtMS01LTE4IikgewogICAgICAgICAgICAkY2hhbmdlX2FyZ3VtZW50cy5EZXNrdG9wSW50ZXJhY3QgPSAkZmFsc2UKICAgICAgICB9CgogICAgICAgICNXTUkuQ2hhbmdlIGRvZXNuJ3Qgc3VwcG9ydCAtV2hhdElmLCBjYW5ub3QgZnVsbHkgdGVzdCB3aXRoIGNoZWNrX21vZGUKICAgICAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSkgewogICAgICAgICAgICAkcmV0dXJuID0gJHdtaV9zdmMgfCBJbnZva2UtQ2ltTWV0aG9kIC1NZXRob2ROYW1lIENoYW5nZSAtQXJndW1lbnRzICRjaGFuZ2VfYXJndW1lbnRzCiAgICAgICAgICAgIGlmICgkcmV0dXJuLlJldHVyblZhbHVlIC1uZSAwKSB7CiAgICAgICAgICAgICAgICAkZXJyb3JfbXNnID0gR2V0LVdtaUVycm9yTWVzc2FnZSAtcmV0dXJuX3ZhbHVlICRyZXN1bHQuUmV0dXJuVmFsdWUKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBzZXQgc2VydmljZSBhY2NvdW50IHRvICQoJHVzZXJuYW1lKTogJCgkcmV0dXJuLlJldHVyblZhbHVlKSAtICRlcnJvcl9tc2ciCiAgICAgICAgICAgIH0KICAgICAgICB9ICAgICAgICAKCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VEZXNrdG9wSW50ZXJhY3QoJHdtaV9zdmMsICRkZXNrdG9wX2ludGVyYWN0KSB7CiAgICBpZiAoJHJlc3VsdC5kZXNrdG9wX2ludGVyYWN0IC1uZSAkZGVza3RvcF9pbnRlcmFjdCkgewogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICRyZXR1cm4gPSAkd21pX3N2YyB8IEludm9rZS1DaW1NZXRob2QgLU1ldGhvZE5hbWUgQ2hhbmdlIC1Bcmd1bWVudHMgQHtEZXNrdG9wSW50ZXJhY3QgPSAkZGVza3RvcF9pbnRlcmFjdH0KICAgICAgICAgICAgaWYgKCRyZXR1cm4uUmV0dXJuVmFsdWUgLW5lIDApIHsKICAgICAgICAgICAgICAgICRlcnJvcl9tc2cgPSBHZXQtV21pRXJyb3JNZXNzYWdlIC1yZXR1cm5fdmFsdWUgJHJldHVybi5SZXR1cm5WYWx1ZQogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRmFpbGVkIHRvIHNldCBkZXNrdG9wIGludGVyYWN0ICQoJGRlc2t0b3BfaW50ZXJhY3QpOiAkKCRyZXR1cm4uUmV0dXJuVmFsdWUpIC0gJGVycm9yX21zZyIKICAgICAgICAgICAgfQogICAgICAgIH0KCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VEaXNwbGF5TmFtZSgkc3ZjLCAkZGlzcGxheV9uYW1lKSB7CiAgICBpZiAoJHJlc3VsdC5kaXNwbGF5X25hbWUgLW5lICRkaXNwbGF5X25hbWUpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICAkc3ZjIHwgU2V0LVNlcnZpY2UgLURpc3BsYXlOYW1lICRkaXNwbGF5X25hbWUgLVdoYXRJZjokY2hlY2tfbW9kZQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAkXy5FeGNlcHRpb24uTWVzc2FnZQogICAgICAgIH0KICAgICAgICAKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQp9CgpGdW5jdGlvbiBTZXQtU2VydmljZURlc2NyaXB0aW9uKCRzdmMsICRkZXNjcmlwdGlvbikgewogICAgaWYgKCRyZXN1bHQuZGVzY3JpcHRpb24gLW5lICRkZXNjcmlwdGlvbikgewogICAgICAgIHRyeSB7CiAgICAgICAgICAgICRzdmMgfCBTZXQtU2VydmljZSAtRGVzY3JpcHRpb24gJGRlc2NyaXB0aW9uIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICB9CiAgICAgICAgCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VQYXRoKCRuYW1lLCAkcGF0aCkgewogICAgaWYgKCRyZXN1bHQucGF0aCAtbmUgJHBhdGgpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICBTZXQtSXRlbVByb3BlcnR5IC1MaXRlcmFsUGF0aCAiSEtMTTpcU3lzdGVtXEN1cnJlbnRDb250cm9sU2V0XFNlcnZpY2VzXCRuYW1lIiAtTmFtZSBJbWFnZVBhdGggLVZhbHVlICRwYXRoIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICB9CiAgICAgICAgCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VEZXBlbmRlbmNpZXMoJHdtaV9zdmMsICRkZXBlbmRlbmN5X2FjdGlvbiwgJGRlcGVuZGVuY2llcykgewogICAgJGV4aXN0aW5nX2RlcGVuZGVuY2llcyA9ICRyZXN1bHQuZGVwZW5kZW5jaWVzCiAgICBbU3lzdGVtLkNvbGxlY3Rpb25zLkFycmF5TGlzdF0kbmV3X2RlcGVuZGVuY2llcyA9IEAoKQoKICAgIGlmICgkZGVwZW5kZW5jeV9hY3Rpb24gLWVxICdzZXQnKSB7CiAgICAgICAgZm9yZWFjaCAoJGRlcGVuZGVuY3kgaW4gJGRlcGVuZGVuY2llcykgewogICAgICAgICAgICAkbmV3X2RlcGVuZGVuY2llcy5BZGQoJGRlcGVuZGVuY3kpCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkbmV3X2RlcGVuZGVuY2llcyA9ICRleGlzdGluZ19kZXBlbmRlbmNpZXMKICAgICAgICBmb3JlYWNoICgkZGVwZW5kZW5jeSBpbiAkZGVwZW5kZW5jaWVzKSB7CiAgICAgICAgICAgIGlmICgkZGVwZW5kZW5jeV9hY3Rpb24gLWVxICdyZW1vdmUnKSB7CiAgICAgICAgICAgICAgICBpZiAoJG5ld19kZXBlbmRlbmNpZXMgLWNvbnRhaW5zICRkZXBlbmRlbmN5KSB7CiAgICAgICAgICAgICAgICAgICAgJG5ld19kZXBlbmRlbmNpZXMuUmVtb3ZlKCRkZXBlbmRlbmN5KQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9IGVsc2VpZiAoJGRlcGVuZGVuY3lfYWN0aW9uIC1lcSAnYWRkJykgewogICAgICAgICAgICAgICAgaWYgKCRuZXdfZGVwZW5kZW5jaWVzIC1ub3Rjb250YWlucyAkZGVwZW5kZW5jeSkgewogICAgICAgICAgICAgICAgICAgICRuZXdfZGVwZW5kZW5jaWVzLkFkZCgkZGVwZW5kZW5jeSkKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KCiAgICAkd2lsbF9jaGFuZ2UgPSAkZmFsc2UKICAgIGZvcmVhY2ggKCRkZXBlbmRlbmN5IGluICRuZXdfZGVwZW5kZW5jaWVzKSB7CiAgICAgICAgaWYgKCRleGlzdGluZ19kZXBlbmRlbmNpZXMgLW5vdGNvbnRhaW5zICRkZXBlbmRlbmN5KSB7CiAgICAgICAgICAgICR3aWxsX2NoYW5nZSA9ICR0cnVlCiAgICAgICAgfQogICAgfQogICAgZm9yZWFjaCAoJGRlcGVuZGVuY3kgaW4gJGV4aXN0aW5nX2RlcGVuZGVuY2llcykgewogICAgICAgIGlmICgkbmV3X2RlcGVuZGVuY2llcyAtbm90Y29udGFpbnMgJGRlcGVuZGVuY3kpIHsKICAgICAgICAgICAgJHdpbGxfY2hhbmdlID0gJHRydWUKICAgICAgICB9CiAgICB9CgogICAgaWYgKCR3aWxsX2NoYW5nZSAtZXEgJHRydWUpIHsKICAgICAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSkgewogICAgICAgICAgICAkcmV0dXJuID0gJHdtaV9zdmMgfCBJbnZva2UtQ2ltTWV0aG9kIC1NZXRob2ROYW1lIENoYW5nZSAtQXJndW1lbnRzIEB7U2VydmljZURlcGVuZGVuY2llcyA9ICRuZXdfZGVwZW5kZW5jaWVzfQogICAgICAgICAgICBpZiAoJHJldHVybi5SZXR1cm5WYWx1ZSAtbmUgMCkgewogICAgICAgICAgICAgICAgJGVycm9yX21zZyA9IEdldC1XbWlFcnJvck1lc3NhZ2UgLXJldHVybl92YWx1ZSAkcmV0dXJuLlJldHVyblZhbHVlCiAgICAgICAgICAgICAgICAkZGVwX3N0cmluZyA9ICRuZXdfZGVwZW5kZW5jaWVzIC1qb2luICIsICIKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBzZXQgc2VydmljZSBkZXBlbmRlbmNpZXMgJCgkZGVwX3N0cmluZyk6ICQoJHJldHVybi5SZXR1cm5WYWx1ZSkgLSAkZXJyb3JfbXNnIgogICAgICAgICAgICB9CiAgICAgICAgfQogICAgICAgIAogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIFNldC1TZXJ2aWNlU3RhdGUoJHN2YywgJHdtaV9zdmMsICRzdGF0ZSkgewogICAgaWYgKCRzdGF0ZSAtZXEgInN0YXJ0ZWQiIC1hbmQgJHJlc3VsdC5zdGF0ZSAtbmUgInJ1bm5pbmciKSB7CiAgICAgICAgaWYgKCRyZXN1bHQuc3RhdGUgLWVxICJwYXVzZWQiKSB7CiAgICAgICAgICAgIHRyeSB7CiAgICAgICAgICAgICAgICAkc3ZjIHwgUmVzdW1lLVNlcnZpY2UgLVdoYXRJZjokY2hlY2tfbW9kZQogICAgICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJmYWlsZWQgdG8gc3RhcnQgc2VydmljZSBmcm9tIHBhdXNlZCBzdGF0ZSAkKCRzdmMuTmFtZSk6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgdHJ5IHsKICAgICAgICAgICAgICAgICRzdmMgfCBTdGFydC1TZXJ2aWNlIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAkXy5FeGNlcHRpb24uTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfQogICAgICAgIAogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgaWYgKCRzdGF0ZSAtZXEgInN0b3BwZWQiIC1hbmQgJHJlc3VsdC5zdGF0ZSAtbmUgInN0b3BwZWQiKSB7CiAgICAgICAgdHJ5IHsKICAgICAgICAgICAgJHN2YyB8IFN0b3AtU2VydmljZSAtRm9yY2U6JGZvcmNlX2RlcGVuZGVudF9zZXJ2aWNlcyAtV2hhdElmOiRjaGVja19tb2RlCiAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICRfLkV4Y2VwdGlvbi5NZXNzYWdlCiAgICAgICAgfQogICAgICAgIAogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgaWYgKCRzdGF0ZSAtZXEgInJlc3RhcnRlZCIpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICAkc3ZjIHwgUmVzdGFydC1TZXJ2aWNlIC1Gb3JjZTokZm9yY2VfZGVwZW5kZW50X3NlcnZpY2VzIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICB9CiAgICAgICAgCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KCiAgICBpZiAoJHN0YXRlIC1lcSAicGF1c2VkIiAtYW5kICRyZXN1bHQuc3RhdGUgLW5lICJwYXVzZWQiKSB7CiAgICAgICAgIyBjaGVjayB0aGF0IHdlIGNhbiBhY3R1YWxseSBwYXVzZSB0aGUgc2VydmljZQogICAgICAgIGlmICgkcmVzdWx0LmNhbl9wYXVzZV9hbmRfY29udGludWUgLWVxICRmYWxzZSkgewogICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAiZmFpbGVkIHRvIHBhdXNlIHNlcnZpY2UgJCgkc3ZjLk5hbWUpOiBUaGUgc2VydmljZSBkb2VzIG5vdCBzdXBwb3J0IHBhdXNpbmciCiAgICAgICAgfQoKICAgICAgICB0cnkgewogICAgICAgICAgICAkc3ZjIHwgU3VzcGVuZC1TZXJ2aWNlIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgImZhaWxlZCB0byBwYXVzZSBzZXJ2aWNlICQoJHN2Yy5OYW1lKTogJCgkXy5FeGNlcHRpb24uTWVzc2FnZSkiCiAgICAgICAgfQogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgaWYgKCRzdGF0ZSAtZXEgImFic2VudCIpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICAkc3ZjIHwgU3RvcC1TZXJ2aWNlIC1Gb3JjZTokZm9yY2VfZGVwZW5kZW50X3NlcnZpY2VzIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICB9CiAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgJHJldHVybiA9ICR3bWlfc3ZjIHwgSW52b2tlLUNpbU1ldGhvZCAtTWV0aG9kTmFtZSBEZWxldGUKICAgICAgICAgICAgaWYgKCRyZXR1cm4uUmV0dXJuVmFsdWUgLW5lIDApIHsKICAgICAgICAgICAgICAgICRlcnJvcl9tc2cgPSBHZXQtV21pRXJyb3JNZXNzYWdlIC1yZXR1cm5fdmFsdWUgJHJldHVybi5SZXR1cm5WYWx1ZQogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRmFpbGVkIHRvIGRlbGV0ZSBzZXJ2aWNlICQoJHN2Yy5OYW1lKTogJCgkcmV0dXJuLlJldHVyblZhbHVlKSAtICRlcnJvcl9tc2ciCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VDb25maWd1cmF0aW9uKCRzdmMpIHsKICAgICR3bWlfc3ZjID0gR2V0LUNpbUluc3RhbmNlIC1DbGFzc05hbWUgV2luMzJfU2VydmljZSAtRmlsdGVyICJuYW1lPSckKCRzdmMuTmFtZSknIgogICAgR2V0LVNlcnZpY2VJbmZvIC1uYW1lICRzdmMuTmFtZQogICAgaWYgKCRkZXNrdG9wX2ludGVyYWN0IC1lcSAkdHJ1ZSAtYW5kICgtbm90ICgkcmVzdWx0LnVzZXJuYW1lIC1lcSAnTG9jYWxTeXN0ZW0nIC1vciAkdXNlcm5hbWUgLWVxICdMb2NhbFN5c3RlbScpKSkgewogICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJDYW4gb25seSBzZXQgZGVza3RvcF9pbnRlcmFjdCB0byB0cnVlIHdoZW4gc2VydmljZSBpcyBydW4gd2l0aC9vciAndXNlcm5hbWUnIGVxdWFscyAnTG9jYWxTeXN0ZW0nIgogICAgfQoKICAgIGlmICgkc3RhcnRfbW9kZSAtbmUgJG51bGwpIHsKICAgICAgICBTZXQtU2VydmljZVN0YXJ0TW9kZSAtc3ZjICRzdmMgLXN0YXJ0X21vZGUgJHN0YXJ0X21vZGUKICAgIH0KCiAgICBpZiAoJHVzZXJuYW1lIC1uZSAkbnVsbCkgewogICAgICAgIFNldC1TZXJ2aWNlQWNjb3VudCAtd21pX3N2YyAkd21pX3N2YyAtdXNlcm5hbWVfc2lkICR1c2VybmFtZV9zaWQgLXVzZXJuYW1lICR1c2VybmFtZSAtcGFzc3dvcmQgJHBhc3N3b3JkCiAgICB9CgogICAgaWYgKCRkaXNwbGF5X25hbWUgLW5lICRudWxsKSB7CiAgICAgICAgU2V0LVNlcnZpY2VEaXNwbGF5TmFtZSAtc3ZjICRzdmMgLWRpc3BsYXlfbmFtZSAkZGlzcGxheV9uYW1lCiAgICB9CgogICAgaWYgKCRkZXNrdG9wX2ludGVyYWN0IC1uZSAkbnVsbCkgewogICAgICAgIFNldC1TZXJ2aWNlRGVza3RvcEludGVyYWN0IC13bWlfc3ZjICR3bWlfc3ZjIC1kZXNrdG9wX2ludGVyYWN0ICRkZXNrdG9wX2ludGVyYWN0CiAgICB9CgogICAgaWYgKCRkZXNjcmlwdGlvbiAtbmUgJG51bGwpIHsKICAgICAgICBTZXQtU2VydmljZURlc2NyaXB0aW9uIC1zdmMgJHN2YyAtZGVzY3JpcHRpb24gJGRlc2NyaXB0aW9uCiAgICB9CgogICAgaWYgKCRwYXRoIC1uZSAkbnVsbCkgewogICAgICAgIFNldC1TZXJ2aWNlUGF0aCAtbmFtZSAkc3ZjLk5hbWUgLXBhdGggJHBhdGgKICAgIH0KCiAgICBpZiAoJGRlcGVuZGVuY2llcyAtbmUgJG51bGwpIHsKICAgICAgICBTZXQtU2VydmljZURlcGVuZGVuY2llcyAtd21pX3N2YyAkd21pX3N2YyAtZGVwZW5kZW5jeV9hY3Rpb24gJGRlcGVuZGVuY3lfYWN0aW9uIC1kZXBlbmRlbmNpZXMgJGRlcGVuZGVuY2llcwogICAgfQoKICAgIGlmICgkc3RhdGUgLW5lICRudWxsKSB7CiAgICAgICAgU2V0LVNlcnZpY2VTdGF0ZSAtc3ZjICRzdmMgLXdtaV9zdmMgJHdtaV9zdmMgLXN0YXRlICRzdGF0ZQogICAgfQp9CgojIG5lZWQgdG8gdXNlIFdoZXJlLU9iamVjdCBhcyAtTmFtZSBkb2Vzbid0IHdvcmsgd2l0aCBbXSBpbiB0aGUgc2VydmljZSBuYW1lCiMgaHR0cHM6Ly9naXRodWIuY29tL2Fuc2libGUvYW5zaWJsZS9pc3N1ZXMvMzc2MjEKJHN2YyA9IEdldC1TZXJ2aWNlIHwgV2hlcmUtT2JqZWN0IHsgJF8uTmFtZSAtZXEgJG5hbWUgLW9yICRfLkRpc3BsYXlOYW1lIC1lcSAkbmFtZSB9CmlmICgkc3ZjKSB7CiAgICBTZXQtU2VydmljZUNvbmZpZ3VyYXRp ScriptBlock ID: 9045486e-4735-46d9-b5f7-ad029c3b19d2 Path:	4104	1		3	2	15	0	1764	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	836	4052	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:07 PM	7f70462d-725d-0003-0992-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 5): gICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTQsIENocmlzIEhvZmZtYW4gPGNob2ZmbWFuQGNoYXRoYW1maW5hbmNpYWwuY29tPgojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5TSUQKCiRFcnJvckFjdGlvblByZWZlcmVuY2UgPSAiU3RvcCIKCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCiRjaGVja19tb2RlID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgJ19hbnNpYmxlX2NoZWNrX21vZGUnIC10eXBlICdib29sJyAtZGVmYXVsdCAkZmFsc2UKCiRkZXBlbmRlbmNpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnZGVwZW5kZW5jaWVzJyAtdHlwZSAnbGlzdCcgLWRlZmF1bHQgJG51bGwKJGRlcGVuZGVuY3lfYWN0aW9uID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgJ2RlcGVuZGVuY3lfYWN0aW9uJyAtdHlwZSAnc3RyJyAtZGVmYXVsdCAnc2V0JyAtdmFsaWRhdGVzZXQgJ2FkZCcsJ3JlbW92ZScsJ3NldCcgCiRkZXNjcmlwdGlvbiA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICdkZXNjcmlwdGlvbicgLXR5cGUgJ3N0cicKJGRlc2t0b3BfaW50ZXJhY3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnZGVza3RvcF9pbnRlcmFjdCcgLXR5cGUgJ2Jvb2wnIC1kZWZhdWx0ICRmYWxzZQokZGlzcGxheV9uYW1lID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgJ2Rpc3BsYXlfbmFtZScgLXR5cGUgJ3N0cicKJGZvcmNlX2RlcGVuZGVudF9zZXJ2aWNlcyA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICdmb3JjZV9kZXBlbmRlbnRfc2VydmljZXMnIC10eXBlICdib29sJyAtZGVmYXVsdCAkZmFsc2UKJG5hbWUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnbmFtZScgLXR5cGUgJ3N0cicgLWZhaWxpZmVtcHR5ICR0cnVlCiRwYXNzd29yZCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICdwYXNzd29yZCcgLXR5cGUgJ3N0cicKJHBhdGggPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAncGF0aCcKJHN0YXJ0X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnc3RhcnRfbW9kZScgLXR5cGUgJ3N0cicgLXZhbGlkYXRlc2V0ICdhdXRvJywnbWFudWFsJywnZGlzYWJsZWQnLCdkZWxheWVkJwokc3RhdGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnc3RhdGUnIC10eXBlICdzdHInIC12YWxpZGF0ZXNldCAnc3RhcnRlZCcsJ3N0b3BwZWQnLCdyZXN0YXJ0ZWQnLCdhYnNlbnQnLCdwYXVzZWQnCiR1c2VybmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICd1c2VybmFtZScgLXR5cGUgJ3N0cicKCiRyZXN1bHQgPSBAewogICAgY2hhbmdlZCA9ICRmYWxzZQp9CgojIHBhcnNlIHRoZSB1c2VybmFtZSB0byBTSUQgYW5kIGJhY2sgc28gd2UgZ2V0IHRoZSBmdWxsIHVzZXJuYW1lIHdpdGggZG9tYWluIGluIGEgd2F5IFdNSSB1bmRlcnN0YW5kcwppZiAoJHVzZXJuYW1lIC1uZSAkbnVsbCkgewogICAgaWYgKCR1c2VybmFtZSAtZXEgIkxvY2FsU3lzdGVtIikgewogICAgICAgICR1c2VybmFtZV9zaWQgPSAiUy0xLTUtMTgiCiAgICB9IGVsc2UgewogICAgICAgICR1c2VybmFtZV9zaWQgPSBDb252ZXJ0LVRvU0lEIC1hY2NvdW50X25hbWUgJHVzZXJuYW1lCiAgICB9CgogICAgIyB0aGUgU1lTVEVNIGFjY291bnQgaXMgYSBzcGVjaWFsIGJlYXN0LCBXaW4zMl9TZXJ2aWNlIENoYW5nZSByZXF1aXJlcyBTdGFydE5hbWUgdG8gYmUgTG9jYWxTeXN0ZW0KICAgICMgdG8gc3BlY2lmeSBMb2NhbFN5c3RlbS9OVCBBVVRIT1JJVFlcU1lTVEVNCiAgICBpZiAoJHVzZXJuYW1lX3NpZCAtZXEgIlMtMS01LTE4IikgewogICAgICAgICR1c2VybmFtZSA9ICJMb2NhbFN5c3RlbSIKICAgICAgICAkcGFzc3dvcmQgPSAkbnVsbAogICAgfSBlbHNlIHsKICAgICAgICAjIFdpbjMyX1NlcnZpY2UsIHBhc3N3b3JkIG11c3QgYmUgIiIgYW5kIG5vdCAkbnVsbCB3aGVuIHNldHRpbmcgdG8gTG9jYWxTZXJ2aWNlIG9yIE5ldHdvcmtTZXJ2aWNlCiAgICAgICAgaWYgKCR1c2VybmFtZV9zaWQgLWluIEAoIlMtMS01LTE5IiwgIlMtMS01LTIwIikpIHsKICAgICAgICAgICAgJHBhc3N3b3JkID0gIiIKICAgICAgICB9CiAgICAgICAgJHVzZXJuYW1lID0gQ29udmVydC1Gcm9tU0lEIC1zaWQgJHVzZXJuYW1lX3NpZAogICAgfQp9CmlmICgkcGFzc3dvcmQgLW5lICRudWxsIC1hbmQgJHVzZXJuYW1lIC1lcSAkbnVsbCkgewogICAgRmFpbC1Kc29uICRyZXN1bHQgIlRoZSBhcmd1bWVudCAndXNlcm5hbWUnIG11c3QgYmUgc3VwcGxpZWQgd2l0aCAncGFzc3dvcmQnIgp9CmlmICgkZGVza3RvcF9pbnRlcmFjdCAtZXEgJHRydWUgLWFuZCAoLW5vdCAoJHVzZXJuYW1lIC1lcSAiTG9jYWxTeXN0ZW0iIC1vciAkdXNlcm5hbWUgLWVxICRudWxsKSkpIHsKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJDYW4gb25seSBzZXQgJ2Rlc2t0b3BfaW50ZXJhY3QnIHRvIHRydWUgd2hlbiAndXNlcm5hbWUnIGVxdWFscyAnTG9jYWxTeXN0ZW0nIgp9CmlmICgkcGF0aCAtbmUgJG51bGwpIHsKICAgICRwYXRoID0gW1N5c3RlbS5FbnZpcm9ubWVudF06OkV4cGFuZEVudmlyb25tZW50VmFyaWFibGVzKCRwYXRoKQp9CgpGdW5jdGlvbiBHZXQtU2VydmljZUluZm8oJG5hbWUpIHsKICAgICMgTmVlZCB0byBnZXQgbmV3IG9iamVjdHMgc28gd2UgaGF2ZSB0aGUgbGF0ZXN0IGluZm8KICAgICRzdmMgPSBHZXQtU2VydmljZSB8IFdoZXJlLU9iamVjdCB7ICRfLk5hbWUgLWVxICRuYW1lIC1vciAkXy5EaXNwbGF5TmFtZSAtZXEgJG5hbWUgfQogICAgJHdtaV9zdmMgPSBHZXQtQ2ltSW5zdGFuY2UgLUNsYXNzTmFtZSBXaW4zMl9TZXJ2aWNlIC1GaWx0ZXIgIm5hbWU9JyQoJHN2Yy5OYW1lKSciCgogICAgIyBEZWxheWVkIHN0YXJ0X21vZGUgaXMgaW4gcmVhbGl0eSBBdXRvbWF0aWMgKERlbGF5ZWQpLCBuZWVkIHRvIGNoZWNrIHJlZyBrZXkgZm9yIHR5cGUKICAgICRkZWxheWVkID0gR2V0LURlbGF5ZWRTdGF0dXMgLW5hbWUgJHN2Yy5OYW1lCiAgICAkYWN0dWFsX3N0YXJ0X21vZGUgPSAkd21pX3N2Yy5TdGFydE1vZGUuVG9TdHJpbmcoKS5Ub0xvd2VyKCkgCiAgICBpZiAoJGRlbGF5ZWQgLWFuZCAkYWN0dWFsX3N0YXJ0X21vZGUgLWVxICdhdXRvJykgewogICAgICAgICRhY3R1YWxfc3RhcnRfbW9kZSA9ICdkZWxheWVkJwogICAgfQoKICAgICRleGlzdGluZ19kZXBlbmRlbmNpZXMgPSBAKCkKICAgICRleGlzdGluZ19kZXBlbmRlZF9ieSA9IEAoKQogICAgaWYgKCRzdmMuU2VydmljZXNEZXBlbmRlZE9uLkNvdW50IC1ndCAwKSB7CiAgICAgICAgZm9yZWFjaCAoJGRlcGVuZGVuY3kgaW4gJHN2Yy5TZXJ2aWNlc0RlcGVuZGVkT24uTmFtZSkgewogICAgICAgICAgICAkZXhpc3RpbmdfZGVwZW5kZW5jaWVzICs9ICRkZXBlbmRlbmN5CiAgICAgICAgfQogICAgfQogICAgaWYgKCRzdmMuRGVwZW5kZW50U2VydmljZXMuQ291bnQgLWd0IDApIHsKICAgICAgICBmb3JlYWNoICgkZGVwZW5kZW5jeSBpbiAkc3ZjLkRlcGVuZGVudFNlcnZpY2VzLk5hbWUpIHsKICAgICAgICAgICAgJGV4aXN0aW5nX2RlcGVuZGVkX2J5ICs9ICRkZXBlbmRlbmN5CiAgICAgICAgfQogICAgfQogICAgJGRlc2NyaXB0aW9uID0gJHdtaV9zdmMuRGVzY3JpcHRpb24KICAgIGlmICgkZGVzY3JpcHRpb24gLWVxICRudWxsKSB7CiAgICAgICAgJGRlc2NyaXB0aW9uID0gIiIKICAgIH0KCiAgICAkcmVzdWx0LmV4aXN0cyA9ICR0cnVlCiAgICAkcmVzdWx0Lm5hbWUgPSAkc3ZjLk5hbWUKICAgICRyZXN1bHQuZGlzcGxheV9uYW1lID0gJHN2Yy5EaXNwbGF5TmFtZQogICAgJHJlc3VsdC5zdGF0ZSA9ICRzdmMuU3RhdHVzLlRvU3RyaW5nKCkuVG9Mb3dlcigpCiAgICAkcmVzdWx0LnN0YXJ0X21vZGUgPSAkYWN0dWFsX3N0YXJ0X21vZGUKICAgICRyZXN1bHQucGF0aCA9ICR3bWlfc3ZjLlBhdGhOYW1lCiAgICAkcmVzdWx0LmRlc2NyaXB0aW9uID0gJGRlc2NyaXB0aW9uCiAgICAkcmVzdWx0LnVzZXJuYW1lID0gJHdtaV9zdmMuU3RhcnROYW1lCiAgICAkcmVzdWx0LmRlc2t0b3BfaW50ZXJhY3QgPSAkd21pX3N2Yy5EZXNrdG9wSW50ZXJhY3QKICAgICRyZXN1bHQuZGVwZW5kZW5jaWVzID0gJGV4aXN0aW5nX2RlcGVuZGVuY2llcwogICAgJHJlc3VsdC5kZXBlbmRlZF9ieSA9ICRleGlzdGluZ19kZXBlbmRlZF9ieQogICAgJHJlc3VsdC5jYW5fcGF1c2VfYW5kX2NvbnRpbnVlID0gJHN2Yy5DYW5QYXVzZUFuZENvbnRpbnVlCn0KCkZ1bmN0aW9uIEdldC1XbWlFcnJvck1lc3NhZ2UoJHJldHVybl92YWx1ZSkgewogICAgIyBUaGVzZSB2YWx1ZXMgYXJlIGRlcml2ZWQgZnJvbSBodHRwczovL21zZG4ubWljcm9zb2Z0LmNvbS9lbi11cy9saWJyYXJ5L2FhMzg0OTAxKHY9dnMuODUpLmFzcHgKICAgIHN3aXRjaCAoJHJldHVybl92YWx1ZSkgewogICAgICAgIDEgeyAiTm90IFN1cHBvcnRlZDogVGhlIHJlcXVlc3QgaXMgbm90IHN1cHBvcnRlZCIgfQogICAgICAgIDIgeyAiQWNjZXNzIERlbmllZDogVGhlIHVzZXIgZGlkIG5vdCBoYXZlIHRoZSBuZWNlc3NhcnkgYWNjZXNzIiB9CiAgICAgICAgMyB7ICJEZXBlbmRlbnQgU2VydmljZXMgUnVubmluZzogVGhlIHNlcnZpY2UgY2Fubm90IGJlIHN0b3BwZWQgYmVjYXVzZSBvdGhlciBzZXJ2aWNlcyB0aGF0IGFyZSBydW5uaW5nIGFyZSBkZXBlbmRlbnQgb24gaXQiIH0KICAgICAgICA0IHsgIkludmFsaWQgU2VydmljZSBDb250cm9sOiBUaGUgcmVxdWVzdGVkIGNvbnRyb2wgY29kZSBpcyBub3QgdmFsaWQsIG9yIGl0IGlzIHVuYWNjZXB0YWJsZSB0byB0aGUgc2VydmljZSIgfQogICAgICAgIDUgeyAiU2VydmljZSBDYW5ub3QgQWNjZXB0IENvbnRyb2w6IFRoZSByZXF1ZXN0ZWQgY29udHJvbCBjb2RlIGNhbm5vdCBiZSBzZW50IHRvIHRoZSBzZXJ2aWNlIGJlY2F1c2UgdGhlIHN0YXRlIG9mIHRoZSBzZXJ2aWNlIChXaW4zMl9CYXNlU2VydmljZS5TdGF0ZSBwcm9wZXJ0eSkgaXMgZXF1YWwgdG8gMCwgMSwgb3IgMiIgfQogICAgICAgIDYgeyAiU2VydmljZSBOb3QgQWN0aXZlOiBUaGUgc2VydmljZSBoYXMgbm90IGJlZW4gc3RhcnRlZCIgfQogICAgICAgIDcgeyAiU2VydmljZSBSZXF1ZXN0IFRpbWVvdXQ6IFRoZSBzZXJ2aWNlIGRpZCBub3QgcmVzcG9uZCB0byB0aGUgc3RhcnQgcmVxdWVzdCBpbiBhIHRpbWVseSBmYXNoaW9uIiB9CiAgICAgICAgOCB7ICJVbmtub3duIEZhaWx1cmU6IFVua25vd24gZmFpbHVyZSB3aGVuIHN0YXJ0aW5nIHRoZSBzZXJ2aWNlIiB9CiAgICAgICAgOSB7ICJQYXRoIE5vdCBGb3VuZDogVGhlIGRpcmVjdG9yeSBwYXRoIHRvIHRoZSBzZXJ2aWNlIGV4ZWN1dGFibGUgZmlsZSB3YXMgbm90IGZvdW5kIiB9CiAgICAgICAgMTAgeyAiU2VydmljZSBBbHJlYWR5IFJ1bm5pbmc6IFRoZSBzZXJ2aWNlIGlzIGFscmVhZHkgcnVubmluZyIgfQogICAgICAgIDExIHsgIlNlcnZpY2UgRGF0YWJhc2UgTG9ja2VkOiBUaGUgZGF0YWJhc2UgdG8gYWRkIGEgbmV3IHNlcnZpY2UgaXMgbG9ja2VkIiB9CiAgICAgICAgMTIgeyAiU2VydmljZSBEZXBlbmRlbmN5IERlbGV0ZWQ6IEEgZGVwZW5kZW5jeSB0aGlzIHNlcnZpY2UgcmVsaWVzIG9uIGhhcyBiZWVuIHJlbW92ZWQgZnJvbSB0aGUgc3lzdGVtIiB9CiAgICAgICAgMTMgeyAiU2VydmljZSBEZXBlbmRlbmN5IEZhaWx1cmU6IFRoZSBzZXJ2aWNlIGZhaWxlZCB0byBmaW5kIHRoZSBzZXJ2aWNlIG5lZWRlZCBmcm9tIGEgZGVwZW5kZW50IHNlcnZpY2UiIH0KICAgICAgICAxNCB7ICJTZXJ2aWNlIERpc2FibGVkOiBUaGUgc2VydmljZSBoYXMgYmVlbiBkaXNhYmxlZCBmcm9tIHRoZSBzeXN0ZW0iIH0KICAgICAgICAxNSB7ICJTZXJ2aWNlIExvZ29uIEZhaWxlZDogVGhlIHNlcnZpY2UgZG9lcyBub3QgaGF2ZSB0aGUgY29ycmVjdCBhdXRoZW50aWNhdGlvbiB0byBydW4gb24gdGhlIHN5c3RlbSIgfQogICAgICAgIDE2IHsgIlNlcnZpY2UgTWFya2VkIEZvciBEZWxldGlvbjogVGhpcyBzZXJ2aWNlIGlzIGJlaW5nIHJlbW92ZWQgZnJvbSB0aGUgc3lzdGVtIiB9CiAgICAgICAgMTcgeyAiU2VydmljZSBObyBUaHJlYWQ6IFRoZSBzZXJ2aWNlIGhhcyBubyBleGVjdXRpb24gdGhyZWFkIiB9CiAgICAgICAgMTggeyAiU3RhdHVzIENpcmN1bGFyIERlcGVuZGVuY3k6IFRoZSBzZXJ2aWNlIGhhcyBjaXJjdWxhciBkZXBlbmRlbmNpZXMgd2hlbiBpdCBzdGFydHMiIH0KICAgICAgICAxOSB7ICJTdGF0dXMgRHVwbGljYXRlIE5hbWU6IEEgc2VydmljZSBpcyBydW5uaW5nIHVuZGVyIHRoZSBzYW1lIG5hbWUiIH0KICAgICAgICAyMCB7ICJTdGF0dXMgSW52YWxpZCBOYW1lOiBUaGUgc2VydmljZSBuYW1lIGhhcyBpbnZhbGlkIGNoYXJhY3RlcnMiIH0KICAgICAgICAyMSB7ICJTdGF0dXMgSW52YWxpZCBQYXJhbWV0ZXI6IEludmFsaWQgcGFyYW1ldGVycyBoYXZlIGJlZW4gcGFzc2VkIHRvIHRoZSBzZXJ2aWNlIiB9CiAgICAgICAgMjIgeyAiU3RhdHVzIEludmFsaWQgU2VydmljZSBBY2NvdW50OiBUaGUgYWNjb3VudCB1bmRlciB3aGljaCB0aGlzIHNlcnZpY2UgcnVucyBpcyBlaXRoZXIgaW52YWxpZCBvciBsYWNrcyB0aGUgcGVybWlzc2lvbnMgdG8gcnVuIHRoZSBzZXJ2aWNlIiB9CiAgICAgICAgMjMgeyAiU3RhdHVzIFNlcnZpY2UgRXhpc3RzOiBUaGUgc2VydmljZSBleGlzdHMgaW4gdGhlIGRhdGFiYXNlIG9mIHNlcnZpY2VzIGF2YWlsYWJsZSBmcm9tIHRoZSBzeXN0ZW0iIH0KICAgICAgICAyNCB7ICJTZXJ2aWNlIEFscmVhZHkgUGF1c2VkOiBUaGUgc2VydmljZSBpcyBjdXJyZW50bHkgcGF1c2VkIGluIHRoZSBzeXN0ZW0iIH0KICAgICAgICBkZWZhdWx0IHsgIk90aGVyIEVycm9yIiB9CiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1EZWxheWVkU3RhdHVzKCRuYW1lKSB7CiAgICAkZGVsYXllZF9rZXkgPSAiSEtMTTpcU3lzdGVtXEN1cnJlbnRDb250cm9sU2V0XFNlcnZpY2VzXCRuYW1lIgogICAgdHJ5IHsKICAgICAgICAkZGVsYXllZCA9IENvbnZlcnRUby1Cb29sICgoR2V0LUl0ZW1Qcm9wZXJ0eSAtTGl0ZXJhbFBhdGggJGRlbGF5ZWRfa2V5KS5EZWxheWVkQXV0b3N0YXJ0KQogICAgfSBjYXRjaCB7CiAgICAgICAgJGRlbGF5ZWQgPSAkZmFsc2UKICAgIH0KCiAgICAkZGVsYXllZAp9CgpGdW5jdGlvbiBTZXQtU2VydmljZVN0YXJ0TW9kZSgkc3ZjLCAkc3RhcnRfbW9kZSkgewogICAgaWYgKCRyZXN1bHQuc3RhcnRfbW9kZSAtbmUgJHN0YXJ0X21vZGUpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICAkZGVsYXllZF9rZXkgPSAiSEtMTTpcU3lzdGVtXEN1cnJlbnRDb250cm9sU2V0XFNlcnZpY2VzXCQoJHN2Yy5OYW1lKSIKICAgICAgICAgICAgIyBPcmlnaW5hbCBzdGFydCB1cCB0eXBlIHdhcyBhdXRvIChkZWxheWVkKSBhbmQgd2Ugd2FudCBhdXRvLCBuZWVkIHRvIHJlbW92ZWQgZGVsYXllZCBrZXkKICAgICAgICAgICAgaWYgKCRzdGFydF9tb2RlIC1lcSAnYXV0bycgLWFuZCAkcmVzdWx0LnN0YXJ0X21vZGUgLWVxICdkZWxheWVkJykgewogICAgICAgICAgICAgICAgU2V0LUl0ZW1Qcm9wZXJ0eSAtTGl0ZXJhbFBhdGggJGRlbGF5ZWRfa2V5IC1OYW1lICJEZWxheWVkQXV0b3N0YXJ0IiAtVmFsdWUgMCAtV2hhdElmOiRjaGVja19tb2RlCiAgICAgICAgICAgICMgT3JpZ2luYWwgc3RhcnQgdXAgdHlwZSB3YXMgYXV0byBhbmQgd2Ugd2FudCBhdXRvIChkZWxheWVkKSwgbmVlZCB0byBhZGQgZGVsYXllZCBrZXkKICAgICAgICAgICAgfSBlbHNlaWYgKCRzdGFydF9tb2RlIC1lcSAnZGVsYXllZCcgLWFuZCAkcmVzdWx0LnN0YXJ0X21vZGUgLWVxICdhdXRvJykgewogICAgICAgICAgICAgICAgU2V0LUl0ZW1Qcm9wZXJ0eSAtTGl0ZXJhbFBhdGggJGRlbGF5ZWRfa2V5IC1OYW1lICJEZWxheWVkQXV0b3N0YXJ0IiAtVmFsdWUgM ScriptBlock ID: 9045486e-4735-46d9-b5f7-ad029c3b19d2 Path:	4104	1		3	2	15	0	1763	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	836	4052	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:07 PM	7f70462d-725d-0003-0992-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 5): ICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICA ScriptBlock ID: 9045486e-4735-46d9-b5f7-ad029c3b19d2 Path:	4104	1		3	2	15	0	1762	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	836	4052	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:07 PM	7f70462d-725d-0003-0992-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 5): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.SID": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCkZ1bmN0aW9uIENvbnZlcnQtRnJvbVNJRCgkc2lkKSB7CiAgICAjIENvbnZlcnRzIGEgU0lEIHRvIGEgRG93bi1MZXZlbCBMb2dvbiBuYW1lIGluIHRoZSBmb3JtIG9mIERPTUFJTlxVc2VyTmFtZQogICAgIyBJZiB0aGUgU0lEIGlzIGZvciBhIGxvY2FsIHVzZXIgb3IgZ3JvdXAgdGhlbiBET01BSU4gd291bGQgYmUgdGhlIHNlcnZlcgogICAgIyBuYW1lLgoKICAgICRhY2NvdW50X29iamVjdCA9IE5ldy1PYmplY3QgU3lzdGVtLlNlY3VyaXR5LlByaW5jaXBhbC5TZWN1cml0eUlkZW50aWZpZXIoJHNpZCkKICAgIHRyeSB7CiAgICAgICAgJG50X2FjY291bnQgPSAkYWNjb3VudF9vYmplY3QuVHJhbnNsYXRlKFtTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsLk5UQWNjb3VudF0pCiAgICB9IGNhdGNoIHsKICAgICAgICBGYWlsLUpzb24gLW9iaiBAe30gLW1lc3NhZ2UgImZhaWxlZCB0byBjb252ZXJ0IHNpZCAnJHNpZCcgdG8gYSBsb2dvbiBuYW1lOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgIH0KCiAgICByZXR1cm4gJG50X2FjY291bnQuVmFsdWUKfQoKRnVuY3Rpb24gQ29udmVydC1Ub1NJRCB7CiAgICBbRGlhZ25vc3RpY3MuQ29kZUFuYWx5c2lzLlN1cHByZXNzTWVzc2FnZUF0dHJpYnV0ZSgiUFNBdm9pZFVzaW5nRW1wdHlDYXRjaEJsb2NrIiwgIiIsIEp1c3RpZmljYXRpb249IldlIGRvbid0IGNhcmUgaWYgY29udmVydGluZyB0byBhIFNJRCBmYWlscywganVzdCB0aGF0IGl0IGZhaWxlZCBvciBub3QiKV0KICAgIHBhcmFtKCRhY2NvdW50X25hbWUpCiAgICAjIENvbnZlcnRzIGFuIGFjY291bnQgbmFtZSB0byBhIFNJRCwgaXQgY2FuIHRha2UgaW4gdGhlIGZvbGxvd2luZyBmb3JtcwogICAgIyBTSUQ6IFdpbGwganVzdCByZXR1cm4gdGhlIFNJRCB2YWx1ZSB0aGF0IHdhcyBwYXNzZWQgaW4KICAgICMgVVBOOgogICAgIyAgIHByaW5jaXBhbEBkb21haW4gKERvbWFpbiB1c2VycyBvbmx5KQogICAgIyBEb3duLUxldmVsIExvZ2luIE5hbWUKICAgICMgICBET01BSU5ccHJpbmNpcGFsIChEb21haW4pCiAgICAjICAgU0VSVkVSTkFNRVxwcmluY2lwYWwgKExvY2FsKQogICAgIyAgIC5ccHJpbmNpcGFsIChMb2NhbCkKICAgICMgICBOVCBBVVRIT1JJVFlcU1lTVEVNIChMb2NhbCBTZXJ2aWNlIEFjY291bnRzKQogICAgIyBMb2dpbiBOYW1lCiAgICAjICAgcHJpbmNpcGFsIChMb2NhbC9Mb2NhbCBTZXJ2aWNlIEFjY291bnRzKQoKICAgIHRyeSB7CiAgICAgICAgJHNpZCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5QcmluY2lwYWwuU2VjdXJpdHlJZGVudGlmaWVyIC1Bcmd1bWVudExpc3QgJGFjY291bnRfbmFtZQogICAgICAgIHJldHVybiAkc2lkLlZhbHVlCiAgICB9IGNhdGNoIHt9CgogICAgaWYgKCRhY2NvdW50X25hbWUgLWxpa2UgIipcKiIpIHsKICAgICAgICAkYWNjb3VudF9uYW1lX3NwbGl0ID0gJGFjY291bnRfbmFtZSAtc3BsaXQgIlxcIgogICAgICAgIGlmICgkYWNjb3VudF9uYW1lX3NwbGl0WzBdIC1lcSAiLiIpIHsKICAgICAgICAgICAgJGRvbWFpbiA9ICRlbnY6Q09NUFVURVJOQU1FCiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJGRvbWFpbiA9ICRhY2NvdW50X25hbWVfc3BsaXRbMF0KICAgICAgICB9CiAgICAgICAgJHVzZXJuYW1lID0gJGFjY291bnRfbmFtZV9zcGxpdFsxXQogICAgfSBlbHNlaWYgKCRhY2NvdW50X25hbWUgLWxpa2UgIipAKiIpIHsKICAgICAgICAkYWNjb3VudF9uYW1lX3NwbGl0ID0gJGFjY291bnRfbmFtZSAtc3BsaXQgIkAiCiAgICAgICAgJGRvbWFpbiA9ICRhY2NvdW50X25hbWVfc3BsaXRbMV0KICAgICAgICAkdXNlcm5hbWUgPSAkYWNjb3VudF9uYW1lX3NwbGl0WzBdCiAgICB9IGVsc2UgewogICAgICAgICRkb21haW4gPSAkbnVsbAogICAgICAgICR1c2VybmFtZSA9ICRhY2NvdW50X25hbWUKICAgIH0KCiAgICBpZiAoJGRvbWFpbikgewogICAgICAgICMgc2VhcmNoaW5nIGZvciBhIGxvY2FsIGdyb3VwIHdpdGggdGhlIHNlcnZlcm5hbWUgcHJlZml4ZWQgd2lsbCBmYWlsLAogICAgICAgICMgbmVlZCB0byBjaGVjayBmb3IgdGhpcyBzaXR1YXRpb24gYW5kIG9ubHkgdXNlIE5UQWNjb3VudChTdHJpbmcpCiAgICAgICAgaWYgKCRkb21haW4gLWVxICRlbnY6Q09NUFVURVJOQU1FKSB7CiAgICAgICAgICAgICRhZHNpID0gW0FEU0ldKCJXaW5OVDovLyRlbnY6Q09NUFVURVJOQU1FLGNvbXB1dGVyIikKICAgICAgICAgICAgJGdyb3VwID0gJGFkc2kucHNiYXNlLmNoaWxkcmVuIHwgV2hlcmUtT2JqZWN0IHsgJF8uc2NoZW1hQ2xhc3NOYW1lIC1lcSAiZ3JvdXAiIC1hbmQgJF8uTmFtZSAtZXEgJHVzZXJuYW1lIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZ3JvdXAgPSAkbnVsbAogICAgICAgIH0KICAgICAgICBpZiAoJGdyb3VwKSB7CiAgICAgICAgICAgICRhY2NvdW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsLk5UQWNjb3VudCgkdXNlcm5hbWUpCiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJGFjY291bnQgPSBOZXctT2JqZWN0IFN5c3RlbS5TZWN1cml0eS5QcmluY2lwYWwuTlRBY2NvdW50KCRkb21haW4sICR1c2VybmFtZSkKICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICMgd2hlbiBpbiBhIGRvbWFpbiBOVEFjY291bnQoU3RyaW5nKSB3aWxsIGZhdm91ciBkb21haW4gbG9va3VwcyBjaGVjawogICAgICAgICMgaWYgdXNlcm5hbWUgaXMgYSBsb2NhbCB1c2VyIGFuZCBleHBsaWN0bHkgc2VhcmNoIG9uIHRoZSBsb2NhbGhvc3QgZm9yCiAgICAgICAgIyB0aGF0IGFjY291bnQKICAgICAgICAkYWRzaSA9IFtBRFNJXSgiV2luTlQ6Ly8kZW52OkNPTVBVVEVSTkFNRSxjb21wdXRlciIpCiAgICAgICAgJHVzZXIgPSAkYWRzaS5wc2Jhc2UuY2hpbGRyZW4gfCBXaGVyZS1PYmplY3QgeyAkXy5zY2hlbWFDbGFzc05hbWUgLWVxICJ1c2VyIiAtYW5kICRfLk5hbWUgLWVxICR1c2VybmFtZSB9CiAgICAgICAgaWYgKCR1c2VyKSB7CiAgICAgICAgICAgICRhY2NvdW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsLk5UQWNjb3VudCgkZW52OkNPTVBVVEVSTkFNRSwgJHVzZXJuYW1lKQogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICRhY2NvdW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsLk5UQWNjb3VudCgkdXNlcm5hbWUpCiAgICAgICAgfQogICAgfQogICAgCiAgICB0cnkgewogICAgICAgICRhY2NvdW50X3NpZCA9ICRhY2NvdW50LlRyYW5zbGF0ZShbU3lzdGVtLlNlY3VyaXR5LlByaW5jaXBhbC5TZWN1cml0eUlkZW50aWZpZXJdKQogICAgfSBjYXRjaCB7CiAgICAgICAgRmFpbC1Kc29uIEB7fSAiYWNjb3VudF9uYW1lICRhY2NvdW50X25hbWUgaXMgbm90IGEgdmFsaWQgYWNjb3VudCwgY2Fubm90IGdldCBTSUQ6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgfQogICAgCiAgICByZXR1cm4gJGFjY291bnRfc2lkLlZhbHVlCn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsK ScriptBlock ID: 9045486e-4735-46d9-b5f7-ad029c3b19d2 Path:	4104	1		3	2	15	0	1761	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	836	4052	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:07 PM	7f70462d-725d-0003-0992-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1760	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	836	4916	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:07 PM	7f70462d-725d-0002-8990-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 836 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1759	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	836	4476	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:07 PM	7f70462d-725d-0002-8990-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1758	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	836	4916	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:07 PM	7f70462d-725d-0002-8990-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: c0ee5cdb-b18d-4182-801a-45bb33bf0924 Path:	4104	1		3	2	15	0	1757	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2288	4432	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:05 PM	7f70462d-725d-0001-d454-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: f561ae6c-22eb-445a-a73a-1dce5ad83674 Path:	4104	1		3	2	15	0	1756	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2288	4432	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:05 PM	7f70462d-725d-0004-e56a-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): AKCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VEZXNrdG9wSW50ZXJhY3QoJHdtaV9zdmMsICRkZXNrdG9wX2ludGVyYWN0KSB7CiAgICBpZiAoJHJlc3VsdC5kZXNrdG9wX2ludGVyYWN0IC1uZSAkZGVza3RvcF9pbnRlcmFjdCkgewogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICRyZXR1cm4gPSAkd21pX3N2YyB8IEludm9rZS1DaW1NZXRob2QgLU1ldGhvZE5hbWUgQ2hhbmdlIC1Bcmd1bWVudHMgQHtEZXNrdG9wSW50ZXJhY3QgPSAkZGVza3RvcF9pbnRlcmFjdH0KICAgICAgICAgICAgaWYgKCRyZXR1cm4uUmV0dXJuVmFsdWUgLW5lIDApIHsKICAgICAgICAgICAgICAgICRlcnJvcl9tc2cgPSBHZXQtV21pRXJyb3JNZXNzYWdlIC1yZXR1cm5fdmFsdWUgJHJldHVybi5SZXR1cm5WYWx1ZQogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRmFpbGVkIHRvIHNldCBkZXNrdG9wIGludGVyYWN0ICQoJGRlc2t0b3BfaW50ZXJhY3QpOiAkKCRyZXR1cm4uUmV0dXJuVmFsdWUpIC0gJGVycm9yX21zZyIKICAgICAgICAgICAgfQogICAgICAgIH0KCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VEaXNwbGF5TmFtZSgkc3ZjLCAkZGlzcGxheV9uYW1lKSB7CiAgICBpZiAoJHJlc3VsdC5kaXNwbGF5X25hbWUgLW5lICRkaXNwbGF5X25hbWUpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICAkc3ZjIHwgU2V0LVNlcnZpY2UgLURpc3BsYXlOYW1lICRkaXNwbGF5X25hbWUgLVdoYXRJZjokY2hlY2tfbW9kZQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAkXy5FeGNlcHRpb24uTWVzc2FnZQogICAgICAgIH0KICAgICAgICAKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQp9CgpGdW5jdGlvbiBTZXQtU2VydmljZURlc2NyaXB0aW9uKCRzdmMsICRkZXNjcmlwdGlvbikgewogICAgaWYgKCRyZXN1bHQuZGVzY3JpcHRpb24gLW5lICRkZXNjcmlwdGlvbikgewogICAgICAgIHRyeSB7CiAgICAgICAgICAgICRzdmMgfCBTZXQtU2VydmljZSAtRGVzY3JpcHRpb24gJGRlc2NyaXB0aW9uIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICB9CiAgICAgICAgCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VQYXRoKCRuYW1lLCAkcGF0aCkgewogICAgaWYgKCRyZXN1bHQucGF0aCAtbmUgJHBhdGgpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICBTZXQtSXRlbVByb3BlcnR5IC1MaXRlcmFsUGF0aCAiSEtMTTpcU3lzdGVtXEN1cnJlbnRDb250cm9sU2V0XFNlcnZpY2VzXCRuYW1lIiAtTmFtZSBJbWFnZVBhdGggLVZhbHVlICRwYXRoIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICB9CiAgICAgICAgCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VEZXBlbmRlbmNpZXMoJHdtaV9zdmMsICRkZXBlbmRlbmN5X2FjdGlvbiwgJGRlcGVuZGVuY2llcykgewogICAgJGV4aXN0aW5nX2RlcGVuZGVuY2llcyA9ICRyZXN1bHQuZGVwZW5kZW5jaWVzCiAgICBbU3lzdGVtLkNvbGxlY3Rpb25zLkFycmF5TGlzdF0kbmV3X2RlcGVuZGVuY2llcyA9IEAoKQoKICAgIGlmICgkZGVwZW5kZW5jeV9hY3Rpb24gLWVxICdzZXQnKSB7CiAgICAgICAgZm9yZWFjaCAoJGRlcGVuZGVuY3kgaW4gJGRlcGVuZGVuY2llcykgewogICAgICAgICAgICAkbmV3X2RlcGVuZGVuY2llcy5BZGQoJGRlcGVuZGVuY3kpCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkbmV3X2RlcGVuZGVuY2llcyA9ICRleGlzdGluZ19kZXBlbmRlbmNpZXMKICAgICAgICBmb3JlYWNoICgkZGVwZW5kZW5jeSBpbiAkZGVwZW5kZW5jaWVzKSB7CiAgICAgICAgICAgIGlmICgkZGVwZW5kZW5jeV9hY3Rpb24gLWVxICdyZW1vdmUnKSB7CiAgICAgICAgICAgICAgICBpZiAoJG5ld19kZXBlbmRlbmNpZXMgLWNvbnRhaW5zICRkZXBlbmRlbmN5KSB7CiAgICAgICAgICAgICAgICAgICAgJG5ld19kZXBlbmRlbmNpZXMuUmVtb3ZlKCRkZXBlbmRlbmN5KQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9IGVsc2VpZiAoJGRlcGVuZGVuY3lfYWN0aW9uIC1lcSAnYWRkJykgewogICAgICAgICAgICAgICAgaWYgKCRuZXdfZGVwZW5kZW5jaWVzIC1ub3Rjb250YWlucyAkZGVwZW5kZW5jeSkgewogICAgICAgICAgICAgICAgICAgICRuZXdfZGVwZW5kZW5jaWVzLkFkZCgkZGVwZW5kZW5jeSkKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KCiAgICAkd2lsbF9jaGFuZ2UgPSAkZmFsc2UKICAgIGZvcmVhY2ggKCRkZXBlbmRlbmN5IGluICRuZXdfZGVwZW5kZW5jaWVzKSB7CiAgICAgICAgaWYgKCRleGlzdGluZ19kZXBlbmRlbmNpZXMgLW5vdGNvbnRhaW5zICRkZXBlbmRlbmN5KSB7CiAgICAgICAgICAgICR3aWxsX2NoYW5nZSA9ICR0cnVlCiAgICAgICAgfQogICAgfQogICAgZm9yZWFjaCAoJGRlcGVuZGVuY3kgaW4gJGV4aXN0aW5nX2RlcGVuZGVuY2llcykgewogICAgICAgIGlmICgkbmV3X2RlcGVuZGVuY2llcyAtbm90Y29udGFpbnMgJGRlcGVuZGVuY3kpIHsKICAgICAgICAgICAgJHdpbGxfY2hhbmdlID0gJHRydWUKICAgICAgICB9CiAgICB9CgogICAgaWYgKCR3aWxsX2NoYW5nZSAtZXEgJHRydWUpIHsKICAgICAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSkgewogICAgICAgICAgICAkcmV0dXJuID0gJHdtaV9zdmMgfCBJbnZva2UtQ2ltTWV0aG9kIC1NZXRob2ROYW1lIENoYW5nZSAtQXJndW1lbnRzIEB7U2VydmljZURlcGVuZGVuY2llcyA9ICRuZXdfZGVwZW5kZW5jaWVzfQogICAgICAgICAgICBpZiAoJHJldHVybi5SZXR1cm5WYWx1ZSAtbmUgMCkgewogICAgICAgICAgICAgICAgJGVycm9yX21zZyA9IEdldC1XbWlFcnJvck1lc3NhZ2UgLXJldHVybl92YWx1ZSAkcmV0dXJuLlJldHVyblZhbHVlCiAgICAgICAgICAgICAgICAkZGVwX3N0cmluZyA9ICRuZXdfZGVwZW5kZW5jaWVzIC1qb2luICIsICIKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBzZXQgc2VydmljZSBkZXBlbmRlbmNpZXMgJCgkZGVwX3N0cmluZyk6ICQoJHJldHVybi5SZXR1cm5WYWx1ZSkgLSAkZXJyb3JfbXNnIgogICAgICAgICAgICB9CiAgICAgICAgfQogICAgICAgIAogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIFNldC1TZXJ2aWNlU3RhdGUoJHN2YywgJHdtaV9zdmMsICRzdGF0ZSkgewogICAgaWYgKCRzdGF0ZSAtZXEgInN0YXJ0ZWQiIC1hbmQgJHJlc3VsdC5zdGF0ZSAtbmUgInJ1bm5pbmciKSB7CiAgICAgICAgaWYgKCRyZXN1bHQuc3RhdGUgLWVxICJwYXVzZWQiKSB7CiAgICAgICAgICAgIHRyeSB7CiAgICAgICAgICAgICAgICAkc3ZjIHwgUmVzdW1lLVNlcnZpY2UgLVdoYXRJZjokY2hlY2tfbW9kZQogICAgICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJmYWlsZWQgdG8gc3RhcnQgc2VydmljZSBmcm9tIHBhdXNlZCBzdGF0ZSAkKCRzdmMuTmFtZSk6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgdHJ5IHsKICAgICAgICAgICAgICAgICRzdmMgfCBTdGFydC1TZXJ2aWNlIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAkXy5FeGNlcHRpb24uTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfQogICAgICAgIAogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgaWYgKCRzdGF0ZSAtZXEgInN0b3BwZWQiIC1hbmQgJHJlc3VsdC5zdGF0ZSAtbmUgInN0b3BwZWQiKSB7CiAgICAgICAgdHJ5IHsKICAgICAgICAgICAgJHN2YyB8IFN0b3AtU2VydmljZSAtRm9yY2U6JGZvcmNlX2RlcGVuZGVudF9zZXJ2aWNlcyAtV2hhdElmOiRjaGVja19tb2RlCiAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICRfLkV4Y2VwdGlvbi5NZXNzYWdlCiAgICAgICAgfQogICAgICAgIAogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgaWYgKCRzdGF0ZSAtZXEgInJlc3RhcnRlZCIpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICAkc3ZjIHwgUmVzdGFydC1TZXJ2aWNlIC1Gb3JjZTokZm9yY2VfZGVwZW5kZW50X3NlcnZpY2VzIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICB9CiAgICAgICAgCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KCiAgICBpZiAoJHN0YXRlIC1lcSAicGF1c2VkIiAtYW5kICRyZXN1bHQuc3RhdGUgLW5lICJwYXVzZWQiKSB7CiAgICAgICAgIyBjaGVjayB0aGF0IHdlIGNhbiBhY3R1YWxseSBwYXVzZSB0aGUgc2VydmljZQogICAgICAgIGlmICgkcmVzdWx0LmNhbl9wYXVzZV9hbmRfY29udGludWUgLWVxICRmYWxzZSkgewogICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAiZmFpbGVkIHRvIHBhdXNlIHNlcnZpY2UgJCgkc3ZjLk5hbWUpOiBUaGUgc2VydmljZSBkb2VzIG5vdCBzdXBwb3J0IHBhdXNpbmciCiAgICAgICAgfQoKICAgICAgICB0cnkgewogICAgICAgICAgICAkc3ZjIHwgU3VzcGVuZC1TZXJ2aWNlIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgImZhaWxlZCB0byBwYXVzZSBzZXJ2aWNlICQoJHN2Yy5OYW1lKTogJCgkXy5FeGNlcHRpb24uTWVzc2FnZSkiCiAgICAgICAgfQogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgaWYgKCRzdGF0ZSAtZXEgImFic2VudCIpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICAkc3ZjIHwgU3RvcC1TZXJ2aWNlIC1Gb3JjZTokZm9yY2VfZGVwZW5kZW50X3NlcnZpY2VzIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICB9CiAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgJHJldHVybiA9ICR3bWlfc3ZjIHwgSW52b2tlLUNpbU1ldGhvZCAtTWV0aG9kTmFtZSBEZWxldGUKICAgICAgICAgICAgaWYgKCRyZXR1cm4uUmV0dXJuVmFsdWUgLW5lIDApIHsKICAgICAgICAgICAgICAgICRlcnJvcl9tc2cgPSBHZXQtV21pRXJyb3JNZXNzYWdlIC1yZXR1cm5fdmFsdWUgJHJldHVybi5SZXR1cm5WYWx1ZQogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRmFpbGVkIHRvIGRlbGV0ZSBzZXJ2aWNlICQoJHN2Yy5OYW1lKTogJCgkcmV0dXJuLlJldHVyblZhbHVlKSAtICRlcnJvcl9tc2ciCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VDb25maWd1cmF0aW9uKCRzdmMpIHsKICAgICR3bWlfc3ZjID0gR2V0LUNpbUluc3RhbmNlIC1DbGFzc05hbWUgV2luMzJfU2VydmljZSAtRmlsdGVyICJuYW1lPSckKCRzdmMuTmFtZSknIgogICAgR2V0LVNlcnZpY2VJbmZvIC1uYW1lICRzdmMuTmFtZQogICAgaWYgKCRkZXNrdG9wX2ludGVyYWN0IC1lcSAkdHJ1ZSAtYW5kICgtbm90ICgkcmVzdWx0LnVzZXJuYW1lIC1lcSAnTG9jYWxTeXN0ZW0nIC1vciAkdXNlcm5hbWUgLWVxICdMb2NhbFN5c3RlbScpKSkgewogICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJDYW4gb25seSBzZXQgZGVza3RvcF9pbnRlcmFjdCB0byB0cnVlIHdoZW4gc2VydmljZSBpcyBydW4gd2l0aC9vciAndXNlcm5hbWUnIGVxdWFscyAnTG9jYWxTeXN0ZW0nIgogICAgfQoKICAgIGlmICgkc3RhcnRfbW9kZSAtbmUgJG51bGwpIHsKICAgICAgICBTZXQtU2VydmljZVN0YXJ0TW9kZSAtc3ZjICRzdmMgLXN0YXJ0X21vZGUgJHN0YXJ0X21vZGUKICAgIH0KCiAgICBpZiAoJHVzZXJuYW1lIC1uZSAkbnVsbCkgewogICAgICAgIFNldC1TZXJ2aWNlQWNjb3VudCAtd21pX3N2YyAkd21pX3N2YyAtdXNlcm5hbWVfc2lkICR1c2VybmFtZV9zaWQgLXVzZXJuYW1lICR1c2VybmFtZSAtcGFzc3dvcmQgJHBhc3N3b3JkCiAgICB9CgogICAgaWYgKCRkaXNwbGF5X25hbWUgLW5lICRudWxsKSB7CiAgICAgICAgU2V0LVNlcnZpY2VEaXNwbGF5TmFtZSAtc3ZjICRzdmMgLWRpc3BsYXlfbmFtZSAkZGlzcGxheV9uYW1lCiAgICB9CgogICAgaWYgKCRkZXNrdG9wX2ludGVyYWN0IC1uZSAkbnVsbCkgewogICAgICAgIFNldC1TZXJ2aWNlRGVza3RvcEludGVyYWN0IC13bWlfc3ZjICR3bWlfc3ZjIC1kZXNrdG9wX2ludGVyYWN0ICRkZXNrdG9wX2ludGVyYWN0CiAgICB9CgogICAgaWYgKCRkZXNjcmlwdGlvbiAtbmUgJG51bGwpIHsKICAgICAgICBTZXQtU2VydmljZURlc2NyaXB0aW9uIC1zdmMgJHN2YyAtZGVzY3JpcHRpb24gJGRlc2NyaXB0aW9uCiAgICB9CgogICAgaWYgKCRwYXRoIC1uZSAkbnVsbCkgewogICAgICAgIFNldC1TZXJ2aWNlUGF0aCAtbmFtZSAkc3ZjLk5hbWUgLXBhdGggJHBhdGgKICAgIH0KCiAgICBpZiAoJGRlcGVuZGVuY2llcyAtbmUgJG51bGwpIHsKICAgICAgICBTZXQtU2VydmljZURlcGVuZGVuY2llcyAtd21pX3N2YyAkd21pX3N2YyAtZGVwZW5kZW5jeV9hY3Rpb24gJGRlcGVuZGVuY3lfYWN0aW9uIC1kZXBlbmRlbmNpZXMgJGRlcGVuZGVuY2llcwogICAgfQoKICAgIGlmICgkc3RhdGUgLW5lICRudWxsKSB7CiAgICAgICAgU2V0LVNlcnZpY2VTdGF0ZSAtc3ZjICRzdmMgLXdtaV9zdmMgJHdtaV9zdmMgLXN0YXRlICRzdGF0ZQogICAgfQp9CgojIG5lZWQgdG8gdXNlIFdoZXJlLU9iamVjdCBhcyAtTmFtZSBkb2Vzbid0IHdvcmsgd2l0aCBbXSBpbiB0aGUgc2VydmljZSBuYW1lCiMgaHR0cHM6Ly9naXRodWIuY29tL2Fuc2libGUvYW5zaWJsZS9pc3N1ZXMvMzc2MjEKJHN2YyA9IEdldC1TZXJ2aWNlIHwgV2hlcmUtT2JqZWN0IHsgJF8uTmFtZSAtZXEgJG5hbWUgLW9yICRfLkRpc3BsYXlOYW1lIC1lcSAkbmFtZSB9CmlmICgkc3ZjKSB7CiAgICBTZXQtU2VydmljZUNvbmZpZ3VyYXRpb24gLXN2YyAkc3ZjCn0gZWxzZSB7CiAgICAkcmVzdWx0LmV4aXN0cyA9ICRmYWxzZQogICAgaWYgKCRzdGF0ZSAtbmUgJ2Fic2VudCcpIHsKICAgICAgICAjIENoZWNrIGlmIHBhdGggaXMgZGVmaW5lZCwgaWYgc28gY3JlYXRlIHRoZSBzZXJ2aWNlCiAgICAgICAgaWYgKCRwYXRoIC1uZSAkbnVsbCkgewogICAgICAgICAgICB0cnkgewogICAgICAgICAgICAgICAgTmV3LVNlcnZpY2UgLU5hbWUgJG5hbWUgLUJpbmFyeVBhdGhuYW1lICRwYXRoIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAkXy5FeGNlcHRpb24uTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCgogICAgICAgICAgICAkc3ZjID0gR2V0LVNlcnZpY2UgfCBXaGVyZS1PYmplY3QgeyAkXy5OYW1lIC1lcSAkbmFtZSB9CiAgICAgICAgICAgIFNldC1TZXJ2aWNlQ29uZmlndXJhdGlvbiAtc3ZjICRzdmMKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAjIFdlIHdpbGwgb25seSByZWFjaCBoZXJlIGlmIHRoZSBzZXJ2aWNlIGlzIGluc3RhbGxlZCBhbmQgdGhlIHN0YXRlIGlzIG5vdCBhYnNlbnQKICAgICAgICAgICAgIyBXaWxsIGNoZWNrIGlmIGFueSBvZiB0aGUgZGVmYXVsdCBhY3Rpb25zIGFyZSBzZXQgYW5kIGZhaWwgYXMgd2UgY2Fubm90IGFjdGlvbiBpdAogICAgICAgICAgICBpZiAoJHN0YXJ0X21vZGUgLW5lICRudWxsIC1vcgogICAgICAgICAgICAgICAgJHN0YXRlIC1uZSAkbnVsbCAtb3IKICAgICAgICAgICAgICAgICR1c2VybmFtZSAtbmUgJG51bGwgLW9yCiAgICAgICAgICAgICAgICAkcGFzc3dvcmQgLW5lICRudWxsIC1vcgogICAgICAgICAgICAgICAgJGRpc3BsYXlfbmFtZSAtbmUgJG51bGwgLW9yCiAgICAgICAgICAgICAgICAkZGVzY3JpcHRpb24gLW5lICRudWxsIC1vcgogICAgICAgICAgICAgICAgJGRlc2t0b3BfaW50ZXJhY3QgLW5lICRmYWxzZSAtb3IKICAgICAgICAgICAgICAgICRkZXBlbmRlbmNpZXMgLW5lICRudWxsIC1vcgogICAgICAgICAgICAgICAgJGRlcGVuZGVuY3lfYWN0aW9uIC1uZSAnc2V0JykgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJTZXJ2aWNlICckbmFtZScgaXMgbm90IGluc3RhbGxlZCwgbmVlZCB0byBzZXQgJ3BhdGgnIHRvIGNyZWF0ZSBhIG5ldyBzZXJ2aWNlIgogICAgICAgICAgICB9CiAgICAgICAgfQogICAgfQp9CgojIEFmdGVyIG1ha2luZyBhIGNoYW5nZSwgbGV0J3MgZ2V0IHRoZSBzZXJ2aWNlIGluZm8gYWdhaW4gdW5sZXNzIHdlIGRlbGV0ZWQgaXQKaWYgKCRzdGF0ZSAtZXEgJ2Fic2VudCcpIHsKICAgICMgUmVjcmVhdGUgcmVzdWx0IHNvIGl0IGRvZXNuJ3QgaGF2ZSB0aGUgZXh0cmEgbWV0YSBkYXRhIG5vdyB0aGF0IGlzIGhhcyBiZWVuIGRlbGV0ZWQKICAgICRjaGFuZ2VkID0gJHJlc3VsdC5jaGFuZ2VkCiAgICAkcmVzdWx0ID0gQHsKICAgICAgICBjaGFuZ2VkID0gJGNoYW5nZWQKICAgICAgICBleGlzdHMgPSAkZmFsc2UKICAgIH0KfSBlbHNlaWYgKCRzdmMgLW5lICRudWxsKSB7CiAgICBHZXQtU2VydmljZUluZm8gLW5hbWUgJG5hbWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "_ansible_check_mode": false, "display_name": "cinder-backup", "_ansible_module_name": "win_service", "state": "started", "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "username": "LocalSystem", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "description": "OpenStack Cinder Backup Service", "_ansible_syslog_facility": "LOG_USER", "_ansible_keep_remote_files": false, "_ansible_socket": null, "path": "c:\\openstack\\bin\\OpenStackService.exe cinder-backup c:\\python37\\scripts\\cinder-backup.exe --config-file c:\\openstack\\etc\\cinder-backup.conf", "password": "", "_ansible_no_log": false, "name": "cinder-backup", "start_mode": "auto", "_ansible_verbosity": 2, "_ansible_diff": false, "_ansible_remote_tmp": "%TEMP%", "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 2967aad3-be3f-426e-a5d9-c5b9f66a6718 Path:	4104	1		3	2	15	0	1755	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2288	4432	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:05 PM	7f70462d-725d-0002-6790-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): ICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTQsIENocmlzIEhvZmZtYW4gPGNob2ZmbWFuQGNoYXRoYW1maW5hbmNpYWwuY29tPgojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5TSUQKCiRFcnJvckFjdGlvblByZWZlcmVuY2UgPSAiU3RvcCIKCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCiRjaGVja19tb2RlID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgJ19hbnNpYmxlX2NoZWNrX21vZGUnIC10eXBlICdib29sJyAtZGVmYXVsdCAkZmFsc2UKCiRkZXBlbmRlbmNpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnZGVwZW5kZW5jaWVzJyAtdHlwZSAnbGlzdCcgLWRlZmF1bHQgJG51bGwKJGRlcGVuZGVuY3lfYWN0aW9uID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgJ2RlcGVuZGVuY3lfYWN0aW9uJyAtdHlwZSAnc3RyJyAtZGVmYXVsdCAnc2V0JyAtdmFsaWRhdGVzZXQgJ2FkZCcsJ3JlbW92ZScsJ3NldCcgCiRkZXNjcmlwdGlvbiA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICdkZXNjcmlwdGlvbicgLXR5cGUgJ3N0cicKJGRlc2t0b3BfaW50ZXJhY3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnZGVza3RvcF9pbnRlcmFjdCcgLXR5cGUgJ2Jvb2wnIC1kZWZhdWx0ICRmYWxzZQokZGlzcGxheV9uYW1lID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgJ2Rpc3BsYXlfbmFtZScgLXR5cGUgJ3N0cicKJGZvcmNlX2RlcGVuZGVudF9zZXJ2aWNlcyA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICdmb3JjZV9kZXBlbmRlbnRfc2VydmljZXMnIC10eXBlICdib29sJyAtZGVmYXVsdCAkZmFsc2UKJG5hbWUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnbmFtZScgLXR5cGUgJ3N0cicgLWZhaWxpZmVtcHR5ICR0cnVlCiRwYXNzd29yZCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICdwYXNzd29yZCcgLXR5cGUgJ3N0cicKJHBhdGggPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAncGF0aCcKJHN0YXJ0X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnc3RhcnRfbW9kZScgLXR5cGUgJ3N0cicgLXZhbGlkYXRlc2V0ICdhdXRvJywnbWFudWFsJywnZGlzYWJsZWQnLCdkZWxheWVkJwokc3RhdGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnc3RhdGUnIC10eXBlICdzdHInIC12YWxpZGF0ZXNldCAnc3RhcnRlZCcsJ3N0b3BwZWQnLCdyZXN0YXJ0ZWQnLCdhYnNlbnQnLCdwYXVzZWQnCiR1c2VybmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICd1c2VybmFtZScgLXR5cGUgJ3N0cicKCiRyZXN1bHQgPSBAewogICAgY2hhbmdlZCA9ICRmYWxzZQp9CgojIHBhcnNlIHRoZSB1c2VybmFtZSB0byBTSUQgYW5kIGJhY2sgc28gd2UgZ2V0IHRoZSBmdWxsIHVzZXJuYW1lIHdpdGggZG9tYWluIGluIGEgd2F5IFdNSSB1bmRlcnN0YW5kcwppZiAoJHVzZXJuYW1lIC1uZSAkbnVsbCkgewogICAgaWYgKCR1c2VybmFtZSAtZXEgIkxvY2FsU3lzdGVtIikgewogICAgICAgICR1c2VybmFtZV9zaWQgPSAiUy0xLTUtMTgiCiAgICB9IGVsc2UgewogICAgICAgICR1c2VybmFtZV9zaWQgPSBDb252ZXJ0LVRvU0lEIC1hY2NvdW50X25hbWUgJHVzZXJuYW1lCiAgICB9CgogICAgIyB0aGUgU1lTVEVNIGFjY291bnQgaXMgYSBzcGVjaWFsIGJlYXN0LCBXaW4zMl9TZXJ2aWNlIENoYW5nZSByZXF1aXJlcyBTdGFydE5hbWUgdG8gYmUgTG9jYWxTeXN0ZW0KICAgICMgdG8gc3BlY2lmeSBMb2NhbFN5c3RlbS9OVCBBVVRIT1JJVFlcU1lTVEVNCiAgICBpZiAoJHVzZXJuYW1lX3NpZCAtZXEgIlMtMS01LTE4IikgewogICAgICAgICR1c2VybmFtZSA9ICJMb2NhbFN5c3RlbSIKICAgICAgICAkcGFzc3dvcmQgPSAkbnVsbAogICAgfSBlbHNlIHsKICAgICAgICAjIFdpbjMyX1NlcnZpY2UsIHBhc3N3b3JkIG11c3QgYmUgIiIgYW5kIG5vdCAkbnVsbCB3aGVuIHNldHRpbmcgdG8gTG9jYWxTZXJ2aWNlIG9yIE5ldHdvcmtTZXJ2aWNlCiAgICAgICAgaWYgKCR1c2VybmFtZV9zaWQgLWluIEAoIlMtMS01LTE5IiwgIlMtMS01LTIwIikpIHsKICAgICAgICAgICAgJHBhc3N3b3JkID0gIiIKICAgICAgICB9CiAgICAgICAgJHVzZXJuYW1lID0gQ29udmVydC1Gcm9tU0lEIC1zaWQgJHVzZXJuYW1lX3NpZAogICAgfQp9CmlmICgkcGFzc3dvcmQgLW5lICRudWxsIC1hbmQgJHVzZXJuYW1lIC1lcSAkbnVsbCkgewogICAgRmFpbC1Kc29uICRyZXN1bHQgIlRoZSBhcmd1bWVudCAndXNlcm5hbWUnIG11c3QgYmUgc3VwcGxpZWQgd2l0aCAncGFzc3dvcmQnIgp9CmlmICgkZGVza3RvcF9pbnRlcmFjdCAtZXEgJHRydWUgLWFuZCAoLW5vdCAoJHVzZXJuYW1lIC1lcSAiTG9jYWxTeXN0ZW0iIC1vciAkdXNlcm5hbWUgLWVxICRudWxsKSkpIHsKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJDYW4gb25seSBzZXQgJ2Rlc2t0b3BfaW50ZXJhY3QnIHRvIHRydWUgd2hlbiAndXNlcm5hbWUnIGVxdWFscyAnTG9jYWxTeXN0ZW0nIgp9CmlmICgkcGF0aCAtbmUgJG51bGwpIHsKICAgICRwYXRoID0gW1N5c3RlbS5FbnZpcm9ubWVudF06OkV4cGFuZEVudmlyb25tZW50VmFyaWFibGVzKCRwYXRoKQp9CgpGdW5jdGlvbiBHZXQtU2VydmljZUluZm8oJG5hbWUpIHsKICAgICMgTmVlZCB0byBnZXQgbmV3IG9iamVjdHMgc28gd2UgaGF2ZSB0aGUgbGF0ZXN0IGluZm8KICAgICRzdmMgPSBHZXQtU2VydmljZSB8IFdoZXJlLU9iamVjdCB7ICRfLk5hbWUgLWVxICRuYW1lIC1vciAkXy5EaXNwbGF5TmFtZSAtZXEgJG5hbWUgfQogICAgJHdtaV9zdmMgPSBHZXQtQ2ltSW5zdGFuY2UgLUNsYXNzTmFtZSBXaW4zMl9TZXJ2aWNlIC1GaWx0ZXIgIm5hbWU9JyQoJHN2Yy5OYW1lKSciCgogICAgIyBEZWxheWVkIHN0YXJ0X21vZGUgaXMgaW4gcmVhbGl0eSBBdXRvbWF0aWMgKERlbGF5ZWQpLCBuZWVkIHRvIGNoZWNrIHJlZyBrZXkgZm9yIHR5cGUKICAgICRkZWxheWVkID0gR2V0LURlbGF5ZWRTdGF0dXMgLW5hbWUgJHN2Yy5OYW1lCiAgICAkYWN0dWFsX3N0YXJ0X21vZGUgPSAkd21pX3N2Yy5TdGFydE1vZGUuVG9TdHJpbmcoKS5Ub0xvd2VyKCkgCiAgICBpZiAoJGRlbGF5ZWQgLWFuZCAkYWN0dWFsX3N0YXJ0X21vZGUgLWVxICdhdXRvJykgewogICAgICAgICRhY3R1YWxfc3RhcnRfbW9kZSA9ICdkZWxheWVkJwogICAgfQoKICAgICRleGlzdGluZ19kZXBlbmRlbmNpZXMgPSBAKCkKICAgICRleGlzdGluZ19kZXBlbmRlZF9ieSA9IEAoKQogICAgaWYgKCRzdmMuU2VydmljZXNEZXBlbmRlZE9uLkNvdW50IC1ndCAwKSB7CiAgICAgICAgZm9yZWFjaCAoJGRlcGVuZGVuY3kgaW4gJHN2Yy5TZXJ2aWNlc0RlcGVuZGVkT24uTmFtZSkgewogICAgICAgICAgICAkZXhpc3RpbmdfZGVwZW5kZW5jaWVzICs9ICRkZXBlbmRlbmN5CiAgICAgICAgfQogICAgfQogICAgaWYgKCRzdmMuRGVwZW5kZW50U2VydmljZXMuQ291bnQgLWd0IDApIHsKICAgICAgICBmb3JlYWNoICgkZGVwZW5kZW5jeSBpbiAkc3ZjLkRlcGVuZGVudFNlcnZpY2VzLk5hbWUpIHsKICAgICAgICAgICAgJGV4aXN0aW5nX2RlcGVuZGVkX2J5ICs9ICRkZXBlbmRlbmN5CiAgICAgICAgfQogICAgfQogICAgJGRlc2NyaXB0aW9uID0gJHdtaV9zdmMuRGVzY3JpcHRpb24KICAgIGlmICgkZGVzY3JpcHRpb24gLWVxICRudWxsKSB7CiAgICAgICAgJGRlc2NyaXB0aW9uID0gIiIKICAgIH0KCiAgICAkcmVzdWx0LmV4aXN0cyA9ICR0cnVlCiAgICAkcmVzdWx0Lm5hbWUgPSAkc3ZjLk5hbWUKICAgICRyZXN1bHQuZGlzcGxheV9uYW1lID0gJHN2Yy5EaXNwbGF5TmFtZQogICAgJHJlc3VsdC5zdGF0ZSA9ICRzdmMuU3RhdHVzLlRvU3RyaW5nKCkuVG9Mb3dlcigpCiAgICAkcmVzdWx0LnN0YXJ0X21vZGUgPSAkYWN0dWFsX3N0YXJ0X21vZGUKICAgICRyZXN1bHQucGF0aCA9ICR3bWlfc3ZjLlBhdGhOYW1lCiAgICAkcmVzdWx0LmRlc2NyaXB0aW9uID0gJGRlc2NyaXB0aW9uCiAgICAkcmVzdWx0LnVzZXJuYW1lID0gJHdtaV9zdmMuU3RhcnROYW1lCiAgICAkcmVzdWx0LmRlc2t0b3BfaW50ZXJhY3QgPSAkd21pX3N2Yy5EZXNrdG9wSW50ZXJhY3QKICAgICRyZXN1bHQuZGVwZW5kZW5jaWVzID0gJGV4aXN0aW5nX2RlcGVuZGVuY2llcwogICAgJHJlc3VsdC5kZXBlbmRlZF9ieSA9ICRleGlzdGluZ19kZXBlbmRlZF9ieQogICAgJHJlc3VsdC5jYW5fcGF1c2VfYW5kX2NvbnRpbnVlID0gJHN2Yy5DYW5QYXVzZUFuZENvbnRpbnVlCn0KCkZ1bmN0aW9uIEdldC1XbWlFcnJvck1lc3NhZ2UoJHJldHVybl92YWx1ZSkgewogICAgIyBUaGVzZSB2YWx1ZXMgYXJlIGRlcml2ZWQgZnJvbSBodHRwczovL21zZG4ubWljcm9zb2Z0LmNvbS9lbi11cy9saWJyYXJ5L2FhMzg0OTAxKHY9dnMuODUpLmFzcHgKICAgIHN3aXRjaCAoJHJldHVybl92YWx1ZSkgewogICAgICAgIDEgeyAiTm90IFN1cHBvcnRlZDogVGhlIHJlcXVlc3QgaXMgbm90IHN1cHBvcnRlZCIgfQogICAgICAgIDIgeyAiQWNjZXNzIERlbmllZDogVGhlIHVzZXIgZGlkIG5vdCBoYXZlIHRoZSBuZWNlc3NhcnkgYWNjZXNzIiB9CiAgICAgICAgMyB7ICJEZXBlbmRlbnQgU2VydmljZXMgUnVubmluZzogVGhlIHNlcnZpY2UgY2Fubm90IGJlIHN0b3BwZWQgYmVjYXVzZSBvdGhlciBzZXJ2aWNlcyB0aGF0IGFyZSBydW5uaW5nIGFyZSBkZXBlbmRlbnQgb24gaXQiIH0KICAgICAgICA0IHsgIkludmFsaWQgU2VydmljZSBDb250cm9sOiBUaGUgcmVxdWVzdGVkIGNvbnRyb2wgY29kZSBpcyBub3QgdmFsaWQsIG9yIGl0IGlzIHVuYWNjZXB0YWJsZSB0byB0aGUgc2VydmljZSIgfQogICAgICAgIDUgeyAiU2VydmljZSBDYW5ub3QgQWNjZXB0IENvbnRyb2w6IFRoZSByZXF1ZXN0ZWQgY29udHJvbCBjb2RlIGNhbm5vdCBiZSBzZW50IHRvIHRoZSBzZXJ2aWNlIGJlY2F1c2UgdGhlIHN0YXRlIG9mIHRoZSBzZXJ2aWNlIChXaW4zMl9CYXNlU2VydmljZS5TdGF0ZSBwcm9wZXJ0eSkgaXMgZXF1YWwgdG8gMCwgMSwgb3IgMiIgfQogICAgICAgIDYgeyAiU2VydmljZSBOb3QgQWN0aXZlOiBUaGUgc2VydmljZSBoYXMgbm90IGJlZW4gc3RhcnRlZCIgfQogICAgICAgIDcgeyAiU2VydmljZSBSZXF1ZXN0IFRpbWVvdXQ6IFRoZSBzZXJ2aWNlIGRpZCBub3QgcmVzcG9uZCB0byB0aGUgc3RhcnQgcmVxdWVzdCBpbiBhIHRpbWVseSBmYXNoaW9uIiB9CiAgICAgICAgOCB7ICJVbmtub3duIEZhaWx1cmU6IFVua25vd24gZmFpbHVyZSB3aGVuIHN0YXJ0aW5nIHRoZSBzZXJ2aWNlIiB9CiAgICAgICAgOSB7ICJQYXRoIE5vdCBGb3VuZDogVGhlIGRpcmVjdG9yeSBwYXRoIHRvIHRoZSBzZXJ2aWNlIGV4ZWN1dGFibGUgZmlsZSB3YXMgbm90IGZvdW5kIiB9CiAgICAgICAgMTAgeyAiU2VydmljZSBBbHJlYWR5IFJ1bm5pbmc6IFRoZSBzZXJ2aWNlIGlzIGFscmVhZHkgcnVubmluZyIgfQogICAgICAgIDExIHsgIlNlcnZpY2UgRGF0YWJhc2UgTG9ja2VkOiBUaGUgZGF0YWJhc2UgdG8gYWRkIGEgbmV3IHNlcnZpY2UgaXMgbG9ja2VkIiB9CiAgICAgICAgMTIgeyAiU2VydmljZSBEZXBlbmRlbmN5IERlbGV0ZWQ6IEEgZGVwZW5kZW5jeSB0aGlzIHNlcnZpY2UgcmVsaWVzIG9uIGhhcyBiZWVuIHJlbW92ZWQgZnJvbSB0aGUgc3lzdGVtIiB9CiAgICAgICAgMTMgeyAiU2VydmljZSBEZXBlbmRlbmN5IEZhaWx1cmU6IFRoZSBzZXJ2aWNlIGZhaWxlZCB0byBmaW5kIHRoZSBzZXJ2aWNlIG5lZWRlZCBmcm9tIGEgZGVwZW5kZW50IHNlcnZpY2UiIH0KICAgICAgICAxNCB7ICJTZXJ2aWNlIERpc2FibGVkOiBUaGUgc2VydmljZSBoYXMgYmVlbiBkaXNhYmxlZCBmcm9tIHRoZSBzeXN0ZW0iIH0KICAgICAgICAxNSB7ICJTZXJ2aWNlIExvZ29uIEZhaWxlZDogVGhlIHNlcnZpY2UgZG9lcyBub3QgaGF2ZSB0aGUgY29ycmVjdCBhdXRoZW50aWNhdGlvbiB0byBydW4gb24gdGhlIHN5c3RlbSIgfQogICAgICAgIDE2IHsgIlNlcnZpY2UgTWFya2VkIEZvciBEZWxldGlvbjogVGhpcyBzZXJ2aWNlIGlzIGJlaW5nIHJlbW92ZWQgZnJvbSB0aGUgc3lzdGVtIiB9CiAgICAgICAgMTcgeyAiU2VydmljZSBObyBUaHJlYWQ6IFRoZSBzZXJ2aWNlIGhhcyBubyBleGVjdXRpb24gdGhyZWFkIiB9CiAgICAgICAgMTggeyAiU3RhdHVzIENpcmN1bGFyIERlcGVuZGVuY3k6IFRoZSBzZXJ2aWNlIGhhcyBjaXJjdWxhciBkZXBlbmRlbmNpZXMgd2hlbiBpdCBzdGFydHMiIH0KICAgICAgICAxOSB7ICJTdGF0dXMgRHVwbGljYXRlIE5hbWU6IEEgc2VydmljZSBpcyBydW5uaW5nIHVuZGVyIHRoZSBzYW1lIG5hbWUiIH0KICAgICAgICAyMCB7ICJTdGF0dXMgSW52YWxpZCBOYW1lOiBUaGUgc2VydmljZSBuYW1lIGhhcyBpbnZhbGlkIGNoYXJhY3RlcnMiIH0KICAgICAgICAyMSB7ICJTdGF0dXMgSW52YWxpZCBQYXJhbWV0ZXI6IEludmFsaWQgcGFyYW1ldGVycyBoYXZlIGJlZW4gcGFzc2VkIHRvIHRoZSBzZXJ2aWNlIiB9CiAgICAgICAgMjIgeyAiU3RhdHVzIEludmFsaWQgU2VydmljZSBBY2NvdW50OiBUaGUgYWNjb3VudCB1bmRlciB3aGljaCB0aGlzIHNlcnZpY2UgcnVucyBpcyBlaXRoZXIgaW52YWxpZCBvciBsYWNrcyB0aGUgcGVybWlzc2lvbnMgdG8gcnVuIHRoZSBzZXJ2aWNlIiB9CiAgICAgICAgMjMgeyAiU3RhdHVzIFNlcnZpY2UgRXhpc3RzOiBUaGUgc2VydmljZSBleGlzdHMgaW4gdGhlIGRhdGFiYXNlIG9mIHNlcnZpY2VzIGF2YWlsYWJsZSBmcm9tIHRoZSBzeXN0ZW0iIH0KICAgICAgICAyNCB7ICJTZXJ2aWNlIEFscmVhZHkgUGF1c2VkOiBUaGUgc2VydmljZSBpcyBjdXJyZW50bHkgcGF1c2VkIGluIHRoZSBzeXN0ZW0iIH0KICAgICAgICBkZWZhdWx0IHsgIk90aGVyIEVycm9yIiB9CiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1EZWxheWVkU3RhdHVzKCRuYW1lKSB7CiAgICAkZGVsYXllZF9rZXkgPSAiSEtMTTpcU3lzdGVtXEN1cnJlbnRDb250cm9sU2V0XFNlcnZpY2VzXCRuYW1lIgogICAgdHJ5IHsKICAgICAgICAkZGVsYXllZCA9IENvbnZlcnRUby1Cb29sICgoR2V0LUl0ZW1Qcm9wZXJ0eSAtTGl0ZXJhbFBhdGggJGRlbGF5ZWRfa2V5KS5EZWxheWVkQXV0b3N0YXJ0KQogICAgfSBjYXRjaCB7CiAgICAgICAgJGRlbGF5ZWQgPSAkZmFsc2UKICAgIH0KCiAgICAkZGVsYXllZAp9CgpGdW5jdGlvbiBTZXQtU2VydmljZVN0YXJ0TW9kZSgkc3ZjLCAkc3RhcnRfbW9kZSkgewogICAgaWYgKCRyZXN1bHQuc3RhcnRfbW9kZSAtbmUgJHN0YXJ0X21vZGUpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICAkZGVsYXllZF9rZXkgPSAiSEtMTTpcU3lzdGVtXEN1cnJlbnRDb250cm9sU2V0XFNlcnZpY2VzXCQoJHN2Yy5OYW1lKSIKICAgICAgICAgICAgIyBPcmlnaW5hbCBzdGFydCB1cCB0eXBlIHdhcyBhdXRvIChkZWxheWVkKSBhbmQgd2Ugd2FudCBhdXRvLCBuZWVkIHRvIHJlbW92ZWQgZGVsYXllZCBrZXkKICAgICAgICAgICAgaWYgKCRzdGFydF9tb2RlIC1lcSAnYXV0bycgLWFuZCAkcmVzdWx0LnN0YXJ0X21vZGUgLWVxICdkZWxheWVkJykgewogICAgICAgICAgICAgICAgU2V0LUl0ZW1Qcm9wZXJ0eSAtTGl0ZXJhbFBhdGggJGRlbGF5ZWRfa2V5IC1OYW1lICJEZWxheWVkQXV0b3N0YXJ0IiAtVmFsdWUgMCAtV2hhdElmOiRjaGVja19tb2RlCiAgICAgICAgICAgICMgT3JpZ2luYWwgc3RhcnQgdXAgdHlwZSB3YXMgYXV0byBhbmQgd2Ugd2FudCBhdXRvIChkZWxheWVkKSwgbmVlZCB0byBhZGQgZGVsYXllZCBrZXkKICAgICAgICAgICAgfSBlbHNlaWYgKCRzdGFydF9tb2RlIC1lcSAnZGVsYXllZCcgLWFuZCAkcmVzdWx0LnN0YXJ0X21vZGUgLWVxICdhdXRvJykgewogICAgICAgICAgICAgICAgU2V0LUl0ZW1Qcm9wZXJ0eSAtTGl0ZXJhbFBhdGggJGRlbGF5ZWRfa2V5IC1OYW1lICJEZWxheWVkQXV0b3N0YXJ0IiAtVmFsdWUgMSAtV2hhdElmOiRjaGVja19tb2RlCiAgICAgICAgICAgICMgT3JpZ2luYWwgc3RhcnQgdXAgdHlwZSB3YXMgbm90IGF1dG8gb3IgYXV0byAoZGVsYXllZCksIG5lZWQgdG8gY2hhbmdlIHRvIGF1dG8gYW5kIGFkZCBkZWxheWVkIGtleQogICAgICAgICAgICB9IGVsc2VpZiAoJHN0YXJ0X21vZGUgLWVxICdkZWxheWVkJykgewogICAgICAgICAgICAgICAgJHN2YyB8IFNldC1TZXJ2aWNlIC1TdGFydHVwVHlwZSAiYXV0byIgLVdoYXRJZjokY2hlY2tfbW9kZQogICAgICAgICAgICAgICAgU2V0LUl0ZW1Qcm9wZXJ0eSAtTGl0ZXJhbFBhdGggJGRlbGF5ZWRfa2V5IC1OYW1lICJEZWxheWVkQXV0b3N0YXJ0IiAtVmFsdWUgMSAtV2hhdElmOiRjaGVja19tb2RlCiAgICAgICAgICAgICMgT3JpZ2luYWwgc3RhcnQgdXAgdHlwZSB3YXMgbm90IHdoYXQgd2Ugd2VyZSBsb29raW5nIGZvciwganVzdCBjaGFuZ2UgdG8gdGhhdCB0eXBlCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICAkc3ZjIHwgU2V0LVNlcnZpY2UgLVN0YXJ0dXBUeXBlICRzdGFydF9tb2RlIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAgICAgfQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAkXy5FeGNlcHRpb24uTWVzc2FnZQogICAgICAgIH0KICAgICAgICAKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQp9CgpGdW5jdGlvbiBTZXQtU2VydmljZUFjY291bnQoJHdtaV9zdmMsICR1c2VybmFtZV9zaWQsICR1c2VybmFtZSwgJHBhc3N3b3JkKSB7CiAgICBpZiAoJHJlc3VsdC51c2VybmFtZSAtZXEgIkxvY2FsU3lzdGVtIikgewogICAgICAgICRhY3R1YWxfc2lkID0gIlMtMS01LTE4IgogICAgfSBlbHNlIHsKICAgICAgICAkYWN0dWFsX3NpZCA9IENvbnZlcnQtVG9TSUQgLWFjY291bnRfbmFtZSAkcmVzdWx0LnVzZXJuYW1lCiAgICB9CgogICAgaWYgKCRhY3R1YWxfc2lkIC1uZSAkdXNlcm5hbWVfc2lkKSB7CiAgICAgICAgJGNoYW5nZV9hcmd1bWVudHMgPSBAewogICAgICAgICAgICBTdGFydE5hbWUgPSAkdXNlcm5hbWUKICAgICAgICAgICAgU3RhcnRQYXNzd29yZCA9ICRwYXNzd29yZAogICAgICAgICAgICBEZXNrdG9wSW50ZXJhY3QgPSAkcmVzdWx0LmRlc2t0b3BfaW50ZXJhY3QKICAgICAgICB9CiAgICAgICAgIyBuZWVkIHRvIGRpc2FibGUgZGVza3RvcCBpbnRlcmFjdCB3aGVuIG5vdCB1c2luZyB0aGUgU1lTVEVNIGFjY291bnQKICAgICAgICBpZiAoJHVzZXJuYW1lX3NpZCAtbmUgIlMtMS01LTE4IikgewogICAgICAgICAgICAkY2hhbmdlX2FyZ3VtZW50cy5EZXNrdG9wSW50ZXJhY3QgPSAkZmFsc2UKICAgICAgICB9CgogICAgICAgICNXTUkuQ2hhbmdlIGRvZXNuJ3Qgc3VwcG9ydCAtV2hhdElmLCBjYW5ub3QgZnVsbHkgdGVzdCB3aXRoIGNoZWNrX21vZGUKICAgICAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSkgewogICAgICAgICAgICAkcmV0dXJuID0gJHdtaV9zdmMgfCBJbnZva2UtQ2ltTWV0aG9kIC1NZXRob2ROYW1lIENoYW5nZSAtQXJndW1lbnRzICRjaGFuZ2VfYXJndW1lbnRzCiAgICAgICAgICAgIGlmICgkcmV0dXJuLlJldHVyblZhbHVlIC1uZSAwKSB7CiAgICAgICAgICAgICAgICAkZXJyb3JfbXNnID0gR2V0LVdtaUVycm9yTWVzc2FnZSAtcmV0dXJuX3ZhbHVlICRyZXN1bHQuUmV0dXJuVmFsdWUKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBzZXQgc2VydmljZSBhY2NvdW50IHRvICQoJHVzZXJuYW1lKTogJCgkcmV0dXJuLlJldHVyblZhbHVlKSAtICRlcnJvcl9tc2ciCiAgICAgICAgICAgIH0KICAgICAgICB9ICAgICAgIC ScriptBlock ID: 2967aad3-be3f-426e-a5d9-c5b9f66a6718 Path:	4104	1		3	2	15	0	1754	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2288	4432	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:05 PM	7f70462d-725d-0002-6790-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.SID": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCkZ1bmN0aW9uIENvbnZlcnQtRnJvbVNJRCgkc2lkKSB7CiAgICAjIENvbnZlcnRzIGEgU0lEIHRvIGEgRG93bi1MZXZlbCBMb2dvbiBuYW1lIGluIHRoZSBmb3JtIG9mIERPTUFJTlxVc2VyTmFtZQogICAgIyBJZiB0aGUgU0lEIGlzIGZvciBhIGxvY2FsIHVzZXIgb3IgZ3JvdXAgdGhlbiBET01BSU4gd291bGQgYmUgdGhlIHNlcnZlcgogICAgIyBuYW1lLgoKICAgICRhY2NvdW50X29iamVjdCA9IE5ldy1PYmplY3QgU3lzdGVtLlNlY3VyaXR5LlByaW5jaXBhbC5TZWN1cml0eUlkZW50aWZpZXIoJHNpZCkKICAgIHRyeSB7CiAgICAgICAgJG50X2FjY291bnQgPSAkYWNjb3VudF9vYmplY3QuVHJhbnNsYXRlKFtTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsLk5UQWNjb3VudF0pCiAgICB9IGNhdGNoIHsKICAgICAgICBGYWlsLUpzb24gLW9iaiBAe30gLW1lc3NhZ2UgImZhaWxlZCB0byBjb252ZXJ0IHNpZCAnJHNpZCcgdG8gYSBsb2dvbiBuYW1lOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgIH0KCiAgICByZXR1cm4gJG50X2FjY291bnQuVmFsdWUKfQoKRnVuY3Rpb24gQ29udmVydC1Ub1NJRCB7CiAgICBbRGlhZ25vc3RpY3MuQ29kZUFuYWx5c2lzLlN1cHByZXNzTWVzc2FnZUF0dHJpYnV0ZSgiUFNBdm9pZFVzaW5nRW1wdHlDYXRjaEJsb2NrIiwgIiIsIEp1c3RpZmljYXRpb249IldlIGRvbid0IGNhcmUgaWYgY29udmVydGluZyB0byBhIFNJRCBmYWlscywganVzdCB0aGF0IGl0IGZhaWxlZCBvciBub3QiKV0KICAgIHBhcmFtKCRhY2NvdW50X25hbWUpCiAgICAjIENvbnZlcnRzIGFuIGFjY291bnQgbmFtZSB0byBhIFNJRCwgaXQgY2FuIHRha2UgaW4gdGhlIGZvbGxvd2luZyBmb3JtcwogICAgIyBTSUQ6IFdpbGwganVzdCByZXR1cm4gdGhlIFNJRCB2YWx1ZSB0aGF0IHdhcyBwYXNzZWQgaW4KICAgICMgVVBOOgogICAgIyAgIHByaW5jaXBhbEBkb21haW4gKERvbWFpbiB1c2VycyBvbmx5KQogICAgIyBEb3duLUxldmVsIExvZ2luIE5hbWUKICAgICMgICBET01BSU5ccHJpbmNpcGFsIChEb21haW4pCiAgICAjICAgU0VSVkVSTkFNRVxwcmluY2lwYWwgKExvY2FsKQogICAgIyAgIC5ccHJpbmNpcGFsIChMb2NhbCkKICAgICMgICBOVCBBVVRIT1JJVFlcU1lTVEVNIChMb2NhbCBTZXJ2aWNlIEFjY291bnRzKQogICAgIyBMb2dpbiBOYW1lCiAgICAjICAgcHJpbmNpcGFsIChMb2NhbC9Mb2NhbCBTZXJ2aWNlIEFjY291bnRzKQoKICAgIHRyeSB7CiAgICAgICAgJHNpZCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5QcmluY2lwYWwuU2VjdXJpdHlJZGVudGlmaWVyIC1Bcmd1bWVudExpc3QgJGFjY291bnRfbmFtZQogICAgICAgIHJldHVybiAkc2lkLlZhbHVlCiAgICB9IGNhdGNoIHt9CgogICAgaWYgKCRhY2NvdW50X25hbWUgLWxpa2UgIipcKiIpIHsKICAgICAgICAkYWNjb3VudF9uYW1lX3NwbGl0ID0gJGFjY291bnRfbmFtZSAtc3BsaXQgIlxcIgogICAgICAgIGlmICgkYWNjb3VudF9uYW1lX3NwbGl0WzBdIC1lcSAiLiIpIHsKICAgICAgICAgICAgJGRvbWFpbiA9ICRlbnY6Q09NUFVURVJOQU1FCiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJGRvbWFpbiA9ICRhY2NvdW50X25hbWVfc3BsaXRbMF0KICAgICAgICB9CiAgICAgICAgJHVzZXJuYW1lID0gJGFjY291bnRfbmFtZV9zcGxpdFsxXQogICAgfSBlbHNlaWYgKCRhY2NvdW50X25hbWUgLWxpa2UgIipAKiIpIHsKICAgICAgICAkYWNjb3VudF9uYW1lX3NwbGl0ID0gJGFjY291bnRfbmFtZSAtc3BsaXQgIkAiCiAgICAgICAgJGRvbWFpbiA9ICRhY2NvdW50X25hbWVfc3BsaXRbMV0KICAgICAgICAkdXNlcm5hbWUgPSAkYWNjb3VudF9uYW1lX3NwbGl0WzBdCiAgICB9IGVsc2UgewogICAgICAgICRkb21haW4gPSAkbnVsbAogICAgICAgICR1c2VybmFtZSA9ICRhY2NvdW50X25hbWUKICAgIH0KCiAgICBpZiAoJGRvbWFpbikgewogICAgICAgICMgc2VhcmNoaW5nIGZvciBhIGxvY2FsIGdyb3VwIHdpdGggdGhlIHNlcnZlcm5hbWUgcHJlZml4ZWQgd2lsbCBmYWlsLAogICAgICAgICMgbmVlZCB0byBjaGVjayBmb3IgdGhpcyBzaXR1YXRpb24gYW5kIG9ubHkgdXNlIE5UQWNjb3VudChTdHJpbmcpCiAgICAgICAgaWYgKCRkb21haW4gLWVxICRlbnY6Q09NUFVURVJOQU1FKSB7CiAgICAgICAgICAgICRhZHNpID0gW0FEU0ldKCJXaW5OVDovLyRlbnY6Q09NUFVURVJOQU1FLGNvbXB1dGVyIikKICAgICAgICAgICAgJGdyb3VwID0gJGFkc2kucHNiYXNlLmNoaWxkcmVuIHwgV2hlcmUtT2JqZWN0IHsgJF8uc2NoZW1hQ2xhc3NOYW1lIC1lcSAiZ3JvdXAiIC1hbmQgJF8uTmFtZSAtZXEgJHVzZXJuYW1lIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZ3JvdXAgPSAkbnVsbAogICAgICAgIH0KICAgICAgICBpZiAoJGdyb3VwKSB7CiAgICAgICAgICAgICRhY2NvdW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsLk5UQWNjb3VudCgkdXNlcm5hbWUpCiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJGFjY291bnQgPSBOZXctT2JqZWN0IFN5c3RlbS5TZWN1cml0eS5QcmluY2lwYWwuTlRBY2NvdW50KCRkb21haW4sICR1c2VybmFtZSkKICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICMgd2hlbiBpbiBhIGRvbWFpbiBOVEFjY291bnQoU3RyaW5nKSB3aWxsIGZhdm91ciBkb21haW4gbG9va3VwcyBjaGVjawogICAgICAgICMgaWYgdXNlcm5hbWUgaXMgYSBsb2NhbCB1c2VyIGFuZCBleHBsaWN0bHkgc2VhcmNoIG9uIHRoZSBsb2NhbGhvc3QgZm9yCiAgICAgICAgIyB0aGF0IGFjY291bnQKICAgICAgICAkYWRzaSA9IFtBRFNJXSgiV2luTlQ6Ly8kZW52OkNPTVBVVEVSTkFNRSxjb21wdXRlciIpCiAgICAgICAgJHVzZXIgPSAkYWRzaS5wc2Jhc2UuY2hpbGRyZW4gfCBXaGVyZS1PYmplY3QgeyAkXy5zY2hlbWFDbGFzc05hbWUgLWVxICJ1c2VyIiAtYW5kICRfLk5hbWUgLWVxICR1c2VybmFtZSB9CiAgICAgICAgaWYgKCR1c2VyKSB7CiAgICAgICAgICAgICRhY2NvdW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsLk5UQWNjb3VudCgkZW52OkNPTVBVVEVSTkFNRSwgJHVzZXJuYW1lKQogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICRhY2NvdW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsLk5UQWNjb3VudCgkdXNlcm5hbWUpCiAgICAgICAgfQogICAgfQogICAgCiAgICB0cnkgewogICAgICAgICRhY2NvdW50X3NpZCA9ICRhY2NvdW50LlRyYW5zbGF0ZShbU3lzdGVtLlNlY3VyaXR5LlByaW5jaXBhbC5TZWN1cml0eUlkZW50aWZpZXJdKQogICAgfSBjYXRjaCB7CiAgICAgICAgRmFpbC1Kc29uIEB7fSAiYWNjb3VudF9uYW1lICRhY2NvdW50X25hbWUgaXMgbm90IGEgdmFsaWQgYWNjb3VudCwgY2Fubm90IGdldCBTSUQ6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgfQogICAgCiAgICByZXR1cm4gJGFjY291bnRfc2lkLlZhbHVlCn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAg ScriptBlock ID: 2967aad3-be3f-426e-a5d9-c5b9f66a6718 Path:	4104	1		3	2	15	0	1753	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2288	4432	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:05 PM	7f70462d-725d-0002-6790-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1752	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2288	4424	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:05 PM	7f70462d-725d-0002-6590-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2288 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1751	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2288	4404	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:05 PM	7f70462d-725d-0002-6590-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1750	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2288	4424	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:05 PM	7f70462d-725d-0002-6590-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: d2e2a33a-8ed2-4444-abdf-e7c556938595 Path:	4104	1		3	2	15	0	1749	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4720	4484	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:03 PM	7f70462d-725d-0001-a754-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 39dc6a10-e0e2-4c8a-86f3-873495a8526e Path:	4104	1		3	2	15	0	1748	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4720	4484	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:02 PM	7f70462d-725d-0001-9454-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): JfbXNnIgogICAgICAgICAgICB9CiAgICAgICAgfQogICAgICAgIAogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIFNldC1TZXJ2aWNlU3RhdGUoJHN2YywgJHdtaV9zdmMsICRzdGF0ZSkgewogICAgaWYgKCRzdGF0ZSAtZXEgInN0YXJ0ZWQiIC1hbmQgJHJlc3VsdC5zdGF0ZSAtbmUgInJ1bm5pbmciKSB7CiAgICAgICAgaWYgKCRyZXN1bHQuc3RhdGUgLWVxICJwYXVzZWQiKSB7CiAgICAgICAgICAgIHRyeSB7CiAgICAgICAgICAgICAgICAkc3ZjIHwgUmVzdW1lLVNlcnZpY2UgLVdoYXRJZjokY2hlY2tfbW9kZQogICAgICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJmYWlsZWQgdG8gc3RhcnQgc2VydmljZSBmcm9tIHBhdXNlZCBzdGF0ZSAkKCRzdmMuTmFtZSk6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgdHJ5IHsKICAgICAgICAgICAgICAgICRzdmMgfCBTdGFydC1TZXJ2aWNlIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAkXy5FeGNlcHRpb24uTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfQogICAgICAgIAogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgaWYgKCRzdGF0ZSAtZXEgInN0b3BwZWQiIC1hbmQgJHJlc3VsdC5zdGF0ZSAtbmUgInN0b3BwZWQiKSB7CiAgICAgICAgdHJ5IHsKICAgICAgICAgICAgJHN2YyB8IFN0b3AtU2VydmljZSAtRm9yY2U6JGZvcmNlX2RlcGVuZGVudF9zZXJ2aWNlcyAtV2hhdElmOiRjaGVja19tb2RlCiAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICRfLkV4Y2VwdGlvbi5NZXNzYWdlCiAgICAgICAgfQogICAgICAgIAogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgaWYgKCRzdGF0ZSAtZXEgInJlc3RhcnRlZCIpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICAkc3ZjIHwgUmVzdGFydC1TZXJ2aWNlIC1Gb3JjZTokZm9yY2VfZGVwZW5kZW50X3NlcnZpY2VzIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICB9CiAgICAgICAgCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KCiAgICBpZiAoJHN0YXRlIC1lcSAicGF1c2VkIiAtYW5kICRyZXN1bHQuc3RhdGUgLW5lICJwYXVzZWQiKSB7CiAgICAgICAgIyBjaGVjayB0aGF0IHdlIGNhbiBhY3R1YWxseSBwYXVzZSB0aGUgc2VydmljZQogICAgICAgIGlmICgkcmVzdWx0LmNhbl9wYXVzZV9hbmRfY29udGludWUgLWVxICRmYWxzZSkgewogICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAiZmFpbGVkIHRvIHBhdXNlIHNlcnZpY2UgJCgkc3ZjLk5hbWUpOiBUaGUgc2VydmljZSBkb2VzIG5vdCBzdXBwb3J0IHBhdXNpbmciCiAgICAgICAgfQoKICAgICAgICB0cnkgewogICAgICAgICAgICAkc3ZjIHwgU3VzcGVuZC1TZXJ2aWNlIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgImZhaWxlZCB0byBwYXVzZSBzZXJ2aWNlICQoJHN2Yy5OYW1lKTogJCgkXy5FeGNlcHRpb24uTWVzc2FnZSkiCiAgICAgICAgfQogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgaWYgKCRzdGF0ZSAtZXEgImFic2VudCIpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICAkc3ZjIHwgU3RvcC1TZXJ2aWNlIC1Gb3JjZTokZm9yY2VfZGVwZW5kZW50X3NlcnZpY2VzIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICB9CiAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgJHJldHVybiA9ICR3bWlfc3ZjIHwgSW52b2tlLUNpbU1ldGhvZCAtTWV0aG9kTmFtZSBEZWxldGUKICAgICAgICAgICAgaWYgKCRyZXR1cm4uUmV0dXJuVmFsdWUgLW5lIDApIHsKICAgICAgICAgICAgICAgICRlcnJvcl9tc2cgPSBHZXQtV21pRXJyb3JNZXNzYWdlIC1yZXR1cm5fdmFsdWUgJHJldHVybi5SZXR1cm5WYWx1ZQogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRmFpbGVkIHRvIGRlbGV0ZSBzZXJ2aWNlICQoJHN2Yy5OYW1lKTogJCgkcmV0dXJuLlJldHVyblZhbHVlKSAtICRlcnJvcl9tc2ciCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VDb25maWd1cmF0aW9uKCRzdmMpIHsKICAgICR3bWlfc3ZjID0gR2V0LUNpbUluc3RhbmNlIC1DbGFzc05hbWUgV2luMzJfU2VydmljZSAtRmlsdGVyICJuYW1lPSckKCRzdmMuTmFtZSknIgogICAgR2V0LVNlcnZpY2VJbmZvIC1uYW1lICRzdmMuTmFtZQogICAgaWYgKCRkZXNrdG9wX2ludGVyYWN0IC1lcSAkdHJ1ZSAtYW5kICgtbm90ICgkcmVzdWx0LnVzZXJuYW1lIC1lcSAnTG9jYWxTeXN0ZW0nIC1vciAkdXNlcm5hbWUgLWVxICdMb2NhbFN5c3RlbScpKSkgewogICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJDYW4gb25seSBzZXQgZGVza3RvcF9pbnRlcmFjdCB0byB0cnVlIHdoZW4gc2VydmljZSBpcyBydW4gd2l0aC9vciAndXNlcm5hbWUnIGVxdWFscyAnTG9jYWxTeXN0ZW0nIgogICAgfQoKICAgIGlmICgkc3RhcnRfbW9kZSAtbmUgJG51bGwpIHsKICAgICAgICBTZXQtU2VydmljZVN0YXJ0TW9kZSAtc3ZjICRzdmMgLXN0YXJ0X21vZGUgJHN0YXJ0X21vZGUKICAgIH0KCiAgICBpZiAoJHVzZXJuYW1lIC1uZSAkbnVsbCkgewogICAgICAgIFNldC1TZXJ2aWNlQWNjb3VudCAtd21pX3N2YyAkd21pX3N2YyAtdXNlcm5hbWVfc2lkICR1c2VybmFtZV9zaWQgLXVzZXJuYW1lICR1c2VybmFtZSAtcGFzc3dvcmQgJHBhc3N3b3JkCiAgICB9CgogICAgaWYgKCRkaXNwbGF5X25hbWUgLW5lICRudWxsKSB7CiAgICAgICAgU2V0LVNlcnZpY2VEaXNwbGF5TmFtZSAtc3ZjICRzdmMgLWRpc3BsYXlfbmFtZSAkZGlzcGxheV9uYW1lCiAgICB9CgogICAgaWYgKCRkZXNrdG9wX2ludGVyYWN0IC1uZSAkbnVsbCkgewogICAgICAgIFNldC1TZXJ2aWNlRGVza3RvcEludGVyYWN0IC13bWlfc3ZjICR3bWlfc3ZjIC1kZXNrdG9wX2ludGVyYWN0ICRkZXNrdG9wX2ludGVyYWN0CiAgICB9CgogICAgaWYgKCRkZXNjcmlwdGlvbiAtbmUgJG51bGwpIHsKICAgICAgICBTZXQtU2VydmljZURlc2NyaXB0aW9uIC1zdmMgJHN2YyAtZGVzY3JpcHRpb24gJGRlc2NyaXB0aW9uCiAgICB9CgogICAgaWYgKCRwYXRoIC1uZSAkbnVsbCkgewogICAgICAgIFNldC1TZXJ2aWNlUGF0aCAtbmFtZSAkc3ZjLk5hbWUgLXBhdGggJHBhdGgKICAgIH0KCiAgICBpZiAoJGRlcGVuZGVuY2llcyAtbmUgJG51bGwpIHsKICAgICAgICBTZXQtU2VydmljZURlcGVuZGVuY2llcyAtd21pX3N2YyAkd21pX3N2YyAtZGVwZW5kZW5jeV9hY3Rpb24gJGRlcGVuZGVuY3lfYWN0aW9uIC1kZXBlbmRlbmNpZXMgJGRlcGVuZGVuY2llcwogICAgfQoKICAgIGlmICgkc3RhdGUgLW5lICRudWxsKSB7CiAgICAgICAgU2V0LVNlcnZpY2VTdGF0ZSAtc3ZjICRzdmMgLXdtaV9zdmMgJHdtaV9zdmMgLXN0YXRlICRzdGF0ZQogICAgfQp9CgojIG5lZWQgdG8gdXNlIFdoZXJlLU9iamVjdCBhcyAtTmFtZSBkb2Vzbid0IHdvcmsgd2l0aCBbXSBpbiB0aGUgc2VydmljZSBuYW1lCiMgaHR0cHM6Ly9naXRodWIuY29tL2Fuc2libGUvYW5zaWJsZS9pc3N1ZXMvMzc2MjEKJHN2YyA9IEdldC1TZXJ2aWNlIHwgV2hlcmUtT2JqZWN0IHsgJF8uTmFtZSAtZXEgJG5hbWUgLW9yICRfLkRpc3BsYXlOYW1lIC1lcSAkbmFtZSB9CmlmICgkc3ZjKSB7CiAgICBTZXQtU2VydmljZUNvbmZpZ3VyYXRpb24gLXN2YyAkc3ZjCn0gZWxzZSB7CiAgICAkcmVzdWx0LmV4aXN0cyA9ICRmYWxzZQogICAgaWYgKCRzdGF0ZSAtbmUgJ2Fic2VudCcpIHsKICAgICAgICAjIENoZWNrIGlmIHBhdGggaXMgZGVmaW5lZCwgaWYgc28gY3JlYXRlIHRoZSBzZXJ2aWNlCiAgICAgICAgaWYgKCRwYXRoIC1uZSAkbnVsbCkgewogICAgICAgICAgICB0cnkgewogICAgICAgICAgICAgICAgTmV3LVNlcnZpY2UgLU5hbWUgJG5hbWUgLUJpbmFyeVBhdGhuYW1lICRwYXRoIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAkXy5FeGNlcHRpb24uTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCgogICAgICAgICAgICAkc3ZjID0gR2V0LVNlcnZpY2UgfCBXaGVyZS1PYmplY3QgeyAkXy5OYW1lIC1lcSAkbmFtZSB9CiAgICAgICAgICAgIFNldC1TZXJ2aWNlQ29uZmlndXJhdGlvbiAtc3ZjICRzdmMKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAjIFdlIHdpbGwgb25seSByZWFjaCBoZXJlIGlmIHRoZSBzZXJ2aWNlIGlzIGluc3RhbGxlZCBhbmQgdGhlIHN0YXRlIGlzIG5vdCBhYnNlbnQKICAgICAgICAgICAgIyBXaWxsIGNoZWNrIGlmIGFueSBvZiB0aGUgZGVmYXVsdCBhY3Rpb25zIGFyZSBzZXQgYW5kIGZhaWwgYXMgd2UgY2Fubm90IGFjdGlvbiBpdAogICAgICAgICAgICBpZiAoJHN0YXJ0X21vZGUgLW5lICRudWxsIC1vcgogICAgICAgICAgICAgICAgJHN0YXRlIC1uZSAkbnVsbCAtb3IKICAgICAgICAgICAgICAgICR1c2VybmFtZSAtbmUgJG51bGwgLW9yCiAgICAgICAgICAgICAgICAkcGFzc3dvcmQgLW5lICRudWxsIC1vcgogICAgICAgICAgICAgICAgJGRpc3BsYXlfbmFtZSAtbmUgJG51bGwgLW9yCiAgICAgICAgICAgICAgICAkZGVzY3JpcHRpb24gLW5lICRudWxsIC1vcgogICAgICAgICAgICAgICAgJGRlc2t0b3BfaW50ZXJhY3QgLW5lICRmYWxzZSAtb3IKICAgICAgICAgICAgICAgICRkZXBlbmRlbmNpZXMgLW5lICRudWxsIC1vcgogICAgICAgICAgICAgICAgJGRlcGVuZGVuY3lfYWN0aW9uIC1uZSAnc2V0JykgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJTZXJ2aWNlICckbmFtZScgaXMgbm90IGluc3RhbGxlZCwgbmVlZCB0byBzZXQgJ3BhdGgnIHRvIGNyZWF0ZSBhIG5ldyBzZXJ2aWNlIgogICAgICAgICAgICB9CiAgICAgICAgfQogICAgfQp9CgojIEFmdGVyIG1ha2luZyBhIGNoYW5nZSwgbGV0J3MgZ2V0IHRoZSBzZXJ2aWNlIGluZm8gYWdhaW4gdW5sZXNzIHdlIGRlbGV0ZWQgaXQKaWYgKCRzdGF0ZSAtZXEgJ2Fic2VudCcpIHsKICAgICMgUmVjcmVhdGUgcmVzdWx0IHNvIGl0IGRvZXNuJ3QgaGF2ZSB0aGUgZXh0cmEgbWV0YSBkYXRhIG5vdyB0aGF0IGlzIGhhcyBiZWVuIGRlbGV0ZWQKICAgICRjaGFuZ2VkID0gJHJlc3VsdC5jaGFuZ2VkCiAgICAkcmVzdWx0ID0gQHsKICAgICAgICBjaGFuZ2VkID0gJGNoYW5nZWQKICAgICAgICBleGlzdHMgPSAkZmFsc2UKICAgIH0KfSBlbHNlaWYgKCRzdmMgLW5lICRudWxsKSB7CiAgICBHZXQtU2VydmljZUluZm8gLW5hbWUgJG5hbWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "_ansible_check_mode": false, "display_name": "cinder-volume", "_ansible_module_name": "win_service", "state": "started", "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "username": "LocalSystem", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "description": "OpenStack Cinder Volume Service", "_ansible_syslog_facility": "LOG_USER", "_ansible_keep_remote_files": false, "_ansible_socket": null, "path": "c:\\openstack\\bin\\OpenStackService.exe cinder-volume c:\\python37\\scripts\\cinder-volume.exe --config-file c:\\openstack\\etc\\cinder-volume.conf", "password": "", "_ansible_no_log": false, "name": "cinder-volume", "start_mode": "auto", "_ansible_verbosity": 2, "_ansible_diff": false, "_ansible_remote_tmp": "%TEMP%", "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 9547f8a2-399c-4d37-bb61-ca1a6a1fd042 Path:	4104	1		3	2	15	0	1747	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4720	4484	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:02 PM	7f70462d-725d-0001-8e54-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): c3N3b3JkID0gIiIKICAgICAgICB9CiAgICAgICAgJHVzZXJuYW1lID0gQ29udmVydC1Gcm9tU0lEIC1zaWQgJHVzZXJuYW1lX3NpZAogICAgfQp9CmlmICgkcGFzc3dvcmQgLW5lICRudWxsIC1hbmQgJHVzZXJuYW1lIC1lcSAkbnVsbCkgewogICAgRmFpbC1Kc29uICRyZXN1bHQgIlRoZSBhcmd1bWVudCAndXNlcm5hbWUnIG11c3QgYmUgc3VwcGxpZWQgd2l0aCAncGFzc3dvcmQnIgp9CmlmICgkZGVza3RvcF9pbnRlcmFjdCAtZXEgJHRydWUgLWFuZCAoLW5vdCAoJHVzZXJuYW1lIC1lcSAiTG9jYWxTeXN0ZW0iIC1vciAkdXNlcm5hbWUgLWVxICRudWxsKSkpIHsKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJDYW4gb25seSBzZXQgJ2Rlc2t0b3BfaW50ZXJhY3QnIHRvIHRydWUgd2hlbiAndXNlcm5hbWUnIGVxdWFscyAnTG9jYWxTeXN0ZW0nIgp9CmlmICgkcGF0aCAtbmUgJG51bGwpIHsKICAgICRwYXRoID0gW1N5c3RlbS5FbnZpcm9ubWVudF06OkV4cGFuZEVudmlyb25tZW50VmFyaWFibGVzKCRwYXRoKQp9CgpGdW5jdGlvbiBHZXQtU2VydmljZUluZm8oJG5hbWUpIHsKICAgICMgTmVlZCB0byBnZXQgbmV3IG9iamVjdHMgc28gd2UgaGF2ZSB0aGUgbGF0ZXN0IGluZm8KICAgICRzdmMgPSBHZXQtU2VydmljZSB8IFdoZXJlLU9iamVjdCB7ICRfLk5hbWUgLWVxICRuYW1lIC1vciAkXy5EaXNwbGF5TmFtZSAtZXEgJG5hbWUgfQogICAgJHdtaV9zdmMgPSBHZXQtQ2ltSW5zdGFuY2UgLUNsYXNzTmFtZSBXaW4zMl9TZXJ2aWNlIC1GaWx0ZXIgIm5hbWU9JyQoJHN2Yy5OYW1lKSciCgogICAgIyBEZWxheWVkIHN0YXJ0X21vZGUgaXMgaW4gcmVhbGl0eSBBdXRvbWF0aWMgKERlbGF5ZWQpLCBuZWVkIHRvIGNoZWNrIHJlZyBrZXkgZm9yIHR5cGUKICAgICRkZWxheWVkID0gR2V0LURlbGF5ZWRTdGF0dXMgLW5hbWUgJHN2Yy5OYW1lCiAgICAkYWN0dWFsX3N0YXJ0X21vZGUgPSAkd21pX3N2Yy5TdGFydE1vZGUuVG9TdHJpbmcoKS5Ub0xvd2VyKCkgCiAgICBpZiAoJGRlbGF5ZWQgLWFuZCAkYWN0dWFsX3N0YXJ0X21vZGUgLWVxICdhdXRvJykgewogICAgICAgICRhY3R1YWxfc3RhcnRfbW9kZSA9ICdkZWxheWVkJwogICAgfQoKICAgICRleGlzdGluZ19kZXBlbmRlbmNpZXMgPSBAKCkKICAgICRleGlzdGluZ19kZXBlbmRlZF9ieSA9IEAoKQogICAgaWYgKCRzdmMuU2VydmljZXNEZXBlbmRlZE9uLkNvdW50IC1ndCAwKSB7CiAgICAgICAgZm9yZWFjaCAoJGRlcGVuZGVuY3kgaW4gJHN2Yy5TZXJ2aWNlc0RlcGVuZGVkT24uTmFtZSkgewogICAgICAgICAgICAkZXhpc3RpbmdfZGVwZW5kZW5jaWVzICs9ICRkZXBlbmRlbmN5CiAgICAgICAgfQogICAgfQogICAgaWYgKCRzdmMuRGVwZW5kZW50U2VydmljZXMuQ291bnQgLWd0IDApIHsKICAgICAgICBmb3JlYWNoICgkZGVwZW5kZW5jeSBpbiAkc3ZjLkRlcGVuZGVudFNlcnZpY2VzLk5hbWUpIHsKICAgICAgICAgICAgJGV4aXN0aW5nX2RlcGVuZGVkX2J5ICs9ICRkZXBlbmRlbmN5CiAgICAgICAgfQogICAgfQogICAgJGRlc2NyaXB0aW9uID0gJHdtaV9zdmMuRGVzY3JpcHRpb24KICAgIGlmICgkZGVzY3JpcHRpb24gLWVxICRudWxsKSB7CiAgICAgICAgJGRlc2NyaXB0aW9uID0gIiIKICAgIH0KCiAgICAkcmVzdWx0LmV4aXN0cyA9ICR0cnVlCiAgICAkcmVzdWx0Lm5hbWUgPSAkc3ZjLk5hbWUKICAgICRyZXN1bHQuZGlzcGxheV9uYW1lID0gJHN2Yy5EaXNwbGF5TmFtZQogICAgJHJlc3VsdC5zdGF0ZSA9ICRzdmMuU3RhdHVzLlRvU3RyaW5nKCkuVG9Mb3dlcigpCiAgICAkcmVzdWx0LnN0YXJ0X21vZGUgPSAkYWN0dWFsX3N0YXJ0X21vZGUKICAgICRyZXN1bHQucGF0aCA9ICR3bWlfc3ZjLlBhdGhOYW1lCiAgICAkcmVzdWx0LmRlc2NyaXB0aW9uID0gJGRlc2NyaXB0aW9uCiAgICAkcmVzdWx0LnVzZXJuYW1lID0gJHdtaV9zdmMuU3RhcnROYW1lCiAgICAkcmVzdWx0LmRlc2t0b3BfaW50ZXJhY3QgPSAkd21pX3N2Yy5EZXNrdG9wSW50ZXJhY3QKICAgICRyZXN1bHQuZGVwZW5kZW5jaWVzID0gJGV4aXN0aW5nX2RlcGVuZGVuY2llcwogICAgJHJlc3VsdC5kZXBlbmRlZF9ieSA9ICRleGlzdGluZ19kZXBlbmRlZF9ieQogICAgJHJlc3VsdC5jYW5fcGF1c2VfYW5kX2NvbnRpbnVlID0gJHN2Yy5DYW5QYXVzZUFuZENvbnRpbnVlCn0KCkZ1bmN0aW9uIEdldC1XbWlFcnJvck1lc3NhZ2UoJHJldHVybl92YWx1ZSkgewogICAgIyBUaGVzZSB2YWx1ZXMgYXJlIGRlcml2ZWQgZnJvbSBodHRwczovL21zZG4ubWljcm9zb2Z0LmNvbS9lbi11cy9saWJyYXJ5L2FhMzg0OTAxKHY9dnMuODUpLmFzcHgKICAgIHN3aXRjaCAoJHJldHVybl92YWx1ZSkgewogICAgICAgIDEgeyAiTm90IFN1cHBvcnRlZDogVGhlIHJlcXVlc3QgaXMgbm90IHN1cHBvcnRlZCIgfQogICAgICAgIDIgeyAiQWNjZXNzIERlbmllZDogVGhlIHVzZXIgZGlkIG5vdCBoYXZlIHRoZSBuZWNlc3NhcnkgYWNjZXNzIiB9CiAgICAgICAgMyB7ICJEZXBlbmRlbnQgU2VydmljZXMgUnVubmluZzogVGhlIHNlcnZpY2UgY2Fubm90IGJlIHN0b3BwZWQgYmVjYXVzZSBvdGhlciBzZXJ2aWNlcyB0aGF0IGFyZSBydW5uaW5nIGFyZSBkZXBlbmRlbnQgb24gaXQiIH0KICAgICAgICA0IHsgIkludmFsaWQgU2VydmljZSBDb250cm9sOiBUaGUgcmVxdWVzdGVkIGNvbnRyb2wgY29kZSBpcyBub3QgdmFsaWQsIG9yIGl0IGlzIHVuYWNjZXB0YWJsZSB0byB0aGUgc2VydmljZSIgfQogICAgICAgIDUgeyAiU2VydmljZSBDYW5ub3QgQWNjZXB0IENvbnRyb2w6IFRoZSByZXF1ZXN0ZWQgY29udHJvbCBjb2RlIGNhbm5vdCBiZSBzZW50IHRvIHRoZSBzZXJ2aWNlIGJlY2F1c2UgdGhlIHN0YXRlIG9mIHRoZSBzZXJ2aWNlIChXaW4zMl9CYXNlU2VydmljZS5TdGF0ZSBwcm9wZXJ0eSkgaXMgZXF1YWwgdG8gMCwgMSwgb3IgMiIgfQogICAgICAgIDYgeyAiU2VydmljZSBOb3QgQWN0aXZlOiBUaGUgc2VydmljZSBoYXMgbm90IGJlZW4gc3RhcnRlZCIgfQogICAgICAgIDcgeyAiU2VydmljZSBSZXF1ZXN0IFRpbWVvdXQ6IFRoZSBzZXJ2aWNlIGRpZCBub3QgcmVzcG9uZCB0byB0aGUgc3RhcnQgcmVxdWVzdCBpbiBhIHRpbWVseSBmYXNoaW9uIiB9CiAgICAgICAgOCB7ICJVbmtub3duIEZhaWx1cmU6IFVua25vd24gZmFpbHVyZSB3aGVuIHN0YXJ0aW5nIHRoZSBzZXJ2aWNlIiB9CiAgICAgICAgOSB7ICJQYXRoIE5vdCBGb3VuZDogVGhlIGRpcmVjdG9yeSBwYXRoIHRvIHRoZSBzZXJ2aWNlIGV4ZWN1dGFibGUgZmlsZSB3YXMgbm90IGZvdW5kIiB9CiAgICAgICAgMTAgeyAiU2VydmljZSBBbHJlYWR5IFJ1bm5pbmc6IFRoZSBzZXJ2aWNlIGlzIGFscmVhZHkgcnVubmluZyIgfQogICAgICAgIDExIHsgIlNlcnZpY2UgRGF0YWJhc2UgTG9ja2VkOiBUaGUgZGF0YWJhc2UgdG8gYWRkIGEgbmV3IHNlcnZpY2UgaXMgbG9ja2VkIiB9CiAgICAgICAgMTIgeyAiU2VydmljZSBEZXBlbmRlbmN5IERlbGV0ZWQ6IEEgZGVwZW5kZW5jeSB0aGlzIHNlcnZpY2UgcmVsaWVzIG9uIGhhcyBiZWVuIHJlbW92ZWQgZnJvbSB0aGUgc3lzdGVtIiB9CiAgICAgICAgMTMgeyAiU2VydmljZSBEZXBlbmRlbmN5IEZhaWx1cmU6IFRoZSBzZXJ2aWNlIGZhaWxlZCB0byBmaW5kIHRoZSBzZXJ2aWNlIG5lZWRlZCBmcm9tIGEgZGVwZW5kZW50IHNlcnZpY2UiIH0KICAgICAgICAxNCB7ICJTZXJ2aWNlIERpc2FibGVkOiBUaGUgc2VydmljZSBoYXMgYmVlbiBkaXNhYmxlZCBmcm9tIHRoZSBzeXN0ZW0iIH0KICAgICAgICAxNSB7ICJTZXJ2aWNlIExvZ29uIEZhaWxlZDogVGhlIHNlcnZpY2UgZG9lcyBub3QgaGF2ZSB0aGUgY29ycmVjdCBhdXRoZW50aWNhdGlvbiB0byBydW4gb24gdGhlIHN5c3RlbSIgfQogICAgICAgIDE2IHsgIlNlcnZpY2UgTWFya2VkIEZvciBEZWxldGlvbjogVGhpcyBzZXJ2aWNlIGlzIGJlaW5nIHJlbW92ZWQgZnJvbSB0aGUgc3lzdGVtIiB9CiAgICAgICAgMTcgeyAiU2VydmljZSBObyBUaHJlYWQ6IFRoZSBzZXJ2aWNlIGhhcyBubyBleGVjdXRpb24gdGhyZWFkIiB9CiAgICAgICAgMTggeyAiU3RhdHVzIENpcmN1bGFyIERlcGVuZGVuY3k6IFRoZSBzZXJ2aWNlIGhhcyBjaXJjdWxhciBkZXBlbmRlbmNpZXMgd2hlbiBpdCBzdGFydHMiIH0KICAgICAgICAxOSB7ICJTdGF0dXMgRHVwbGljYXRlIE5hbWU6IEEgc2VydmljZSBpcyBydW5uaW5nIHVuZGVyIHRoZSBzYW1lIG5hbWUiIH0KICAgICAgICAyMCB7ICJTdGF0dXMgSW52YWxpZCBOYW1lOiBUaGUgc2VydmljZSBuYW1lIGhhcyBpbnZhbGlkIGNoYXJhY3RlcnMiIH0KICAgICAgICAyMSB7ICJTdGF0dXMgSW52YWxpZCBQYXJhbWV0ZXI6IEludmFsaWQgcGFyYW1ldGVycyBoYXZlIGJlZW4gcGFzc2VkIHRvIHRoZSBzZXJ2aWNlIiB9CiAgICAgICAgMjIgeyAiU3RhdHVzIEludmFsaWQgU2VydmljZSBBY2NvdW50OiBUaGUgYWNjb3VudCB1bmRlciB3aGljaCB0aGlzIHNlcnZpY2UgcnVucyBpcyBlaXRoZXIgaW52YWxpZCBvciBsYWNrcyB0aGUgcGVybWlzc2lvbnMgdG8gcnVuIHRoZSBzZXJ2aWNlIiB9CiAgICAgICAgMjMgeyAiU3RhdHVzIFNlcnZpY2UgRXhpc3RzOiBUaGUgc2VydmljZSBleGlzdHMgaW4gdGhlIGRhdGFiYXNlIG9mIHNlcnZpY2VzIGF2YWlsYWJsZSBmcm9tIHRoZSBzeXN0ZW0iIH0KICAgICAgICAyNCB7ICJTZXJ2aWNlIEFscmVhZHkgUGF1c2VkOiBUaGUgc2VydmljZSBpcyBjdXJyZW50bHkgcGF1c2VkIGluIHRoZSBzeXN0ZW0iIH0KICAgICAgICBkZWZhdWx0IHsgIk90aGVyIEVycm9yIiB9CiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1EZWxheWVkU3RhdHVzKCRuYW1lKSB7CiAgICAkZGVsYXllZF9rZXkgPSAiSEtMTTpcU3lzdGVtXEN1cnJlbnRDb250cm9sU2V0XFNlcnZpY2VzXCRuYW1lIgogICAgdHJ5IHsKICAgICAgICAkZGVsYXllZCA9IENvbnZlcnRUby1Cb29sICgoR2V0LUl0ZW1Qcm9wZXJ0eSAtTGl0ZXJhbFBhdGggJGRlbGF5ZWRfa2V5KS5EZWxheWVkQXV0b3N0YXJ0KQogICAgfSBjYXRjaCB7CiAgICAgICAgJGRlbGF5ZWQgPSAkZmFsc2UKICAgIH0KCiAgICAkZGVsYXllZAp9CgpGdW5jdGlvbiBTZXQtU2VydmljZVN0YXJ0TW9kZSgkc3ZjLCAkc3RhcnRfbW9kZSkgewogICAgaWYgKCRyZXN1bHQuc3RhcnRfbW9kZSAtbmUgJHN0YXJ0X21vZGUpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICAkZGVsYXllZF9rZXkgPSAiSEtMTTpcU3lzdGVtXEN1cnJlbnRDb250cm9sU2V0XFNlcnZpY2VzXCQoJHN2Yy5OYW1lKSIKICAgICAgICAgICAgIyBPcmlnaW5hbCBzdGFydCB1cCB0eXBlIHdhcyBhdXRvIChkZWxheWVkKSBhbmQgd2Ugd2FudCBhdXRvLCBuZWVkIHRvIHJlbW92ZWQgZGVsYXllZCBrZXkKICAgICAgICAgICAgaWYgKCRzdGFydF9tb2RlIC1lcSAnYXV0bycgLWFuZCAkcmVzdWx0LnN0YXJ0X21vZGUgLWVxICdkZWxheWVkJykgewogICAgICAgICAgICAgICAgU2V0LUl0ZW1Qcm9wZXJ0eSAtTGl0ZXJhbFBhdGggJGRlbGF5ZWRfa2V5IC1OYW1lICJEZWxheWVkQXV0b3N0YXJ0IiAtVmFsdWUgMCAtV2hhdElmOiRjaGVja19tb2RlCiAgICAgICAgICAgICMgT3JpZ2luYWwgc3RhcnQgdXAgdHlwZSB3YXMgYXV0byBhbmQgd2Ugd2FudCBhdXRvIChkZWxheWVkKSwgbmVlZCB0byBhZGQgZGVsYXllZCBrZXkKICAgICAgICAgICAgfSBlbHNlaWYgKCRzdGFydF9tb2RlIC1lcSAnZGVsYXllZCcgLWFuZCAkcmVzdWx0LnN0YXJ0X21vZGUgLWVxICdhdXRvJykgewogICAgICAgICAgICAgICAgU2V0LUl0ZW1Qcm9wZXJ0eSAtTGl0ZXJhbFBhdGggJGRlbGF5ZWRfa2V5IC1OYW1lICJEZWxheWVkQXV0b3N0YXJ0IiAtVmFsdWUgMSAtV2hhdElmOiRjaGVja19tb2RlCiAgICAgICAgICAgICMgT3JpZ2luYWwgc3RhcnQgdXAgdHlwZSB3YXMgbm90IGF1dG8gb3IgYXV0byAoZGVsYXllZCksIG5lZWQgdG8gY2hhbmdlIHRvIGF1dG8gYW5kIGFkZCBkZWxheWVkIGtleQogICAgICAgICAgICB9IGVsc2VpZiAoJHN0YXJ0X21vZGUgLWVxICdkZWxheWVkJykgewogICAgICAgICAgICAgICAgJHN2YyB8IFNldC1TZXJ2aWNlIC1TdGFydHVwVHlwZSAiYXV0byIgLVdoYXRJZjokY2hlY2tfbW9kZQogICAgICAgICAgICAgICAgU2V0LUl0ZW1Qcm9wZXJ0eSAtTGl0ZXJhbFBhdGggJGRlbGF5ZWRfa2V5IC1OYW1lICJEZWxheWVkQXV0b3N0YXJ0IiAtVmFsdWUgMSAtV2hhdElmOiRjaGVja19tb2RlCiAgICAgICAgICAgICMgT3JpZ2luYWwgc3RhcnQgdXAgdHlwZSB3YXMgbm90IHdoYXQgd2Ugd2VyZSBsb29raW5nIGZvciwganVzdCBjaGFuZ2UgdG8gdGhhdCB0eXBlCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICAkc3ZjIHwgU2V0LVNlcnZpY2UgLVN0YXJ0dXBUeXBlICRzdGFydF9tb2RlIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAgICAgfQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAkXy5FeGNlcHRpb24uTWVzc2FnZQogICAgICAgIH0KICAgICAgICAKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQp9CgpGdW5jdGlvbiBTZXQtU2VydmljZUFjY291bnQoJHdtaV9zdmMsICR1c2VybmFtZV9zaWQsICR1c2VybmFtZSwgJHBhc3N3b3JkKSB7CiAgICBpZiAoJHJlc3VsdC51c2VybmFtZSAtZXEgIkxvY2FsU3lzdGVtIikgewogICAgICAgICRhY3R1YWxfc2lkID0gIlMtMS01LTE4IgogICAgfSBlbHNlIHsKICAgICAgICAkYWN0dWFsX3NpZCA9IENvbnZlcnQtVG9TSUQgLWFjY291bnRfbmFtZSAkcmVzdWx0LnVzZXJuYW1lCiAgICB9CgogICAgaWYgKCRhY3R1YWxfc2lkIC1uZSAkdXNlcm5hbWVfc2lkKSB7CiAgICAgICAgJGNoYW5nZV9hcmd1bWVudHMgPSBAewogICAgICAgICAgICBTdGFydE5hbWUgPSAkdXNlcm5hbWUKICAgICAgICAgICAgU3RhcnRQYXNzd29yZCA9ICRwYXNzd29yZAogICAgICAgICAgICBEZXNrdG9wSW50ZXJhY3QgPSAkcmVzdWx0LmRlc2t0b3BfaW50ZXJhY3QKICAgICAgICB9CiAgICAgICAgIyBuZWVkIHRvIGRpc2FibGUgZGVza3RvcCBpbnRlcmFjdCB3aGVuIG5vdCB1c2luZyB0aGUgU1lTVEVNIGFjY291bnQKICAgICAgICBpZiAoJHVzZXJuYW1lX3NpZCAtbmUgIlMtMS01LTE4IikgewogICAgICAgICAgICAkY2hhbmdlX2FyZ3VtZW50cy5EZXNrdG9wSW50ZXJhY3QgPSAkZmFsc2UKICAgICAgICB9CgogICAgICAgICNXTUkuQ2hhbmdlIGRvZXNuJ3Qgc3VwcG9ydCAtV2hhdElmLCBjYW5ub3QgZnVsbHkgdGVzdCB3aXRoIGNoZWNrX21vZGUKICAgICAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSkgewogICAgICAgICAgICAkcmV0dXJuID0gJHdtaV9zdmMgfCBJbnZva2UtQ2ltTWV0aG9kIC1NZXRob2ROYW1lIENoYW5nZSAtQXJndW1lbnRzICRjaGFuZ2VfYXJndW1lbnRzCiAgICAgICAgICAgIGlmICgkcmV0dXJuLlJldHVyblZhbHVlIC1uZSAwKSB7CiAgICAgICAgICAgICAgICAkZXJyb3JfbXNnID0gR2V0LVdtaUVycm9yTWVzc2FnZSAtcmV0dXJuX3ZhbHVlICRyZXN1bHQuUmV0dXJuVmFsdWUKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBzZXQgc2VydmljZSBhY2NvdW50IHRvICQoJHVzZXJuYW1lKTogJCgkcmV0dXJuLlJldHVyblZhbHVlKSAtICRlcnJvcl9tc2ciCiAgICAgICAgICAgIH0KICAgICAgICB9ICAgICAgICAKCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VEZXNrdG9wSW50ZXJhY3QoJHdtaV9zdmMsICRkZXNrdG9wX2ludGVyYWN0KSB7CiAgICBpZiAoJHJlc3VsdC5kZXNrdG9wX2ludGVyYWN0IC1uZSAkZGVza3RvcF9pbnRlcmFjdCkgewogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICRyZXR1cm4gPSAkd21pX3N2YyB8IEludm9rZS1DaW1NZXRob2QgLU1ldGhvZE5hbWUgQ2hhbmdlIC1Bcmd1bWVudHMgQHtEZXNrdG9wSW50ZXJhY3QgPSAkZGVza3RvcF9pbnRlcmFjdH0KICAgICAgICAgICAgaWYgKCRyZXR1cm4uUmV0dXJuVmFsdWUgLW5lIDApIHsKICAgICAgICAgICAgICAgICRlcnJvcl9tc2cgPSBHZXQtV21pRXJyb3JNZXNzYWdlIC1yZXR1cm5fdmFsdWUgJHJldHVybi5SZXR1cm5WYWx1ZQogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRmFpbGVkIHRvIHNldCBkZXNrdG9wIGludGVyYWN0ICQoJGRlc2t0b3BfaW50ZXJhY3QpOiAkKCRyZXR1cm4uUmV0dXJuVmFsdWUpIC0gJGVycm9yX21zZyIKICAgICAgICAgICAgfQogICAgICAgIH0KCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VEaXNwbGF5TmFtZSgkc3ZjLCAkZGlzcGxheV9uYW1lKSB7CiAgICBpZiAoJHJlc3VsdC5kaXNwbGF5X25hbWUgLW5lICRkaXNwbGF5X25hbWUpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICAkc3ZjIHwgU2V0LVNlcnZpY2UgLURpc3BsYXlOYW1lICRkaXNwbGF5X25hbWUgLVdoYXRJZjokY2hlY2tfbW9kZQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAkXy5FeGNlcHRpb24uTWVzc2FnZQogICAgICAgIH0KICAgICAgICAKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQp9CgpGdW5jdGlvbiBTZXQtU2VydmljZURlc2NyaXB0aW9uKCRzdmMsICRkZXNjcmlwdGlvbikgewogICAgaWYgKCRyZXN1bHQuZGVzY3JpcHRpb24gLW5lICRkZXNjcmlwdGlvbikgewogICAgICAgIHRyeSB7CiAgICAgICAgICAgICRzdmMgfCBTZXQtU2VydmljZSAtRGVzY3JpcHRpb24gJGRlc2NyaXB0aW9uIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICB9CiAgICAgICAgCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VQYXRoKCRuYW1lLCAkcGF0aCkgewogICAgaWYgKCRyZXN1bHQucGF0aCAtbmUgJHBhdGgpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICBTZXQtSXRlbVByb3BlcnR5IC1MaXRlcmFsUGF0aCAiSEtMTTpcU3lzdGVtXEN1cnJlbnRDb250cm9sU2V0XFNlcnZpY2VzXCRuYW1lIiAtTmFtZSBJbWFnZVBhdGggLVZhbHVlICRwYXRoIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICB9CiAgICAgICAgCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VEZXBlbmRlbmNpZXMoJHdtaV9zdmMsICRkZXBlbmRlbmN5X2FjdGlvbiwgJGRlcGVuZGVuY2llcykgewogICAgJGV4aXN0aW5nX2RlcGVuZGVuY2llcyA9ICRyZXN1bHQuZGVwZW5kZW5jaWVzCiAgICBbU3lzdGVtLkNvbGxlY3Rpb25zLkFycmF5TGlzdF0kbmV3X2RlcGVuZGVuY2llcyA9IEAoKQoKICAgIGlmICgkZGVwZW5kZW5jeV9hY3Rpb24gLWVxICdzZXQnKSB7CiAgICAgICAgZm9yZWFjaCAoJGRlcGVuZGVuY3kgaW4gJGRlcGVuZGVuY2llcykgewogICAgICAgICAgICAkbmV3X2RlcGVuZGVuY2llcy5BZGQoJGRlcGVuZGVuY3kpCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkbmV3X2RlcGVuZGVuY2llcyA9ICRleGlzdGluZ19kZXBlbmRlbmNpZXMKICAgICAgICBmb3JlYWNoICgkZGVwZW5kZW5jeSBpbiAkZGVwZW5kZW5jaWVzKSB7CiAgICAgICAgICAgIGlmICgkZGVwZW5kZW5jeV9hY3Rpb24gLWVxICdyZW1vdmUnKSB7CiAgICAgICAgICAgICAgICBpZiAoJG5ld19kZXBlbmRlbmNpZXMgLWNvbnRhaW5zICRkZXBlbmRlbmN5KSB7CiAgICAgICAgICAgICAgICAgICAgJG5ld19kZXBlbmRlbmNpZXMuUmVtb3ZlKCRkZXBlbmRlbmN5KQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9IGVsc2VpZiAoJGRlcGVuZGVuY3lfYWN0aW9uIC1lcSAnYWRkJykgewogICAgICAgICAgICAgICAgaWYgKCRuZXdfZGVwZW5kZW5jaWVzIC1ub3Rjb250YWlucyAkZGVwZW5kZW5jeSkgewogICAgICAgICAgICAgICAgICAgICRuZXdfZGVwZW5kZW5jaWVzLkFkZCgkZGVwZW5kZW5jeSkKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KCiAgICAkd2lsbF9jaGFuZ2UgPSAkZmFsc2UKICAgIGZvcmVhY2ggKCRkZXBlbmRlbmN5IGluICRuZXdfZGVwZW5kZW5jaWVzKSB7CiAgICAgICAgaWYgKCRleGlzdGluZ19kZXBlbmRlbmNpZXMgLW5vdGNvbnRhaW5zICRkZXBlbmRlbmN5KSB7CiAgICAgICAgICAgICR3aWxsX2NoYW5nZSA9ICR0cnVlCiAgICAgICAgfQogICAgfQogICAgZm9yZWFjaCAoJGRlcGVuZGVuY3kgaW4gJGV4aXN0aW5nX2RlcGVuZGVuY2llcykgewogICAgICAgIGlmICgkbmV3X2RlcGVuZGVuY2llcyAtbm90Y29udGFpbnMgJGRlcGVuZGVuY3kpIHsKICAgICAgICAgICAgJHdpbGxfY2hhbmdlID0gJHRydWUKICAgICAgICB9CiAgICB9CgogICAgaWYgKCR3aWxsX2NoYW5nZSAtZXEgJHRydWUpIHsKICAgICAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSkgewogICAgICAgICAgICAkcmV0dXJuID0gJHdtaV9zdmMgfCBJbnZva2UtQ2ltTWV0aG9kIC1NZXRob2ROYW1lIENoYW5nZSAtQXJndW1lbnRzIEB7U2VydmljZURlcGVuZGVuY2llcyA9ICRuZXdfZGVwZW5kZW5jaWVzfQogICAgICAgICAgICBpZiAoJHJldHVybi5SZXR1cm5WYWx1ZSAtbmUgMCkgewogICAgICAgICAgICAgICAgJGVycm9yX21zZyA9IEdldC1XbWlFcnJvck1lc3NhZ2UgLXJldHVybl92YWx1ZSAkcmV0dXJuLlJldHVyblZhbHVlCiAgICAgICAgICAgICAgICAkZGVwX3N0cmluZyA9ICRuZXdfZGVwZW5kZW5jaWVzIC1qb2luICIsICIKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBzZXQgc2VydmljZSBkZXBlbmRlbmNpZXMgJCgkZGVwX3N0cmluZyk6ICQoJHJldHVybi5SZXR1cm5WYWx1ZSkgLSAkZXJyb3 ScriptBlock ID: 9547f8a2-399c-4d37-bb61-ca1a6a1fd042 Path:	4104	1		3	2	15	0	1746	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4720	4484	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:02 PM	7f70462d-725d-0001-8e54-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): zID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTQsIENocmlzIEhvZmZtYW4gPGNob2ZmbWFuQGNoYXRoYW1maW5hbmNpYWwuY29tPgojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5TSUQKCiRFcnJvckFjdGlvblByZWZlcmVuY2UgPSAiU3RvcCIKCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCiRjaGVja19tb2RlID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgJ19hbnNpYmxlX2NoZWNrX21vZGUnIC10eXBlICdib29sJyAtZGVmYXVsdCAkZmFsc2UKCiRkZXBlbmRlbmNpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnZGVwZW5kZW5jaWVzJyAtdHlwZSAnbGlzdCcgLWRlZmF1bHQgJG51bGwKJGRlcGVuZGVuY3lfYWN0aW9uID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgJ2RlcGVuZGVuY3lfYWN0aW9uJyAtdHlwZSAnc3RyJyAtZGVmYXVsdCAnc2V0JyAtdmFsaWRhdGVzZXQgJ2FkZCcsJ3JlbW92ZScsJ3NldCcgCiRkZXNjcmlwdGlvbiA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICdkZXNjcmlwdGlvbicgLXR5cGUgJ3N0cicKJGRlc2t0b3BfaW50ZXJhY3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnZGVza3RvcF9pbnRlcmFjdCcgLXR5cGUgJ2Jvb2wnIC1kZWZhdWx0ICRmYWxzZQokZGlzcGxheV9uYW1lID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgJ2Rpc3BsYXlfbmFtZScgLXR5cGUgJ3N0cicKJGZvcmNlX2RlcGVuZGVudF9zZXJ2aWNlcyA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICdmb3JjZV9kZXBlbmRlbnRfc2VydmljZXMnIC10eXBlICdib29sJyAtZGVmYXVsdCAkZmFsc2UKJG5hbWUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnbmFtZScgLXR5cGUgJ3N0cicgLWZhaWxpZmVtcHR5ICR0cnVlCiRwYXNzd29yZCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICdwYXNzd29yZCcgLXR5cGUgJ3N0cicKJHBhdGggPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAncGF0aCcKJHN0YXJ0X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnc3RhcnRfbW9kZScgLXR5cGUgJ3N0cicgLXZhbGlkYXRlc2V0ICdhdXRvJywnbWFudWFsJywnZGlzYWJsZWQnLCdkZWxheWVkJwokc3RhdGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnc3RhdGUnIC10eXBlICdzdHInIC12YWxpZGF0ZXNldCAnc3RhcnRlZCcsJ3N0b3BwZWQnLCdyZXN0YXJ0ZWQnLCdhYnNlbnQnLCdwYXVzZWQnCiR1c2VybmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICd1c2VybmFtZScgLXR5cGUgJ3N0cicKCiRyZXN1bHQgPSBAewogICAgY2hhbmdlZCA9ICRmYWxzZQp9CgojIHBhcnNlIHRoZSB1c2VybmFtZSB0byBTSUQgYW5kIGJhY2sgc28gd2UgZ2V0IHRoZSBmdWxsIHVzZXJuYW1lIHdpdGggZG9tYWluIGluIGEgd2F5IFdNSSB1bmRlcnN0YW5kcwppZiAoJHVzZXJuYW1lIC1uZSAkbnVsbCkgewogICAgaWYgKCR1c2VybmFtZSAtZXEgIkxvY2FsU3lzdGVtIikgewogICAgICAgICR1c2VybmFtZV9zaWQgPSAiUy0xLTUtMTgiCiAgICB9IGVsc2UgewogICAgICAgICR1c2VybmFtZV9zaWQgPSBDb252ZXJ0LVRvU0lEIC1hY2NvdW50X25hbWUgJHVzZXJuYW1lCiAgICB9CgogICAgIyB0aGUgU1lTVEVNIGFjY291bnQgaXMgYSBzcGVjaWFsIGJlYXN0LCBXaW4zMl9TZXJ2aWNlIENoYW5nZSByZXF1aXJlcyBTdGFydE5hbWUgdG8gYmUgTG9jYWxTeXN0ZW0KICAgICMgdG8gc3BlY2lmeSBMb2NhbFN5c3RlbS9OVCBBVVRIT1JJVFlcU1lTVEVNCiAgICBpZiAoJHVzZXJuYW1lX3NpZCAtZXEgIlMtMS01LTE4IikgewogICAgICAgICR1c2VybmFtZSA9ICJMb2NhbFN5c3RlbSIKICAgICAgICAkcGFzc3dvcmQgPSAkbnVsbAogICAgfSBlbHNlIHsKICAgICAgICAjIFdpbjMyX1NlcnZpY2UsIHBhc3N3b3JkIG11c3QgYmUgIiIgYW5kIG5vdCAkbnVsbCB3aGVuIHNldHRpbmcgdG8gTG9jYWxTZXJ2aWNlIG9yIE5ldHdvcmtTZXJ2aWNlCiAgICAgICAgaWYgKCR1c2VybmFtZV9zaWQgLWluIEAoIlMtMS01LTE5IiwgIlMtMS01LTIwIikpIHsKICAgICAgICAgICAgJHBh ScriptBlock ID: 9547f8a2-399c-4d37-bb61-ca1a6a1fd042 Path:	4104	1		3	2	15	0	1745	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4720	4484	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:02 PM	7f70462d-725d-0001-8e54-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.SID": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCkZ1bmN0aW9uIENvbnZlcnQtRnJvbVNJRCgkc2lkKSB7CiAgICAjIENvbnZlcnRzIGEgU0lEIHRvIGEgRG93bi1MZXZlbCBMb2dvbiBuYW1lIGluIHRoZSBmb3JtIG9mIERPTUFJTlxVc2VyTmFtZQogICAgIyBJZiB0aGUgU0lEIGlzIGZvciBhIGxvY2FsIHVzZXIgb3IgZ3JvdXAgdGhlbiBET01BSU4gd291bGQgYmUgdGhlIHNlcnZlcgogICAgIyBuYW1lLgoKICAgICRhY2NvdW50X29iamVjdCA9IE5ldy1PYmplY3QgU3lzdGVtLlNlY3VyaXR5LlByaW5jaXBhbC5TZWN1cml0eUlkZW50aWZpZXIoJHNpZCkKICAgIHRyeSB7CiAgICAgICAgJG50X2FjY291bnQgPSAkYWNjb3VudF9vYmplY3QuVHJhbnNsYXRlKFtTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsLk5UQWNjb3VudF0pCiAgICB9IGNhdGNoIHsKICAgICAgICBGYWlsLUpzb24gLW9iaiBAe30gLW1lc3NhZ2UgImZhaWxlZCB0byBjb252ZXJ0IHNpZCAnJHNpZCcgdG8gYSBsb2dvbiBuYW1lOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgIH0KCiAgICByZXR1cm4gJG50X2FjY291bnQuVmFsdWUKfQoKRnVuY3Rpb24gQ29udmVydC1Ub1NJRCB7CiAgICBbRGlhZ25vc3RpY3MuQ29kZUFuYWx5c2lzLlN1cHByZXNzTWVzc2FnZUF0dHJpYnV0ZSgiUFNBdm9pZFVzaW5nRW1wdHlDYXRjaEJsb2NrIiwgIiIsIEp1c3RpZmljYXRpb249IldlIGRvbid0IGNhcmUgaWYgY29udmVydGluZyB0byBhIFNJRCBmYWlscywganVzdCB0aGF0IGl0IGZhaWxlZCBvciBub3QiKV0KICAgIHBhcmFtKCRhY2NvdW50X25hbWUpCiAgICAjIENvbnZlcnRzIGFuIGFjY291bnQgbmFtZSB0byBhIFNJRCwgaXQgY2FuIHRha2UgaW4gdGhlIGZvbGxvd2luZyBmb3JtcwogICAgIyBTSUQ6IFdpbGwganVzdCByZXR1cm4gdGhlIFNJRCB2YWx1ZSB0aGF0IHdhcyBwYXNzZWQgaW4KICAgICMgVVBOOgogICAgIyAgIHByaW5jaXBhbEBkb21haW4gKERvbWFpbiB1c2VycyBvbmx5KQogICAgIyBEb3duLUxldmVsIExvZ2luIE5hbWUKICAgICMgICBET01BSU5ccHJpbmNpcGFsIChEb21haW4pCiAgICAjICAgU0VSVkVSTkFNRVxwcmluY2lwYWwgKExvY2FsKQogICAgIyAgIC5ccHJpbmNpcGFsIChMb2NhbCkKICAgICMgICBOVCBBVVRIT1JJVFlcU1lTVEVNIChMb2NhbCBTZXJ2aWNlIEFjY291bnRzKQogICAgIyBMb2dpbiBOYW1lCiAgICAjICAgcHJpbmNpcGFsIChMb2NhbC9Mb2NhbCBTZXJ2aWNlIEFjY291bnRzKQoKICAgIHRyeSB7CiAgICAgICAgJHNpZCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5QcmluY2lwYWwuU2VjdXJpdHlJZGVudGlmaWVyIC1Bcmd1bWVudExpc3QgJGFjY291bnRfbmFtZQogICAgICAgIHJldHVybiAkc2lkLlZhbHVlCiAgICB9IGNhdGNoIHt9CgogICAgaWYgKCRhY2NvdW50X25hbWUgLWxpa2UgIipcKiIpIHsKICAgICAgICAkYWNjb3VudF9uYW1lX3NwbGl0ID0gJGFjY291bnRfbmFtZSAtc3BsaXQgIlxcIgogICAgICAgIGlmICgkYWNjb3VudF9uYW1lX3NwbGl0WzBdIC1lcSAiLiIpIHsKICAgICAgICAgICAgJGRvbWFpbiA9ICRlbnY6Q09NUFVURVJOQU1FCiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJGRvbWFpbiA9ICRhY2NvdW50X25hbWVfc3BsaXRbMF0KICAgICAgICB9CiAgICAgICAgJHVzZXJuYW1lID0gJGFjY291bnRfbmFtZV9zcGxpdFsxXQogICAgfSBlbHNlaWYgKCRhY2NvdW50X25hbWUgLWxpa2UgIipAKiIpIHsKICAgICAgICAkYWNjb3VudF9uYW1lX3NwbGl0ID0gJGFjY291bnRfbmFtZSAtc3BsaXQgIkAiCiAgICAgICAgJGRvbWFpbiA9ICRhY2NvdW50X25hbWVfc3BsaXRbMV0KICAgICAgICAkdXNlcm5hbWUgPSAkYWNjb3VudF9uYW1lX3NwbGl0WzBdCiAgICB9IGVsc2UgewogICAgICAgICRkb21haW4gPSAkbnVsbAogICAgICAgICR1c2VybmFtZSA9ICRhY2NvdW50X25hbWUKICAgIH0KCiAgICBpZiAoJGRvbWFpbikgewogICAgICAgICMgc2VhcmNoaW5nIGZvciBhIGxvY2FsIGdyb3VwIHdpdGggdGhlIHNlcnZlcm5hbWUgcHJlZml4ZWQgd2lsbCBmYWlsLAogICAgICAgICMgbmVlZCB0byBjaGVjayBmb3IgdGhpcyBzaXR1YXRpb24gYW5kIG9ubHkgdXNlIE5UQWNjb3VudChTdHJpbmcpCiAgICAgICAgaWYgKCRkb21haW4gLWVxICRlbnY6Q09NUFVURVJOQU1FKSB7CiAgICAgICAgICAgICRhZHNpID0gW0FEU0ldKCJXaW5OVDovLyRlbnY6Q09NUFVURVJOQU1FLGNvbXB1dGVyIikKICAgICAgICAgICAgJGdyb3VwID0gJGFkc2kucHNiYXNlLmNoaWxkcmVuIHwgV2hlcmUtT2JqZWN0IHsgJF8uc2NoZW1hQ2xhc3NOYW1lIC1lcSAiZ3JvdXAiIC1hbmQgJF8uTmFtZSAtZXEgJHVzZXJuYW1lIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZ3JvdXAgPSAkbnVsbAogICAgICAgIH0KICAgICAgICBpZiAoJGdyb3VwKSB7CiAgICAgICAgICAgICRhY2NvdW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsLk5UQWNjb3VudCgkdXNlcm5hbWUpCiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJGFjY291bnQgPSBOZXctT2JqZWN0IFN5c3RlbS5TZWN1cml0eS5QcmluY2lwYWwuTlRBY2NvdW50KCRkb21haW4sICR1c2VybmFtZSkKICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICMgd2hlbiBpbiBhIGRvbWFpbiBOVEFjY291bnQoU3RyaW5nKSB3aWxsIGZhdm91ciBkb21haW4gbG9va3VwcyBjaGVjawogICAgICAgICMgaWYgdXNlcm5hbWUgaXMgYSBsb2NhbCB1c2VyIGFuZCBleHBsaWN0bHkgc2VhcmNoIG9uIHRoZSBsb2NhbGhvc3QgZm9yCiAgICAgICAgIyB0aGF0IGFjY291bnQKICAgICAgICAkYWRzaSA9IFtBRFNJXSgiV2luTlQ6Ly8kZW52OkNPTVBVVEVSTkFNRSxjb21wdXRlciIpCiAgICAgICAgJHVzZXIgPSAkYWRzaS5wc2Jhc2UuY2hpbGRyZW4gfCBXaGVyZS1PYmplY3QgeyAkXy5zY2hlbWFDbGFzc05hbWUgLWVxICJ1c2VyIiAtYW5kICRfLk5hbWUgLWVxICR1c2VybmFtZSB9CiAgICAgICAgaWYgKCR1c2VyKSB7CiAgICAgICAgICAgICRhY2NvdW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsLk5UQWNjb3VudCgkZW52OkNPTVBVVEVSTkFNRSwgJHVzZXJuYW1lKQogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICRhY2NvdW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsLk5UQWNjb3VudCgkdXNlcm5hbWUpCiAgICAgICAgfQogICAgfQogICAgCiAgICB0cnkgewogICAgICAgICRhY2NvdW50X3NpZCA9ICRhY2NvdW50LlRyYW5zbGF0ZShbU3lzdGVtLlNlY3VyaXR5LlByaW5jaXBhbC5TZWN1cml0eUlkZW50aWZpZXJdKQogICAgfSBjYXRjaCB7CiAgICAgICAgRmFpbC1Kc29uIEB7fSAiYWNjb3VudF9uYW1lICRhY2NvdW50X25hbWUgaXMgbm90IGEgdmFsaWQgYWNjb3VudCwgY2Fubm90IGdldCBTSUQ6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgfQogICAgCiAgICByZXR1cm4gJGFjY291bnRfc2lkLlZhbHVlCn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2V ScriptBlock ID: 9547f8a2-399c-4d37-bb61-ca1a6a1fd042 Path:	4104	1		3	2	15	0	1744	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4720	4484	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:02 PM	7f70462d-725d-0001-8e54-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1743	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4720	4740	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:02 PM	7f70462d-725d-0002-4390-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4720 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1742	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4720	2460	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:02 PM	7f70462d-725d-0002-4390-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1741	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4720	4740	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:02 PM	7f70462d-725d-0002-4390-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 2f1d86a7-c358-4d50-8193-2f3d8c9c1480 Path:	4104	1		3	2	15	0	1740	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2956	2084	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:00 PM	7f70462d-725d-0000-085d-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 572dbd79-fb61-4382-927c-e920802349f9 Path:	4104	1		3	2	15	0	1739	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2956	2084	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:00 PM	7f70462d-725d-0000-f85c-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 5): : "LocalSystem", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "description": "OpenStack nova Compute Service", "_ansible_syslog_facility": "LOG_USER", "_ansible_keep_remote_files": false, "_ansible_socket": null, "path": "c:\\openstack\\bin\\OpenStackService.exe nova-compute c:\\python37\\scripts\\nova-compute.exe --config-file c:\\openstack\\etc\\nova.conf", "password": "", "_ansible_no_log": false, "name": "nova-compute", "start_mode": "auto", "_ansible_verbosity": 2, "_ansible_diff": false, "_ansible_remote_tmp": "%TEMP%", "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 987a0662-233f-4eca-a871-642c2966c74b Path:	4104	1		3	2	15	0	1738	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2956	2084	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:00 PM	7f70462d-725d-0000-f25c-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 5): vZXNuJ3Qgc3VwcG9ydCAtV2hhdElmLCBjYW5ub3QgZnVsbHkgdGVzdCB3aXRoIGNoZWNrX21vZGUKICAgICAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSkgewogICAgICAgICAgICAkcmV0dXJuID0gJHdtaV9zdmMgfCBJbnZva2UtQ2ltTWV0aG9kIC1NZXRob2ROYW1lIENoYW5nZSAtQXJndW1lbnRzICRjaGFuZ2VfYXJndW1lbnRzCiAgICAgICAgICAgIGlmICgkcmV0dXJuLlJldHVyblZhbHVlIC1uZSAwKSB7CiAgICAgICAgICAgICAgICAkZXJyb3JfbXNnID0gR2V0LVdtaUVycm9yTWVzc2FnZSAtcmV0dXJuX3ZhbHVlICRyZXN1bHQuUmV0dXJuVmFsdWUKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBzZXQgc2VydmljZSBhY2NvdW50IHRvICQoJHVzZXJuYW1lKTogJCgkcmV0dXJuLlJldHVyblZhbHVlKSAtICRlcnJvcl9tc2ciCiAgICAgICAgICAgIH0KICAgICAgICB9ICAgICAgICAKCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VEZXNrdG9wSW50ZXJhY3QoJHdtaV9zdmMsICRkZXNrdG9wX2ludGVyYWN0KSB7CiAgICBpZiAoJHJlc3VsdC5kZXNrdG9wX2ludGVyYWN0IC1uZSAkZGVza3RvcF9pbnRlcmFjdCkgewogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICRyZXR1cm4gPSAkd21pX3N2YyB8IEludm9rZS1DaW1NZXRob2QgLU1ldGhvZE5hbWUgQ2hhbmdlIC1Bcmd1bWVudHMgQHtEZXNrdG9wSW50ZXJhY3QgPSAkZGVza3RvcF9pbnRlcmFjdH0KICAgICAgICAgICAgaWYgKCRyZXR1cm4uUmV0dXJuVmFsdWUgLW5lIDApIHsKICAgICAgICAgICAgICAgICRlcnJvcl9tc2cgPSBHZXQtV21pRXJyb3JNZXNzYWdlIC1yZXR1cm5fdmFsdWUgJHJldHVybi5SZXR1cm5WYWx1ZQogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRmFpbGVkIHRvIHNldCBkZXNrdG9wIGludGVyYWN0ICQoJGRlc2t0b3BfaW50ZXJhY3QpOiAkKCRyZXR1cm4uUmV0dXJuVmFsdWUpIC0gJGVycm9yX21zZyIKICAgICAgICAgICAgfQogICAgICAgIH0KCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VEaXNwbGF5TmFtZSgkc3ZjLCAkZGlzcGxheV9uYW1lKSB7CiAgICBpZiAoJHJlc3VsdC5kaXNwbGF5X25hbWUgLW5lICRkaXNwbGF5X25hbWUpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICAkc3ZjIHwgU2V0LVNlcnZpY2UgLURpc3BsYXlOYW1lICRkaXNwbGF5X25hbWUgLVdoYXRJZjokY2hlY2tfbW9kZQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAkXy5FeGNlcHRpb24uTWVzc2FnZQogICAgICAgIH0KICAgICAgICAKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQp9CgpGdW5jdGlvbiBTZXQtU2VydmljZURlc2NyaXB0aW9uKCRzdmMsICRkZXNjcmlwdGlvbikgewogICAgaWYgKCRyZXN1bHQuZGVzY3JpcHRpb24gLW5lICRkZXNjcmlwdGlvbikgewogICAgICAgIHRyeSB7CiAgICAgICAgICAgICRzdmMgfCBTZXQtU2VydmljZSAtRGVzY3JpcHRpb24gJGRlc2NyaXB0aW9uIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICB9CiAgICAgICAgCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VQYXRoKCRuYW1lLCAkcGF0aCkgewogICAgaWYgKCRyZXN1bHQucGF0aCAtbmUgJHBhdGgpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICBTZXQtSXRlbVByb3BlcnR5IC1MaXRlcmFsUGF0aCAiSEtMTTpcU3lzdGVtXEN1cnJlbnRDb250cm9sU2V0XFNlcnZpY2VzXCRuYW1lIiAtTmFtZSBJbWFnZVBhdGggLVZhbHVlICRwYXRoIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICB9CiAgICAgICAgCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VEZXBlbmRlbmNpZXMoJHdtaV9zdmMsICRkZXBlbmRlbmN5X2FjdGlvbiwgJGRlcGVuZGVuY2llcykgewogICAgJGV4aXN0aW5nX2RlcGVuZGVuY2llcyA9ICRyZXN1bHQuZGVwZW5kZW5jaWVzCiAgICBbU3lzdGVtLkNvbGxlY3Rpb25zLkFycmF5TGlzdF0kbmV3X2RlcGVuZGVuY2llcyA9IEAoKQoKICAgIGlmICgkZGVwZW5kZW5jeV9hY3Rpb24gLWVxICdzZXQnKSB7CiAgICAgICAgZm9yZWFjaCAoJGRlcGVuZGVuY3kgaW4gJGRlcGVuZGVuY2llcykgewogICAgICAgICAgICAkbmV3X2RlcGVuZGVuY2llcy5BZGQoJGRlcGVuZGVuY3kpCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkbmV3X2RlcGVuZGVuY2llcyA9ICRleGlzdGluZ19kZXBlbmRlbmNpZXMKICAgICAgICBmb3JlYWNoICgkZGVwZW5kZW5jeSBpbiAkZGVwZW5kZW5jaWVzKSB7CiAgICAgICAgICAgIGlmICgkZGVwZW5kZW5jeV9hY3Rpb24gLWVxICdyZW1vdmUnKSB7CiAgICAgICAgICAgICAgICBpZiAoJG5ld19kZXBlbmRlbmNpZXMgLWNvbnRhaW5zICRkZXBlbmRlbmN5KSB7CiAgICAgICAgICAgICAgICAgICAgJG5ld19kZXBlbmRlbmNpZXMuUmVtb3ZlKCRkZXBlbmRlbmN5KQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9IGVsc2VpZiAoJGRlcGVuZGVuY3lfYWN0aW9uIC1lcSAnYWRkJykgewogICAgICAgICAgICAgICAgaWYgKCRuZXdfZGVwZW5kZW5jaWVzIC1ub3Rjb250YWlucyAkZGVwZW5kZW5jeSkgewogICAgICAgICAgICAgICAgICAgICRuZXdfZGVwZW5kZW5jaWVzLkFkZCgkZGVwZW5kZW5jeSkKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KCiAgICAkd2lsbF9jaGFuZ2UgPSAkZmFsc2UKICAgIGZvcmVhY2ggKCRkZXBlbmRlbmN5IGluICRuZXdfZGVwZW5kZW5jaWVzKSB7CiAgICAgICAgaWYgKCRleGlzdGluZ19kZXBlbmRlbmNpZXMgLW5vdGNvbnRhaW5zICRkZXBlbmRlbmN5KSB7CiAgICAgICAgICAgICR3aWxsX2NoYW5nZSA9ICR0cnVlCiAgICAgICAgfQogICAgfQogICAgZm9yZWFjaCAoJGRlcGVuZGVuY3kgaW4gJGV4aXN0aW5nX2RlcGVuZGVuY2llcykgewogICAgICAgIGlmICgkbmV3X2RlcGVuZGVuY2llcyAtbm90Y29udGFpbnMgJGRlcGVuZGVuY3kpIHsKICAgICAgICAgICAgJHdpbGxfY2hhbmdlID0gJHRydWUKICAgICAgICB9CiAgICB9CgogICAgaWYgKCR3aWxsX2NoYW5nZSAtZXEgJHRydWUpIHsKICAgICAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSkgewogICAgICAgICAgICAkcmV0dXJuID0gJHdtaV9zdmMgfCBJbnZva2UtQ2ltTWV0aG9kIC1NZXRob2ROYW1lIENoYW5nZSAtQXJndW1lbnRzIEB7U2VydmljZURlcGVuZGVuY2llcyA9ICRuZXdfZGVwZW5kZW5jaWVzfQogICAgICAgICAgICBpZiAoJHJldHVybi5SZXR1cm5WYWx1ZSAtbmUgMCkgewogICAgICAgICAgICAgICAgJGVycm9yX21zZyA9IEdldC1XbWlFcnJvck1lc3NhZ2UgLXJldHVybl92YWx1ZSAkcmV0dXJuLlJldHVyblZhbHVlCiAgICAgICAgICAgICAgICAkZGVwX3N0cmluZyA9ICRuZXdfZGVwZW5kZW5jaWVzIC1qb2luICIsICIKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBzZXQgc2VydmljZSBkZXBlbmRlbmNpZXMgJCgkZGVwX3N0cmluZyk6ICQoJHJldHVybi5SZXR1cm5WYWx1ZSkgLSAkZXJyb3JfbXNnIgogICAgICAgICAgICB9CiAgICAgICAgfQogICAgICAgIAogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIFNldC1TZXJ2aWNlU3RhdGUoJHN2YywgJHdtaV9zdmMsICRzdGF0ZSkgewogICAgaWYgKCRzdGF0ZSAtZXEgInN0YXJ0ZWQiIC1hbmQgJHJlc3VsdC5zdGF0ZSAtbmUgInJ1bm5pbmciKSB7CiAgICAgICAgaWYgKCRyZXN1bHQuc3RhdGUgLWVxICJwYXVzZWQiKSB7CiAgICAgICAgICAgIHRyeSB7CiAgICAgICAgICAgICAgICAkc3ZjIHwgUmVzdW1lLVNlcnZpY2UgLVdoYXRJZjokY2hlY2tfbW9kZQogICAgICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJmYWlsZWQgdG8gc3RhcnQgc2VydmljZSBmcm9tIHBhdXNlZCBzdGF0ZSAkKCRzdmMuTmFtZSk6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgdHJ5IHsKICAgICAgICAgICAgICAgICRzdmMgfCBTdGFydC1TZXJ2aWNlIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAkXy5FeGNlcHRpb24uTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfQogICAgICAgIAogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgaWYgKCRzdGF0ZSAtZXEgInN0b3BwZWQiIC1hbmQgJHJlc3VsdC5zdGF0ZSAtbmUgInN0b3BwZWQiKSB7CiAgICAgICAgdHJ5IHsKICAgICAgICAgICAgJHN2YyB8IFN0b3AtU2VydmljZSAtRm9yY2U6JGZvcmNlX2RlcGVuZGVudF9zZXJ2aWNlcyAtV2hhdElmOiRjaGVja19tb2RlCiAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICRfLkV4Y2VwdGlvbi5NZXNzYWdlCiAgICAgICAgfQogICAgICAgIAogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgaWYgKCRzdGF0ZSAtZXEgInJlc3RhcnRlZCIpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICAkc3ZjIHwgUmVzdGFydC1TZXJ2aWNlIC1Gb3JjZTokZm9yY2VfZGVwZW5kZW50X3NlcnZpY2VzIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICB9CiAgICAgICAgCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KCiAgICBpZiAoJHN0YXRlIC1lcSAicGF1c2VkIiAtYW5kICRyZXN1bHQuc3RhdGUgLW5lICJwYXVzZWQiKSB7CiAgICAgICAgIyBjaGVjayB0aGF0IHdlIGNhbiBhY3R1YWxseSBwYXVzZSB0aGUgc2VydmljZQogICAgICAgIGlmICgkcmVzdWx0LmNhbl9wYXVzZV9hbmRfY29udGludWUgLWVxICRmYWxzZSkgewogICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAiZmFpbGVkIHRvIHBhdXNlIHNlcnZpY2UgJCgkc3ZjLk5hbWUpOiBUaGUgc2VydmljZSBkb2VzIG5vdCBzdXBwb3J0IHBhdXNpbmciCiAgICAgICAgfQoKICAgICAgICB0cnkgewogICAgICAgICAgICAkc3ZjIHwgU3VzcGVuZC1TZXJ2aWNlIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgImZhaWxlZCB0byBwYXVzZSBzZXJ2aWNlICQoJHN2Yy5OYW1lKTogJCgkXy5FeGNlcHRpb24uTWVzc2FnZSkiCiAgICAgICAgfQogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgaWYgKCRzdGF0ZSAtZXEgImFic2VudCIpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICAkc3ZjIHwgU3RvcC1TZXJ2aWNlIC1Gb3JjZTokZm9yY2VfZGVwZW5kZW50X3NlcnZpY2VzIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICB9CiAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgJHJldHVybiA9ICR3bWlfc3ZjIHwgSW52b2tlLUNpbU1ldGhvZCAtTWV0aG9kTmFtZSBEZWxldGUKICAgICAgICAgICAgaWYgKCRyZXR1cm4uUmV0dXJuVmFsdWUgLW5lIDApIHsKICAgICAgICAgICAgICAgICRlcnJvcl9tc2cgPSBHZXQtV21pRXJyb3JNZXNzYWdlIC1yZXR1cm5fdmFsdWUgJHJldHVybi5SZXR1cm5WYWx1ZQogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRmFpbGVkIHRvIGRlbGV0ZSBzZXJ2aWNlICQoJHN2Yy5OYW1lKTogJCgkcmV0dXJuLlJldHVyblZhbHVlKSAtICRlcnJvcl9tc2ciCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VDb25maWd1cmF0aW9uKCRzdmMpIHsKICAgICR3bWlfc3ZjID0gR2V0LUNpbUluc3RhbmNlIC1DbGFzc05hbWUgV2luMzJfU2VydmljZSAtRmlsdGVyICJuYW1lPSckKCRzdmMuTmFtZSknIgogICAgR2V0LVNlcnZpY2VJbmZvIC1uYW1lICRzdmMuTmFtZQogICAgaWYgKCRkZXNrdG9wX2ludGVyYWN0IC1lcSAkdHJ1ZSAtYW5kICgtbm90ICgkcmVzdWx0LnVzZXJuYW1lIC1lcSAnTG9jYWxTeXN0ZW0nIC1vciAkdXNlcm5hbWUgLWVxICdMb2NhbFN5c3RlbScpKSkgewogICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJDYW4gb25seSBzZXQgZGVza3RvcF9pbnRlcmFjdCB0byB0cnVlIHdoZW4gc2VydmljZSBpcyBydW4gd2l0aC9vciAndXNlcm5hbWUnIGVxdWFscyAnTG9jYWxTeXN0ZW0nIgogICAgfQoKICAgIGlmICgkc3RhcnRfbW9kZSAtbmUgJG51bGwpIHsKICAgICAgICBTZXQtU2VydmljZVN0YXJ0TW9kZSAtc3ZjICRzdmMgLXN0YXJ0X21vZGUgJHN0YXJ0X21vZGUKICAgIH0KCiAgICBpZiAoJHVzZXJuYW1lIC1uZSAkbnVsbCkgewogICAgICAgIFNldC1TZXJ2aWNlQWNjb3VudCAtd21pX3N2YyAkd21pX3N2YyAtdXNlcm5hbWVfc2lkICR1c2VybmFtZV9zaWQgLXVzZXJuYW1lICR1c2VybmFtZSAtcGFzc3dvcmQgJHBhc3N3b3JkCiAgICB9CgogICAgaWYgKCRkaXNwbGF5X25hbWUgLW5lICRudWxsKSB7CiAgICAgICAgU2V0LVNlcnZpY2VEaXNwbGF5TmFtZSAtc3ZjICRzdmMgLWRpc3BsYXlfbmFtZSAkZGlzcGxheV9uYW1lCiAgICB9CgogICAgaWYgKCRkZXNrdG9wX2ludGVyYWN0IC1uZSAkbnVsbCkgewogICAgICAgIFNldC1TZXJ2aWNlRGVza3RvcEludGVyYWN0IC13bWlfc3ZjICR3bWlfc3ZjIC1kZXNrdG9wX2ludGVyYWN0ICRkZXNrdG9wX2ludGVyYWN0CiAgICB9CgogICAgaWYgKCRkZXNjcmlwdGlvbiAtbmUgJG51bGwpIHsKICAgICAgICBTZXQtU2VydmljZURlc2NyaXB0aW9uIC1zdmMgJHN2YyAtZGVzY3JpcHRpb24gJGRlc2NyaXB0aW9uCiAgICB9CgogICAgaWYgKCRwYXRoIC1uZSAkbnVsbCkgewogICAgICAgIFNldC1TZXJ2aWNlUGF0aCAtbmFtZSAkc3ZjLk5hbWUgLXBhdGggJHBhdGgKICAgIH0KCiAgICBpZiAoJGRlcGVuZGVuY2llcyAtbmUgJG51bGwpIHsKICAgICAgICBTZXQtU2VydmljZURlcGVuZGVuY2llcyAtd21pX3N2YyAkd21pX3N2YyAtZGVwZW5kZW5jeV9hY3Rpb24gJGRlcGVuZGVuY3lfYWN0aW9uIC1kZXBlbmRlbmNpZXMgJGRlcGVuZGVuY2llcwogICAgfQoKICAgIGlmICgkc3RhdGUgLW5lICRudWxsKSB7CiAgICAgICAgU2V0LVNlcnZpY2VTdGF0ZSAtc3ZjICRzdmMgLXdtaV9zdmMgJHdtaV9zdmMgLXN0YXRlICRzdGF0ZQogICAgfQp9CgojIG5lZWQgdG8gdXNlIFdoZXJlLU9iamVjdCBhcyAtTmFtZSBkb2Vzbid0IHdvcmsgd2l0aCBbXSBpbiB0aGUgc2VydmljZSBuYW1lCiMgaHR0cHM6Ly9naXRodWIuY29tL2Fuc2libGUvYW5zaWJsZS9pc3N1ZXMvMzc2MjEKJHN2YyA9IEdldC1TZXJ2aWNlIHwgV2hlcmUtT2JqZWN0IHsgJF8uTmFtZSAtZXEgJG5hbWUgLW9yICRfLkRpc3BsYXlOYW1lIC1lcSAkbmFtZSB9CmlmICgkc3ZjKSB7CiAgICBTZXQtU2VydmljZUNvbmZpZ3VyYXRpb24gLXN2YyAkc3ZjCn0gZWxzZSB7CiAgICAkcmVzdWx0LmV4aXN0cyA9ICRmYWxzZQogICAgaWYgKCRzdGF0ZSAtbmUgJ2Fic2VudCcpIHsKICAgICAgICAjIENoZWNrIGlmIHBhdGggaXMgZGVmaW5lZCwgaWYgc28gY3JlYXRlIHRoZSBzZXJ2aWNlCiAgICAgICAgaWYgKCRwYXRoIC1uZSAkbnVsbCkgewogICAgICAgICAgICB0cnkgewogICAgICAgICAgICAgICAgTmV3LVNlcnZpY2UgLU5hbWUgJG5hbWUgLUJpbmFyeVBhdGhuYW1lICRwYXRoIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAkXy5FeGNlcHRpb24uTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCgogICAgICAgICAgICAkc3ZjID0gR2V0LVNlcnZpY2UgfCBXaGVyZS1PYmplY3QgeyAkXy5OYW1lIC1lcSAkbmFtZSB9CiAgICAgICAgICAgIFNldC1TZXJ2aWNlQ29uZmlndXJhdGlvbiAtc3ZjICRzdmMKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAjIFdlIHdpbGwgb25seSByZWFjaCBoZXJlIGlmIHRoZSBzZXJ2aWNlIGlzIGluc3RhbGxlZCBhbmQgdGhlIHN0YXRlIGlzIG5vdCBhYnNlbnQKICAgICAgICAgICAgIyBXaWxsIGNoZWNrIGlmIGFueSBvZiB0aGUgZGVmYXVsdCBhY3Rpb25zIGFyZSBzZXQgYW5kIGZhaWwgYXMgd2UgY2Fubm90IGFjdGlvbiBpdAogICAgICAgICAgICBpZiAoJHN0YXJ0X21vZGUgLW5lICRudWxsIC1vcgogICAgICAgICAgICAgICAgJHN0YXRlIC1uZSAkbnVsbCAtb3IKICAgICAgICAgICAgICAgICR1c2VybmFtZSAtbmUgJG51bGwgLW9yCiAgICAgICAgICAgICAgICAkcGFzc3dvcmQgLW5lICRudWxsIC1vcgogICAgICAgICAgICAgICAgJGRpc3BsYXlfbmFtZSAtbmUgJG51bGwgLW9yCiAgICAgICAgICAgICAgICAkZGVzY3JpcHRpb24gLW5lICRudWxsIC1vcgogICAgICAgICAgICAgICAgJGRlc2t0b3BfaW50ZXJhY3QgLW5lICRmYWxzZSAtb3IKICAgICAgICAgICAgICAgICRkZXBlbmRlbmNpZXMgLW5lICRudWxsIC1vcgogICAgICAgICAgICAgICAgJGRlcGVuZGVuY3lfYWN0aW9uIC1uZSAnc2V0JykgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJTZXJ2aWNlICckbmFtZScgaXMgbm90IGluc3RhbGxlZCwgbmVlZCB0byBzZXQgJ3BhdGgnIHRvIGNyZWF0ZSBhIG5ldyBzZXJ2aWNlIgogICAgICAgICAgICB9CiAgICAgICAgfQogICAgfQp9CgojIEFmdGVyIG1ha2luZyBhIGNoYW5nZSwgbGV0J3MgZ2V0IHRoZSBzZXJ2aWNlIGluZm8gYWdhaW4gdW5sZXNzIHdlIGRlbGV0ZWQgaXQKaWYgKCRzdGF0ZSAtZXEgJ2Fic2VudCcpIHsKICAgICMgUmVjcmVhdGUgcmVzdWx0IHNvIGl0IGRvZXNuJ3QgaGF2ZSB0aGUgZXh0cmEgbWV0YSBkYXRhIG5vdyB0aGF0IGlzIGhhcyBiZWVuIGRlbGV0ZWQKICAgICRjaGFuZ2VkID0gJHJlc3VsdC5jaGFuZ2VkCiAgICAkcmVzdWx0ID0gQHsKICAgICAgICBjaGFuZ2VkID0gJGNoYW5nZWQKICAgICAgICBleGlzdHMgPSAkZmFsc2UKICAgIH0KfSBlbHNlaWYgKCRzdmMgLW5lICRudWxsKSB7CiAgICBHZXQtU2VydmljZUluZm8gLW5hbWUgJG5hbWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "_ansible_check_mode": false, "display_name": "nova-compute", "_ansible_module_name": "win_service", "state": "started", "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "username" ScriptBlock ID: 987a0662-233f-4eca-a871-642c2966c74b Path:	4104	1		3	2	15	0	1737	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2956	2084	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:00 PM	7f70462d-725d-0000-f25c-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 5): lCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTQsIENocmlzIEhvZmZtYW4gPGNob2ZmbWFuQGNoYXRoYW1maW5hbmNpYWwuY29tPgojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5TSUQKCiRFcnJvckFjdGlvblByZWZlcmVuY2UgPSAiU3RvcCIKCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCiRjaGVja19tb2RlID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgJ19hbnNpYmxlX2NoZWNrX21vZGUnIC10eXBlICdib29sJyAtZGVmYXVsdCAkZmFsc2UKCiRkZXBlbmRlbmNpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnZGVwZW5kZW5jaWVzJyAtdHlwZSAnbGlzdCcgLWRlZmF1bHQgJG51bGwKJGRlcGVuZGVuY3lfYWN0aW9uID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgJ2RlcGVuZGVuY3lfYWN0aW9uJyAtdHlwZSAnc3RyJyAtZGVmYXVsdCAnc2V0JyAtdmFsaWRhdGVzZXQgJ2FkZCcsJ3JlbW92ZScsJ3NldCcgCiRkZXNjcmlwdGlvbiA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICdkZXNjcmlwdGlvbicgLXR5cGUgJ3N0cicKJGRlc2t0b3BfaW50ZXJhY3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnZGVza3RvcF9pbnRlcmFjdCcgLXR5cGUgJ2Jvb2wnIC1kZWZhdWx0ICRmYWxzZQokZGlzcGxheV9uYW1lID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgJ2Rpc3BsYXlfbmFtZScgLXR5cGUgJ3N0cicKJGZvcmNlX2RlcGVuZGVudF9zZXJ2aWNlcyA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICdmb3JjZV9kZXBlbmRlbnRfc2VydmljZXMnIC10eXBlICdib29sJyAtZGVmYXVsdCAkZmFsc2UKJG5hbWUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnbmFtZScgLXR5cGUgJ3N0cicgLWZhaWxpZmVtcHR5ICR0cnVlCiRwYXNzd29yZCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICdwYXNzd29yZCcgLXR5cGUgJ3N0cicKJHBhdGggPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAncGF0aCcKJHN0YXJ0X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnc3RhcnRfbW9kZScgLXR5cGUgJ3N0cicgLXZhbGlkYXRlc2V0ICdhdXRvJywnbWFudWFsJywnZGlzYWJsZWQnLCdkZWxheWVkJwokc3RhdGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnc3RhdGUnIC10eXBlICdzdHInIC12YWxpZGF0ZXNldCAnc3RhcnRlZCcsJ3N0b3BwZWQnLCdyZXN0YXJ0ZWQnLCdhYnNlbnQnLCdwYXVzZWQnCiR1c2VybmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICd1c2VybmFtZScgLXR5cGUgJ3N0cicKCiRyZXN1bHQgPSBAewogICAgY2hhbmdlZCA9ICRmYWxzZQp9CgojIHBhcnNlIHRoZSB1c2VybmFtZSB0byBTSUQgYW5kIGJhY2sgc28gd2UgZ2V0IHRoZSBmdWxsIHVzZXJuYW1lIHdpdGggZG9tYWluIGluIGEgd2F5IFdNSSB1bmRlcnN0YW5kcwppZiAoJHVzZXJuYW1lIC1uZSAkbnVsbCkgewogICAgaWYgKCR1c2VybmFtZSAtZXEgIkxvY2FsU3lzdGVtIikgewogICAgICAgICR1c2VybmFtZV9zaWQgPSAiUy0xLTUtMTgiCiAgICB9IGVsc2UgewogICAgICAgICR1c2VybmFtZV9zaWQgPSBDb252ZXJ0LVRvU0lEIC1hY2NvdW50X25hbWUgJHVzZXJuYW1lCiAgICB9CgogICAgIyB0aGUgU1lTVEVNIGFjY291bnQgaXMgYSBzcGVjaWFsIGJlYXN0LCBXaW4zMl9TZXJ2aWNlIENoYW5nZSByZXF1aXJlcyBTdGFydE5hbWUgdG8gYmUgTG9jYWxTeXN0ZW0KICAgICMgdG8gc3BlY2lmeSBMb2NhbFN5c3RlbS9OVCBBVVRIT1JJVFlcU1lTVEVNCiAgICBpZiAoJHVzZXJuYW1lX3NpZCAtZXEgIlMtMS01LTE4IikgewogICAgICAgICR1c2VybmFtZSA9ICJMb2NhbFN5c3RlbSIKICAgICAgICAkcGFzc3dvcmQgPSAkbnVsbAogICAgfSBlbHNlIHsKICAgICAgICAjIFdpbjMyX1NlcnZpY2UsIHBhc3N3b3JkIG11c3QgYmUgIiIgYW5kIG5vdCAkbnVsbCB3aGVuIHNldHRpbmcgdG8gTG9jYWxTZXJ2aWNlIG9yIE5ldHdvcmtTZXJ2aWNlCiAgICAgICAgaWYgKCR1c2VybmFtZV9zaWQgLWluIEAoIlMtMS01LTE5IiwgIlMtMS01LTIwIikpIHsKICAgICAgICAgICAgJHBhc3N3b3JkID0gIiIKICAgICAgICB9CiAgICAgICAgJHVzZXJuYW1lID0gQ29udmVydC1Gcm9tU0lEIC1zaWQgJHVzZXJuYW1lX3NpZAogICAgfQp9CmlmICgkcGFzc3dvcmQgLW5lICRudWxsIC1hbmQgJHVzZXJuYW1lIC1lcSAkbnVsbCkgewogICAgRmFpbC1Kc29uICRyZXN1bHQgIlRoZSBhcmd1bWVudCAndXNlcm5hbWUnIG11c3QgYmUgc3VwcGxpZWQgd2l0aCAncGFzc3dvcmQnIgp9CmlmICgkZGVza3RvcF9pbnRlcmFjdCAtZXEgJHRydWUgLWFuZCAoLW5vdCAoJHVzZXJuYW1lIC1lcSAiTG9jYWxTeXN0ZW0iIC1vciAkdXNlcm5hbWUgLWVxICRudWxsKSkpIHsKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJDYW4gb25seSBzZXQgJ2Rlc2t0b3BfaW50ZXJhY3QnIHRvIHRydWUgd2hlbiAndXNlcm5hbWUnIGVxdWFscyAnTG9jYWxTeXN0ZW0nIgp9CmlmICgkcGF0aCAtbmUgJG51bGwpIHsKICAgICRwYXRoID0gW1N5c3RlbS5FbnZpcm9ubWVudF06OkV4cGFuZEVudmlyb25tZW50VmFyaWFibGVzKCRwYXRoKQp9CgpGdW5jdGlvbiBHZXQtU2VydmljZUluZm8oJG5hbWUpIHsKICAgICMgTmVlZCB0byBnZXQgbmV3IG9iamVjdHMgc28gd2UgaGF2ZSB0aGUgbGF0ZXN0IGluZm8KICAgICRzdmMgPSBHZXQtU2VydmljZSB8IFdoZXJlLU9iamVjdCB7ICRfLk5hbWUgLWVxICRuYW1lIC1vciAkXy5EaXNwbGF5TmFtZSAtZXEgJG5hbWUgfQogICAgJHdtaV9zdmMgPSBHZXQtQ2ltSW5zdGFuY2UgLUNsYXNzTmFtZSBXaW4zMl9TZXJ2aWNlIC1GaWx0ZXIgIm5hbWU9JyQoJHN2Yy5OYW1lKSciCgogICAgIyBEZWxheWVkIHN0YXJ0X21vZGUgaXMgaW4gcmVhbGl0eSBBdXRvbWF0aWMgKERlbGF5ZWQpLCBuZWVkIHRvIGNoZWNrIHJlZyBrZXkgZm9yIHR5cGUKICAgICRkZWxheWVkID0gR2V0LURlbGF5ZWRTdGF0dXMgLW5hbWUgJHN2Yy5OYW1lCiAgICAkYWN0dWFsX3N0YXJ0X21vZGUgPSAkd21pX3N2Yy5TdGFydE1vZGUuVG9TdHJpbmcoKS5Ub0xvd2VyKCkgCiAgICBpZiAoJGRlbGF5ZWQgLWFuZCAkYWN0dWFsX3N0YXJ0X21vZGUgLWVxICdhdXRvJykgewogICAgICAgICRhY3R1YWxfc3RhcnRfbW9kZSA9ICdkZWxheWVkJwogICAgfQoKICAgICRleGlzdGluZ19kZXBlbmRlbmNpZXMgPSBAKCkKICAgICRleGlzdGluZ19kZXBlbmRlZF9ieSA9IEAoKQogICAgaWYgKCRzdmMuU2VydmljZXNEZXBlbmRlZE9uLkNvdW50IC1ndCAwKSB7CiAgICAgICAgZm9yZWFjaCAoJGRlcGVuZGVuY3kgaW4gJHN2Yy5TZXJ2aWNlc0RlcGVuZGVkT24uTmFtZSkgewogICAgICAgICAgICAkZXhpc3RpbmdfZGVwZW5kZW5jaWVzICs9ICRkZXBlbmRlbmN5CiAgICAgICAgfQogICAgfQogICAgaWYgKCRzdmMuRGVwZW5kZW50U2VydmljZXMuQ291bnQgLWd0IDApIHsKICAgICAgICBmb3JlYWNoICgkZGVwZW5kZW5jeSBpbiAkc3ZjLkRlcGVuZGVudFNlcnZpY2VzLk5hbWUpIHsKICAgICAgICAgICAgJGV4aXN0aW5nX2RlcGVuZGVkX2J5ICs9ICRkZXBlbmRlbmN5CiAgICAgICAgfQogICAgfQogICAgJGRlc2NyaXB0aW9uID0gJHdtaV9zdmMuRGVzY3JpcHRpb24KICAgIGlmICgkZGVzY3JpcHRpb24gLWVxICRudWxsKSB7CiAgICAgICAgJGRlc2NyaXB0aW9uID0gIiIKICAgIH0KCiAgICAkcmVzdWx0LmV4aXN0cyA9ICR0cnVlCiAgICAkcmVzdWx0Lm5hbWUgPSAkc3ZjLk5hbWUKICAgICRyZXN1bHQuZGlzcGxheV9uYW1lID0gJHN2Yy5EaXNwbGF5TmFtZQogICAgJHJlc3VsdC5zdGF0ZSA9ICRzdmMuU3RhdHVzLlRvU3RyaW5nKCkuVG9Mb3dlcigpCiAgICAkcmVzdWx0LnN0YXJ0X21vZGUgPSAkYWN0dWFsX3N0YXJ0X21vZGUKICAgICRyZXN1bHQucGF0aCA9ICR3bWlfc3ZjLlBhdGhOYW1lCiAgICAkcmVzdWx0LmRlc2NyaXB0aW9uID0gJGRlc2NyaXB0aW9uCiAgICAkcmVzdWx0LnVzZXJuYW1lID0gJHdtaV9zdmMuU3RhcnROYW1lCiAgICAkcmVzdWx0LmRlc2t0b3BfaW50ZXJhY3QgPSAkd21pX3N2Yy5EZXNrdG9wSW50ZXJhY3QKICAgICRyZXN1bHQuZGVwZW5kZW5jaWVzID0gJGV4aXN0aW5nX2RlcGVuZGVuY2llcwogICAgJHJlc3VsdC5kZXBlbmRlZF9ieSA9ICRleGlzdGluZ19kZXBlbmRlZF9ieQogICAgJHJlc3VsdC5jYW5fcGF1c2VfYW5kX2NvbnRpbnVlID0gJHN2Yy5DYW5QYXVzZUFuZENvbnRpbnVlCn0KCkZ1bmN0aW9uIEdldC1XbWlFcnJvck1lc3NhZ2UoJHJldHVybl92YWx1ZSkgewogICAgIyBUaGVzZSB2YWx1ZXMgYXJlIGRlcml2ZWQgZnJvbSBodHRwczovL21zZG4ubWljcm9zb2Z0LmNvbS9lbi11cy9saWJyYXJ5L2FhMzg0OTAxKHY9dnMuODUpLmFzcHgKICAgIHN3aXRjaCAoJHJldHVybl92YWx1ZSkgewogICAgICAgIDEgeyAiTm90IFN1cHBvcnRlZDogVGhlIHJlcXVlc3QgaXMgbm90IHN1cHBvcnRlZCIgfQogICAgICAgIDIgeyAiQWNjZXNzIERlbmllZDogVGhlIHVzZXIgZGlkIG5vdCBoYXZlIHRoZSBuZWNlc3NhcnkgYWNjZXNzIiB9CiAgICAgICAgMyB7ICJEZXBlbmRlbnQgU2VydmljZXMgUnVubmluZzogVGhlIHNlcnZpY2UgY2Fubm90IGJlIHN0b3BwZWQgYmVjYXVzZSBvdGhlciBzZXJ2aWNlcyB0aGF0IGFyZSBydW5uaW5nIGFyZSBkZXBlbmRlbnQgb24gaXQiIH0KICAgICAgICA0IHsgIkludmFsaWQgU2VydmljZSBDb250cm9sOiBUaGUgcmVxdWVzdGVkIGNvbnRyb2wgY29kZSBpcyBub3QgdmFsaWQsIG9yIGl0IGlzIHVuYWNjZXB0YWJsZSB0byB0aGUgc2VydmljZSIgfQogICAgICAgIDUgeyAiU2VydmljZSBDYW5ub3QgQWNjZXB0IENvbnRyb2w6IFRoZSByZXF1ZXN0ZWQgY29udHJvbCBjb2RlIGNhbm5vdCBiZSBzZW50IHRvIHRoZSBzZXJ2aWNlIGJlY2F1c2UgdGhlIHN0YXRlIG9mIHRoZSBzZXJ2aWNlIChXaW4zMl9CYXNlU2VydmljZS5TdGF0ZSBwcm9wZXJ0eSkgaXMgZXF1YWwgdG8gMCwgMSwgb3IgMiIgfQogICAgICAgIDYgeyAiU2VydmljZSBOb3QgQWN0aXZlOiBUaGUgc2VydmljZSBoYXMgbm90IGJlZW4gc3RhcnRlZCIgfQogICAgICAgIDcgeyAiU2VydmljZSBSZXF1ZXN0IFRpbWVvdXQ6IFRoZSBzZXJ2aWNlIGRpZCBub3QgcmVzcG9uZCB0byB0aGUgc3RhcnQgcmVxdWVzdCBpbiBhIHRpbWVseSBmYXNoaW9uIiB9CiAgICAgICAgOCB7ICJVbmtub3duIEZhaWx1cmU6IFVua25vd24gZmFpbHVyZSB3aGVuIHN0YXJ0aW5nIHRoZSBzZXJ2aWNlIiB9CiAgICAgICAgOSB7ICJQYXRoIE5vdCBGb3VuZDogVGhlIGRpcmVjdG9yeSBwYXRoIHRvIHRoZSBzZXJ2aWNlIGV4ZWN1dGFibGUgZmlsZSB3YXMgbm90IGZvdW5kIiB9CiAgICAgICAgMTAgeyAiU2VydmljZSBBbHJlYWR5IFJ1bm5pbmc6IFRoZSBzZXJ2aWNlIGlzIGFscmVhZHkgcnVubmluZyIgfQogICAgICAgIDExIHsgIlNlcnZpY2UgRGF0YWJhc2UgTG9ja2VkOiBUaGUgZGF0YWJhc2UgdG8gYWRkIGEgbmV3IHNlcnZpY2UgaXMgbG9ja2VkIiB9CiAgICAgICAgMTIgeyAiU2VydmljZSBEZXBlbmRlbmN5IERlbGV0ZWQ6IEEgZGVwZW5kZW5jeSB0aGlzIHNlcnZpY2UgcmVsaWVzIG9uIGhhcyBiZWVuIHJlbW92ZWQgZnJvbSB0aGUgc3lzdGVtIiB9CiAgICAgICAgMTMgeyAiU2VydmljZSBEZXBlbmRlbmN5IEZhaWx1cmU6IFRoZSBzZXJ2aWNlIGZhaWxlZCB0byBmaW5kIHRoZSBzZXJ2aWNlIG5lZWRlZCBmcm9tIGEgZGVwZW5kZW50IHNlcnZpY2UiIH0KICAgICAgICAxNCB7ICJTZXJ2aWNlIERpc2FibGVkOiBUaGUgc2VydmljZSBoYXMgYmVlbiBkaXNhYmxlZCBmcm9tIHRoZSBzeXN0ZW0iIH0KICAgICAgICAxNSB7ICJTZXJ2aWNlIExvZ29uIEZhaWxlZDogVGhlIHNlcnZpY2UgZG9lcyBub3QgaGF2ZSB0aGUgY29ycmVjdCBhdXRoZW50aWNhdGlvbiB0byBydW4gb24gdGhlIHN5c3RlbSIgfQogICAgICAgIDE2IHsgIlNlcnZpY2UgTWFya2VkIEZvciBEZWxldGlvbjogVGhpcyBzZXJ2aWNlIGlzIGJlaW5nIHJlbW92ZWQgZnJvbSB0aGUgc3lzdGVtIiB9CiAgICAgICAgMTcgeyAiU2VydmljZSBObyBUaHJlYWQ6IFRoZSBzZXJ2aWNlIGhhcyBubyBleGVjdXRpb24gdGhyZWFkIiB9CiAgICAgICAgMTggeyAiU3RhdHVzIENpcmN1bGFyIERlcGVuZGVuY3k6IFRoZSBzZXJ2aWNlIGhhcyBjaXJjdWxhciBkZXBlbmRlbmNpZXMgd2hlbiBpdCBzdGFydHMiIH0KICAgICAgICAxOSB7ICJTdGF0dXMgRHVwbGljYXRlIE5hbWU6IEEgc2VydmljZSBpcyBydW5uaW5nIHVuZGVyIHRoZSBzYW1lIG5hbWUiIH0KICAgICAgICAyMCB7ICJTdGF0dXMgSW52YWxpZCBOYW1lOiBUaGUgc2VydmljZSBuYW1lIGhhcyBpbnZhbGlkIGNoYXJhY3RlcnMiIH0KICAgICAgICAyMSB7ICJTdGF0dXMgSW52YWxpZCBQYXJhbWV0ZXI6IEludmFsaWQgcGFyYW1ldGVycyBoYXZlIGJlZW4gcGFzc2VkIHRvIHRoZSBzZXJ2aWNlIiB9CiAgICAgICAgMjIgeyAiU3RhdHVzIEludmFsaWQgU2VydmljZSBBY2NvdW50OiBUaGUgYWNjb3VudCB1bmRlciB3aGljaCB0aGlzIHNlcnZpY2UgcnVucyBpcyBlaXRoZXIgaW52YWxpZCBvciBsYWNrcyB0aGUgcGVybWlzc2lvbnMgdG8gcnVuIHRoZSBzZXJ2aWNlIiB9CiAgICAgICAgMjMgeyAiU3RhdHVzIFNlcnZpY2UgRXhpc3RzOiBUaGUgc2VydmljZSBleGlzdHMgaW4gdGhlIGRhdGFiYXNlIG9mIHNlcnZpY2VzIGF2YWlsYWJsZSBmcm9tIHRoZSBzeXN0ZW0iIH0KICAgICAgICAyNCB7ICJTZXJ2aWNlIEFscmVhZHkgUGF1c2VkOiBUaGUgc2VydmljZSBpcyBjdXJyZW50bHkgcGF1c2VkIGluIHRoZSBzeXN0ZW0iIH0KICAgICAgICBkZWZhdWx0IHsgIk90aGVyIEVycm9yIiB9CiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1EZWxheWVkU3RhdHVzKCRuYW1lKSB7CiAgICAkZGVsYXllZF9rZXkgPSAiSEtMTTpcU3lzdGVtXEN1cnJlbnRDb250cm9sU2V0XFNlcnZpY2VzXCRuYW1lIgogICAgdHJ5IHsKICAgICAgICAkZGVsYXllZCA9IENvbnZlcnRUby1Cb29sICgoR2V0LUl0ZW1Qcm9wZXJ0eSAtTGl0ZXJhbFBhdGggJGRlbGF5ZWRfa2V5KS5EZWxheWVkQXV0b3N0YXJ0KQogICAgfSBjYXRjaCB7CiAgICAgICAgJGRlbGF5ZWQgPSAkZmFsc2UKICAgIH0KCiAgICAkZGVsYXllZAp9CgpGdW5jdGlvbiBTZXQtU2VydmljZVN0YXJ0TW9kZSgkc3ZjLCAkc3RhcnRfbW9kZSkgewogICAgaWYgKCRyZXN1bHQuc3RhcnRfbW9kZSAtbmUgJHN0YXJ0X21vZGUpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICAkZGVsYXllZF9rZXkgPSAiSEtMTTpcU3lzdGVtXEN1cnJlbnRDb250cm9sU2V0XFNlcnZpY2VzXCQoJHN2Yy5OYW1lKSIKICAgICAgICAgICAgIyBPcmlnaW5hbCBzdGFydCB1cCB0eXBlIHdhcyBhdXRvIChkZWxheWVkKSBhbmQgd2Ugd2FudCBhdXRvLCBuZWVkIHRvIHJlbW92ZWQgZGVsYXllZCBrZXkKICAgICAgICAgICAgaWYgKCRzdGFydF9tb2RlIC1lcSAnYXV0bycgLWFuZCAkcmVzdWx0LnN0YXJ0X21vZGUgLWVxICdkZWxheWVkJykgewogICAgICAgICAgICAgICAgU2V0LUl0ZW1Qcm9wZXJ0eSAtTGl0ZXJhbFBhdGggJGRlbGF5ZWRfa2V5IC1OYW1lICJEZWxheWVkQXV0b3N0YXJ0IiAtVmFsdWUgMCAtV2hhdElmOiRjaGVja19tb2RlCiAgICAgICAgICAgICMgT3JpZ2luYWwgc3RhcnQgdXAgdHlwZSB3YXMgYXV0byBhbmQgd2Ugd2FudCBhdXRvIChkZWxheWVkKSwgbmVlZCB0byBhZGQgZGVsYXllZCBrZXkKICAgICAgICAgICAgfSBlbHNlaWYgKCRzdGFydF9tb2RlIC1lcSAnZGVsYXllZCcgLWFuZCAkcmVzdWx0LnN0YXJ0X21vZGUgLWVxICdhdXRvJykgewogICAgICAgICAgICAgICAgU2V0LUl0ZW1Qcm9wZXJ0eSAtTGl0ZXJhbFBhdGggJGRlbGF5ZWRfa2V5IC1OYW1lICJEZWxheWVkQXV0b3N0YXJ0IiAtVmFsdWUgMSAtV2hhdElmOiRjaGVja19tb2RlCiAgICAgICAgICAgICMgT3JpZ2luYWwgc3RhcnQgdXAgdHlwZSB3YXMgbm90IGF1dG8gb3IgYXV0byAoZGVsYXllZCksIG5lZWQgdG8gY2hhbmdlIHRvIGF1dG8gYW5kIGFkZCBkZWxheWVkIGtleQogICAgICAgICAgICB9IGVsc2VpZiAoJHN0YXJ0X21vZGUgLWVxICdkZWxheWVkJykgewogICAgICAgICAgICAgICAgJHN2YyB8IFNldC1TZXJ2aWNlIC1TdGFydHVwVHlwZSAiYXV0byIgLVdoYXRJZjokY2hlY2tfbW9kZQogICAgICAgICAgICAgICAgU2V0LUl0ZW1Qcm9wZXJ0eSAtTGl0ZXJhbFBhdGggJGRlbGF5ZWRfa2V5IC1OYW1lICJEZWxheWVkQXV0b3N0YXJ0IiAtVmFsdWUgMSAtV2hhdElmOiRjaGVja19tb2RlCiAgICAgICAgICAgICMgT3JpZ2luYWwgc3RhcnQgdXAgdHlwZSB3YXMgbm90IHdoYXQgd2Ugd2VyZSBsb29raW5nIGZvciwganVzdCBjaGFuZ2UgdG8gdGhhdCB0eXBlCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICAkc3ZjIHwgU2V0LVNlcnZpY2UgLVN0YXJ0dXBUeXBlICRzdGFydF9tb2RlIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAgICAgfQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAkXy5FeGNlcHRpb24uTWVzc2FnZQogICAgICAgIH0KICAgICAgICAKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQp9CgpGdW5jdGlvbiBTZXQtU2VydmljZUFjY291bnQoJHdtaV9zdmMsICR1c2VybmFtZV9zaWQsICR1c2VybmFtZSwgJHBhc3N3b3JkKSB7CiAgICBpZiAoJHJlc3VsdC51c2VybmFtZSAtZXEgIkxvY2FsU3lzdGVtIikgewogICAgICAgICRhY3R1YWxfc2lkID0gIlMtMS01LTE4IgogICAgfSBlbHNlIHsKICAgICAgICAkYWN0dWFsX3NpZCA9IENvbnZlcnQtVG9TSUQgLWFjY291bnRfbmFtZSAkcmVzdWx0LnVzZXJuYW1lCiAgICB9CgogICAgaWYgKCRhY3R1YWxfc2lkIC1uZSAkdXNlcm5hbWVfc2lkKSB7CiAgICAgICAgJGNoYW5nZV9hcmd1bWVudHMgPSBAewogICAgICAgICAgICBTdGFydE5hbWUgPSAkdXNlcm5hbWUKICAgICAgICAgICAgU3RhcnRQYXNzd29yZCA9ICRwYXNzd29yZAogICAgICAgICAgICBEZXNrdG9wSW50ZXJhY3QgPSAkcmVzdWx0LmRlc2t0b3BfaW50ZXJhY3QKICAgICAgICB9CiAgICAgICAgIyBuZWVkIHRvIGRpc2FibGUgZGVza3RvcCBpbnRlcmFjdCB3aGVuIG5vdCB1c2luZyB0aGUgU1lTVEVNIGFjY291bnQKICAgICAgICBpZiAoJHVzZXJuYW1lX3NpZCAtbmUgIlMtMS01LTE4IikgewogICAgICAgICAgICAkY2hhbmdlX2FyZ3VtZW50cy5EZXNrdG9wSW50ZXJhY3QgPSAkZmFsc2UKICAgICAgICB9CgogICAgICAgICNXTUkuQ2hhbmdlIGR ScriptBlock ID: 987a0662-233f-4eca-a871-642c2966c74b Path:	4104	1		3	2	15	0	1736	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2956	2084	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:00 PM	7f70462d-725d-0000-f25c-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 5): 0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnV ScriptBlock ID: 987a0662-233f-4eca-a871-642c2966c74b Path:	4104	1		3	2	15	0	1735	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2956	2084	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:00 PM	7f70462d-725d-0000-f25c-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 5): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.SID": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCkZ1bmN0aW9uIENvbnZlcnQtRnJvbVNJRCgkc2lkKSB7CiAgICAjIENvbnZlcnRzIGEgU0lEIHRvIGEgRG93bi1MZXZlbCBMb2dvbiBuYW1lIGluIHRoZSBmb3JtIG9mIERPTUFJTlxVc2VyTmFtZQogICAgIyBJZiB0aGUgU0lEIGlzIGZvciBhIGxvY2FsIHVzZXIgb3IgZ3JvdXAgdGhlbiBET01BSU4gd291bGQgYmUgdGhlIHNlcnZlcgogICAgIyBuYW1lLgoKICAgICRhY2NvdW50X29iamVjdCA9IE5ldy1PYmplY3QgU3lzdGVtLlNlY3VyaXR5LlByaW5jaXBhbC5TZWN1cml0eUlkZW50aWZpZXIoJHNpZCkKICAgIHRyeSB7CiAgICAgICAgJG50X2FjY291bnQgPSAkYWNjb3VudF9vYmplY3QuVHJhbnNsYXRlKFtTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsLk5UQWNjb3VudF0pCiAgICB9IGNhdGNoIHsKICAgICAgICBGYWlsLUpzb24gLW9iaiBAe30gLW1lc3NhZ2UgImZhaWxlZCB0byBjb252ZXJ0IHNpZCAnJHNpZCcgdG8gYSBsb2dvbiBuYW1lOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgIH0KCiAgICByZXR1cm4gJG50X2FjY291bnQuVmFsdWUKfQoKRnVuY3Rpb24gQ29udmVydC1Ub1NJRCB7CiAgICBbRGlhZ25vc3RpY3MuQ29kZUFuYWx5c2lzLlN1cHByZXNzTWVzc2FnZUF0dHJpYnV0ZSgiUFNBdm9pZFVzaW5nRW1wdHlDYXRjaEJsb2NrIiwgIiIsIEp1c3RpZmljYXRpb249IldlIGRvbid0IGNhcmUgaWYgY29udmVydGluZyB0byBhIFNJRCBmYWlscywganVzdCB0aGF0IGl0IGZhaWxlZCBvciBub3QiKV0KICAgIHBhcmFtKCRhY2NvdW50X25hbWUpCiAgICAjIENvbnZlcnRzIGFuIGFjY291bnQgbmFtZSB0byBhIFNJRCwgaXQgY2FuIHRha2UgaW4gdGhlIGZvbGxvd2luZyBmb3JtcwogICAgIyBTSUQ6IFdpbGwganVzdCByZXR1cm4gdGhlIFNJRCB2YWx1ZSB0aGF0IHdhcyBwYXNzZWQgaW4KICAgICMgVVBOOgogICAgIyAgIHByaW5jaXBhbEBkb21haW4gKERvbWFpbiB1c2VycyBvbmx5KQogICAgIyBEb3duLUxldmVsIExvZ2luIE5hbWUKICAgICMgICBET01BSU5ccHJpbmNpcGFsIChEb21haW4pCiAgICAjICAgU0VSVkVSTkFNRVxwcmluY2lwYWwgKExvY2FsKQogICAgIyAgIC5ccHJpbmNpcGFsIChMb2NhbCkKICAgICMgICBOVCBBVVRIT1JJVFlcU1lTVEVNIChMb2NhbCBTZXJ2aWNlIEFjY291bnRzKQogICAgIyBMb2dpbiBOYW1lCiAgICAjICAgcHJpbmNpcGFsIChMb2NhbC9Mb2NhbCBTZXJ2aWNlIEFjY291bnRzKQoKICAgIHRyeSB7CiAgICAgICAgJHNpZCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5QcmluY2lwYWwuU2VjdXJpdHlJZGVudGlmaWVyIC1Bcmd1bWVudExpc3QgJGFjY291bnRfbmFtZQogICAgICAgIHJldHVybiAkc2lkLlZhbHVlCiAgICB9IGNhdGNoIHt9CgogICAgaWYgKCRhY2NvdW50X25hbWUgLWxpa2UgIipcKiIpIHsKICAgICAgICAkYWNjb3VudF9uYW1lX3NwbGl0ID0gJGFjY291bnRfbmFtZSAtc3BsaXQgIlxcIgogICAgICAgIGlmICgkYWNjb3VudF9uYW1lX3NwbGl0WzBdIC1lcSAiLiIpIHsKICAgICAgICAgICAgJGRvbWFpbiA9ICRlbnY6Q09NUFVURVJOQU1FCiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJGRvbWFpbiA9ICRhY2NvdW50X25hbWVfc3BsaXRbMF0KICAgICAgICB9CiAgICAgICAgJHVzZXJuYW1lID0gJGFjY291bnRfbmFtZV9zcGxpdFsxXQogICAgfSBlbHNlaWYgKCRhY2NvdW50X25hbWUgLWxpa2UgIipAKiIpIHsKICAgICAgICAkYWNjb3VudF9uYW1lX3NwbGl0ID0gJGFjY291bnRfbmFtZSAtc3BsaXQgIkAiCiAgICAgICAgJGRvbWFpbiA9ICRhY2NvdW50X25hbWVfc3BsaXRbMV0KICAgICAgICAkdXNlcm5hbWUgPSAkYWNjb3VudF9uYW1lX3NwbGl0WzBdCiAgICB9IGVsc2UgewogICAgICAgICRkb21haW4gPSAkbnVsbAogICAgICAgICR1c2VybmFtZSA9ICRhY2NvdW50X25hbWUKICAgIH0KCiAgICBpZiAoJGRvbWFpbikgewogICAgICAgICMgc2VhcmNoaW5nIGZvciBhIGxvY2FsIGdyb3VwIHdpdGggdGhlIHNlcnZlcm5hbWUgcHJlZml4ZWQgd2lsbCBmYWlsLAogICAgICAgICMgbmVlZCB0byBjaGVjayBmb3IgdGhpcyBzaXR1YXRpb24gYW5kIG9ubHkgdXNlIE5UQWNjb3VudChTdHJpbmcpCiAgICAgICAgaWYgKCRkb21haW4gLWVxICRlbnY6Q09NUFVURVJOQU1FKSB7CiAgICAgICAgICAgICRhZHNpID0gW0FEU0ldKCJXaW5OVDovLyRlbnY6Q09NUFVURVJOQU1FLGNvbXB1dGVyIikKICAgICAgICAgICAgJGdyb3VwID0gJGFkc2kucHNiYXNlLmNoaWxkcmVuIHwgV2hlcmUtT2JqZWN0IHsgJF8uc2NoZW1hQ2xhc3NOYW1lIC1lcSAiZ3JvdXAiIC1hbmQgJF8uTmFtZSAtZXEgJHVzZXJuYW1lIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZ3JvdXAgPSAkbnVsbAogICAgICAgIH0KICAgICAgICBpZiAoJGdyb3VwKSB7CiAgICAgICAgICAgICRhY2NvdW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsLk5UQWNjb3VudCgkdXNlcm5hbWUpCiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJGFjY291bnQgPSBOZXctT2JqZWN0IFN5c3RlbS5TZWN1cml0eS5QcmluY2lwYWwuTlRBY2NvdW50KCRkb21haW4sICR1c2VybmFtZSkKICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICMgd2hlbiBpbiBhIGRvbWFpbiBOVEFjY291bnQoU3RyaW5nKSB3aWxsIGZhdm91ciBkb21haW4gbG9va3VwcyBjaGVjawogICAgICAgICMgaWYgdXNlcm5hbWUgaXMgYSBsb2NhbCB1c2VyIGFuZCBleHBsaWN0bHkgc2VhcmNoIG9uIHRoZSBsb2NhbGhvc3QgZm9yCiAgICAgICAgIyB0aGF0IGFjY291bnQKICAgICAgICAkYWRzaSA9IFtBRFNJXSgiV2luTlQ6Ly8kZW52OkNPTVBVVEVSTkFNRSxjb21wdXRlciIpCiAgICAgICAgJHVzZXIgPSAkYWRzaS5wc2Jhc2UuY2hpbGRyZW4gfCBXaGVyZS1PYmplY3QgeyAkXy5zY2hlbWFDbGFzc05hbWUgLWVxICJ1c2VyIiAtYW5kICRfLk5hbWUgLWVxICR1c2VybmFtZSB9CiAgICAgICAgaWYgKCR1c2VyKSB7CiAgICAgICAgICAgICRhY2NvdW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsLk5UQWNjb3VudCgkZW52OkNPTVBVVEVSTkFNRSwgJHVzZXJuYW1lKQogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICRhY2NvdW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsLk5UQWNjb3VudCgkdXNlcm5hbWUpCiAgICAgICAgfQogICAgfQogICAgCiAgICB0cnkgewogICAgICAgICRhY2NvdW50X3NpZCA9ICRhY2NvdW50LlRyYW5zbGF0ZShbU3lzdGVtLlNlY3VyaXR5LlByaW5jaXBhbC5TZWN1cml0eUlkZW50aWZpZXJdKQogICAgfSBjYXRjaCB7CiAgICAgICAgRmFpbC1Kc29uIEB7fSAiYWNjb3VudF9uYW1lICRhY2NvdW50X25hbWUgaXMgbm90IGEgdmFsaWQgYWNjb3VudCwgY2Fubm90IGdldCBTSUQ6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgfQogICAgCiAgICByZXR1cm4gJGFjY291bnRfc2lkLlZhbHVlCn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID ScriptBlock ID: 987a0662-233f-4eca-a871-642c2966c74b Path:	4104	1		3	2	15	0	1734	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2956	2084	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:00 PM	7f70462d-725d-0000-f25c-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1733	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2956	4144	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:00 PM	7f70462d-725d-0001-4c54-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2956 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1732	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2956	4312	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:00 PM	7f70462d-725d-0001-4c54-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1731	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2956	4144	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:31:00 PM	7f70462d-725d-0001-4c54-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.DirectoryServices.AccountManagement" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 31a30d97-9614-4f90-951f-7f48a7aa9e85 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 32caac27-bb73-43b8-9326-4fa1583d649a Pipeline ID = 5 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 35 User = HV-CINDER-79963\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1730	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5112	2312	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:30:50 PM	7f70462d-725d-0005-d858-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $_.$guid_key -eq $adapter.SettingID } ScriptBlock ID: 5fcda15d-aa85-4c8e-a73b-e613c0303b02 Path:	4104	1		3	2	15	0	1729	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5112	2312	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:30:50 PM	7f70462d-725d-0004-906a-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Error Message = The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: The term 'facter' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. Fully Qualified Error ID = CommandNotFoundException,Microsoft.PowerShell.Commands.GetCommandCommand Context: Severity = Warning Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 31a30d97-9614-4f90-951f-7f48a7aa9e85 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 32caac27-bb73-43b8-9326-4fa1583d649a Pipeline ID = 5 Command Name = Get-Command Command Type = Cmdlet Script Name = Command Path = Sequence Number = 33 User = HV-CINDER-79963\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4100	1		3	106	19	0	1728	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5112	2312	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:30:50 PM	7f70462d-725d-0001-3854-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	To be used when an exception is raised	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2018, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy Function Get-CustomFacts { [cmdletBinding()] param ( [Parameter(mandatory=$false)] $factpath = $null ) if (-not (Test-Path -Path $factpath)) { Fail-Json $result "The path $factpath does not exist. Typo?" } $FactsFiles = Get-ChildItem -Path $factpath | Where-Object -FilterScript {($PSItem.PSIsContainer -eq $false) -and ($PSItem.Extension -eq '.ps1')} foreach ($FactsFile in $FactsFiles) { $out = & $($FactsFile.FullName) $result.ansible_facts.Add("ansible_$(($FactsFile.Name).Split('.')[0])", $out) } } Function Get-MachineSid { # The Machine SID is stored in HKLM:\SECURITY\SAM\Domains\Account and is # only accessible by the Local System account. This method get's the local # admin account (ends with -500) and lops it off to get the machine sid. $admins_sid = "S-1-5-32-544" $admin_group = ([Security.Principal.SecurityIdentifier]$admins_sid).Translate([Security.Principal.NTAccount]).Value Add-Type -AssemblyName System.DirectoryServices.AccountManagement $principal_context = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext([System.DirectoryServices.AccountManagement.ContextType]::Machine) $group_principal = New-Object -TypeName System.DirectoryServices.AccountManagement.GroupPrincipal($principal_context, $admin_group) $searcher = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalSearcher($group_principal) $groups = $searcher.FindOne() $machine_sid = $null foreach ($user in $groups.Members) { $user_sid = $user.Sid if ($user_sid.Value.EndsWith("-500")) { $machine_sid = $user_sid.AccountDomainSid.Value break } } return $machine_sid } $cim_instances = @{} Function Get-LazyCimInstance([string]$instance_name, [string]$namespace="Root\CIMV2") { if(-not $cim_instances.ContainsKey($instance_name)) { $cim_instances[$instance_name] = $(Get-CimInstance -Namespace $namespace -ClassName $instance_name) } return $cim_instances[$instance_name] } $result = @{ ansible_facts = @{ } changed = $false } $grouped_subsets = @{ min=[System.Collections.Generic.List[string]]@('date_time','distribution','dns','env','local','platform','powershell_version','user') network=[System.Collections.Generic.List[string]]@('all_ipv4_addresses','all_ipv6_addresses','interfaces','windows_domain', 'winrm') hardware=[System.Collections.Generic.List[string]]@('bios','memory','processor','uptime') external=[System.Collections.Generic.List[string]]@('facter') } # build "all" set from everything mentioned in the group- this means every value must be in at least one subset to be considered legal $all_set = [System.Collections.Generic.HashSet[string]]@() foreach($kv in $grouped_subsets.GetEnumerator()) { [void] $all_set.UnionWith($kv.Value) } # dynamically create an "all" subset now that we know what should be in it $grouped_subsets['all'] = [System.Collections.Generic.List[string]]$all_set # start with all, build up gather and exclude subsets $gather_subset = [System.Collections.Generic.HashSet[string]]$grouped_subsets.all $explicit_subset = [System.Collections.Generic.HashSet[string]]@() $exclude_subset = [System.Collections.Generic.HashSet[string]]@() $params = Parse-Args $args -supports_check_mode $true $factpath = Get-AnsibleParam -obj $params -name "fact_path" -type "path" $gather_subset_source = Get-AnsibleParam -obj $params -name "gather_subset" -type "list" -default "all" foreach($item in $gather_subset_source) { if(([string]$item).StartsWith("!")) { $item = ([string]$item).Substring(1) if($item -eq "all") { $all_minus_min = [System.Collections.Generic.HashSet[string]]@($all_set) [void] $all_minus_min.ExceptWith($grouped_subsets.min) [void] $exclude_subset.UnionWith($all_minus_min) } elseif($grouped_subsets.ContainsKey($item)) { [void] $exclude_subset.UnionWith($grouped_subsets[$item]) } elseif($all_set.Contains($item)) { [void] $exclude_subset.Add($item) } # NB: invalid exclude values are ignored, since that's what posix setup does } else { if($grouped_subsets.ContainsKey($item)) { [void] $explicit_subset.UnionWith($grouped_subsets[$item]) } elseif($all_set.Contains($item)) { [void] $explicit_subset.Add($item) } else { # NB: POSIX setup fails on invalid value; we warn, because we don't implement the same set as POSIX # and we don't have platform-specific config for this... Add-Warning $result "invalid value $item specified in gather_subset" } } } [void] $gather_subset.ExceptWith($exclude_subset) [void] $gather_subset.UnionWith($explicit_subset) $ansible_facts = @{ gather_subset=@($gather_subset_source) module_setup=$true } $osversion = [Environment]::OSVersion if($gather_subset.Contains('all_ipv4_addresses') -or $gather_subset.Contains('all_ipv6_addresses')) { $netcfg = Get-LazyCimInstance Win32_NetworkAdapterConfiguration # TODO: split v4/v6 properly, return in separate keys $ips = @() Foreach ($ip in $netcfg.IPAddress) { If ($ip) { $ips += $ip } } $ansible_facts += @{ ansible_ip_addresses = $ips } } if($gather_subset.Contains('bios')) { $win32_bios = Get-LazyCimInstance Win32_Bios $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $ansible_facts += @{ ansible_bios_date = $win32_bios.ReleaseDate.ToString("MM/dd/yyyy") ansible_bios_version = $win32_bios.SMBIOSBIOSVersion ansible_product_name = $win32_cs.Model.Trim() ansible_product_serial = $win32_bios.SerialNumber # ansible_product_version = ([string] $win32_cs.SystemFamily) } } if($gather_subset.Contains('date_time')) { $datetime = (Get-Date) $datetime_utc = $datetime.ToUniversalTime() $date = @{ date = $datetime.ToString("yyyy-MM-dd") day = $datetime.ToString("dd") epoch = (Get-Date -UFormat "%s") hour = $datetime.ToString("HH") iso8601 = $datetime_utc.ToString("yyyy-MM-ddTHH:mm:ssZ") iso8601_basic = $datetime.ToString("yyyyMMddTHHmmssffffff") iso8601_basic_short = $datetime.ToString("yyyyMMddTHHmmss") iso8601_micro = $datetime_utc.ToString("yyyy-MM-ddTHH:mm:ss.ffffffZ") minute = $datetime.ToString("mm") month = $datetime.ToString("MM") second = $datetime.ToString("ss") time = $datetime.ToString("HH:mm:ss") tz = ([System.TimeZoneInfo]::Local.Id) tz_offset = $datetime.ToString("zzzz") # Ensure that the weekday is in English weekday = $datetime.ToString("dddd", [System.Globalization.CultureInfo]::InvariantCulture) weekday_number = (Get-Date -UFormat "%w") weeknumber = (Get-Date -UFormat "%W") year = $datetime.ToString("yyyy") } $ansible_facts += @{ ansible_date_time = $date } } if($gather_subset.Contains('distribution')) { $win32_os = Get-LazyCimInstance Win32_OperatingSystem $product_type = switch($win32_os.ProductType) { 1 { "workstation" } 2 { "domain_controller" } 3 { "server" } default { "unknown" } } $ansible_facts += @{ ansible_distribution = $win32_os.Caption ansible_distribution_version = $osversion.Version.ToString() ansible_distribution_major_version = $osversion.Version.Major.ToString() ansible_os_family = "Windows" ansible_os_name = ($win32_os.Name.Split('|')[0]).Trim() ansible_os_product_type = $product_type } } if($gather_subset.Contains('env')) { $env_vars = @{ } foreach ($item in Get-ChildItem Env:) { $name = $item | select -ExpandProperty Name # Powershell ConvertTo-Json fails if string ends with \ $value = ($item | select -ExpandProperty Value).TrimEnd("\") $env_vars.Add($name, $value) } $ansible_facts += @{ ansible_env = $env_vars } } if($gather_subset.Contains('facter')) { # See if Facter is on the System Path Try { $facter_exe = Get-Command facter -ErrorAction Stop $facter_installed = $true } Catch { $facter_installed = $false } # Get JSON from Facter, and parse it out. if ($facter_installed) { &facter -j | Tee-Object -Variable facter_output | Out-Null $facts = "$facter_output" | ConvertFrom-Json ForEach($fact in $facts.PSObject.Properties) { $fact_name = $fact.Name $ansible_facts.Add("facter_$fact_name", $fact.Value) } } } if($gather_subset.Contains('interfaces')) { $netcfg = Get-LazyCimInstance Win32_NetworkAdapterConfiguration $ActiveNetcfg = @() $ActiveNetcfg += $netcfg | where {$_.ipaddress -ne $null} $namespaces = Get-LazyCimInstance __Namespace -namespace root if ($namespaces | Where-Object { $_.Name -eq "StandardCimv" }) { $net_adapters = Get-LazyCimInstance MSFT_NetAdapter -namespace Root\StandardCimv2 $guid_key = "InterfaceGUID" $name_key = "Name" } else { $net_adapters = Get-LazyCimInstance Win32_NetworkAdapter $guid_key = "GUID" $name_key = "NetConnectionID" } $formattednetcfg = @() foreach ($adapter in $ActiveNetcfg) { $thisadapter = @{ default_gateway = $null connection_name = $null dns_domain = $adapter.dnsdomain interface_index = $adapter.InterfaceIndex interface_name = $adapter.description macaddress = $adapter.macaddress } if ($adapter.defaultIPGateway) { $thisadapter.default_gateway = $adapter.DefaultIPGateway[0].ToString() } $net_adapter = $net_adapters | Where-Object { $_.$guid_key -eq $adapter.SettingID } if ($net_adapter) { $thisadapter.connection_name = $net_adapter.$name_key } $formattednetcfg += $thisadapter } $ansible_facts += @{ ansible_interfaces = $formattednetcfg } } if ($gather_subset.Contains("local") -and $factpath -ne $null) { # Get any custom facts; results are updated in the Get-CustomFacts -factpath $factpath } if($gather_subset.Contains('memory')) { $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $win32_os = Get-LazyCimInstance Win32_OperatingSystem $ansible_facts += @{ # Win32_PhysicalMemory is empty on some virtual platforms ansible_memtotal_mb = ([math]::round($win32_cs.TotalPhysicalMemory / 1024 / 1024)) ansible_swaptotal_mb = ([math]::round($win32_os.TotalSwapSpaceSize / 1024 / 1024)) } } if($gather_subset.Contains('platform')) { $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $win32_os = Get-LazyCimInstance Win32_OperatingSystem $ip_props = [System.Net.NetworkInformation.IPGlobalProperties]::GetIPGlobalProperties() $ansible_facts += @{ ansible_architecture = $win32_os.OSArchitecture ansible_domain = $ip_props.DomainName ansible_fqdn = ($ip_props.Hostname + "." + $ip_props.DomainName) ansible_hostname = $env:COMPUTERNAME ansible_kernel = $osversion.Version.ToString() ansible_nodename = ($ip_props.HostName + "." + $ip_props.DomainName) ansible_machine_id = Get-MachineSid ansible_owner_contact = ([string] $win32_cs.PrimaryOwnerContact) ansible_owner_name = ([string] $win32_cs.PrimaryOwnerName) # FUTURE: should this live in its own subset? ansible_reboot_pending = (Get-PendingRebootStatus) ansible_system = $osversion.Platform.ToString() ansible_system_description = ([string] $win32_os.Description) ansible_system_vendor = $win32_cs.Manufacturer } } if($gather_subset.Contains('powershell_version')) { $ansible_facts += @{ ansible_powershell_version = ($PSVersionTable.PSVersion.Major) } } if($gather_subset.Contains('processor')) { $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $win32_cpu = Get-LazyCimInstance Win32_Processor if ($win32_cpu -is [array]) { # multi-socket, pick first $win32_cpu = $win32_cpu[0] } $cpu_list = @( ) for ($i=1; $i -le ($win32_cpu.NumberOfLogicalProcessors / $win32_cs.NumberOfProcessors); $i++) { $cpu_list += $win32_cpu.Manufacturer $cpu_list += $win32_cpu.Name } $ansible_facts += @{ ansible_processor = $cpu_list ansible_processor_cores = $win32_cpu.NumberOfCores ansible_processor_count = $win32_cs.NumberOfProcessors ansible_processor_threads_per_core = ($win32_cpu.NumberOfLogicalProcessors / $win32_cs.NumberOfProcessors / $win32_cpu.NumberOfCores) ansible_processor_vcpus = ($win32_cpu.NumberOfLogicalProcessors / $win32_cs.NumberOfProcessors) } } if($gather_subset.Contains('uptime')) { $win32_os = Get-LazyCimInstance Win32_OperatingSystem $ansible_facts += @{ ansible_lastboot = $win32_os.lastbootuptime.ToString("u") ansible_uptime_seconds = $([System.Convert]::ToInt64($(Get-Date).Subtract($win32_os.lastbootuptime).TotalSeconds)) } } if($gather_subset.Contains('user')) { $user = [Security.Principal.WindowsIdentity]::GetCurrent() $ansible_facts += @{ ansible_user_dir = $env:userprofile # Win32_UserAccount.FullName is probably the right thing here, but it can be expensive to get on large domains ansible_user_gecos = "" ansible_user_id = $env:username ansible_user_sid = $user.User.Value } } if($gather_subset.Contains('windows_domain')) { $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $domain_roles = @{ 0 = "Stand-alone workstation" 1 = "Member workstation" 2 = "Stand-alone server" 3 = "Member server" 4 = "Backup domain controller" 5 = "Primary domain controller" } $domain_role = $domain_roles.Get_Item([Int32]$win32_cs.DomainRole) $ansible_facts += @{ ansible_windows_domain = $win32_cs.Domain ansible_windows_domain_member = $win32_cs.PartOfDomain ansible_windows_domain_role = $domain_role } } if($gather_subset.Contains('winrm')) { $winrm_https_listener_parent_paths = Get-ChildItem -Path WSMan:\localhost\Listener -Recurse | Where-Object {$_.PSChildName -eq "Transport" -and $_.Value -eq "HTTPS"} | select PSParentPath if ($winrm_https_listener_parent_paths -isnot [array]) { $winrm_https_listener_parent_paths = @($winrm_https_listener_parent_paths) } $winrm_https_listener_paths = @() foreach ($winrm_https_listener_parent_path in $winrm_https_listener_parent_paths) { $winrm_https_listener_paths += $winrm_https_listener_parent_path.PSParentPath.Substring($winrm_https_listener_parent_path.PSParentPath.LastIndexOf("\")) } $https_listeners = @() foreach ($winrm_https_listener_path in $winrm_https_listener_paths) { $https_listeners += Get-ChildItem -Path "WSMan:\localhost\Listener$winrm_https_listener_path" } $winrm_cert_thumbprints = @() foreach ($https_listener in $https_listeners) { $winrm_cert_thumbprints += $https_listener | where {$_.Name -EQ "CertificateThumbprint" } | select Value } $winrm_cert_expiry = @() foreach ($winrm_cert_thumbprint in $winrm_cert_thumbprints) { Try { $winrm_cert_expiry += Get-ChildItem -Path Cert:\LocalMachine\My | where Thumbprint -EQ $winrm_cert_thumbprint.Value.ToString().ToUpper() | select NotAfter } Catch {} } $winrm_cert_expirations = $winrm_cert_expiry | Sort-Object NotAfter if ($winrm_cert_expirations) { # this fact was renamed from ansible_winrm_certificate_expires due to collision with ansible_winrm_X connection var pattern $ansible_facts.Add("ansible_win_rm_certificate_expires", $winrm_cert_expirations[0].NotAfter.ToString("yyyy-MM-dd HH:mm:ss")) } } $result.ansible_facts += $ansible_facts Exit-Json $result ScriptBlock ID: 23d45203-74cc-4c9c-80e9-2c93dd5d9e96 Path:	4104	1		3	2	15	0	1727	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5112	2312	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:30:49 PM	7f70462d-725d-0001-d553-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: f8969dc9-46f3-4c90-be33-d7033f883555 Path:	4104	1		3	2	15	0	1726	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5112	1088	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:30:49 PM	7f70462d-725d-0001-c753-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: eb8ae999-57e3-46eb-8a2d-c86b92829897 Path:	4104	1		3	2	15	0	1725	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5112	1088	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:30:49 PM	7f70462d-725d-0000-e45c-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): uQ29udGFpbnMoImxvY2FsIikgLWFuZCAkZmFjdHBhdGggLW5lICRudWxsKSB7CiAgICAjIEdldCBhbnkgY3VzdG9tIGZhY3RzOyByZXN1bHRzIGFyZSB1cGRhdGVkIGluIHRoZQogICAgR2V0LUN1c3RvbUZhY3RzIC1mYWN0cGF0aCAkZmFjdHBhdGgKfQoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ21lbW9yeScpKSB7CiAgICAkd2luMzJfY3MgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX0NvbXB1dGVyU3lzdGVtCiAgICAkd2luMzJfb3MgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX09wZXJhdGluZ1N5c3RlbQogICAgJGFuc2libGVfZmFjdHMgKz0gQHsKICAgICAgICAjIFdpbjMyX1BoeXNpY2FsTWVtb3J5IGlzIGVtcHR5IG9uIHNvbWUgdmlydHVhbCBwbGF0Zm9ybXMKICAgICAgICBhbnNpYmxlX21lbXRvdGFsX21iID0gKFttYXRoXTo6cm91bmQoJHdpbjMyX2NzLlRvdGFsUGh5c2ljYWxNZW1vcnkgLyAxMDI0IC8gMTAyNCkpCiAgICAgICAgYW5zaWJsZV9zd2FwdG90YWxfbWIgPSAoW21hdGhdOjpyb3VuZCgkd2luMzJfb3MuVG90YWxTd2FwU3BhY2VTaXplIC8gMTAyNCAvIDEwMjQpKQogICAgfQp9CgoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ3BsYXRmb3JtJykpIHsKICAgICR3aW4zMl9jcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfQ29tcHV0ZXJTeXN0ZW0KICAgICR3aW4zMl9vcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfT3BlcmF0aW5nU3lzdGVtCiAgICAkaXBfcHJvcHMgPSBbU3lzdGVtLk5ldC5OZXR3b3JrSW5mb3JtYXRpb24uSVBHbG9iYWxQcm9wZXJ0aWVzXTo6R2V0SVBHbG9iYWxQcm9wZXJ0aWVzKCkKCiAgICAkYW5zaWJsZV9mYWN0cyArPSBAewogICAgICAgIGFuc2libGVfYXJjaGl0ZWN0dXJlID0gJHdpbjMyX29zLk9TQXJjaGl0ZWN0dXJlCiAgICAgICAgYW5zaWJsZV9kb21haW4gPSAkaXBfcHJvcHMuRG9tYWluTmFtZQogICAgICAgIGFuc2libGVfZnFkbiA9ICgkaXBfcHJvcHMuSG9zdG5hbWUgKyAiLiIgKyAkaXBfcHJvcHMuRG9tYWluTmFtZSkKICAgICAgICBhbnNpYmxlX2hvc3RuYW1lID0gJGVudjpDT01QVVRFUk5BTUUKICAgICAgICBhbnNpYmxlX2tlcm5lbCA9ICRvc3ZlcnNpb24uVmVyc2lvbi5Ub1N0cmluZygpCiAgICAgICAgYW5zaWJsZV9ub2RlbmFtZSA9ICgkaXBfcHJvcHMuSG9zdE5hbWUgKyAiLiIgKyAkaXBfcHJvcHMuRG9tYWluTmFtZSkKICAgICAgICBhbnNpYmxlX21hY2hpbmVfaWQgPSBHZXQtTWFjaGluZVNpZAogICAgICAgIGFuc2libGVfb3duZXJfY29udGFjdCA9IChbc3RyaW5nXSAkd2luMzJfY3MuUHJpbWFyeU93bmVyQ29udGFjdCkKICAgICAgICBhbnNpYmxlX293bmVyX25hbWUgPSAoW3N0cmluZ10gJHdpbjMyX2NzLlByaW1hcnlPd25lck5hbWUpCiAgICAgICAgIyBGVVRVUkU6IHNob3VsZCB0aGlzIGxpdmUgaW4gaXRzIG93biBzdWJzZXQ/CiAgICAgICAgYW5zaWJsZV9yZWJvb3RfcGVuZGluZyA9IChHZXQtUGVuZGluZ1JlYm9vdFN0YXR1cykKICAgICAgICBhbnNpYmxlX3N5c3RlbSA9ICRvc3ZlcnNpb24uUGxhdGZvcm0uVG9TdHJpbmcoKQogICAgICAgIGFuc2libGVfc3lzdGVtX2Rlc2NyaXB0aW9uID0gKFtzdHJpbmddICR3aW4zMl9vcy5EZXNjcmlwdGlvbikKICAgICAgICBhbnNpYmxlX3N5c3RlbV92ZW5kb3IgPSAkd2luMzJfY3MuTWFudWZhY3R1cmVyCiAgICB9Cn0KCmlmKCRnYXRoZXJfc3Vic2V0LkNvbnRhaW5zKCdwb3dlcnNoZWxsX3ZlcnNpb24nKSkgewogICAgJGFuc2libGVfZmFjdHMgKz0gQHsKICAgICAgICBhbnNpYmxlX3Bvd2Vyc2hlbGxfdmVyc2lvbiA9ICgkUFNWZXJzaW9uVGFibGUuUFNWZXJzaW9uLk1ham9yKQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygncHJvY2Vzc29yJykpIHsKICAgICR3aW4zMl9jcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfQ29tcHV0ZXJTeXN0ZW0KICAgICR3aW4zMl9jcHUgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX1Byb2Nlc3NvcgogICAgaWYgKCR3aW4zMl9jcHUgLWlzIFthcnJheV0pIHsKICAgICAgICAjIG11bHRpLXNvY2tldCwgcGljayBmaXJzdAogICAgICAgICR3aW4zMl9jcHUgPSAkd2luMzJfY3B1WzBdCiAgICB9CgogICAgJGNwdV9saXN0ID0gQCggKQogICAgZm9yICgkaT0xOyAkaSAtbGUgKCR3aW4zMl9jcHUuTnVtYmVyT2ZMb2dpY2FsUHJvY2Vzc29ycyAvICR3aW4zMl9jcy5OdW1iZXJPZlByb2Nlc3NvcnMpOyAkaSsrKSB7CiAgICAgICAgJGNwdV9saXN0ICs9ICR3aW4zMl9jcHUuTWFudWZhY3R1cmVyCiAgICAgICAgJGNwdV9saXN0ICs9ICR3aW4zMl9jcHUuTmFtZQogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9wcm9jZXNzb3IgPSAkY3B1X2xpc3QKICAgICAgICBhbnNpYmxlX3Byb2Nlc3Nvcl9jb3JlcyA9ICR3aW4zMl9jcHUuTnVtYmVyT2ZDb3JlcwogICAgICAgIGFuc2libGVfcHJvY2Vzc29yX2NvdW50ID0gJHdpbjMyX2NzLk51bWJlck9mUHJvY2Vzc29ycwogICAgICAgIGFuc2libGVfcHJvY2Vzc29yX3RocmVhZHNfcGVyX2NvcmUgPSAoJHdpbjMyX2NwdS5OdW1iZXJPZkxvZ2ljYWxQcm9jZXNzb3JzIC8gJHdpbjMyX2NzLk51bWJlck9mUHJvY2Vzc29ycyAvICR3aW4zMl9jcHUuTnVtYmVyT2ZDb3JlcykKICAgICAgICBhbnNpYmxlX3Byb2Nlc3Nvcl92Y3B1cyA9ICgkd2luMzJfY3B1Lk51bWJlck9mTG9naWNhbFByb2Nlc3NvcnMgLyAkd2luMzJfY3MuTnVtYmVyT2ZQcm9jZXNzb3JzKQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygndXB0aW1lJykpIHsKICAgICR3aW4zMl9vcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfT3BlcmF0aW5nU3lzdGVtCiAgICAkYW5zaWJsZV9mYWN0cyArPSBAewogICAgICAgIGFuc2libGVfbGFzdGJvb3QgPSAkd2luMzJfb3MubGFzdGJvb3R1cHRpbWUuVG9TdHJpbmcoInUiKQogICAgICAgIGFuc2libGVfdXB0aW1lX3NlY29uZHMgPSAkKFtTeXN0ZW0uQ29udmVydF06OlRvSW50NjQoJChHZXQtRGF0ZSkuU3VidHJhY3QoJHdpbjMyX29zLmxhc3Rib290dXB0aW1lKS5Ub3RhbFNlY29uZHMpKQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygndXNlcicpKSB7CiAgICAkdXNlciA9IFtTZWN1cml0eS5QcmluY2lwYWwuV2luZG93c0lkZW50aXR5XTo6R2V0Q3VycmVudCgpCiAgICAkYW5zaWJsZV9mYWN0cyArPSBAewogICAgICAgIGFuc2libGVfdXNlcl9kaXIgPSAkZW52OnVzZXJwcm9maWxlCiAgICAgICAgIyBXaW4zMl9Vc2VyQWNjb3VudC5GdWxsTmFtZSBpcyBwcm9iYWJseSB0aGUgcmlnaHQgdGhpbmcgaGVyZSwgYnV0IGl0IGNhbiBiZSBleHBlbnNpdmUgdG8gZ2V0IG9uIGxhcmdlIGRvbWFpbnMKICAgICAgICBhbnNpYmxlX3VzZXJfZ2Vjb3MgPSAiIgogICAgICAgIGFuc2libGVfdXNlcl9pZCA9ICRlbnY6dXNlcm5hbWUKICAgICAgICBhbnNpYmxlX3VzZXJfc2lkID0gJHVzZXIuVXNlci5WYWx1ZQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygnd2luZG93c19kb21haW4nKSkgewogICAgJHdpbjMyX2NzID0gR2V0LUxhenlDaW1JbnN0YW5jZSBXaW4zMl9Db21wdXRlclN5c3RlbQogICAgJGRvbWFpbl9yb2xlcyA9IEB7CiAgICAgICAgMCA9ICJTdGFuZC1hbG9uZSB3b3Jrc3RhdGlvbiIKICAgICAgICAxID0gIk1lbWJlciB3b3Jrc3RhdGlvbiIKICAgICAgICAyID0gIlN0YW5kLWFsb25lIHNlcnZlciIKICAgICAgICAzID0gIk1lbWJlciBzZXJ2ZXIiCiAgICAgICAgNCA9ICJCYWNrdXAgZG9tYWluIGNvbnRyb2xsZXIiCiAgICAgICAgNSA9ICJQcmltYXJ5IGRvbWFpbiBjb250cm9sbGVyIgogICAgfQoKICAgICRkb21haW5fcm9sZSA9ICRkb21haW5fcm9sZXMuR2V0X0l0ZW0oW0ludDMyXSR3aW4zMl9jcy5Eb21haW5Sb2xlKQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV93aW5kb3dzX2RvbWFpbiA9ICR3aW4zMl9jcy5Eb21haW4KICAgICAgICBhbnNpYmxlX3dpbmRvd3NfZG9tYWluX21lbWJlciA9ICR3aW4zMl9jcy5QYXJ0T2ZEb21haW4KICAgICAgICBhbnNpYmxlX3dpbmRvd3NfZG9tYWluX3JvbGUgPSAkZG9tYWluX3JvbGUKICAgIH0KfQoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ3dpbnJtJykpIHsKCiAgICAkd2lucm1faHR0cHNfbGlzdGVuZXJfcGFyZW50X3BhdGhzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCBXU01hbjpcbG9jYWxob3N0XExpc3RlbmVyIC1SZWN1cnNlIHwgV2hlcmUtT2JqZWN0IHskXy5QU0NoaWxkTmFtZSAtZXEgIlRyYW5zcG9ydCIgLWFuZCAkXy5WYWx1ZSAtZXEgIkhUVFBTIn0gfCBzZWxlY3QgUFNQYXJlbnRQYXRoCiAgICBpZiAoJHdpbnJtX2h0dHBzX2xpc3RlbmVyX3BhcmVudF9wYXRocyAtaXNub3QgW2FycmF5XSkgewogICAgICAgJHdpbnJtX2h0dHBzX2xpc3RlbmVyX3BhcmVudF9wYXRocyA9IEAoJHdpbnJtX2h0dHBzX2xpc3RlbmVyX3BhcmVudF9wYXRocykKICAgIH0KCiAgICAkd2lucm1faHR0cHNfbGlzdGVuZXJfcGF0aHMgPSBAKCkKICAgIGZvcmVhY2ggKCR3aW5ybV9odHRwc19saXN0ZW5lcl9wYXJlbnRfcGF0aCBpbiAkd2lucm1faHR0cHNfbGlzdGVuZXJfcGFyZW50X3BhdGhzKSB7CiAgICAgICAgJHdpbnJtX2h0dHBzX2xpc3RlbmVyX3BhdGhzICs9ICR3aW5ybV9odHRwc19saXN0ZW5lcl9wYXJlbnRfcGF0aC5QU1BhcmVudFBhdGguU3Vic3RyaW5nKCR3aW5ybV9odHRwc19saXN0ZW5lcl9wYXJlbnRfcGF0aC5QU1BhcmVudFBhdGguTGFzdEluZGV4T2YoIlwiKSkKICAgIH0KCiAgICAkaHR0cHNfbGlzdGVuZXJzID0gQCgpCiAgICBmb3JlYWNoICgkd2lucm1faHR0cHNfbGlzdGVuZXJfcGF0aCBpbiAkd2lucm1faHR0cHNfbGlzdGVuZXJfcGF0aHMpIHsKICAgICAgICAkaHR0cHNfbGlzdGVuZXJzICs9IEdldC1DaGlsZEl0ZW0gLVBhdGggIldTTWFuOlxsb2NhbGhvc3RcTGlzdGVuZXIkd2lucm1faHR0cHNfbGlzdGVuZXJfcGF0aCIKICAgIH0KCiAgICAkd2lucm1fY2VydF90aHVtYnByaW50cyA9IEAoKQogICAgZm9yZWFjaCAoJGh0dHBzX2xpc3RlbmVyIGluICRodHRwc19saXN0ZW5lcnMpIHsKICAgICAgICAkd2lucm1fY2VydF90aHVtYnByaW50cyArPSAkaHR0cHNfbGlzdGVuZXIgfCB3aGVyZSB7JF8uTmFtZSAtRVEgIkNlcnRpZmljYXRlVGh1bWJwcmludCIgfSB8IHNlbGVjdCBWYWx1ZQogICAgfQoKICAgICR3aW5ybV9jZXJ0X2V4cGlyeSA9IEAoKQogICAgZm9yZWFjaCAoJHdpbnJtX2NlcnRfdGh1bWJwcmludCBpbiAkd2lucm1fY2VydF90aHVtYnByaW50cykgewogICAgICAgIFRyeSB7CiAgICAgICAgICAgICR3aW5ybV9jZXJ0X2V4cGlyeSArPSBHZXQtQ2hpbGRJdGVtIC1QYXRoIENlcnQ6XExvY2FsTWFjaGluZVxNeSB8IHdoZXJlIFRodW1icHJpbnQgLUVRICR3aW5ybV9jZXJ0X3RodW1icHJpbnQuVmFsdWUuVG9TdHJpbmcoKS5Ub1VwcGVyKCkgfCBzZWxlY3QgTm90QWZ0ZXIKICAgICAgICB9IENhdGNoIHt9CiAgICB9CgogICAgJHdpbnJtX2NlcnRfZXhwaXJhdGlvbnMgPSAkd2lucm1fY2VydF9leHBpcnkgfCBTb3J0LU9iamVjdCBOb3RBZnRlcgogICAgaWYgKCR3aW5ybV9jZXJ0X2V4cGlyYXRpb25zKSB7CiAgICAgICAgIyB0aGlzIGZhY3Qgd2FzIHJlbmFtZWQgZnJvbSBhbnNpYmxlX3dpbnJtX2NlcnRpZmljYXRlX2V4cGlyZXMgZHVlIHRvIGNvbGxpc2lvbiB3aXRoIGFuc2libGVfd2lucm1fWCBjb25uZWN0aW9uIHZhciBwYXR0ZXJuCiAgICAgICAgJGFuc2libGVfZmFjdHMuQWRkKCJhbnNpYmxlX3dpbl9ybV9jZXJ0aWZpY2F0ZV9leHBpcmVzIiwgJHdpbnJtX2NlcnRfZXhwaXJhdGlvbnNbMF0uTm90QWZ0ZXIuVG9TdHJpbmcoInl5eXktTU0tZGQgSEg6bW06c3MiKSkKICAgIH0KfQoKJHJlc3VsdC5hbnNpYmxlX2ZhY3RzICs9ICRhbnNpYmxlX2ZhY3RzCgpFeGl0LUpzb24gJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "gather_timeout": 10, "_ansible_module_name": "setup", "_ansible_remote_tmp": "%TEMP%", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "gather_subset": ["all"], "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 8fc9d672-6e4a-4554-b9e8-b94abe8667f2 Path:	4104	1		3	2	15	0	1724	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5112	1088	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:30:49 PM	7f70462d-725d-0000-de5c-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): lYWNoICgkdXNlciBpbiAkZ3JvdXBzLk1lbWJlcnMpIHsKICAgICAgICAkdXNlcl9zaWQgPSAkdXNlci5TaWQKICAgICAgICBpZiAoJHVzZXJfc2lkLlZhbHVlLkVuZHNXaXRoKCItNTAwIikpIHsKICAgICAgICAgICAgJG1hY2hpbmVfc2lkID0gJHVzZXJfc2lkLkFjY291bnREb21haW5TaWQuVmFsdWUKICAgICAgICAgICAgYnJlYWsKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICRtYWNoaW5lX3NpZAp9CgokY2ltX2luc3RhbmNlcyA9IEB7fQoKRnVuY3Rpb24gR2V0LUxhenlDaW1JbnN0YW5jZShbc3RyaW5nXSRpbnN0YW5jZV9uYW1lLCBbc3RyaW5nXSRuYW1lc3BhY2U9IlJvb3RcQ0lNVjIiKSB7CiAgICBpZigtbm90ICRjaW1faW5zdGFuY2VzLkNvbnRhaW5zS2V5KCRpbnN0YW5jZV9uYW1lKSkgewogICAgICAgICRjaW1faW5zdGFuY2VzWyRpbnN0YW5jZV9uYW1lXSA9ICQoR2V0LUNpbUluc3RhbmNlIC1OYW1lc3BhY2UgJG5hbWVzcGFjZSAtQ2xhc3NOYW1lICRpbnN0YW5jZV9uYW1lKQogICAgfQoKICAgIHJldHVybiAkY2ltX2luc3RhbmNlc1skaW5zdGFuY2VfbmFtZV0KfQoKJHJlc3VsdCA9IEB7CiAgICBhbnNpYmxlX2ZhY3RzID0gQHsgfQogICAgY2hhbmdlZCA9ICRmYWxzZQp9CgokZ3JvdXBlZF9zdWJzZXRzID0gQHsKICAgIG1pbj1bU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuTGlzdFtzdHJpbmddXUAoJ2RhdGVfdGltZScsJ2Rpc3RyaWJ1dGlvbicsJ2RucycsJ2VudicsJ2xvY2FsJywncGxhdGZvcm0nLCdwb3dlcnNoZWxsX3ZlcnNpb24nLCd1c2VyJykKICAgIG5ldHdvcms9W1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkxpc3Rbc3RyaW5nXV1AKCdhbGxfaXB2NF9hZGRyZXNzZXMnLCdhbGxfaXB2Nl9hZGRyZXNzZXMnLCdpbnRlcmZhY2VzJywnd2luZG93c19kb21haW4nLCAnd2lucm0nKQogICAgaGFyZHdhcmU9W1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkxpc3Rbc3RyaW5nXV1AKCdiaW9zJywnbWVtb3J5JywncHJvY2Vzc29yJywndXB0aW1lJykKICAgIGV4dGVybmFsPVtTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5MaXN0W3N0cmluZ11dQCgnZmFjdGVyJykKfQoKIyBidWlsZCAiYWxsIiBzZXQgZnJvbSBldmVyeXRoaW5nIG1lbnRpb25lZCBpbiB0aGUgZ3JvdXAtIHRoaXMgbWVhbnMgZXZlcnkgdmFsdWUgbXVzdCBiZSBpbiBhdCBsZWFzdCBvbmUgc3Vic2V0IHRvIGJlIGNvbnNpZGVyZWQgbGVnYWwKJGFsbF9zZXQgPSBbU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuSGFzaFNldFtzdHJpbmddXUAoKQoKZm9yZWFjaCgka3YgaW4gJGdyb3VwZWRfc3Vic2V0cy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgIFt2b2lkXSAkYWxsX3NldC5VbmlvbldpdGgoJGt2LlZhbHVlKQp9CgojIGR5bmFtaWNhbGx5IGNyZWF0ZSBhbiAiYWxsIiBzdWJzZXQgbm93IHRoYXQgd2Uga25vdyB3aGF0IHNob3VsZCBiZSBpbiBpdAokZ3JvdXBlZF9zdWJzZXRzWydhbGwnXSA9IFtTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5MaXN0W3N0cmluZ11dJGFsbF9zZXQKCiMgc3RhcnQgd2l0aCBhbGwsIGJ1aWxkIHVwIGdhdGhlciBhbmQgZXhjbHVkZSBzdWJzZXRzCiRnYXRoZXJfc3Vic2V0ID0gW1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkhhc2hTZXRbc3RyaW5nXV0kZ3JvdXBlZF9zdWJzZXRzLmFsbAokZXhwbGljaXRfc3Vic2V0ID0gW1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkhhc2hTZXRbc3RyaW5nXV1AKCkKJGV4Y2x1ZGVfc3Vic2V0ID0gW1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkhhc2hTZXRbc3RyaW5nXV1AKCkKCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCiRmYWN0cGF0aCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmYWN0X3BhdGgiIC10eXBlICJwYXRoIgokZ2F0aGVyX3N1YnNldF9zb3VyY2UgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZ2F0aGVyX3N1YnNldCIgLXR5cGUgImxpc3QiIC1kZWZhdWx0ICJhbGwiCgpmb3JlYWNoKCRpdGVtIGluICRnYXRoZXJfc3Vic2V0X3NvdXJjZSkgewogICAgaWYoKFtzdHJpbmddJGl0ZW0pLlN0YXJ0c1dpdGgoIiEiKSkgewogICAgICAgICRpdGVtID0gKFtzdHJpbmddJGl0ZW0pLlN1YnN0cmluZygxKQogICAgICAgIGlmKCRpdGVtIC1lcSAiYWxsIikgewogICAgICAgICAgICAkYWxsX21pbnVzX21pbiA9IFtTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5IYXNoU2V0W3N0cmluZ11dQCgkYWxsX3NldCkKICAgICAgICAgICAgW3ZvaWRdICRhbGxfbWludXNfbWluLkV4Y2VwdFdpdGgoJGdyb3VwZWRfc3Vic2V0cy5taW4pCiAgICAgICAgICAgIFt2b2lkXSAkZXhjbHVkZV9zdWJzZXQuVW5pb25XaXRoKCRhbGxfbWludXNfbWluKQogICAgICAgIH0KICAgICAgICBlbHNlaWYoJGdyb3VwZWRfc3Vic2V0cy5Db250YWluc0tleSgkaXRlbSkpIHsKICAgICAgICAgICAgW3ZvaWRdICRleGNsdWRlX3N1YnNldC5VbmlvbldpdGgoJGdyb3VwZWRfc3Vic2V0c1skaXRlbV0pCiAgICAgICAgfQogICAgICAgIGVsc2VpZigkYWxsX3NldC5Db250YWlucygkaXRlbSkpIHsKICAgICAgICAgICAgW3ZvaWRdICRleGNsdWRlX3N1YnNldC5BZGQoJGl0ZW0pCiAgICAgICAgfQogICAgICAgICMgTkI6IGludmFsaWQgZXhjbHVkZSB2YWx1ZXMgYXJlIGlnbm9yZWQsIHNpbmNlIHRoYXQncyB3aGF0IHBvc2l4IHNldHVwIGRvZXMKICAgIH0KICAgIGVsc2UgewogICAgICAgIGlmKCRncm91cGVkX3N1YnNldHMuQ29udGFpbnNLZXkoJGl0ZW0pKSB7CiAgICAgICAgICAgIFt2b2lkXSAkZXhwbGljaXRfc3Vic2V0LlVuaW9uV2l0aCgkZ3JvdXBlZF9zdWJzZXRzWyRpdGVtXSkKICAgICAgICB9CiAgICAgICAgZWxzZWlmKCRhbGxfc2V0LkNvbnRhaW5zKCRpdGVtKSkgewogICAgICAgICAgICBbdm9pZF0gJGV4cGxpY2l0X3N1YnNldC5BZGQoJGl0ZW0pCiAgICAgICAgfQogICAgICAgIGVsc2UgewogICAgICAgICAgICAjIE5COiBQT1NJWCBzZXR1cCBmYWlscyBvbiBpbnZhbGlkIHZhbHVlOyB3ZSB3YXJuLCBiZWNhdXNlIHdlIGRvbid0IGltcGxlbWVudCB0aGUgc2FtZSBzZXQgYXMgUE9TSVgKICAgICAgICAgICAgIyBhbmQgd2UgZG9uJ3QgaGF2ZSBwbGF0Zm9ybS1zcGVjaWZpYyBjb25maWcgZm9yIHRoaXMuLi4KICAgICAgICAgICAgQWRkLVdhcm5pbmcgJHJlc3VsdCAiaW52YWxpZCB2YWx1ZSAkaXRlbSBzcGVjaWZpZWQgaW4gZ2F0aGVyX3N1YnNldCIKICAgICAgICB9CiAgICB9Cn0KClt2b2lkXSAkZ2F0aGVyX3N1YnNldC5FeGNlcHRXaXRoKCRleGNsdWRlX3N1YnNldCkKW3ZvaWRdICRnYXRoZXJfc3Vic2V0LlVuaW9uV2l0aCgkZXhwbGljaXRfc3Vic2V0KQoKJGFuc2libGVfZmFjdHMgPSBAewogICAgZ2F0aGVyX3N1YnNldD1AKCRnYXRoZXJfc3Vic2V0X3NvdXJjZSkKICAgIG1vZHVsZV9zZXR1cD0kdHJ1ZQp9Cgokb3N2ZXJzaW9uID0gW0Vudmlyb25tZW50XTo6T1NWZXJzaW9uCgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygnYWxsX2lwdjRfYWRkcmVzc2VzJykgLW9yICRnYXRoZXJfc3Vic2V0LkNvbnRhaW5zKCdhbGxfaXB2Nl9hZGRyZXNzZXMnKSkgewogICAgJG5ldGNmZyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfTmV0d29ya0FkYXB0ZXJDb25maWd1cmF0aW9uCiAgICAKICAgICMgVE9ETzogc3BsaXQgdjQvdjYgcHJvcGVybHksIHJldHVybiBpbiBzZXBhcmF0ZSBrZXlzCiAgICAkaXBzID0gQCgpCiAgICBGb3JlYWNoICgkaXAgaW4gJG5ldGNmZy5JUEFkZHJlc3MpIHsKICAgICAgICBJZiAoJGlwKSB7CiAgICAgICAgICAgICRpcHMgKz0gJGlwCiAgICAgICAgfQogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9pcF9hZGRyZXNzZXMgPSAkaXBzCiAgICB9Cn0KCmlmKCRnYXRoZXJfc3Vic2V0LkNvbnRhaW5zKCdiaW9zJykpIHsKICAgICR3aW4zMl9iaW9zID0gR2V0LUxhenlDaW1JbnN0YW5jZSBXaW4zMl9CaW9zCiAgICAkd2luMzJfY3MgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX0NvbXB1dGVyU3lzdGVtCiAgICAkYW5zaWJsZV9mYWN0cyArPSBAewogICAgICAgIGFuc2libGVfYmlvc19kYXRlID0gJHdpbjMyX2Jpb3MuUmVsZWFzZURhdGUuVG9TdHJpbmcoIk1NL2RkL3l5eXkiKQogICAgICAgIGFuc2libGVfYmlvc192ZXJzaW9uID0gJHdpbjMyX2Jpb3MuU01CSU9TQklPU1ZlcnNpb24KICAgICAgICBhbnNpYmxlX3Byb2R1Y3RfbmFtZSA9ICR3aW4zMl9jcy5Nb2RlbC5UcmltKCkKICAgICAgICBhbnNpYmxlX3Byb2R1Y3Rfc2VyaWFsID0gJHdpbjMyX2Jpb3MuU2VyaWFsTnVtYmVyCiAgICAgICAgIyBhbnNpYmxlX3Byb2R1Y3RfdmVyc2lvbiA9IChbc3RyaW5nXSAkd2luMzJfY3MuU3lzdGVtRmFtaWx5KQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygnZGF0ZV90aW1lJykpIHsKICAgICRkYXRldGltZSA9IChHZXQtRGF0ZSkKICAgICRkYXRldGltZV91dGMgPSAkZGF0ZXRpbWUuVG9Vbml2ZXJzYWxUaW1lKCkKICAgICRkYXRlID0gQHsKICAgICAgICBkYXRlID0gJGRhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIikKICAgICAgICBkYXkgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoImRkIikKICAgICAgICBlcG9jaCA9IChHZXQtRGF0ZSAtVUZvcm1hdCAiJXMiKQogICAgICAgIGhvdXIgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoIkhIIikKICAgICAgICBpc284NjAxID0gJGRhdGV0aW1lX3V0Yy5Ub1N0cmluZygieXl5eS1NTS1kZFRISDptbTpzc1oiKQogICAgICAgIGlzbzg2MDFfYmFzaWMgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXlNTWRkVEhIbW1zc2ZmZmZmZiIpCiAgICAgICAgaXNvODYwMV9iYXNpY19zaG9ydCA9ICRkYXRldGltZS5Ub1N0cmluZygieXl5eU1NZGRUSEhtbXNzIikKICAgICAgICBpc284NjAxX21pY3JvID0gJGRhdGV0aW1lX3V0Yy5Ub1N0cmluZygieXl5eS1NTS1kZFRISDptbTpzcy5mZmZmZmZaIikKICAgICAgICBtaW51dGUgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoIm1tIikKICAgICAgICBtb250aCA9ICRkYXRldGltZS5Ub1N0cmluZygiTU0iKQogICAgICAgIHNlY29uZCA9ICRkYXRldGltZS5Ub1N0cmluZygic3MiKQogICAgICAgIHRpbWUgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoIkhIOm1tOnNzIikKICAgICAgICB0eiA9IChbU3lzdGVtLlRpbWVab25lSW5mb106OkxvY2FsLklkKQogICAgICAgIHR6X29mZnNldCA9ICRkYXRldGltZS5Ub1N0cmluZygienp6eiIpCiAgICAgICAgIyBFbnN1cmUgdGhhdCB0aGUgd2Vla2RheSBpcyBpbiBFbmdsaXNoCiAgICAgICAgd2Vla2RheSA9ICRkYXRldGltZS5Ub1N0cmluZygiZGRkZCIsIFtTeXN0ZW0uR2xvYmFsaXphdGlvbi5DdWx0dXJlSW5mb106OkludmFyaWFudEN1bHR1cmUpCiAgICAgICAgd2Vla2RheV9udW1iZXIgPSAoR2V0LURhdGUgLVVGb3JtYXQgIiV3IikKICAgICAgICB3ZWVrbnVtYmVyID0gKEdldC1EYXRlIC1VRm9ybWF0ICIlVyIpCiAgICAgICAgeWVhciA9ICRkYXRldGltZS5Ub1N0cmluZygieXl5eSIpCiAgICB9CgogICAgJGFuc2libGVfZmFjdHMgKz0gQHsKICAgICAgICBhbnNpYmxlX2RhdGVfdGltZSA9ICRkYXRlCiAgICB9Cn0KCmlmKCRnYXRoZXJfc3Vic2V0LkNvbnRhaW5zKCdkaXN0cmlidXRpb24nKSkgewogICAgJHdpbjMyX29zID0gR2V0LUxhenlDaW1JbnN0YW5jZSBXaW4zMl9PcGVyYXRpbmdTeXN0ZW0KICAgICRwcm9kdWN0X3R5cGUgPSBzd2l0Y2goJHdpbjMyX29zLlByb2R1Y3RUeXBlKSB7CiAgICAgICAgMSB7ICJ3b3Jrc3RhdGlvbiIgfQogICAgICAgIDIgeyAiZG9tYWluX2NvbnRyb2xsZXIiIH0KICAgICAgICAzIHsgInNlcnZlciIgfQogICAgICAgIGRlZmF1bHQgeyAidW5rbm93biIgfQogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9kaXN0cmlidXRpb24gPSAkd2luMzJfb3MuQ2FwdGlvbgogICAgICAgIGFuc2libGVfZGlzdHJpYnV0aW9uX3ZlcnNpb24gPSAkb3N2ZXJzaW9uLlZlcnNpb24uVG9TdHJpbmcoKQogICAgICAgIGFuc2libGVfZGlzdHJpYnV0aW9uX21ham9yX3ZlcnNpb24gPSAkb3N2ZXJzaW9uLlZlcnNpb24uTWFqb3IuVG9TdHJpbmcoKQogICAgICAgIGFuc2libGVfb3NfZmFtaWx5ID0gIldpbmRvd3MiCiAgICAgICAgYW5zaWJsZV9vc19uYW1lID0gKCR3aW4zMl9vcy5OYW1lLlNwbGl0KCd8JylbMF0pLlRyaW0oKQogICAgICAgIGFuc2libGVfb3NfcHJvZHVjdF90eXBlID0gJHByb2R1Y3RfdHlwZQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygnZW52JykpIHsKICAgICRlbnZfdmFycyA9IEB7IH0KICAgIGZvcmVhY2ggKCRpdGVtIGluIEdldC1DaGlsZEl0ZW0gRW52OikgewogICAgICAgICRuYW1lID0gJGl0ZW0gfCBzZWxlY3QgLUV4cGFuZFByb3BlcnR5IE5hbWUKICAgICAgICAjIFBvd2Vyc2hlbGwgQ29udmVydFRvLUpzb24gZmFpbHMgaWYgc3RyaW5nIGVuZHMgd2l0aCBcCiAgICAgICAgJHZhbHVlID0gKCRpdGVtIHwgc2VsZWN0IC1FeHBhbmRQcm9wZXJ0eSBWYWx1ZSkuVHJpbUVuZCgiXCIpCiAgICAgICAgJGVudl92YXJzLkFkZCgkbmFtZSwgJHZhbHVlKQogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9lbnYgPSAkZW52X3ZhcnMKICAgIH0KfQoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ2ZhY3RlcicpKSB7CiAgICAjIFNlZSBpZiBGYWN0ZXIgaXMgb24gdGhlIFN5c3RlbSBQYXRoCiAgICBUcnkgewogICAgICAgICRmYWN0ZXJfZXhlID0gR2V0LUNvbW1hbmQgZmFjdGVyIC1FcnJvckFjdGlvbiBTdG9wCiAgICAgICAgJGZhY3Rlcl9pbnN0YWxsZWQgPSAkdHJ1ZQogICAgfSBDYXRjaCB7CiAgICAgICAgJGZhY3Rlcl9pbnN0YWxsZWQgPSAkZmFsc2UKICAgIH0KCiAgICAjIEdldCBKU09OIGZyb20gRmFjdGVyLCBhbmQgcGFyc2UgaXQgb3V0LgogICAgaWYgKCRmYWN0ZXJfaW5zdGFsbGVkKSB7CiAgICAgICAgJmZhY3RlciAtaiB8IFRlZS1PYmplY3QgIC1WYXJpYWJsZSBmYWN0ZXJfb3V0cHV0IHwgT3V0LU51bGwKICAgICAgICAkZmFjdHMgPSAiJGZhY3Rlcl9vdXRwdXQiIHwgQ29udmVydEZyb20tSnNvbgogICAgICAgIEZvckVhY2goJGZhY3QgaW4gJGZhY3RzLlBTT2JqZWN0LlByb3BlcnRpZXMpIHsKICAgICAgICAgICAgJGZhY3RfbmFtZSA9ICRmYWN0Lk5hbWUKICAgICAgICAgICAgJGFuc2libGVfZmFjdHMuQWRkKCJmYWN0ZXJfJGZhY3RfbmFtZSIsICRmYWN0LlZhbHVlKQogICAgICAgIH0KICAgIH0KfQoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ2ludGVyZmFjZXMnKSkgewogICAgJG5ldGNmZyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfTmV0d29ya0FkYXB0ZXJDb25maWd1cmF0aW9uCiAgICAkQWN0aXZlTmV0Y2ZnID0gQCgpCiAgICAkQWN0aXZlTmV0Y2ZnICs9ICRuZXRjZmcgfCB3aGVyZSB7JF8uaXBhZGRyZXNzIC1uZSAkbnVsbH0KCiAgICAkbmFtZXNwYWNlcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgX19OYW1lc3BhY2UgLW5hbWVzcGFjZSByb290CiAgICBpZiAoJG5hbWVzcGFjZXMgfCBXaGVyZS1PYmplY3QgeyAkXy5OYW1lIC1lcSAiU3RhbmRhcmRDaW12IiB9KSB7CiAgICAgICAgJG5ldF9hZGFwdGVycyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgTVNGVF9OZXRBZGFwdGVyIC1uYW1lc3BhY2UgUm9vdFxTdGFuZGFyZENpbXYyCiAgICAgICAgJGd1aWRfa2V5ID0gIkludGVyZmFjZUdVSUQiCiAgICAgICAgJG5hbWVfa2V5ID0gIk5hbWUiCiAgICB9IGVsc2UgewogICAgICAgICRuZXRfYWRhcHRlcnMgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX05ldHdvcmtBZGFwdGVyICAgICAgICAKICAgICAgICAkZ3VpZF9rZXkgPSAiR1VJRCIKICAgICAgICAkbmFtZV9rZXkgPSAiTmV0Q29ubmVjdGlvbklEIgogICAgfQoKICAgICRmb3JtYXR0ZWRuZXRjZmcgPSBAKCkKICAgIGZvcmVhY2ggKCRhZGFwdGVyIGluICRBY3RpdmVOZXRjZmcpCiAgICB7CiAgICAgICAgJHRoaXNhZGFwdGVyID0gQHsKICAgICAgICAgICAgZGVmYXVsdF9nYXRld2F5ID0gJG51bGwKICAgICAgICAgICAgY29ubmVjdGlvbl9uYW1lID0gJG51bGwKICAgICAgICAgICAgZG5zX2RvbWFpbiA9ICRhZGFwdGVyLmRuc2RvbWFpbgogICAgICAgICAgICBpbnRlcmZhY2VfaW5kZXggPSAkYWRhcHRlci5JbnRlcmZhY2VJbmRleAogICAgICAgICAgICBpbnRlcmZhY2VfbmFtZSA9ICRhZGFwdGVyLmRlc2NyaXB0aW9uCiAgICAgICAgICAgIG1hY2FkZHJlc3MgPSAkYWRhcHRlci5tYWNhZGRyZXNzCiAgICAgICAgfQoKICAgICAgICBpZiAoJGFkYXB0ZXIuZGVmYXVsdElQR2F0ZXdheSkKICAgICAgICB7CiAgICAgICAgICAgICR0aGlzYWRhcHRlci5kZWZhdWx0X2dhdGV3YXkgPSAkYWRhcHRlci5EZWZhdWx0SVBHYXRld2F5WzBdLlRvU3RyaW5nKCkKICAgICAgICB9CiAgICAgICAgJG5ldF9hZGFwdGVyID0gJG5ldF9hZGFwdGVycyB8IFdoZXJlLU9iamVjdCB7ICRfLiRndWlkX2tleSAtZXEgJGFkYXB0ZXIuU2V0dGluZ0lEIH0KICAgICAgICBpZiAoJG5ldF9hZGFwdGVyKSB7CiAgICAgICAgICAgICR0aGlzYWRhcHRlci5jb25uZWN0aW9uX25hbWUgPSAkbmV0X2FkYXB0ZXIuJG5hbWVfa2V5CiAgICAgICAgfQoKICAgICAgICAkZm9ybWF0dGVkbmV0Y2ZnICs9ICR0aGlzYWRhcHRlcgogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9pbnRlcmZhY2VzID0gJGZvcm1hdHRlZG5ldGNmZwogICAgfQp9CgppZiAoJGdhdGhlcl9zdWJzZXQ ScriptBlock ID: 8fc9d672-6e4a-4554-b9e8-b94abe8667f2 Path:	4104	1		3	2	15	0	1723	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5112	1088	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:30:49 PM	7f70462d-725d-0000-de5c-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTgsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKCkZ1bmN0aW9uIEdldC1DdXN0b21GYWN0cyB7CiAgW2NtZGxldEJpbmRpbmcoKV0KICBwYXJhbSAoCiAgICBbUGFyYW1ldGVyKG1hbmRhdG9yeT0kZmFsc2UpXQogICAgJGZhY3RwYXRoID0gJG51bGwKICApCgogIGlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGZhY3RwYXRoKSkgewogICAgRmFpbC1Kc29uICRyZXN1bHQgIlRoZSBwYXRoICRmYWN0cGF0aCBkb2VzIG5vdCBleGlzdC4gVHlwbz8iCiAgfQoKICAkRmFjdHNGaWxlcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJGZhY3RwYXRoIHwgV2hlcmUtT2JqZWN0IC1GaWx0ZXJTY3JpcHQgeygkUFNJdGVtLlBTSXNDb250YWluZXIgLWVxICRmYWxzZSkgLWFuZCAoJFBTSXRlbS5FeHRlbnNpb24gLWVxICcucHMxJyl9CgogIGZvcmVhY2ggKCRGYWN0c0ZpbGUgaW4gJEZhY3RzRmlsZXMpIHsKICAgICAgJG91dCA9ICYgJCgkRmFjdHNGaWxlLkZ1bGxOYW1lKQogICAgICAkcmVzdWx0LmFuc2libGVfZmFjdHMuQWRkKCJhbnNpYmxlXyQoKCRGYWN0c0ZpbGUuTmFtZSkuU3BsaXQoJy4nKVswXSkiLCAkb3V0KQogIH0KfQoKRnVuY3Rpb24gR2V0LU1hY2hpbmVTaWQgewogICAgIyBUaGUgTWFjaGluZSBTSUQgaXMgc3RvcmVkIGluIEhLTE06XFNFQ1VSSVRZXFNBTVxEb21haW5zXEFjY291bnQgYW5kIGlzCiAgICAjIG9ubHkgYWNjZXNzaWJsZSBieSB0aGUgTG9jYWwgU3lzdGVtIGFjY291bnQuIFRoaXMgbWV0aG9kIGdldCdzIHRoZSBsb2NhbAogICAgIyBhZG1pbiBhY2NvdW50IChlbmRzIHdpdGggLTUwMCkgYW5kIGxvcHMgaXQgb2ZmIHRvIGdldCB0aGUgbWFjaGluZSBzaWQuCgogICAgJGFkbWluc19zaWQgPSAiUy0xLTUtMzItNTQ0IgogICAgJGFkbWluX2dyb3VwID0gKFtTZWN1cml0eS5QcmluY2lwYWwuU2VjdXJpdHlJZGVudGlmaWVyXSRhZG1pbnNfc2lkKS5UcmFuc2xhdGUoW1NlY3VyaXR5LlByaW5jaXBhbC5OVEFjY291bnRdKS5WYWx1ZSAKCiAgICBBZGQtVHlwZSAtQXNzZW1ibHlOYW1lIFN5c3RlbS5EaXJlY3RvcnlTZXJ2aWNlcy5BY2NvdW50TWFuYWdlbWVudAogICAgJHByaW5jaXBhbF9jb250ZXh0ID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLkRpcmVjdG9yeVNlcnZpY2VzLkFjY291bnRNYW5hZ2VtZW50LlByaW5jaXBhbENvbnRleHQoW1N5c3RlbS5EaXJlY3RvcnlTZXJ2aWNlcy5BY2NvdW50TWFuYWdlbWVudC5Db250ZXh0VHlwZV06Ok1hY2hpbmUpCiAgICAkZ3JvdXBfcHJpbmNpcGFsID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLkRpcmVjdG9yeVNlcnZpY2VzLkFjY291bnRNYW5hZ2VtZW50Lkdyb3VwUHJpbmNpcGFsKCRwcmluY2lwYWxfY29udGV4dCwgJGFkbWluX2dyb3VwKQogICAgJHNlYXJjaGVyID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLkRpcmVjdG9yeVNlcnZpY2VzLkFjY291bnRNYW5hZ2VtZW50LlByaW5jaXBhbFNlYXJjaGVyKCRncm91cF9wcmluY2lwYWwpCiAgICAkZ3JvdXBzID0gJHNlYXJjaGVyLkZpbmRPbmUoKQoKICAgICRtYWNoaW5lX3NpZCA9ICRudWxsCiAgICBmb3J ScriptBlock ID: 8fc9d672-6e4a-4554-b9e8-b94abe8667f2 Path:	4104	1		3	2	15	0	1722	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5112	1088	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:30:49 PM	7f70462d-725d-0000-de5c-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3 ScriptBlock ID: 8fc9d672-6e4a-4554-b9e8-b94abe8667f2 Path:	4104	1		3	2	15	0	1721	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5112	1088	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:30:49 PM	7f70462d-725d-0000-de5c-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1720	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5112	5012	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:30:49 PM	7f70462d-725d-0001-bb53-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 5112 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1719	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5112	5048	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:30:49 PM	7f70462d-725d-0001-bb53-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1718	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5112	5012	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:30:49 PM	7f70462d-725d-0001-bb53-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: fc0cb162-2c12-460f-8789-146bb9e6260d Path:	4104	1		3	2	15	0	1717	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1352	4744	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:20:02 PM	7f70462d-725d-0004-1969-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: bc794086-b4f0-4d2e-b647-7f4fe5098435 Path:	4104	1		3	2	15	0	1716	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1352	4744	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:20:02 PM	7f70462d-725d-0004-0669-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): XVzZV9hbmRfY29udGludWUgLWVxICRmYWxzZSkgewogICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAiZmFpbGVkIHRvIHBhdXNlIHNlcnZpY2UgJCgkc3ZjLk5hbWUpOiBUaGUgc2VydmljZSBkb2VzIG5vdCBzdXBwb3J0IHBhdXNpbmciCiAgICAgICAgfQoKICAgICAgICB0cnkgewogICAgICAgICAgICAkc3ZjIHwgU3VzcGVuZC1TZXJ2aWNlIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgImZhaWxlZCB0byBwYXVzZSBzZXJ2aWNlICQoJHN2Yy5OYW1lKTogJCgkXy5FeGNlcHRpb24uTWVzc2FnZSkiCiAgICAgICAgfQogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgaWYgKCRzdGF0ZSAtZXEgImFic2VudCIpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICAkc3ZjIHwgU3RvcC1TZXJ2aWNlIC1Gb3JjZTokZm9yY2VfZGVwZW5kZW50X3NlcnZpY2VzIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICB9CiAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgJHJldHVybiA9ICR3bWlfc3ZjIHwgSW52b2tlLUNpbU1ldGhvZCAtTWV0aG9kTmFtZSBEZWxldGUKICAgICAgICAgICAgaWYgKCRyZXR1cm4uUmV0dXJuVmFsdWUgLW5lIDApIHsKICAgICAgICAgICAgICAgICRlcnJvcl9tc2cgPSBHZXQtV21pRXJyb3JNZXNzYWdlIC1yZXR1cm5fdmFsdWUgJHJldHVybi5SZXR1cm5WYWx1ZQogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRmFpbGVkIHRvIGRlbGV0ZSBzZXJ2aWNlICQoJHN2Yy5OYW1lKTogJCgkcmV0dXJuLlJldHVyblZhbHVlKSAtICRlcnJvcl9tc2ciCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VDb25maWd1cmF0aW9uKCRzdmMpIHsKICAgICR3bWlfc3ZjID0gR2V0LUNpbUluc3RhbmNlIC1DbGFzc05hbWUgV2luMzJfU2VydmljZSAtRmlsdGVyICJuYW1lPSckKCRzdmMuTmFtZSknIgogICAgR2V0LVNlcnZpY2VJbmZvIC1uYW1lICRzdmMuTmFtZQogICAgaWYgKCRkZXNrdG9wX2ludGVyYWN0IC1lcSAkdHJ1ZSAtYW5kICgtbm90ICgkcmVzdWx0LnVzZXJuYW1lIC1lcSAnTG9jYWxTeXN0ZW0nIC1vciAkdXNlcm5hbWUgLWVxICdMb2NhbFN5c3RlbScpKSkgewogICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJDYW4gb25seSBzZXQgZGVza3RvcF9pbnRlcmFjdCB0byB0cnVlIHdoZW4gc2VydmljZSBpcyBydW4gd2l0aC9vciAndXNlcm5hbWUnIGVxdWFscyAnTG9jYWxTeXN0ZW0nIgogICAgfQoKICAgIGlmICgkc3RhcnRfbW9kZSAtbmUgJG51bGwpIHsKICAgICAgICBTZXQtU2VydmljZVN0YXJ0TW9kZSAtc3ZjICRzdmMgLXN0YXJ0X21vZGUgJHN0YXJ0X21vZGUKICAgIH0KCiAgICBpZiAoJHVzZXJuYW1lIC1uZSAkbnVsbCkgewogICAgICAgIFNldC1TZXJ2aWNlQWNjb3VudCAtd21pX3N2YyAkd21pX3N2YyAtdXNlcm5hbWVfc2lkICR1c2VybmFtZV9zaWQgLXVzZXJuYW1lICR1c2VybmFtZSAtcGFzc3dvcmQgJHBhc3N3b3JkCiAgICB9CgogICAgaWYgKCRkaXNwbGF5X25hbWUgLW5lICRudWxsKSB7CiAgICAgICAgU2V0LVNlcnZpY2VEaXNwbGF5TmFtZSAtc3ZjICRzdmMgLWRpc3BsYXlfbmFtZSAkZGlzcGxheV9uYW1lCiAgICB9CgogICAgaWYgKCRkZXNrdG9wX2ludGVyYWN0IC1uZSAkbnVsbCkgewogICAgICAgIFNldC1TZXJ2aWNlRGVza3RvcEludGVyYWN0IC13bWlfc3ZjICR3bWlfc3ZjIC1kZXNrdG9wX2ludGVyYWN0ICRkZXNrdG9wX2ludGVyYWN0CiAgICB9CgogICAgaWYgKCRkZXNjcmlwdGlvbiAtbmUgJG51bGwpIHsKICAgICAgICBTZXQtU2VydmljZURlc2NyaXB0aW9uIC1zdmMgJHN2YyAtZGVzY3JpcHRpb24gJGRlc2NyaXB0aW9uCiAgICB9CgogICAgaWYgKCRwYXRoIC1uZSAkbnVsbCkgewogICAgICAgIFNldC1TZXJ2aWNlUGF0aCAtbmFtZSAkc3ZjLk5hbWUgLXBhdGggJHBhdGgKICAgIH0KCiAgICBpZiAoJGRlcGVuZGVuY2llcyAtbmUgJG51bGwpIHsKICAgICAgICBTZXQtU2VydmljZURlcGVuZGVuY2llcyAtd21pX3N2YyAkd21pX3N2YyAtZGVwZW5kZW5jeV9hY3Rpb24gJGRlcGVuZGVuY3lfYWN0aW9uIC1kZXBlbmRlbmNpZXMgJGRlcGVuZGVuY2llcwogICAgfQoKICAgIGlmICgkc3RhdGUgLW5lICRudWxsKSB7CiAgICAgICAgU2V0LVNlcnZpY2VTdGF0ZSAtc3ZjICRzdmMgLXdtaV9zdmMgJHdtaV9zdmMgLXN0YXRlICRzdGF0ZQogICAgfQp9CgojIG5lZWQgdG8gdXNlIFdoZXJlLU9iamVjdCBhcyAtTmFtZSBkb2Vzbid0IHdvcmsgd2l0aCBbXSBpbiB0aGUgc2VydmljZSBuYW1lCiMgaHR0cHM6Ly9naXRodWIuY29tL2Fuc2libGUvYW5zaWJsZS9pc3N1ZXMvMzc2MjEKJHN2YyA9IEdldC1TZXJ2aWNlIHwgV2hlcmUtT2JqZWN0IHsgJF8uTmFtZSAtZXEgJG5hbWUgLW9yICRfLkRpc3BsYXlOYW1lIC1lcSAkbmFtZSB9CmlmICgkc3ZjKSB7CiAgICBTZXQtU2VydmljZUNvbmZpZ3VyYXRpb24gLXN2YyAkc3ZjCn0gZWxzZSB7CiAgICAkcmVzdWx0LmV4aXN0cyA9ICRmYWxzZQogICAgaWYgKCRzdGF0ZSAtbmUgJ2Fic2VudCcpIHsKICAgICAgICAjIENoZWNrIGlmIHBhdGggaXMgZGVmaW5lZCwgaWYgc28gY3JlYXRlIHRoZSBzZXJ2aWNlCiAgICAgICAgaWYgKCRwYXRoIC1uZSAkbnVsbCkgewogICAgICAgICAgICB0cnkgewogICAgICAgICAgICAgICAgTmV3LVNlcnZpY2UgLU5hbWUgJG5hbWUgLUJpbmFyeVBhdGhuYW1lICRwYXRoIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAkXy5FeGNlcHRpb24uTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCgogICAgICAgICAgICAkc3ZjID0gR2V0LVNlcnZpY2UgfCBXaGVyZS1PYmplY3QgeyAkXy5OYW1lIC1lcSAkbmFtZSB9CiAgICAgICAgICAgIFNldC1TZXJ2aWNlQ29uZmlndXJhdGlvbiAtc3ZjICRzdmMKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAjIFdlIHdpbGwgb25seSByZWFjaCBoZXJlIGlmIHRoZSBzZXJ2aWNlIGlzIGluc3RhbGxlZCBhbmQgdGhlIHN0YXRlIGlzIG5vdCBhYnNlbnQKICAgICAgICAgICAgIyBXaWxsIGNoZWNrIGlmIGFueSBvZiB0aGUgZGVmYXVsdCBhY3Rpb25zIGFyZSBzZXQgYW5kIGZhaWwgYXMgd2UgY2Fubm90IGFjdGlvbiBpdAogICAgICAgICAgICBpZiAoJHN0YXJ0X21vZGUgLW5lICRudWxsIC1vcgogICAgICAgICAgICAgICAgJHN0YXRlIC1uZSAkbnVsbCAtb3IKICAgICAgICAgICAgICAgICR1c2VybmFtZSAtbmUgJG51bGwgLW9yCiAgICAgICAgICAgICAgICAkcGFzc3dvcmQgLW5lICRudWxsIC1vcgogICAgICAgICAgICAgICAgJGRpc3BsYXlfbmFtZSAtbmUgJG51bGwgLW9yCiAgICAgICAgICAgICAgICAkZGVzY3JpcHRpb24gLW5lICRudWxsIC1vcgogICAgICAgICAgICAgICAgJGRlc2t0b3BfaW50ZXJhY3QgLW5lICRmYWxzZSAtb3IKICAgICAgICAgICAgICAgICRkZXBlbmRlbmNpZXMgLW5lICRudWxsIC1vcgogICAgICAgICAgICAgICAgJGRlcGVuZGVuY3lfYWN0aW9uIC1uZSAnc2V0JykgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJTZXJ2aWNlICckbmFtZScgaXMgbm90IGluc3RhbGxlZCwgbmVlZCB0byBzZXQgJ3BhdGgnIHRvIGNyZWF0ZSBhIG5ldyBzZXJ2aWNlIgogICAgICAgICAgICB9CiAgICAgICAgfQogICAgfQp9CgojIEFmdGVyIG1ha2luZyBhIGNoYW5nZSwgbGV0J3MgZ2V0IHRoZSBzZXJ2aWNlIGluZm8gYWdhaW4gdW5sZXNzIHdlIGRlbGV0ZWQgaXQKaWYgKCRzdGF0ZSAtZXEgJ2Fic2VudCcpIHsKICAgICMgUmVjcmVhdGUgcmVzdWx0IHNvIGl0IGRvZXNuJ3QgaGF2ZSB0aGUgZXh0cmEgbWV0YSBkYXRhIG5vdyB0aGF0IGlzIGhhcyBiZWVuIGRlbGV0ZWQKICAgICRjaGFuZ2VkID0gJHJlc3VsdC5jaGFuZ2VkCiAgICAkcmVzdWx0ID0gQHsKICAgICAgICBjaGFuZ2VkID0gJGNoYW5nZWQKICAgICAgICBleGlzdHMgPSAkZmFsc2UKICAgIH0KfSBlbHNlaWYgKCRzdmMgLW5lICRudWxsKSB7CiAgICBHZXQtU2VydmljZUluZm8gLW5hbWUgJG5hbWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "name": "msiscsi", "start_mode": "auto", "_ansible_module_name": "win_service", "_ansible_remote_tmp": "%TEMP%", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "state": "started", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null, "_ansible_no_log": false}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: e038abdb-9a7f-4aba-9591-beae6363ba6f Path:	4104	1		3	2	15	0	1715	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1352	4744	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:20:01 PM	7f70462d-725d-0004-0069-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): N0YXJ0X21vZGUgPSAkd21pX3N2Yy5TdGFydE1vZGUuVG9TdHJpbmcoKS5Ub0xvd2VyKCkgCiAgICBpZiAoJGRlbGF5ZWQgLWFuZCAkYWN0dWFsX3N0YXJ0X21vZGUgLWVxICdhdXRvJykgewogICAgICAgICRhY3R1YWxfc3RhcnRfbW9kZSA9ICdkZWxheWVkJwogICAgfQoKICAgICRleGlzdGluZ19kZXBlbmRlbmNpZXMgPSBAKCkKICAgICRleGlzdGluZ19kZXBlbmRlZF9ieSA9IEAoKQogICAgaWYgKCRzdmMuU2VydmljZXNEZXBlbmRlZE9uLkNvdW50IC1ndCAwKSB7CiAgICAgICAgZm9yZWFjaCAoJGRlcGVuZGVuY3kgaW4gJHN2Yy5TZXJ2aWNlc0RlcGVuZGVkT24uTmFtZSkgewogICAgICAgICAgICAkZXhpc3RpbmdfZGVwZW5kZW5jaWVzICs9ICRkZXBlbmRlbmN5CiAgICAgICAgfQogICAgfQogICAgaWYgKCRzdmMuRGVwZW5kZW50U2VydmljZXMuQ291bnQgLWd0IDApIHsKICAgICAgICBmb3JlYWNoICgkZGVwZW5kZW5jeSBpbiAkc3ZjLkRlcGVuZGVudFNlcnZpY2VzLk5hbWUpIHsKICAgICAgICAgICAgJGV4aXN0aW5nX2RlcGVuZGVkX2J5ICs9ICRkZXBlbmRlbmN5CiAgICAgICAgfQogICAgfQogICAgJGRlc2NyaXB0aW9uID0gJHdtaV9zdmMuRGVzY3JpcHRpb24KICAgIGlmICgkZGVzY3JpcHRpb24gLWVxICRudWxsKSB7CiAgICAgICAgJGRlc2NyaXB0aW9uID0gIiIKICAgIH0KCiAgICAkcmVzdWx0LmV4aXN0cyA9ICR0cnVlCiAgICAkcmVzdWx0Lm5hbWUgPSAkc3ZjLk5hbWUKICAgICRyZXN1bHQuZGlzcGxheV9uYW1lID0gJHN2Yy5EaXNwbGF5TmFtZQogICAgJHJlc3VsdC5zdGF0ZSA9ICRzdmMuU3RhdHVzLlRvU3RyaW5nKCkuVG9Mb3dlcigpCiAgICAkcmVzdWx0LnN0YXJ0X21vZGUgPSAkYWN0dWFsX3N0YXJ0X21vZGUKICAgICRyZXN1bHQucGF0aCA9ICR3bWlfc3ZjLlBhdGhOYW1lCiAgICAkcmVzdWx0LmRlc2NyaXB0aW9uID0gJGRlc2NyaXB0aW9uCiAgICAkcmVzdWx0LnVzZXJuYW1lID0gJHdtaV9zdmMuU3RhcnROYW1lCiAgICAkcmVzdWx0LmRlc2t0b3BfaW50ZXJhY3QgPSAkd21pX3N2Yy5EZXNrdG9wSW50ZXJhY3QKICAgICRyZXN1bHQuZGVwZW5kZW5jaWVzID0gJGV4aXN0aW5nX2RlcGVuZGVuY2llcwogICAgJHJlc3VsdC5kZXBlbmRlZF9ieSA9ICRleGlzdGluZ19kZXBlbmRlZF9ieQogICAgJHJlc3VsdC5jYW5fcGF1c2VfYW5kX2NvbnRpbnVlID0gJHN2Yy5DYW5QYXVzZUFuZENvbnRpbnVlCn0KCkZ1bmN0aW9uIEdldC1XbWlFcnJvck1lc3NhZ2UoJHJldHVybl92YWx1ZSkgewogICAgIyBUaGVzZSB2YWx1ZXMgYXJlIGRlcml2ZWQgZnJvbSBodHRwczovL21zZG4ubWljcm9zb2Z0LmNvbS9lbi11cy9saWJyYXJ5L2FhMzg0OTAxKHY9dnMuODUpLmFzcHgKICAgIHN3aXRjaCAoJHJldHVybl92YWx1ZSkgewogICAgICAgIDEgeyAiTm90IFN1cHBvcnRlZDogVGhlIHJlcXVlc3QgaXMgbm90IHN1cHBvcnRlZCIgfQogICAgICAgIDIgeyAiQWNjZXNzIERlbmllZDogVGhlIHVzZXIgZGlkIG5vdCBoYXZlIHRoZSBuZWNlc3NhcnkgYWNjZXNzIiB9CiAgICAgICAgMyB7ICJEZXBlbmRlbnQgU2VydmljZXMgUnVubmluZzogVGhlIHNlcnZpY2UgY2Fubm90IGJlIHN0b3BwZWQgYmVjYXVzZSBvdGhlciBzZXJ2aWNlcyB0aGF0IGFyZSBydW5uaW5nIGFyZSBkZXBlbmRlbnQgb24gaXQiIH0KICAgICAgICA0IHsgIkludmFsaWQgU2VydmljZSBDb250cm9sOiBUaGUgcmVxdWVzdGVkIGNvbnRyb2wgY29kZSBpcyBub3QgdmFsaWQsIG9yIGl0IGlzIHVuYWNjZXB0YWJsZSB0byB0aGUgc2VydmljZSIgfQogICAgICAgIDUgeyAiU2VydmljZSBDYW5ub3QgQWNjZXB0IENvbnRyb2w6IFRoZSByZXF1ZXN0ZWQgY29udHJvbCBjb2RlIGNhbm5vdCBiZSBzZW50IHRvIHRoZSBzZXJ2aWNlIGJlY2F1c2UgdGhlIHN0YXRlIG9mIHRoZSBzZXJ2aWNlIChXaW4zMl9CYXNlU2VydmljZS5TdGF0ZSBwcm9wZXJ0eSkgaXMgZXF1YWwgdG8gMCwgMSwgb3IgMiIgfQogICAgICAgIDYgeyAiU2VydmljZSBOb3QgQWN0aXZlOiBUaGUgc2VydmljZSBoYXMgbm90IGJlZW4gc3RhcnRlZCIgfQogICAgICAgIDcgeyAiU2VydmljZSBSZXF1ZXN0IFRpbWVvdXQ6IFRoZSBzZXJ2aWNlIGRpZCBub3QgcmVzcG9uZCB0byB0aGUgc3RhcnQgcmVxdWVzdCBpbiBhIHRpbWVseSBmYXNoaW9uIiB9CiAgICAgICAgOCB7ICJVbmtub3duIEZhaWx1cmU6IFVua25vd24gZmFpbHVyZSB3aGVuIHN0YXJ0aW5nIHRoZSBzZXJ2aWNlIiB9CiAgICAgICAgOSB7ICJQYXRoIE5vdCBGb3VuZDogVGhlIGRpcmVjdG9yeSBwYXRoIHRvIHRoZSBzZXJ2aWNlIGV4ZWN1dGFibGUgZmlsZSB3YXMgbm90IGZvdW5kIiB9CiAgICAgICAgMTAgeyAiU2VydmljZSBBbHJlYWR5IFJ1bm5pbmc6IFRoZSBzZXJ2aWNlIGlzIGFscmVhZHkgcnVubmluZyIgfQogICAgICAgIDExIHsgIlNlcnZpY2UgRGF0YWJhc2UgTG9ja2VkOiBUaGUgZGF0YWJhc2UgdG8gYWRkIGEgbmV3IHNlcnZpY2UgaXMgbG9ja2VkIiB9CiAgICAgICAgMTIgeyAiU2VydmljZSBEZXBlbmRlbmN5IERlbGV0ZWQ6IEEgZGVwZW5kZW5jeSB0aGlzIHNlcnZpY2UgcmVsaWVzIG9uIGhhcyBiZWVuIHJlbW92ZWQgZnJvbSB0aGUgc3lzdGVtIiB9CiAgICAgICAgMTMgeyAiU2VydmljZSBEZXBlbmRlbmN5IEZhaWx1cmU6IFRoZSBzZXJ2aWNlIGZhaWxlZCB0byBmaW5kIHRoZSBzZXJ2aWNlIG5lZWRlZCBmcm9tIGEgZGVwZW5kZW50IHNlcnZpY2UiIH0KICAgICAgICAxNCB7ICJTZXJ2aWNlIERpc2FibGVkOiBUaGUgc2VydmljZSBoYXMgYmVlbiBkaXNhYmxlZCBmcm9tIHRoZSBzeXN0ZW0iIH0KICAgICAgICAxNSB7ICJTZXJ2aWNlIExvZ29uIEZhaWxlZDogVGhlIHNlcnZpY2UgZG9lcyBub3QgaGF2ZSB0aGUgY29ycmVjdCBhdXRoZW50aWNhdGlvbiB0byBydW4gb24gdGhlIHN5c3RlbSIgfQogICAgICAgIDE2IHsgIlNlcnZpY2UgTWFya2VkIEZvciBEZWxldGlvbjogVGhpcyBzZXJ2aWNlIGlzIGJlaW5nIHJlbW92ZWQgZnJvbSB0aGUgc3lzdGVtIiB9CiAgICAgICAgMTcgeyAiU2VydmljZSBObyBUaHJlYWQ6IFRoZSBzZXJ2aWNlIGhhcyBubyBleGVjdXRpb24gdGhyZWFkIiB9CiAgICAgICAgMTggeyAiU3RhdHVzIENpcmN1bGFyIERlcGVuZGVuY3k6IFRoZSBzZXJ2aWNlIGhhcyBjaXJjdWxhciBkZXBlbmRlbmNpZXMgd2hlbiBpdCBzdGFydHMiIH0KICAgICAgICAxOSB7ICJTdGF0dXMgRHVwbGljYXRlIE5hbWU6IEEgc2VydmljZSBpcyBydW5uaW5nIHVuZGVyIHRoZSBzYW1lIG5hbWUiIH0KICAgICAgICAyMCB7ICJTdGF0dXMgSW52YWxpZCBOYW1lOiBUaGUgc2VydmljZSBuYW1lIGhhcyBpbnZhbGlkIGNoYXJhY3RlcnMiIH0KICAgICAgICAyMSB7ICJTdGF0dXMgSW52YWxpZCBQYXJhbWV0ZXI6IEludmFsaWQgcGFyYW1ldGVycyBoYXZlIGJlZW4gcGFzc2VkIHRvIHRoZSBzZXJ2aWNlIiB9CiAgICAgICAgMjIgeyAiU3RhdHVzIEludmFsaWQgU2VydmljZSBBY2NvdW50OiBUaGUgYWNjb3VudCB1bmRlciB3aGljaCB0aGlzIHNlcnZpY2UgcnVucyBpcyBlaXRoZXIgaW52YWxpZCBvciBsYWNrcyB0aGUgcGVybWlzc2lvbnMgdG8gcnVuIHRoZSBzZXJ2aWNlIiB9CiAgICAgICAgMjMgeyAiU3RhdHVzIFNlcnZpY2UgRXhpc3RzOiBUaGUgc2VydmljZSBleGlzdHMgaW4gdGhlIGRhdGFiYXNlIG9mIHNlcnZpY2VzIGF2YWlsYWJsZSBmcm9tIHRoZSBzeXN0ZW0iIH0KICAgICAgICAyNCB7ICJTZXJ2aWNlIEFscmVhZHkgUGF1c2VkOiBUaGUgc2VydmljZSBpcyBjdXJyZW50bHkgcGF1c2VkIGluIHRoZSBzeXN0ZW0iIH0KICAgICAgICBkZWZhdWx0IHsgIk90aGVyIEVycm9yIiB9CiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1EZWxheWVkU3RhdHVzKCRuYW1lKSB7CiAgICAkZGVsYXllZF9rZXkgPSAiSEtMTTpcU3lzdGVtXEN1cnJlbnRDb250cm9sU2V0XFNlcnZpY2VzXCRuYW1lIgogICAgdHJ5IHsKICAgICAgICAkZGVsYXllZCA9IENvbnZlcnRUby1Cb29sICgoR2V0LUl0ZW1Qcm9wZXJ0eSAtTGl0ZXJhbFBhdGggJGRlbGF5ZWRfa2V5KS5EZWxheWVkQXV0b3N0YXJ0KQogICAgfSBjYXRjaCB7CiAgICAgICAgJGRlbGF5ZWQgPSAkZmFsc2UKICAgIH0KCiAgICAkZGVsYXllZAp9CgpGdW5jdGlvbiBTZXQtU2VydmljZVN0YXJ0TW9kZSgkc3ZjLCAkc3RhcnRfbW9kZSkgewogICAgaWYgKCRyZXN1bHQuc3RhcnRfbW9kZSAtbmUgJHN0YXJ0X21vZGUpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICAkZGVsYXllZF9rZXkgPSAiSEtMTTpcU3lzdGVtXEN1cnJlbnRDb250cm9sU2V0XFNlcnZpY2VzXCQoJHN2Yy5OYW1lKSIKICAgICAgICAgICAgIyBPcmlnaW5hbCBzdGFydCB1cCB0eXBlIHdhcyBhdXRvIChkZWxheWVkKSBhbmQgd2Ugd2FudCBhdXRvLCBuZWVkIHRvIHJlbW92ZWQgZGVsYXllZCBrZXkKICAgICAgICAgICAgaWYgKCRzdGFydF9tb2RlIC1lcSAnYXV0bycgLWFuZCAkcmVzdWx0LnN0YXJ0X21vZGUgLWVxICdkZWxheWVkJykgewogICAgICAgICAgICAgICAgU2V0LUl0ZW1Qcm9wZXJ0eSAtTGl0ZXJhbFBhdGggJGRlbGF5ZWRfa2V5IC1OYW1lICJEZWxheWVkQXV0b3N0YXJ0IiAtVmFsdWUgMCAtV2hhdElmOiRjaGVja19tb2RlCiAgICAgICAgICAgICMgT3JpZ2luYWwgc3RhcnQgdXAgdHlwZSB3YXMgYXV0byBhbmQgd2Ugd2FudCBhdXRvIChkZWxheWVkKSwgbmVlZCB0byBhZGQgZGVsYXllZCBrZXkKICAgICAgICAgICAgfSBlbHNlaWYgKCRzdGFydF9tb2RlIC1lcSAnZGVsYXllZCcgLWFuZCAkcmVzdWx0LnN0YXJ0X21vZGUgLWVxICdhdXRvJykgewogICAgICAgICAgICAgICAgU2V0LUl0ZW1Qcm9wZXJ0eSAtTGl0ZXJhbFBhdGggJGRlbGF5ZWRfa2V5IC1OYW1lICJEZWxheWVkQXV0b3N0YXJ0IiAtVmFsdWUgMSAtV2hhdElmOiRjaGVja19tb2RlCiAgICAgICAgICAgICMgT3JpZ2luYWwgc3RhcnQgdXAgdHlwZSB3YXMgbm90IGF1dG8gb3IgYXV0byAoZGVsYXllZCksIG5lZWQgdG8gY2hhbmdlIHRvIGF1dG8gYW5kIGFkZCBkZWxheWVkIGtleQogICAgICAgICAgICB9IGVsc2VpZiAoJHN0YXJ0X21vZGUgLWVxICdkZWxheWVkJykgewogICAgICAgICAgICAgICAgJHN2YyB8IFNldC1TZXJ2aWNlIC1TdGFydHVwVHlwZSAiYXV0byIgLVdoYXRJZjokY2hlY2tfbW9kZQogICAgICAgICAgICAgICAgU2V0LUl0ZW1Qcm9wZXJ0eSAtTGl0ZXJhbFBhdGggJGRlbGF5ZWRfa2V5IC1OYW1lICJEZWxheWVkQXV0b3N0YXJ0IiAtVmFsdWUgMSAtV2hhdElmOiRjaGVja19tb2RlCiAgICAgICAgICAgICMgT3JpZ2luYWwgc3RhcnQgdXAgdHlwZSB3YXMgbm90IHdoYXQgd2Ugd2VyZSBsb29raW5nIGZvciwganVzdCBjaGFuZ2UgdG8gdGhhdCB0eXBlCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICAkc3ZjIHwgU2V0LVNlcnZpY2UgLVN0YXJ0dXBUeXBlICRzdGFydF9tb2RlIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAgICAgfQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAkXy5FeGNlcHRpb24uTWVzc2FnZQogICAgICAgIH0KICAgICAgICAKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQp9CgpGdW5jdGlvbiBTZXQtU2VydmljZUFjY291bnQoJHdtaV9zdmMsICR1c2VybmFtZV9zaWQsICR1c2VybmFtZSwgJHBhc3N3b3JkKSB7CiAgICBpZiAoJHJlc3VsdC51c2VybmFtZSAtZXEgIkxvY2FsU3lzdGVtIikgewogICAgICAgICRhY3R1YWxfc2lkID0gIlMtMS01LTE4IgogICAgfSBlbHNlIHsKICAgICAgICAkYWN0dWFsX3NpZCA9IENvbnZlcnQtVG9TSUQgLWFjY291bnRfbmFtZSAkcmVzdWx0LnVzZXJuYW1lCiAgICB9CgogICAgaWYgKCRhY3R1YWxfc2lkIC1uZSAkdXNlcm5hbWVfc2lkKSB7CiAgICAgICAgJGNoYW5nZV9hcmd1bWVudHMgPSBAewogICAgICAgICAgICBTdGFydE5hbWUgPSAkdXNlcm5hbWUKICAgICAgICAgICAgU3RhcnRQYXNzd29yZCA9ICRwYXNzd29yZAogICAgICAgICAgICBEZXNrdG9wSW50ZXJhY3QgPSAkcmVzdWx0LmRlc2t0b3BfaW50ZXJhY3QKICAgICAgICB9CiAgICAgICAgIyBuZWVkIHRvIGRpc2FibGUgZGVza3RvcCBpbnRlcmFjdCB3aGVuIG5vdCB1c2luZyB0aGUgU1lTVEVNIGFjY291bnQKICAgICAgICBpZiAoJHVzZXJuYW1lX3NpZCAtbmUgIlMtMS01LTE4IikgewogICAgICAgICAgICAkY2hhbmdlX2FyZ3VtZW50cy5EZXNrdG9wSW50ZXJhY3QgPSAkZmFsc2UKICAgICAgICB9CgogICAgICAgICNXTUkuQ2hhbmdlIGRvZXNuJ3Qgc3VwcG9ydCAtV2hhdElmLCBjYW5ub3QgZnVsbHkgdGVzdCB3aXRoIGNoZWNrX21vZGUKICAgICAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSkgewogICAgICAgICAgICAkcmV0dXJuID0gJHdtaV9zdmMgfCBJbnZva2UtQ2ltTWV0aG9kIC1NZXRob2ROYW1lIENoYW5nZSAtQXJndW1lbnRzICRjaGFuZ2VfYXJndW1lbnRzCiAgICAgICAgICAgIGlmICgkcmV0dXJuLlJldHVyblZhbHVlIC1uZSAwKSB7CiAgICAgICAgICAgICAgICAkZXJyb3JfbXNnID0gR2V0LVdtaUVycm9yTWVzc2FnZSAtcmV0dXJuX3ZhbHVlICRyZXN1bHQuUmV0dXJuVmFsdWUKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBzZXQgc2VydmljZSBhY2NvdW50IHRvICQoJHVzZXJuYW1lKTogJCgkcmV0dXJuLlJldHVyblZhbHVlKSAtICRlcnJvcl9tc2ciCiAgICAgICAgICAgIH0KICAgICAgICB9ICAgICAgICAKCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VEZXNrdG9wSW50ZXJhY3QoJHdtaV9zdmMsICRkZXNrdG9wX2ludGVyYWN0KSB7CiAgICBpZiAoJHJlc3VsdC5kZXNrdG9wX2ludGVyYWN0IC1uZSAkZGVza3RvcF9pbnRlcmFjdCkgewogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICRyZXR1cm4gPSAkd21pX3N2YyB8IEludm9rZS1DaW1NZXRob2QgLU1ldGhvZE5hbWUgQ2hhbmdlIC1Bcmd1bWVudHMgQHtEZXNrdG9wSW50ZXJhY3QgPSAkZGVza3RvcF9pbnRlcmFjdH0KICAgICAgICAgICAgaWYgKCRyZXR1cm4uUmV0dXJuVmFsdWUgLW5lIDApIHsKICAgICAgICAgICAgICAgICRlcnJvcl9tc2cgPSBHZXQtV21pRXJyb3JNZXNzYWdlIC1yZXR1cm5fdmFsdWUgJHJldHVybi5SZXR1cm5WYWx1ZQogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRmFpbGVkIHRvIHNldCBkZXNrdG9wIGludGVyYWN0ICQoJGRlc2t0b3BfaW50ZXJhY3QpOiAkKCRyZXR1cm4uUmV0dXJuVmFsdWUpIC0gJGVycm9yX21zZyIKICAgICAgICAgICAgfQogICAgICAgIH0KCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VEaXNwbGF5TmFtZSgkc3ZjLCAkZGlzcGxheV9uYW1lKSB7CiAgICBpZiAoJHJlc3VsdC5kaXNwbGF5X25hbWUgLW5lICRkaXNwbGF5X25hbWUpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICAkc3ZjIHwgU2V0LVNlcnZpY2UgLURpc3BsYXlOYW1lICRkaXNwbGF5X25hbWUgLVdoYXRJZjokY2hlY2tfbW9kZQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAkXy5FeGNlcHRpb24uTWVzc2FnZQogICAgICAgIH0KICAgICAgICAKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQp9CgpGdW5jdGlvbiBTZXQtU2VydmljZURlc2NyaXB0aW9uKCRzdmMsICRkZXNjcmlwdGlvbikgewogICAgaWYgKCRyZXN1bHQuZGVzY3JpcHRpb24gLW5lICRkZXNjcmlwdGlvbikgewogICAgICAgIHRyeSB7CiAgICAgICAgICAgICRzdmMgfCBTZXQtU2VydmljZSAtRGVzY3JpcHRpb24gJGRlc2NyaXB0aW9uIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICB9CiAgICAgICAgCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VQYXRoKCRuYW1lLCAkcGF0aCkgewogICAgaWYgKCRyZXN1bHQucGF0aCAtbmUgJHBhdGgpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICBTZXQtSXRlbVByb3BlcnR5IC1MaXRlcmFsUGF0aCAiSEtMTTpcU3lzdGVtXEN1cnJlbnRDb250cm9sU2V0XFNlcnZpY2VzXCRuYW1lIiAtTmFtZSBJbWFnZVBhdGggLVZhbHVlICRwYXRoIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICB9CiAgICAgICAgCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VEZXBlbmRlbmNpZXMoJHdtaV9zdmMsICRkZXBlbmRlbmN5X2FjdGlvbiwgJGRlcGVuZGVuY2llcykgewogICAgJGV4aXN0aW5nX2RlcGVuZGVuY2llcyA9ICRyZXN1bHQuZGVwZW5kZW5jaWVzCiAgICBbU3lzdGVtLkNvbGxlY3Rpb25zLkFycmF5TGlzdF0kbmV3X2RlcGVuZGVuY2llcyA9IEAoKQoKICAgIGlmICgkZGVwZW5kZW5jeV9hY3Rpb24gLWVxICdzZXQnKSB7CiAgICAgICAgZm9yZWFjaCAoJGRlcGVuZGVuY3kgaW4gJGRlcGVuZGVuY2llcykgewogICAgICAgICAgICAkbmV3X2RlcGVuZGVuY2llcy5BZGQoJGRlcGVuZGVuY3kpCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkbmV3X2RlcGVuZGVuY2llcyA9ICRleGlzdGluZ19kZXBlbmRlbmNpZXMKICAgICAgICBmb3JlYWNoICgkZGVwZW5kZW5jeSBpbiAkZGVwZW5kZW5jaWVzKSB7CiAgICAgICAgICAgIGlmICgkZGVwZW5kZW5jeV9hY3Rpb24gLWVxICdyZW1vdmUnKSB7CiAgICAgICAgICAgICAgICBpZiAoJG5ld19kZXBlbmRlbmNpZXMgLWNvbnRhaW5zICRkZXBlbmRlbmN5KSB7CiAgICAgICAgICAgICAgICAgICAgJG5ld19kZXBlbmRlbmNpZXMuUmVtb3ZlKCRkZXBlbmRlbmN5KQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9IGVsc2VpZiAoJGRlcGVuZGVuY3lfYWN0aW9uIC1lcSAnYWRkJykgewogICAgICAgICAgICAgICAgaWYgKCRuZXdfZGVwZW5kZW5jaWVzIC1ub3Rjb250YWlucyAkZGVwZW5kZW5jeSkgewogICAgICAgICAgICAgICAgICAgICRuZXdfZGVwZW5kZW5jaWVzLkFkZCgkZGVwZW5kZW5jeSkKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KCiAgICAkd2lsbF9jaGFuZ2UgPSAkZmFsc2UKICAgIGZvcmVhY2ggKCRkZXBlbmRlbmN5IGluICRuZXdfZGVwZW5kZW5jaWVzKSB7CiAgICAgICAgaWYgKCRleGlzdGluZ19kZXBlbmRlbmNpZXMgLW5vdGNvbnRhaW5zICRkZXBlbmRlbmN5KSB7CiAgICAgICAgICAgICR3aWxsX2NoYW5nZSA9ICR0cnVlCiAgICAgICAgfQogICAgfQogICAgZm9yZWFjaCAoJGRlcGVuZGVuY3kgaW4gJGV4aXN0aW5nX2RlcGVuZGVuY2llcykgewogICAgICAgIGlmICgkbmV3X2RlcGVuZGVuY2llcyAtbm90Y29udGFpbnMgJGRlcGVuZGVuY3kpIHsKICAgICAgICAgICAgJHdpbGxfY2hhbmdlID0gJHRydWUKICAgICAgICB9CiAgICB9CgogICAgaWYgKCR3aWxsX2NoYW5nZSAtZXEgJHRydWUpIHsKICAgICAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSkgewogICAgICAgICAgICAkcmV0dXJuID0gJHdtaV9zdmMgfCBJbnZva2UtQ2ltTWV0aG9kIC1NZXRob2ROYW1lIENoYW5nZSAtQXJndW1lbnRzIEB7U2VydmljZURlcGVuZGVuY2llcyA9ICRuZXdfZGVwZW5kZW5jaWVzfQogICAgICAgICAgICBpZiAoJHJldHVybi5SZXR1cm5WYWx1ZSAtbmUgMCkgewogICAgICAgICAgICAgICAgJGVycm9yX21zZyA9IEdldC1XbWlFcnJvck1lc3NhZ2UgLXJldHVybl92YWx1ZSAkcmV0dXJuLlJldHVyblZhbHVlCiAgICAgICAgICAgICAgICAkZGVwX3N0cmluZyA9ICRuZXdfZGVwZW5kZW5jaWVzIC1qb2luICIsICIKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBzZXQgc2VydmljZSBkZXBlbmRlbmNpZXMgJCgkZGVwX3N0cmluZyk6ICQoJHJldHVybi5SZXR1cm5WYWx1ZSkgLSAkZXJyb3JfbXNnIgogICAgICAgICAgICB9CiAgICAgICAgfQogICAgICAgIAogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIFNldC1TZXJ2aWNlU3RhdGUoJHN2YywgJHdtaV9zdmMsICRzdGF0ZSkgewogICAgaWYgKCRzdGF0ZSAtZXEgInN0YXJ0ZWQiIC1hbmQgJHJlc3VsdC5zdGF0ZSAtbmUgInJ1bm5pbmciKSB7CiAgICAgICAgaWYgKCRyZXN1bHQuc3RhdGUgLWVxICJwYXVzZWQiKSB7CiAgICAgICAgICAgIHRyeSB7CiAgICAgICAgICAgICAgICAkc3ZjIHwgUmVzdW1lLVNlcnZpY2UgLVdoYXRJZjokY2hlY2tfbW9kZQogICAgICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJmYWlsZWQgdG8gc3RhcnQgc2VydmljZSBmcm9tIHBhdXNlZCBzdGF0ZSAkKCRzdmMuTmFtZSk6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgdHJ5IHsKICAgICAgICAgICAgICAgICRzdmMgfCBTdGFydC1TZXJ2aWNlIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAkXy5FeGNlcHRpb24uTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfQogICAgICAgIAogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgaWYgKCRzdGF0ZSAtZXEgInN0b3BwZWQiIC1hbmQgJHJlc3VsdC5zdGF0ZSAtbmUgInN0b3BwZWQiKSB7CiAgICAgICAgdHJ5IHsKICAgICAgICAgICAgJHN2YyB8IFN0b3AtU2VydmljZSAtRm9yY2U6JGZvcmNlX2RlcGVuZGVudF9zZXJ2aWNlcyAtV2hhdElmOiRjaGVja19tb2RlCiAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICRfLkV4Y2VwdGlvbi5NZXNzYWdlCiAgICAgICAgfQogICAgICAgIAogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgaWYgKCRzdGF0ZSAtZXEgInJlc3RhcnRlZCIpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICAkc3ZjIHwgUmVzdGFydC1TZXJ2aWNlIC1Gb3JjZTokZm9yY2VfZGVwZW5kZW50X3NlcnZpY2VzIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICB9CiAgICAgICAgCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KCiAgICBpZiAoJHN0YXRlIC1lcSAicGF1c2VkIiAtYW5kICRyZXN1bHQuc3RhdGUgLW5lICJwYXVzZWQiKSB7CiAgICAgICAgIyBjaGVjayB0aGF0IHdlIGNhbiBhY3R1YWxseSBwYXVzZSB0aGUgc2VydmljZQogICAgICAgIGlmICgkcmVzdWx0LmNhbl9wY ScriptBlock ID: e038abdb-9a7f-4aba-9591-beae6363ba6f Path:	4104	1		3	2	15	0	1714	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1352	4744	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:20:01 PM	7f70462d-725d-0004-0069-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): cnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTQsIENocmlzIEhvZmZtYW4gPGNob2ZmbWFuQGNoYXRoYW1maW5hbmNpYWwuY29tPgojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5TSUQKCiRFcnJvckFjdGlvblByZWZlcmVuY2UgPSAiU3RvcCIKCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCiRjaGVja19tb2RlID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgJ19hbnNpYmxlX2NoZWNrX21vZGUnIC10eXBlICdib29sJyAtZGVmYXVsdCAkZmFsc2UKCiRkZXBlbmRlbmNpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnZGVwZW5kZW5jaWVzJyAtdHlwZSAnbGlzdCcgLWRlZmF1bHQgJG51bGwKJGRlcGVuZGVuY3lfYWN0aW9uID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgJ2RlcGVuZGVuY3lfYWN0aW9uJyAtdHlwZSAnc3RyJyAtZGVmYXVsdCAnc2V0JyAtdmFsaWRhdGVzZXQgJ2FkZCcsJ3JlbW92ZScsJ3NldCcgCiRkZXNjcmlwdGlvbiA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICdkZXNjcmlwdGlvbicgLXR5cGUgJ3N0cicKJGRlc2t0b3BfaW50ZXJhY3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnZGVza3RvcF9pbnRlcmFjdCcgLXR5cGUgJ2Jvb2wnIC1kZWZhdWx0ICRmYWxzZQokZGlzcGxheV9uYW1lID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgJ2Rpc3BsYXlfbmFtZScgLXR5cGUgJ3N0cicKJGZvcmNlX2RlcGVuZGVudF9zZXJ2aWNlcyA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICdmb3JjZV9kZXBlbmRlbnRfc2VydmljZXMnIC10eXBlICdib29sJyAtZGVmYXVsdCAkZmFsc2UKJG5hbWUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnbmFtZScgLXR5cGUgJ3N0cicgLWZhaWxpZmVtcHR5ICR0cnVlCiRwYXNzd29yZCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICdwYXNzd29yZCcgLXR5cGUgJ3N0cicKJHBhdGggPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAncGF0aCcKJHN0YXJ0X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnc3RhcnRfbW9kZScgLXR5cGUgJ3N0cicgLXZhbGlkYXRlc2V0ICdhdXRvJywnbWFudWFsJywnZGlzYWJsZWQnLCdkZWxheWVkJwokc3RhdGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnc3RhdGUnIC10eXBlICdzdHInIC12YWxpZGF0ZXNldCAnc3RhcnRlZCcsJ3N0b3BwZWQnLCdyZXN0YXJ0ZWQnLCdhYnNlbnQnLCdwYXVzZWQnCiR1c2VybmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICd1c2VybmFtZScgLXR5cGUgJ3N0cicKCiRyZXN1bHQgPSBAewogICAgY2hhbmdlZCA9ICRmYWxzZQp9CgojIHBhcnNlIHRoZSB1c2VybmFtZSB0byBTSUQgYW5kIGJhY2sgc28gd2UgZ2V0IHRoZSBmdWxsIHVzZXJuYW1lIHdpdGggZG9tYWluIGluIGEgd2F5IFdNSSB1bmRlcnN0YW5kcwppZiAoJHVzZXJuYW1lIC1uZSAkbnVsbCkgewogICAgaWYgKCR1c2VybmFtZSAtZXEgIkxvY2FsU3lzdGVtIikgewogICAgICAgICR1c2VybmFtZV9zaWQgPSAiUy0xLTUtMTgiCiAgICB9IGVsc2UgewogICAgICAgICR1c2VybmFtZV9zaWQgPSBDb252ZXJ0LVRvU0lEIC1hY2NvdW50X25hbWUgJHVzZXJuYW1lCiAgICB9CgogICAgIyB0aGUgU1lTVEVNIGFjY291bnQgaXMgYSBzcGVjaWFsIGJlYXN0LCBXaW4zMl9TZXJ2aWNlIENoYW5nZSByZXF1aXJlcyBTdGFydE5hbWUgdG8gYmUgTG9jYWxTeXN0ZW0KICAgICMgdG8gc3BlY2lmeSBMb2NhbFN5c3RlbS9OVCBBVVRIT1JJVFlcU1lTVEVNCiAgICBpZiAoJHVzZXJuYW1lX3NpZCAtZXEgIlMtMS01LTE4IikgewogICAgICAgICR1c2VybmFtZSA9ICJMb2NhbFN5c3RlbSIKICAgICAgICAkcGFzc3dvcmQgPSAkbnVsbAogICAgfSBlbHNlIHsKICAgICAgICAjIFdpbjMyX1NlcnZpY2UsIHBhc3N3b3JkIG11c3QgYmUgIiIgYW5kIG5vdCAkbnVsbCB3aGVuIHNldHRpbmcgdG8gTG9jYWxTZXJ2aWNlIG9yIE5ldHdvcmtTZXJ2aWNlCiAgICAgICAgaWYgKCR1c2VybmFtZV9zaWQgLWluIEAoIlMtMS01LTE5IiwgIlMtMS01LTIwIikpIHsKICAgICAgICAgICAgJHBhc3N3b3JkID0gIiIKICAgICAgICB9CiAgICAgICAgJHVzZXJuYW1lID0gQ29udmVydC1Gcm9tU0lEIC1zaWQgJHVzZXJuYW1lX3NpZAogICAgfQp9CmlmICgkcGFzc3dvcmQgLW5lICRudWxsIC1hbmQgJHVzZXJuYW1lIC1lcSAkbnVsbCkgewogICAgRmFpbC1Kc29uICRyZXN1bHQgIlRoZSBhcmd1bWVudCAndXNlcm5hbWUnIG11c3QgYmUgc3VwcGxpZWQgd2l0aCAncGFzc3dvcmQnIgp9CmlmICgkZGVza3RvcF9pbnRlcmFjdCAtZXEgJHRydWUgLWFuZCAoLW5vdCAoJHVzZXJuYW1lIC1lcSAiTG9jYWxTeXN0ZW0iIC1vciAkdXNlcm5hbWUgLWVxICRudWxsKSkpIHsKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJDYW4gb25seSBzZXQgJ2Rlc2t0b3BfaW50ZXJhY3QnIHRvIHRydWUgd2hlbiAndXNlcm5hbWUnIGVxdWFscyAnTG9jYWxTeXN0ZW0nIgp9CmlmICgkcGF0aCAtbmUgJG51bGwpIHsKICAgICRwYXRoID0gW1N5c3RlbS5FbnZpcm9ubWVudF06OkV4cGFuZEVudmlyb25tZW50VmFyaWFibGVzKCRwYXRoKQp9CgpGdW5jdGlvbiBHZXQtU2VydmljZUluZm8oJG5hbWUpIHsKICAgICMgTmVlZCB0byBnZXQgbmV3IG9iamVjdHMgc28gd2UgaGF2ZSB0aGUgbGF0ZXN0IGluZm8KICAgICRzdmMgPSBHZXQtU2VydmljZSB8IFdoZXJlLU9iamVjdCB7ICRfLk5hbWUgLWVxICRuYW1lIC1vciAkXy5EaXNwbGF5TmFtZSAtZXEgJG5hbWUgfQogICAgJHdtaV9zdmMgPSBHZXQtQ2ltSW5zdGFuY2UgLUNsYXNzTmFtZSBXaW4zMl9TZXJ2aWNlIC1GaWx0ZXIgIm5hbWU9JyQoJHN2Yy5OYW1lKSciCgogICAgIyBEZWxheWVkIHN0YXJ0X21vZGUgaXMgaW4gcmVhbGl0eSBBdXRvbWF0aWMgKERlbGF5ZWQpLCBuZWVkIHRvIGNoZWNrIHJlZyBrZXkgZm9yIHR5cGUKICAgICRkZWxheWVkID0gR2V0LURlbGF5ZWRTdGF0dXMgLW5hbWUgJHN2Yy5OYW1lCiAgICAkYWN0dWFsX3 ScriptBlock ID: e038abdb-9a7f-4aba-9591-beae6363ba6f Path:	4104	1		3	2	15	0	1713	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1352	4744	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:20:01 PM	7f70462d-725d-0004-0069-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.SID": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCkZ1bmN0aW9uIENvbnZlcnQtRnJvbVNJRCgkc2lkKSB7CiAgICAjIENvbnZlcnRzIGEgU0lEIHRvIGEgRG93bi1MZXZlbCBMb2dvbiBuYW1lIGluIHRoZSBmb3JtIG9mIERPTUFJTlxVc2VyTmFtZQogICAgIyBJZiB0aGUgU0lEIGlzIGZvciBhIGxvY2FsIHVzZXIgb3IgZ3JvdXAgdGhlbiBET01BSU4gd291bGQgYmUgdGhlIHNlcnZlcgogICAgIyBuYW1lLgoKICAgICRhY2NvdW50X29iamVjdCA9IE5ldy1PYmplY3QgU3lzdGVtLlNlY3VyaXR5LlByaW5jaXBhbC5TZWN1cml0eUlkZW50aWZpZXIoJHNpZCkKICAgIHRyeSB7CiAgICAgICAgJG50X2FjY291bnQgPSAkYWNjb3VudF9vYmplY3QuVHJhbnNsYXRlKFtTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsLk5UQWNjb3VudF0pCiAgICB9IGNhdGNoIHsKICAgICAgICBGYWlsLUpzb24gLW9iaiBAe30gLW1lc3NhZ2UgImZhaWxlZCB0byBjb252ZXJ0IHNpZCAnJHNpZCcgdG8gYSBsb2dvbiBuYW1lOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgIH0KCiAgICByZXR1cm4gJG50X2FjY291bnQuVmFsdWUKfQoKRnVuY3Rpb24gQ29udmVydC1Ub1NJRCB7CiAgICBbRGlhZ25vc3RpY3MuQ29kZUFuYWx5c2lzLlN1cHByZXNzTWVzc2FnZUF0dHJpYnV0ZSgiUFNBdm9pZFVzaW5nRW1wdHlDYXRjaEJsb2NrIiwgIiIsIEp1c3RpZmljYXRpb249IldlIGRvbid0IGNhcmUgaWYgY29udmVydGluZyB0byBhIFNJRCBmYWlscywganVzdCB0aGF0IGl0IGZhaWxlZCBvciBub3QiKV0KICAgIHBhcmFtKCRhY2NvdW50X25hbWUpCiAgICAjIENvbnZlcnRzIGFuIGFjY291bnQgbmFtZSB0byBhIFNJRCwgaXQgY2FuIHRha2UgaW4gdGhlIGZvbGxvd2luZyBmb3JtcwogICAgIyBTSUQ6IFdpbGwganVzdCByZXR1cm4gdGhlIFNJRCB2YWx1ZSB0aGF0IHdhcyBwYXNzZWQgaW4KICAgICMgVVBOOgogICAgIyAgIHByaW5jaXBhbEBkb21haW4gKERvbWFpbiB1c2VycyBvbmx5KQogICAgIyBEb3duLUxldmVsIExvZ2luIE5hbWUKICAgICMgICBET01BSU5ccHJpbmNpcGFsIChEb21haW4pCiAgICAjICAgU0VSVkVSTkFNRVxwcmluY2lwYWwgKExvY2FsKQogICAgIyAgIC5ccHJpbmNpcGFsIChMb2NhbCkKICAgICMgICBOVCBBVVRIT1JJVFlcU1lTVEVNIChMb2NhbCBTZXJ2aWNlIEFjY291bnRzKQogICAgIyBMb2dpbiBOYW1lCiAgICAjICAgcHJpbmNpcGFsIChMb2NhbC9Mb2NhbCBTZXJ2aWNlIEFjY291bnRzKQoKICAgIHRyeSB7CiAgICAgICAgJHNpZCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5QcmluY2lwYWwuU2VjdXJpdHlJZGVudGlmaWVyIC1Bcmd1bWVudExpc3QgJGFjY291bnRfbmFtZQogICAgICAgIHJldHVybiAkc2lkLlZhbHVlCiAgICB9IGNhdGNoIHt9CgogICAgaWYgKCRhY2NvdW50X25hbWUgLWxpa2UgIipcKiIpIHsKICAgICAgICAkYWNjb3VudF9uYW1lX3NwbGl0ID0gJGFjY291bnRfbmFtZSAtc3BsaXQgIlxcIgogICAgICAgIGlmICgkYWNjb3VudF9uYW1lX3NwbGl0WzBdIC1lcSAiLiIpIHsKICAgICAgICAgICAgJGRvbWFpbiA9ICRlbnY6Q09NUFVURVJOQU1FCiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJGRvbWFpbiA9ICRhY2NvdW50X25hbWVfc3BsaXRbMF0KICAgICAgICB9CiAgICAgICAgJHVzZXJuYW1lID0gJGFjY291bnRfbmFtZV9zcGxpdFsxXQogICAgfSBlbHNlaWYgKCRhY2NvdW50X25hbWUgLWxpa2UgIipAKiIpIHsKICAgICAgICAkYWNjb3VudF9uYW1lX3NwbGl0ID0gJGFjY291bnRfbmFtZSAtc3BsaXQgIkAiCiAgICAgICAgJGRvbWFpbiA9ICRhY2NvdW50X25hbWVfc3BsaXRbMV0KICAgICAgICAkdXNlcm5hbWUgPSAkYWNjb3VudF9uYW1lX3NwbGl0WzBdCiAgICB9IGVsc2UgewogICAgICAgICRkb21haW4gPSAkbnVsbAogICAgICAgICR1c2VybmFtZSA9ICRhY2NvdW50X25hbWUKICAgIH0KCiAgICBpZiAoJGRvbWFpbikgewogICAgICAgICMgc2VhcmNoaW5nIGZvciBhIGxvY2FsIGdyb3VwIHdpdGggdGhlIHNlcnZlcm5hbWUgcHJlZml4ZWQgd2lsbCBmYWlsLAogICAgICAgICMgbmVlZCB0byBjaGVjayBmb3IgdGhpcyBzaXR1YXRpb24gYW5kIG9ubHkgdXNlIE5UQWNjb3VudChTdHJpbmcpCiAgICAgICAgaWYgKCRkb21haW4gLWVxICRlbnY6Q09NUFVURVJOQU1FKSB7CiAgICAgICAgICAgICRhZHNpID0gW0FEU0ldKCJXaW5OVDovLyRlbnY6Q09NUFVURVJOQU1FLGNvbXB1dGVyIikKICAgICAgICAgICAgJGdyb3VwID0gJGFkc2kucHNiYXNlLmNoaWxkcmVuIHwgV2hlcmUtT2JqZWN0IHsgJF8uc2NoZW1hQ2xhc3NOYW1lIC1lcSAiZ3JvdXAiIC1hbmQgJF8uTmFtZSAtZXEgJHVzZXJuYW1lIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZ3JvdXAgPSAkbnVsbAogICAgICAgIH0KICAgICAgICBpZiAoJGdyb3VwKSB7CiAgICAgICAgICAgICRhY2NvdW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsLk5UQWNjb3VudCgkdXNlcm5hbWUpCiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJGFjY291bnQgPSBOZXctT2JqZWN0IFN5c3RlbS5TZWN1cml0eS5QcmluY2lwYWwuTlRBY2NvdW50KCRkb21haW4sICR1c2VybmFtZSkKICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICMgd2hlbiBpbiBhIGRvbWFpbiBOVEFjY291bnQoU3RyaW5nKSB3aWxsIGZhdm91ciBkb21haW4gbG9va3VwcyBjaGVjawogICAgICAgICMgaWYgdXNlcm5hbWUgaXMgYSBsb2NhbCB1c2VyIGFuZCBleHBsaWN0bHkgc2VhcmNoIG9uIHRoZSBsb2NhbGhvc3QgZm9yCiAgICAgICAgIyB0aGF0IGFjY291bnQKICAgICAgICAkYWRzaSA9IFtBRFNJXSgiV2luTlQ6Ly8kZW52OkNPTVBVVEVSTkFNRSxjb21wdXRlciIpCiAgICAgICAgJHVzZXIgPSAkYWRzaS5wc2Jhc2UuY2hpbGRyZW4gfCBXaGVyZS1PYmplY3QgeyAkXy5zY2hlbWFDbGFzc05hbWUgLWVxICJ1c2VyIiAtYW5kICRfLk5hbWUgLWVxICR1c2VybmFtZSB9CiAgICAgICAgaWYgKCR1c2VyKSB7CiAgICAgICAgICAgICRhY2NvdW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsLk5UQWNjb3VudCgkZW52OkNPTVBVVEVSTkFNRSwgJHVzZXJuYW1lKQogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICRhY2NvdW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsLk5UQWNjb3VudCgkdXNlcm5hbWUpCiAgICAgICAgfQogICAgfQogICAgCiAgICB0cnkgewogICAgICAgICRhY2NvdW50X3NpZCA9ICRhY2NvdW50LlRyYW5zbGF0ZShbU3lzdGVtLlNlY3VyaXR5LlByaW5jaXBhbC5TZWN1cml0eUlkZW50aWZpZXJdKQogICAgfSBjYXRjaCB7CiAgICAgICAgRmFpbC1Kc29uIEB7fSAiYWNjb3VudF9uYW1lICRhY2NvdW50X25hbWUgaXMgbm90IGEgdmFsaWQgYWNjb3VudCwgY2Fubm90IGdldCBTSUQ6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgfQogICAgCiAgICByZXR1cm4gJGFjY291bnRfc2lkLlZhbHVlCn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBv ScriptBlock ID: e038abdb-9a7f-4aba-9591-beae6363ba6f Path:	4104	1		3	2	15	0	1712	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1352	4744	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:20:01 PM	7f70462d-725d-0004-0069-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1711	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1352	4560	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:20:01 PM	7f70462d-725d-0002-ab8f-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1352 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1710	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1352	4932	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:20:01 PM	7f70462d-725d-0002-ab8f-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1709	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1352	4560	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:20:01 PM	7f70462d-725d-0002-ab8f-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1708	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1392	4508	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:20:00 PM	7f70462d-725d-0002-9d8f-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1392 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1707	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1392	1656	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:20:00 PM	7f70462d-725d-0002-9d8f-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1706	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1392	4508	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:20:00 PM	7f70462d-725d-0002-9d8f-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1705	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4612	888	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:20:00 PM	7f70462d-725d-0002-9c8f-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4612 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1704	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4612	4756	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:20:00 PM	7f70462d-725d-0002-9c8f-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1703	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4612	888	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:20:00 PM	7f70462d-725d-0002-9c8f-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2015, Jon Hawkesworth (@jhawkesworth) <figs@unity.demon.co.uk> # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = 'Stop' $params = Parse-Args -arguments $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false $diff_mode = Get-AnsibleParam -obj $params -name "_ansible_diff" -type "bool" -default $false # there are 4 modes to win_copy which are driven by the action plugins: # explode: src is a zip file which needs to be extracted to dest, for use with multiple files # query: win_copy action plugin wants to get the state of remote files to check whether it needs to send them # remote: all copy action is happening remotely (remote_src=True) # single: a single file has been copied, also used with template $copy_mode = Get-AnsibleParam -obj $params -name "_copy_mode" -type "str" -default "single" -validateset "explode","query","remote","single" # used in explode, remote and single mode $src = Get-AnsibleParam -obj $params -name "src" -type "path" -failifempty ($copy_mode -in @("explode","process","single")) $dest = Get-AnsibleParam -obj $params -name "dest" -type "path" -failifempty $true # used in single mode $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" # used in query and remote mode $force = Get-AnsibleParam -obj $params -name "force" -type "bool" -default $true # used in query mode, contains the local files/directories/symlinks that are to be copied $files = Get-AnsibleParam -obj $params -name "files" -type "list" $directories = Get-AnsibleParam -obj $params -name "directories" -type "list" $symlinks = Get-AnsibleParam -obj $params -name "symlinks" -type "list" $result = @{ changed = $false } if ($diff_mode) { $result.diff = @{} } Function Copy-File($source, $dest) { $diff = "" $copy_file = $false $source_checksum = $null if ($force) { $source_checksum = Get-FileChecksum -path $source } if (Test-Path -Path $dest -PathType Container) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': dest is already a folder" } elseif (Test-Path -Path $dest -PathType Leaf) { if ($force) { $target_checksum = Get-FileChecksum -path $dest if ($source_checksum -ne $target_checksum) { $copy_file = $true } } } else { $copy_file = $true } if ($copy_file) { $file_dir = [System.IO.Path]::GetDirectoryName($dest) # validate the parent dir is not a file and that it exists if (Test-Path -Path $file_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } elseif (-not (Test-Path -Path $file_dir)) { # directory doesn't exist, need to create New-Item -Path $file_dir -ItemType Directory -WhatIf:$check_mode | Out-Null $diff += "+$file_dir\`n" } if (Test-Path -Path $dest -PathType Leaf) { Remove-Item -Path $dest -Force -Recurse -WhatIf:$check_mode | Out-Null $diff += "-$dest`n" } if (-not $check_mode) { # cannot run with -WhatIf:$check_mode as if the parent dir didn't # exist and was created above would still not exist in check mode Copy-Item -Path $source -Destination $dest -Force | Out-Null } $diff += "+$dest`n" $result.changed = $true } # ugly but to save us from running the checksum twice, let's return it for # the main code to add it to $result return ,@{ diff = $diff; checksum = $source_checksum } } Function Copy-Folder($source, $dest) { $diff = "" $copy_folder = $false if (-not (Test-Path -Path $dest -PathType Container)) { $parent_dir = [System.IO.Path]::GetDirectoryName($dest) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } if (Test-Path -Path $dest -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder from '$source' to '$dest': dest is already a file" } New-Item -Path $dest -ItemType Container -WhatIf:$check_mode | Out-Null $diff += "+$dest\`n" $result.changed = $true } $child_items = Get-ChildItem -Path $source -Force foreach ($child_item in $child_items) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_item.Name if ($child_item.PSIsContainer) { $diff += (Copy-Folder -source $child_item.Fullname -dest $dest_child_path) } else { $diff += (Copy-File -source $child_item.Fullname -dest $dest_child_path).diff } } return $diff } Function Get-FileSize($path) { $file = Get-Item -Path $path -Force $size = $null if ($file.PSIsContainer) { $dir_files_sum = Get-ChildItem $file.FullName -Recurse if ($dir_files_sum -eq $null -or ($dir_files_sum.PSObject.Properties.name -contains 'length' -eq $false)) { $size = 0 } else { $size = ($dir_files_sum | Measure-Object -property length -sum).Sum } } else { $size = $file.Length } $size } Function Extract-Zip($src, $dest) { $archive = [System.IO.Compression.ZipFile]::Open($src, [System.IO.Compression.ZipArchiveMode]::Read, [System.Text.Encoding]::UTF8) foreach ($entry in $archive.Entries) { $archive_name = $entry.FullName # FullName may be appended with / or \, determine if it is padded and remove it $padding_length = $archive_name.Length % 4 if ($padding_length -eq 0) { $is_dir = $false $base64_name = $archive_name } elseif ($padding_length -eq 1) { $is_dir = $true if ($archive_name.EndsWith("/") -or $archive_name.EndsWith("`\")) { $base64_name = $archive_name.Substring(0, $archive_name.Length - 1) } else { throw "invalid base64 archive name '$archive_name'" } } else { throw "invalid base64 length '$archive_name'" } # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_name = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_name)) # re-add the / to the entry full name if it was a directory if ($is_dir) { $decoded_archive_name = "$decoded_archive_name/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_name) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false) { if (-not $check_mode) { [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $entry_target_path, $true) } } } $archive.Dispose() # release the handle of the zip file } Function Extract-ZipLegacy($src, $dest) { if (-not (Test-Path -Path $dest)) { New-Item -Path $dest -ItemType Directory -WhatIf:$check_mode | Out-Null } $shell = New-Object -ComObject Shell.Application $zip = $shell.NameSpace($src) $dest_path = $shell.NameSpace($dest) foreach ($entry in $zip.Items()) { $is_dir = $entry.IsFolder $encoded_archive_entry = $entry.Name # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_entry = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encoded_archive_entry)) if ($is_dir) { $decoded_archive_entry = "$decoded_archive_entry/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_entry) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false -and (-not $check_mode)) { # https://msdn.microsoft.com/en-us/library/windows/desktop/bb787866.aspx # From Folder.CopyHere documentation, 1044 means: # - 1024: do not display a user interface if an error occurs # - 16: respond with "yes to all" for any dialog box that is displayed # - 4: do not display a progress dialog box $dest_path.CopyHere($entry, 1044) # once file is extraced, we need to rename it with non base64 name $combined_encoded_path = [System.IO.Path]::Combine($dest, $encoded_archive_entry) Move-Item -Path $combined_encoded_path -Destination $entry_target_path -Force | Out-Null } } } if ($copy_mode -eq "query") { # we only return a list of files/directories that need to be copied over # the source of the local file will be the key used $changed_files = @() $changed_directories = @() $changed_symlinks = @() foreach ($file in $files) { $filename = $file.dest $local_checksum = $file.checksum $filepath = Join-Path -Path $dest -ChildPath $filename if (Test-Path -Path $filepath -PathType Leaf) { if ($force) { $checksum = Get-FileChecksum -path $filepath if ($checksum -ne $local_checksum) { $will_change = $true $changed_files += $file } } } elseif (Test-Path -Path $filepath -PathType Container) { Fail-Json -obj $result -message "cannot copy file to dest '$filepath': object at path is already a directory" } else { $changed_files += $file } } foreach ($directory in $directories) { $dirname = $directory.dest $dirpath = Join-Path -Path $dest -ChildPath $dirname $parent_dir = [System.IO.Path]::GetDirectoryName($dirpath) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at parent directory path is already a file" } if (Test-Path -Path $dirpath -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at path is already a file" } elseif (-not (Test-Path -Path $dirpath -PathType Container)) { $changed_directories += $directory } } # TODO: Handle symlinks $result.files = $changed_files $result.directories = $changed_directories $result.symlinks = $changed_symlinks } elseif ($copy_mode -eq "explode") { # a single zip file containing the files and directories needs to be # expanded this will always result in a change as the calculation is done # on the win_copy action plugin and is only run if a change needs to occur if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot expand src zip file: '$src' as it does not exist" } # Detect if the PS zip assemblies are available or whether to use Shell $use_legacy = $false try { Add-Type -AssemblyName System.IO.Compression.FileSystem | Out-Null Add-Type -AssemblyName System.IO.Compression | Out-Null } catch { $use_legacy = $true } if ($use_legacy) { Extract-ZipLegacy -src $src -dest $dest } else { Extract-Zip -src $src -dest $dest } $result.changed = $true } elseif ($copy_mode -eq "remote") { # all copy actions are happening on the remote side (windows host), need # too copy source and dest using PS code $result.src = $src $result.dest = $dest if (-not (Test-Path -Path $src)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } if (Test-Path -Path $src -PathType Container) { # we are copying a directory or the contents of a directory $result.operation = 'folder_copy' if ($src.EndsWith("/") -or $src.EndsWith("`\")) { # copying the folder's contents to dest $diff = "" $child_files = Get-ChildItem -Path $src -Force foreach ($child_file in $child_files) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_file.Name if ($child_file.PSIsContainer) { $diff += Copy-Folder -source $child_file.FullName -dest $dest_child_path } else { $diff += (Copy-File -source $child_file.FullName -dest $dest_child_path).diff } } } else { # copying the folder and it's contents to dest $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest $diff = Copy-Folder -source $src -dest $dest } } else { # we are just copying a single file to dest $result.operation = 'file_copy' $source_basename = (Get-Item -Path $src -Force).Name $result.original_basename = $source_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\")) { $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest } else { # check if the parent dir exists, this is only done if src is a # file and dest if the path to a file (doesn't end with \ or /) $parent_dir = Split-Path -Path $dest if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } $copy_result = Copy-File -source $src -dest $dest $diff = $copy_result.diff $result.checksum = $copy_result.checksum } # the file might not exist if running in check mode if (-not $check_mode -or (Test-Path -Path $dest -PathType Leaf)) { $result.size = Get-FileSize -path $dest } else { $result.size = $null } if ($diff_mode) { $result.diff.prepared = $diff } } elseif ($copy_mode -eq "single") { # a single file is located in src and we need to copy to dest, this will # always result in a change as the calculation is done on the Ansible side # before this is run. This should also never run in check mode if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } # the dest parameter is a directory, we need to append original_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\") -or (Test-Path -Path $dest -PathType Container)) { $remote_dest = Join-Path -Path $dest -ChildPath $original_basename $parent_dir = Split-Path -Path $remote_dest # when dest ends with /, we need to create the destination directories if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { New-Item -Path $parent_dir -ItemType Directory | Out-Null } } else { $remote_dest = $dest $parent_dir = Split-Path -Path $remote_dest # check if the dest parent dirs exist, need to fail if they don't if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } Copy-Item -Path $src -Destination $remote_dest -Force | Out-Null $result.changed = $true } Exit-Json -obj $result ScriptBlock ID: 8908d2ec-434a-41e2-866b-515968c0ea01 Path:	4104	1		3	2	15	0	1702	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2648	4904	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:20:00 PM	7f70462d-725d-0001-5f53-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: ca50bcd2-3b12-4567-a540-944be33de6d6 Path:	4104	1		3	2	15	0	1701	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2648	3276	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:20:00 PM	7f70462d-725d-0005-fa57-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: eb7e03d0-9af7-4b09-b502-4a1ea1b42a21 Path:	4104	1		3	2	15	0	1700	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2648	3276	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:59 PM	7f70462d-725d-0005-f557-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): AkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJEZXN0aW5hdGlvbiBkaXJlY3RvcnkgJyRwYXJlbnRfZGlyJyBkb2VzIG5vdCBleGlzdCIKICAgICAgICB9CiAgICB9CgogICAgQ29weS1JdGVtIC1QYXRoICRzcmMgLURlc3RpbmF0aW9uICRyZW1vdGVfZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_copy_mode": "single", "_ansible_remote_tmp": "%TEMP%", "_ansible_syslog_facility": "LOG_USER", "_ansible_keep_remote_files": false, "_ansible_socket": null, "_original_basename": "pip-install-networking-hyperv.log", "_ansible_check_mode": false, "src": "C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1625573998.2-269642587231202\\source", "_ansible_no_log": false, "_ansible_module_name": "copy", "_ansible_verbosity": 2, "dest": "c:\\openstack\\log\\pip-install-networking-hyperv.log", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_tmpdir": "'C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1625573998.2-269642587231202'"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: d1d80b78-8b2a-4203-b4a6-be1e03a6bcf7 Path:	4104	1		3	2	15	0	1699	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2648	3276	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:59 PM	7f70462d-725d-0005-ef57-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): XN0KSB7CiAgICAkYXJjaGl2ZSA9IFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZV06Ok9wZW4oJHNyYywgW1N5c3RlbS5JTy5Db21wcmVzc2lvbi5aaXBBcmNoaXZlTW9kZV06OlJlYWQsIFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjgpCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJGFyY2hpdmUuRW50cmllcykgewogICAgICAgICRhcmNoaXZlX25hbWUgPSAkZW50cnkuRnVsbE5hbWUKCiAgICAgICAgIyBGdWxsTmFtZSBtYXkgYmUgYXBwZW5kZWQgd2l0aCAvIG9yIFwsIGRldGVybWluZSBpZiBpdCBpcyBwYWRkZWQgYW5kIHJlbW92ZSBpdAogICAgICAgICRwYWRkaW5nX2xlbmd0aCA9ICRhcmNoaXZlX25hbWUuTGVuZ3RoICUgNAogICAgICAgIGlmICgkcGFkZGluZ19sZW5ndGggLWVxIDApIHsKICAgICAgICAgICAgJGlzX2RpciA9ICRmYWxzZQogICAgICAgICAgICAkYmFzZTY0X25hbWUgPSAkYXJjaGl2ZV9uYW1lCiAgICAgICAgfSBlbHNlaWYgKCRwYWRkaW5nX2xlbmd0aCAtZXEgMSkgewogICAgICAgICAgICAkaXNfZGlyID0gJHRydWUKICAgICAgICAgICAgaWYgKCRhcmNoaXZlX25hbWUuRW5kc1dpdGgoIi8iKSAtb3IgJGFyY2hpdmVfbmFtZS5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAgICAgJGJhc2U2NF9uYW1lID0gJGFyY2hpdmVfbmFtZS5TdWJzdHJpbmcoMCwgJGFyY2hpdmVfbmFtZS5MZW5ndGggLSAxKQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgdGhyb3cgImludmFsaWQgYmFzZTY0IGFyY2hpdmUgbmFtZSAnJGFyY2hpdmVfbmFtZSciCiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICB0aHJvdyAiaW52YWxpZCBiYXNlNjQgbGVuZ3RoICckYXJjaGl2ZV9uYW1lJyIKICAgICAgICB9CgogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGJhc2U2NF9uYW1lKSkKICAgICAgICAjIHJlLWFkZCB0aGUgLyB0byB0aGUgZW50cnkgZnVsbCBuYW1lIGlmIGl0IHdhcyBhIGRpcmVjdG9yeQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9ICIkZGVjb2RlZF9hcmNoaXZlX25hbWUvIgogICAgICAgIH0KICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX25hbWUpCiAgICAgICAgJGVudHJ5X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGVudHJ5X3RhcmdldF9wYXRoKQoKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRlbnRyeV9kaXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRlbnRyeV9kaXIgLUl0ZW1UeXBlIERpcmVjdG9yeSAtV2hhdElmOiRjaGVja19tb2RlIHwgT3V0LU51bGwKICAgICAgICB9CgogICAgICAgIGlmICgkaXNfZGlyIC1lcSAkZmFsc2UpIHsKICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgICAgIFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZUV4dGVuc2lvbnNdOjpFeHRyYWN0VG9GaWxlKCRlbnRyeSwgJGVudHJ5X3RhcmdldF9wYXRoLCAkdHJ1ZSkKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KICAgICRhcmNoaXZlLkRpc3Bvc2UoKSAgIyByZWxlYXNlIHRoZSBoYW5kbGUgb2YgdGhlIHppcCBmaWxlCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwTGVnYWN5KCRzcmMsICRkZXN0KSB7CiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0KSkgewogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICB9CiAgICAkc2hlbGwgPSBOZXctT2JqZWN0IC1Db21PYmplY3QgU2hlbGwuQXBwbGljYXRpb24KICAgICR6aXAgPSAkc2hlbGwuTmFtZVNwYWNlKCRzcmMpCiAgICAkZGVzdF9wYXRoID0gJHNoZWxsLk5hbWVTcGFjZSgkZGVzdCkKCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJHppcC5JdGVtcygpKSB7CiAgICAgICAgJGlzX2RpciA9ICRlbnRyeS5Jc0ZvbGRlcgogICAgICAgICRlbmNvZGVkX2FyY2hpdmVfZW50cnkgPSAkZW50cnkuTmFtZQogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRlbmNvZGVkX2FyY2hpdmVfZW50cnkpKQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSAiJGRlY29kZWRfYXJjaGl2ZV9lbnRyeS8iCiAgICAgICAgfQoKICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX2VudHJ5KQogICAgICAgICRlbnRyeV9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRlbnRyeV90YXJnZXRfcGF0aCkKCiAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkZW50cnlfZGlyKSkgewogICAgICAgICAgICBOZXctSXRlbSAtUGF0aCAkZW50cnlfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfQoKICAgICAgICBpZiAoJGlzX2RpciAtZXEgJGZhbHNlIC1hbmQgKC1ub3QgJGNoZWNrX21vZGUpKSB7CiAgICAgICAgICAgICMgaHR0cHM6Ly9tc2RuLm1pY3Jvc29mdC5jb20vZW4tdXMvbGlicmFyeS93aW5kb3dzL2Rlc2t0b3AvYmI3ODc4NjYuYXNweAogICAgICAgICAgICAjIEZyb20gRm9sZGVyLkNvcHlIZXJlIGRvY3VtZW50YXRpb24sIDEwNDQgbWVhbnM6CiAgICAgICAgICAgICMgIC0gMTAyNDogZG8gbm90IGRpc3BsYXkgYSB1c2VyIGludGVyZmFjZSBpZiBhbiBlcnJvciBvY2N1cnMKICAgICAgICAgICAgIyAgLSAgIDE2OiByZXNwb25kIHdpdGggInllcyB0byBhbGwiIGZvciBhbnkgZGlhbG9nIGJveCB0aGF0IGlzIGRpc3BsYXllZAogICAgICAgICAgICAjICAtICAgIDQ6IGRvIG5vdCBkaXNwbGF5IGEgcHJvZ3Jlc3MgZGlhbG9nIGJveAogICAgICAgICAgICAkZGVzdF9wYXRoLkNvcHlIZXJlKCRlbnRyeSwgMTA0NCkKCiAgICAgICAgICAgICMgb25jZSBmaWxlIGlzIGV4dHJhY2VkLCB3ZSBuZWVkIHRvIHJlbmFtZSBpdCB3aXRoIG5vbiBiYXNlNjQgbmFtZQogICAgICAgICAgICAkY29tYmluZWRfZW5jb2RlZF9wYXRoID0gW1N5c3RlbS5JTy5QYXRoXTo6Q29tYmluZSgkZGVzdCwgJGVuY29kZWRfYXJjaGl2ZV9lbnRyeSkKICAgICAgICAgICAgTW92ZS1JdGVtIC1QYXRoICRjb21iaW5lZF9lbmNvZGVkX3BhdGggLURlc3RpbmF0aW9uICRlbnRyeV90YXJnZXRfcGF0aCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0KfQoKaWYgKCRjb3B5X21vZGUgLWVxICJxdWVyeSIpIHsKICAgICMgd2Ugb25seSByZXR1cm4gYSBsaXN0IG9mIGZpbGVzL2RpcmVjdG9yaWVzIHRoYXQgbmVlZCB0byBiZSBjb3BpZWQgb3ZlcgogICAgIyB0aGUgc291cmNlIG9mIHRoZSBsb2NhbCBmaWxlIHdpbGwgYmUgdGhlIGtleSB1c2VkCiAgICAkY2hhbmdlZF9maWxlcyA9IEAoKQogICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgPSBAKCkKICAgICRjaGFuZ2VkX3N5bWxpbmtzID0gQCgpCgogICAgZm9yZWFjaCAoJGZpbGUgaW4gJGZpbGVzKSB7CiAgICAgICAgJGZpbGVuYW1lID0gJGZpbGUuZGVzdAogICAgICAgICRsb2NhbF9jaGVja3N1bSA9ICRmaWxlLmNoZWNrc3VtCgogICAgICAgICRmaWxlcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoICRmaWxlbmFtZQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGZpbGVwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAgICAgICAgICRjaGVja3N1bSA9IEdldC1GaWxlQ2hlY2tzdW0gLXBhdGggJGZpbGVwYXRoCiAgICAgICAgICAgICAgICBpZiAoJGNoZWNrc3VtIC1uZSAkbG9jYWxfY2hlY2tzdW0pIHsKICAgICAgICAgICAgICAgICAgICAkd2lsbF9jaGFuZ2UgPSAkdHJ1ZQogICAgICAgICAgICAgICAgICAgICRjaGFuZ2VkX2ZpbGVzICs9ICRmaWxlCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRmaWxlcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZpbGUgdG8gZGVzdCAnJGZpbGVwYXRoJzogb2JqZWN0IGF0IHBhdGggaXMgYWxyZWFkeSBhIGRpcmVjdG9yeSIKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkY2hhbmdlZF9maWxlcyArPSAkZmlsZQogICAgICAgIH0KICAgIH0KCiAgICBmb3JlYWNoICgkZGlyZWN0b3J5IGluICRkaXJlY3RvcmllcykgewogICAgICAgICRkaXJuYW1lID0gJGRpcmVjdG9yeS5kZXN0CgogICAgICAgICRkaXJwYXRoID0gSm9pbi1QYXRoIC1QYXRoICRkZXN0IC1DaGlsZFBhdGggJGRpcm5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGRpcnBhdGgpCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgdG8gZGVzdCAnJGRpcnBhdGgnOiBvYmplY3QgYXQgcGFyZW50IGRpcmVjdG9yeSBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0KICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRkaXJwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZvbGRlciB0byBkZXN0ICckZGlycGF0aCc6IG9iamVjdCBhdCBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0gZWxzZWlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGRpcnBhdGggLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAgICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgKz0gJGRpcmVjdG9yeQogICAgICAgIH0KICAgIH0KCiAgICAjIFRPRE86IEhhbmRsZSBzeW1saW5rcwoKICAgICRyZXN1bHQuZmlsZXMgPSAkY2hhbmdlZF9maWxlcwogICAgJHJlc3VsdC5kaXJlY3RvcmllcyA9ICRjaGFuZ2VkX2RpcmVjdG9yaWVzCiAgICAkcmVzdWx0LnN5bWxpbmtzID0gJGNoYW5nZWRfc3ltbGlua3MKfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJleHBsb2RlIikgewogICAgIyBhIHNpbmdsZSB6aXAgZmlsZSBjb250YWluaW5nIHRoZSBmaWxlcyBhbmQgZGlyZWN0b3JpZXMgbmVlZHMgdG8gYmUKICAgICMgZXhwYW5kZWQgdGhpcyB3aWxsIGFsd2F5cyByZXN1bHQgaW4gYSBjaGFuZ2UgYXMgdGhlIGNhbGN1bGF0aW9uIGlzIGRvbmUKICAgICMgb24gdGhlIHdpbl9jb3B5IGFjdGlvbiBwbHVnaW4gYW5kIGlzIG9ubHkgcnVuIGlmIGEgY2hhbmdlIG5lZWRzIHRvIG9jY3VyCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRzcmMgLVBhdGhUeXBlIExlYWYpKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiQ2Fubm90IGV4cGFuZCBzcmMgemlwIGZpbGU6ICckc3JjJyBhcyBpdCBkb2VzIG5vdCBleGlzdCIKICAgIH0KCiAgICAjIERldGVjdCBpZiB0aGUgUFMgemlwIGFzc2VtYmxpZXMgYXJlIGF2YWlsYWJsZSBvciB3aGV0aGVyIHRvIHVzZSBTaGVsbAogICAgJHVzZV9sZWdhY3kgPSAkZmFsc2UKICAgIHRyeSB7CiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24uRmlsZVN5c3RlbSB8IE91dC1OdWxsCiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24gfCBPdXQtTnVsbAogICAgfSBjYXRjaCB7CiAgICAgICAgJHVzZV9sZWdhY3kgPSAkdHJ1ZQogICAgfQogICAgaWYgKCR1c2VfbGVnYWN5KSB7CiAgICAgICAgRXh0cmFjdC1aaXBMZWdhY3kgLXNyYyAkc3JjIC1kZXN0ICRkZXN0CiAgICB9IGVsc2UgewogICAgICAgIEV4dHJhY3QtWmlwIC1zcmMgJHNyYyAtZGVzdCAkZGVzdAogICAgfQoKICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCn0gZWxzZWlmICgkY29weV9tb2RlIC1lcSAicmVtb3RlIikgewogICAgIyBhbGwgY29weSBhY3Rpb25zIGFyZSBoYXBwZW5pbmcgb24gdGhlIHJlbW90ZSBzaWRlICh3aW5kb3dzIGhvc3QpLCBuZWVkCiAgICAjIHRvbyBjb3B5IHNvdXJjZSBhbmQgZGVzdCB1c2luZyBQUyBjb2RlCiAgICAkcmVzdWx0LnNyYyA9ICRzcmMKICAgICRyZXN1bHQuZGVzdCA9ICRkZXN0CgogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBDb250YWluZXIpIHsKICAgICAgICAjIHdlIGFyZSBjb3B5aW5nIGEgZGlyZWN0b3J5IG9yIHRoZSBjb250ZW50cyBvZiBhIGRpcmVjdG9yeQogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZvbGRlcl9jb3B5JwogICAgICAgIGlmICgkc3JjLkVuZHNXaXRoKCIvIikgLW9yICRzcmMuRW5kc1dpdGgoImBcIikpIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIncyBjb250ZW50cyB0byBkZXN0CiAgICAgICAgICAgICRkaWZmID0gIiIKICAgICAgICAgICAgJGNoaWxkX2ZpbGVzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZQogICAgICAgICAgICBmb3JlYWNoICgkY2hpbGRfZmlsZSBpbiAkY2hpbGRfZmlsZXMpIHsKICAgICAgICAgICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfZmlsZS5OYW1lCiAgICAgICAgICAgICAgICBpZiAoJGNoaWxkX2ZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgICAgICRkaWZmICs9IENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aAogICAgICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIgYW5kIGl0J3MgY29udGVudHMgdG8gZGVzdAogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgICAgICAkZGlmZiA9IENvcHktRm9sZGVyIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgIyB3ZSBhcmUganVzdCBjb3B5aW5nIGEgc2luZ2xlIGZpbGUgdG8gZGVzdAogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZpbGVfY29weScKCiAgICAgICAgJHNvdXJjZV9iYXNlbmFtZSA9IChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICRyZXN1bHQub3JpZ2luYWxfYmFzZW5hbWUgPSAkc291cmNlX2Jhc2VuYW1lCgogICAgICAgIGlmICgkZGVzdC5FbmRzV2l0aCgiLyIpIC1vciAkZGVzdC5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICMgY2hlY2sgaWYgdGhlIHBhcmVudCBkaXIgZXhpc3RzLCB0aGlzIGlzIG9ubHkgZG9uZSBpZiBzcmMgaXMgYQogICAgICAgICAgICAjIGZpbGUgYW5kIGRlc3QgaWYgdGhlIHBhdGggdG8gYSBmaWxlIChkb2Vzbid0IGVuZCB3aXRoIFwgb3IgLykKICAgICAgICAgICAgJHBhcmVudF9kaXIgPSBTcGxpdC1QYXRoIC1QYXRoICRkZXN0CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRGVzdGluYXRpb24gZGlyZWN0b3J5ICckcGFyZW50X2RpcicgZG9lcyBub3QgZXhpc3QiCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgJGNvcHlfcmVzdWx0ID0gQ29weS1GaWxlIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgICRkaWZmID0gJGNvcHlfcmVzdWx0LmRpZmYKICAgICAgICAkcmVzdWx0LmNoZWNrc3VtID0gJGNvcHlfcmVzdWx0LmNoZWNrc3VtCiAgICB9CgogICAgIyB0aGUgZmlsZSBtaWdodCBub3QgZXhpc3QgaWYgcnVubmluZyBpbiBjaGVjayBtb2RlCiAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSAtb3IgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikpIHsKICAgICAgICAkcmVzdWx0LnNpemUgPSBHZXQtRmlsZVNpemUgLXBhdGggJGRlc3QKICAgIH0gZWxzZSB7CiAgICAgICAgJHJlc3VsdC5zaXplID0gJG51bGwKICAgIH0KICAgIGlmICgkZGlmZl9tb2RlKSB7CiAgICAgICAgJHJlc3VsdC5kaWZmLnByZXBhcmVkID0gJGRpZmYKICAgIH0KfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJzaW5nbGUiKSB7CiAgICAjIGEgc2luZ2xlIGZpbGUgaXMgbG9jYXRlZCBpbiBzcmMgYW5kIHdlIG5lZWQgdG8gY29weSB0byBkZXN0LCB0aGlzIHdpbGwKICAgICMgYWx3YXlzIHJlc3VsdCBpbiBhIGNoYW5nZSBhcyB0aGUgY2FsY3VsYXRpb24gaXMgZG9uZSBvbiB0aGUgQW5zaWJsZSBzaWRlCiAgICAjIGJlZm9yZSB0aGlzIGlzIHJ1bi4gVGhpcyBzaG91bGQgYWxzbyBuZXZlciBydW4gaW4gY2hlY2sgbW9kZQogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBMZWFmKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgIyB0aGUgZGVzdCBwYXJhbWV0ZXIgaXMgYSBkaXJlY3RvcnksIHdlIG5lZWQgdG8gYXBwZW5kIG9yaWdpbmFsX2Jhc2VuYW1lCiAgICBpZiAoJGRlc3QuRW5kc1dpdGgoIi8iKSAtb3IgJGRlc3QuRW5kc1dpdGgoImBcIikgLW9yIChUZXN0LVBhdGggLVBhdGggJGRlc3QgLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAkcmVtb3RlX2Rlc3QgPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkb3JpZ2luYWxfYmFzZW5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgd2hlbiBkZXN0IGVuZHMgd2l0aCAvLCB3ZSBuZWVkIHRvIGNyZWF0ZSB0aGUgZGVzdGluYXRpb24gZGlyZWN0b3JpZXMKICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXJlbnRfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHJlbW90ZV9kZXN0ID0gJGRlc3QKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgY2hlY2sgaWYgdGhlIGRlc3QgcGFyZW50IGRpcnMgZXhpc3QsIG5lZWQgdG8gZmFpbCBpZiB0aGV5IGRvbid0CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJvYmplY3QgYXQgZGVzdGluYXRpb24gcGFyZW50IGRpciAnJHBhcmVudF9kaXInIGlzIGN1cnJlbnRseSBhIGZpbGUiCiAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aC ScriptBlock ID: d1d80b78-8b2a-4203-b4a6-be1e03a6bcf7 Path:	4104	1		3	2	15	0	1698	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2648	3276	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:59 PM	7f70462d-725d-0005-ef57-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): W5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTUsIEpvbiBIYXdrZXN3b3J0aCAoQGpoYXdrZXN3b3J0aCkgPGZpZ3NAdW5pdHkuZGVtb24uY28udWs+CiMgQ29weXJpZ2h0OiAoYykgMjAxNywgQW5zaWJsZSBQcm9qZWN0CiMgR05VIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgdjMuMCsgKHNlZSBDT1BZSU5HIG9yIGh0dHBzOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvZ3BsLTMuMC50eHQpCgojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxlZ2FjeQoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKJHBhcmFtcyA9IFBhcnNlLUFyZ3MgLWFyZ3VtZW50cyAkYXJncyAtc3VwcG9ydHNfY2hlY2tfbW9kZSAkdHJ1ZQokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtdHlwZSAiYm9vbCIgLWRlZmF1bHQgJGZhbHNlCiRkaWZmX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfZGlmZiIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQoKIyB0aGVyZSBhcmUgNCBtb2RlcyB0byB3aW5fY29weSB3aGljaCBhcmUgZHJpdmVuIGJ5IHRoZSBhY3Rpb24gcGx1Z2luczoKIyAgIGV4cGxvZGU6IHNyYyBpcyBhIHppcCBmaWxlIHdoaWNoIG5lZWRzIHRvIGJlIGV4dHJhY3RlZCB0byBkZXN0LCBmb3IgdXNlIHdpdGggbXVsdGlwbGUgZmlsZXMKIyAgIHF1ZXJ5OiB3aW5fY29weSBhY3Rpb24gcGx1Z2luIHdhbnRzIHRvIGdldCB0aGUgc3RhdGUgb2YgcmVtb3RlIGZpbGVzIHRvIGNoZWNrIHdoZXRoZXIgaXQgbmVlZHMgdG8gc2VuZCB0aGVtCiMgICByZW1vdGU6IGFsbCBjb3B5IGFjdGlvbiBpcyBoYXBwZW5pbmcgcmVtb3RlbHkgKHJlbW90ZV9zcmM9VHJ1ZSkKIyAgIHNpbmdsZTogYSBzaW5nbGUgZmlsZSBoYXMgYmVlbiBjb3BpZWQsIGFsc28gdXNlZCB3aXRoIHRlbXBsYXRlCiRjb3B5X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2NvcHlfbW9kZSIgLXR5cGUgInN0ciIgLWRlZmF1bHQgInNpbmdsZSIgLXZhbGlkYXRlc2V0ICJleHBsb2RlIiwicXVlcnkiLCJyZW1vdGUiLCJzaW5nbGUiCgojIHVzZWQgaW4gZXhwbG9kZSwgcmVtb3RlIGFuZCBzaW5nbGUgbW9kZQokc3JjID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInNyYyIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAoJGNvcHlfbW9kZSAtaW4gQCgiZXhwbG9kZSIsInByb2Nlc3MiLCJzaW5nbGUiKSkKJGRlc3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGVzdCIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAkdHJ1ZQoKIyB1c2VkIGluIHNpbmdsZSBtb2RlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCgojIHVzZWQgaW4gcXVlcnkgYW5kIHJlbW90ZSBtb2RlCiRmb3JjZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmb3JjZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCgojIHVzZWQgaW4gcXVlcnkgbW9kZSwgY29udGFpbnMgdGhlIGxvY2FsIGZpbGVzL2RpcmVjdG9yaWVzL3N5bWxpbmtzIHRoYXQgYXJlIHRvIGJlIGNvcGllZAokZmlsZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZmlsZXMiIC10eXBlICJsaXN0IgokZGlyZWN0b3JpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGlyZWN0b3JpZXMiIC10eXBlICJsaXN0Igokc3ltbGlua3MgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3ltbGlua3MiIC10eXBlICJsaXN0IgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCn0KCmlmICgkZGlmZl9tb2RlKSB7CiAgICAkcmVzdWx0LmRpZmYgPSBAe30KfQoKRnVuY3Rpb24gQ29weS1GaWxlKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9maWxlID0gJGZhbHNlCiAgICAkc291cmNlX2NoZWNrc3VtID0gJG51bGwKICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAkc291cmNlX2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkc291cmNlCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBkZXN0IGlzIGFscmVhZHkgYSBmb2xkZXIiCiAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgaWYgKCRmb3JjZSkgewogICAgICAgICAgICAkdGFyZ2V0X2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkZGVzdAogICAgICAgICAgICBpZiAoJHNvdXJjZV9jaGVja3N1bSAtbmUgJHRhcmdldF9jaGVja3N1bSkgewogICAgICAgICAgICAgICAgJGNvcHlfZmlsZSA9ICR0cnVlCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICRjb3B5X2ZpbGUgPSAkdHJ1ZQogICAgfQoKICAgIGlmICgkY29weV9maWxlKSB7CiAgICAgICAgJGZpbGVfZGlyID0gW1N5c3RlbS5JTy5QYXRoXTo6R2V0RGlyZWN0b3J5TmFtZSgkZGVzdCkKICAgICAgICAjIHZhbGlkYXRlIHRoZSBwYXJlbnQgZGlyIGlzIG5vdCBhIGZpbGUgYW5kIHRoYXQgaXQgZXhpc3RzCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZmlsZV9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRmaWxlX2RpcikpIHsKICAgICAgICAgICAgIyBkaXJlY3RvcnkgZG9lc24ndCBleGlzdCwgbmVlZCB0byBjcmVhdGUKICAgICAgICAgICAgTmV3LUl0ZW0gLVBhdGggJGZpbGVfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICIrJGZpbGVfZGlyXGBuIgogICAgICAgIH0KCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBSZW1vdmUtSXRlbSAtUGF0aCAkZGVzdCAtRm9yY2UgLVJlY3Vyc2UgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICItJGRlc3RgbiIKICAgICAgICB9CgogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICMgY2Fubm90IHJ1biB3aXRoIC1XaGF0SWY6JGNoZWNrX21vZGUgYXMgaWYgdGhlIHBhcmVudCBkaXIgZGlkbid0CiAgICAgICAgICAgICMgZXhpc3QgYW5kIHdhcyBjcmVhdGVkIGFib3ZlIHdvdWxkIHN0aWxsIG5vdCBleGlzdCBpbiBjaGVjayBtb2RlCiAgICAgICAgICAgIENvcHktSXRlbSAtUGF0aCAkc291cmNlIC1EZXN0aW5hdGlvbiAkZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgICAgICAkZGlmZiArPSAiKyRkZXN0YG4iCgogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgIyB1Z2x5IGJ1dCB0byBzYXZlIHVzIGZyb20gcnVubmluZyB0aGUgY2hlY2tzdW0gdHdpY2UsIGxldCdzIHJldHVybiBpdCBmb3IKICAgICMgdGhlIG1haW4gY29kZSB0byBhZGQgaXQgdG8gJHJlc3VsdAogICAgcmV0dXJuICxAeyBkaWZmID0gJGRpZmY7IGNoZWNrc3VtID0gJHNvdXJjZV9jaGVja3N1bSB9Cn0KCkZ1bmN0aW9uIENvcHktRm9sZGVyKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9mb2xkZXIgPSAkZmFsc2UKCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgJHBhcmVudF9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRkZXN0KQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgZnJvbSAnJHNvdXJjZScgdG8gJyRkZXN0JzogZGVzdCBpcyBhbHJlYWR5IGEgZmlsZSIKICAgICAgICB9CgogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBDb250YWluZXIgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgJGRpZmYgKz0gIiskZGVzdFxgbiIKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQoKICAgICRjaGlsZF9pdGVtcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJHNvdXJjZSAtRm9yY2UKICAgIGZvcmVhY2ggKCRjaGlsZF9pdGVtIGluICRjaGlsZF9pdGVtcykgewogICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfaXRlbS5OYW1lCiAgICAgICAgaWYgKCRjaGlsZF9pdGVtLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgJGRpZmYgKz0gKENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgIH0KICAgIH0KCiAgICByZXR1cm4gJGRpZmYKfQoKRnVuY3Rpb24gR2V0LUZpbGVTaXplKCRwYXRoKSB7CiAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRwYXRoIC1Gb3JjZQogICAgJHNpemUgPSAkbnVsbAogICAgaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAkZGlyX2ZpbGVzX3N1bSA9IEdldC1DaGlsZEl0ZW0gJGZpbGUuRnVsbE5hbWUgLVJlY3Vyc2UKICAgICAgICBpZiAoJGRpcl9maWxlc19zdW0gLWVxICRudWxsIC1vciAoJGRpcl9maWxlc19zdW0uUFNPYmplY3QuUHJvcGVydGllcy5uYW1lIC1jb250YWlucyAnbGVuZ3RoJyAtZXEgJGZhbHNlKSkgewogICAgICAgICAgICAkc2l6ZSA9IDAKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkc2l6ZSA9ICgkZGlyX2ZpbGVzX3N1bSB8IE1lYXN1cmUtT2JqZWN0IC1wcm9wZXJ0eSBsZW5ndGggLXN1bSkuU3VtCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkc2l6ZSA9ICRmaWxlLkxlbmd0aAogICAgfQoKICAgICRzaXplCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwKCRzcmMsICRkZ ScriptBlock ID: d1d80b78-8b2a-4203-b4a6-be1e03a6bcf7 Path:	4104	1		3	2	15	0	1697	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2648	3276	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:59 PM	7f70462d-725d-0005-ef57-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3Rya ScriptBlock ID: d1d80b78-8b2a-4203-b4a6-be1e03a6bcf7 Path:	4104	1		3	2	15	0	1696	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2648	3276	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:59 PM	7f70462d-725d-0005-ef57-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1695	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2648	1084	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:59 PM	7f70462d-725d-0002-998f-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2648 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1694	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2648	4996	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:59 PM	7f70462d-725d-0002-998f-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1693	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2648	1084	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:59 PM	7f70462d-725d-0002-998f-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): begin { $path = 'C:\Users\Admin\AppData\Local\Temp\ansible-tmp-1625573998.2-269642587231202\source' $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 $fd = [System.IO.File]::Create($path) $sha1 = [System.Security.Cryptography.SHA1CryptoServiceProvider]::Create() $bytes = @() #initialize for empty file case } process { $bytes = [System.Convert]::FromBase64String($input) $sha1.TransformBlock($bytes, 0, $bytes.Length, $bytes, 0) | Out-Null $fd.Write($bytes, 0, $bytes.Length) } end { $sha1.TransformFinalBlock($bytes, 0, 0) | Out-Null $hash = [System.BitConverter]::ToString($sha1.Hash).Replace("-", "").ToLowerInvariant() $fd.Close() Write-Output "{""sha1"":""$hash""}" } ScriptBlock ID: 24e715d0-e170-42a3-aea6-e9b8f7e0bce1 Path:	4104	1		3	2	15	0	1692	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3440	4432	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:59 PM	7f70462d-725d-0003-9691-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1691	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3440	5016	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:59 PM	7f70462d-725d-0001-5b53-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3440 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1690	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3440	2504	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:59 PM	7f70462d-725d-0001-5b53-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1689	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3440	5016	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:58 PM	7f70462d-725d-0001-5b53-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1688	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4936	748	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:58 PM	7f70462d-725d-0005-eb57-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4936 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1687	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4936	4660	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:58 PM	7f70462d-725d-0005-eb57-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1686	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4936	748	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:58 PM	7f70462d-725d-0005-eb57-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1685	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2288	3588	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:58 PM	7f70462d-725d-0003-9491-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2288 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1684	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2288	88	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:58 PM	7f70462d-725d-0003-9491-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1683	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2288	3588	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:58 PM	7f70462d-725d-0003-9491-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2015, Jon Hawkesworth (@jhawkesworth) <figs@unity.demon.co.uk> # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = 'Stop' $params = Parse-Args -arguments $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false $diff_mode = Get-AnsibleParam -obj $params -name "_ansible_diff" -type "bool" -default $false # there are 4 modes to win_copy which are driven by the action plugins: # explode: src is a zip file which needs to be extracted to dest, for use with multiple files # query: win_copy action plugin wants to get the state of remote files to check whether it needs to send them # remote: all copy action is happening remotely (remote_src=True) # single: a single file has been copied, also used with template $copy_mode = Get-AnsibleParam -obj $params -name "_copy_mode" -type "str" -default "single" -validateset "explode","query","remote","single" # used in explode, remote and single mode $src = Get-AnsibleParam -obj $params -name "src" -type "path" -failifempty ($copy_mode -in @("explode","process","single")) $dest = Get-AnsibleParam -obj $params -name "dest" -type "path" -failifempty $true # used in single mode $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" # used in query and remote mode $force = Get-AnsibleParam -obj $params -name "force" -type "bool" -default $true # used in query mode, contains the local files/directories/symlinks that are to be copied $files = Get-AnsibleParam -obj $params -name "files" -type "list" $directories = Get-AnsibleParam -obj $params -name "directories" -type "list" $symlinks = Get-AnsibleParam -obj $params -name "symlinks" -type "list" $result = @{ changed = $false } if ($diff_mode) { $result.diff = @{} } Function Copy-File($source, $dest) { $diff = "" $copy_file = $false $source_checksum = $null if ($force) { $source_checksum = Get-FileChecksum -path $source } if (Test-Path -Path $dest -PathType Container) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': dest is already a folder" } elseif (Test-Path -Path $dest -PathType Leaf) { if ($force) { $target_checksum = Get-FileChecksum -path $dest if ($source_checksum -ne $target_checksum) { $copy_file = $true } } } else { $copy_file = $true } if ($copy_file) { $file_dir = [System.IO.Path]::GetDirectoryName($dest) # validate the parent dir is not a file and that it exists if (Test-Path -Path $file_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } elseif (-not (Test-Path -Path $file_dir)) { # directory doesn't exist, need to create New-Item -Path $file_dir -ItemType Directory -WhatIf:$check_mode | Out-Null $diff += "+$file_dir\`n" } if (Test-Path -Path $dest -PathType Leaf) { Remove-Item -Path $dest -Force -Recurse -WhatIf:$check_mode | Out-Null $diff += "-$dest`n" } if (-not $check_mode) { # cannot run with -WhatIf:$check_mode as if the parent dir didn't # exist and was created above would still not exist in check mode Copy-Item -Path $source -Destination $dest -Force | Out-Null } $diff += "+$dest`n" $result.changed = $true } # ugly but to save us from running the checksum twice, let's return it for # the main code to add it to $result return ,@{ diff = $diff; checksum = $source_checksum } } Function Copy-Folder($source, $dest) { $diff = "" $copy_folder = $false if (-not (Test-Path -Path $dest -PathType Container)) { $parent_dir = [System.IO.Path]::GetDirectoryName($dest) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } if (Test-Path -Path $dest -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder from '$source' to '$dest': dest is already a file" } New-Item -Path $dest -ItemType Container -WhatIf:$check_mode | Out-Null $diff += "+$dest\`n" $result.changed = $true } $child_items = Get-ChildItem -Path $source -Force foreach ($child_item in $child_items) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_item.Name if ($child_item.PSIsContainer) { $diff += (Copy-Folder -source $child_item.Fullname -dest $dest_child_path) } else { $diff += (Copy-File -source $child_item.Fullname -dest $dest_child_path).diff } } return $diff } Function Get-FileSize($path) { $file = Get-Item -Path $path -Force $size = $null if ($file.PSIsContainer) { $dir_files_sum = Get-ChildItem $file.FullName -Recurse if ($dir_files_sum -eq $null -or ($dir_files_sum.PSObject.Properties.name -contains 'length' -eq $false)) { $size = 0 } else { $size = ($dir_files_sum | Measure-Object -property length -sum).Sum } } else { $size = $file.Length } $size } Function Extract-Zip($src, $dest) { $archive = [System.IO.Compression.ZipFile]::Open($src, [System.IO.Compression.ZipArchiveMode]::Read, [System.Text.Encoding]::UTF8) foreach ($entry in $archive.Entries) { $archive_name = $entry.FullName # FullName may be appended with / or \, determine if it is padded and remove it $padding_length = $archive_name.Length % 4 if ($padding_length -eq 0) { $is_dir = $false $base64_name = $archive_name } elseif ($padding_length -eq 1) { $is_dir = $true if ($archive_name.EndsWith("/") -or $archive_name.EndsWith("`\")) { $base64_name = $archive_name.Substring(0, $archive_name.Length - 1) } else { throw "invalid base64 archive name '$archive_name'" } } else { throw "invalid base64 length '$archive_name'" } # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_name = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_name)) # re-add the / to the entry full name if it was a directory if ($is_dir) { $decoded_archive_name = "$decoded_archive_name/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_name) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false) { if (-not $check_mode) { [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $entry_target_path, $true) } } } $archive.Dispose() # release the handle of the zip file } Function Extract-ZipLegacy($src, $dest) { if (-not (Test-Path -Path $dest)) { New-Item -Path $dest -ItemType Directory -WhatIf:$check_mode | Out-Null } $shell = New-Object -ComObject Shell.Application $zip = $shell.NameSpace($src) $dest_path = $shell.NameSpace($dest) foreach ($entry in $zip.Items()) { $is_dir = $entry.IsFolder $encoded_archive_entry = $entry.Name # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_entry = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encoded_archive_entry)) if ($is_dir) { $decoded_archive_entry = "$decoded_archive_entry/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_entry) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false -and (-not $check_mode)) { # https://msdn.microsoft.com/en-us/library/windows/desktop/bb787866.aspx # From Folder.CopyHere documentation, 1044 means: # - 1024: do not display a user interface if an error occurs # - 16: respond with "yes to all" for any dialog box that is displayed # - 4: do not display a progress dialog box $dest_path.CopyHere($entry, 1044) # once file is extraced, we need to rename it with non base64 name $combined_encoded_path = [System.IO.Path]::Combine($dest, $encoded_archive_entry) Move-Item -Path $combined_encoded_path -Destination $entry_target_path -Force | Out-Null } } } if ($copy_mode -eq "query") { # we only return a list of files/directories that need to be copied over # the source of the local file will be the key used $changed_files = @() $changed_directories = @() $changed_symlinks = @() foreach ($file in $files) { $filename = $file.dest $local_checksum = $file.checksum $filepath = Join-Path -Path $dest -ChildPath $filename if (Test-Path -Path $filepath -PathType Leaf) { if ($force) { $checksum = Get-FileChecksum -path $filepath if ($checksum -ne $local_checksum) { $will_change = $true $changed_files += $file } } } elseif (Test-Path -Path $filepath -PathType Container) { Fail-Json -obj $result -message "cannot copy file to dest '$filepath': object at path is already a directory" } else { $changed_files += $file } } foreach ($directory in $directories) { $dirname = $directory.dest $dirpath = Join-Path -Path $dest -ChildPath $dirname $parent_dir = [System.IO.Path]::GetDirectoryName($dirpath) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at parent directory path is already a file" } if (Test-Path -Path $dirpath -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at path is already a file" } elseif (-not (Test-Path -Path $dirpath -PathType Container)) { $changed_directories += $directory } } # TODO: Handle symlinks $result.files = $changed_files $result.directories = $changed_directories $result.symlinks = $changed_symlinks } elseif ($copy_mode -eq "explode") { # a single zip file containing the files and directories needs to be # expanded this will always result in a change as the calculation is done # on the win_copy action plugin and is only run if a change needs to occur if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot expand src zip file: '$src' as it does not exist" } # Detect if the PS zip assemblies are available or whether to use Shell $use_legacy = $false try { Add-Type -AssemblyName System.IO.Compression.FileSystem | Out-Null Add-Type -AssemblyName System.IO.Compression | Out-Null } catch { $use_legacy = $true } if ($use_legacy) { Extract-ZipLegacy -src $src -dest $dest } else { Extract-Zip -src $src -dest $dest } $result.changed = $true } elseif ($copy_mode -eq "remote") { # all copy actions are happening on the remote side (windows host), need # too copy source and dest using PS code $result.src = $src $result.dest = $dest if (-not (Test-Path -Path $src)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } if (Test-Path -Path $src -PathType Container) { # we are copying a directory or the contents of a directory $result.operation = 'folder_copy' if ($src.EndsWith("/") -or $src.EndsWith("`\")) { # copying the folder's contents to dest $diff = "" $child_files = Get-ChildItem -Path $src -Force foreach ($child_file in $child_files) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_file.Name if ($child_file.PSIsContainer) { $diff += Copy-Folder -source $child_file.FullName -dest $dest_child_path } else { $diff += (Copy-File -source $child_file.FullName -dest $dest_child_path).diff } } } else { # copying the folder and it's contents to dest $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest $diff = Copy-Folder -source $src -dest $dest } } else { # we are just copying a single file to dest $result.operation = 'file_copy' $source_basename = (Get-Item -Path $src -Force).Name $result.original_basename = $source_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\")) { $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest } else { # check if the parent dir exists, this is only done if src is a # file and dest if the path to a file (doesn't end with \ or /) $parent_dir = Split-Path -Path $dest if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } $copy_result = Copy-File -source $src -dest $dest $diff = $copy_result.diff $result.checksum = $copy_result.checksum } # the file might not exist if running in check mode if (-not $check_mode -or (Test-Path -Path $dest -PathType Leaf)) { $result.size = Get-FileSize -path $dest } else { $result.size = $null } if ($diff_mode) { $result.diff.prepared = $diff } } elseif ($copy_mode -eq "single") { # a single file is located in src and we need to copy to dest, this will # always result in a change as the calculation is done on the Ansible side # before this is run. This should also never run in check mode if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } # the dest parameter is a directory, we need to append original_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\") -or (Test-Path -Path $dest -PathType Container)) { $remote_dest = Join-Path -Path $dest -ChildPath $original_basename $parent_dir = Split-Path -Path $remote_dest # when dest ends with /, we need to create the destination directories if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { New-Item -Path $parent_dir -ItemType Directory | Out-Null } } else { $remote_dest = $dest $parent_dir = Split-Path -Path $remote_dest # check if the dest parent dirs exist, need to fail if they don't if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } Copy-Item -Path $src -Destination $remote_dest -Force | Out-Null $result.changed = $true } Exit-Json -obj $result ScriptBlock ID: 9e5b7434-bc74-4f1c-993e-b85c0f938eda Path:	4104	1		3	2	15	0	1682	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5108	4120	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:57 PM	7f70462d-725d-0002-718f-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 19536ba1-ccda-4a08-8ebb-12fc929e280c Path:	4104	1		3	2	15	0	1681	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5108	600	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:57 PM	7f70462d-725d-0000-0d5c-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 89ddc00f-6a5e-4cc8-8399-5c3323295506 Path:	4104	1		3	2	15	0	1680	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5108	600	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:57 PM	7f70462d-725d-0000-fe5b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): tUGF0aCAtUGF0aCAkZW50cnlfZGlyKSkgewogICAgICAgICAgICBOZXctSXRlbSAtUGF0aCAkZW50cnlfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfQoKICAgICAgICBpZiAoJGlzX2RpciAtZXEgJGZhbHNlIC1hbmQgKC1ub3QgJGNoZWNrX21vZGUpKSB7CiAgICAgICAgICAgICMgaHR0cHM6Ly9tc2RuLm1pY3Jvc29mdC5jb20vZW4tdXMvbGlicmFyeS93aW5kb3dzL2Rlc2t0b3AvYmI3ODc4NjYuYXNweAogICAgICAgICAgICAjIEZyb20gRm9sZGVyLkNvcHlIZXJlIGRvY3VtZW50YXRpb24sIDEwNDQgbWVhbnM6CiAgICAgICAgICAgICMgIC0gMTAyNDogZG8gbm90IGRpc3BsYXkgYSB1c2VyIGludGVyZmFjZSBpZiBhbiBlcnJvciBvY2N1cnMKICAgICAgICAgICAgIyAgLSAgIDE2OiByZXNwb25kIHdpdGggInllcyB0byBhbGwiIGZvciBhbnkgZGlhbG9nIGJveCB0aGF0IGlzIGRpc3BsYXllZAogICAgICAgICAgICAjICAtICAgIDQ6IGRvIG5vdCBkaXNwbGF5IGEgcHJvZ3Jlc3MgZGlhbG9nIGJveAogICAgICAgICAgICAkZGVzdF9wYXRoLkNvcHlIZXJlKCRlbnRyeSwgMTA0NCkKCiAgICAgICAgICAgICMgb25jZSBmaWxlIGlzIGV4dHJhY2VkLCB3ZSBuZWVkIHRvIHJlbmFtZSBpdCB3aXRoIG5vbiBiYXNlNjQgbmFtZQogICAgICAgICAgICAkY29tYmluZWRfZW5jb2RlZF9wYXRoID0gW1N5c3RlbS5JTy5QYXRoXTo6Q29tYmluZSgkZGVzdCwgJGVuY29kZWRfYXJjaGl2ZV9lbnRyeSkKICAgICAgICAgICAgTW92ZS1JdGVtIC1QYXRoICRjb21iaW5lZF9lbmNvZGVkX3BhdGggLURlc3RpbmF0aW9uICRlbnRyeV90YXJnZXRfcGF0aCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0KfQoKaWYgKCRjb3B5X21vZGUgLWVxICJxdWVyeSIpIHsKICAgICMgd2Ugb25seSByZXR1cm4gYSBsaXN0IG9mIGZpbGVzL2RpcmVjdG9yaWVzIHRoYXQgbmVlZCB0byBiZSBjb3BpZWQgb3ZlcgogICAgIyB0aGUgc291cmNlIG9mIHRoZSBsb2NhbCBmaWxlIHdpbGwgYmUgdGhlIGtleSB1c2VkCiAgICAkY2hhbmdlZF9maWxlcyA9IEAoKQogICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgPSBAKCkKICAgICRjaGFuZ2VkX3N5bWxpbmtzID0gQCgpCgogICAgZm9yZWFjaCAoJGZpbGUgaW4gJGZpbGVzKSB7CiAgICAgICAgJGZpbGVuYW1lID0gJGZpbGUuZGVzdAogICAgICAgICRsb2NhbF9jaGVja3N1bSA9ICRmaWxlLmNoZWNrc3VtCgogICAgICAgICRmaWxlcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoICRmaWxlbmFtZQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGZpbGVwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAgICAgICAgICRjaGVja3N1bSA9IEdldC1GaWxlQ2hlY2tzdW0gLXBhdGggJGZpbGVwYXRoCiAgICAgICAgICAgICAgICBpZiAoJGNoZWNrc3VtIC1uZSAkbG9jYWxfY2hlY2tzdW0pIHsKICAgICAgICAgICAgICAgICAgICAkd2lsbF9jaGFuZ2UgPSAkdHJ1ZQogICAgICAgICAgICAgICAgICAgICRjaGFuZ2VkX2ZpbGVzICs9ICRmaWxlCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRmaWxlcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZpbGUgdG8gZGVzdCAnJGZpbGVwYXRoJzogb2JqZWN0IGF0IHBhdGggaXMgYWxyZWFkeSBhIGRpcmVjdG9yeSIKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkY2hhbmdlZF9maWxlcyArPSAkZmlsZQogICAgICAgIH0KICAgIH0KCiAgICBmb3JlYWNoICgkZGlyZWN0b3J5IGluICRkaXJlY3RvcmllcykgewogICAgICAgICRkaXJuYW1lID0gJGRpcmVjdG9yeS5kZXN0CgogICAgICAgICRkaXJwYXRoID0gSm9pbi1QYXRoIC1QYXRoICRkZXN0IC1DaGlsZFBhdGggJGRpcm5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGRpcnBhdGgpCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgdG8gZGVzdCAnJGRpcnBhdGgnOiBvYmplY3QgYXQgcGFyZW50IGRpcmVjdG9yeSBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0KICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRkaXJwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZvbGRlciB0byBkZXN0ICckZGlycGF0aCc6IG9iamVjdCBhdCBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0gZWxzZWlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGRpcnBhdGggLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAgICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgKz0gJGRpcmVjdG9yeQogICAgICAgIH0KICAgIH0KCiAgICAjIFRPRE86IEhhbmRsZSBzeW1saW5rcwoKICAgICRyZXN1bHQuZmlsZXMgPSAkY2hhbmdlZF9maWxlcwogICAgJHJlc3VsdC5kaXJlY3RvcmllcyA9ICRjaGFuZ2VkX2RpcmVjdG9yaWVzCiAgICAkcmVzdWx0LnN5bWxpbmtzID0gJGNoYW5nZWRfc3ltbGlua3MKfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJleHBsb2RlIikgewogICAgIyBhIHNpbmdsZSB6aXAgZmlsZSBjb250YWluaW5nIHRoZSBmaWxlcyBhbmQgZGlyZWN0b3JpZXMgbmVlZHMgdG8gYmUKICAgICMgZXhwYW5kZWQgdGhpcyB3aWxsIGFsd2F5cyByZXN1bHQgaW4gYSBjaGFuZ2UgYXMgdGhlIGNhbGN1bGF0aW9uIGlzIGRvbmUKICAgICMgb24gdGhlIHdpbl9jb3B5IGFjdGlvbiBwbHVnaW4gYW5kIGlzIG9ubHkgcnVuIGlmIGEgY2hhbmdlIG5lZWRzIHRvIG9jY3VyCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRzcmMgLVBhdGhUeXBlIExlYWYpKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiQ2Fubm90IGV4cGFuZCBzcmMgemlwIGZpbGU6ICckc3JjJyBhcyBpdCBkb2VzIG5vdCBleGlzdCIKICAgIH0KCiAgICAjIERldGVjdCBpZiB0aGUgUFMgemlwIGFzc2VtYmxpZXMgYXJlIGF2YWlsYWJsZSBvciB3aGV0aGVyIHRvIHVzZSBTaGVsbAogICAgJHVzZV9sZWdhY3kgPSAkZmFsc2UKICAgIHRyeSB7CiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24uRmlsZVN5c3RlbSB8IE91dC1OdWxsCiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24gfCBPdXQtTnVsbAogICAgfSBjYXRjaCB7CiAgICAgICAgJHVzZV9sZWdhY3kgPSAkdHJ1ZQogICAgfQogICAgaWYgKCR1c2VfbGVnYWN5KSB7CiAgICAgICAgRXh0cmFjdC1aaXBMZWdhY3kgLXNyYyAkc3JjIC1kZXN0ICRkZXN0CiAgICB9IGVsc2UgewogICAgICAgIEV4dHJhY3QtWmlwIC1zcmMgJHNyYyAtZGVzdCAkZGVzdAogICAgfQoKICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCn0gZWxzZWlmICgkY29weV9tb2RlIC1lcSAicmVtb3RlIikgewogICAgIyBhbGwgY29weSBhY3Rpb25zIGFyZSBoYXBwZW5pbmcgb24gdGhlIHJlbW90ZSBzaWRlICh3aW5kb3dzIGhvc3QpLCBuZWVkCiAgICAjIHRvbyBjb3B5IHNvdXJjZSBhbmQgZGVzdCB1c2luZyBQUyBjb2RlCiAgICAkcmVzdWx0LnNyYyA9ICRzcmMKICAgICRyZXN1bHQuZGVzdCA9ICRkZXN0CgogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBDb250YWluZXIpIHsKICAgICAgICAjIHdlIGFyZSBjb3B5aW5nIGEgZGlyZWN0b3J5IG9yIHRoZSBjb250ZW50cyBvZiBhIGRpcmVjdG9yeQogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZvbGRlcl9jb3B5JwogICAgICAgIGlmICgkc3JjLkVuZHNXaXRoKCIvIikgLW9yICRzcmMuRW5kc1dpdGgoImBcIikpIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIncyBjb250ZW50cyB0byBkZXN0CiAgICAgICAgICAgICRkaWZmID0gIiIKICAgICAgICAgICAgJGNoaWxkX2ZpbGVzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZQogICAgICAgICAgICBmb3JlYWNoICgkY2hpbGRfZmlsZSBpbiAkY2hpbGRfZmlsZXMpIHsKICAgICAgICAgICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfZmlsZS5OYW1lCiAgICAgICAgICAgICAgICBpZiAoJGNoaWxkX2ZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgICAgICRkaWZmICs9IENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aAogICAgICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIgYW5kIGl0J3MgY29udGVudHMgdG8gZGVzdAogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgICAgICAkZGlmZiA9IENvcHktRm9sZGVyIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgIyB3ZSBhcmUganVzdCBjb3B5aW5nIGEgc2luZ2xlIGZpbGUgdG8gZGVzdAogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZpbGVfY29weScKCiAgICAgICAgJHNvdXJjZV9iYXNlbmFtZSA9IChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICRyZXN1bHQub3JpZ2luYWxfYmFzZW5hbWUgPSAkc291cmNlX2Jhc2VuYW1lCgogICAgICAgIGlmICgkZGVzdC5FbmRzV2l0aCgiLyIpIC1vciAkZGVzdC5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICMgY2hlY2sgaWYgdGhlIHBhcmVudCBkaXIgZXhpc3RzLCB0aGlzIGlzIG9ubHkgZG9uZSBpZiBzcmMgaXMgYQogICAgICAgICAgICAjIGZpbGUgYW5kIGRlc3QgaWYgdGhlIHBhdGggdG8gYSBmaWxlIChkb2Vzbid0IGVuZCB3aXRoIFwgb3IgLykKICAgICAgICAgICAgJHBhcmVudF9kaXIgPSBTcGxpdC1QYXRoIC1QYXRoICRkZXN0CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRGVzdGluYXRpb24gZGlyZWN0b3J5ICckcGFyZW50X2RpcicgZG9lcyBub3QgZXhpc3QiCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgJGNvcHlfcmVzdWx0ID0gQ29weS1GaWxlIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgICRkaWZmID0gJGNvcHlfcmVzdWx0LmRpZmYKICAgICAgICAkcmVzdWx0LmNoZWNrc3VtID0gJGNvcHlfcmVzdWx0LmNoZWNrc3VtCiAgICB9CgogICAgIyB0aGUgZmlsZSBtaWdodCBub3QgZXhpc3QgaWYgcnVubmluZyBpbiBjaGVjayBtb2RlCiAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSAtb3IgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikpIHsKICAgICAgICAkcmVzdWx0LnNpemUgPSBHZXQtRmlsZVNpemUgLXBhdGggJGRlc3QKICAgIH0gZWxzZSB7CiAgICAgICAgJHJlc3VsdC5zaXplID0gJG51bGwKICAgIH0KICAgIGlmICgkZGlmZl9tb2RlKSB7CiAgICAgICAgJHJlc3VsdC5kaWZmLnByZXBhcmVkID0gJGRpZmYKICAgIH0KfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJzaW5nbGUiKSB7CiAgICAjIGEgc2luZ2xlIGZpbGUgaXMgbG9jYXRlZCBpbiBzcmMgYW5kIHdlIG5lZWQgdG8gY29weSB0byBkZXN0LCB0aGlzIHdpbGwKICAgICMgYWx3YXlzIHJlc3VsdCBpbiBhIGNoYW5nZSBhcyB0aGUgY2FsY3VsYXRpb24gaXMgZG9uZSBvbiB0aGUgQW5zaWJsZSBzaWRlCiAgICAjIGJlZm9yZSB0aGlzIGlzIHJ1bi4gVGhpcyBzaG91bGQgYWxzbyBuZXZlciBydW4gaW4gY2hlY2sgbW9kZQogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBMZWFmKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgIyB0aGUgZGVzdCBwYXJhbWV0ZXIgaXMgYSBkaXJlY3RvcnksIHdlIG5lZWQgdG8gYXBwZW5kIG9yaWdpbmFsX2Jhc2VuYW1lCiAgICBpZiAoJGRlc3QuRW5kc1dpdGgoIi8iKSAtb3IgJGRlc3QuRW5kc1dpdGgoImBcIikgLW9yIChUZXN0LVBhdGggLVBhdGggJGRlc3QgLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAkcmVtb3RlX2Rlc3QgPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkb3JpZ2luYWxfYmFzZW5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgd2hlbiBkZXN0IGVuZHMgd2l0aCAvLCB3ZSBuZWVkIHRvIGNyZWF0ZSB0aGUgZGVzdGluYXRpb24gZGlyZWN0b3JpZXMKICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXJlbnRfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHJlbW90ZV9kZXN0ID0gJGRlc3QKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgY2hlY2sgaWYgdGhlIGRlc3QgcGFyZW50IGRpcnMgZXhpc3QsIG5lZWQgdG8gZmFpbCBpZiB0aGV5IGRvbid0CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJvYmplY3QgYXQgZGVzdGluYXRpb24gcGFyZW50IGRpciAnJHBhcmVudF9kaXInIGlzIGN1cnJlbnRseSBhIGZpbGUiCiAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJEZXN0aW5hdGlvbiBkaXJlY3RvcnkgJyRwYXJlbnRfZGlyJyBkb2VzIG5vdCBleGlzdCIKICAgICAgICB9CiAgICB9CgogICAgQ29weS1JdGVtIC1QYXRoICRzcmMgLURlc3RpbmF0aW9uICRyZW1vdGVfZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"symlinks": [], "files": [{"dest": "pip-install-networking-hyperv.log", "checksum": "b566c1695259da342b7f4410db8ededf3fce95c9", "src": "/home/jenkins-slave/.ansible/tmp/ansible-local-28147HK_CHA/tmp7RXee6"}], "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "force": true, "_ansible_no_log": false, "dest": "c:/openstack/log", "directories": [], "_ansible_remote_tmp": "%TEMP%", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_copy_mode": "query", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null, "_ansible_version": "2.7.0", "_ansible_module_name": "win_copy"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 8429c60a-7ac7-4341-8884-1e19c9ec9f17 Path:	4104	1		3	2	15	0	1679	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5108	600	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:57 PM	7f70462d-725d-0000-f85b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): WU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTUsIEpvbiBIYXdrZXN3b3J0aCAoQGpoYXdrZXN3b3J0aCkgPGZpZ3NAdW5pdHkuZGVtb24uY28udWs+CiMgQ29weXJpZ2h0OiAoYykgMjAxNywgQW5zaWJsZSBQcm9qZWN0CiMgR05VIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgdjMuMCsgKHNlZSBDT1BZSU5HIG9yIGh0dHBzOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvZ3BsLTMuMC50eHQpCgojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxlZ2FjeQoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKJHBhcmFtcyA9IFBhcnNlLUFyZ3MgLWFyZ3VtZW50cyAkYXJncyAtc3VwcG9ydHNfY2hlY2tfbW9kZSAkdHJ1ZQokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtdHlwZSAiYm9vbCIgLWRlZmF1bHQgJGZhbHNlCiRkaWZmX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfZGlmZiIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQoKIyB0aGVyZSBhcmUgNCBtb2RlcyB0byB3aW5fY29weSB3aGljaCBhcmUgZHJpdmVuIGJ5IHRoZSBhY3Rpb24gcGx1Z2luczoKIyAgIGV4cGxvZGU6IHNyYyBpcyBhIHppcCBmaWxlIHdoaWNoIG5lZWRzIHRvIGJlIGV4dHJhY3RlZCB0byBkZXN0LCBmb3IgdXNlIHdpdGggbXVsdGlwbGUgZmlsZXMKIyAgIHF1ZXJ5OiB3aW5fY29weSBhY3Rpb24gcGx1Z2luIHdhbnRzIHRvIGdldCB0aGUgc3RhdGUgb2YgcmVtb3RlIGZpbGVzIHRvIGNoZWNrIHdoZXRoZXIgaXQgbmVlZHMgdG8gc2VuZCB0aGVtCiMgICByZW1vdGU6IGFsbCBjb3B5IGFjdGlvbiBpcyBoYXBwZW5pbmcgcmVtb3RlbHkgKHJlbW90ZV9zcmM9VHJ1ZSkKIyAgIHNpbmdsZTogYSBzaW5nbGUgZmlsZSBoYXMgYmVlbiBjb3BpZWQsIGFsc28gdXNlZCB3aXRoIHRlbXBsYXRlCiRjb3B5X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2NvcHlfbW9kZSIgLXR5cGUgInN0ciIgLWRlZmF1bHQgInNpbmdsZSIgLXZhbGlkYXRlc2V0ICJleHBsb2RlIiwicXVlcnkiLCJyZW1vdGUiLCJzaW5nbGUiCgojIHVzZWQgaW4gZXhwbG9kZSwgcmVtb3RlIGFuZCBzaW5nbGUgbW9kZQokc3JjID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInNyYyIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAoJGNvcHlfbW9kZSAtaW4gQCgiZXhwbG9kZSIsInByb2Nlc3MiLCJzaW5nbGUiKSkKJGRlc3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGVzdCIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAkdHJ1ZQoKIyB1c2VkIGluIHNpbmdsZSBtb2RlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCgojIHVzZWQgaW4gcXVlcnkgYW5kIHJlbW90ZSBtb2RlCiRmb3JjZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmb3JjZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCgojIHVzZWQgaW4gcXVlcnkgbW9kZSwgY29udGFpbnMgdGhlIGxvY2FsIGZpbGVzL2RpcmVjdG9yaWVzL3N5bWxpbmtzIHRoYXQgYXJlIHRvIGJlIGNvcGllZAokZmlsZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZmlsZXMiIC10eXBlICJsaXN0IgokZGlyZWN0b3JpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGlyZWN0b3JpZXMiIC10eXBlICJsaXN0Igokc3ltbGlua3MgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3ltbGlua3MiIC10eXBlICJsaXN0IgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCn0KCmlmICgkZGlmZl9tb2RlKSB7CiAgICAkcmVzdWx0LmRpZmYgPSBAe30KfQoKRnVuY3Rpb24gQ29weS1GaWxlKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9maWxlID0gJGZhbHNlCiAgICAkc291cmNlX2NoZWNrc3VtID0gJG51bGwKICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAkc291cmNlX2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkc291cmNlCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBkZXN0IGlzIGFscmVhZHkgYSBmb2xkZXIiCiAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgaWYgKCRmb3JjZSkgewogICAgICAgICAgICAkdGFyZ2V0X2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkZGVzdAogICAgICAgICAgICBpZiAoJHNvdXJjZV9jaGVja3N1bSAtbmUgJHRhcmdldF9jaGVja3N1bSkgewogICAgICAgICAgICAgICAgJGNvcHlfZmlsZSA9ICR0cnVlCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICRjb3B5X2ZpbGUgPSAkdHJ1ZQogICAgfQoKICAgIGlmICgkY29weV9maWxlKSB7CiAgICAgICAgJGZpbGVfZGlyID0gW1N5c3RlbS5JTy5QYXRoXTo6R2V0RGlyZWN0b3J5TmFtZSgkZGVzdCkKICAgICAgICAjIHZhbGlkYXRlIHRoZSBwYXJlbnQgZGlyIGlzIG5vdCBhIGZpbGUgYW5kIHRoYXQgaXQgZXhpc3RzCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZmlsZV9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRmaWxlX2RpcikpIHsKICAgICAgICAgICAgIyBkaXJlY3RvcnkgZG9lc24ndCBleGlzdCwgbmVlZCB0byBjcmVhdGUKICAgICAgICAgICAgTmV3LUl0ZW0gLVBhdGggJGZpbGVfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICIrJGZpbGVfZGlyXGBuIgogICAgICAgIH0KCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBSZW1vdmUtSXRlbSAtUGF0aCAkZGVzdCAtRm9yY2UgLVJlY3Vyc2UgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICItJGRlc3RgbiIKICAgICAgICB9CgogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICMgY2Fubm90IHJ1biB3aXRoIC1XaGF0SWY6JGNoZWNrX21vZGUgYXMgaWYgdGhlIHBhcmVudCBkaXIgZGlkbid0CiAgICAgICAgICAgICMgZXhpc3QgYW5kIHdhcyBjcmVhdGVkIGFib3ZlIHdvdWxkIHN0aWxsIG5vdCBleGlzdCBpbiBjaGVjayBtb2RlCiAgICAgICAgICAgIENvcHktSXRlbSAtUGF0aCAkc291cmNlIC1EZXN0aW5hdGlvbiAkZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgICAgICAkZGlmZiArPSAiKyRkZXN0YG4iCgogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgIyB1Z2x5IGJ1dCB0byBzYXZlIHVzIGZyb20gcnVubmluZyB0aGUgY2hlY2tzdW0gdHdpY2UsIGxldCdzIHJldHVybiBpdCBmb3IKICAgICMgdGhlIG1haW4gY29kZSB0byBhZGQgaXQgdG8gJHJlc3VsdAogICAgcmV0dXJuICxAeyBkaWZmID0gJGRpZmY7IGNoZWNrc3VtID0gJHNvdXJjZV9jaGVja3N1bSB9Cn0KCkZ1bmN0aW9uIENvcHktRm9sZGVyKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9mb2xkZXIgPSAkZmFsc2UKCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgJHBhcmVudF9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRkZXN0KQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgZnJvbSAnJHNvdXJjZScgdG8gJyRkZXN0JzogZGVzdCBpcyBhbHJlYWR5IGEgZmlsZSIKICAgICAgICB9CgogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBDb250YWluZXIgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgJGRpZmYgKz0gIiskZGVzdFxgbiIKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQoKICAgICRjaGlsZF9pdGVtcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJHNvdXJjZSAtRm9yY2UKICAgIGZvcmVhY2ggKCRjaGlsZF9pdGVtIGluICRjaGlsZF9pdGVtcykgewogICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfaXRlbS5OYW1lCiAgICAgICAgaWYgKCRjaGlsZF9pdGVtLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgJGRpZmYgKz0gKENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgIH0KICAgIH0KCiAgICByZXR1cm4gJGRpZmYKfQoKRnVuY3Rpb24gR2V0LUZpbGVTaXplKCRwYXRoKSB7CiAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRwYXRoIC1Gb3JjZQogICAgJHNpemUgPSAkbnVsbAogICAgaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAkZGlyX2ZpbGVzX3N1bSA9IEdldC1DaGlsZEl0ZW0gJGZpbGUuRnVsbE5hbWUgLVJlY3Vyc2UKICAgICAgICBpZiAoJGRpcl9maWxlc19zdW0gLWVxICRudWxsIC1vciAoJGRpcl9maWxlc19zdW0uUFNPYmplY3QuUHJvcGVydGllcy5uYW1lIC1jb250YWlucyAnbGVuZ3RoJyAtZXEgJGZhbHNlKSkgewogICAgICAgICAgICAkc2l6ZSA9IDAKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkc2l6ZSA9ICgkZGlyX2ZpbGVzX3N1bSB8IE1lYXN1cmUtT2JqZWN0IC1wcm9wZXJ0eSBsZW5ndGggLXN1bSkuU3VtCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkc2l6ZSA9ICRmaWxlLkxlbmd0aAogICAgfQoKICAgICRzaXplCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwKCRzcmMsICRkZXN0KSB7CiAgICAkYXJjaGl2ZSA9IFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZV06Ok9wZW4oJHNyYywgW1N5c3RlbS5JTy5Db21wcmVzc2lvbi5aaXBBcmNoaXZlTW9kZV06OlJlYWQsIFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjgpCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJGFyY2hpdmUuRW50cmllcykgewogICAgICAgICRhcmNoaXZlX25hbWUgPSAkZW50cnkuRnVsbE5hbWUKCiAgICAgICAgIyBGdWxsTmFtZSBtYXkgYmUgYXBwZW5kZWQgd2l0aCAvIG9yIFwsIGRldGVybWluZSBpZiBpdCBpcyBwYWRkZWQgYW5kIHJlbW92ZSBpdAogICAgICAgICRwYWRkaW5nX2xlbmd0aCA9ICRhcmNoaXZlX25hbWUuTGVuZ3RoICUgNAogICAgICAgIGlmICgkcGFkZGluZ19sZW5ndGggLWVxIDApIHsKICAgICAgICAgICAgJGlzX2RpciA9ICRmYWxzZQogICAgICAgICAgICAkYmFzZTY0X25hbWUgPSAkYXJjaGl2ZV9uYW1lCiAgICAgICAgfSBlbHNlaWYgKCRwYWRkaW5nX2xlbmd0aCAtZXEgMSkgewogICAgICAgICAgICAkaXNfZGlyID0gJHRydWUKICAgICAgICAgICAgaWYgKCRhcmNoaXZlX25hbWUuRW5kc1dpdGgoIi8iKSAtb3IgJGFyY2hpdmVfbmFtZS5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAgICAgJGJhc2U2NF9uYW1lID0gJGFyY2hpdmVfbmFtZS5TdWJzdHJpbmcoMCwgJGFyY2hpdmVfbmFtZS5MZW5ndGggLSAxKQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgdGhyb3cgImludmFsaWQgYmFzZTY0IGFyY2hpdmUgbmFtZSAnJGFyY2hpdmVfbmFtZSciCiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICB0aHJvdyAiaW52YWxpZCBiYXNlNjQgbGVuZ3RoICckYXJjaGl2ZV9uYW1lJyIKICAgICAgICB9CgogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGJhc2U2NF9uYW1lKSkKICAgICAgICAjIHJlLWFkZCB0aGUgLyB0byB0aGUgZW50cnkgZnVsbCBuYW1lIGlmIGl0IHdhcyBhIGRpcmVjdG9yeQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9ICIkZGVjb2RlZF9hcmNoaXZlX25hbWUvIgogICAgICAgIH0KICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX25hbWUpCiAgICAgICAgJGVudHJ5X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGVudHJ5X3RhcmdldF9wYXRoKQoKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRlbnRyeV9kaXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRlbnRyeV9kaXIgLUl0ZW1UeXBlIERpcmVjdG9yeSAtV2hhdElmOiRjaGVja19tb2RlIHwgT3V0LU51bGwKICAgICAgICB9CgogICAgICAgIGlmICgkaXNfZGlyIC1lcSAkZmFsc2UpIHsKICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgICAgIFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZUV4dGVuc2lvbnNdOjpFeHRyYWN0VG9GaWxlKCRlbnRyeSwgJGVudHJ5X3RhcmdldF9wYXRoLCAkdHJ1ZSkKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KICAgICRhcmNoaXZlLkRpc3Bvc2UoKSAgIyByZWxlYXNlIHRoZSBoYW5kbGUgb2YgdGhlIHppcCBmaWxlCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwTGVnYWN5KCRzcmMsICRkZXN0KSB7CiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0KSkgewogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICB9CiAgICAkc2hlbGwgPSBOZXctT2JqZWN0IC1Db21PYmplY3QgU2hlbGwuQXBwbGljYXRpb24KICAgICR6aXAgPSAkc2hlbGwuTmFtZVNwYWNlKCRzcmMpCiAgICAkZGVzdF9wYXRoID0gJHNoZWxsLk5hbWVTcGFjZSgkZGVzdCkKCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJHppcC5JdGVtcygpKSB7CiAgICAgICAgJGlzX2RpciA9ICRlbnRyeS5Jc0ZvbGRlcgogICAgICAgICRlbmNvZGVkX2FyY2hpdmVfZW50cnkgPSAkZW50cnkuTmFtZQogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRlbmNvZGVkX2FyY2hpdmVfZW50cnkpKQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSAiJGRlY29kZWRfYXJjaGl2ZV9lbnRyeS8iCiAgICAgICAgfQoKICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX2VudHJ5KQogICAgICAgICRlbnRyeV9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRlbnRyeV90YXJnZXRfcGF0aCkKCiAgICAgICAgaWYgKC1ub3QgKFRlc3Q ScriptBlock ID: 8429c60a-7ac7-4341-8884-1e19c9ec9f17 Path:	4104	1		3	2	15	0	1678	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5108	600	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:57 PM	7f70462d-725d-0000-f85b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5T ScriptBlock ID: 8429c60a-7ac7-4341-8884-1e19c9ec9f17 Path:	4104	1		3	2	15	0	1677	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5108	600	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:57 PM	7f70462d-725d-0000-f85b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1676	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5108	4960	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:57 PM	7f70462d-725d-0004-eb68-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 5108 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1675	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5108	316	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:57 PM	7f70462d-725d-0004-eb68-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1674	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5108	4960	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:57 PM	7f70462d-725d-0004-eb68-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1673	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	676	2056	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:19 PM	7f70462d-725d-0004-5c68-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 676 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1672	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	676	4144	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:19 PM	7f70462d-725d-0004-5c68-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1671	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	676	2056	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:19 PM	7f70462d-725d-0004-5c68-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 0d88b0ed-13d8-402d-be4b-6a98bd789025 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 47b0d7b8-af12-4082-8e64-72b0b86a4d5e Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = HV-CINDER-79963\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1670	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4212	4964	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:19 PM	7f70462d-725d-0001-e652-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 79a2842d-50c1-4f92-9f64-17e6aca90220 Path:	4104	1		3	2	15	0	1669	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4212	4228	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:18 PM	7f70462d-725d-0003-0e91-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 415d9582-af96-4774-94b7-818f4c0a30a4 Path:	4104	1		3	2	15	0	1668	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4212	4228	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:18 PM	7f70462d-725d-0005-8857-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 36b93b2a-60ba-405c-ab60-25fbf77fd6df Path:	4104	1		3	2	15	0	1667	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4212	4228	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:18 PM	7f70462d-725d-0005-7d57-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): XR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "pip install -c c:\\openstack\\build\\requirements\\upper-constraints.txt -U -e c:\\openstack\\build\\networking-hyperv", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 906d8ad7-f8e4-4c86-aa15-dd5fa893ff2e Path:	4104	1		3	2	15	0	1666	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4212	4228	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:18 PM	7f70462d-725d-0005-7757-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): CB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQ ScriptBlock ID: 906d8ad7-f8e4-4c86-aa15-dd5fa893ff2e Path:	4104	1		3	2	15	0	1665	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4212	4228	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:18 PM	7f70462d-725d-0005-7757-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): gICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgI ScriptBlock ID: 906d8ad7-f8e4-4c86-aa15-dd5fa893ff2e Path:	4104	1		3	2	15	0	1664	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4212	4228	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:18 PM	7f70462d-725d-0005-7757-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICA ScriptBlock ID: 906d8ad7-f8e4-4c86-aa15-dd5fa893ff2e Path:	4104	1		3	2	15	0	1663	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4212	4228	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:18 PM	7f70462d-725d-0005-7757-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1662	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4212	3812	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:17 PM	7f70462d-725d-0003-0b91-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4212 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1661	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4212	3972	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:17 PM	7f70462d-725d-0003-0b91-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1660	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4212	3812	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:17 PM	7f70462d-725d-0003-0b91-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1659	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5048	384	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:15 PM	7f70462d-725d-0003-0091-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 5048 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1658	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5048	1688	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:15 PM	7f70462d-725d-0003-0091-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1657	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5048	384	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:15 PM	7f70462d-725d-0003-0091-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = e8bcf03c-2a58-4a7d-9db0-27d8c1bf0c17 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 7d2ace44-94e2-4f59-8b24-73413a14938b Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = HV-CINDER-79963\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1656	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2312	3828	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:15 PM	7f70462d-725d-0004-3d68-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 7fe0e025-277f-4d3d-bdd2-75a1e81d8de8 Path:	4104	1		3	2	15	0	1655	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2312	3548	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:14 PM	7f70462d-725d-0004-2768-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 8d6e307b-8616-4d95-8f82-a37da8c19927 Path:	4104	1		3	2	15	0	1654	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2312	3548	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:14 PM	7f70462d-725d-0004-2068-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 1e8d9dfb-166f-4dc1-91b8-3659aea5e1b7 Path:	4104	1		3	2	15	0	1653	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2312	3548	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:14 PM	7f70462d-725d-0004-1168-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): gICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "edit-constraints c:\\openstack\\build\\\\requirements\\\\upper-constraints.txt -- networking-hyperv \"-e file:///C:/openstack/build/networking-hyperv#egg=networking-hyperv\"", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 805f7652-5ec7-490f-baae-b840a2a0da16 Path:	4104	1		3	2	15	0	1652	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2312	3548	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:14 PM	7f70462d-725d-0003-f890-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): AgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICA ScriptBlock ID: 805f7652-5ec7-490f-baae-b840a2a0da16 Path:	4104	1		3	2	15	0	1651	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2312	3548	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:14 PM	7f70462d-725d-0003-f890-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgIC ScriptBlock ID: 805f7652-5ec7-490f-baae-b840a2a0da16 Path:	4104	1		3	2	15	0	1650	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2312	3548	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:14 PM	7f70462d-725d-0003-f890-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1649	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2312	4580	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:14 PM	7f70462d-725d-0004-0b68-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2312 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1648	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2312	4600	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:14 PM	7f70462d-725d-0004-0b68-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1647	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2312	4580	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:13 PM	7f70462d-725d-0004-0b68-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1646	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2380	4132	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:12 PM	7f70462d-725d-0004-fb67-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2380 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1645	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2380	4972	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:12 PM	7f70462d-725d-0004-fb67-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1644	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2380	4132	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:12 PM	7f70462d-725d-0004-fb67-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 0df81bab-650e-4ce3-a13c-e07f5f746c2b Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 6fb5f5fb-6d3d-4fd7-ba77-5a8903958a97 Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = HV-CINDER-79963\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1643	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5064	4084	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:12 PM	7f70462d-725d-0003-e590-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 8e357d39-32a0-4c35-bd4d-c3aed4123cbb Path:	4104	1		3	2	15	0	1642	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5064	1640	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:11 PM	7f70462d-725d-0001-b152-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 3c7adadf-2b80-45ba-97f2-58eddd1d25aa Path:	4104	1		3	2	15	0	1641	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5064	1640	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:11 PM	7f70462d-725d-0001-aa52-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: ba5d13c3-3877-4fb3-94fa-3b0743b8362f Path:	4104	1		3	2	15	0	1640	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5064	1640	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:11 PM	7f70462d-725d-0001-9b52-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): nIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "Select-String -path c:\\openstack\\build\\networking-hyperv\\\\setup.cfg -pattern \"^name.*=.*\" | % {$_.matches.value.split(\"=\")[1].trim()}", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 1e138eee-d03a-4008-a8cb-166b7a766c50 Path:	4104	1		3	2	15	0	1639	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5064	1640	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:11 PM	7f70462d-725d-0001-9552-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): QoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDU ScriptBlock ID: 1e138eee-d03a-4008-a8cb-166b7a766c50 Path:	4104	1		3	2	15	0	1638	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5064	1640	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:11 PM	7f70462d-725d-0001-9552-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9Fbm ScriptBlock ID: 1e138eee-d03a-4008-a8cb-166b7a766c50 Path:	4104	1		3	2	15	0	1637	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5064	1640	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:11 PM	7f70462d-725d-0001-9552-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1636	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5064	4704	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:11 PM	7f70462d-725d-0004-f767-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 5064 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1635	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5064	1668	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:11 PM	7f70462d-725d-0004-f767-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1634	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5064	4704	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:11 PM	7f70462d-725d-0004-f767-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1633	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1876	1352	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:10 PM	7f70462d-725d-0004-ea67-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1876 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1632	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1876	1544	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:10 PM	7f70462d-725d-0004-ea67-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1631	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1876	1352	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:10 PM	7f70462d-725d-0004-ea67-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1630	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	92	4788	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:09 PM	7f70462d-725d-0004-e967-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 92 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1629	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	92	4616	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:09 PM	7f70462d-725d-0004-e967-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1628	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	92	4788	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:09 PM	7f70462d-725d-0004-e967-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2015, Jon Hawkesworth (@jhawkesworth) <figs@unity.demon.co.uk> # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = 'Stop' $params = Parse-Args -arguments $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false $diff_mode = Get-AnsibleParam -obj $params -name "_ansible_diff" -type "bool" -default $false # there are 4 modes to win_copy which are driven by the action plugins: # explode: src is a zip file which needs to be extracted to dest, for use with multiple files # query: win_copy action plugin wants to get the state of remote files to check whether it needs to send them # remote: all copy action is happening remotely (remote_src=True) # single: a single file has been copied, also used with template $copy_mode = Get-AnsibleParam -obj $params -name "_copy_mode" -type "str" -default "single" -validateset "explode","query","remote","single" # used in explode, remote and single mode $src = Get-AnsibleParam -obj $params -name "src" -type "path" -failifempty ($copy_mode -in @("explode","process","single")) $dest = Get-AnsibleParam -obj $params -name "dest" -type "path" -failifempty $true # used in single mode $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" # used in query and remote mode $force = Get-AnsibleParam -obj $params -name "force" -type "bool" -default $true # used in query mode, contains the local files/directories/symlinks that are to be copied $files = Get-AnsibleParam -obj $params -name "files" -type "list" $directories = Get-AnsibleParam -obj $params -name "directories" -type "list" $symlinks = Get-AnsibleParam -obj $params -name "symlinks" -type "list" $result = @{ changed = $false } if ($diff_mode) { $result.diff = @{} } Function Copy-File($source, $dest) { $diff = "" $copy_file = $false $source_checksum = $null if ($force) { $source_checksum = Get-FileChecksum -path $source } if (Test-Path -Path $dest -PathType Container) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': dest is already a folder" } elseif (Test-Path -Path $dest -PathType Leaf) { if ($force) { $target_checksum = Get-FileChecksum -path $dest if ($source_checksum -ne $target_checksum) { $copy_file = $true } } } else { $copy_file = $true } if ($copy_file) { $file_dir = [System.IO.Path]::GetDirectoryName($dest) # validate the parent dir is not a file and that it exists if (Test-Path -Path $file_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } elseif (-not (Test-Path -Path $file_dir)) { # directory doesn't exist, need to create New-Item -Path $file_dir -ItemType Directory -WhatIf:$check_mode | Out-Null $diff += "+$file_dir\`n" } if (Test-Path -Path $dest -PathType Leaf) { Remove-Item -Path $dest -Force -Recurse -WhatIf:$check_mode | Out-Null $diff += "-$dest`n" } if (-not $check_mode) { # cannot run with -WhatIf:$check_mode as if the parent dir didn't # exist and was created above would still not exist in check mode Copy-Item -Path $source -Destination $dest -Force | Out-Null } $diff += "+$dest`n" $result.changed = $true } # ugly but to save us from running the checksum twice, let's return it for # the main code to add it to $result return ,@{ diff = $diff; checksum = $source_checksum } } Function Copy-Folder($source, $dest) { $diff = "" $copy_folder = $false if (-not (Test-Path -Path $dest -PathType Container)) { $parent_dir = [System.IO.Path]::GetDirectoryName($dest) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } if (Test-Path -Path $dest -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder from '$source' to '$dest': dest is already a file" } New-Item -Path $dest -ItemType Container -WhatIf:$check_mode | Out-Null $diff += "+$dest\`n" $result.changed = $true } $child_items = Get-ChildItem -Path $source -Force foreach ($child_item in $child_items) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_item.Name if ($child_item.PSIsContainer) { $diff += (Copy-Folder -source $child_item.Fullname -dest $dest_child_path) } else { $diff += (Copy-File -source $child_item.Fullname -dest $dest_child_path).diff } } return $diff } Function Get-FileSize($path) { $file = Get-Item -Path $path -Force $size = $null if ($file.PSIsContainer) { $dir_files_sum = Get-ChildItem $file.FullName -Recurse if ($dir_files_sum -eq $null -or ($dir_files_sum.PSObject.Properties.name -contains 'length' -eq $false)) { $size = 0 } else { $size = ($dir_files_sum | Measure-Object -property length -sum).Sum } } else { $size = $file.Length } $size } Function Extract-Zip($src, $dest) { $archive = [System.IO.Compression.ZipFile]::Open($src, [System.IO.Compression.ZipArchiveMode]::Read, [System.Text.Encoding]::UTF8) foreach ($entry in $archive.Entries) { $archive_name = $entry.FullName # FullName may be appended with / or \, determine if it is padded and remove it $padding_length = $archive_name.Length % 4 if ($padding_length -eq 0) { $is_dir = $false $base64_name = $archive_name } elseif ($padding_length -eq 1) { $is_dir = $true if ($archive_name.EndsWith("/") -or $archive_name.EndsWith("`\")) { $base64_name = $archive_name.Substring(0, $archive_name.Length - 1) } else { throw "invalid base64 archive name '$archive_name'" } } else { throw "invalid base64 length '$archive_name'" } # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_name = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_name)) # re-add the / to the entry full name if it was a directory if ($is_dir) { $decoded_archive_name = "$decoded_archive_name/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_name) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false) { if (-not $check_mode) { [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $entry_target_path, $true) } } } $archive.Dispose() # release the handle of the zip file } Function Extract-ZipLegacy($src, $dest) { if (-not (Test-Path -Path $dest)) { New-Item -Path $dest -ItemType Directory -WhatIf:$check_mode | Out-Null } $shell = New-Object -ComObject Shell.Application $zip = $shell.NameSpace($src) $dest_path = $shell.NameSpace($dest) foreach ($entry in $zip.Items()) { $is_dir = $entry.IsFolder $encoded_archive_entry = $entry.Name # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_entry = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encoded_archive_entry)) if ($is_dir) { $decoded_archive_entry = "$decoded_archive_entry/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_entry) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false -and (-not $check_mode)) { # https://msdn.microsoft.com/en-us/library/windows/desktop/bb787866.aspx # From Folder.CopyHere documentation, 1044 means: # - 1024: do not display a user interface if an error occurs # - 16: respond with "yes to all" for any dialog box that is displayed # - 4: do not display a progress dialog box $dest_path.CopyHere($entry, 1044) # once file is extraced, we need to rename it with non base64 name $combined_encoded_path = [System.IO.Path]::Combine($dest, $encoded_archive_entry) Move-Item -Path $combined_encoded_path -Destination $entry_target_path -Force | Out-Null } } } if ($copy_mode -eq "query") { # we only return a list of files/directories that need to be copied over # the source of the local file will be the key used $changed_files = @() $changed_directories = @() $changed_symlinks = @() foreach ($file in $files) { $filename = $file.dest $local_checksum = $file.checksum $filepath = Join-Path -Path $dest -ChildPath $filename if (Test-Path -Path $filepath -PathType Leaf) { if ($force) { $checksum = Get-FileChecksum -path $filepath if ($checksum -ne $local_checksum) { $will_change = $true $changed_files += $file } } } elseif (Test-Path -Path $filepath -PathType Container) { Fail-Json -obj $result -message "cannot copy file to dest '$filepath': object at path is already a directory" } else { $changed_files += $file } } foreach ($directory in $directories) { $dirname = $directory.dest $dirpath = Join-Path -Path $dest -ChildPath $dirname $parent_dir = [System.IO.Path]::GetDirectoryName($dirpath) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at parent directory path is already a file" } if (Test-Path -Path $dirpath -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at path is already a file" } elseif (-not (Test-Path -Path $dirpath -PathType Container)) { $changed_directories += $directory } } # TODO: Handle symlinks $result.files = $changed_files $result.directories = $changed_directories $result.symlinks = $changed_symlinks } elseif ($copy_mode -eq "explode") { # a single zip file containing the files and directories needs to be # expanded this will always result in a change as the calculation is done # on the win_copy action plugin and is only run if a change needs to occur if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot expand src zip file: '$src' as it does not exist" } # Detect if the PS zip assemblies are available or whether to use Shell $use_legacy = $false try { Add-Type -AssemblyName System.IO.Compression.FileSystem | Out-Null Add-Type -AssemblyName System.IO.Compression | Out-Null } catch { $use_legacy = $true } if ($use_legacy) { Extract-ZipLegacy -src $src -dest $dest } else { Extract-Zip -src $src -dest $dest } $result.changed = $true } elseif ($copy_mode -eq "remote") { # all copy actions are happening on the remote side (windows host), need # too copy source and dest using PS code $result.src = $src $result.dest = $dest if (-not (Test-Path -Path $src)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } if (Test-Path -Path $src -PathType Container) { # we are copying a directory or the contents of a directory $result.operation = 'folder_copy' if ($src.EndsWith("/") -or $src.EndsWith("`\")) { # copying the folder's contents to dest $diff = "" $child_files = Get-ChildItem -Path $src -Force foreach ($child_file in $child_files) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_file.Name if ($child_file.PSIsContainer) { $diff += Copy-Folder -source $child_file.FullName -dest $dest_child_path } else { $diff += (Copy-File -source $child_file.FullName -dest $dest_child_path).diff } } } else { # copying the folder and it's contents to dest $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest $diff = Copy-Folder -source $src -dest $dest } } else { # we are just copying a single file to dest $result.operation = 'file_copy' $source_basename = (Get-Item -Path $src -Force).Name $result.original_basename = $source_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\")) { $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest } else { # check if the parent dir exists, this is only done if src is a # file and dest if the path to a file (doesn't end with \ or /) $parent_dir = Split-Path -Path $dest if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } $copy_result = Copy-File -source $src -dest $dest $diff = $copy_result.diff $result.checksum = $copy_result.checksum } # the file might not exist if running in check mode if (-not $check_mode -or (Test-Path -Path $dest -PathType Leaf)) { $result.size = Get-FileSize -path $dest } else { $result.size = $null } if ($diff_mode) { $result.diff.prepared = $diff } } elseif ($copy_mode -eq "single") { # a single file is located in src and we need to copy to dest, this will # always result in a change as the calculation is done on the Ansible side # before this is run. This should also never run in check mode if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } # the dest parameter is a directory, we need to append original_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\") -or (Test-Path -Path $dest -PathType Container)) { $remote_dest = Join-Path -Path $dest -ChildPath $original_basename $parent_dir = Split-Path -Path $remote_dest # when dest ends with /, we need to create the destination directories if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { New-Item -Path $parent_dir -ItemType Directory | Out-Null } } else { $remote_dest = $dest $parent_dir = Split-Path -Path $remote_dest # check if the dest parent dirs exist, need to fail if they don't if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } Copy-Item -Path $src -Destination $remote_dest -Force | Out-Null $result.changed = $true } Exit-Json -obj $result ScriptBlock ID: ffc13315-d068-40d5-8bfc-6ae5291e7df7 Path:	4104	1		3	2	15	0	1627	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4760	2180	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:09 PM	7f70462d-725d-0004-c567-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 235bc8b7-c12c-4331-8fb1-35c992ac39d7 Path:	4104	1		3	2	15	0	1626	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4760	2044	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:09 PM	7f70462d-725d-0004-b867-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: dca60d40-dcc4-438a-a4d7-e724406d4925 Path:	4104	1		3	2	15	0	1625	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4760	2044	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:09 PM	7f70462d-725d-0004-a967-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): 2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgICRkaWZmID0gJGNvcHlfcmVzdWx0LmRpZmYKICAgICAgICAkcmVzdWx0LmNoZWNrc3VtID0gJGNvcHlfcmVzdWx0LmNoZWNrc3VtCiAgICB9CgogICAgIyB0aGUgZmlsZSBtaWdodCBub3QgZXhpc3QgaWYgcnVubmluZyBpbiBjaGVjayBtb2RlCiAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSAtb3IgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikpIHsKICAgICAgICAkcmVzdWx0LnNpemUgPSBHZXQtRmlsZVNpemUgLXBhdGggJGRlc3QKICAgIH0gZWxzZSB7CiAgICAgICAgJHJlc3VsdC5zaXplID0gJG51bGwKICAgIH0KICAgIGlmICgkZGlmZl9tb2RlKSB7CiAgICAgICAgJHJlc3VsdC5kaWZmLnByZXBhcmVkID0gJGRpZmYKICAgIH0KfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJzaW5nbGUiKSB7CiAgICAjIGEgc2luZ2xlIGZpbGUgaXMgbG9jYXRlZCBpbiBzcmMgYW5kIHdlIG5lZWQgdG8gY29weSB0byBkZXN0LCB0aGlzIHdpbGwKICAgICMgYWx3YXlzIHJlc3VsdCBpbiBhIGNoYW5nZSBhcyB0aGUgY2FsY3VsYXRpb24gaXMgZG9uZSBvbiB0aGUgQW5zaWJsZSBzaWRlCiAgICAjIGJlZm9yZSB0aGlzIGlzIHJ1bi4gVGhpcyBzaG91bGQgYWxzbyBuZXZlciBydW4gaW4gY2hlY2sgbW9kZQogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBMZWFmKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgIyB0aGUgZGVzdCBwYXJhbWV0ZXIgaXMgYSBkaXJlY3RvcnksIHdlIG5lZWQgdG8gYXBwZW5kIG9yaWdpbmFsX2Jhc2VuYW1lCiAgICBpZiAoJGRlc3QuRW5kc1dpdGgoIi8iKSAtb3IgJGRlc3QuRW5kc1dpdGgoImBcIikgLW9yIChUZXN0LVBhdGggLVBhdGggJGRlc3QgLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAkcmVtb3RlX2Rlc3QgPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkb3JpZ2luYWxfYmFzZW5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgd2hlbiBkZXN0IGVuZHMgd2l0aCAvLCB3ZSBuZWVkIHRvIGNyZWF0ZSB0aGUgZGVzdGluYXRpb24gZGlyZWN0b3JpZXMKICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXJlbnRfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHJlbW90ZV9kZXN0ID0gJGRlc3QKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgY2hlY2sgaWYgdGhlIGRlc3QgcGFyZW50IGRpcnMgZXhpc3QsIG5lZWQgdG8gZmFpbCBpZiB0aGV5IGRvbid0CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJvYmplY3QgYXQgZGVzdGluYXRpb24gcGFyZW50IGRpciAnJHBhcmVudF9kaXInIGlzIGN1cnJlbnRseSBhIGZpbGUiCiAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJEZXN0aW5hdGlvbiBkaXJlY3RvcnkgJyRwYXJlbnRfZGlyJyBkb2VzIG5vdCBleGlzdCIKICAgICAgICB9CiAgICB9CgogICAgQ29weS1JdGVtIC1QYXRoICRzcmMgLURlc3RpbmF0aW9uICRyZW1vdGVfZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_copy_mode": "single", "_ansible_remote_tmp": "%TEMP%", "_ansible_syslog_facility": "LOG_USER", "_ansible_keep_remote_files": false, "_ansible_socket": null, "_original_basename": "pip-install-os-win.log", "_ansible_check_mode": false, "src": "C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1625573947.47-201669721457287\\source", "_ansible_no_log": false, "_ansible_module_name": "copy", "_ansible_verbosity": 2, "dest": "c:\\openstack\\log\\pip-install-os-win.log", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_tmpdir": "'C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1625573947.47-201669721457287'"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 55f4d0e5-a03e-406c-b4c5-07bcbe6246a9 Path:	4104	1		3	2	15	0	1624	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4760	2044	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:08 PM	7f70462d-725d-0004-a367-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): tUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgZnJvbSAnJHNvdXJjZScgdG8gJyRkZXN0JzogZGVzdCBpcyBhbHJlYWR5IGEgZmlsZSIKICAgICAgICB9CgogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBDb250YWluZXIgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgJGRpZmYgKz0gIiskZGVzdFxgbiIKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQoKICAgICRjaGlsZF9pdGVtcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJHNvdXJjZSAtRm9yY2UKICAgIGZvcmVhY2ggKCRjaGlsZF9pdGVtIGluICRjaGlsZF9pdGVtcykgewogICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfaXRlbS5OYW1lCiAgICAgICAgaWYgKCRjaGlsZF9pdGVtLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgJGRpZmYgKz0gKENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgIH0KICAgIH0KCiAgICByZXR1cm4gJGRpZmYKfQoKRnVuY3Rpb24gR2V0LUZpbGVTaXplKCRwYXRoKSB7CiAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRwYXRoIC1Gb3JjZQogICAgJHNpemUgPSAkbnVsbAogICAgaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAkZGlyX2ZpbGVzX3N1bSA9IEdldC1DaGlsZEl0ZW0gJGZpbGUuRnVsbE5hbWUgLVJlY3Vyc2UKICAgICAgICBpZiAoJGRpcl9maWxlc19zdW0gLWVxICRudWxsIC1vciAoJGRpcl9maWxlc19zdW0uUFNPYmplY3QuUHJvcGVydGllcy5uYW1lIC1jb250YWlucyAnbGVuZ3RoJyAtZXEgJGZhbHNlKSkgewogICAgICAgICAgICAkc2l6ZSA9IDAKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkc2l6ZSA9ICgkZGlyX2ZpbGVzX3N1bSB8IE1lYXN1cmUtT2JqZWN0IC1wcm9wZXJ0eSBsZW5ndGggLXN1bSkuU3VtCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkc2l6ZSA9ICRmaWxlLkxlbmd0aAogICAgfQoKICAgICRzaXplCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwKCRzcmMsICRkZXN0KSB7CiAgICAkYXJjaGl2ZSA9IFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZV06Ok9wZW4oJHNyYywgW1N5c3RlbS5JTy5Db21wcmVzc2lvbi5aaXBBcmNoaXZlTW9kZV06OlJlYWQsIFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjgpCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJGFyY2hpdmUuRW50cmllcykgewogICAgICAgICRhcmNoaXZlX25hbWUgPSAkZW50cnkuRnVsbE5hbWUKCiAgICAgICAgIyBGdWxsTmFtZSBtYXkgYmUgYXBwZW5kZWQgd2l0aCAvIG9yIFwsIGRldGVybWluZSBpZiBpdCBpcyBwYWRkZWQgYW5kIHJlbW92ZSBpdAogICAgICAgICRwYWRkaW5nX2xlbmd0aCA9ICRhcmNoaXZlX25hbWUuTGVuZ3RoICUgNAogICAgICAgIGlmICgkcGFkZGluZ19sZW5ndGggLWVxIDApIHsKICAgICAgICAgICAgJGlzX2RpciA9ICRmYWxzZQogICAgICAgICAgICAkYmFzZTY0X25hbWUgPSAkYXJjaGl2ZV9uYW1lCiAgICAgICAgfSBlbHNlaWYgKCRwYWRkaW5nX2xlbmd0aCAtZXEgMSkgewogICAgICAgICAgICAkaXNfZGlyID0gJHRydWUKICAgICAgICAgICAgaWYgKCRhcmNoaXZlX25hbWUuRW5kc1dpdGgoIi8iKSAtb3IgJGFyY2hpdmVfbmFtZS5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAgICAgJGJhc2U2NF9uYW1lID0gJGFyY2hpdmVfbmFtZS5TdWJzdHJpbmcoMCwgJGFyY2hpdmVfbmFtZS5MZW5ndGggLSAxKQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgdGhyb3cgImludmFsaWQgYmFzZTY0IGFyY2hpdmUgbmFtZSAnJGFyY2hpdmVfbmFtZSciCiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICB0aHJvdyAiaW52YWxpZCBiYXNlNjQgbGVuZ3RoICckYXJjaGl2ZV9uYW1lJyIKICAgICAgICB9CgogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGJhc2U2NF9uYW1lKSkKICAgICAgICAjIHJlLWFkZCB0aGUgLyB0byB0aGUgZW50cnkgZnVsbCBuYW1lIGlmIGl0IHdhcyBhIGRpcmVjdG9yeQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9ICIkZGVjb2RlZF9hcmNoaXZlX25hbWUvIgogICAgICAgIH0KICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX25hbWUpCiAgICAgICAgJGVudHJ5X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGVudHJ5X3RhcmdldF9wYXRoKQoKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRlbnRyeV9kaXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRlbnRyeV9kaXIgLUl0ZW1UeXBlIERpcmVjdG9yeSAtV2hhdElmOiRjaGVja19tb2RlIHwgT3V0LU51bGwKICAgICAgICB9CgogICAgICAgIGlmICgkaXNfZGlyIC1lcSAkZmFsc2UpIHsKICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgICAgIFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZUV4dGVuc2lvbnNdOjpFeHRyYWN0VG9GaWxlKCRlbnRyeSwgJGVudHJ5X3RhcmdldF9wYXRoLCAkdHJ1ZSkKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KICAgICRhcmNoaXZlLkRpc3Bvc2UoKSAgIyByZWxlYXNlIHRoZSBoYW5kbGUgb2YgdGhlIHppcCBmaWxlCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwTGVnYWN5KCRzcmMsICRkZXN0KSB7CiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0KSkgewogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICB9CiAgICAkc2hlbGwgPSBOZXctT2JqZWN0IC1Db21PYmplY3QgU2hlbGwuQXBwbGljYXRpb24KICAgICR6aXAgPSAkc2hlbGwuTmFtZVNwYWNlKCRzcmMpCiAgICAkZGVzdF9wYXRoID0gJHNoZWxsLk5hbWVTcGFjZSgkZGVzdCkKCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJHppcC5JdGVtcygpKSB7CiAgICAgICAgJGlzX2RpciA9ICRlbnRyeS5Jc0ZvbGRlcgogICAgICAgICRlbmNvZGVkX2FyY2hpdmVfZW50cnkgPSAkZW50cnkuTmFtZQogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRlbmNvZGVkX2FyY2hpdmVfZW50cnkpKQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSAiJGRlY29kZWRfYXJjaGl2ZV9lbnRyeS8iCiAgICAgICAgfQoKICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX2VudHJ5KQogICAgICAgICRlbnRyeV9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRlbnRyeV90YXJnZXRfcGF0aCkKCiAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkZW50cnlfZGlyKSkgewogICAgICAgICAgICBOZXctSXRlbSAtUGF0aCAkZW50cnlfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfQoKICAgICAgICBpZiAoJGlzX2RpciAtZXEgJGZhbHNlIC1hbmQgKC1ub3QgJGNoZWNrX21vZGUpKSB7CiAgICAgICAgICAgICMgaHR0cHM6Ly9tc2RuLm1pY3Jvc29mdC5jb20vZW4tdXMvbGlicmFyeS93aW5kb3dzL2Rlc2t0b3AvYmI3ODc4NjYuYXNweAogICAgICAgICAgICAjIEZyb20gRm9sZGVyLkNvcHlIZXJlIGRvY3VtZW50YXRpb24sIDEwNDQgbWVhbnM6CiAgICAgICAgICAgICMgIC0gMTAyNDogZG8gbm90IGRpc3BsYXkgYSB1c2VyIGludGVyZmFjZSBpZiBhbiBlcnJvciBvY2N1cnMKICAgICAgICAgICAgIyAgLSAgIDE2OiByZXNwb25kIHdpdGggInllcyB0byBhbGwiIGZvciBhbnkgZGlhbG9nIGJveCB0aGF0IGlzIGRpc3BsYXllZAogICAgICAgICAgICAjICAtICAgIDQ6IGRvIG5vdCBkaXNwbGF5IGEgcHJvZ3Jlc3MgZGlhbG9nIGJveAogICAgICAgICAgICAkZGVzdF9wYXRoLkNvcHlIZXJlKCRlbnRyeSwgMTA0NCkKCiAgICAgICAgICAgICMgb25jZSBmaWxlIGlzIGV4dHJhY2VkLCB3ZSBuZWVkIHRvIHJlbmFtZSBpdCB3aXRoIG5vbiBiYXNlNjQgbmFtZQogICAgICAgICAgICAkY29tYmluZWRfZW5jb2RlZF9wYXRoID0gW1N5c3RlbS5JTy5QYXRoXTo6Q29tYmluZSgkZGVzdCwgJGVuY29kZWRfYXJjaGl2ZV9lbnRyeSkKICAgICAgICAgICAgTW92ZS1JdGVtIC1QYXRoICRjb21iaW5lZF9lbmNvZGVkX3BhdGggLURlc3RpbmF0aW9uICRlbnRyeV90YXJnZXRfcGF0aCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0KfQoKaWYgKCRjb3B5X21vZGUgLWVxICJxdWVyeSIpIHsKICAgICMgd2Ugb25seSByZXR1cm4gYSBsaXN0IG9mIGZpbGVzL2RpcmVjdG9yaWVzIHRoYXQgbmVlZCB0byBiZSBjb3BpZWQgb3ZlcgogICAgIyB0aGUgc291cmNlIG9mIHRoZSBsb2NhbCBmaWxlIHdpbGwgYmUgdGhlIGtleSB1c2VkCiAgICAkY2hhbmdlZF9maWxlcyA9IEAoKQogICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgPSBAKCkKICAgICRjaGFuZ2VkX3N5bWxpbmtzID0gQCgpCgogICAgZm9yZWFjaCAoJGZpbGUgaW4gJGZpbGVzKSB7CiAgICAgICAgJGZpbGVuYW1lID0gJGZpbGUuZGVzdAogICAgICAgICRsb2NhbF9jaGVja3N1bSA9ICRmaWxlLmNoZWNrc3VtCgogICAgICAgICRmaWxlcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoICRmaWxlbmFtZQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGZpbGVwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAgICAgICAgICRjaGVja3N1bSA9IEdldC1GaWxlQ2hlY2tzdW0gLXBhdGggJGZpbGVwYXRoCiAgICAgICAgICAgICAgICBpZiAoJGNoZWNrc3VtIC1uZSAkbG9jYWxfY2hlY2tzdW0pIHsKICAgICAgICAgICAgICAgICAgICAkd2lsbF9jaGFuZ2UgPSAkdHJ1ZQogICAgICAgICAgICAgICAgICAgICRjaGFuZ2VkX2ZpbGVzICs9ICRmaWxlCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRmaWxlcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZpbGUgdG8gZGVzdCAnJGZpbGVwYXRoJzogb2JqZWN0IGF0IHBhdGggaXMgYWxyZWFkeSBhIGRpcmVjdG9yeSIKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkY2hhbmdlZF9maWxlcyArPSAkZmlsZQogICAgICAgIH0KICAgIH0KCiAgICBmb3JlYWNoICgkZGlyZWN0b3J5IGluICRkaXJlY3RvcmllcykgewogICAgICAgICRkaXJuYW1lID0gJGRpcmVjdG9yeS5kZXN0CgogICAgICAgICRkaXJwYXRoID0gSm9pbi1QYXRoIC1QYXRoICRkZXN0IC1DaGlsZFBhdGggJGRpcm5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGRpcnBhdGgpCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgdG8gZGVzdCAnJGRpcnBhdGgnOiBvYmplY3QgYXQgcGFyZW50IGRpcmVjdG9yeSBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0KICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRkaXJwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZvbGRlciB0byBkZXN0ICckZGlycGF0aCc6IG9iamVjdCBhdCBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0gZWxzZWlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGRpcnBhdGggLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAgICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgKz0gJGRpcmVjdG9yeQogICAgICAgIH0KICAgIH0KCiAgICAjIFRPRE86IEhhbmRsZSBzeW1saW5rcwoKICAgICRyZXN1bHQuZmlsZXMgPSAkY2hhbmdlZF9maWxlcwogICAgJHJlc3VsdC5kaXJlY3RvcmllcyA9ICRjaGFuZ2VkX2RpcmVjdG9yaWVzCiAgICAkcmVzdWx0LnN5bWxpbmtzID0gJGNoYW5nZWRfc3ltbGlua3MKfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJleHBsb2RlIikgewogICAgIyBhIHNpbmdsZSB6aXAgZmlsZSBjb250YWluaW5nIHRoZSBmaWxlcyBhbmQgZGlyZWN0b3JpZXMgbmVlZHMgdG8gYmUKICAgICMgZXhwYW5kZWQgdGhpcyB3aWxsIGFsd2F5cyByZXN1bHQgaW4gYSBjaGFuZ2UgYXMgdGhlIGNhbGN1bGF0aW9uIGlzIGRvbmUKICAgICMgb24gdGhlIHdpbl9jb3B5IGFjdGlvbiBwbHVnaW4gYW5kIGlzIG9ubHkgcnVuIGlmIGEgY2hhbmdlIG5lZWRzIHRvIG9jY3VyCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRzcmMgLVBhdGhUeXBlIExlYWYpKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiQ2Fubm90IGV4cGFuZCBzcmMgemlwIGZpbGU6ICckc3JjJyBhcyBpdCBkb2VzIG5vdCBleGlzdCIKICAgIH0KCiAgICAjIERldGVjdCBpZiB0aGUgUFMgemlwIGFzc2VtYmxpZXMgYXJlIGF2YWlsYWJsZSBvciB3aGV0aGVyIHRvIHVzZSBTaGVsbAogICAgJHVzZV9sZWdhY3kgPSAkZmFsc2UKICAgIHRyeSB7CiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24uRmlsZVN5c3RlbSB8IE91dC1OdWxsCiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24gfCBPdXQtTnVsbAogICAgfSBjYXRjaCB7CiAgICAgICAgJHVzZV9sZWdhY3kgPSAkdHJ1ZQogICAgfQogICAgaWYgKCR1c2VfbGVnYWN5KSB7CiAgICAgICAgRXh0cmFjdC1aaXBMZWdhY3kgLXNyYyAkc3JjIC1kZXN0ICRkZXN0CiAgICB9IGVsc2UgewogICAgICAgIEV4dHJhY3QtWmlwIC1zcmMgJHNyYyAtZGVzdCAkZGVzdAogICAgfQoKICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCn0gZWxzZWlmICgkY29weV9tb2RlIC1lcSAicmVtb3RlIikgewogICAgIyBhbGwgY29weSBhY3Rpb25zIGFyZSBoYXBwZW5pbmcgb24gdGhlIHJlbW90ZSBzaWRlICh3aW5kb3dzIGhvc3QpLCBuZWVkCiAgICAjIHRvbyBjb3B5IHNvdXJjZSBhbmQgZGVzdCB1c2luZyBQUyBjb2RlCiAgICAkcmVzdWx0LnNyYyA9ICRzcmMKICAgICRyZXN1bHQuZGVzdCA9ICRkZXN0CgogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBDb250YWluZXIpIHsKICAgICAgICAjIHdlIGFyZSBjb3B5aW5nIGEgZGlyZWN0b3J5IG9yIHRoZSBjb250ZW50cyBvZiBhIGRpcmVjdG9yeQogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZvbGRlcl9jb3B5JwogICAgICAgIGlmICgkc3JjLkVuZHNXaXRoKCIvIikgLW9yICRzcmMuRW5kc1dpdGgoImBcIikpIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIncyBjb250ZW50cyB0byBkZXN0CiAgICAgICAgICAgICRkaWZmID0gIiIKICAgICAgICAgICAgJGNoaWxkX2ZpbGVzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZQogICAgICAgICAgICBmb3JlYWNoICgkY2hpbGRfZmlsZSBpbiAkY2hpbGRfZmlsZXMpIHsKICAgICAgICAgICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfZmlsZS5OYW1lCiAgICAgICAgICAgICAgICBpZiAoJGNoaWxkX2ZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgICAgICRkaWZmICs9IENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aAogICAgICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIgYW5kIGl0J3MgY29udGVudHMgdG8gZGVzdAogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgICAgICAkZGlmZiA9IENvcHktRm9sZGVyIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgIyB3ZSBhcmUganVzdCBjb3B5aW5nIGEgc2luZ2xlIGZpbGUgdG8gZGVzdAogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZpbGVfY29weScKCiAgICAgICAgJHNvdXJjZV9iYXNlbmFtZSA9IChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICRyZXN1bHQub3JpZ2luYWxfYmFzZW5hbWUgPSAkc291cmNlX2Jhc2VuYW1lCgogICAgICAgIGlmICgkZGVzdC5FbmRzV2l0aCgiLyIpIC1vciAkZGVzdC5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICMgY2hlY2sgaWYgdGhlIHBhcmVudCBkaXIgZXhpc3RzLCB0aGlzIGlzIG9ubHkgZG9uZSBpZiBzcmMgaXMgYQogICAgICAgICAgICAjIGZpbGUgYW5kIGRlc3QgaWYgdGhlIHBhdGggdG8gYSBmaWxlIChkb2Vzbid0IGVuZCB3aXRoIFwgb3IgLykKICAgICAgICAgICAgJHBhcmVudF9kaXIgPSBTcGxpdC1QYXRoIC1QYXRoICRkZXN0CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRGVzdGluYXRpb24gZGlyZWN0b3J5ICckcGFyZW50X2RpcicgZG9lcyBub3QgZXhpc3QiCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgJGNvcHlfcmVzdWx0ID0gQ29weS1GaWxlIC1zb3VyY ScriptBlock ID: 55f4d0e5-a03e-406c-b4c5-07bcbe6246a9 Path:	4104	1		3	2	15	0	1623	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4760	2044	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:08 PM	7f70462d-725d-0004-a367-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): AgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTUsIEpvbiBIYXdrZXN3b3J0aCAoQGpoYXdrZXN3b3J0aCkgPGZpZ3NAdW5pdHkuZGVtb24uY28udWs+CiMgQ29weXJpZ2h0OiAoYykgMjAxNywgQW5zaWJsZSBQcm9qZWN0CiMgR05VIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgdjMuMCsgKHNlZSBDT1BZSU5HIG9yIGh0dHBzOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvZ3BsLTMuMC50eHQpCgojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxlZ2FjeQoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKJHBhcmFtcyA9IFBhcnNlLUFyZ3MgLWFyZ3VtZW50cyAkYXJncyAtc3VwcG9ydHNfY2hlY2tfbW9kZSAkdHJ1ZQokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtdHlwZSAiYm9vbCIgLWRlZmF1bHQgJGZhbHNlCiRkaWZmX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfZGlmZiIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQoKIyB0aGVyZSBhcmUgNCBtb2RlcyB0byB3aW5fY29weSB3aGljaCBhcmUgZHJpdmVuIGJ5IHRoZSBhY3Rpb24gcGx1Z2luczoKIyAgIGV4cGxvZGU6IHNyYyBpcyBhIHppcCBmaWxlIHdoaWNoIG5lZWRzIHRvIGJlIGV4dHJhY3RlZCB0byBkZXN0LCBmb3IgdXNlIHdpdGggbXVsdGlwbGUgZmlsZXMKIyAgIHF1ZXJ5OiB3aW5fY29weSBhY3Rpb24gcGx1Z2luIHdhbnRzIHRvIGdldCB0aGUgc3RhdGUgb2YgcmVtb3RlIGZpbGVzIHRvIGNoZWNrIHdoZXRoZXIgaXQgbmVlZHMgdG8gc2VuZCB0aGVtCiMgICByZW1vdGU6IGFsbCBjb3B5IGFjdGlvbiBpcyBoYXBwZW5pbmcgcmVtb3RlbHkgKHJlbW90ZV9zcmM9VHJ1ZSkKIyAgIHNpbmdsZTogYSBzaW5nbGUgZmlsZSBoYXMgYmVlbiBjb3BpZWQsIGFsc28gdXNlZCB3aXRoIHRlbXBsYXRlCiRjb3B5X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2NvcHlfbW9kZSIgLXR5cGUgInN0ciIgLWRlZmF1bHQgInNpbmdsZSIgLXZhbGlkYXRlc2V0ICJleHBsb2RlIiwicXVlcnkiLCJyZW1vdGUiLCJzaW5nbGUiCgojIHVzZWQgaW4gZXhwbG9kZSwgcmVtb3RlIGFuZCBzaW5nbGUgbW9kZQokc3JjID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInNyYyIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAoJGNvcHlfbW9kZSAtaW4gQCgiZXhwbG9kZSIsInByb2Nlc3MiLCJzaW5nbGUiKSkKJGRlc3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGVzdCIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAkdHJ1ZQoKIyB1c2VkIGluIHNpbmdsZSBtb2RlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCgojIHVzZWQgaW4gcXVlcnkgYW5kIHJlbW90ZSBtb2RlCiRmb3JjZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmb3JjZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCgojIHVzZWQgaW4gcXVlcnkgbW9kZSwgY29udGFpbnMgdGhlIGxvY2FsIGZpbGVzL2RpcmVjdG9yaWVzL3N5bWxpbmtzIHRoYXQgYXJlIHRvIGJlIGNvcGllZAokZmlsZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZmlsZXMiIC10eXBlICJsaXN0IgokZGlyZWN0b3JpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGlyZWN0b3JpZXMiIC10eXBlICJsaXN0Igokc3ltbGlua3MgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3ltbGlua3MiIC10eXBlICJsaXN0IgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCn0KCmlmICgkZGlmZl9tb2RlKSB7CiAgICAkcmVzdWx0LmRpZmYgPSBAe30KfQoKRnVuY3Rpb24gQ29weS1GaWxlKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9maWxlID0gJGZhbHNlCiAgICAkc291cmNlX2NoZWNrc3VtID0gJG51bGwKICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAkc291cmNlX2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkc291cmNlCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBkZXN0IGlzIGFscmVhZHkgYSBmb2xkZXIiCiAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgaWYgKCRmb3JjZSkgewogICAgICAgICAgICAkdGFyZ2V0X2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkZGVzdAogICAgICAgICAgICBpZiAoJHNvdXJjZV9jaGVja3N1bSAtbmUgJHRhcmdldF9jaGVja3N1bSkgewogICAgICAgICAgICAgICAgJGNvcHlfZmlsZSA9ICR0cnVlCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICRjb3B5X2ZpbGUgPSAkdHJ1ZQogICAgfQoKICAgIGlmICgkY29weV9maWxlKSB7CiAgICAgICAgJGZpbGVfZGlyID0gW1N5c3RlbS5JTy5QYXRoXTo6R2V0RGlyZWN0b3J5TmFtZSgkZGVzdCkKICAgICAgICAjIHZhbGlkYXRlIHRoZSBwYXJlbnQgZGlyIGlzIG5vdCBhIGZpbGUgYW5kIHRoYXQgaXQgZXhpc3RzCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZmlsZV9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRmaWxlX2RpcikpIHsKICAgICAgICAgICAgIyBkaXJlY3RvcnkgZG9lc24ndCBleGlzdCwgbmVlZCB0byBjcmVhdGUKICAgICAgICAgICAgTmV3LUl0ZW0gLVBhdGggJGZpbGVfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICIrJGZpbGVfZGlyXGBuIgogICAgICAgIH0KCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBSZW1vdmUtSXRlbSAtUGF0aCAkZGVzdCAtRm9yY2UgLVJlY3Vyc2UgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICItJGRlc3RgbiIKICAgICAgICB9CgogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICMgY2Fubm90IHJ1biB3aXRoIC1XaGF0SWY6JGNoZWNrX21vZGUgYXMgaWYgdGhlIHBhcmVudCBkaXIgZGlkbid0CiAgICAgICAgICAgICMgZXhpc3QgYW5kIHdhcyBjcmVhdGVkIGFib3ZlIHdvdWxkIHN0aWxsIG5vdCBleGlzdCBpbiBjaGVjayBtb2RlCiAgICAgICAgICAgIENvcHktSXRlbSAtUGF0aCAkc291cmNlIC1EZXN0aW5hdGlvbiAkZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgICAgICAkZGlmZiArPSAiKyRkZXN0YG4iCgogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgIyB1Z2x5IGJ1dCB0byBzYXZlIHVzIGZyb20gcnVubmluZyB0aGUgY2hlY2tzdW0gdHdpY2UsIGxldCdzIHJldHVybiBpdCBmb3IKICAgICMgdGhlIG1haW4gY29kZSB0byBhZGQgaXQgdG8gJHJlc3VsdAogICAgcmV0dXJuICxAeyBkaWZmID0gJGRpZmY7IGNoZWNrc3VtID0gJHNvdXJjZV9jaGVja3N1bSB9Cn0KCkZ1bmN0aW9uIENvcHktRm9sZGVyKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9mb2xkZXIgPSAkZmFsc2UKCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgJHBhcmVudF9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRkZXN0KQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9CiAgICAgICAgaWYgKFRlc3QtUGF0aCA ScriptBlock ID: 55f4d0e5-a03e-406c-b4c5-07bcbe6246a9 Path:	4104	1		3	2	15	0	1622	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4760	2044	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:08 PM	7f70462d-725d-0004-a367-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgIC ScriptBlock ID: 55f4d0e5-a03e-406c-b4c5-07bcbe6246a9 Path:	4104	1		3	2	15	0	1621	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4760	2044	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:08 PM	7f70462d-725d-0004-a367-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1620	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4760	5056	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:08 PM	7f70462d-725d-0004-a067-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4760 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1619	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4760	4916	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:08 PM	7f70462d-725d-0004-a067-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1618	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4760	5056	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:08 PM	7f70462d-725d-0004-a067-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): begin { $path = 'C:\Users\Admin\AppData\Local\Temp\ansible-tmp-1625573947.47-201669721457287\source' $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 $fd = [System.IO.File]::Create($path) $sha1 = [System.Security.Cryptography.SHA1CryptoServiceProvider]::Create() $bytes = @() #initialize for empty file case } process { $bytes = [System.Convert]::FromBase64String($input) $sha1.TransformBlock($bytes, 0, $bytes.Length, $bytes, 0) | Out-Null $fd.Write($bytes, 0, $bytes.Length) } end { $sha1.TransformFinalBlock($bytes, 0, 0) | Out-Null $hash = [System.BitConverter]::ToString($sha1.Hash).Replace("-", "").ToLowerInvariant() $fd.Close() Write-Output "{""sha1"":""$hash""}" } ScriptBlock ID: c30d0901-866a-4906-bd39-388e155d265a Path:	4104	1		3	2	15	0	1617	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2480	4108	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:08 PM	7f70462d-725d-0002-a68e-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1616	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2480	1720	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:08 PM	7f70462d-725d-0004-9d67-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2480 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1615	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2480	4052	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:08 PM	7f70462d-725d-0004-9d67-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1614	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2480	1720	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:08 PM	7f70462d-725d-0004-9d67-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1613	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2352	5104	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:07 PM	7f70462d-725d-0004-9767-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2352 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1612	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2352	4164	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:07 PM	7f70462d-725d-0004-9767-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1611	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2352	5104	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:07 PM	7f70462d-725d-0004-9767-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1610	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4320	4436	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:07 PM	7f70462d-725d-0000-695b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4320 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1609	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4320	5060	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:07 PM	7f70462d-725d-0000-695b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1608	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4320	4436	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:07 PM	7f70462d-725d-0000-695b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2015, Jon Hawkesworth (@jhawkesworth) <figs@unity.demon.co.uk> # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = 'Stop' $params = Parse-Args -arguments $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false $diff_mode = Get-AnsibleParam -obj $params -name "_ansible_diff" -type "bool" -default $false # there are 4 modes to win_copy which are driven by the action plugins: # explode: src is a zip file which needs to be extracted to dest, for use with multiple files # query: win_copy action plugin wants to get the state of remote files to check whether it needs to send them # remote: all copy action is happening remotely (remote_src=True) # single: a single file has been copied, also used with template $copy_mode = Get-AnsibleParam -obj $params -name "_copy_mode" -type "str" -default "single" -validateset "explode","query","remote","single" # used in explode, remote and single mode $src = Get-AnsibleParam -obj $params -name "src" -type "path" -failifempty ($copy_mode -in @("explode","process","single")) $dest = Get-AnsibleParam -obj $params -name "dest" -type "path" -failifempty $true # used in single mode $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" # used in query and remote mode $force = Get-AnsibleParam -obj $params -name "force" -type "bool" -default $true # used in query mode, contains the local files/directories/symlinks that are to be copied $files = Get-AnsibleParam -obj $params -name "files" -type "list" $directories = Get-AnsibleParam -obj $params -name "directories" -type "list" $symlinks = Get-AnsibleParam -obj $params -name "symlinks" -type "list" $result = @{ changed = $false } if ($diff_mode) { $result.diff = @{} } Function Copy-File($source, $dest) { $diff = "" $copy_file = $false $source_checksum = $null if ($force) { $source_checksum = Get-FileChecksum -path $source } if (Test-Path -Path $dest -PathType Container) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': dest is already a folder" } elseif (Test-Path -Path $dest -PathType Leaf) { if ($force) { $target_checksum = Get-FileChecksum -path $dest if ($source_checksum -ne $target_checksum) { $copy_file = $true } } } else { $copy_file = $true } if ($copy_file) { $file_dir = [System.IO.Path]::GetDirectoryName($dest) # validate the parent dir is not a file and that it exists if (Test-Path -Path $file_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } elseif (-not (Test-Path -Path $file_dir)) { # directory doesn't exist, need to create New-Item -Path $file_dir -ItemType Directory -WhatIf:$check_mode | Out-Null $diff += "+$file_dir\`n" } if (Test-Path -Path $dest -PathType Leaf) { Remove-Item -Path $dest -Force -Recurse -WhatIf:$check_mode | Out-Null $diff += "-$dest`n" } if (-not $check_mode) { # cannot run with -WhatIf:$check_mode as if the parent dir didn't # exist and was created above would still not exist in check mode Copy-Item -Path $source -Destination $dest -Force | Out-Null } $diff += "+$dest`n" $result.changed = $true } # ugly but to save us from running the checksum twice, let's return it for # the main code to add it to $result return ,@{ diff = $diff; checksum = $source_checksum } } Function Copy-Folder($source, $dest) { $diff = "" $copy_folder = $false if (-not (Test-Path -Path $dest -PathType Container)) { $parent_dir = [System.IO.Path]::GetDirectoryName($dest) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } if (Test-Path -Path $dest -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder from '$source' to '$dest': dest is already a file" } New-Item -Path $dest -ItemType Container -WhatIf:$check_mode | Out-Null $diff += "+$dest\`n" $result.changed = $true } $child_items = Get-ChildItem -Path $source -Force foreach ($child_item in $child_items) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_item.Name if ($child_item.PSIsContainer) { $diff += (Copy-Folder -source $child_item.Fullname -dest $dest_child_path) } else { $diff += (Copy-File -source $child_item.Fullname -dest $dest_child_path).diff } } return $diff } Function Get-FileSize($path) { $file = Get-Item -Path $path -Force $size = $null if ($file.PSIsContainer) { $dir_files_sum = Get-ChildItem $file.FullName -Recurse if ($dir_files_sum -eq $null -or ($dir_files_sum.PSObject.Properties.name -contains 'length' -eq $false)) { $size = 0 } else { $size = ($dir_files_sum | Measure-Object -property length -sum).Sum } } else { $size = $file.Length } $size } Function Extract-Zip($src, $dest) { $archive = [System.IO.Compression.ZipFile]::Open($src, [System.IO.Compression.ZipArchiveMode]::Read, [System.Text.Encoding]::UTF8) foreach ($entry in $archive.Entries) { $archive_name = $entry.FullName # FullName may be appended with / or \, determine if it is padded and remove it $padding_length = $archive_name.Length % 4 if ($padding_length -eq 0) { $is_dir = $false $base64_name = $archive_name } elseif ($padding_length -eq 1) { $is_dir = $true if ($archive_name.EndsWith("/") -or $archive_name.EndsWith("`\")) { $base64_name = $archive_name.Substring(0, $archive_name.Length - 1) } else { throw "invalid base64 archive name '$archive_name'" } } else { throw "invalid base64 length '$archive_name'" } # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_name = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_name)) # re-add the / to the entry full name if it was a directory if ($is_dir) { $decoded_archive_name = "$decoded_archive_name/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_name) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false) { if (-not $check_mode) { [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $entry_target_path, $true) } } } $archive.Dispose() # release the handle of the zip file } Function Extract-ZipLegacy($src, $dest) { if (-not (Test-Path -Path $dest)) { New-Item -Path $dest -ItemType Directory -WhatIf:$check_mode | Out-Null } $shell = New-Object -ComObject Shell.Application $zip = $shell.NameSpace($src) $dest_path = $shell.NameSpace($dest) foreach ($entry in $zip.Items()) { $is_dir = $entry.IsFolder $encoded_archive_entry = $entry.Name # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_entry = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encoded_archive_entry)) if ($is_dir) { $decoded_archive_entry = "$decoded_archive_entry/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_entry) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false -and (-not $check_mode)) { # https://msdn.microsoft.com/en-us/library/windows/desktop/bb787866.aspx # From Folder.CopyHere documentation, 1044 means: # - 1024: do not display a user interface if an error occurs # - 16: respond with "yes to all" for any dialog box that is displayed # - 4: do not display a progress dialog box $dest_path.CopyHere($entry, 1044) # once file is extraced, we need to rename it with non base64 name $combined_encoded_path = [System.IO.Path]::Combine($dest, $encoded_archive_entry) Move-Item -Path $combined_encoded_path -Destination $entry_target_path -Force | Out-Null } } } if ($copy_mode -eq "query") { # we only return a list of files/directories that need to be copied over # the source of the local file will be the key used $changed_files = @() $changed_directories = @() $changed_symlinks = @() foreach ($file in $files) { $filename = $file.dest $local_checksum = $file.checksum $filepath = Join-Path -Path $dest -ChildPath $filename if (Test-Path -Path $filepath -PathType Leaf) { if ($force) { $checksum = Get-FileChecksum -path $filepath if ($checksum -ne $local_checksum) { $will_change = $true $changed_files += $file } } } elseif (Test-Path -Path $filepath -PathType Container) { Fail-Json -obj $result -message "cannot copy file to dest '$filepath': object at path is already a directory" } else { $changed_files += $file } } foreach ($directory in $directories) { $dirname = $directory.dest $dirpath = Join-Path -Path $dest -ChildPath $dirname $parent_dir = [System.IO.Path]::GetDirectoryName($dirpath) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at parent directory path is already a file" } if (Test-Path -Path $dirpath -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at path is already a file" } elseif (-not (Test-Path -Path $dirpath -PathType Container)) { $changed_directories += $directory } } # TODO: Handle symlinks $result.files = $changed_files $result.directories = $changed_directories $result.symlinks = $changed_symlinks } elseif ($copy_mode -eq "explode") { # a single zip file containing the files and directories needs to be # expanded this will always result in a change as the calculation is done # on the win_copy action plugin and is only run if a change needs to occur if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot expand src zip file: '$src' as it does not exist" } # Detect if the PS zip assemblies are available or whether to use Shell $use_legacy = $false try { Add-Type -AssemblyName System.IO.Compression.FileSystem | Out-Null Add-Type -AssemblyName System.IO.Compression | Out-Null } catch { $use_legacy = $true } if ($use_legacy) { Extract-ZipLegacy -src $src -dest $dest } else { Extract-Zip -src $src -dest $dest } $result.changed = $true } elseif ($copy_mode -eq "remote") { # all copy actions are happening on the remote side (windows host), need # too copy source and dest using PS code $result.src = $src $result.dest = $dest if (-not (Test-Path -Path $src)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } if (Test-Path -Path $src -PathType Container) { # we are copying a directory or the contents of a directory $result.operation = 'folder_copy' if ($src.EndsWith("/") -or $src.EndsWith("`\")) { # copying the folder's contents to dest $diff = "" $child_files = Get-ChildItem -Path $src -Force foreach ($child_file in $child_files) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_file.Name if ($child_file.PSIsContainer) { $diff += Copy-Folder -source $child_file.FullName -dest $dest_child_path } else { $diff += (Copy-File -source $child_file.FullName -dest $dest_child_path).diff } } } else { # copying the folder and it's contents to dest $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest $diff = Copy-Folder -source $src -dest $dest } } else { # we are just copying a single file to dest $result.operation = 'file_copy' $source_basename = (Get-Item -Path $src -Force).Name $result.original_basename = $source_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\")) { $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest } else { # check if the parent dir exists, this is only done if src is a # file and dest if the path to a file (doesn't end with \ or /) $parent_dir = Split-Path -Path $dest if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } $copy_result = Copy-File -source $src -dest $dest $diff = $copy_result.diff $result.checksum = $copy_result.checksum } # the file might not exist if running in check mode if (-not $check_mode -or (Test-Path -Path $dest -PathType Leaf)) { $result.size = Get-FileSize -path $dest } else { $result.size = $null } if ($diff_mode) { $result.diff.prepared = $diff } } elseif ($copy_mode -eq "single") { # a single file is located in src and we need to copy to dest, this will # always result in a change as the calculation is done on the Ansible side # before this is run. This should also never run in check mode if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } # the dest parameter is a directory, we need to append original_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\") -or (Test-Path -Path $dest -PathType Container)) { $remote_dest = Join-Path -Path $dest -ChildPath $original_basename $parent_dir = Split-Path -Path $remote_dest # when dest ends with /, we need to create the destination directories if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { New-Item -Path $parent_dir -ItemType Directory | Out-Null } } else { $remote_dest = $dest $parent_dir = Split-Path -Path $remote_dest # check if the dest parent dirs exist, need to fail if they don't if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } Copy-Item -Path $src -Destination $remote_dest -Force | Out-Null $result.changed = $true } Exit-Json -obj $result ScriptBlock ID: 502099cb-bb96-4a74-8247-14bb79bfaf76 Path:	4104	1		3	2	15	0	1607	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3236	3128	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:07 PM	7f70462d-725d-0003-a990-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 34d00386-3c27-4854-a8f5-362722d61623 Path:	4104	1		3	2	15	0	1606	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3236	4020	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:07 PM	7f70462d-725d-0003-9c90-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: f401b15f-88de-4e3a-a1c0-f5fdf89ae937 Path:	4104	1		3	2	15	0	1605	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3236	4020	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:06 PM	7f70462d-725d-0003-8d90-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): WxlcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZpbGUgdG8gZGVzdCAnJGZpbGVwYXRoJzogb2JqZWN0IGF0IHBhdGggaXMgYWxyZWFkeSBhIGRpcmVjdG9yeSIKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkY2hhbmdlZF9maWxlcyArPSAkZmlsZQogICAgICAgIH0KICAgIH0KCiAgICBmb3JlYWNoICgkZGlyZWN0b3J5IGluICRkaXJlY3RvcmllcykgewogICAgICAgICRkaXJuYW1lID0gJGRpcmVjdG9yeS5kZXN0CgogICAgICAgICRkaXJwYXRoID0gSm9pbi1QYXRoIC1QYXRoICRkZXN0IC1DaGlsZFBhdGggJGRpcm5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGRpcnBhdGgpCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgdG8gZGVzdCAnJGRpcnBhdGgnOiBvYmplY3QgYXQgcGFyZW50IGRpcmVjdG9yeSBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0KICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRkaXJwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZvbGRlciB0byBkZXN0ICckZGlycGF0aCc6IG9iamVjdCBhdCBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0gZWxzZWlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGRpcnBhdGggLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAgICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgKz0gJGRpcmVjdG9yeQogICAgICAgIH0KICAgIH0KCiAgICAjIFRPRE86IEhhbmRsZSBzeW1saW5rcwoKICAgICRyZXN1bHQuZmlsZXMgPSAkY2hhbmdlZF9maWxlcwogICAgJHJlc3VsdC5kaXJlY3RvcmllcyA9ICRjaGFuZ2VkX2RpcmVjdG9yaWVzCiAgICAkcmVzdWx0LnN5bWxpbmtzID0gJGNoYW5nZWRfc3ltbGlua3MKfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJleHBsb2RlIikgewogICAgIyBhIHNpbmdsZSB6aXAgZmlsZSBjb250YWluaW5nIHRoZSBmaWxlcyBhbmQgZGlyZWN0b3JpZXMgbmVlZHMgdG8gYmUKICAgICMgZXhwYW5kZWQgdGhpcyB3aWxsIGFsd2F5cyByZXN1bHQgaW4gYSBjaGFuZ2UgYXMgdGhlIGNhbGN1bGF0aW9uIGlzIGRvbmUKICAgICMgb24gdGhlIHdpbl9jb3B5IGFjdGlvbiBwbHVnaW4gYW5kIGlzIG9ubHkgcnVuIGlmIGEgY2hhbmdlIG5lZWRzIHRvIG9jY3VyCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRzcmMgLVBhdGhUeXBlIExlYWYpKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiQ2Fubm90IGV4cGFuZCBzcmMgemlwIGZpbGU6ICckc3JjJyBhcyBpdCBkb2VzIG5vdCBleGlzdCIKICAgIH0KCiAgICAjIERldGVjdCBpZiB0aGUgUFMgemlwIGFzc2VtYmxpZXMgYXJlIGF2YWlsYWJsZSBvciB3aGV0aGVyIHRvIHVzZSBTaGVsbAogICAgJHVzZV9sZWdhY3kgPSAkZmFsc2UKICAgIHRyeSB7CiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24uRmlsZVN5c3RlbSB8IE91dC1OdWxsCiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24gfCBPdXQtTnVsbAogICAgfSBjYXRjaCB7CiAgICAgICAgJHVzZV9sZWdhY3kgPSAkdHJ1ZQogICAgfQogICAgaWYgKCR1c2VfbGVnYWN5KSB7CiAgICAgICAgRXh0cmFjdC1aaXBMZWdhY3kgLXNyYyAkc3JjIC1kZXN0ICRkZXN0CiAgICB9IGVsc2UgewogICAgICAgIEV4dHJhY3QtWmlwIC1zcmMgJHNyYyAtZGVzdCAkZGVzdAogICAgfQoKICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCn0gZWxzZWlmICgkY29weV9tb2RlIC1lcSAicmVtb3RlIikgewogICAgIyBhbGwgY29weSBhY3Rpb25zIGFyZSBoYXBwZW5pbmcgb24gdGhlIHJlbW90ZSBzaWRlICh3aW5kb3dzIGhvc3QpLCBuZWVkCiAgICAjIHRvbyBjb3B5IHNvdXJjZSBhbmQgZGVzdCB1c2luZyBQUyBjb2RlCiAgICAkcmVzdWx0LnNyYyA9ICRzcmMKICAgICRyZXN1bHQuZGVzdCA9ICRkZXN0CgogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBDb250YWluZXIpIHsKICAgICAgICAjIHdlIGFyZSBjb3B5aW5nIGEgZGlyZWN0b3J5IG9yIHRoZSBjb250ZW50cyBvZiBhIGRpcmVjdG9yeQogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZvbGRlcl9jb3B5JwogICAgICAgIGlmICgkc3JjLkVuZHNXaXRoKCIvIikgLW9yICRzcmMuRW5kc1dpdGgoImBcIikpIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIncyBjb250ZW50cyB0byBkZXN0CiAgICAgICAgICAgICRkaWZmID0gIiIKICAgICAgICAgICAgJGNoaWxkX2ZpbGVzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZQogICAgICAgICAgICBmb3JlYWNoICgkY2hpbGRfZmlsZSBpbiAkY2hpbGRfZmlsZXMpIHsKICAgICAgICAgICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfZmlsZS5OYW1lCiAgICAgICAgICAgICAgICBpZiAoJGNoaWxkX2ZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgICAgICRkaWZmICs9IENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aAogICAgICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIgYW5kIGl0J3MgY29udGVudHMgdG8gZGVzdAogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgICAgICAkZGlmZiA9IENvcHktRm9sZGVyIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgIyB3ZSBhcmUganVzdCBjb3B5aW5nIGEgc2luZ2xlIGZpbGUgdG8gZGVzdAogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZpbGVfY29weScKCiAgICAgICAgJHNvdXJjZV9iYXNlbmFtZSA9IChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICRyZXN1bHQub3JpZ2luYWxfYmFzZW5hbWUgPSAkc291cmNlX2Jhc2VuYW1lCgogICAgICAgIGlmICgkZGVzdC5FbmRzV2l0aCgiLyIpIC1vciAkZGVzdC5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICMgY2hlY2sgaWYgdGhlIHBhcmVudCBkaXIgZXhpc3RzLCB0aGlzIGlzIG9ubHkgZG9uZSBpZiBzcmMgaXMgYQogICAgICAgICAgICAjIGZpbGUgYW5kIGRlc3QgaWYgdGhlIHBhdGggdG8gYSBmaWxlIChkb2Vzbid0IGVuZCB3aXRoIFwgb3IgLykKICAgICAgICAgICAgJHBhcmVudF9kaXIgPSBTcGxpdC1QYXRoIC1QYXRoICRkZXN0CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRGVzdGluYXRpb24gZGlyZWN0b3J5ICckcGFyZW50X2RpcicgZG9lcyBub3QgZXhpc3QiCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgJGNvcHlfcmVzdWx0ID0gQ29weS1GaWxlIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgICRkaWZmID0gJGNvcHlfcmVzdWx0LmRpZmYKICAgICAgICAkcmVzdWx0LmNoZWNrc3VtID0gJGNvcHlfcmVzdWx0LmNoZWNrc3VtCiAgICB9CgogICAgIyB0aGUgZmlsZSBtaWdodCBub3QgZXhpc3QgaWYgcnVubmluZyBpbiBjaGVjayBtb2RlCiAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSAtb3IgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikpIHsKICAgICAgICAkcmVzdWx0LnNpemUgPSBHZXQtRmlsZVNpemUgLXBhdGggJGRlc3QKICAgIH0gZWxzZSB7CiAgICAgICAgJHJlc3VsdC5zaXplID0gJG51bGwKICAgIH0KICAgIGlmICgkZGlmZl9tb2RlKSB7CiAgICAgICAgJHJlc3VsdC5kaWZmLnByZXBhcmVkID0gJGRpZmYKICAgIH0KfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJzaW5nbGUiKSB7CiAgICAjIGEgc2luZ2xlIGZpbGUgaXMgbG9jYXRlZCBpbiBzcmMgYW5kIHdlIG5lZWQgdG8gY29weSB0byBkZXN0LCB0aGlzIHdpbGwKICAgICMgYWx3YXlzIHJlc3VsdCBpbiBhIGNoYW5nZSBhcyB0aGUgY2FsY3VsYXRpb24gaXMgZG9uZSBvbiB0aGUgQW5zaWJsZSBzaWRlCiAgICAjIGJlZm9yZSB0aGlzIGlzIHJ1bi4gVGhpcyBzaG91bGQgYWxzbyBuZXZlciBydW4gaW4gY2hlY2sgbW9kZQogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBMZWFmKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgIyB0aGUgZGVzdCBwYXJhbWV0ZXIgaXMgYSBkaXJlY3RvcnksIHdlIG5lZWQgdG8gYXBwZW5kIG9yaWdpbmFsX2Jhc2VuYW1lCiAgICBpZiAoJGRlc3QuRW5kc1dpdGgoIi8iKSAtb3IgJGRlc3QuRW5kc1dpdGgoImBcIikgLW9yIChUZXN0LVBhdGggLVBhdGggJGRlc3QgLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAkcmVtb3RlX2Rlc3QgPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkb3JpZ2luYWxfYmFzZW5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgd2hlbiBkZXN0IGVuZHMgd2l0aCAvLCB3ZSBuZWVkIHRvIGNyZWF0ZSB0aGUgZGVzdGluYXRpb24gZGlyZWN0b3JpZXMKICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXJlbnRfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHJlbW90ZV9kZXN0ID0gJGRlc3QKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgY2hlY2sgaWYgdGhlIGRlc3QgcGFyZW50IGRpcnMgZXhpc3QsIG5lZWQgdG8gZmFpbCBpZiB0aGV5IGRvbid0CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJvYmplY3QgYXQgZGVzdGluYXRpb24gcGFyZW50IGRpciAnJHBhcmVudF9kaXInIGlzIGN1cnJlbnRseSBhIGZpbGUiCiAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJEZXN0aW5hdGlvbiBkaXJlY3RvcnkgJyRwYXJlbnRfZGlyJyBkb2VzIG5vdCBleGlzdCIKICAgICAgICB9CiAgICB9CgogICAgQ29weS1JdGVtIC1QYXRoICRzcmMgLURlc3RpbmF0aW9uICRyZW1vdGVfZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"symlinks": [], "files": [{"dest": "pip-install-os-win.log", "checksum": "8df59c8102c5ed23baf7ba01e8d337f45b32452b", "src": "/home/jenkins-slave/.ansible/tmp/ansible-local-28147HK_CHA/tmp6I_FpL"}], "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "force": true, "_ansible_no_log": false, "dest": "c:/openstack/log", "directories": [], "_ansible_remote_tmp": "%TEMP%", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_copy_mode": "query", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null, "_ansible_version": "2.7.0", "_ansible_module_name": "win_copy"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: f5799e94-7f1a-4536-9e25-dc5e6b178b27 Path:	4104	1		3	2	15	0	1604	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3236	4020	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:06 PM	7f70462d-725d-0003-8790-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): 250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTUsIEpvbiBIYXdrZXN3b3J0aCAoQGpoYXdrZXN3b3J0aCkgPGZpZ3NAdW5pdHkuZGVtb24uY28udWs+CiMgQ29weXJpZ2h0OiAoYykgMjAxNywgQW5zaWJsZSBQcm9qZWN0CiMgR05VIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgdjMuMCsgKHNlZSBDT1BZSU5HIG9yIGh0dHBzOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvZ3BsLTMuMC50eHQpCgojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxlZ2FjeQoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKJHBhcmFtcyA9IFBhcnNlLUFyZ3MgLWFyZ3VtZW50cyAkYXJncyAtc3VwcG9ydHNfY2hlY2tfbW9kZSAkdHJ1ZQokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtdHlwZSAiYm9vbCIgLWRlZmF1bHQgJGZhbHNlCiRkaWZmX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfZGlmZiIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQoKIyB0aGVyZSBhcmUgNCBtb2RlcyB0byB3aW5fY29weSB3aGljaCBhcmUgZHJpdmVuIGJ5IHRoZSBhY3Rpb24gcGx1Z2luczoKIyAgIGV4cGxvZGU6IHNyYyBpcyBhIHppcCBmaWxlIHdoaWNoIG5lZWRzIHRvIGJlIGV4dHJhY3RlZCB0byBkZXN0LCBmb3IgdXNlIHdpdGggbXVsdGlwbGUgZmlsZXMKIyAgIHF1ZXJ5OiB3aW5fY29weSBhY3Rpb24gcGx1Z2luIHdhbnRzIHRvIGdldCB0aGUgc3RhdGUgb2YgcmVtb3RlIGZpbGVzIHRvIGNoZWNrIHdoZXRoZXIgaXQgbmVlZHMgdG8gc2VuZCB0aGVtCiMgICByZW1vdGU6IGFsbCBjb3B5IGFjdGlvbiBpcyBoYXBwZW5pbmcgcmVtb3RlbHkgKHJlbW90ZV9zcmM9VHJ1ZSkKIyAgIHNpbmdsZTogYSBzaW5nbGUgZmlsZSBoYXMgYmVlbiBjb3BpZWQsIGFsc28gdXNlZCB3aXRoIHRlbXBsYXRlCiRjb3B5X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2NvcHlfbW9kZSIgLXR5cGUgInN0ciIgLWRlZmF1bHQgInNpbmdsZSIgLXZhbGlkYXRlc2V0ICJleHBsb2RlIiwicXVlcnkiLCJyZW1vdGUiLCJzaW5nbGUiCgojIHVzZWQgaW4gZXhwbG9kZSwgcmVtb3RlIGFuZCBzaW5nbGUgbW9kZQokc3JjID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInNyYyIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAoJGNvcHlfbW9kZSAtaW4gQCgiZXhwbG9kZSIsInByb2Nlc3MiLCJzaW5nbGUiKSkKJGRlc3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGVzdCIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAkdHJ1ZQoKIyB1c2VkIGluIHNpbmdsZSBtb2RlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCgojIHVzZWQgaW4gcXVlcnkgYW5kIHJlbW90ZSBtb2RlCiRmb3JjZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmb3JjZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCgojIHVzZWQgaW4gcXVlcnkgbW9kZSwgY29udGFpbnMgdGhlIGxvY2FsIGZpbGVzL2RpcmVjdG9yaWVzL3N5bWxpbmtzIHRoYXQgYXJlIHRvIGJlIGNvcGllZAokZmlsZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZmlsZXMiIC10eXBlICJsaXN0IgokZGlyZWN0b3JpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGlyZWN0b3JpZXMiIC10eXBlICJsaXN0Igokc3ltbGlua3MgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3ltbGlua3MiIC10eXBlICJsaXN0IgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCn0KCmlmICgkZGlmZl9tb2RlKSB7CiAgICAkcmVzdWx0LmRpZmYgPSBAe30KfQoKRnVuY3Rpb24gQ29weS1GaWxlKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9maWxlID0gJGZhbHNlCiAgICAkc291cmNlX2NoZWNrc3VtID0gJG51bGwKICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAkc291cmNlX2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkc291cmNlCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBkZXN0IGlzIGFscmVhZHkgYSBmb2xkZXIiCiAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgaWYgKCRmb3JjZSkgewogICAgICAgICAgICAkdGFyZ2V0X2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkZGVzdAogICAgICAgICAgICBpZiAoJHNvdXJjZV9jaGVja3N1bSAtbmUgJHRhcmdldF9jaGVja3N1bSkgewogICAgICAgICAgICAgICAgJGNvcHlfZmlsZSA9ICR0cnVlCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICRjb3B5X2ZpbGUgPSAkdHJ1ZQogICAgfQoKICAgIGlmICgkY29weV9maWxlKSB7CiAgICAgICAgJGZpbGVfZGlyID0gW1N5c3RlbS5JTy5QYXRoXTo6R2V0RGlyZWN0b3J5TmFtZSgkZGVzdCkKICAgICAgICAjIHZhbGlkYXRlIHRoZSBwYXJlbnQgZGlyIGlzIG5vdCBhIGZpbGUgYW5kIHRoYXQgaXQgZXhpc3RzCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZmlsZV9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRmaWxlX2RpcikpIHsKICAgICAgICAgICAgIyBkaXJlY3RvcnkgZG9lc24ndCBleGlzdCwgbmVlZCB0byBjcmVhdGUKICAgICAgICAgICAgTmV3LUl0ZW0gLVBhdGggJGZpbGVfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICIrJGZpbGVfZGlyXGBuIgogICAgICAgIH0KCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBSZW1vdmUtSXRlbSAtUGF0aCAkZGVzdCAtRm9yY2UgLVJlY3Vyc2UgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICItJGRlc3RgbiIKICAgICAgICB9CgogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICMgY2Fubm90IHJ1biB3aXRoIC1XaGF0SWY6JGNoZWNrX21vZGUgYXMgaWYgdGhlIHBhcmVudCBkaXIgZGlkbid0CiAgICAgICAgICAgICMgZXhpc3QgYW5kIHdhcyBjcmVhdGVkIGFib3ZlIHdvdWxkIHN0aWxsIG5vdCBleGlzdCBpbiBjaGVjayBtb2RlCiAgICAgICAgICAgIENvcHktSXRlbSAtUGF0aCAkc291cmNlIC1EZXN0aW5hdGlvbiAkZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgICAgICAkZGlmZiArPSAiKyRkZXN0YG4iCgogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgIyB1Z2x5IGJ1dCB0byBzYXZlIHVzIGZyb20gcnVubmluZyB0aGUgY2hlY2tzdW0gdHdpY2UsIGxldCdzIHJldHVybiBpdCBmb3IKICAgICMgdGhlIG1haW4gY29kZSB0byBhZGQgaXQgdG8gJHJlc3VsdAogICAgcmV0dXJuICxAeyBkaWZmID0gJGRpZmY7IGNoZWNrc3VtID0gJHNvdXJjZV9jaGVja3N1bSB9Cn0KCkZ1bmN0aW9uIENvcHktRm9sZGVyKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9mb2xkZXIgPSAkZmFsc2UKCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgJHBhcmVudF9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRkZXN0KQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgZnJvbSAnJHNvdXJjZScgdG8gJyRkZXN0JzogZGVzdCBpcyBhbHJlYWR5IGEgZmlsZSIKICAgICAgICB9CgogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBDb250YWluZXIgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgJGRpZmYgKz0gIiskZGVzdFxgbiIKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQoKICAgICRjaGlsZF9pdGVtcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJHNvdXJjZSAtRm9yY2UKICAgIGZvcmVhY2ggKCRjaGlsZF9pdGVtIGluICRjaGlsZF9pdGVtcykgewogICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfaXRlbS5OYW1lCiAgICAgICAgaWYgKCRjaGlsZF9pdGVtLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgJGRpZmYgKz0gKENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgIH0KICAgIH0KCiAgICByZXR1cm4gJGRpZmYKfQoKRnVuY3Rpb24gR2V0LUZpbGVTaXplKCRwYXRoKSB7CiAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRwYXRoIC1Gb3JjZQogICAgJHNpemUgPSAkbnVsbAogICAgaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAkZGlyX2ZpbGVzX3N1bSA9IEdldC1DaGlsZEl0ZW0gJGZpbGUuRnVsbE5hbWUgLVJlY3Vyc2UKICAgICAgICBpZiAoJGRpcl9maWxlc19zdW0gLWVxICRudWxsIC1vciAoJGRpcl9maWxlc19zdW0uUFNPYmplY3QuUHJvcGVydGllcy5uYW1lIC1jb250YWlucyAnbGVuZ3RoJyAtZXEgJGZhbHNlKSkgewogICAgICAgICAgICAkc2l6ZSA9IDAKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkc2l6ZSA9ICgkZGlyX2ZpbGVzX3N1bSB8IE1lYXN1cmUtT2JqZWN0IC1wcm9wZXJ0eSBsZW5ndGggLXN1bSkuU3VtCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkc2l6ZSA9ICRmaWxlLkxlbmd0aAogICAgfQoKICAgICRzaXplCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwKCRzcmMsICRkZXN0KSB7CiAgICAkYXJjaGl2ZSA9IFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZV06Ok9wZW4oJHNyYywgW1N5c3RlbS5JTy5Db21wcmVzc2lvbi5aaXBBcmNoaXZlTW9kZV06OlJlYWQsIFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjgpCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJGFyY2hpdmUuRW50cmllcykgewogICAgICAgICRhcmNoaXZlX25hbWUgPSAkZW50cnkuRnVsbE5hbWUKCiAgICAgICAgIyBGdWxsTmFtZSBtYXkgYmUgYXBwZW5kZWQgd2l0aCAvIG9yIFwsIGRldGVybWluZSBpZiBpdCBpcyBwYWRkZWQgYW5kIHJlbW92ZSBpdAogICAgICAgICRwYWRkaW5nX2xlbmd0aCA9ICRhcmNoaXZlX25hbWUuTGVuZ3RoICUgNAogICAgICAgIGlmICgkcGFkZGluZ19sZW5ndGggLWVxIDApIHsKICAgICAgICAgICAgJGlzX2RpciA9ICRmYWxzZQogICAgICAgICAgICAkYmFzZTY0X25hbWUgPSAkYXJjaGl2ZV9uYW1lCiAgICAgICAgfSBlbHNlaWYgKCRwYWRkaW5nX2xlbmd0aCAtZXEgMSkgewogICAgICAgICAgICAkaXNfZGlyID0gJHRydWUKICAgICAgICAgICAgaWYgKCRhcmNoaXZlX25hbWUuRW5kc1dpdGgoIi8iKSAtb3IgJGFyY2hpdmVfbmFtZS5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAgICAgJGJhc2U2NF9uYW1lID0gJGFyY2hpdmVfbmFtZS5TdWJzdHJpbmcoMCwgJGFyY2hpdmVfbmFtZS5MZW5ndGggLSAxKQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgdGhyb3cgImludmFsaWQgYmFzZTY0IGFyY2hpdmUgbmFtZSAnJGFyY2hpdmVfbmFtZSciCiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICB0aHJvdyAiaW52YWxpZCBiYXNlNjQgbGVuZ3RoICckYXJjaGl2ZV9uYW1lJyIKICAgICAgICB9CgogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGJhc2U2NF9uYW1lKSkKICAgICAgICAjIHJlLWFkZCB0aGUgLyB0byB0aGUgZW50cnkgZnVsbCBuYW1lIGlmIGl0IHdhcyBhIGRpcmVjdG9yeQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9ICIkZGVjb2RlZF9hcmNoaXZlX25hbWUvIgogICAgICAgIH0KICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX25hbWUpCiAgICAgICAgJGVudHJ5X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGVudHJ5X3RhcmdldF9wYXRoKQoKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRlbnRyeV9kaXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRlbnRyeV9kaXIgLUl0ZW1UeXBlIERpcmVjdG9yeSAtV2hhdElmOiRjaGVja19tb2RlIHwgT3V0LU51bGwKICAgICAgICB9CgogICAgICAgIGlmICgkaXNfZGlyIC1lcSAkZmFsc2UpIHsKICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgICAgIFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZUV4dGVuc2lvbnNdOjpFeHRyYWN0VG9GaWxlKCRlbnRyeSwgJGVudHJ5X3RhcmdldF9wYXRoLCAkdHJ1ZSkKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KICAgICRhcmNoaXZlLkRpc3Bvc2UoKSAgIyByZWxlYXNlIHRoZSBoYW5kbGUgb2YgdGhlIHppcCBmaWxlCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwTGVnYWN5KCRzcmMsICRkZXN0KSB7CiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0KSkgewogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICB9CiAgICAkc2hlbGwgPSBOZXctT2JqZWN0IC1Db21PYmplY3QgU2hlbGwuQXBwbGljYXRpb24KICAgICR6aXAgPSAkc2hlbGwuTmFtZVNwYWNlKCRzcmMpCiAgICAkZGVzdF9wYXRoID0gJHNoZWxsLk5hbWVTcGFjZSgkZGVzdCkKCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJHppcC5JdGVtcygpKSB7CiAgICAgICAgJGlzX2RpciA9ICRlbnRyeS5Jc0ZvbGRlcgogICAgICAgICRlbmNvZGVkX2FyY2hpdmVfZW50cnkgPSAkZW50cnkuTmFtZQogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRlbmNvZGVkX2FyY2hpdmVfZW50cnkpKQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSAiJGRlY29kZWRfYXJjaGl2ZV9lbnRyeS8iCiAgICAgICAgfQoKICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX2VudHJ5KQogICAgICAgICRlbnRyeV9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRlbnRyeV90YXJnZXRfcGF0aCkKCiAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkZW50cnlfZGlyKSkgewogICAgICAgICAgICBOZXctSXRlbSAtUGF0aCAkZW50cnlfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfQoKICAgICAgICBpZiAoJGlzX2RpciAtZXEgJGZhbHNlIC1hbmQgKC1ub3QgJGNoZWNrX21vZGUpKSB7CiAgICAgICAgICAgICMgaHR0cHM6Ly9tc2RuLm1pY3Jvc29mdC5jb20vZW4tdXMvbGlicmFyeS93aW5kb3dzL2Rlc2t0b3AvYmI3ODc4NjYuYXNweAogICAgICAgICAgICAjIEZyb20gRm9sZGVyLkNvcHlIZXJlIGRvY3VtZW50YXRpb24sIDEwNDQgbWVhbnM6CiAgICAgICAgICAgICMgIC0gMTAyNDogZG8gbm90IGRpc3BsYXkgYSB1c2VyIGludGVyZmFjZSBpZiBhbiBlcnJvciBvY2N1cnMKICAgICAgICAgICAgIyAgLSAgIDE2OiByZXNwb25kIHdpdGggInllcyB0byBhbGwiIGZvciBhbnkgZGlhbG9nIGJveCB0aGF0IGlzIGRpc3BsYXllZAogICAgICAgICAgICAjICAtICAgIDQ6IGRvIG5vdCBkaXNwbGF5IGEgcHJvZ3Jlc3MgZGlhbG9nIGJveAogICAgICAgICAgICAkZGVzdF9wYXRoLkNvcHlIZXJlKCRlbnRyeSwgMTA0NCkKCiAgICAgICAgICAgICMgb25jZSBmaWxlIGlzIGV4dHJhY2VkLCB3ZSBuZWVkIHRvIHJlbmFtZSBpdCB3aXRoIG5vbiBiYXNlNjQgbmFtZQogICAgICAgICAgICAkY29tYmluZWRfZW5jb2RlZF9wYXRoID0gW1N5c3RlbS5JTy5QYXRoXTo6Q29tYmluZSgkZGVzdCwgJGVuY29kZWRfYXJjaGl2ZV9lbnRyeSkKICAgICAgICAgICAgTW92ZS1JdGVtIC1QYXRoICRjb21iaW5lZF9lbmNvZGVkX3BhdGggLURlc3RpbmF0aW9uICRlbnRyeV90YXJnZXRfcGF0aCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0KfQoKaWYgKCRjb3B5X21vZGUgLWVxICJxdWVyeSIpIHsKICAgICMgd2Ugb25seSByZXR1cm4gYSBsaXN0IG9mIGZpbGVzL2RpcmVjdG9yaWVzIHRoYXQgbmVlZCB0byBiZSBjb3BpZWQgb3ZlcgogICAgIyB0aGUgc291cmNlIG9mIHRoZSBsb2NhbCBmaWxlIHdpbGwgYmUgdGhlIGtleSB1c2VkCiAgICAkY2hhbmdlZF9maWxlcyA9IEAoKQogICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgPSBAKCkKICAgICRjaGFuZ2VkX3N5bWxpbmtzID0gQCgpCgogICAgZm9yZWFjaCAoJGZpbGUgaW4gJGZpbGVzKSB7CiAgICAgICAgJGZpbGVuYW1lID0gJGZpbGUuZGVzdAogICAgICAgICRsb2NhbF9jaGVja3N1bSA9ICRmaWxlLmNoZWNrc3VtCgogICAgICAgICRmaWxlcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoICRmaWxlbmFtZQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGZpbGVwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAgICAgICAgICRjaGVja3N1bSA9IEdldC1GaWxlQ2hlY2tzdW0gLXBhdGggJGZpbGVwYXRoCiAgICAgICAgICAgICAgICBpZiAoJGNoZWNrc3VtIC1uZSAkbG9jYWxfY2hlY2tzdW0pIHsKICAgICAgICAgICAgICAgICAgICAkd2lsbF9jaGFuZ2UgPSAkdHJ1ZQogICAgICAgICAgICAgICAgICAgICRjaGFuZ2VkX2ZpbGVzICs9ICRmaWxlCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRma ScriptBlock ID: f5799e94-7f1a-4536-9e25-dc5e6b178b27 Path:	4104	1		3	2	15	0	1603	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3236	4020	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:06 PM	7f70462d-725d-0003-8790-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db ScriptBlock ID: f5799e94-7f1a-4536-9e25-dc5e6b178b27 Path:	4104	1		3	2	15	0	1602	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3236	4020	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:06 PM	7f70462d-725d-0003-8790-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1601	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3236	4072	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:06 PM	7f70462d-725d-0005-4b57-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3236 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1600	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3236	3976	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:06 PM	7f70462d-725d-0005-4b57-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1599	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3236	4072	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:19:06 PM	7f70462d-725d-0005-4b57-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1598	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4148	3684	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:52 PM	7f70462d-725d-0004-6767-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4148 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1597	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4148	572	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:51 PM	7f70462d-725d-0004-6767-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1596	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4148	3684	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:51 PM	7f70462d-725d-0004-6767-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 87a6aad2-47b4-483a-b61c-a47dba2aa646 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 14fbff12-4252-4902-a953-45e2724b0737 Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = HV-CINDER-79963\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1595	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5052	3524	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:51 PM	7f70462d-725d-0002-5c8e-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 556bf521-5213-4806-b785-8a9672a2ca2c Path:	4104	1		3	2	15	0	1594	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5052	2668	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:51 PM	7f70462d-725d-0000-265b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: fa6bbcc3-799b-42e0-9d58-b55d00cde224 Path:	4104	1		3	2	15	0	1593	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5052	2668	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:51 PM	7f70462d-725d-0000-1f5b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 70c0b656-cfe6-4251-a7f3-96f702d35f45 Path:	4104	1		3	2	15	0	1592	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5052	2668	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:51 PM	7f70462d-725d-0000-105b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): ($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 6c7cf3a1-5e6d-44ac-b2ab-1bfd6b9e2ec0 Path:	4104	1		3	2	15	0	1591	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5052	2668	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:50 PM	7f70462d-725d-0000-0a5b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): G9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "pip install -c c:\\openstack\\build\\requirements\\upper-constraints.txt -U -e c:\\openstack\\build\\os-win", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create ScriptBlock ID: 6c7cf3a1-5e6d-44ac-b2ab-1bfd6b9e2ec0 Path:	4104	1		3	2	15	0	1590	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5052	2668	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:50 PM	7f70462d-725d-0000-0a5b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): nMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmb ScriptBlock ID: 6c7cf3a1-5e6d-44ac-b2ab-1bfd6b9e2ec0 Path:	4104	1		3	2	15	0	1589	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5052	2668	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:50 PM	7f70462d-725d-0000-0a5b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZ ScriptBlock ID: 6c7cf3a1-5e6d-44ac-b2ab-1bfd6b9e2ec0 Path:	4104	1		3	2	15	0	1588	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5052	2668	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:50 PM	7f70462d-725d-0000-0a5b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1587	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5052	4892	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:50 PM	7f70462d-725d-0004-5d67-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 5052 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1586	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5052	4984	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:50 PM	7f70462d-725d-0004-5d67-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1585	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5052	4892	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:50 PM	7f70462d-725d-0004-5d67-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1584	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2984	4940	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:48 PM	7f70462d-725d-0004-4b67-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2984 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1583	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2984	5036	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:48 PM	7f70462d-725d-0004-4b67-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1582	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2984	4940	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:48 PM	7f70462d-725d-0004-4b67-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 52bf52b7-74d7-42fa-a22a-9281e25f2a8a Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 6e42ee17-d366-4301-9648-58bff1b94c09 Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = HV-CINDER-79963\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1581	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3920	4728	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:47 PM	7f70462d-725d-0005-0457-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: da7485fc-ee77-4716-95cd-a4f25523198b Path:	4104	1		3	2	15	0	1580	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3920	4064	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:47 PM	7f70462d-725d-0003-3190-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: e9d85ac3-9c2e-4386-9514-fd2dc1c0b977 Path:	4104	1		3	2	15	0	1579	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3920	4064	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:47 PM	7f70462d-725d-0003-2a90-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 03d2527d-ba10-4401-96c1-1b8eef562ba8 Path:	4104	1		3	2	15	0	1578	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3920	4064	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:47 PM	7f70462d-725d-0003-1b90-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): cmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "edit-constraints c:\\openstack\\build\\\\requirements\\\\upper-constraints.txt -- os-win \"-e file:///C:/openstack/build/os-win#egg=os-win\"", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 2900755a-6bd1-41db-a98d-e480523f11b6 Path:	4104	1		3	2	15	0	1577	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3920	4064	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:47 PM	7f70462d-725d-0003-1590-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): uZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVp ScriptBlock ID: 2900755a-6bd1-41db-a98d-e480523f11b6 Path:	4104	1		3	2	15	0	1576	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3920	4064	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:47 PM	7f70462d-725d-0003-1590-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): bmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZml ScriptBlock ID: 2900755a-6bd1-41db-a98d-e480523f11b6 Path:	4104	1		3	2	15	0	1575	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3920	4064	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:47 PM	7f70462d-725d-0003-1590-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cg ScriptBlock ID: 2900755a-6bd1-41db-a98d-e480523f11b6 Path:	4104	1		3	2	15	0	1574	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3920	4064	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:47 PM	7f70462d-725d-0003-1590-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1573	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3920	1812	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:46 PM	7f70462d-725d-0005-f056-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3920 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1572	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3920	4264	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:46 PM	7f70462d-725d-0005-f056-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1571	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3920	1812	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:46 PM	7f70462d-725d-0005-f056-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1570	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	536	2292	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:45 PM	7f70462d-725d-0003-0990-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 536 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1569	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	536	4392	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:45 PM	7f70462d-725d-0003-0990-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1568	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	536	2292	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:45 PM	7f70462d-725d-0003-0990-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 3b3b180d-f389-4749-93b7-dac8d0b0c3e4 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = dd5537b0-a119-4e2a-9600-74fbd030a4e7 Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = HV-CINDER-79963\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1567	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	676	2248	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:45 PM	7f70462d-725d-0004-3967-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 81063411-7177-46b3-a27d-390afd0612ec Path:	4104	1		3	2	15	0	1566	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	676	4124	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:44 PM	7f70462d-725d-0002-248e-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: eab73ad8-5613-401d-b16c-ad820e73ef6d Path:	4104	1		3	2	15	0	1565	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	676	4124	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:44 PM	7f70462d-725d-0002-1d8e-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 9a2bee89-e5c8-4c0c-85e4-df3583513429 Path:	4104	1		3	2	15	0	1564	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	676	4124	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:44 PM	7f70462d-725d-0002-0e8e-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): aXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "Select-String -path c:\\openstack\\build\\os-win\\\\setup.cfg -pattern \"^name.*=.*\" | % {$_.matches.value.split(\"=\")[1].trim()}", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 46d3fa55-5836-43a6-adc5-97c12716c188 Path:	4104	1		3	2	15	0	1563	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	676	4124	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:44 PM	7f70462d-725d-0002-088e-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): gICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFs ScriptBlock ID: 46d3fa55-5836-43a6-adc5-97c12716c188 Path:	4104	1		3	2	15	0	1562	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	676	4124	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:44 PM	7f70462d-725d-0002-088e-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): ICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8Iwo ScriptBlock ID: 46d3fa55-5836-43a6-adc5-97c12716c188 Path:	4104	1		3	2	15	0	1561	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	676	4124	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:44 PM	7f70462d-725d-0002-088e-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAg ScriptBlock ID: 46d3fa55-5836-43a6-adc5-97c12716c188 Path:	4104	1		3	2	15	0	1560	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	676	4124	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:44 PM	7f70462d-725d-0002-088e-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1559	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	676	4524	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:43 PM	7f70462d-725d-0004-2667-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 676 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1558	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	676	4868	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:43 PM	7f70462d-725d-0004-2667-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1557	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	676	4524	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:43 PM	7f70462d-725d-0004-2667-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1556	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4456	4608	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:42 PM	7f70462d-725d-0004-1d67-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4456 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1555	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4456	5084	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:42 PM	7f70462d-725d-0004-1d67-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1554	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4456	4608	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:42 PM	7f70462d-725d-0004-1d67-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1553	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1088	2960	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:42 PM	7f70462d-725d-0004-1c67-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1088 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1552	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1088	4572	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:42 PM	7f70462d-725d-0004-1c67-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1551	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1088	2960	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:42 PM	7f70462d-725d-0004-1c67-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2015, Jon Hawkesworth (@jhawkesworth) <figs@unity.demon.co.uk> # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = 'Stop' $params = Parse-Args -arguments $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false $diff_mode = Get-AnsibleParam -obj $params -name "_ansible_diff" -type "bool" -default $false # there are 4 modes to win_copy which are driven by the action plugins: # explode: src is a zip file which needs to be extracted to dest, for use with multiple files # query: win_copy action plugin wants to get the state of remote files to check whether it needs to send them # remote: all copy action is happening remotely (remote_src=True) # single: a single file has been copied, also used with template $copy_mode = Get-AnsibleParam -obj $params -name "_copy_mode" -type "str" -default "single" -validateset "explode","query","remote","single" # used in explode, remote and single mode $src = Get-AnsibleParam -obj $params -name "src" -type "path" -failifempty ($copy_mode -in @("explode","process","single")) $dest = Get-AnsibleParam -obj $params -name "dest" -type "path" -failifempty $true # used in single mode $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" # used in query and remote mode $force = Get-AnsibleParam -obj $params -name "force" -type "bool" -default $true # used in query mode, contains the local files/directories/symlinks that are to be copied $files = Get-AnsibleParam -obj $params -name "files" -type "list" $directories = Get-AnsibleParam -obj $params -name "directories" -type "list" $symlinks = Get-AnsibleParam -obj $params -name "symlinks" -type "list" $result = @{ changed = $false } if ($diff_mode) { $result.diff = @{} } Function Copy-File($source, $dest) { $diff = "" $copy_file = $false $source_checksum = $null if ($force) { $source_checksum = Get-FileChecksum -path $source } if (Test-Path -Path $dest -PathType Container) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': dest is already a folder" } elseif (Test-Path -Path $dest -PathType Leaf) { if ($force) { $target_checksum = Get-FileChecksum -path $dest if ($source_checksum -ne $target_checksum) { $copy_file = $true } } } else { $copy_file = $true } if ($copy_file) { $file_dir = [System.IO.Path]::GetDirectoryName($dest) # validate the parent dir is not a file and that it exists if (Test-Path -Path $file_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } elseif (-not (Test-Path -Path $file_dir)) { # directory doesn't exist, need to create New-Item -Path $file_dir -ItemType Directory -WhatIf:$check_mode | Out-Null $diff += "+$file_dir\`n" } if (Test-Path -Path $dest -PathType Leaf) { Remove-Item -Path $dest -Force -Recurse -WhatIf:$check_mode | Out-Null $diff += "-$dest`n" } if (-not $check_mode) { # cannot run with -WhatIf:$check_mode as if the parent dir didn't # exist and was created above would still not exist in check mode Copy-Item -Path $source -Destination $dest -Force | Out-Null } $diff += "+$dest`n" $result.changed = $true } # ugly but to save us from running the checksum twice, let's return it for # the main code to add it to $result return ,@{ diff = $diff; checksum = $source_checksum } } Function Copy-Folder($source, $dest) { $diff = "" $copy_folder = $false if (-not (Test-Path -Path $dest -PathType Container)) { $parent_dir = [System.IO.Path]::GetDirectoryName($dest) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } if (Test-Path -Path $dest -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder from '$source' to '$dest': dest is already a file" } New-Item -Path $dest -ItemType Container -WhatIf:$check_mode | Out-Null $diff += "+$dest\`n" $result.changed = $true } $child_items = Get-ChildItem -Path $source -Force foreach ($child_item in $child_items) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_item.Name if ($child_item.PSIsContainer) { $diff += (Copy-Folder -source $child_item.Fullname -dest $dest_child_path) } else { $diff += (Copy-File -source $child_item.Fullname -dest $dest_child_path).diff } } return $diff } Function Get-FileSize($path) { $file = Get-Item -Path $path -Force $size = $null if ($file.PSIsContainer) { $dir_files_sum = Get-ChildItem $file.FullName -Recurse if ($dir_files_sum -eq $null -or ($dir_files_sum.PSObject.Properties.name -contains 'length' -eq $false)) { $size = 0 } else { $size = ($dir_files_sum | Measure-Object -property length -sum).Sum } } else { $size = $file.Length } $size } Function Extract-Zip($src, $dest) { $archive = [System.IO.Compression.ZipFile]::Open($src, [System.IO.Compression.ZipArchiveMode]::Read, [System.Text.Encoding]::UTF8) foreach ($entry in $archive.Entries) { $archive_name = $entry.FullName # FullName may be appended with / or \, determine if it is padded and remove it $padding_length = $archive_name.Length % 4 if ($padding_length -eq 0) { $is_dir = $false $base64_name = $archive_name } elseif ($padding_length -eq 1) { $is_dir = $true if ($archive_name.EndsWith("/") -or $archive_name.EndsWith("`\")) { $base64_name = $archive_name.Substring(0, $archive_name.Length - 1) } else { throw "invalid base64 archive name '$archive_name'" } } else { throw "invalid base64 length '$archive_name'" } # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_name = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_name)) # re-add the / to the entry full name if it was a directory if ($is_dir) { $decoded_archive_name = "$decoded_archive_name/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_name) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false) { if (-not $check_mode) { [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $entry_target_path, $true) } } } $archive.Dispose() # release the handle of the zip file } Function Extract-ZipLegacy($src, $dest) { if (-not (Test-Path -Path $dest)) { New-Item -Path $dest -ItemType Directory -WhatIf:$check_mode | Out-Null } $shell = New-Object -ComObject Shell.Application $zip = $shell.NameSpace($src) $dest_path = $shell.NameSpace($dest) foreach ($entry in $zip.Items()) { $is_dir = $entry.IsFolder $encoded_archive_entry = $entry.Name # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_entry = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encoded_archive_entry)) if ($is_dir) { $decoded_archive_entry = "$decoded_archive_entry/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_entry) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false -and (-not $check_mode)) { # https://msdn.microsoft.com/en-us/library/windows/desktop/bb787866.aspx # From Folder.CopyHere documentation, 1044 means: # - 1024: do not display a user interface if an error occurs # - 16: respond with "yes to all" for any dialog box that is displayed # - 4: do not display a progress dialog box $dest_path.CopyHere($entry, 1044) # once file is extraced, we need to rename it with non base64 name $combined_encoded_path = [System.IO.Path]::Combine($dest, $encoded_archive_entry) Move-Item -Path $combined_encoded_path -Destination $entry_target_path -Force | Out-Null } } } if ($copy_mode -eq "query") { # we only return a list of files/directories that need to be copied over # the source of the local file will be the key used $changed_files = @() $changed_directories = @() $changed_symlinks = @() foreach ($file in $files) { $filename = $file.dest $local_checksum = $file.checksum $filepath = Join-Path -Path $dest -ChildPath $filename if (Test-Path -Path $filepath -PathType Leaf) { if ($force) { $checksum = Get-FileChecksum -path $filepath if ($checksum -ne $local_checksum) { $will_change = $true $changed_files += $file } } } elseif (Test-Path -Path $filepath -PathType Container) { Fail-Json -obj $result -message "cannot copy file to dest '$filepath': object at path is already a directory" } else { $changed_files += $file } } foreach ($directory in $directories) { $dirname = $directory.dest $dirpath = Join-Path -Path $dest -ChildPath $dirname $parent_dir = [System.IO.Path]::GetDirectoryName($dirpath) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at parent directory path is already a file" } if (Test-Path -Path $dirpath -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at path is already a file" } elseif (-not (Test-Path -Path $dirpath -PathType Container)) { $changed_directories += $directory } } # TODO: Handle symlinks $result.files = $changed_files $result.directories = $changed_directories $result.symlinks = $changed_symlinks } elseif ($copy_mode -eq "explode") { # a single zip file containing the files and directories needs to be # expanded this will always result in a change as the calculation is done # on the win_copy action plugin and is only run if a change needs to occur if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot expand src zip file: '$src' as it does not exist" } # Detect if the PS zip assemblies are available or whether to use Shell $use_legacy = $false try { Add-Type -AssemblyName System.IO.Compression.FileSystem | Out-Null Add-Type -AssemblyName System.IO.Compression | Out-Null } catch { $use_legacy = $true } if ($use_legacy) { Extract-ZipLegacy -src $src -dest $dest } else { Extract-Zip -src $src -dest $dest } $result.changed = $true } elseif ($copy_mode -eq "remote") { # all copy actions are happening on the remote side (windows host), need # too copy source and dest using PS code $result.src = $src $result.dest = $dest if (-not (Test-Path -Path $src)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } if (Test-Path -Path $src -PathType Container) { # we are copying a directory or the contents of a directory $result.operation = 'folder_copy' if ($src.EndsWith("/") -or $src.EndsWith("`\")) { # copying the folder's contents to dest $diff = "" $child_files = Get-ChildItem -Path $src -Force foreach ($child_file in $child_files) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_file.Name if ($child_file.PSIsContainer) { $diff += Copy-Folder -source $child_file.FullName -dest $dest_child_path } else { $diff += (Copy-File -source $child_file.FullName -dest $dest_child_path).diff } } } else { # copying the folder and it's contents to dest $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest $diff = Copy-Folder -source $src -dest $dest } } else { # we are just copying a single file to dest $result.operation = 'file_copy' $source_basename = (Get-Item -Path $src -Force).Name $result.original_basename = $source_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\")) { $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest } else { # check if the parent dir exists, this is only done if src is a # file and dest if the path to a file (doesn't end with \ or /) $parent_dir = Split-Path -Path $dest if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } $copy_result = Copy-File -source $src -dest $dest $diff = $copy_result.diff $result.checksum = $copy_result.checksum } # the file might not exist if running in check mode if (-not $check_mode -or (Test-Path -Path $dest -PathType Leaf)) { $result.size = Get-FileSize -path $dest } else { $result.size = $null } if ($diff_mode) { $result.diff.prepared = $diff } } elseif ($copy_mode -eq "single") { # a single file is located in src and we need to copy to dest, this will # always result in a change as the calculation is done on the Ansible side # before this is run. This should also never run in check mode if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } # the dest parameter is a directory, we need to append original_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\") -or (Test-Path -Path $dest -PathType Container)) { $remote_dest = Join-Path -Path $dest -ChildPath $original_basename $parent_dir = Split-Path -Path $remote_dest # when dest ends with /, we need to create the destination directories if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { New-Item -Path $parent_dir -ItemType Directory | Out-Null } } else { $remote_dest = $dest $parent_dir = Split-Path -Path $remote_dest # check if the dest parent dirs exist, need to fail if they don't if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } Copy-Item -Path $src -Destination $remote_dest -Force | Out-Null $result.changed = $true } Exit-Json -obj $result ScriptBlock ID: d09e68ac-b450-48ad-b533-343f0a279b9e Path:	4104	1		3	2	15	0	1550	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2288	4380	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:42 PM	7f70462d-725d-0000-c45a-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: ebb871ad-42ab-4dc5-9975-ba14a074af4f Path:	4104	1		3	2	15	0	1549	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2288	4440	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:42 PM	7f70462d-725d-0000-bc5a-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: f9a689b8-e87c-4836-a3b9-41a055428943 Path:	4104	1		3	2	15	0	1548	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2288	4440	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:41 PM	7f70462d-725d-0005-b056-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 62b819fa-c766-4007-a545-e2246871ef73 Path:	4104	1		3	2	15	0	1547	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2288	4440	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:41 PM	7f70462d-725d-0005-aa56-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): uYW1lIGlmIGl0IHdhcyBhIGRpcmVjdG9yeQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9ICIkZGVjb2RlZF9hcmNoaXZlX25hbWUvIgogICAgICAgIH0KICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX25hbWUpCiAgICAgICAgJGVudHJ5X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGVudHJ5X3RhcmdldF9wYXRoKQoKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRlbnRyeV9kaXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRlbnRyeV9kaXIgLUl0ZW1UeXBlIERpcmVjdG9yeSAtV2hhdElmOiRjaGVja19tb2RlIHwgT3V0LU51bGwKICAgICAgICB9CgogICAgICAgIGlmICgkaXNfZGlyIC1lcSAkZmFsc2UpIHsKICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgICAgIFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZUV4dGVuc2lvbnNdOjpFeHRyYWN0VG9GaWxlKCRlbnRyeSwgJGVudHJ5X3RhcmdldF9wYXRoLCAkdHJ1ZSkKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KICAgICRhcmNoaXZlLkRpc3Bvc2UoKSAgIyByZWxlYXNlIHRoZSBoYW5kbGUgb2YgdGhlIHppcCBmaWxlCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwTGVnYWN5KCRzcmMsICRkZXN0KSB7CiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0KSkgewogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICB9CiAgICAkc2hlbGwgPSBOZXctT2JqZWN0IC1Db21PYmplY3QgU2hlbGwuQXBwbGljYXRpb24KICAgICR6aXAgPSAkc2hlbGwuTmFtZVNwYWNlKCRzcmMpCiAgICAkZGVzdF9wYXRoID0gJHNoZWxsLk5hbWVTcGFjZSgkZGVzdCkKCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJHppcC5JdGVtcygpKSB7CiAgICAgICAgJGlzX2RpciA9ICRlbnRyeS5Jc0ZvbGRlcgogICAgICAgICRlbmNvZGVkX2FyY2hpdmVfZW50cnkgPSAkZW50cnkuTmFtZQogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRlbmNvZGVkX2FyY2hpdmVfZW50cnkpKQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSAiJGRlY29kZWRfYXJjaGl2ZV9lbnRyeS8iCiAgICAgICAgfQoKICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX2VudHJ5KQogICAgICAgICRlbnRyeV9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRlbnRyeV90YXJnZXRfcGF0aCkKCiAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkZW50cnlfZGlyKSkgewogICAgICAgICAgICBOZXctSXRlbSAtUGF0aCAkZW50cnlfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfQoKICAgICAgICBpZiAoJGlzX2RpciAtZXEgJGZhbHNlIC1hbmQgKC1ub3QgJGNoZWNrX21vZGUpKSB7CiAgICAgICAgICAgICMgaHR0cHM6Ly9tc2RuLm1pY3Jvc29mdC5jb20vZW4tdXMvbGlicmFyeS93aW5kb3dzL2Rlc2t0b3AvYmI3ODc4NjYuYXNweAogICAgICAgICAgICAjIEZyb20gRm9sZGVyLkNvcHlIZXJlIGRvY3VtZW50YXRpb24sIDEwNDQgbWVhbnM6CiAgICAgICAgICAgICMgIC0gMTAyNDogZG8gbm90IGRpc3BsYXkgYSB1c2VyIGludGVyZmFjZSBpZiBhbiBlcnJvciBvY2N1cnMKICAgICAgICAgICAgIyAgLSAgIDE2OiByZXNwb25kIHdpdGggInllcyB0byBhbGwiIGZvciBhbnkgZGlhbG9nIGJveCB0aGF0IGlzIGRpc3BsYXllZAogICAgICAgICAgICAjICAtICAgIDQ6IGRvIG5vdCBkaXNwbGF5IGEgcHJvZ3Jlc3MgZGlhbG9nIGJveAogICAgICAgICAgICAkZGVzdF9wYXRoLkNvcHlIZXJlKCRlbnRyeSwgMTA0NCkKCiAgICAgICAgICAgICMgb25jZSBmaWxlIGlzIGV4dHJhY2VkLCB3ZSBuZWVkIHRvIHJlbmFtZSBpdCB3aXRoIG5vbiBiYXNlNjQgbmFtZQogICAgICAgICAgICAkY29tYmluZWRfZW5jb2RlZF9wYXRoID0gW1N5c3RlbS5JTy5QYXRoXTo6Q29tYmluZSgkZGVzdCwgJGVuY29kZWRfYXJjaGl2ZV9lbnRyeSkKICAgICAgICAgICAgTW92ZS1JdGVtIC1QYXRoICRjb21iaW5lZF9lbmNvZGVkX3BhdGggLURlc3RpbmF0aW9uICRlbnRyeV90YXJnZXRfcGF0aCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0KfQoKaWYgKCRjb3B5X21vZGUgLWVxICJxdWVyeSIpIHsKICAgICMgd2Ugb25seSByZXR1cm4gYSBsaXN0IG9mIGZpbGVzL2RpcmVjdG9yaWVzIHRoYXQgbmVlZCB0byBiZSBjb3BpZWQgb3ZlcgogICAgIyB0aGUgc291cmNlIG9mIHRoZSBsb2NhbCBmaWxlIHdpbGwgYmUgdGhlIGtleSB1c2VkCiAgICAkY2hhbmdlZF9maWxlcyA9IEAoKQogICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgPSBAKCkKICAgICRjaGFuZ2VkX3N5bWxpbmtzID0gQCgpCgogICAgZm9yZWFjaCAoJGZpbGUgaW4gJGZpbGVzKSB7CiAgICAgICAgJGZpbGVuYW1lID0gJGZpbGUuZGVzdAogICAgICAgICRsb2NhbF9jaGVja3N1bSA9ICRmaWxlLmNoZWNrc3VtCgogICAgICAgICRmaWxlcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoICRmaWxlbmFtZQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGZpbGVwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAgICAgICAgICRjaGVja3N1bSA9IEdldC1GaWxlQ2hlY2tzdW0gLXBhdGggJGZpbGVwYXRoCiAgICAgICAgICAgICAgICBpZiAoJGNoZWNrc3VtIC1uZSAkbG9jYWxfY2hlY2tzdW0pIHsKICAgICAgICAgICAgICAgICAgICAkd2lsbF9jaGFuZ2UgPSAkdHJ1ZQogICAgICAgICAgICAgICAgICAgICRjaGFuZ2VkX2ZpbGVzICs9ICRmaWxlCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRmaWxlcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZpbGUgdG8gZGVzdCAnJGZpbGVwYXRoJzogb2JqZWN0IGF0IHBhdGggaXMgYWxyZWFkeSBhIGRpcmVjdG9yeSIKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkY2hhbmdlZF9maWxlcyArPSAkZmlsZQogICAgICAgIH0KICAgIH0KCiAgICBmb3JlYWNoICgkZGlyZWN0b3J5IGluICRkaXJlY3RvcmllcykgewogICAgICAgICRkaXJuYW1lID0gJGRpcmVjdG9yeS5kZXN0CgogICAgICAgICRkaXJwYXRoID0gSm9pbi1QYXRoIC1QYXRoICRkZXN0IC1DaGlsZFBhdGggJGRpcm5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGRpcnBhdGgpCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgdG8gZGVzdCAnJGRpcnBhdGgnOiBvYmplY3QgYXQgcGFyZW50IGRpcmVjdG9yeSBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0KICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRkaXJwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZvbGRlciB0byBkZXN0ICckZGlycGF0aCc6IG9iamVjdCBhdCBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0gZWxzZWlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGRpcnBhdGggLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAgICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgKz0gJGRpcmVjdG9yeQogICAgICAgIH0KICAgIH0KCiAgICAjIFRPRE86IEhhbmRsZSBzeW1saW5rcwoKICAgICRyZXN1bHQuZmlsZXMgPSAkY2hhbmdlZF9maWxlcwogICAgJHJlc3VsdC5kaXJlY3RvcmllcyA9ICRjaGFuZ2VkX2RpcmVjdG9yaWVzCiAgICAkcmVzdWx0LnN5bWxpbmtzID0gJGNoYW5nZWRfc3ltbGlua3MKfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJleHBsb2RlIikgewogICAgIyBhIHNpbmdsZSB6aXAgZmlsZSBjb250YWluaW5nIHRoZSBmaWxlcyBhbmQgZGlyZWN0b3JpZXMgbmVlZHMgdG8gYmUKICAgICMgZXhwYW5kZWQgdGhpcyB3aWxsIGFsd2F5cyByZXN1bHQgaW4gYSBjaGFuZ2UgYXMgdGhlIGNhbGN1bGF0aW9uIGlzIGRvbmUKICAgICMgb24gdGhlIHdpbl9jb3B5IGFjdGlvbiBwbHVnaW4gYW5kIGlzIG9ubHkgcnVuIGlmIGEgY2hhbmdlIG5lZWRzIHRvIG9jY3VyCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRzcmMgLVBhdGhUeXBlIExlYWYpKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiQ2Fubm90IGV4cGFuZCBzcmMgemlwIGZpbGU6ICckc3JjJyBhcyBpdCBkb2VzIG5vdCBleGlzdCIKICAgIH0KCiAgICAjIERldGVjdCBpZiB0aGUgUFMgemlwIGFzc2VtYmxpZXMgYXJlIGF2YWlsYWJsZSBvciB3aGV0aGVyIHRvIHVzZSBTaGVsbAogICAgJHVzZV9sZWdhY3kgPSAkZmFsc2UKICAgIHRyeSB7CiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24uRmlsZVN5c3RlbSB8IE91dC1OdWxsCiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24gfCBPdXQtTnVsbAogICAgfSBjYXRjaCB7CiAgICAgICAgJHVzZV9sZWdhY3kgPSAkdHJ1ZQogICAgfQogICAgaWYgKCR1c2VfbGVnYWN5KSB7CiAgICAgICAgRXh0cmFjdC1aaXBMZWdhY3kgLXNyYyAkc3JjIC1kZXN0ICRkZXN0CiAgICB9IGVsc2UgewogICAgICAgIEV4dHJhY3QtWmlwIC1zcmMgJHNyYyAtZGVzdCAkZGVzdAogICAgfQoKICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCn0gZWxzZWlmICgkY29weV9tb2RlIC1lcSAicmVtb3RlIikgewogICAgIyBhbGwgY29weSBhY3Rpb25zIGFyZSBoYXBwZW5pbmcgb24gdGhlIHJlbW90ZSBzaWRlICh3aW5kb3dzIGhvc3QpLCBuZWVkCiAgICAjIHRvbyBjb3B5IHNvdXJjZSBhbmQgZGVzdCB1c2luZyBQUyBjb2RlCiAgICAkcmVzdWx0LnNyYyA9ICRzcmMKICAgICRyZXN1bHQuZGVzdCA9ICRkZXN0CgogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBDb250YWluZXIpIHsKICAgICAgICAjIHdlIGFyZSBjb3B5aW5nIGEgZGlyZWN0b3J5IG9yIHRoZSBjb250ZW50cyBvZiBhIGRpcmVjdG9yeQogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZvbGRlcl9jb3B5JwogICAgICAgIGlmICgkc3JjLkVuZHNXaXRoKCIvIikgLW9yICRzcmMuRW5kc1dpdGgoImBcIikpIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIncyBjb250ZW50cyB0byBkZXN0CiAgICAgICAgICAgICRkaWZmID0gIiIKICAgICAgICAgICAgJGNoaWxkX2ZpbGVzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZQogICAgICAgICAgICBmb3JlYWNoICgkY2hpbGRfZmlsZSBpbiAkY2hpbGRfZmlsZXMpIHsKICAgICAgICAgICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfZmlsZS5OYW1lCiAgICAgICAgICAgICAgICBpZiAoJGNoaWxkX2ZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgICAgICRkaWZmICs9IENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aAogICAgICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIgYW5kIGl0J3MgY29udGVudHMgdG8gZGVzdAogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgICAgICAkZGlmZiA9IENvcHktRm9sZGVyIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgIyB3ZSBhcmUganVzdCBjb3B5aW5nIGEgc2luZ2xlIGZpbGUgdG8gZGVzdAogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZpbGVfY29weScKCiAgICAgICAgJHNvdXJjZV9iYXNlbmFtZSA9IChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICRyZXN1bHQub3JpZ2luYWxfYmFzZW5hbWUgPSAkc291cmNlX2Jhc2VuYW1lCgogICAgICAgIGlmICgkZGVzdC5FbmRzV2l0aCgiLyIpIC1vciAkZGVzdC5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICMgY2hlY2sgaWYgdGhlIHBhcmVudCBkaXIgZXhpc3RzLCB0aGlzIGlzIG9ubHkgZG9uZSBpZiBzcmMgaXMgYQogICAgICAgICAgICAjIGZpbGUgYW5kIGRlc3QgaWYgdGhlIHBhdGggdG8gYSBmaWxlIChkb2Vzbid0IGVuZCB3aXRoIFwgb3IgLykKICAgICAgICAgICAgJHBhcmVudF9kaXIgPSBTcGxpdC1QYXRoIC1QYXRoICRkZXN0CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRGVzdGluYXRpb24gZGlyZWN0b3J5ICckcGFyZW50X2RpcicgZG9lcyBub3QgZXhpc3QiCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgJGNvcHlfcmVzdWx0ID0gQ29weS1GaWxlIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgICRkaWZmID0gJGNvcHlfcmVzdWx0LmRpZmYKICAgICAgICAkcmVzdWx0LmNoZWNrc3VtID0gJGNvcHlfcmVzdWx0LmNoZWNrc3VtCiAgICB9CgogICAgIyB0aGUgZmlsZSBtaWdodCBub3QgZXhpc3QgaWYgcnVubmluZyBpbiBjaGVjayBtb2RlCiAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSAtb3IgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikpIHsKICAgICAgICAkcmVzdWx0LnNpemUgPSBHZXQtRmlsZVNpemUgLXBhdGggJGRlc3QKICAgIH0gZWxzZSB7CiAgICAgICAgJHJlc3VsdC5zaXplID0gJG51bGwKICAgIH0KICAgIGlmICgkZGlmZl9tb2RlKSB7CiAgICAgICAgJHJlc3VsdC5kaWZmLnByZXBhcmVkID0gJGRpZmYKICAgIH0KfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJzaW5nbGUiKSB7CiAgICAjIGEgc2luZ2xlIGZpbGUgaXMgbG9jYXRlZCBpbiBzcmMgYW5kIHdlIG5lZWQgdG8gY29weSB0byBkZXN0LCB0aGlzIHdpbGwKICAgICMgYWx3YXlzIHJlc3VsdCBpbiBhIGNoYW5nZSBhcyB0aGUgY2FsY3VsYXRpb24gaXMgZG9uZSBvbiB0aGUgQW5zaWJsZSBzaWRlCiAgICAjIGJlZm9yZSB0aGlzIGlzIHJ1bi4gVGhpcyBzaG91bGQgYWxzbyBuZXZlciBydW4gaW4gY2hlY2sgbW9kZQogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBMZWFmKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgIyB0aGUgZGVzdCBwYXJhbWV0ZXIgaXMgYSBkaXJlY3RvcnksIHdlIG5lZWQgdG8gYXBwZW5kIG9yaWdpbmFsX2Jhc2VuYW1lCiAgICBpZiAoJGRlc3QuRW5kc1dpdGgoIi8iKSAtb3IgJGRlc3QuRW5kc1dpdGgoImBcIikgLW9yIChUZXN0LVBhdGggLVBhdGggJGRlc3QgLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAkcmVtb3RlX2Rlc3QgPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkb3JpZ2luYWxfYmFzZW5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgd2hlbiBkZXN0IGVuZHMgd2l0aCAvLCB3ZSBuZWVkIHRvIGNyZWF0ZSB0aGUgZGVzdGluYXRpb24gZGlyZWN0b3JpZXMKICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXJlbnRfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHJlbW90ZV9kZXN0ID0gJGRlc3QKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgY2hlY2sgaWYgdGhlIGRlc3QgcGFyZW50IGRpcnMgZXhpc3QsIG5lZWQgdG8gZmFpbCBpZiB0aGV5IGRvbid0CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJvYmplY3QgYXQgZGVzdGluYXRpb24gcGFyZW50IGRpciAnJHBhcmVudF9kaXInIGlzIGN1cnJlbnRseSBhIGZpbGUiCiAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJEZXN0aW5hdGlvbiBkaXJlY3RvcnkgJyRwYXJlbnRfZGlyJyBkb2VzIG5vdCBleGlzdCIKICAgICAgICB9CiAgICB9CgogICAgQ29weS1JdGVtIC1QYXRoICRzcmMgLURlc3RpbmF0aW9uICRyZW1vdGVfZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_copy_mode": "single", "_ansible_remote_tmp": "%TEMP%", "_ansible_syslog_facility": "LOG_USER", "_ansible_keep_remote_files": false, "_ansible_socket": null, "_original_basename": "pip-install-cinder.log", "_ansible_check_mode": false, "src": "C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1625573920.09-131652376879626\\source", "_ansible_no_log": false, "_ansible_module_name": "copy", "_ansible_verbosity": 2, "dest": "c:\\openstack\\log\\pip-install-cinder.log", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_tmpdir": "'C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1625573920.09-131652376879626'"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" ScriptBlock ID: 62b819fa-c766-4007-a545-e2246871ef73 Path:	4104	1		3	2	15	0	1546	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2288	4440	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:41 PM	7f70462d-725d-0005-aa56-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): ICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTUsIEpvbiBIYXdrZXN3b3J0aCAoQGpoYXdrZXN3b3J0aCkgPGZpZ3NAdW5pdHkuZGVtb24uY28udWs+CiMgQ29weXJpZ2h0OiAoYykgMjAxNywgQW5zaWJsZSBQcm9qZWN0CiMgR05VIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgdjMuMCsgKHNlZSBDT1BZSU5HIG9yIGh0dHBzOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvZ3BsLTMuMC50eHQpCgojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxlZ2FjeQoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKJHBhcmFtcyA9IFBhcnNlLUFyZ3MgLWFyZ3VtZW50cyAkYXJncyAtc3VwcG9ydHNfY2hlY2tfbW9kZSAkdHJ1ZQokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtdHlwZSAiYm9vbCIgLWRlZmF1bHQgJGZhbHNlCiRkaWZmX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfZGlmZiIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQoKIyB0aGVyZSBhcmUgNCBtb2RlcyB0byB3aW5fY29weSB3aGljaCBhcmUgZHJpdmVuIGJ5IHRoZSBhY3Rpb24gcGx1Z2luczoKIyAgIGV4cGxvZGU6IHNyYyBpcyBhIHppcCBmaWxlIHdoaWNoIG5lZWRzIHRvIGJlIGV4dHJhY3RlZCB0byBkZXN0LCBmb3IgdXNlIHdpdGggbXVsdGlwbGUgZmlsZXMKIyAgIHF1ZXJ5OiB3aW5fY29weSBhY3Rpb24gcGx1Z2luIHdhbnRzIHRvIGdldCB0aGUgc3RhdGUgb2YgcmVtb3RlIGZpbGVzIHRvIGNoZWNrIHdoZXRoZXIgaXQgbmVlZHMgdG8gc2VuZCB0aGVtCiMgICByZW1vdGU6IGFsbCBjb3B5IGFjdGlvbiBpcyBoYXBwZW5pbmcgcmVtb3RlbHkgKHJlbW90ZV9zcmM9VHJ1ZSkKIyAgIHNpbmdsZTogYSBzaW5nbGUgZmlsZSBoYXMgYmVlbiBjb3BpZWQsIGFsc28gdXNlZCB3aXRoIHRlbXBsYXRlCiRjb3B5X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2NvcHlfbW9kZSIgLXR5cGUgInN0ciIgLWRlZmF1bHQgInNpbmdsZSIgLXZhbGlkYXRlc2V0ICJleHBsb2RlIiwicXVlcnkiLCJyZW1vdGUiLCJzaW5nbGUiCgojIHVzZWQgaW4gZXhwbG9kZSwgcmVtb3RlIGFuZCBzaW5nbGUgbW9kZQokc3JjID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInNyYyIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAoJGNvcHlfbW9kZSAtaW4gQCgiZXhwbG9kZSIsInByb2Nlc3MiLCJzaW5nbGUiKSkKJGRlc3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGVzdCIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAkdHJ1ZQoKIyB1c2VkIGluIHNpbmdsZSBtb2RlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCgojIHVzZWQgaW4gcXVlcnkgYW5kIHJlbW90ZSBtb2RlCiRmb3JjZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmb3JjZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCgojIHVzZWQgaW4gcXVlcnkgbW9kZSwgY29udGFpbnMgdGhlIGxvY2FsIGZpbGVzL2RpcmVjdG9yaWVzL3N5bWxpbmtzIHRoYXQgYXJlIHRvIGJlIGNvcGllZAokZmlsZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZmlsZXMiIC10eXBlICJsaXN0IgokZGlyZWN0b3JpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGlyZWN0b3JpZXMiIC10eXBlICJsaXN0Igokc3ltbGlua3MgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3ltbGlua3MiIC10eXBlICJsaXN0IgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCn0KCmlmICgkZGlmZl9tb2RlKSB7CiAgICAkcmVzdWx0LmRpZmYgPSBAe30KfQoKRnVuY3Rpb24gQ29weS1GaWxlKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9maWxlID0gJGZhbHNlCiAgICAkc291cmNlX2NoZWNrc3VtID0gJG51bGwKICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAkc291cmNlX2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkc291cmNlCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBkZXN0IGlzIGFscmVhZHkgYSBmb2xkZXIiCiAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgaWYgKCRmb3JjZSkgewogICAgICAgICAgICAkdGFyZ2V0X2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkZGVzdAogICAgICAgICAgICBpZiAoJHNvdXJjZV9jaGVja3N1bSAtbmUgJHRhcmdldF9jaGVja3N1bSkgewogICAgICAgICAgICAgICAgJGNvcHlfZmlsZSA9ICR0cnVlCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICRjb3B5X2ZpbGUgPSAkdHJ1ZQogICAgfQoKICAgIGlmICgkY29weV9maWxlKSB7CiAgICAgICAgJGZpbGVfZGlyID0gW1N5c3RlbS5JTy5QYXRoXTo6R2V0RGlyZWN0b3J5TmFtZSgkZGVzdCkKICAgICAgICAjIHZhbGlkYXRlIHRoZSBwYXJlbnQgZGlyIGlzIG5vdCBhIGZpbGUgYW5kIHRoYXQgaXQgZXhpc3RzCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZmlsZV9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRmaWxlX2RpcikpIHsKICAgICAgICAgICAgIyBkaXJlY3RvcnkgZG9lc24ndCBleGlzdCwgbmVlZCB0byBjcmVhdGUKICAgICAgICAgICAgTmV3LUl0ZW0gLVBhdGggJGZpbGVfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICIrJGZpbGVfZGlyXGBuIgogICAgICAgIH0KCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBSZW1vdmUtSXRlbSAtUGF0aCAkZGVzdCAtRm9yY2UgLVJlY3Vyc2UgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICItJGRlc3RgbiIKICAgICAgICB9CgogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICMgY2Fubm90IHJ1biB3aXRoIC1XaGF0SWY6JGNoZWNrX21vZGUgYXMgaWYgdGhlIHBhcmVudCBkaXIgZGlkbid0CiAgICAgICAgICAgICMgZXhpc3QgYW5kIHdhcyBjcmVhdGVkIGFib3ZlIHdvdWxkIHN0aWxsIG5vdCBleGlzdCBpbiBjaGVjayBtb2RlCiAgICAgICAgICAgIENvcHktSXRlbSAtUGF0aCAkc291cmNlIC1EZXN0aW5hdGlvbiAkZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgICAgICAkZGlmZiArPSAiKyRkZXN0YG4iCgogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgIyB1Z2x5IGJ1dCB0byBzYXZlIHVzIGZyb20gcnVubmluZyB0aGUgY2hlY2tzdW0gdHdpY2UsIGxldCdzIHJldHVybiBpdCBmb3IKICAgICMgdGhlIG1haW4gY29kZSB0byBhZGQgaXQgdG8gJHJlc3VsdAogICAgcmV0dXJuICxAeyBkaWZmID0gJGRpZmY7IGNoZWNrc3VtID0gJHNvdXJjZV9jaGVja3N1bSB9Cn0KCkZ1bmN0aW9uIENvcHktRm9sZGVyKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9mb2xkZXIgPSAkZmFsc2UKCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgJHBhcmVudF9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRkZXN0KQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgZnJvbSAnJHNvdXJjZScgdG8gJyRkZXN0JzogZGVzdCBpcyBhbHJlYWR5IGEgZmlsZSIKICAgICAgICB9CgogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBDb250YWluZXIgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgJGRpZmYgKz0gIiskZGVzdFxgbiIKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQoKICAgICRjaGlsZF9pdGVtcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJHNvdXJjZSAtRm9yY2UKICAgIGZvcmVhY2ggKCRjaGlsZF9pdGVtIGluICRjaGlsZF9pdGVtcykgewogICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfaXRlbS5OYW1lCiAgICAgICAgaWYgKCRjaGlsZF9pdGVtLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgJGRpZmYgKz0gKENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgIH0KICAgIH0KCiAgICByZXR1cm4gJGRpZmYKfQoKRnVuY3Rpb24gR2V0LUZpbGVTaXplKCRwYXRoKSB7CiAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRwYXRoIC1Gb3JjZQogICAgJHNpemUgPSAkbnVsbAogICAgaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAkZGlyX2ZpbGVzX3N1bSA9IEdldC1DaGlsZEl0ZW0gJGZpbGUuRnVsbE5hbWUgLVJlY3Vyc2UKICAgICAgICBpZiAoJGRpcl9maWxlc19zdW0gLWVxICRudWxsIC1vciAoJGRpcl9maWxlc19zdW0uUFNPYmplY3QuUHJvcGVydGllcy5uYW1lIC1jb250YWlucyAnbGVuZ3RoJyAtZXEgJGZhbHNlKSkgewogICAgICAgICAgICAkc2l6ZSA9IDAKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkc2l6ZSA9ICgkZGlyX2ZpbGVzX3N1bSB8IE1lYXN1cmUtT2JqZWN0IC1wcm9wZXJ0eSBsZW5ndGggLXN1bSkuU3VtCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkc2l6ZSA9ICRmaWxlLkxlbmd0aAogICAgfQoKICAgICRzaXplCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwKCRzcmMsICRkZXN0KSB7CiAgICAkYXJjaGl2ZSA9IFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZV06Ok9wZW4oJHNyYywgW1N5c3RlbS5JTy5Db21wcmVzc2lvbi5aaXBBcmNoaXZlTW9kZV06OlJlYWQsIFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjgpCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJGFyY2hpdmUuRW50cmllcykgewogICAgICAgICRhcmNoaXZlX25hbWUgPSAkZW50cnkuRnVsbE5hbWUKCiAgICAgICAgIyBGdWxsTmFtZSBtYXkgYmUgYXBwZW5kZWQgd2l0aCAvIG9yIFwsIGRldGVybWluZSBpZiBpdCBpcyBwYWRkZWQgYW5kIHJlbW92ZSBpdAogICAgICAgICRwYWRkaW5nX2xlbmd0aCA9ICRhcmNoaXZlX25hbWUuTGVuZ3RoICUgNAogICAgICAgIGlmICgkcGFkZGluZ19sZW5ndGggLWVxIDApIHsKICAgICAgICAgICAgJGlzX2RpciA9ICRmYWxzZQogICAgICAgICAgICAkYmFzZTY0X25hbWUgPSAkYXJjaGl2ZV9uYW1lCiAgICAgICAgfSBlbHNlaWYgKCRwYWRkaW5nX2xlbmd0aCAtZXEgMSkgewogICAgICAgICAgICAkaXNfZGlyID0gJHRydWUKICAgICAgICAgICAgaWYgKCRhcmNoaXZlX25hbWUuRW5kc1dpdGgoIi8iKSAtb3IgJGFyY2hpdmVfbmFtZS5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAgICAgJGJhc2U2NF9uYW1lID0gJGFyY2hpdmVfbmFtZS5TdWJzdHJpbmcoMCwgJGFyY2hpdmVfbmFtZS5MZW5ndGggLSAxKQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgdGhyb3cgImludmFsaWQgYmFzZTY0IGFyY2hpdmUgbmFtZSAnJGFyY2hpdmVfbmFtZSciCiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICB0aHJvdyAiaW52YWxpZCBiYXNlNjQgbGVuZ3RoICckYXJjaGl2ZV9uYW1lJyIKICAgICAgICB9CgogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGJhc2U2NF9uYW1lKSkKICAgICAgICAjIHJlLWFkZCB0aGUgLyB0byB0aGUgZW50cnkgZnVsbCB ScriptBlock ID: 62b819fa-c766-4007-a545-e2246871ef73 Path:	4104	1		3	2	15	0	1545	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2288	4440	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:41 PM	7f70462d-725d-0005-aa56-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8K ScriptBlock ID: 62b819fa-c766-4007-a545-e2246871ef73 Path:	4104	1		3	2	15	0	1544	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2288	4440	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:41 PM	7f70462d-725d-0005-aa56-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1543	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2288	1404	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:41 PM	7f70462d-725d-0003-fa8f-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2288 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1542	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2288	3912	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:41 PM	7f70462d-725d-0003-fa8f-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1541	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2288	1404	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:41 PM	7f70462d-725d-0003-fa8f-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): begin { $path = 'C:\Users\Admin\AppData\Local\Temp\ansible-tmp-1625573920.09-131652376879626\source' $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 $fd = [System.IO.File]::Create($path) $sha1 = [System.Security.Cryptography.SHA1CryptoServiceProvider]::Create() $bytes = @() #initialize for empty file case } process { $bytes = [System.Convert]::FromBase64String($input) $sha1.TransformBlock($bytes, 0, $bytes.Length, $bytes, 0) | Out-Null $fd.Write($bytes, 0, $bytes.Length) } end { $sha1.TransformFinalBlock($bytes, 0, 0) | Out-Null $hash = [System.BitConverter]::ToString($sha1.Hash).Replace("-", "").ToLowerInvariant() $fd.Close() Write-Output "{""sha1"":""$hash""}" } ScriptBlock ID: 8946a5ce-53e0-4902-b223-c5e1420e5e20 Path:	4104	1		3	2	15	0	1540	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3828	4840	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:41 PM	7f70462d-725d-0003-ec8f-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1539	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3828	1888	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:40 PM	7f70462d-725d-0004-1767-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3828 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1538	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3828	96	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:40 PM	7f70462d-725d-0004-1767-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1537	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3828	1888	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:40 PM	7f70462d-725d-0004-1767-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1536	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4416	3944	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:40 PM	7f70462d-725d-0004-1067-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4416 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1535	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4416	2680	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:40 PM	7f70462d-725d-0004-1067-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1534	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4416	3944	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:40 PM	7f70462d-725d-0004-1067-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1533	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2340	2776	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:40 PM	7f70462d-725d-0002-f98d-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2340 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1532	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2340	2200	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:40 PM	7f70462d-725d-0002-f98d-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1531	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2340	2776	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:40 PM	7f70462d-725d-0002-f98d-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2015, Jon Hawkesworth (@jhawkesworth) <figs@unity.demon.co.uk> # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = 'Stop' $params = Parse-Args -arguments $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false $diff_mode = Get-AnsibleParam -obj $params -name "_ansible_diff" -type "bool" -default $false # there are 4 modes to win_copy which are driven by the action plugins: # explode: src is a zip file which needs to be extracted to dest, for use with multiple files # query: win_copy action plugin wants to get the state of remote files to check whether it needs to send them # remote: all copy action is happening remotely (remote_src=True) # single: a single file has been copied, also used with template $copy_mode = Get-AnsibleParam -obj $params -name "_copy_mode" -type "str" -default "single" -validateset "explode","query","remote","single" # used in explode, remote and single mode $src = Get-AnsibleParam -obj $params -name "src" -type "path" -failifempty ($copy_mode -in @("explode","process","single")) $dest = Get-AnsibleParam -obj $params -name "dest" -type "path" -failifempty $true # used in single mode $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" # used in query and remote mode $force = Get-AnsibleParam -obj $params -name "force" -type "bool" -default $true # used in query mode, contains the local files/directories/symlinks that are to be copied $files = Get-AnsibleParam -obj $params -name "files" -type "list" $directories = Get-AnsibleParam -obj $params -name "directories" -type "list" $symlinks = Get-AnsibleParam -obj $params -name "symlinks" -type "list" $result = @{ changed = $false } if ($diff_mode) { $result.diff = @{} } Function Copy-File($source, $dest) { $diff = "" $copy_file = $false $source_checksum = $null if ($force) { $source_checksum = Get-FileChecksum -path $source } if (Test-Path -Path $dest -PathType Container) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': dest is already a folder" } elseif (Test-Path -Path $dest -PathType Leaf) { if ($force) { $target_checksum = Get-FileChecksum -path $dest if ($source_checksum -ne $target_checksum) { $copy_file = $true } } } else { $copy_file = $true } if ($copy_file) { $file_dir = [System.IO.Path]::GetDirectoryName($dest) # validate the parent dir is not a file and that it exists if (Test-Path -Path $file_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } elseif (-not (Test-Path -Path $file_dir)) { # directory doesn't exist, need to create New-Item -Path $file_dir -ItemType Directory -WhatIf:$check_mode | Out-Null $diff += "+$file_dir\`n" } if (Test-Path -Path $dest -PathType Leaf) { Remove-Item -Path $dest -Force -Recurse -WhatIf:$check_mode | Out-Null $diff += "-$dest`n" } if (-not $check_mode) { # cannot run with -WhatIf:$check_mode as if the parent dir didn't # exist and was created above would still not exist in check mode Copy-Item -Path $source -Destination $dest -Force | Out-Null } $diff += "+$dest`n" $result.changed = $true } # ugly but to save us from running the checksum twice, let's return it for # the main code to add it to $result return ,@{ diff = $diff; checksum = $source_checksum } } Function Copy-Folder($source, $dest) { $diff = "" $copy_folder = $false if (-not (Test-Path -Path $dest -PathType Container)) { $parent_dir = [System.IO.Path]::GetDirectoryName($dest) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } if (Test-Path -Path $dest -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder from '$source' to '$dest': dest is already a file" } New-Item -Path $dest -ItemType Container -WhatIf:$check_mode | Out-Null $diff += "+$dest\`n" $result.changed = $true } $child_items = Get-ChildItem -Path $source -Force foreach ($child_item in $child_items) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_item.Name if ($child_item.PSIsContainer) { $diff += (Copy-Folder -source $child_item.Fullname -dest $dest_child_path) } else { $diff += (Copy-File -source $child_item.Fullname -dest $dest_child_path).diff } } return $diff } Function Get-FileSize($path) { $file = Get-Item -Path $path -Force $size = $null if ($file.PSIsContainer) { $dir_files_sum = Get-ChildItem $file.FullName -Recurse if ($dir_files_sum -eq $null -or ($dir_files_sum.PSObject.Properties.name -contains 'length' -eq $false)) { $size = 0 } else { $size = ($dir_files_sum | Measure-Object -property length -sum).Sum } } else { $size = $file.Length } $size } Function Extract-Zip($src, $dest) { $archive = [System.IO.Compression.ZipFile]::Open($src, [System.IO.Compression.ZipArchiveMode]::Read, [System.Text.Encoding]::UTF8) foreach ($entry in $archive.Entries) { $archive_name = $entry.FullName # FullName may be appended with / or \, determine if it is padded and remove it $padding_length = $archive_name.Length % 4 if ($padding_length -eq 0) { $is_dir = $false $base64_name = $archive_name } elseif ($padding_length -eq 1) { $is_dir = $true if ($archive_name.EndsWith("/") -or $archive_name.EndsWith("`\")) { $base64_name = $archive_name.Substring(0, $archive_name.Length - 1) } else { throw "invalid base64 archive name '$archive_name'" } } else { throw "invalid base64 length '$archive_name'" } # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_name = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_name)) # re-add the / to the entry full name if it was a directory if ($is_dir) { $decoded_archive_name = "$decoded_archive_name/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_name) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false) { if (-not $check_mode) { [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $entry_target_path, $true) } } } $archive.Dispose() # release the handle of the zip file } Function Extract-ZipLegacy($src, $dest) { if (-not (Test-Path -Path $dest)) { New-Item -Path $dest -ItemType Directory -WhatIf:$check_mode | Out-Null } $shell = New-Object -ComObject Shell.Application $zip = $shell.NameSpace($src) $dest_path = $shell.NameSpace($dest) foreach ($entry in $zip.Items()) { $is_dir = $entry.IsFolder $encoded_archive_entry = $entry.Name # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_entry = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encoded_archive_entry)) if ($is_dir) { $decoded_archive_entry = "$decoded_archive_entry/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_entry) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false -and (-not $check_mode)) { # https://msdn.microsoft.com/en-us/library/windows/desktop/bb787866.aspx # From Folder.CopyHere documentation, 1044 means: # - 1024: do not display a user interface if an error occurs # - 16: respond with "yes to all" for any dialog box that is displayed # - 4: do not display a progress dialog box $dest_path.CopyHere($entry, 1044) # once file is extraced, we need to rename it with non base64 name $combined_encoded_path = [System.IO.Path]::Combine($dest, $encoded_archive_entry) Move-Item -Path $combined_encoded_path -Destination $entry_target_path -Force | Out-Null } } } if ($copy_mode -eq "query") { # we only return a list of files/directories that need to be copied over # the source of the local file will be the key used $changed_files = @() $changed_directories = @() $changed_symlinks = @() foreach ($file in $files) { $filename = $file.dest $local_checksum = $file.checksum $filepath = Join-Path -Path $dest -ChildPath $filename if (Test-Path -Path $filepath -PathType Leaf) { if ($force) { $checksum = Get-FileChecksum -path $filepath if ($checksum -ne $local_checksum) { $will_change = $true $changed_files += $file } } } elseif (Test-Path -Path $filepath -PathType Container) { Fail-Json -obj $result -message "cannot copy file to dest '$filepath': object at path is already a directory" } else { $changed_files += $file } } foreach ($directory in $directories) { $dirname = $directory.dest $dirpath = Join-Path -Path $dest -ChildPath $dirname $parent_dir = [System.IO.Path]::GetDirectoryName($dirpath) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at parent directory path is already a file" } if (Test-Path -Path $dirpath -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at path is already a file" } elseif (-not (Test-Path -Path $dirpath -PathType Container)) { $changed_directories += $directory } } # TODO: Handle symlinks $result.files = $changed_files $result.directories = $changed_directories $result.symlinks = $changed_symlinks } elseif ($copy_mode -eq "explode") { # a single zip file containing the files and directories needs to be # expanded this will always result in a change as the calculation is done # on the win_copy action plugin and is only run if a change needs to occur if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot expand src zip file: '$src' as it does not exist" } # Detect if the PS zip assemblies are available or whether to use Shell $use_legacy = $false try { Add-Type -AssemblyName System.IO.Compression.FileSystem | Out-Null Add-Type -AssemblyName System.IO.Compression | Out-Null } catch { $use_legacy = $true } if ($use_legacy) { Extract-ZipLegacy -src $src -dest $dest } else { Extract-Zip -src $src -dest $dest } $result.changed = $true } elseif ($copy_mode -eq "remote") { # all copy actions are happening on the remote side (windows host), need # too copy source and dest using PS code $result.src = $src $result.dest = $dest if (-not (Test-Path -Path $src)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } if (Test-Path -Path $src -PathType Container) { # we are copying a directory or the contents of a directory $result.operation = 'folder_copy' if ($src.EndsWith("/") -or $src.EndsWith("`\")) { # copying the folder's contents to dest $diff = "" $child_files = Get-ChildItem -Path $src -Force foreach ($child_file in $child_files) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_file.Name if ($child_file.PSIsContainer) { $diff += Copy-Folder -source $child_file.FullName -dest $dest_child_path } else { $diff += (Copy-File -source $child_file.FullName -dest $dest_child_path).diff } } } else { # copying the folder and it's contents to dest $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest $diff = Copy-Folder -source $src -dest $dest } } else { # we are just copying a single file to dest $result.operation = 'file_copy' $source_basename = (Get-Item -Path $src -Force).Name $result.original_basename = $source_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\")) { $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest } else { # check if the parent dir exists, this is only done if src is a # file and dest if the path to a file (doesn't end with \ or /) $parent_dir = Split-Path -Path $dest if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } $copy_result = Copy-File -source $src -dest $dest $diff = $copy_result.diff $result.checksum = $copy_result.checksum } # the file might not exist if running in check mode if (-not $check_mode -or (Test-Path -Path $dest -PathType Leaf)) { $result.size = Get-FileSize -path $dest } else { $result.size = $null } if ($diff_mode) { $result.diff.prepared = $diff } } elseif ($copy_mode -eq "single") { # a single file is located in src and we need to copy to dest, this will # always result in a change as the calculation is done on the Ansible side # before this is run. This should also never run in check mode if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } # the dest parameter is a directory, we need to append original_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\") -or (Test-Path -Path $dest -PathType Container)) { $remote_dest = Join-Path -Path $dest -ChildPath $original_basename $parent_dir = Split-Path -Path $remote_dest # when dest ends with /, we need to create the destination directories if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { New-Item -Path $parent_dir -ItemType Directory | Out-Null } } else { $remote_dest = $dest $parent_dir = Split-Path -Path $remote_dest # check if the dest parent dirs exist, need to fail if they don't if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } Copy-Item -Path $src -Destination $remote_dest -Force | Out-Null $result.changed = $true } Exit-Json -obj $result ScriptBlock ID: adbe1187-cc23-41f7-a0bd-033798aa8253 Path:	4104	1		3	2	15	0	1530	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1112	4700	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:39 PM	7f70462d-725d-0004-f366-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: fa54806f-e3e8-4b7a-9459-4f64cea8c65d Path:	4104	1		3	2	15	0	1529	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1112	4616	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:39 PM	7f70462d-725d-0004-e666-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: c06c01bd-4834-4acc-a741-050a31af5688 Path:	4104	1		3	2	15	0	1528	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1112	4616	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:39 PM	7f70462d-725d-0004-db66-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): XRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgICAgICAkZGlmZiA9IENvcHktRm9sZGVyIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgIyB3ZSBhcmUganVzdCBjb3B5aW5nIGEgc2luZ2xlIGZpbGUgdG8gZGVzdAogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZpbGVfY29weScKCiAgICAgICAgJHNvdXJjZV9iYXNlbmFtZSA9IChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICRyZXN1bHQub3JpZ2luYWxfYmFzZW5hbWUgPSAkc291cmNlX2Jhc2VuYW1lCgogICAgICAgIGlmICgkZGVzdC5FbmRzV2l0aCgiLyIpIC1vciAkZGVzdC5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICMgY2hlY2sgaWYgdGhlIHBhcmVudCBkaXIgZXhpc3RzLCB0aGlzIGlzIG9ubHkgZG9uZSBpZiBzcmMgaXMgYQogICAgICAgICAgICAjIGZpbGUgYW5kIGRlc3QgaWYgdGhlIHBhdGggdG8gYSBmaWxlIChkb2Vzbid0IGVuZCB3aXRoIFwgb3IgLykKICAgICAgICAgICAgJHBhcmVudF9kaXIgPSBTcGxpdC1QYXRoIC1QYXRoICRkZXN0CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRGVzdGluYXRpb24gZGlyZWN0b3J5ICckcGFyZW50X2RpcicgZG9lcyBub3QgZXhpc3QiCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgJGNvcHlfcmVzdWx0ID0gQ29weS1GaWxlIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgICRkaWZmID0gJGNvcHlfcmVzdWx0LmRpZmYKICAgICAgICAkcmVzdWx0LmNoZWNrc3VtID0gJGNvcHlfcmVzdWx0LmNoZWNrc3VtCiAgICB9CgogICAgIyB0aGUgZmlsZSBtaWdodCBub3QgZXhpc3QgaWYgcnVubmluZyBpbiBjaGVjayBtb2RlCiAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSAtb3IgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikpIHsKICAgICAgICAkcmVzdWx0LnNpemUgPSBHZXQtRmlsZVNpemUgLXBhdGggJGRlc3QKICAgIH0gZWxzZSB7CiAgICAgICAgJHJlc3VsdC5zaXplID0gJG51bGwKICAgIH0KICAgIGlmICgkZGlmZl9tb2RlKSB7CiAgICAgICAgJHJlc3VsdC5kaWZmLnByZXBhcmVkID0gJGRpZmYKICAgIH0KfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJzaW5nbGUiKSB7CiAgICAjIGEgc2luZ2xlIGZpbGUgaXMgbG9jYXRlZCBpbiBzcmMgYW5kIHdlIG5lZWQgdG8gY29weSB0byBkZXN0LCB0aGlzIHdpbGwKICAgICMgYWx3YXlzIHJlc3VsdCBpbiBhIGNoYW5nZSBhcyB0aGUgY2FsY3VsYXRpb24gaXMgZG9uZSBvbiB0aGUgQW5zaWJsZSBzaWRlCiAgICAjIGJlZm9yZSB0aGlzIGlzIHJ1bi4gVGhpcyBzaG91bGQgYWxzbyBuZXZlciBydW4gaW4gY2hlY2sgbW9kZQogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBMZWFmKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgIyB0aGUgZGVzdCBwYXJhbWV0ZXIgaXMgYSBkaXJlY3RvcnksIHdlIG5lZWQgdG8gYXBwZW5kIG9yaWdpbmFsX2Jhc2VuYW1lCiAgICBpZiAoJGRlc3QuRW5kc1dpdGgoIi8iKSAtb3IgJGRlc3QuRW5kc1dpdGgoImBcIikgLW9yIChUZXN0LVBhdGggLVBhdGggJGRlc3QgLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAkcmVtb3RlX2Rlc3QgPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkb3JpZ2luYWxfYmFzZW5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgd2hlbiBkZXN0IGVuZHMgd2l0aCAvLCB3ZSBuZWVkIHRvIGNyZWF0ZSB0aGUgZGVzdGluYXRpb24gZGlyZWN0b3JpZXMKICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXJlbnRfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHJlbW90ZV9kZXN0ID0gJGRlc3QKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgY2hlY2sgaWYgdGhlIGRlc3QgcGFyZW50IGRpcnMgZXhpc3QsIG5lZWQgdG8gZmFpbCBpZiB0aGV5IGRvbid0CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJvYmplY3QgYXQgZGVzdGluYXRpb24gcGFyZW50IGRpciAnJHBhcmVudF9kaXInIGlzIGN1cnJlbnRseSBhIGZpbGUiCiAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJEZXN0aW5hdGlvbiBkaXJlY3RvcnkgJyRwYXJlbnRfZGlyJyBkb2VzIG5vdCBleGlzdCIKICAgICAgICB9CiAgICB9CgogICAgQ29weS1JdGVtIC1QYXRoICRzcmMgLURlc3RpbmF0aW9uICRyZW1vdGVfZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"symlinks": [], "files": [{"dest": "pip-install-cinder.log", "checksum": "185c74db859b2fee95c5e7a774db1a3d79044fd6", "src": "/home/jenkins-slave/.ansible/tmp/ansible-local-28147HK_CHA/tmpjTur9I"}], "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "force": true, "_ansible_no_log": false, "dest": "c:/openstack/log", "directories": [], "_ansible_remote_tmp": "%TEMP%", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_copy_mode": "query", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null, "_ansible_version": "2.7.0", "_ansible_module_name": "win_copy"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 3d0f283a-9098-4c9b-bc1b-1980f83f193f Path:	4104	1		3	2	15	0	1527	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1112	4616	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:39 PM	7f70462d-725d-0004-d566-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): sIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTUsIEpvbiBIYXdrZXN3b3J0aCAoQGpoYXdrZXN3b3J0aCkgPGZpZ3NAdW5pdHkuZGVtb24uY28udWs+CiMgQ29weXJpZ2h0OiAoYykgMjAxNywgQW5zaWJsZSBQcm9qZWN0CiMgR05VIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgdjMuMCsgKHNlZSBDT1BZSU5HIG9yIGh0dHBzOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvZ3BsLTMuMC50eHQpCgojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxlZ2FjeQoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKJHBhcmFtcyA9IFBhcnNlLUFyZ3MgLWFyZ3VtZW50cyAkYXJncyAtc3VwcG9ydHNfY2hlY2tfbW9kZSAkdHJ1ZQokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtdHlwZSAiYm9vbCIgLWRlZmF1bHQgJGZhbHNlCiRkaWZmX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfZGlmZiIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQoKIyB0aGVyZSBhcmUgNCBtb2RlcyB0byB3aW5fY29weSB3aGljaCBhcmUgZHJpdmVuIGJ5IHRoZSBhY3Rpb24gcGx1Z2luczoKIyAgIGV4cGxvZGU6IHNyYyBpcyBhIHppcCBmaWxlIHdoaWNoIG5lZWRzIHRvIGJlIGV4dHJhY3RlZCB0byBkZXN0LCBmb3IgdXNlIHdpdGggbXVsdGlwbGUgZmlsZXMKIyAgIHF1ZXJ5OiB3aW5fY29weSBhY3Rpb24gcGx1Z2luIHdhbnRzIHRvIGdldCB0aGUgc3RhdGUgb2YgcmVtb3RlIGZpbGVzIHRvIGNoZWNrIHdoZXRoZXIgaXQgbmVlZHMgdG8gc2VuZCB0aGVtCiMgICByZW1vdGU6IGFsbCBjb3B5IGFjdGlvbiBpcyBoYXBwZW5pbmcgcmVtb3RlbHkgKHJlbW90ZV9zcmM9VHJ1ZSkKIyAgIHNpbmdsZTogYSBzaW5nbGUgZmlsZSBoYXMgYmVlbiBjb3BpZWQsIGFsc28gdXNlZCB3aXRoIHRlbXBsYXRlCiRjb3B5X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2NvcHlfbW9kZSIgLXR5cGUgInN0ciIgLWRlZmF1bHQgInNpbmdsZSIgLXZhbGlkYXRlc2V0ICJleHBsb2RlIiwicXVlcnkiLCJyZW1vdGUiLCJzaW5nbGUiCgojIHVzZWQgaW4gZXhwbG9kZSwgcmVtb3RlIGFuZCBzaW5nbGUgbW9kZQokc3JjID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInNyYyIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAoJGNvcHlfbW9kZSAtaW4gQCgiZXhwbG9kZSIsInByb2Nlc3MiLCJzaW5nbGUiKSkKJGRlc3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGVzdCIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAkdHJ1ZQoKIyB1c2VkIGluIHNpbmdsZSBtb2RlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCgojIHVzZWQgaW4gcXVlcnkgYW5kIHJlbW90ZSBtb2RlCiRmb3JjZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmb3JjZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCgojIHVzZWQgaW4gcXVlcnkgbW9kZSwgY29udGFpbnMgdGhlIGxvY2FsIGZpbGVzL2RpcmVjdG9yaWVzL3N5bWxpbmtzIHRoYXQgYXJlIHRvIGJlIGNvcGllZAokZmlsZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZmlsZXMiIC10eXBlICJsaXN0IgokZGlyZWN0b3JpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGlyZWN0b3JpZXMiIC10eXBlICJsaXN0Igokc3ltbGlua3MgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3ltbGlua3MiIC10eXBlICJsaXN0IgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCn0KCmlmICgkZGlmZl9tb2RlKSB7CiAgICAkcmVzdWx0LmRpZmYgPSBAe30KfQoKRnVuY3Rpb24gQ29weS1GaWxlKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9maWxlID0gJGZhbHNlCiAgICAkc291cmNlX2NoZWNrc3VtID0gJG51bGwKICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAkc291cmNlX2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkc291cmNlCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBkZXN0IGlzIGFscmVhZHkgYSBmb2xkZXIiCiAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgaWYgKCRmb3JjZSkgewogICAgICAgICAgICAkdGFyZ2V0X2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkZGVzdAogICAgICAgICAgICBpZiAoJHNvdXJjZV9jaGVja3N1bSAtbmUgJHRhcmdldF9jaGVja3N1bSkgewogICAgICAgICAgICAgICAgJGNvcHlfZmlsZSA9ICR0cnVlCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICRjb3B5X2ZpbGUgPSAkdHJ1ZQogICAgfQoKICAgIGlmICgkY29weV9maWxlKSB7CiAgICAgICAgJGZpbGVfZGlyID0gW1N5c3RlbS5JTy5QYXRoXTo6R2V0RGlyZWN0b3J5TmFtZSgkZGVzdCkKICAgICAgICAjIHZhbGlkYXRlIHRoZSBwYXJlbnQgZGlyIGlzIG5vdCBhIGZpbGUgYW5kIHRoYXQgaXQgZXhpc3RzCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZmlsZV9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRmaWxlX2RpcikpIHsKICAgICAgICAgICAgIyBkaXJlY3RvcnkgZG9lc24ndCBleGlzdCwgbmVlZCB0byBjcmVhdGUKICAgICAgICAgICAgTmV3LUl0ZW0gLVBhdGggJGZpbGVfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICIrJGZpbGVfZGlyXGBuIgogICAgICAgIH0KCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBSZW1vdmUtSXRlbSAtUGF0aCAkZGVzdCAtRm9yY2UgLVJlY3Vyc2UgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICItJGRlc3RgbiIKICAgICAgICB9CgogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICMgY2Fubm90IHJ1biB3aXRoIC1XaGF0SWY6JGNoZWNrX21vZGUgYXMgaWYgdGhlIHBhcmVudCBkaXIgZGlkbid0CiAgICAgICAgICAgICMgZXhpc3QgYW5kIHdhcyBjcmVhdGVkIGFib3ZlIHdvdWxkIHN0aWxsIG5vdCBleGlzdCBpbiBjaGVjayBtb2RlCiAgICAgICAgICAgIENvcHktSXRlbSAtUGF0aCAkc291cmNlIC1EZXN0aW5hdGlvbiAkZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgICAgICAkZGlmZiArPSAiKyRkZXN0YG4iCgogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgIyB1Z2x5IGJ1dCB0byBzYXZlIHVzIGZyb20gcnVubmluZyB0aGUgY2hlY2tzdW0gdHdpY2UsIGxldCdzIHJldHVybiBpdCBmb3IKICAgICMgdGhlIG1haW4gY29kZSB0byBhZGQgaXQgdG8gJHJlc3VsdAogICAgcmV0dXJuICxAeyBkaWZmID0gJGRpZmY7IGNoZWNrc3VtID0gJHNvdXJjZV9jaGVja3N1bSB9Cn0KCkZ1bmN0aW9uIENvcHktRm9sZGVyKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9mb2xkZXIgPSAkZmFsc2UKCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgJHBhcmVudF9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRkZXN0KQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgZnJvbSAnJHNvdXJjZScgdG8gJyRkZXN0JzogZGVzdCBpcyBhbHJlYWR5IGEgZmlsZSIKICAgICAgICB9CgogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBDb250YWluZXIgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgJGRpZmYgKz0gIiskZGVzdFxgbiIKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQoKICAgICRjaGlsZF9pdGVtcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJHNvdXJjZSAtRm9yY2UKICAgIGZvcmVhY2ggKCRjaGlsZF9pdGVtIGluICRjaGlsZF9pdGVtcykgewogICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfaXRlbS5OYW1lCiAgICAgICAgaWYgKCRjaGlsZF9pdGVtLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgJGRpZmYgKz0gKENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgIH0KICAgIH0KCiAgICByZXR1cm4gJGRpZmYKfQoKRnVuY3Rpb24gR2V0LUZpbGVTaXplKCRwYXRoKSB7CiAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRwYXRoIC1Gb3JjZQogICAgJHNpemUgPSAkbnVsbAogICAgaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAkZGlyX2ZpbGVzX3N1bSA9IEdldC1DaGlsZEl0ZW0gJGZpbGUuRnVsbE5hbWUgLVJlY3Vyc2UKICAgICAgICBpZiAoJGRpcl9maWxlc19zdW0gLWVxICRudWxsIC1vciAoJGRpcl9maWxlc19zdW0uUFNPYmplY3QuUHJvcGVydGllcy5uYW1lIC1jb250YWlucyAnbGVuZ3RoJyAtZXEgJGZhbHNlKSkgewogICAgICAgICAgICAkc2l6ZSA9IDAKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkc2l6ZSA9ICgkZGlyX2ZpbGVzX3N1bSB8IE1lYXN1cmUtT2JqZWN0IC1wcm9wZXJ0eSBsZW5ndGggLXN1bSkuU3VtCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkc2l6ZSA9ICRmaWxlLkxlbmd0aAogICAgfQoKICAgICRzaXplCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwKCRzcmMsICRkZXN0KSB7CiAgICAkYXJjaGl2ZSA9IFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZV06Ok9wZW4oJHNyYywgW1N5c3RlbS5JTy5Db21wcmVzc2lvbi5aaXBBcmNoaXZlTW9kZV06OlJlYWQsIFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjgpCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJGFyY2hpdmUuRW50cmllcykgewogICAgICAgICRhcmNoaXZlX25hbWUgPSAkZW50cnkuRnVsbE5hbWUKCiAgICAgICAgIyBGdWxsTmFtZSBtYXkgYmUgYXBwZW5kZWQgd2l0aCAvIG9yIFwsIGRldGVybWluZSBpZiBpdCBpcyBwYWRkZWQgYW5kIHJlbW92ZSBpdAogICAgICAgICRwYWRkaW5nX2xlbmd0aCA9ICRhcmNoaXZlX25hbWUuTGVuZ3RoICUgNAogICAgICAgIGlmICgkcGFkZGluZ19sZW5ndGggLWVxIDApIHsKICAgICAgICAgICAgJGlzX2RpciA9ICRmYWxzZQogICAgICAgICAgICAkYmFzZTY0X25hbWUgPSAkYXJjaGl2ZV9uYW1lCiAgICAgICAgfSBlbHNlaWYgKCRwYWRkaW5nX2xlbmd0aCAtZXEgMSkgewogICAgICAgICAgICAkaXNfZGlyID0gJHRydWUKICAgICAgICAgICAgaWYgKCRhcmNoaXZlX25hbWUuRW5kc1dpdGgoIi8iKSAtb3IgJGFyY2hpdmVfbmFtZS5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAgICAgJGJhc2U2NF9uYW1lID0gJGFyY2hpdmVfbmFtZS5TdWJzdHJpbmcoMCwgJGFyY2hpdmVfbmFtZS5MZW5ndGggLSAxKQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgdGhyb3cgImludmFsaWQgYmFzZTY0IGFyY2hpdmUgbmFtZSAnJGFyY2hpdmVfbmFtZSciCiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICB0aHJvdyAiaW52YWxpZCBiYXNlNjQgbGVuZ3RoICckYXJjaGl2ZV9uYW1lJyIKICAgICAgICB9CgogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGJhc2U2NF9uYW1lKSkKICAgICAgICAjIHJlLWFkZCB0aGUgLyB0byB0aGUgZW50cnkgZnVsbCBuYW1lIGlmIGl0IHdhcyBhIGRpcmVjdG9yeQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9ICIkZGVjb2RlZF9hcmNoaXZlX25hbWUvIgogICAgICAgIH0KICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX25hbWUpCiAgICAgICAgJGVudHJ5X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGVudHJ5X3RhcmdldF9wYXRoKQoKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRlbnRyeV9kaXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRlbnRyeV9kaXIgLUl0ZW1UeXBlIERpcmVjdG9yeSAtV2hhdElmOiRjaGVja19tb2RlIHwgT3V0LU51bGwKICAgICAgICB9CgogICAgICAgIGlmICgkaXNfZGlyIC1lcSAkZmFsc2UpIHsKICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgICAgIFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZUV4dGVuc2lvbnNdOjpFeHRyYWN0VG9GaWxlKCRlbnRyeSwgJGVudHJ5X3RhcmdldF9wYXRoLCAkdHJ1ZSkKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KICAgICRhcmNoaXZlLkRpc3Bvc2UoKSAgIyByZWxlYXNlIHRoZSBoYW5kbGUgb2YgdGhlIHppcCBmaWxlCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwTGVnYWN5KCRzcmMsICRkZXN0KSB7CiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0KSkgewogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICB9CiAgICAkc2hlbGwgPSBOZXctT2JqZWN0IC1Db21PYmplY3QgU2hlbGwuQXBwbGljYXRpb24KICAgICR6aXAgPSAkc2hlbGwuTmFtZVNwYWNlKCRzcmMpCiAgICAkZGVzdF9wYXRoID0gJHNoZWxsLk5hbWVTcGFjZSgkZGVzdCkKCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJHppcC5JdGVtcygpKSB7CiAgICAgICAgJGlzX2RpciA9ICRlbnRyeS5Jc0ZvbGRlcgogICAgICAgICRlbmNvZGVkX2FyY2hpdmVfZW50cnkgPSAkZW50cnkuTmFtZQogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRlbmNvZGVkX2FyY2hpdmVfZW50cnkpKQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSAiJGRlY29kZWRfYXJjaGl2ZV9lbnRyeS8iCiAgICAgICAgfQoKICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX2VudHJ5KQogICAgICAgICRlbnRyeV9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRlbnRyeV90YXJnZXRfcGF0aCkKCiAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkZW50cnlfZGlyKSkgewogICAgICAgICAgICBOZXctSXRlbSAtUGF0aCAkZW50cnlfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfQoKICAgICAgICBpZiAoJGlzX2RpciAtZXEgJGZhbHNlIC1hbmQgKC1ub3QgJGNoZWNrX21vZGUpKSB7CiAgICAgICAgICAgICMgaHR0cHM6Ly9tc2RuLm1pY3Jvc29mdC5jb20vZW4tdXMvbGlicmFyeS93aW5kb3dzL2Rlc2t0b3AvYmI3ODc4NjYuYXNweAogICAgICAgICAgICAjIEZyb20gRm9sZGVyLkNvcHlIZXJlIGRvY3VtZW50YXRpb24sIDEwNDQgbWVhbnM6CiAgICAgICAgICAgICMgIC0gMTAyNDogZG8gbm90IGRpc3BsYXkgYSB1c2VyIGludGVyZmFjZSBpZiBhbiBlcnJvciBvY2N1cnMKICAgICAgICAgICAgIyAgLSAgIDE2OiByZXNwb25kIHdpdGggInllcyB0byBhbGwiIGZvciBhbnkgZGlhbG9nIGJveCB0aGF0IGlzIGRpc3BsYXllZAogICAgICAgICAgICAjICAtICAgIDQ6IGRvIG5vdCBkaXNwbGF5IGEgcHJvZ3Jlc3MgZGlhbG9nIGJveAogICAgICAgICAgICAkZGVzdF9wYXRoLkNvcHlIZXJlKCRlbnRyeSwgMTA0NCkKCiAgICAgICAgICAgICMgb25jZSBmaWxlIGlzIGV4dHJhY2VkLCB3ZSBuZWVkIHRvIHJlbmFtZSBpdCB3aXRoIG5vbiBiYXNlNjQgbmFtZQogICAgICAgICAgICAkY29tYmluZWRfZW5jb2RlZF9wYXRoID0gW1N5c3RlbS5JTy5QYXRoXTo6Q29tYmluZSgkZGVzdCwgJGVuY29kZWRfYXJjaGl2ZV9lbnRyeSkKICAgICAgICAgICAgTW92ZS1JdGVtIC1QYXRoICRjb21iaW5lZF9lbmNvZGVkX3BhdGggLURlc3RpbmF0aW9uICRlbnRyeV90YXJnZXRfcGF0aCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0KfQoKaWYgKCRjb3B5X21vZGUgLWVxICJxdWVyeSIpIHsKICAgICMgd2Ugb25seSByZXR1cm4gYSBsaXN0IG9mIGZpbGVzL2RpcmVjdG9yaWVzIHRoYXQgbmVlZCB0byBiZSBjb3BpZWQgb3ZlcgogICAgIyB0aGUgc291cmNlIG9mIHRoZSBsb2NhbCBmaWxlIHdpbGwgYmUgdGhlIGtleSB1c2VkCiAgICAkY2hhbmdlZF9maWxlcyA9IEAoKQogICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgPSBAKCkKICAgICRjaGFuZ2VkX3N5bWxpbmtzID0gQCgpCgogICAgZm9yZWFjaCAoJGZpbGUgaW4gJGZpbGVzKSB7CiAgICAgICAgJGZpbGVuYW1lID0gJGZpbGUuZGVzdAogICAgICAgICRsb2NhbF9jaGVja3N1bSA9ICRmaWxlLmNoZWNrc3VtCgogICAgICAgICRmaWxlcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoICRmaWxlbmFtZQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGZpbGVwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAgICAgICAgICRjaGVja3N1bSA9IEdldC1GaWxlQ2hlY2tzdW0gLXBhdGggJGZpbGVwYXRoCiAgICAgICAgICAgICAgICBpZiAoJGNoZWNrc3VtIC1uZSAkbG9jYWxfY2hlY2tzdW0pIHsKICAgICAgICAgICAgICAgICAgICAkd2lsbF9jaGFuZ2UgPSAkdHJ1ZQogICAgICAgICAgICAgICAgICAgICRjaGFuZ2VkX2ZpbGVzICs9ICRmaWxlCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRmaWxlcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZpbGUgdG8gZGVzdCAnJGZpbGVwYXRoJzogb2JqZWN0IGF0IHBhdGggaXMgYWxyZWFkeSBhIGRpcmVjdG9yeSIKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkY2hhbmdlZF9maWxlcyArPSAkZmlsZQogICAgICAgIH0KICAgIH0KCiAgICBmb3JlYWNoICgkZGlyZWN0b3J5IGluICRkaXJlY3RvcmllcykgewogICAgICAgICRkaXJuYW1lID0gJGRpcmVjdG9yeS5kZXN0CgogICAgICAgICRkaXJwYXRoID0gSm9pbi1QYXRoIC1QYXRoICRkZXN0IC1DaGlsZFBhdGggJGRpcm5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGRpcnBhdGgpCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgdG8gZGVzdCAnJGRpcnBhdGgnOiBvYmplY3QgYXQgcGFyZW50IGRpcmVjdG9yeSBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0KICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRkaXJwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZvbGRlciB0byBkZXN0ICckZGlycGF0aCc6IG9iamVjdCBhdCBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0gZWxzZWlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGRpcnBhdGggLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAgICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgKz0gJGRpcmVjdG9yeQogICAgICAgIH0KICAgIH0KCiAgICAjIFRPRE86IEhhbmRsZSBzeW1saW5rcwoKICAgICRyZXN1bHQuZmlsZXMgPSAkY2hhbmdlZF9maWxlcwogICAgJHJlc3VsdC5kaXJlY3RvcmllcyA9ICRjaGFuZ2VkX2RpcmVjdG9yaWVzCiAgICAkcmVzdWx0LnN5bWxpbmtzID0gJGNoYW5nZWRfc3ltbGlua3MKfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJleHBsb2RlIikgewogICAgIyBhIHNpbmdsZSB6aXAgZmlsZSBjb250YWluaW5nIHRoZSBmaWxlcyBhbmQgZGlyZWN0b3JpZXMgbmVlZHMgdG8gYmUKICAgICMgZXhwYW5kZWQgdGhpcyB3aWxsIGFsd2F5cyByZXN1bHQgaW4gYSBjaGFuZ2UgYXMgdGhlIGNhbGN1bGF0aW9uIGlzIGRvbmUKICAgICMgb24gdGhlIHdpbl9jb3B5IGFjdGlvbiBwbHVnaW4gYW5kIGlzIG9ubHkgcnVuIGlmIGEgY2hhbmdlIG5lZWRzIHRvIG9jY3VyCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRzcmMgLVBhdGhUeXBlIExlYWYpKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiQ2Fubm90IGV4cGFuZCBzcmMgemlwIGZpbGU6ICckc3JjJyBhcyBpdCBkb2VzIG5vdCBleGlzdCIKICAgIH0KCiAgICAjIERldGVjdCBpZiB0aGUgUFMgemlwIGFzc2VtYmxpZXMgYXJlIGF2YWlsYWJsZSBvciB3aGV0aGVyIHRvIHVzZSBTaGVsbAogICAgJHVzZV9sZWdhY3kgPSAkZmFsc2UKICAgIHRyeSB7CiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24uRmlsZVN5c3RlbSB8IE91dC1OdWxsCiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24gfCBPdXQtTnVsbAogICAgfSBjYXRjaCB7CiAgICAgICAgJHVzZV9sZWdhY3kgPSAkdHJ1ZQogICAgfQogICAgaWYgKCR1c2VfbGVnYWN5KSB7CiAgICAgICAgRXh0cmFjdC1aaXBMZWdhY3kgLXNyYyAkc3JjIC1kZXN0ICRkZXN0CiAgICB9IGVsc2UgewogICAgICAgIEV4dHJhY3QtWmlwIC1zcmMgJHNyYyAtZGVzdCAkZGVzdAogICAgfQoKICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCn0gZWxzZWlmICgkY29weV9tb2RlIC1lcSAicmVtb3RlIikgewogICAgIyBhbGwgY29weSBhY3Rpb25zIGFyZSBoYXBwZW5pbmcgb24gdGhlIHJlbW90ZSBzaWRlICh3aW5kb3dzIGhvc3QpLCBuZWVkCiAgICAjIHRvbyBjb3B5IHNvdXJjZSBhbmQgZGVzdCB1c2luZyBQUyBjb2RlCiAgICAkcmVzdWx0LnNyYyA9ICRzcmMKICAgICRyZXN1bHQuZGVzdCA9ICRkZXN0CgogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBDb250YWluZXIpIHsKICAgICAgICAjIHdlIGFyZSBjb3B5aW5nIGEgZGlyZWN0b3J5IG9yIHRoZSBjb250ZW50cyBvZiBhIGRpcmVjdG9yeQogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZvbGRlcl9jb3B5JwogICAgICAgIGlmICgkc3JjLkVuZHNXaXRoKCIvIikgLW9yICRzcmMuRW5kc1dpdGgoImBcIikpIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIncyBjb250ZW50cyB0byBkZXN0CiAgICAgICAgICAgICRkaWZmID0gIiIKICAgICAgICAgICAgJGNoaWxkX2ZpbGVzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZQogICAgICAgICAgICBmb3JlYWNoICgkY2hpbGRfZmlsZSBpbiAkY2hpbGRfZmlsZXMpIHsKICAgICAgICAgICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfZmlsZS5OYW1lCiAgICAgICAgICAgICAgICBpZiAoJGNoaWxkX2ZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgICAgICRkaWZmICs9IENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aAogICAgICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIgYW5kIGl0J3MgY29udGVudHMgdG8gZGVzdAogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtS ScriptBlock ID: 3d0f283a-9098-4c9b-bc1b-1980f83f193f Path:	4104	1		3	2	15	0	1526	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1112	4616	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:39 PM	7f70462d-725d-0004-d566-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQ ScriptBlock ID: 3d0f283a-9098-4c9b-bc1b-1980f83f193f Path:	4104	1		3	2	15	0	1525	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1112	4616	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:39 PM	7f70462d-725d-0004-d566-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1524	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1112	4632	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:39 PM	7f70462d-725d-0004-d366-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1112 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1523	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1112	1244	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:39 PM	7f70462d-725d-0004-d366-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1522	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1112	4632	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:18:39 PM	7f70462d-725d-0004-d366-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1521	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4808	1132	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:35 PM	7f70462d-725d-0004-8266-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4808 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1520	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4808	3612	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:35 PM	7f70462d-725d-0004-8266-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1519	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4808	1132	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:35 PM	7f70462d-725d-0004-8266-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 2fafbb24-3d6a-4c96-a8fd-0d5807271035 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = af77196c-ce2a-49dc-acbf-669228846198 Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = HV-CINDER-79963\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1518	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4916	4760	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:35 PM	7f70462d-725d-0000-745a-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 66ab4626-f9a3-4cca-8bc6-be343a59f23e Path:	4104	1		3	2	15	0	1517	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4916	5056	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:35 PM	7f70462d-725d-0005-6c56-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 42f1a1f1-d8ce-4ad3-b6c6-18f1549183e0 Path:	4104	1		3	2	15	0	1516	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4916	5056	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:35 PM	7f70462d-725d-0000-4b5a-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 12e76627-e845-4ad0-bbc7-1e0eda504963 Path:	4104	1		3	2	15	0	1515	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4916	5056	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:34 PM	7f70462d-725d-0005-5b56-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): gICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "pip install -c c:\\openstack\\build\\requirements\\upper-constraints.txt -U -e c:\\openstack\\build\\cinder", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 1c6b04ff-8b7b-4125-94ec-8417520c53f2 Path:	4104	1		3	2	15	0	1514	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4916	5056	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:34 PM	7f70462d-725d-0005-5556-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): tdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQo ScriptBlock ID: 1c6b04ff-8b7b-4125-94ec-8417520c53f2 Path:	4104	1		3	2	15	0	1513	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4916	5056	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:34 PM	7f70462d-725d-0005-5556-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZV ScriptBlock ID: 1c6b04ff-8b7b-4125-94ec-8417520c53f2 Path:	4104	1		3	2	15	0	1512	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4916	5056	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:34 PM	7f70462d-725d-0005-5556-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1511	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4916	368	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:34 PM	7f70462d-725d-0003-a88f-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4916 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1510	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4916	4756	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:34 PM	7f70462d-725d-0003-a88f-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1509	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4916	368	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:34 PM	7f70462d-725d-0003-a88f-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1508	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4040	1544	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:32 PM	7f70462d-725d-0004-7266-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4040 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1507	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4040	1612	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:32 PM	7f70462d-725d-0004-7266-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1506	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4040	1544	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:32 PM	7f70462d-725d-0004-7266-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = de72a660-2ef3-483d-aca5-0648b8836603 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = cafe5132-10c6-4184-80c1-31b02a2ae5f2 Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = HV-CINDER-79963\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1505	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5104	4560	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:31 PM	7f70462d-725d-0005-4e56-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: d7703242-e7be-468a-85f4-b0eebae35378 Path:	4104	1		3	2	15	0	1504	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5104	4712	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:31 PM	7f70462d-725d-0002-a38d-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 782b0be6-65d1-4e4b-8b4f-d4b8fa579bd3 Path:	4104	1		3	2	15	0	1503	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5104	4712	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:31 PM	7f70462d-725d-0002-9c8d-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: fc18ce55-bf1f-4efe-bc3a-5e1787df0f06 Path:	4104	1		3	2	15	0	1502	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5104	4712	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:31 PM	7f70462d-725d-0002-8d8d-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (6 of 6): ad the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 373350c2-fb42-46b4-909f-49044ddb58dd Path:	4104	1		3	2	15	0	1501	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5104	4712	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:30 PM	7f70462d-725d-0004-6866-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 6): XMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "edit-constraints c:\\openstack\\build\\\\requirements\\\\upper-constraints.txt -- cinder \"-e file:///C:/openstack/build/cinder#egg=cinder\"", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # lo ScriptBlock ID: 373350c2-fb42-46b4-909f-49044ddb58dd Path:	4104	1		3	2	15	0	1500	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5104	4712	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:30 PM	7f70462d-725d-0004-6866-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 6): pZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggY ScriptBlock ID: 373350c2-fb42-46b4-909f-49044ddb58dd Path:	4104	1		3	2	15	0	1499	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5104	4712	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:30 PM	7f70462d-725d-0004-6866-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 6): sZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICB ScriptBlock ID: 373350c2-fb42-46b4-909f-49044ddb58dd Path:	4104	1		3	2	15	0	1498	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5104	4712	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:30 PM	7f70462d-725d-0004-6866-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 6): AogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2l ScriptBlock ID: 373350c2-fb42-46b4-909f-49044ddb58dd Path:	4104	1		3	2	15	0	1497	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5104	4712	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:30 PM	7f70462d-725d-0004-6866-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 6): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uL ScriptBlock ID: 373350c2-fb42-46b4-909f-49044ddb58dd Path:	4104	1		3	2	15	0	1496	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5104	4712	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:30 PM	7f70462d-725d-0004-6866-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1495	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5104	820	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:30 PM	7f70462d-725d-0004-6666-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 5104 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1494	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5104	5000	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:30 PM	7f70462d-725d-0004-6666-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1493	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5104	820	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:30 PM	7f70462d-725d-0004-6666-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1492	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2556	3572	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:29 PM	7f70462d-725d-0004-5e66-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2556 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1491	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2556	3080	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:29 PM	7f70462d-725d-0004-5e66-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1490	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2556	3572	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:29 PM	7f70462d-725d-0004-5e66-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 4f2c1925-f8ed-4316-8800-149a48c7962f Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = cbeddca8-e1f3-445a-a84d-1da115bc3768 Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = HV-CINDER-79963\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1489	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5020	4892	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:29 PM	7f70462d-725d-0004-5d66-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 7f17e57f-d343-4ae9-be95-13f1018e1019 Path:	4104	1		3	2	15	0	1488	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5020	1336	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:28 PM	7f70462d-725d-0003-778f-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 4ae01cfa-1102-47bb-b5a2-cc1c3d081fa4 Path:	4104	1		3	2	15	0	1487	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5020	1336	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:28 PM	7f70462d-725d-0003-708f-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 4e24518c-5dad-456e-981a-a0b9eb9f5da6 Path:	4104	1		3	2	15	0	1486	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5020	1336	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:28 PM	7f70462d-725d-0003-618f-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): 3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "Select-String -path c:\\openstack\\build\\cinder\\\\setup.cfg -pattern \"^name.*=.*\" | % {$_.matches.value.split(\"=\")[1].trim()}", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 494bd258-f6b0-4ae7-b5c4-b0135f8f6e01 Path:	4104	1		3	2	15	0	1485	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5020	1336	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:28 PM	7f70462d-725d-0003-5b8f-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): CBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ ScriptBlock ID: 494bd258-f6b0-4ae7-b5c4-b0135f8f6e01 Path:	4104	1		3	2	15	0	1484	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5020	1336	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:28 PM	7f70462d-725d-0003-5b8f-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlL ScriptBlock ID: 494bd258-f6b0-4ae7-b5c4-b0135f8f6e01 Path:	4104	1		3	2	15	0	1483	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5020	1336	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:28 PM	7f70462d-725d-0003-5b8f-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1482	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5020	4720	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:27 PM	7f70462d-725d-0004-4a66-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 5020 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1481	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5020	860	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:27 PM	7f70462d-725d-0004-4a66-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1480	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5020	4720	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:27 PM	7f70462d-725d-0004-4a66-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1479	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1092	2248	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:26 PM	7f70462d-725d-0003-528f-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1092 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1478	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1092	4644	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:26 PM	7f70462d-725d-0003-528f-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1477	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1092	2248	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:26 PM	7f70462d-725d-0003-528f-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1476	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1256	4392	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:26 PM	7f70462d-725d-0004-3f66-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1256 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1475	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1256	4252	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:26 PM	7f70462d-725d-0004-3f66-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1474	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1256	4392	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:26 PM	7f70462d-725d-0004-3f66-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2015, Jon Hawkesworth (@jhawkesworth) <figs@unity.demon.co.uk> # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = 'Stop' $params = Parse-Args -arguments $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false $diff_mode = Get-AnsibleParam -obj $params -name "_ansible_diff" -type "bool" -default $false # there are 4 modes to win_copy which are driven by the action plugins: # explode: src is a zip file which needs to be extracted to dest, for use with multiple files # query: win_copy action plugin wants to get the state of remote files to check whether it needs to send them # remote: all copy action is happening remotely (remote_src=True) # single: a single file has been copied, also used with template $copy_mode = Get-AnsibleParam -obj $params -name "_copy_mode" -type "str" -default "single" -validateset "explode","query","remote","single" # used in explode, remote and single mode $src = Get-AnsibleParam -obj $params -name "src" -type "path" -failifempty ($copy_mode -in @("explode","process","single")) $dest = Get-AnsibleParam -obj $params -name "dest" -type "path" -failifempty $true # used in single mode $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" # used in query and remote mode $force = Get-AnsibleParam -obj $params -name "force" -type "bool" -default $true # used in query mode, contains the local files/directories/symlinks that are to be copied $files = Get-AnsibleParam -obj $params -name "files" -type "list" $directories = Get-AnsibleParam -obj $params -name "directories" -type "list" $symlinks = Get-AnsibleParam -obj $params -name "symlinks" -type "list" $result = @{ changed = $false } if ($diff_mode) { $result.diff = @{} } Function Copy-File($source, $dest) { $diff = "" $copy_file = $false $source_checksum = $null if ($force) { $source_checksum = Get-FileChecksum -path $source } if (Test-Path -Path $dest -PathType Container) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': dest is already a folder" } elseif (Test-Path -Path $dest -PathType Leaf) { if ($force) { $target_checksum = Get-FileChecksum -path $dest if ($source_checksum -ne $target_checksum) { $copy_file = $true } } } else { $copy_file = $true } if ($copy_file) { $file_dir = [System.IO.Path]::GetDirectoryName($dest) # validate the parent dir is not a file and that it exists if (Test-Path -Path $file_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } elseif (-not (Test-Path -Path $file_dir)) { # directory doesn't exist, need to create New-Item -Path $file_dir -ItemType Directory -WhatIf:$check_mode | Out-Null $diff += "+$file_dir\`n" } if (Test-Path -Path $dest -PathType Leaf) { Remove-Item -Path $dest -Force -Recurse -WhatIf:$check_mode | Out-Null $diff += "-$dest`n" } if (-not $check_mode) { # cannot run with -WhatIf:$check_mode as if the parent dir didn't # exist and was created above would still not exist in check mode Copy-Item -Path $source -Destination $dest -Force | Out-Null } $diff += "+$dest`n" $result.changed = $true } # ugly but to save us from running the checksum twice, let's return it for # the main code to add it to $result return ,@{ diff = $diff; checksum = $source_checksum } } Function Copy-Folder($source, $dest) { $diff = "" $copy_folder = $false if (-not (Test-Path -Path $dest -PathType Container)) { $parent_dir = [System.IO.Path]::GetDirectoryName($dest) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } if (Test-Path -Path $dest -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder from '$source' to '$dest': dest is already a file" } New-Item -Path $dest -ItemType Container -WhatIf:$check_mode | Out-Null $diff += "+$dest\`n" $result.changed = $true } $child_items = Get-ChildItem -Path $source -Force foreach ($child_item in $child_items) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_item.Name if ($child_item.PSIsContainer) { $diff += (Copy-Folder -source $child_item.Fullname -dest $dest_child_path) } else { $diff += (Copy-File -source $child_item.Fullname -dest $dest_child_path).diff } } return $diff } Function Get-FileSize($path) { $file = Get-Item -Path $path -Force $size = $null if ($file.PSIsContainer) { $dir_files_sum = Get-ChildItem $file.FullName -Recurse if ($dir_files_sum -eq $null -or ($dir_files_sum.PSObject.Properties.name -contains 'length' -eq $false)) { $size = 0 } else { $size = ($dir_files_sum | Measure-Object -property length -sum).Sum } } else { $size = $file.Length } $size } Function Extract-Zip($src, $dest) { $archive = [System.IO.Compression.ZipFile]::Open($src, [System.IO.Compression.ZipArchiveMode]::Read, [System.Text.Encoding]::UTF8) foreach ($entry in $archive.Entries) { $archive_name = $entry.FullName # FullName may be appended with / or \, determine if it is padded and remove it $padding_length = $archive_name.Length % 4 if ($padding_length -eq 0) { $is_dir = $false $base64_name = $archive_name } elseif ($padding_length -eq 1) { $is_dir = $true if ($archive_name.EndsWith("/") -or $archive_name.EndsWith("`\")) { $base64_name = $archive_name.Substring(0, $archive_name.Length - 1) } else { throw "invalid base64 archive name '$archive_name'" } } else { throw "invalid base64 length '$archive_name'" } # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_name = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_name)) # re-add the / to the entry full name if it was a directory if ($is_dir) { $decoded_archive_name = "$decoded_archive_name/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_name) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false) { if (-not $check_mode) { [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $entry_target_path, $true) } } } $archive.Dispose() # release the handle of the zip file } Function Extract-ZipLegacy($src, $dest) { if (-not (Test-Path -Path $dest)) { New-Item -Path $dest -ItemType Directory -WhatIf:$check_mode | Out-Null } $shell = New-Object -ComObject Shell.Application $zip = $shell.NameSpace($src) $dest_path = $shell.NameSpace($dest) foreach ($entry in $zip.Items()) { $is_dir = $entry.IsFolder $encoded_archive_entry = $entry.Name # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_entry = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encoded_archive_entry)) if ($is_dir) { $decoded_archive_entry = "$decoded_archive_entry/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_entry) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false -and (-not $check_mode)) { # https://msdn.microsoft.com/en-us/library/windows/desktop/bb787866.aspx # From Folder.CopyHere documentation, 1044 means: # - 1024: do not display a user interface if an error occurs # - 16: respond with "yes to all" for any dialog box that is displayed # - 4: do not display a progress dialog box $dest_path.CopyHere($entry, 1044) # once file is extraced, we need to rename it with non base64 name $combined_encoded_path = [System.IO.Path]::Combine($dest, $encoded_archive_entry) Move-Item -Path $combined_encoded_path -Destination $entry_target_path -Force | Out-Null } } } if ($copy_mode -eq "query") { # we only return a list of files/directories that need to be copied over # the source of the local file will be the key used $changed_files = @() $changed_directories = @() $changed_symlinks = @() foreach ($file in $files) { $filename = $file.dest $local_checksum = $file.checksum $filepath = Join-Path -Path $dest -ChildPath $filename if (Test-Path -Path $filepath -PathType Leaf) { if ($force) { $checksum = Get-FileChecksum -path $filepath if ($checksum -ne $local_checksum) { $will_change = $true $changed_files += $file } } } elseif (Test-Path -Path $filepath -PathType Container) { Fail-Json -obj $result -message "cannot copy file to dest '$filepath': object at path is already a directory" } else { $changed_files += $file } } foreach ($directory in $directories) { $dirname = $directory.dest $dirpath = Join-Path -Path $dest -ChildPath $dirname $parent_dir = [System.IO.Path]::GetDirectoryName($dirpath) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at parent directory path is already a file" } if (Test-Path -Path $dirpath -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at path is already a file" } elseif (-not (Test-Path -Path $dirpath -PathType Container)) { $changed_directories += $directory } } # TODO: Handle symlinks $result.files = $changed_files $result.directories = $changed_directories $result.symlinks = $changed_symlinks } elseif ($copy_mode -eq "explode") { # a single zip file containing the files and directories needs to be # expanded this will always result in a change as the calculation is done # on the win_copy action plugin and is only run if a change needs to occur if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot expand src zip file: '$src' as it does not exist" } # Detect if the PS zip assemblies are available or whether to use Shell $use_legacy = $false try { Add-Type -AssemblyName System.IO.Compression.FileSystem | Out-Null Add-Type -AssemblyName System.IO.Compression | Out-Null } catch { $use_legacy = $true } if ($use_legacy) { Extract-ZipLegacy -src $src -dest $dest } else { Extract-Zip -src $src -dest $dest } $result.changed = $true } elseif ($copy_mode -eq "remote") { # all copy actions are happening on the remote side (windows host), need # too copy source and dest using PS code $result.src = $src $result.dest = $dest if (-not (Test-Path -Path $src)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } if (Test-Path -Path $src -PathType Container) { # we are copying a directory or the contents of a directory $result.operation = 'folder_copy' if ($src.EndsWith("/") -or $src.EndsWith("`\")) { # copying the folder's contents to dest $diff = "" $child_files = Get-ChildItem -Path $src -Force foreach ($child_file in $child_files) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_file.Name if ($child_file.PSIsContainer) { $diff += Copy-Folder -source $child_file.FullName -dest $dest_child_path } else { $diff += (Copy-File -source $child_file.FullName -dest $dest_child_path).diff } } } else { # copying the folder and it's contents to dest $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest $diff = Copy-Folder -source $src -dest $dest } } else { # we are just copying a single file to dest $result.operation = 'file_copy' $source_basename = (Get-Item -Path $src -Force).Name $result.original_basename = $source_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\")) { $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest } else { # check if the parent dir exists, this is only done if src is a # file and dest if the path to a file (doesn't end with \ or /) $parent_dir = Split-Path -Path $dest if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } $copy_result = Copy-File -source $src -dest $dest $diff = $copy_result.diff $result.checksum = $copy_result.checksum } # the file might not exist if running in check mode if (-not $check_mode -or (Test-Path -Path $dest -PathType Leaf)) { $result.size = Get-FileSize -path $dest } else { $result.size = $null } if ($diff_mode) { $result.diff.prepared = $diff } } elseif ($copy_mode -eq "single") { # a single file is located in src and we need to copy to dest, this will # always result in a change as the calculation is done on the Ansible side # before this is run. This should also never run in check mode if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } # the dest parameter is a directory, we need to append original_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\") -or (Test-Path -Path $dest -PathType Container)) { $remote_dest = Join-Path -Path $dest -ChildPath $original_basename $parent_dir = Split-Path -Path $remote_dest # when dest ends with /, we need to create the destination directories if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { New-Item -Path $parent_dir -ItemType Directory | Out-Null } } else { $remote_dest = $dest $parent_dir = Split-Path -Path $remote_dest # check if the dest parent dirs exist, need to fail if they don't if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } Copy-Item -Path $src -Destination $remote_dest -Force | Out-Null $result.changed = $true } Exit-Json -obj $result ScriptBlock ID: ad24d085-fac1-4a49-a532-5a930a48b272 Path:	4104	1		3	2	15	0	1473	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4180	2112	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:25 PM	7f70462d-725d-0002-4d8d-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: d9c24609-a74f-4385-870d-9df8f3ade585 Path:	4104	1		3	2	15	0	1472	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4180	2924	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:25 PM	7f70462d-725d-0002-408d-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 08dcb84b-83d5-493e-a22a-301b919d9fa7 Path:	4104	1		3	2	15	0	1471	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4180	2924	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:25 PM	7f70462d-725d-0002-318d-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 5): vertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 388db560-4e16-4d0a-ba68-ff931a68d1e7 Path:	4104	1		3	2	15	0	1470	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4180	2924	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:25 PM	7f70462d-725d-0002-2b8d-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 5): mNoZWNrc3VtCgogICAgICAgICRmaWxlcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoICRmaWxlbmFtZQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGZpbGVwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAgICAgICAgICRjaGVja3N1bSA9IEdldC1GaWxlQ2hlY2tzdW0gLXBhdGggJGZpbGVwYXRoCiAgICAgICAgICAgICAgICBpZiAoJGNoZWNrc3VtIC1uZSAkbG9jYWxfY2hlY2tzdW0pIHsKICAgICAgICAgICAgICAgICAgICAkd2lsbF9jaGFuZ2UgPSAkdHJ1ZQogICAgICAgICAgICAgICAgICAgICRjaGFuZ2VkX2ZpbGVzICs9ICRmaWxlCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRmaWxlcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZpbGUgdG8gZGVzdCAnJGZpbGVwYXRoJzogb2JqZWN0IGF0IHBhdGggaXMgYWxyZWFkeSBhIGRpcmVjdG9yeSIKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkY2hhbmdlZF9maWxlcyArPSAkZmlsZQogICAgICAgIH0KICAgIH0KCiAgICBmb3JlYWNoICgkZGlyZWN0b3J5IGluICRkaXJlY3RvcmllcykgewogICAgICAgICRkaXJuYW1lID0gJGRpcmVjdG9yeS5kZXN0CgogICAgICAgICRkaXJwYXRoID0gSm9pbi1QYXRoIC1QYXRoICRkZXN0IC1DaGlsZFBhdGggJGRpcm5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGRpcnBhdGgpCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgdG8gZGVzdCAnJGRpcnBhdGgnOiBvYmplY3QgYXQgcGFyZW50IGRpcmVjdG9yeSBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0KICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRkaXJwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZvbGRlciB0byBkZXN0ICckZGlycGF0aCc6IG9iamVjdCBhdCBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0gZWxzZWlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGRpcnBhdGggLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAgICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgKz0gJGRpcmVjdG9yeQogICAgICAgIH0KICAgIH0KCiAgICAjIFRPRE86IEhhbmRsZSBzeW1saW5rcwoKICAgICRyZXN1bHQuZmlsZXMgPSAkY2hhbmdlZF9maWxlcwogICAgJHJlc3VsdC5kaXJlY3RvcmllcyA9ICRjaGFuZ2VkX2RpcmVjdG9yaWVzCiAgICAkcmVzdWx0LnN5bWxpbmtzID0gJGNoYW5nZWRfc3ltbGlua3MKfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJleHBsb2RlIikgewogICAgIyBhIHNpbmdsZSB6aXAgZmlsZSBjb250YWluaW5nIHRoZSBmaWxlcyBhbmQgZGlyZWN0b3JpZXMgbmVlZHMgdG8gYmUKICAgICMgZXhwYW5kZWQgdGhpcyB3aWxsIGFsd2F5cyByZXN1bHQgaW4gYSBjaGFuZ2UgYXMgdGhlIGNhbGN1bGF0aW9uIGlzIGRvbmUKICAgICMgb24gdGhlIHdpbl9jb3B5IGFjdGlvbiBwbHVnaW4gYW5kIGlzIG9ubHkgcnVuIGlmIGEgY2hhbmdlIG5lZWRzIHRvIG9jY3VyCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRzcmMgLVBhdGhUeXBlIExlYWYpKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiQ2Fubm90IGV4cGFuZCBzcmMgemlwIGZpbGU6ICckc3JjJyBhcyBpdCBkb2VzIG5vdCBleGlzdCIKICAgIH0KCiAgICAjIERldGVjdCBpZiB0aGUgUFMgemlwIGFzc2VtYmxpZXMgYXJlIGF2YWlsYWJsZSBvciB3aGV0aGVyIHRvIHVzZSBTaGVsbAogICAgJHVzZV9sZWdhY3kgPSAkZmFsc2UKICAgIHRyeSB7CiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24uRmlsZVN5c3RlbSB8IE91dC1OdWxsCiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24gfCBPdXQtTnVsbAogICAgfSBjYXRjaCB7CiAgICAgICAgJHVzZV9sZWdhY3kgPSAkdHJ1ZQogICAgfQogICAgaWYgKCR1c2VfbGVnYWN5KSB7CiAgICAgICAgRXh0cmFjdC1aaXBMZWdhY3kgLXNyYyAkc3JjIC1kZXN0ICRkZXN0CiAgICB9IGVsc2UgewogICAgICAgIEV4dHJhY3QtWmlwIC1zcmMgJHNyYyAtZGVzdCAkZGVzdAogICAgfQoKICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCn0gZWxzZWlmICgkY29weV9tb2RlIC1lcSAicmVtb3RlIikgewogICAgIyBhbGwgY29weSBhY3Rpb25zIGFyZSBoYXBwZW5pbmcgb24gdGhlIHJlbW90ZSBzaWRlICh3aW5kb3dzIGhvc3QpLCBuZWVkCiAgICAjIHRvbyBjb3B5IHNvdXJjZSBhbmQgZGVzdCB1c2luZyBQUyBjb2RlCiAgICAkcmVzdWx0LnNyYyA9ICRzcmMKICAgICRyZXN1bHQuZGVzdCA9ICRkZXN0CgogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBDb250YWluZXIpIHsKICAgICAgICAjIHdlIGFyZSBjb3B5aW5nIGEgZGlyZWN0b3J5IG9yIHRoZSBjb250ZW50cyBvZiBhIGRpcmVjdG9yeQogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZvbGRlcl9jb3B5JwogICAgICAgIGlmICgkc3JjLkVuZHNXaXRoKCIvIikgLW9yICRzcmMuRW5kc1dpdGgoImBcIikpIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIncyBjb250ZW50cyB0byBkZXN0CiAgICAgICAgICAgICRkaWZmID0gIiIKICAgICAgICAgICAgJGNoaWxkX2ZpbGVzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZQogICAgICAgICAgICBmb3JlYWNoICgkY2hpbGRfZmlsZSBpbiAkY2hpbGRfZmlsZXMpIHsKICAgICAgICAgICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfZmlsZS5OYW1lCiAgICAgICAgICAgICAgICBpZiAoJGNoaWxkX2ZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgICAgICRkaWZmICs9IENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aAogICAgICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIgYW5kIGl0J3MgY29udGVudHMgdG8gZGVzdAogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgICAgICAkZGlmZiA9IENvcHktRm9sZGVyIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgIyB3ZSBhcmUganVzdCBjb3B5aW5nIGEgc2luZ2xlIGZpbGUgdG8gZGVzdAogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZpbGVfY29weScKCiAgICAgICAgJHNvdXJjZV9iYXNlbmFtZSA9IChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICRyZXN1bHQub3JpZ2luYWxfYmFzZW5hbWUgPSAkc291cmNlX2Jhc2VuYW1lCgogICAgICAgIGlmICgkZGVzdC5FbmRzV2l0aCgiLyIpIC1vciAkZGVzdC5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICMgY2hlY2sgaWYgdGhlIHBhcmVudCBkaXIgZXhpc3RzLCB0aGlzIGlzIG9ubHkgZG9uZSBpZiBzcmMgaXMgYQogICAgICAgICAgICAjIGZpbGUgYW5kIGRlc3QgaWYgdGhlIHBhdGggdG8gYSBmaWxlIChkb2Vzbid0IGVuZCB3aXRoIFwgb3IgLykKICAgICAgICAgICAgJHBhcmVudF9kaXIgPSBTcGxpdC1QYXRoIC1QYXRoICRkZXN0CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRGVzdGluYXRpb24gZGlyZWN0b3J5ICckcGFyZW50X2RpcicgZG9lcyBub3QgZXhpc3QiCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgJGNvcHlfcmVzdWx0ID0gQ29weS1GaWxlIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgICRkaWZmID0gJGNvcHlfcmVzdWx0LmRpZmYKICAgICAgICAkcmVzdWx0LmNoZWNrc3VtID0gJGNvcHlfcmVzdWx0LmNoZWNrc3VtCiAgICB9CgogICAgIyB0aGUgZmlsZSBtaWdodCBub3QgZXhpc3QgaWYgcnVubmluZyBpbiBjaGVjayBtb2RlCiAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSAtb3IgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikpIHsKICAgICAgICAkcmVzdWx0LnNpemUgPSBHZXQtRmlsZVNpemUgLXBhdGggJGRlc3QKICAgIH0gZWxzZSB7CiAgICAgICAgJHJlc3VsdC5zaXplID0gJG51bGwKICAgIH0KICAgIGlmICgkZGlmZl9tb2RlKSB7CiAgICAgICAgJHJlc3VsdC5kaWZmLnByZXBhcmVkID0gJGRpZmYKICAgIH0KfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJzaW5nbGUiKSB7CiAgICAjIGEgc2luZ2xlIGZpbGUgaXMgbG9jYXRlZCBpbiBzcmMgYW5kIHdlIG5lZWQgdG8gY29weSB0byBkZXN0LCB0aGlzIHdpbGwKICAgICMgYWx3YXlzIHJlc3VsdCBpbiBhIGNoYW5nZSBhcyB0aGUgY2FsY3VsYXRpb24gaXMgZG9uZSBvbiB0aGUgQW5zaWJsZSBzaWRlCiAgICAjIGJlZm9yZSB0aGlzIGlzIHJ1bi4gVGhpcyBzaG91bGQgYWxzbyBuZXZlciBydW4gaW4gY2hlY2sgbW9kZQogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBMZWFmKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgIyB0aGUgZGVzdCBwYXJhbWV0ZXIgaXMgYSBkaXJlY3RvcnksIHdlIG5lZWQgdG8gYXBwZW5kIG9yaWdpbmFsX2Jhc2VuYW1lCiAgICBpZiAoJGRlc3QuRW5kc1dpdGgoIi8iKSAtb3IgJGRlc3QuRW5kc1dpdGgoImBcIikgLW9yIChUZXN0LVBhdGggLVBhdGggJGRlc3QgLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAkcmVtb3RlX2Rlc3QgPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkb3JpZ2luYWxfYmFzZW5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgd2hlbiBkZXN0IGVuZHMgd2l0aCAvLCB3ZSBuZWVkIHRvIGNyZWF0ZSB0aGUgZGVzdGluYXRpb24gZGlyZWN0b3JpZXMKICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXJlbnRfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHJlbW90ZV9kZXN0ID0gJGRlc3QKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgY2hlY2sgaWYgdGhlIGRlc3QgcGFyZW50IGRpcnMgZXhpc3QsIG5lZWQgdG8gZmFpbCBpZiB0aGV5IGRvbid0CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJvYmplY3QgYXQgZGVzdGluYXRpb24gcGFyZW50IGRpciAnJHBhcmVudF9kaXInIGlzIGN1cnJlbnRseSBhIGZpbGUiCiAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJEZXN0aW5hdGlvbiBkaXJlY3RvcnkgJyRwYXJlbnRfZGlyJyBkb2VzIG5vdCBleGlzdCIKICAgICAgICB9CiAgICB9CgogICAgQ29weS1JdGVtIC1QYXRoICRzcmMgLURlc3RpbmF0aW9uICRyZW1vdGVfZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_copy_mode": "single", "_ansible_remote_tmp": "%TEMP%", "_ansible_syslog_facility": "LOG_USER", "_ansible_keep_remote_files": false, "_ansible_socket": null, "_original_basename": "pip-install-compute-hyperv.log", "_ansible_check_mode": false, "src": "C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1625573843.94-195750678436423\\source", "_ansible_no_log": false, "_ansible_module_name": "copy", "_ansible_verbosity": 2, "dest": "c:\\openstack\\log\\pip-install-compute-hyperv.log", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_tmpdir": "'C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1625573843.94-195750678436423'"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (Con ScriptBlock ID: 388db560-4e16-4d0a-ba68-ff931a68d1e7 Path:	4104	1		3	2	15	0	1469	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4180	2924	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:25 PM	7f70462d-725d-0002-2b8d-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 5): iCgojIHVzZWQgaW4gZXhwbG9kZSwgcmVtb3RlIGFuZCBzaW5nbGUgbW9kZQokc3JjID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInNyYyIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAoJGNvcHlfbW9kZSAtaW4gQCgiZXhwbG9kZSIsInByb2Nlc3MiLCJzaW5nbGUiKSkKJGRlc3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGVzdCIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAkdHJ1ZQoKIyB1c2VkIGluIHNpbmdsZSBtb2RlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCgojIHVzZWQgaW4gcXVlcnkgYW5kIHJlbW90ZSBtb2RlCiRmb3JjZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmb3JjZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCgojIHVzZWQgaW4gcXVlcnkgbW9kZSwgY29udGFpbnMgdGhlIGxvY2FsIGZpbGVzL2RpcmVjdG9yaWVzL3N5bWxpbmtzIHRoYXQgYXJlIHRvIGJlIGNvcGllZAokZmlsZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZmlsZXMiIC10eXBlICJsaXN0IgokZGlyZWN0b3JpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGlyZWN0b3JpZXMiIC10eXBlICJsaXN0Igokc3ltbGlua3MgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3ltbGlua3MiIC10eXBlICJsaXN0IgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCn0KCmlmICgkZGlmZl9tb2RlKSB7CiAgICAkcmVzdWx0LmRpZmYgPSBAe30KfQoKRnVuY3Rpb24gQ29weS1GaWxlKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9maWxlID0gJGZhbHNlCiAgICAkc291cmNlX2NoZWNrc3VtID0gJG51bGwKICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAkc291cmNlX2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkc291cmNlCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBkZXN0IGlzIGFscmVhZHkgYSBmb2xkZXIiCiAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgaWYgKCRmb3JjZSkgewogICAgICAgICAgICAkdGFyZ2V0X2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkZGVzdAogICAgICAgICAgICBpZiAoJHNvdXJjZV9jaGVja3N1bSAtbmUgJHRhcmdldF9jaGVja3N1bSkgewogICAgICAgICAgICAgICAgJGNvcHlfZmlsZSA9ICR0cnVlCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICRjb3B5X2ZpbGUgPSAkdHJ1ZQogICAgfQoKICAgIGlmICgkY29weV9maWxlKSB7CiAgICAgICAgJGZpbGVfZGlyID0gW1N5c3RlbS5JTy5QYXRoXTo6R2V0RGlyZWN0b3J5TmFtZSgkZGVzdCkKICAgICAgICAjIHZhbGlkYXRlIHRoZSBwYXJlbnQgZGlyIGlzIG5vdCBhIGZpbGUgYW5kIHRoYXQgaXQgZXhpc3RzCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZmlsZV9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRmaWxlX2RpcikpIHsKICAgICAgICAgICAgIyBkaXJlY3RvcnkgZG9lc24ndCBleGlzdCwgbmVlZCB0byBjcmVhdGUKICAgICAgICAgICAgTmV3LUl0ZW0gLVBhdGggJGZpbGVfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICIrJGZpbGVfZGlyXGBuIgogICAgICAgIH0KCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBSZW1vdmUtSXRlbSAtUGF0aCAkZGVzdCAtRm9yY2UgLVJlY3Vyc2UgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICItJGRlc3RgbiIKICAgICAgICB9CgogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICMgY2Fubm90IHJ1biB3aXRoIC1XaGF0SWY6JGNoZWNrX21vZGUgYXMgaWYgdGhlIHBhcmVudCBkaXIgZGlkbid0CiAgICAgICAgICAgICMgZXhpc3QgYW5kIHdhcyBjcmVhdGVkIGFib3ZlIHdvdWxkIHN0aWxsIG5vdCBleGlzdCBpbiBjaGVjayBtb2RlCiAgICAgICAgICAgIENvcHktSXRlbSAtUGF0aCAkc291cmNlIC1EZXN0aW5hdGlvbiAkZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgICAgICAkZGlmZiArPSAiKyRkZXN0YG4iCgogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgIyB1Z2x5IGJ1dCB0byBzYXZlIHVzIGZyb20gcnVubmluZyB0aGUgY2hlY2tzdW0gdHdpY2UsIGxldCdzIHJldHVybiBpdCBmb3IKICAgICMgdGhlIG1haW4gY29kZSB0byBhZGQgaXQgdG8gJHJlc3VsdAogICAgcmV0dXJuICxAeyBkaWZmID0gJGRpZmY7IGNoZWNrc3VtID0gJHNvdXJjZV9jaGVja3N1bSB9Cn0KCkZ1bmN0aW9uIENvcHktRm9sZGVyKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9mb2xkZXIgPSAkZmFsc2UKCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgJHBhcmVudF9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRkZXN0KQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgZnJvbSAnJHNvdXJjZScgdG8gJyRkZXN0JzogZGVzdCBpcyBhbHJlYWR5IGEgZmlsZSIKICAgICAgICB9CgogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBDb250YWluZXIgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgJGRpZmYgKz0gIiskZGVzdFxgbiIKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQoKICAgICRjaGlsZF9pdGVtcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJHNvdXJjZSAtRm9yY2UKICAgIGZvcmVhY2ggKCRjaGlsZF9pdGVtIGluICRjaGlsZF9pdGVtcykgewogICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfaXRlbS5OYW1lCiAgICAgICAgaWYgKCRjaGlsZF9pdGVtLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgJGRpZmYgKz0gKENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgIH0KICAgIH0KCiAgICByZXR1cm4gJGRpZmYKfQoKRnVuY3Rpb24gR2V0LUZpbGVTaXplKCRwYXRoKSB7CiAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRwYXRoIC1Gb3JjZQogICAgJHNpemUgPSAkbnVsbAogICAgaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAkZGlyX2ZpbGVzX3N1bSA9IEdldC1DaGlsZEl0ZW0gJGZpbGUuRnVsbE5hbWUgLVJlY3Vyc2UKICAgICAgICBpZiAoJGRpcl9maWxlc19zdW0gLWVxICRudWxsIC1vciAoJGRpcl9maWxlc19zdW0uUFNPYmplY3QuUHJvcGVydGllcy5uYW1lIC1jb250YWlucyAnbGVuZ3RoJyAtZXEgJGZhbHNlKSkgewogICAgICAgICAgICAkc2l6ZSA9IDAKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkc2l6ZSA9ICgkZGlyX2ZpbGVzX3N1bSB8IE1lYXN1cmUtT2JqZWN0IC1wcm9wZXJ0eSBsZW5ndGggLXN1bSkuU3VtCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkc2l6ZSA9ICRmaWxlLkxlbmd0aAogICAgfQoKICAgICRzaXplCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwKCRzcmMsICRkZXN0KSB7CiAgICAkYXJjaGl2ZSA9IFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZV06Ok9wZW4oJHNyYywgW1N5c3RlbS5JTy5Db21wcmVzc2lvbi5aaXBBcmNoaXZlTW9kZV06OlJlYWQsIFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjgpCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJGFyY2hpdmUuRW50cmllcykgewogICAgICAgICRhcmNoaXZlX25hbWUgPSAkZW50cnkuRnVsbE5hbWUKCiAgICAgICAgIyBGdWxsTmFtZSBtYXkgYmUgYXBwZW5kZWQgd2l0aCAvIG9yIFwsIGRldGVybWluZSBpZiBpdCBpcyBwYWRkZWQgYW5kIHJlbW92ZSBpdAogICAgICAgICRwYWRkaW5nX2xlbmd0aCA9ICRhcmNoaXZlX25hbWUuTGVuZ3RoICUgNAogICAgICAgIGlmICgkcGFkZGluZ19sZW5ndGggLWVxIDApIHsKICAgICAgICAgICAgJGlzX2RpciA9ICRmYWxzZQogICAgICAgICAgICAkYmFzZTY0X25hbWUgPSAkYXJjaGl2ZV9uYW1lCiAgICAgICAgfSBlbHNlaWYgKCRwYWRkaW5nX2xlbmd0aCAtZXEgMSkgewogICAgICAgICAgICAkaXNfZGlyID0gJHRydWUKICAgICAgICAgICAgaWYgKCRhcmNoaXZlX25hbWUuRW5kc1dpdGgoIi8iKSAtb3IgJGFyY2hpdmVfbmFtZS5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAgICAgJGJhc2U2NF9uYW1lID0gJGFyY2hpdmVfbmFtZS5TdWJzdHJpbmcoMCwgJGFyY2hpdmVfbmFtZS5MZW5ndGggLSAxKQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgdGhyb3cgImludmFsaWQgYmFzZTY0IGFyY2hpdmUgbmFtZSAnJGFyY2hpdmVfbmFtZSciCiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICB0aHJvdyAiaW52YWxpZCBiYXNlNjQgbGVuZ3RoICckYXJjaGl2ZV9uYW1lJyIKICAgICAgICB9CgogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGJhc2U2NF9uYW1lKSkKICAgICAgICAjIHJlLWFkZCB0aGUgLyB0byB0aGUgZW50cnkgZnVsbCBuYW1lIGlmIGl0IHdhcyBhIGRpcmVjdG9yeQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9ICIkZGVjb2RlZF9hcmNoaXZlX25hbWUvIgogICAgICAgIH0KICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX25hbWUpCiAgICAgICAgJGVudHJ5X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGVudHJ5X3RhcmdldF9wYXRoKQoKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRlbnRyeV9kaXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRlbnRyeV9kaXIgLUl0ZW1UeXBlIERpcmVjdG9yeSAtV2hhdElmOiRjaGVja19tb2RlIHwgT3V0LU51bGwKICAgICAgICB9CgogICAgICAgIGlmICgkaXNfZGlyIC1lcSAkZmFsc2UpIHsKICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgICAgIFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZUV4dGVuc2lvbnNdOjpFeHRyYWN0VG9GaWxlKCRlbnRyeSwgJGVudHJ5X3RhcmdldF9wYXRoLCAkdHJ1ZSkKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KICAgICRhcmNoaXZlLkRpc3Bvc2UoKSAgIyByZWxlYXNlIHRoZSBoYW5kbGUgb2YgdGhlIHppcCBmaWxlCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwTGVnYWN5KCRzcmMsICRkZXN0KSB7CiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0KSkgewogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICB9CiAgICAkc2hlbGwgPSBOZXctT2JqZWN0IC1Db21PYmplY3QgU2hlbGwuQXBwbGljYXRpb24KICAgICR6aXAgPSAkc2hlbGwuTmFtZVNwYWNlKCRzcmMpCiAgICAkZGVzdF9wYXRoID0gJHNoZWxsLk5hbWVTcGFjZSgkZGVzdCkKCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJHppcC5JdGVtcygpKSB7CiAgICAgICAgJGlzX2RpciA9ICRlbnRyeS5Jc0ZvbGRlcgogICAgICAgICRlbmNvZGVkX2FyY2hpdmVfZW50cnkgPSAkZW50cnkuTmFtZQogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRlbmNvZGVkX2FyY2hpdmVfZW50cnkpKQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSAiJGRlY29kZWRfYXJjaGl2ZV9lbnRyeS8iCiAgICAgICAgfQoKICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX2VudHJ5KQogICAgICAgICRlbnRyeV9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRlbnRyeV90YXJnZXRfcGF0aCkKCiAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkZW50cnlfZGlyKSkgewogICAgICAgICAgICBOZXctSXRlbSAtUGF0aCAkZW50cnlfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfQoKICAgICAgICBpZiAoJGlzX2RpciAtZXEgJGZhbHNlIC1hbmQgKC1ub3QgJGNoZWNrX21vZGUpKSB7CiAgICAgICAgICAgICMgaHR0cHM6Ly9tc2RuLm1pY3Jvc29mdC5jb20vZW4tdXMvbGlicmFyeS93aW5kb3dzL2Rlc2t0b3AvYmI3ODc4NjYuYXNweAogICAgICAgICAgICAjIEZyb20gRm9sZGVyLkNvcHlIZXJlIGRvY3VtZW50YXRpb24sIDEwNDQgbWVhbnM6CiAgICAgICAgICAgICMgIC0gMTAyNDogZG8gbm90IGRpc3BsYXkgYSB1c2VyIGludGVyZmFjZSBpZiBhbiBlcnJvciBvY2N1cnMKICAgICAgICAgICAgIyAgLSAgIDE2OiByZXNwb25kIHdpdGggInllcyB0byBhbGwiIGZvciBhbnkgZGlhbG9nIGJveCB0aGF0IGlzIGRpc3BsYXllZAogICAgICAgICAgICAjICAtICAgIDQ6IGRvIG5vdCBkaXNwbGF5IGEgcHJvZ3Jlc3MgZGlhbG9nIGJveAogICAgICAgICAgICAkZGVzdF9wYXRoLkNvcHlIZXJlKCRlbnRyeSwgMTA0NCkKCiAgICAgICAgICAgICMgb25jZSBmaWxlIGlzIGV4dHJhY2VkLCB3ZSBuZWVkIHRvIHJlbmFtZSBpdCB3aXRoIG5vbiBiYXNlNjQgbmFtZQogICAgICAgICAgICAkY29tYmluZWRfZW5jb2RlZF9wYXRoID0gW1N5c3RlbS5JTy5QYXRoXTo6Q29tYmluZSgkZGVzdCwgJGVuY29kZWRfYXJjaGl2ZV9lbnRyeSkKICAgICAgICAgICAgTW92ZS1JdGVtIC1QYXRoICRjb21iaW5lZF9lbmNvZGVkX3BhdGggLURlc3RpbmF0aW9uICRlbnRyeV90YXJnZXRfcGF0aCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0KfQoKaWYgKCRjb3B5X21vZGUgLWVxICJxdWVyeSIpIHsKICAgICMgd2Ugb25seSByZXR1cm4gYSBsaXN0IG9mIGZpbGVzL2RpcmVjdG9yaWVzIHRoYXQgbmVlZCB0byBiZSBjb3BpZWQgb3ZlcgogICAgIyB0aGUgc291cmNlIG9mIHRoZSBsb2NhbCBmaWxlIHdpbGwgYmUgdGhlIGtleSB1c2VkCiAgICAkY2hhbmdlZF9maWxlcyA9IEAoKQogICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgPSBAKCkKICAgICRjaGFuZ2VkX3N5bWxpbmtzID0gQCgpCgogICAgZm9yZWFjaCAoJGZpbGUgaW4gJGZpbGVzKSB7CiAgICAgICAgJGZpbGVuYW1lID0gJGZpbGUuZGVzdAogICAgICAgICRsb2NhbF9jaGVja3N1bSA9ICRmaWxlL ScriptBlock ID: 388db560-4e16-4d0a-ba68-ff931a68d1e7 Path:	4104	1		3	2	15	0	1468	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4180	2924	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:25 PM	7f70462d-725d-0002-2b8d-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 5): ouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTUsIEpvbiBIYXdrZXN3b3J0aCAoQGpoYXdrZXN3b3J0aCkgPGZpZ3NAdW5pdHkuZGVtb24uY28udWs+CiMgQ29weXJpZ2h0OiAoYykgMjAxNywgQW5zaWJsZSBQcm9qZWN0CiMgR05VIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgdjMuMCsgKHNlZSBDT1BZSU5HIG9yIGh0dHBzOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvZ3BsLTMuMC50eHQpCgojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxlZ2FjeQoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKJHBhcmFtcyA9IFBhcnNlLUFyZ3MgLWFyZ3VtZW50cyAkYXJncyAtc3VwcG9ydHNfY2hlY2tfbW9kZSAkdHJ1ZQokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtdHlwZSAiYm9vbCIgLWRlZmF1bHQgJGZhbHNlCiRkaWZmX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfZGlmZiIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQoKIyB0aGVyZSBhcmUgNCBtb2RlcyB0byB3aW5fY29weSB3aGljaCBhcmUgZHJpdmVuIGJ5IHRoZSBhY3Rpb24gcGx1Z2luczoKIyAgIGV4cGxvZGU6IHNyYyBpcyBhIHppcCBmaWxlIHdoaWNoIG5lZWRzIHRvIGJlIGV4dHJhY3RlZCB0byBkZXN0LCBmb3IgdXNlIHdpdGggbXVsdGlwbGUgZmlsZXMKIyAgIHF1ZXJ5OiB3aW5fY29weSBhY3Rpb24gcGx1Z2luIHdhbnRzIHRvIGdldCB0aGUgc3RhdGUgb2YgcmVtb3RlIGZpbGVzIHRvIGNoZWNrIHdoZXRoZXIgaXQgbmVlZHMgdG8gc2VuZCB0aGVtCiMgICByZW1vdGU6IGFsbCBjb3B5IGFjdGlvbiBpcyBoYXBwZW5pbmcgcmVtb3RlbHkgKHJlbW90ZV9zcmM9VHJ1ZSkKIyAgIHNpbmdsZTogYSBzaW5nbGUgZmlsZSBoYXMgYmVlbiBjb3BpZWQsIGFsc28gdXNlZCB3aXRoIHRlbXBsYXRlCiRjb3B5X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2NvcHlfbW9kZSIgLXR5cGUgInN0ciIgLWRlZmF1bHQgInNpbmdsZSIgLXZhbGlkYXRlc2V0ICJleHBsb2RlIiwicXVlcnkiLCJyZW1vdGUiLCJzaW5nbGU ScriptBlock ID: 388db560-4e16-4d0a-ba68-ff931a68d1e7 Path:	4104	1		3	2	15	0	1467	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4180	2924	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:25 PM	7f70462d-725d-0002-2b8d-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 5): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYm ScriptBlock ID: 388db560-4e16-4d0a-ba68-ff931a68d1e7 Path:	4104	1		3	2	15	0	1466	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4180	2924	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:25 PM	7f70462d-725d-0002-2b8d-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1465	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4180	3936	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:25 PM	7f70462d-725d-0004-3a66-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4180 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1464	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4180	1444	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:25 PM	7f70462d-725d-0004-3a66-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1463	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4180	3936	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:25 PM	7f70462d-725d-0004-3a66-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): begin { $path = 'C:\Users\Admin\AppData\Local\Temp\ansible-tmp-1625573843.94-195750678436423\source' $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 $fd = [System.IO.File]::Create($path) $sha1 = [System.Security.Cryptography.SHA1CryptoServiceProvider]::Create() $bytes = @() #initialize for empty file case } process { $bytes = [System.Convert]::FromBase64String($input) $sha1.TransformBlock($bytes, 0, $bytes.Length, $bytes, 0) | Out-Null $fd.Write($bytes, 0, $bytes.Length) } end { $sha1.TransformFinalBlock($bytes, 0, 0) | Out-Null $hash = [System.BitConverter]::ToString($sha1.Hash).Replace("-", "").ToLowerInvariant() $fd.Close() Write-Output "{""sha1"":""$hash""}" } ScriptBlock ID: da44eade-5f19-4245-b59a-10115d06bf73 Path:	4104	1		3	2	15	0	1462	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3236	5100	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:24 PM	7f70462d-725d-0000-0e5a-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1461	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3236	4364	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:24 PM	7f70462d-725d-0004-3366-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3236 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1460	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3236	4836	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:24 PM	7f70462d-725d-0004-3366-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1459	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3236	4364	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:24 PM	7f70462d-725d-0004-3366-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1458	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	840	2252	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:24 PM	7f70462d-725d-0004-2666-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 840 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1457	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	840	4292	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:24 PM	7f70462d-725d-0004-2666-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1456	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	840	2252	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:24 PM	7f70462d-725d-0004-2666-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1455	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3704	3904	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:24 PM	7f70462d-725d-0004-2566-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3704 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1454	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3704	3556	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:24 PM	7f70462d-725d-0004-2566-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1453	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3704	3904	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:24 PM	7f70462d-725d-0004-2566-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2015, Jon Hawkesworth (@jhawkesworth) <figs@unity.demon.co.uk> # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = 'Stop' $params = Parse-Args -arguments $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false $diff_mode = Get-AnsibleParam -obj $params -name "_ansible_diff" -type "bool" -default $false # there are 4 modes to win_copy which are driven by the action plugins: # explode: src is a zip file which needs to be extracted to dest, for use with multiple files # query: win_copy action plugin wants to get the state of remote files to check whether it needs to send them # remote: all copy action is happening remotely (remote_src=True) # single: a single file has been copied, also used with template $copy_mode = Get-AnsibleParam -obj $params -name "_copy_mode" -type "str" -default "single" -validateset "explode","query","remote","single" # used in explode, remote and single mode $src = Get-AnsibleParam -obj $params -name "src" -type "path" -failifempty ($copy_mode -in @("explode","process","single")) $dest = Get-AnsibleParam -obj $params -name "dest" -type "path" -failifempty $true # used in single mode $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" # used in query and remote mode $force = Get-AnsibleParam -obj $params -name "force" -type "bool" -default $true # used in query mode, contains the local files/directories/symlinks that are to be copied $files = Get-AnsibleParam -obj $params -name "files" -type "list" $directories = Get-AnsibleParam -obj $params -name "directories" -type "list" $symlinks = Get-AnsibleParam -obj $params -name "symlinks" -type "list" $result = @{ changed = $false } if ($diff_mode) { $result.diff = @{} } Function Copy-File($source, $dest) { $diff = "" $copy_file = $false $source_checksum = $null if ($force) { $source_checksum = Get-FileChecksum -path $source } if (Test-Path -Path $dest -PathType Container) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': dest is already a folder" } elseif (Test-Path -Path $dest -PathType Leaf) { if ($force) { $target_checksum = Get-FileChecksum -path $dest if ($source_checksum -ne $target_checksum) { $copy_file = $true } } } else { $copy_file = $true } if ($copy_file) { $file_dir = [System.IO.Path]::GetDirectoryName($dest) # validate the parent dir is not a file and that it exists if (Test-Path -Path $file_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } elseif (-not (Test-Path -Path $file_dir)) { # directory doesn't exist, need to create New-Item -Path $file_dir -ItemType Directory -WhatIf:$check_mode | Out-Null $diff += "+$file_dir\`n" } if (Test-Path -Path $dest -PathType Leaf) { Remove-Item -Path $dest -Force -Recurse -WhatIf:$check_mode | Out-Null $diff += "-$dest`n" } if (-not $check_mode) { # cannot run with -WhatIf:$check_mode as if the parent dir didn't # exist and was created above would still not exist in check mode Copy-Item -Path $source -Destination $dest -Force | Out-Null } $diff += "+$dest`n" $result.changed = $true } # ugly but to save us from running the checksum twice, let's return it for # the main code to add it to $result return ,@{ diff = $diff; checksum = $source_checksum } } Function Copy-Folder($source, $dest) { $diff = "" $copy_folder = $false if (-not (Test-Path -Path $dest -PathType Container)) { $parent_dir = [System.IO.Path]::GetDirectoryName($dest) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } if (Test-Path -Path $dest -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder from '$source' to '$dest': dest is already a file" } New-Item -Path $dest -ItemType Container -WhatIf:$check_mode | Out-Null $diff += "+$dest\`n" $result.changed = $true } $child_items = Get-ChildItem -Path $source -Force foreach ($child_item in $child_items) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_item.Name if ($child_item.PSIsContainer) { $diff += (Copy-Folder -source $child_item.Fullname -dest $dest_child_path) } else { $diff += (Copy-File -source $child_item.Fullname -dest $dest_child_path).diff } } return $diff } Function Get-FileSize($path) { $file = Get-Item -Path $path -Force $size = $null if ($file.PSIsContainer) { $dir_files_sum = Get-ChildItem $file.FullName -Recurse if ($dir_files_sum -eq $null -or ($dir_files_sum.PSObject.Properties.name -contains 'length' -eq $false)) { $size = 0 } else { $size = ($dir_files_sum | Measure-Object -property length -sum).Sum } } else { $size = $file.Length } $size } Function Extract-Zip($src, $dest) { $archive = [System.IO.Compression.ZipFile]::Open($src, [System.IO.Compression.ZipArchiveMode]::Read, [System.Text.Encoding]::UTF8) foreach ($entry in $archive.Entries) { $archive_name = $entry.FullName # FullName may be appended with / or \, determine if it is padded and remove it $padding_length = $archive_name.Length % 4 if ($padding_length -eq 0) { $is_dir = $false $base64_name = $archive_name } elseif ($padding_length -eq 1) { $is_dir = $true if ($archive_name.EndsWith("/") -or $archive_name.EndsWith("`\")) { $base64_name = $archive_name.Substring(0, $archive_name.Length - 1) } else { throw "invalid base64 archive name '$archive_name'" } } else { throw "invalid base64 length '$archive_name'" } # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_name = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_name)) # re-add the / to the entry full name if it was a directory if ($is_dir) { $decoded_archive_name = "$decoded_archive_name/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_name) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false) { if (-not $check_mode) { [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $entry_target_path, $true) } } } $archive.Dispose() # release the handle of the zip file } Function Extract-ZipLegacy($src, $dest) { if (-not (Test-Path -Path $dest)) { New-Item -Path $dest -ItemType Directory -WhatIf:$check_mode | Out-Null } $shell = New-Object -ComObject Shell.Application $zip = $shell.NameSpace($src) $dest_path = $shell.NameSpace($dest) foreach ($entry in $zip.Items()) { $is_dir = $entry.IsFolder $encoded_archive_entry = $entry.Name # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_entry = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encoded_archive_entry)) if ($is_dir) { $decoded_archive_entry = "$decoded_archive_entry/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_entry) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false -and (-not $check_mode)) { # https://msdn.microsoft.com/en-us/library/windows/desktop/bb787866.aspx # From Folder.CopyHere documentation, 1044 means: # - 1024: do not display a user interface if an error occurs # - 16: respond with "yes to all" for any dialog box that is displayed # - 4: do not display a progress dialog box $dest_path.CopyHere($entry, 1044) # once file is extraced, we need to rename it with non base64 name $combined_encoded_path = [System.IO.Path]::Combine($dest, $encoded_archive_entry) Move-Item -Path $combined_encoded_path -Destination $entry_target_path -Force | Out-Null } } } if ($copy_mode -eq "query") { # we only return a list of files/directories that need to be copied over # the source of the local file will be the key used $changed_files = @() $changed_directories = @() $changed_symlinks = @() foreach ($file in $files) { $filename = $file.dest $local_checksum = $file.checksum $filepath = Join-Path -Path $dest -ChildPath $filename if (Test-Path -Path $filepath -PathType Leaf) { if ($force) { $checksum = Get-FileChecksum -path $filepath if ($checksum -ne $local_checksum) { $will_change = $true $changed_files += $file } } } elseif (Test-Path -Path $filepath -PathType Container) { Fail-Json -obj $result -message "cannot copy file to dest '$filepath': object at path is already a directory" } else { $changed_files += $file } } foreach ($directory in $directories) { $dirname = $directory.dest $dirpath = Join-Path -Path $dest -ChildPath $dirname $parent_dir = [System.IO.Path]::GetDirectoryName($dirpath) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at parent directory path is already a file" } if (Test-Path -Path $dirpath -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at path is already a file" } elseif (-not (Test-Path -Path $dirpath -PathType Container)) { $changed_directories += $directory } } # TODO: Handle symlinks $result.files = $changed_files $result.directories = $changed_directories $result.symlinks = $changed_symlinks } elseif ($copy_mode -eq "explode") { # a single zip file containing the files and directories needs to be # expanded this will always result in a change as the calculation is done # on the win_copy action plugin and is only run if a change needs to occur if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot expand src zip file: '$src' as it does not exist" } # Detect if the PS zip assemblies are available or whether to use Shell $use_legacy = $false try { Add-Type -AssemblyName System.IO.Compression.FileSystem | Out-Null Add-Type -AssemblyName System.IO.Compression | Out-Null } catch { $use_legacy = $true } if ($use_legacy) { Extract-ZipLegacy -src $src -dest $dest } else { Extract-Zip -src $src -dest $dest } $result.changed = $true } elseif ($copy_mode -eq "remote") { # all copy actions are happening on the remote side (windows host), need # too copy source and dest using PS code $result.src = $src $result.dest = $dest if (-not (Test-Path -Path $src)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } if (Test-Path -Path $src -PathType Container) { # we are copying a directory or the contents of a directory $result.operation = 'folder_copy' if ($src.EndsWith("/") -or $src.EndsWith("`\")) { # copying the folder's contents to dest $diff = "" $child_files = Get-ChildItem -Path $src -Force foreach ($child_file in $child_files) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_file.Name if ($child_file.PSIsContainer) { $diff += Copy-Folder -source $child_file.FullName -dest $dest_child_path } else { $diff += (Copy-File -source $child_file.FullName -dest $dest_child_path).diff } } } else { # copying the folder and it's contents to dest $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest $diff = Copy-Folder -source $src -dest $dest } } else { # we are just copying a single file to dest $result.operation = 'file_copy' $source_basename = (Get-Item -Path $src -Force).Name $result.original_basename = $source_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\")) { $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest } else { # check if the parent dir exists, this is only done if src is a # file and dest if the path to a file (doesn't end with \ or /) $parent_dir = Split-Path -Path $dest if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } $copy_result = Copy-File -source $src -dest $dest $diff = $copy_result.diff $result.checksum = $copy_result.checksum } # the file might not exist if running in check mode if (-not $check_mode -or (Test-Path -Path $dest -PathType Leaf)) { $result.size = Get-FileSize -path $dest } else { $result.size = $null } if ($diff_mode) { $result.diff.prepared = $diff } } elseif ($copy_mode -eq "single") { # a single file is located in src and we need to copy to dest, this will # always result in a change as the calculation is done on the Ansible side # before this is run. This should also never run in check mode if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } # the dest parameter is a directory, we need to append original_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\") -or (Test-Path -Path $dest -PathType Container)) { $remote_dest = Join-Path -Path $dest -ChildPath $original_basename $parent_dir = Split-Path -Path $remote_dest # when dest ends with /, we need to create the destination directories if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { New-Item -Path $parent_dir -ItemType Directory | Out-Null } } else { $remote_dest = $dest $parent_dir = Split-Path -Path $remote_dest # check if the dest parent dirs exist, need to fail if they don't if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } Copy-Item -Path $src -Destination $remote_dest -Force | Out-Null $result.changed = $true } Exit-Json -obj $result ScriptBlock ID: 6b5e90a8-45db-4df8-b913-737c36d7578b Path:	4104	1		3	2	15	0	1452	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3648	2380	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:23 PM	7f70462d-725d-0005-ff55-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: eaa76948-ca05-4a5f-ab1d-e7e35b7ff9ed Path:	4104	1		3	2	15	0	1451	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3648	4380	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:23 PM	7f70462d-725d-0002-0f8d-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: c2ff3264-1abe-4ad8-afe8-4bca792b8b2b Path:	4104	1		3	2	15	0	1450	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3648	4380	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:23 PM	7f70462d-725d-0002-008d-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): CAgIH0KfQoKaWYgKCRjb3B5X21vZGUgLWVxICJxdWVyeSIpIHsKICAgICMgd2Ugb25seSByZXR1cm4gYSBsaXN0IG9mIGZpbGVzL2RpcmVjdG9yaWVzIHRoYXQgbmVlZCB0byBiZSBjb3BpZWQgb3ZlcgogICAgIyB0aGUgc291cmNlIG9mIHRoZSBsb2NhbCBmaWxlIHdpbGwgYmUgdGhlIGtleSB1c2VkCiAgICAkY2hhbmdlZF9maWxlcyA9IEAoKQogICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgPSBAKCkKICAgICRjaGFuZ2VkX3N5bWxpbmtzID0gQCgpCgogICAgZm9yZWFjaCAoJGZpbGUgaW4gJGZpbGVzKSB7CiAgICAgICAgJGZpbGVuYW1lID0gJGZpbGUuZGVzdAogICAgICAgICRsb2NhbF9jaGVja3N1bSA9ICRmaWxlLmNoZWNrc3VtCgogICAgICAgICRmaWxlcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoICRmaWxlbmFtZQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGZpbGVwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAgICAgICAgICRjaGVja3N1bSA9IEdldC1GaWxlQ2hlY2tzdW0gLXBhdGggJGZpbGVwYXRoCiAgICAgICAgICAgICAgICBpZiAoJGNoZWNrc3VtIC1uZSAkbG9jYWxfY2hlY2tzdW0pIHsKICAgICAgICAgICAgICAgICAgICAkd2lsbF9jaGFuZ2UgPSAkdHJ1ZQogICAgICAgICAgICAgICAgICAgICRjaGFuZ2VkX2ZpbGVzICs9ICRmaWxlCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRmaWxlcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZpbGUgdG8gZGVzdCAnJGZpbGVwYXRoJzogb2JqZWN0IGF0IHBhdGggaXMgYWxyZWFkeSBhIGRpcmVjdG9yeSIKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkY2hhbmdlZF9maWxlcyArPSAkZmlsZQogICAgICAgIH0KICAgIH0KCiAgICBmb3JlYWNoICgkZGlyZWN0b3J5IGluICRkaXJlY3RvcmllcykgewogICAgICAgICRkaXJuYW1lID0gJGRpcmVjdG9yeS5kZXN0CgogICAgICAgICRkaXJwYXRoID0gSm9pbi1QYXRoIC1QYXRoICRkZXN0IC1DaGlsZFBhdGggJGRpcm5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGRpcnBhdGgpCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgdG8gZGVzdCAnJGRpcnBhdGgnOiBvYmplY3QgYXQgcGFyZW50IGRpcmVjdG9yeSBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0KICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRkaXJwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZvbGRlciB0byBkZXN0ICckZGlycGF0aCc6IG9iamVjdCBhdCBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0gZWxzZWlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGRpcnBhdGggLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAgICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgKz0gJGRpcmVjdG9yeQogICAgICAgIH0KICAgIH0KCiAgICAjIFRPRE86IEhhbmRsZSBzeW1saW5rcwoKICAgICRyZXN1bHQuZmlsZXMgPSAkY2hhbmdlZF9maWxlcwogICAgJHJlc3VsdC5kaXJlY3RvcmllcyA9ICRjaGFuZ2VkX2RpcmVjdG9yaWVzCiAgICAkcmVzdWx0LnN5bWxpbmtzID0gJGNoYW5nZWRfc3ltbGlua3MKfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJleHBsb2RlIikgewogICAgIyBhIHNpbmdsZSB6aXAgZmlsZSBjb250YWluaW5nIHRoZSBmaWxlcyBhbmQgZGlyZWN0b3JpZXMgbmVlZHMgdG8gYmUKICAgICMgZXhwYW5kZWQgdGhpcyB3aWxsIGFsd2F5cyByZXN1bHQgaW4gYSBjaGFuZ2UgYXMgdGhlIGNhbGN1bGF0aW9uIGlzIGRvbmUKICAgICMgb24gdGhlIHdpbl9jb3B5IGFjdGlvbiBwbHVnaW4gYW5kIGlzIG9ubHkgcnVuIGlmIGEgY2hhbmdlIG5lZWRzIHRvIG9jY3VyCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRzcmMgLVBhdGhUeXBlIExlYWYpKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiQ2Fubm90IGV4cGFuZCBzcmMgemlwIGZpbGU6ICckc3JjJyBhcyBpdCBkb2VzIG5vdCBleGlzdCIKICAgIH0KCiAgICAjIERldGVjdCBpZiB0aGUgUFMgemlwIGFzc2VtYmxpZXMgYXJlIGF2YWlsYWJsZSBvciB3aGV0aGVyIHRvIHVzZSBTaGVsbAogICAgJHVzZV9sZWdhY3kgPSAkZmFsc2UKICAgIHRyeSB7CiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24uRmlsZVN5c3RlbSB8IE91dC1OdWxsCiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24gfCBPdXQtTnVsbAogICAgfSBjYXRjaCB7CiAgICAgICAgJHVzZV9sZWdhY3kgPSAkdHJ1ZQogICAgfQogICAgaWYgKCR1c2VfbGVnYWN5KSB7CiAgICAgICAgRXh0cmFjdC1aaXBMZWdhY3kgLXNyYyAkc3JjIC1kZXN0ICRkZXN0CiAgICB9IGVsc2UgewogICAgICAgIEV4dHJhY3QtWmlwIC1zcmMgJHNyYyAtZGVzdCAkZGVzdAogICAgfQoKICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCn0gZWxzZWlmICgkY29weV9tb2RlIC1lcSAicmVtb3RlIikgewogICAgIyBhbGwgY29weSBhY3Rpb25zIGFyZSBoYXBwZW5pbmcgb24gdGhlIHJlbW90ZSBzaWRlICh3aW5kb3dzIGhvc3QpLCBuZWVkCiAgICAjIHRvbyBjb3B5IHNvdXJjZSBhbmQgZGVzdCB1c2luZyBQUyBjb2RlCiAgICAkcmVzdWx0LnNyYyA9ICRzcmMKICAgICRyZXN1bHQuZGVzdCA9ICRkZXN0CgogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBDb250YWluZXIpIHsKICAgICAgICAjIHdlIGFyZSBjb3B5aW5nIGEgZGlyZWN0b3J5IG9yIHRoZSBjb250ZW50cyBvZiBhIGRpcmVjdG9yeQogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZvbGRlcl9jb3B5JwogICAgICAgIGlmICgkc3JjLkVuZHNXaXRoKCIvIikgLW9yICRzcmMuRW5kc1dpdGgoImBcIikpIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIncyBjb250ZW50cyB0byBkZXN0CiAgICAgICAgICAgICRkaWZmID0gIiIKICAgICAgICAgICAgJGNoaWxkX2ZpbGVzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZQogICAgICAgICAgICBmb3JlYWNoICgkY2hpbGRfZmlsZSBpbiAkY2hpbGRfZmlsZXMpIHsKICAgICAgICAgICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfZmlsZS5OYW1lCiAgICAgICAgICAgICAgICBpZiAoJGNoaWxkX2ZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgICAgICRkaWZmICs9IENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aAogICAgICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIgYW5kIGl0J3MgY29udGVudHMgdG8gZGVzdAogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgICAgICAkZGlmZiA9IENvcHktRm9sZGVyIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgIyB3ZSBhcmUganVzdCBjb3B5aW5nIGEgc2luZ2xlIGZpbGUgdG8gZGVzdAogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZpbGVfY29weScKCiAgICAgICAgJHNvdXJjZV9iYXNlbmFtZSA9IChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICRyZXN1bHQub3JpZ2luYWxfYmFzZW5hbWUgPSAkc291cmNlX2Jhc2VuYW1lCgogICAgICAgIGlmICgkZGVzdC5FbmRzV2l0aCgiLyIpIC1vciAkZGVzdC5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICMgY2hlY2sgaWYgdGhlIHBhcmVudCBkaXIgZXhpc3RzLCB0aGlzIGlzIG9ubHkgZG9uZSBpZiBzcmMgaXMgYQogICAgICAgICAgICAjIGZpbGUgYW5kIGRlc3QgaWYgdGhlIHBhdGggdG8gYSBmaWxlIChkb2Vzbid0IGVuZCB3aXRoIFwgb3IgLykKICAgICAgICAgICAgJHBhcmVudF9kaXIgPSBTcGxpdC1QYXRoIC1QYXRoICRkZXN0CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRGVzdGluYXRpb24gZGlyZWN0b3J5ICckcGFyZW50X2RpcicgZG9lcyBub3QgZXhpc3QiCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgJGNvcHlfcmVzdWx0ID0gQ29weS1GaWxlIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgICRkaWZmID0gJGNvcHlfcmVzdWx0LmRpZmYKICAgICAgICAkcmVzdWx0LmNoZWNrc3VtID0gJGNvcHlfcmVzdWx0LmNoZWNrc3VtCiAgICB9CgogICAgIyB0aGUgZmlsZSBtaWdodCBub3QgZXhpc3QgaWYgcnVubmluZyBpbiBjaGVjayBtb2RlCiAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSAtb3IgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikpIHsKICAgICAgICAkcmVzdWx0LnNpemUgPSBHZXQtRmlsZVNpemUgLXBhdGggJGRlc3QKICAgIH0gZWxzZSB7CiAgICAgICAgJHJlc3VsdC5zaXplID0gJG51bGwKICAgIH0KICAgIGlmICgkZGlmZl9tb2RlKSB7CiAgICAgICAgJHJlc3VsdC5kaWZmLnByZXBhcmVkID0gJGRpZmYKICAgIH0KfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJzaW5nbGUiKSB7CiAgICAjIGEgc2luZ2xlIGZpbGUgaXMgbG9jYXRlZCBpbiBzcmMgYW5kIHdlIG5lZWQgdG8gY29weSB0byBkZXN0LCB0aGlzIHdpbGwKICAgICMgYWx3YXlzIHJlc3VsdCBpbiBhIGNoYW5nZSBhcyB0aGUgY2FsY3VsYXRpb24gaXMgZG9uZSBvbiB0aGUgQW5zaWJsZSBzaWRlCiAgICAjIGJlZm9yZSB0aGlzIGlzIHJ1bi4gVGhpcyBzaG91bGQgYWxzbyBuZXZlciBydW4gaW4gY2hlY2sgbW9kZQogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBMZWFmKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgIyB0aGUgZGVzdCBwYXJhbWV0ZXIgaXMgYSBkaXJlY3RvcnksIHdlIG5lZWQgdG8gYXBwZW5kIG9yaWdpbmFsX2Jhc2VuYW1lCiAgICBpZiAoJGRlc3QuRW5kc1dpdGgoIi8iKSAtb3IgJGRlc3QuRW5kc1dpdGgoImBcIikgLW9yIChUZXN0LVBhdGggLVBhdGggJGRlc3QgLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAkcmVtb3RlX2Rlc3QgPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkb3JpZ2luYWxfYmFzZW5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgd2hlbiBkZXN0IGVuZHMgd2l0aCAvLCB3ZSBuZWVkIHRvIGNyZWF0ZSB0aGUgZGVzdGluYXRpb24gZGlyZWN0b3JpZXMKICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXJlbnRfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHJlbW90ZV9kZXN0ID0gJGRlc3QKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgY2hlY2sgaWYgdGhlIGRlc3QgcGFyZW50IGRpcnMgZXhpc3QsIG5lZWQgdG8gZmFpbCBpZiB0aGV5IGRvbid0CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJvYmplY3QgYXQgZGVzdGluYXRpb24gcGFyZW50IGRpciAnJHBhcmVudF9kaXInIGlzIGN1cnJlbnRseSBhIGZpbGUiCiAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJEZXN0aW5hdGlvbiBkaXJlY3RvcnkgJyRwYXJlbnRfZGlyJyBkb2VzIG5vdCBleGlzdCIKICAgICAgICB9CiAgICB9CgogICAgQ29weS1JdGVtIC1QYXRoICRzcmMgLURlc3RpbmF0aW9uICRyZW1vdGVfZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"symlinks": [], "files": [{"dest": "pip-install-compute-hyperv.log", "checksum": "a0f450b9ada2a5d879e09358d03118bcb8888a67", "src": "/home/jenkins-slave/.ansible/tmp/ansible-local-28147HK_CHA/tmp81oRFr"}], "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "force": true, "_ansible_no_log": false, "dest": "c:/openstack/log", "directories": [], "_ansible_remote_tmp": "%TEMP%", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_copy_mode": "query", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null, "_ansible_version": "2.7.0", "_ansible_module_name": "win_copy"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 879a23e5-4b19-4a98-9bee-5f3e9f8008b0 Path:	4104	1		3	2	15	0	1449	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3648	4380	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:23 PM	7f70462d-725d-0002-fa8c-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): WUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTUsIEpvbiBIYXdrZXN3b3J0aCAoQGpoYXdrZXN3b3J0aCkgPGZpZ3NAdW5pdHkuZGVtb24uY28udWs+CiMgQ29weXJpZ2h0OiAoYykgMjAxNywgQW5zaWJsZSBQcm9qZWN0CiMgR05VIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgdjMuMCsgKHNlZSBDT1BZSU5HIG9yIGh0dHBzOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvZ3BsLTMuMC50eHQpCgojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxlZ2FjeQoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKJHBhcmFtcyA9IFBhcnNlLUFyZ3MgLWFyZ3VtZW50cyAkYXJncyAtc3VwcG9ydHNfY2hlY2tfbW9kZSAkdHJ1ZQokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtdHlwZSAiYm9vbCIgLWRlZmF1bHQgJGZhbHNlCiRkaWZmX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfZGlmZiIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQoKIyB0aGVyZSBhcmUgNCBtb2RlcyB0byB3aW5fY29weSB3aGljaCBhcmUgZHJpdmVuIGJ5IHRoZSBhY3Rpb24gcGx1Z2luczoKIyAgIGV4cGxvZGU6IHNyYyBpcyBhIHppcCBmaWxlIHdoaWNoIG5lZWRzIHRvIGJlIGV4dHJhY3RlZCB0byBkZXN0LCBmb3IgdXNlIHdpdGggbXVsdGlwbGUgZmlsZXMKIyAgIHF1ZXJ5OiB3aW5fY29weSBhY3Rpb24gcGx1Z2luIHdhbnRzIHRvIGdldCB0aGUgc3RhdGUgb2YgcmVtb3RlIGZpbGVzIHRvIGNoZWNrIHdoZXRoZXIgaXQgbmVlZHMgdG8gc2VuZCB0aGVtCiMgICByZW1vdGU6IGFsbCBjb3B5IGFjdGlvbiBpcyBoYXBwZW5pbmcgcmVtb3RlbHkgKHJlbW90ZV9zcmM9VHJ1ZSkKIyAgIHNpbmdsZTogYSBzaW5nbGUgZmlsZSBoYXMgYmVlbiBjb3BpZWQsIGFsc28gdXNlZCB3aXRoIHRlbXBsYXRlCiRjb3B5X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2NvcHlfbW9kZSIgLXR5cGUgInN0ciIgLWRlZmF1bHQgInNpbmdsZSIgLXZhbGlkYXRlc2V0ICJleHBsb2RlIiwicXVlcnkiLCJyZW1vdGUiLCJzaW5nbGUiCgojIHVzZWQgaW4gZXhwbG9kZSwgcmVtb3RlIGFuZCBzaW5nbGUgbW9kZQokc3JjID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInNyYyIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAoJGNvcHlfbW9kZSAtaW4gQCgiZXhwbG9kZSIsInByb2Nlc3MiLCJzaW5nbGUiKSkKJGRlc3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGVzdCIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAkdHJ1ZQoKIyB1c2VkIGluIHNpbmdsZSBtb2RlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCgojIHVzZWQgaW4gcXVlcnkgYW5kIHJlbW90ZSBtb2RlCiRmb3JjZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmb3JjZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCgojIHVzZWQgaW4gcXVlcnkgbW9kZSwgY29udGFpbnMgdGhlIGxvY2FsIGZpbGVzL2RpcmVjdG9yaWVzL3N5bWxpbmtzIHRoYXQgYXJlIHRvIGJlIGNvcGllZAokZmlsZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZmlsZXMiIC10eXBlICJsaXN0IgokZGlyZWN0b3JpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGlyZWN0b3JpZXMiIC10eXBlICJsaXN0Igokc3ltbGlua3MgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3ltbGlua3MiIC10eXBlICJsaXN0IgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCn0KCmlmICgkZGlmZl9tb2RlKSB7CiAgICAkcmVzdWx0LmRpZmYgPSBAe30KfQoKRnVuY3Rpb24gQ29weS1GaWxlKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9maWxlID0gJGZhbHNlCiAgICAkc291cmNlX2NoZWNrc3VtID0gJG51bGwKICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAkc291cmNlX2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkc291cmNlCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBkZXN0IGlzIGFscmVhZHkgYSBmb2xkZXIiCiAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgaWYgKCRmb3JjZSkgewogICAgICAgICAgICAkdGFyZ2V0X2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkZGVzdAogICAgICAgICAgICBpZiAoJHNvdXJjZV9jaGVja3N1bSAtbmUgJHRhcmdldF9jaGVja3N1bSkgewogICAgICAgICAgICAgICAgJGNvcHlfZmlsZSA9ICR0cnVlCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICRjb3B5X2ZpbGUgPSAkdHJ1ZQogICAgfQoKICAgIGlmICgkY29weV9maWxlKSB7CiAgICAgICAgJGZpbGVfZGlyID0gW1N5c3RlbS5JTy5QYXRoXTo6R2V0RGlyZWN0b3J5TmFtZSgkZGVzdCkKICAgICAgICAjIHZhbGlkYXRlIHRoZSBwYXJlbnQgZGlyIGlzIG5vdCBhIGZpbGUgYW5kIHRoYXQgaXQgZXhpc3RzCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZmlsZV9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRmaWxlX2RpcikpIHsKICAgICAgICAgICAgIyBkaXJlY3RvcnkgZG9lc24ndCBleGlzdCwgbmVlZCB0byBjcmVhdGUKICAgICAgICAgICAgTmV3LUl0ZW0gLVBhdGggJGZpbGVfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICIrJGZpbGVfZGlyXGBuIgogICAgICAgIH0KCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBSZW1vdmUtSXRlbSAtUGF0aCAkZGVzdCAtRm9yY2UgLVJlY3Vyc2UgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICItJGRlc3RgbiIKICAgICAgICB9CgogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICMgY2Fubm90IHJ1biB3aXRoIC1XaGF0SWY6JGNoZWNrX21vZGUgYXMgaWYgdGhlIHBhcmVudCBkaXIgZGlkbid0CiAgICAgICAgICAgICMgZXhpc3QgYW5kIHdhcyBjcmVhdGVkIGFib3ZlIHdvdWxkIHN0aWxsIG5vdCBleGlzdCBpbiBjaGVjayBtb2RlCiAgICAgICAgICAgIENvcHktSXRlbSAtUGF0aCAkc291cmNlIC1EZXN0aW5hdGlvbiAkZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgICAgICAkZGlmZiArPSAiKyRkZXN0YG4iCgogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgIyB1Z2x5IGJ1dCB0byBzYXZlIHVzIGZyb20gcnVubmluZyB0aGUgY2hlY2tzdW0gdHdpY2UsIGxldCdzIHJldHVybiBpdCBmb3IKICAgICMgdGhlIG1haW4gY29kZSB0byBhZGQgaXQgdG8gJHJlc3VsdAogICAgcmV0dXJuICxAeyBkaWZmID0gJGRpZmY7IGNoZWNrc3VtID0gJHNvdXJjZV9jaGVja3N1bSB9Cn0KCkZ1bmN0aW9uIENvcHktRm9sZGVyKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9mb2xkZXIgPSAkZmFsc2UKCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgJHBhcmVudF9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRkZXN0KQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgZnJvbSAnJHNvdXJjZScgdG8gJyRkZXN0JzogZGVzdCBpcyBhbHJlYWR5IGEgZmlsZSIKICAgICAgICB9CgogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBDb250YWluZXIgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgJGRpZmYgKz0gIiskZGVzdFxgbiIKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQoKICAgICRjaGlsZF9pdGVtcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJHNvdXJjZSAtRm9yY2UKICAgIGZvcmVhY2ggKCRjaGlsZF9pdGVtIGluICRjaGlsZF9pdGVtcykgewogICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfaXRlbS5OYW1lCiAgICAgICAgaWYgKCRjaGlsZF9pdGVtLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgJGRpZmYgKz0gKENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgIH0KICAgIH0KCiAgICByZXR1cm4gJGRpZmYKfQoKRnVuY3Rpb24gR2V0LUZpbGVTaXplKCRwYXRoKSB7CiAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRwYXRoIC1Gb3JjZQogICAgJHNpemUgPSAkbnVsbAogICAgaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAkZGlyX2ZpbGVzX3N1bSA9IEdldC1DaGlsZEl0ZW0gJGZpbGUuRnVsbE5hbWUgLVJlY3Vyc2UKICAgICAgICBpZiAoJGRpcl9maWxlc19zdW0gLWVxICRudWxsIC1vciAoJGRpcl9maWxlc19zdW0uUFNPYmplY3QuUHJvcGVydGllcy5uYW1lIC1jb250YWlucyAnbGVuZ3RoJyAtZXEgJGZhbHNlKSkgewogICAgICAgICAgICAkc2l6ZSA9IDAKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkc2l6ZSA9ICgkZGlyX2ZpbGVzX3N1bSB8IE1lYXN1cmUtT2JqZWN0IC1wcm9wZXJ0eSBsZW5ndGggLXN1bSkuU3VtCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkc2l6ZSA9ICRmaWxlLkxlbmd0aAogICAgfQoKICAgICRzaXplCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwKCRzcmMsICRkZXN0KSB7CiAgICAkYXJjaGl2ZSA9IFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZV06Ok9wZW4oJHNyYywgW1N5c3RlbS5JTy5Db21wcmVzc2lvbi5aaXBBcmNoaXZlTW9kZV06OlJlYWQsIFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjgpCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJGFyY2hpdmUuRW50cmllcykgewogICAgICAgICRhcmNoaXZlX25hbWUgPSAkZW50cnkuRnVsbE5hbWUKCiAgICAgICAgIyBGdWxsTmFtZSBtYXkgYmUgYXBwZW5kZWQgd2l0aCAvIG9yIFwsIGRldGVybWluZSBpZiBpdCBpcyBwYWRkZWQgYW5kIHJlbW92ZSBpdAogICAgICAgICRwYWRkaW5nX2xlbmd0aCA9ICRhcmNoaXZlX25hbWUuTGVuZ3RoICUgNAogICAgICAgIGlmICgkcGFkZGluZ19sZW5ndGggLWVxIDApIHsKICAgICAgICAgICAgJGlzX2RpciA9ICRmYWxzZQogICAgICAgICAgICAkYmFzZTY0X25hbWUgPSAkYXJjaGl2ZV9uYW1lCiAgICAgICAgfSBlbHNlaWYgKCRwYWRkaW5nX2xlbmd0aCAtZXEgMSkgewogICAgICAgICAgICAkaXNfZGlyID0gJHRydWUKICAgICAgICAgICAgaWYgKCRhcmNoaXZlX25hbWUuRW5kc1dpdGgoIi8iKSAtb3IgJGFyY2hpdmVfbmFtZS5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAgICAgJGJhc2U2NF9uYW1lID0gJGFyY2hpdmVfbmFtZS5TdWJzdHJpbmcoMCwgJGFyY2hpdmVfbmFtZS5MZW5ndGggLSAxKQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgdGhyb3cgImludmFsaWQgYmFzZTY0IGFyY2hpdmUgbmFtZSAnJGFyY2hpdmVfbmFtZSciCiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICB0aHJvdyAiaW52YWxpZCBiYXNlNjQgbGVuZ3RoICckYXJjaGl2ZV9uYW1lJyIKICAgICAgICB9CgogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGJhc2U2NF9uYW1lKSkKICAgICAgICAjIHJlLWFkZCB0aGUgLyB0byB0aGUgZW50cnkgZnVsbCBuYW1lIGlmIGl0IHdhcyBhIGRpcmVjdG9yeQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9ICIkZGVjb2RlZF9hcmNoaXZlX25hbWUvIgogICAgICAgIH0KICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX25hbWUpCiAgICAgICAgJGVudHJ5X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGVudHJ5X3RhcmdldF9wYXRoKQoKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRlbnRyeV9kaXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRlbnRyeV9kaXIgLUl0ZW1UeXBlIERpcmVjdG9yeSAtV2hhdElmOiRjaGVja19tb2RlIHwgT3V0LU51bGwKICAgICAgICB9CgogICAgICAgIGlmICgkaXNfZGlyIC1lcSAkZmFsc2UpIHsKICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgICAgIFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZUV4dGVuc2lvbnNdOjpFeHRyYWN0VG9GaWxlKCRlbnRyeSwgJGVudHJ5X3RhcmdldF9wYXRoLCAkdHJ1ZSkKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KICAgICRhcmNoaXZlLkRpc3Bvc2UoKSAgIyByZWxlYXNlIHRoZSBoYW5kbGUgb2YgdGhlIHppcCBmaWxlCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwTGVnYWN5KCRzcmMsICRkZXN0KSB7CiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0KSkgewogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICB9CiAgICAkc2hlbGwgPSBOZXctT2JqZWN0IC1Db21PYmplY3QgU2hlbGwuQXBwbGljYXRpb24KICAgICR6aXAgPSAkc2hlbGwuTmFtZVNwYWNlKCRzcmMpCiAgICAkZGVzdF9wYXRoID0gJHNoZWxsLk5hbWVTcGFjZSgkZGVzdCkKCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJHppcC5JdGVtcygpKSB7CiAgICAgICAgJGlzX2RpciA9ICRlbnRyeS5Jc0ZvbGRlcgogICAgICAgICRlbmNvZGVkX2FyY2hpdmVfZW50cnkgPSAkZW50cnkuTmFtZQogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRlbmNvZGVkX2FyY2hpdmVfZW50cnkpKQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSAiJGRlY29kZWRfYXJjaGl2ZV9lbnRyeS8iCiAgICAgICAgfQoKICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX2VudHJ5KQogICAgICAgICRlbnRyeV9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRlbnRyeV90YXJnZXRfcGF0aCkKCiAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkZW50cnlfZGlyKSkgewogICAgICAgICAgICBOZXctSXRlbSAtUGF0aCAkZW50cnlfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfQoKICAgICAgICBpZiAoJGlzX2RpciAtZXEgJGZhbHNlIC1hbmQgKC1ub3QgJGNoZWNrX21vZGUpKSB7CiAgICAgICAgICAgICMgaHR0cHM6Ly9tc2RuLm1pY3Jvc29mdC5jb20vZW4tdXMvbGlicmFyeS93aW5kb3dzL2Rlc2t0b3AvYmI3ODc4NjYuYXNweAogICAgICAgICAgICAjIEZyb20gRm9sZGVyLkNvcHlIZXJlIGRvY3VtZW50YXRpb24sIDEwNDQgbWVhbnM6CiAgICAgICAgICAgICMgIC0gMTAyNDogZG8gbm90IGRpc3BsYXkgYSB1c2VyIGludGVyZmFjZSBpZiBhbiBlcnJvciBvY2N1cnMKICAgICAgICAgICAgIyAgLSAgIDE2OiByZXNwb25kIHdpdGggInllcyB0byBhbGwiIGZvciBhbnkgZGlhbG9nIGJveCB0aGF0IGlzIGRpc3BsYXllZAogICAgICAgICAgICAjICAtICAgIDQ6IGRvIG5vdCBkaXNwbGF5IGEgcHJvZ3Jlc3MgZGlhbG9nIGJveAogICAgICAgICAgICAkZGVzdF9wYXRoLkNvcHlIZXJlKCRlbnRyeSwgMTA0NCkKCiAgICAgICAgICAgICMgb25jZSBmaWxlIGlzIGV4dHJhY2VkLCB3ZSBuZWVkIHRvIHJlbmFtZSBpdCB3aXRoIG5vbiBiYXNlNjQgbmFtZQogICAgICAgICAgICAkY29tYmluZWRfZW5jb2RlZF9wYXRoID0gW1N5c3RlbS5JTy5QYXRoXTo6Q29tYmluZSgkZGVzdCwgJGVuY29kZWRfYXJjaGl2ZV9lbnRyeSkKICAgICAgICAgICAgTW92ZS1JdGVtIC1QYXRoICRjb21iaW5lZF9lbmNvZGVkX3BhdGggLURlc3RpbmF0aW9uICRlbnRyeV90YXJnZXRfcGF0aCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KI ScriptBlock ID: 879a23e5-4b19-4a98-9bee-5f3e9f8008b0 Path:	4104	1		3	2	15	0	1448	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3648	4380	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:23 PM	7f70462d-725d-0002-fa8c-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRyd ScriptBlock ID: 879a23e5-4b19-4a98-9bee-5f3e9f8008b0 Path:	4104	1		3	2	15	0	1447	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3648	4380	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:23 PM	7f70462d-725d-0002-fa8c-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1446	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3648	4352	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:23 PM	7f70462d-725d-0004-2166-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3648 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1445	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3648	4604	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:22 PM	7f70462d-725d-0004-2166-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1444	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3648	4352	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:22 PM	7f70462d-725d-0004-2166-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1443	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1452	1352	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:09 PM	7f70462d-725d-0004-e165-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1452 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1442	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1452	3944	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:09 PM	7f70462d-725d-0004-e165-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1441	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1452	1352	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:09 PM	7f70462d-725d-0004-e165-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 4c0f82b1-7781-452a-a00e-a26cec41542b Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 6578ee23-6905-474b-beb2-bb83c618fc57 Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = HV-CINDER-79963\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1440	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3828	4792	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:09 PM	7f70462d-725d-0000-d659-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 949f9f98-71bf-4e8e-9e37-0a20d235ce7b Path:	4104	1		3	2	15	0	1439	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3828	3756	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:08 PM	7f70462d-725d-0004-cd65-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: d6eb28cc-a7a4-4660-81e7-951bc5db2a9b Path:	4104	1		3	2	15	0	1438	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3828	3756	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:08 PM	7f70462d-725d-0004-c665-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: bae18863-a130-42ee-98c7-e7d82883b84a Path:	4104	1		3	2	15	0	1437	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3828	3756	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:08 PM	7f70462d-725d-0004-b765-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): XMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "pip install -c c:\\openstack\\build\\requirements\\upper-constraints.txt -U -e c:\\openstack\\build\\compute-hyperv", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 803f2ae1-a211-48e9-a20f-f3bd252bf597 Path:	4104	1		3	2	15	0	1436	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3828	3756	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:08 PM	7f70462d-725d-0001-7a51-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): CAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0d ScriptBlock ID: 803f2ae1-a211-48e9-a20f-f3bd252bf597 Path:	4104	1		3	2	15	0	1435	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3828	3756	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:08 PM	7f70462d-725d-0001-7a51-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): 0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgI ScriptBlock ID: 803f2ae1-a211-48e9-a20f-f3bd252bf597 Path:	4104	1		3	2	15	0	1434	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3828	3756	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:08 PM	7f70462d-725d-0001-7a51-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB ScriptBlock ID: 803f2ae1-a211-48e9-a20f-f3bd252bf597 Path:	4104	1		3	2	15	0	1433	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3828	3756	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:08 PM	7f70462d-725d-0001-7a51-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1432	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3828	476	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:07 PM	7f70462d-725d-0004-b165-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3828 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1431	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3828	1160	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:07 PM	7f70462d-725d-0004-b165-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1430	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3828	476	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:07 PM	7f70462d-725d-0004-b165-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1429	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4376	3424	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:05 PM	7f70462d-725d-0004-a465-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4376 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1428	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4376	944	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:05 PM	7f70462d-725d-0004-a465-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1427	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4376	3424	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:05 PM	7f70462d-725d-0004-a465-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 5feeb3f2-bb59-4ff0-aa36-f25b08a4c709 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = fff5336d-2d1d-4c9b-8b90-a28345e44cb5 Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = HV-CINDER-79963\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1426	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4804	4244	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:05 PM	7f70462d-725d-0001-6951-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 89cc98a8-0b32-48fd-97ac-3bf06cbe9ae7 Path:	4104	1		3	2	15	0	1425	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4804	1664	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:04 PM	7f70462d-725d-0000-af59-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 7f946780-c9a6-4163-88f1-9e7cc0a4bbf3 Path:	4104	1		3	2	15	0	1424	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4804	1664	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:04 PM	7f70462d-725d-0005-b755-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: af5f4b1f-0faf-457d-b30a-2e6ede9ce964 Path:	4104	1		3	2	15	0	1423	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4804	1664	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:04 PM	7f70462d-725d-0005-a855-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 5): te-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: baf34239-30bd-4f5f-9b01-9c0a015e998c Path:	4104	1		3	2	15	0	1422	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4804	1664	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:04 PM	7f70462d-725d-0005-a255-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 5): oYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "edit-constraints c:\\openstack\\build\\\\requirements\\\\upper-constraints.txt -- compute-hyperv \"-e file:///C:/openstack/build/compute-hyperv#egg=compute-hyperv\"", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Wri ScriptBlock ID: baf34239-30bd-4f5f-9b01-9c0a015e998c Path:	4104	1		3	2	15	0	1421	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4804	1664	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:04 PM	7f70462d-725d-0005-a255-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 5): yBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSB ScriptBlock ID: baf34239-30bd-4f5f-9b01-9c0a015e998c Path:	4104	1		3	2	15	0	1420	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4804	1664	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:04 PM	7f70462d-725d-0005-a255-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 5): Swgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgI ScriptBlock ID: baf34239-30bd-4f5f-9b01-9c0a015e998c Path:	4104	1		3	2	15	0	1419	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4804	1664	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:04 PM	7f70462d-725d-0005-a255-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 5): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9ye ScriptBlock ID: baf34239-30bd-4f5f-9b01-9c0a015e998c Path:	4104	1		3	2	15	0	1418	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4804	1664	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:04 PM	7f70462d-725d-0005-a255-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1417	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4804	100	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:04 PM	7f70462d-725d-0003-008f-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4804 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1416	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4804	1404	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:04 PM	7f70462d-725d-0003-008f-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1415	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4804	100	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:04 PM	7f70462d-725d-0003-008f-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1414	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4904	3260	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:02 PM	7f70462d-725d-0004-9065-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4904 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1413	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4904	2056	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:02 PM	7f70462d-725d-0004-9065-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1412	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4904	3260	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:02 PM	7f70462d-725d-0004-9065-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = b392f0b9-d34d-4161-86e4-b619c7253ced Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 5bac1a2b-7051-40fe-9c03-f8c8d0604039 Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = HV-CINDER-79963\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1411	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4968	4284	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:02 PM	7f70462d-725d-0000-a059-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: ed4d9df3-18ef-4504-b28e-30ec10ebb870 Path:	4104	1		3	2	15	0	1410	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4968	4656	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:01 PM	7f70462d-725d-0004-7c65-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: dbf310ac-51d4-4fc6-acc2-808b08de6ad5 Path:	4104	1		3	2	15	0	1409	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4968	4656	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:01 PM	7f70462d-725d-0004-7565-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: b21a1999-7633-4cf3-851f-7fc98b7fe9b5 Path:	4104	1		3	2	15	0	1408	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4968	4656	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:01 PM	7f70462d-725d-0004-6665-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): FuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "Select-String -path c:\\openstack\\build\\compute-hyperv\\\\setup.cfg -pattern \"^name.*=.*\" | % {$_.matches.value.split(\"=\")[1].trim()}", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 8e3c2adb-8a9a-4908-86ed-14974901ea11 Path:	4104	1		3	2	15	0	1407	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4968	4656	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:01 PM	7f70462d-725d-0004-6065-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IG ScriptBlock ID: 8e3c2adb-8a9a-4908-86ed-14974901ea11 Path:	4104	1		3	2	15	0	1406	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4968	4656	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:01 PM	7f70462d-725d-0004-6065-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): AgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8 ScriptBlock ID: 8e3c2adb-8a9a-4908-86ed-14974901ea11 Path:	4104	1		3	2	15	0	1405	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4968	4656	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:01 PM	7f70462d-725d-0004-6065-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKIC ScriptBlock ID: 8e3c2adb-8a9a-4908-86ed-14974901ea11 Path:	4104	1		3	2	15	0	1404	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4968	4656	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:01 PM	7f70462d-725d-0004-6065-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1403	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4968	5056	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:01 PM	7f70462d-725d-0004-5e65-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4968 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1402	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4968	4052	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:01 PM	7f70462d-725d-0004-5e65-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1401	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4968	5056	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:01 PM	7f70462d-725d-0004-5e65-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1400	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2648	2504	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:17:00 PM	7f70462d-725d-0004-5465-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2648 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1399	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2648	4100	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:16:59 PM	7f70462d-725d-0004-5465-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1398	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2648	2504	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:16:59 PM	7f70462d-725d-0004-5465-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1397	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3440	2676	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:16:59 PM	7f70462d-725d-0004-5365-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3440 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1396	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3440	2664	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:16:59 PM	7f70462d-725d-0004-5365-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1395	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3440	2676	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:16:59 PM	7f70462d-725d-0004-5365-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2015, Jon Hawkesworth (@jhawkesworth) <figs@unity.demon.co.uk> # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = 'Stop' $params = Parse-Args -arguments $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false $diff_mode = Get-AnsibleParam -obj $params -name "_ansible_diff" -type "bool" -default $false # there are 4 modes to win_copy which are driven by the action plugins: # explode: src is a zip file which needs to be extracted to dest, for use with multiple files # query: win_copy action plugin wants to get the state of remote files to check whether it needs to send them # remote: all copy action is happening remotely (remote_src=True) # single: a single file has been copied, also used with template $copy_mode = Get-AnsibleParam -obj $params -name "_copy_mode" -type "str" -default "single" -validateset "explode","query","remote","single" # used in explode, remote and single mode $src = Get-AnsibleParam -obj $params -name "src" -type "path" -failifempty ($copy_mode -in @("explode","process","single")) $dest = Get-AnsibleParam -obj $params -name "dest" -type "path" -failifempty $true # used in single mode $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" # used in query and remote mode $force = Get-AnsibleParam -obj $params -name "force" -type "bool" -default $true # used in query mode, contains the local files/directories/symlinks that are to be copied $files = Get-AnsibleParam -obj $params -name "files" -type "list" $directories = Get-AnsibleParam -obj $params -name "directories" -type "list" $symlinks = Get-AnsibleParam -obj $params -name "symlinks" -type "list" $result = @{ changed = $false } if ($diff_mode) { $result.diff = @{} } Function Copy-File($source, $dest) { $diff = "" $copy_file = $false $source_checksum = $null if ($force) { $source_checksum = Get-FileChecksum -path $source } if (Test-Path -Path $dest -PathType Container) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': dest is already a folder" } elseif (Test-Path -Path $dest -PathType Leaf) { if ($force) { $target_checksum = Get-FileChecksum -path $dest if ($source_checksum -ne $target_checksum) { $copy_file = $true } } } else { $copy_file = $true } if ($copy_file) { $file_dir = [System.IO.Path]::GetDirectoryName($dest) # validate the parent dir is not a file and that it exists if (Test-Path -Path $file_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } elseif (-not (Test-Path -Path $file_dir)) { # directory doesn't exist, need to create New-Item -Path $file_dir -ItemType Directory -WhatIf:$check_mode | Out-Null $diff += "+$file_dir\`n" } if (Test-Path -Path $dest -PathType Leaf) { Remove-Item -Path $dest -Force -Recurse -WhatIf:$check_mode | Out-Null $diff += "-$dest`n" } if (-not $check_mode) { # cannot run with -WhatIf:$check_mode as if the parent dir didn't # exist and was created above would still not exist in check mode Copy-Item -Path $source -Destination $dest -Force | Out-Null } $diff += "+$dest`n" $result.changed = $true } # ugly but to save us from running the checksum twice, let's return it for # the main code to add it to $result return ,@{ diff = $diff; checksum = $source_checksum } } Function Copy-Folder($source, $dest) { $diff = "" $copy_folder = $false if (-not (Test-Path -Path $dest -PathType Container)) { $parent_dir = [System.IO.Path]::GetDirectoryName($dest) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } if (Test-Path -Path $dest -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder from '$source' to '$dest': dest is already a file" } New-Item -Path $dest -ItemType Container -WhatIf:$check_mode | Out-Null $diff += "+$dest\`n" $result.changed = $true } $child_items = Get-ChildItem -Path $source -Force foreach ($child_item in $child_items) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_item.Name if ($child_item.PSIsContainer) { $diff += (Copy-Folder -source $child_item.Fullname -dest $dest_child_path) } else { $diff += (Copy-File -source $child_item.Fullname -dest $dest_child_path).diff } } return $diff } Function Get-FileSize($path) { $file = Get-Item -Path $path -Force $size = $null if ($file.PSIsContainer) { $dir_files_sum = Get-ChildItem $file.FullName -Recurse if ($dir_files_sum -eq $null -or ($dir_files_sum.PSObject.Properties.name -contains 'length' -eq $false)) { $size = 0 } else { $size = ($dir_files_sum | Measure-Object -property length -sum).Sum } } else { $size = $file.Length } $size } Function Extract-Zip($src, $dest) { $archive = [System.IO.Compression.ZipFile]::Open($src, [System.IO.Compression.ZipArchiveMode]::Read, [System.Text.Encoding]::UTF8) foreach ($entry in $archive.Entries) { $archive_name = $entry.FullName # FullName may be appended with / or \, determine if it is padded and remove it $padding_length = $archive_name.Length % 4 if ($padding_length -eq 0) { $is_dir = $false $base64_name = $archive_name } elseif ($padding_length -eq 1) { $is_dir = $true if ($archive_name.EndsWith("/") -or $archive_name.EndsWith("`\")) { $base64_name = $archive_name.Substring(0, $archive_name.Length - 1) } else { throw "invalid base64 archive name '$archive_name'" } } else { throw "invalid base64 length '$archive_name'" } # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_name = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_name)) # re-add the / to the entry full name if it was a directory if ($is_dir) { $decoded_archive_name = "$decoded_archive_name/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_name) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false) { if (-not $check_mode) { [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $entry_target_path, $true) } } } $archive.Dispose() # release the handle of the zip file } Function Extract-ZipLegacy($src, $dest) { if (-not (Test-Path -Path $dest)) { New-Item -Path $dest -ItemType Directory -WhatIf:$check_mode | Out-Null } $shell = New-Object -ComObject Shell.Application $zip = $shell.NameSpace($src) $dest_path = $shell.NameSpace($dest) foreach ($entry in $zip.Items()) { $is_dir = $entry.IsFolder $encoded_archive_entry = $entry.Name # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_entry = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encoded_archive_entry)) if ($is_dir) { $decoded_archive_entry = "$decoded_archive_entry/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_entry) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false -and (-not $check_mode)) { # https://msdn.microsoft.com/en-us/library/windows/desktop/bb787866.aspx # From Folder.CopyHere documentation, 1044 means: # - 1024: do not display a user interface if an error occurs # - 16: respond with "yes to all" for any dialog box that is displayed # - 4: do not display a progress dialog box $dest_path.CopyHere($entry, 1044) # once file is extraced, we need to rename it with non base64 name $combined_encoded_path = [System.IO.Path]::Combine($dest, $encoded_archive_entry) Move-Item -Path $combined_encoded_path -Destination $entry_target_path -Force | Out-Null } } } if ($copy_mode -eq "query") { # we only return a list of files/directories that need to be copied over # the source of the local file will be the key used $changed_files = @() $changed_directories = @() $changed_symlinks = @() foreach ($file in $files) { $filename = $file.dest $local_checksum = $file.checksum $filepath = Join-Path -Path $dest -ChildPath $filename if (Test-Path -Path $filepath -PathType Leaf) { if ($force) { $checksum = Get-FileChecksum -path $filepath if ($checksum -ne $local_checksum) { $will_change = $true $changed_files += $file } } } elseif (Test-Path -Path $filepath -PathType Container) { Fail-Json -obj $result -message "cannot copy file to dest '$filepath': object at path is already a directory" } else { $changed_files += $file } } foreach ($directory in $directories) { $dirname = $directory.dest $dirpath = Join-Path -Path $dest -ChildPath $dirname $parent_dir = [System.IO.Path]::GetDirectoryName($dirpath) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at parent directory path is already a file" } if (Test-Path -Path $dirpath -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at path is already a file" } elseif (-not (Test-Path -Path $dirpath -PathType Container)) { $changed_directories += $directory } } # TODO: Handle symlinks $result.files = $changed_files $result.directories = $changed_directories $result.symlinks = $changed_symlinks } elseif ($copy_mode -eq "explode") { # a single zip file containing the files and directories needs to be # expanded this will always result in a change as the calculation is done # on the win_copy action plugin and is only run if a change needs to occur if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot expand src zip file: '$src' as it does not exist" } # Detect if the PS zip assemblies are available or whether to use Shell $use_legacy = $false try { Add-Type -AssemblyName System.IO.Compression.FileSystem | Out-Null Add-Type -AssemblyName System.IO.Compression | Out-Null } catch { $use_legacy = $true } if ($use_legacy) { Extract-ZipLegacy -src $src -dest $dest } else { Extract-Zip -src $src -dest $dest } $result.changed = $true } elseif ($copy_mode -eq "remote") { # all copy actions are happening on the remote side (windows host), need # too copy source and dest using PS code $result.src = $src $result.dest = $dest if (-not (Test-Path -Path $src)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } if (Test-Path -Path $src -PathType Container) { # we are copying a directory or the contents of a directory $result.operation = 'folder_copy' if ($src.EndsWith("/") -or $src.EndsWith("`\")) { # copying the folder's contents to dest $diff = "" $child_files = Get-ChildItem -Path $src -Force foreach ($child_file in $child_files) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_file.Name if ($child_file.PSIsContainer) { $diff += Copy-Folder -source $child_file.FullName -dest $dest_child_path } else { $diff += (Copy-File -source $child_file.FullName -dest $dest_child_path).diff } } } else { # copying the folder and it's contents to dest $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest $diff = Copy-Folder -source $src -dest $dest } } else { # we are just copying a single file to dest $result.operation = 'file_copy' $source_basename = (Get-Item -Path $src -Force).Name $result.original_basename = $source_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\")) { $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest } else { # check if the parent dir exists, this is only done if src is a # file and dest if the path to a file (doesn't end with \ or /) $parent_dir = Split-Path -Path $dest if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } $copy_result = Copy-File -source $src -dest $dest $diff = $copy_result.diff $result.checksum = $copy_result.checksum } # the file might not exist if running in check mode if (-not $check_mode -or (Test-Path -Path $dest -PathType Leaf)) { $result.size = Get-FileSize -path $dest } else { $result.size = $null } if ($diff_mode) { $result.diff.prepared = $diff } } elseif ($copy_mode -eq "single") { # a single file is located in src and we need to copy to dest, this will # always result in a change as the calculation is done on the Ansible side # before this is run. This should also never run in check mode if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } # the dest parameter is a directory, we need to append original_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\") -or (Test-Path -Path $dest -PathType Container)) { $remote_dest = Join-Path -Path $dest -ChildPath $original_basename $parent_dir = Split-Path -Path $remote_dest # when dest ends with /, we need to create the destination directories if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { New-Item -Path $parent_dir -ItemType Directory | Out-Null } } else { $remote_dest = $dest $parent_dir = Split-Path -Path $remote_dest # check if the dest parent dirs exist, need to fail if they don't if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } Copy-Item -Path $src -Destination $remote_dest -Force | Out-Null $result.changed = $true } Exit-Json -obj $result ScriptBlock ID: 186995ca-0615-44a0-a0a3-b45e73d57e49 Path:	4104	1		3	2	15	0	1394	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	580	980	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:16:59 PM	7f70462d-725d-0001-1b51-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 4e57d117-88a4-4b9f-83d3-89f10cbeb905 Path:	4104	1		3	2	15	0	1393	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	580	4908	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:16:59 PM	7f70462d-725d-0001-0e51-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 25a54d09-a7e0-43a3-9e5c-22935fdf1d2c Path:	4104	1		3	2	15	0	1392	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	580	4908	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:16:59 PM	7f70462d-725d-0001-ff50-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): _ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 1bfe2d8c-b6e1-4fd4-8615-345bda77e02c Path:	4104	1		3	2	15	0	1391	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	580	4908	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:16:58 PM	7f70462d-725d-0002-8d8c-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): 0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGJhc2U2NF9uYW1lKSkKICAgICAgICAjIHJlLWFkZCB0aGUgLyB0byB0aGUgZW50cnkgZnVsbCBuYW1lIGlmIGl0IHdhcyBhIGRpcmVjdG9yeQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9ICIkZGVjb2RlZF9hcmNoaXZlX25hbWUvIgogICAgICAgIH0KICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX25hbWUpCiAgICAgICAgJGVudHJ5X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGVudHJ5X3RhcmdldF9wYXRoKQoKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRlbnRyeV9kaXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRlbnRyeV9kaXIgLUl0ZW1UeXBlIERpcmVjdG9yeSAtV2hhdElmOiRjaGVja19tb2RlIHwgT3V0LU51bGwKICAgICAgICB9CgogICAgICAgIGlmICgkaXNfZGlyIC1lcSAkZmFsc2UpIHsKICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgICAgIFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZUV4dGVuc2lvbnNdOjpFeHRyYWN0VG9GaWxlKCRlbnRyeSwgJGVudHJ5X3RhcmdldF9wYXRoLCAkdHJ1ZSkKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KICAgICRhcmNoaXZlLkRpc3Bvc2UoKSAgIyByZWxlYXNlIHRoZSBoYW5kbGUgb2YgdGhlIHppcCBmaWxlCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwTGVnYWN5KCRzcmMsICRkZXN0KSB7CiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0KSkgewogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICB9CiAgICAkc2hlbGwgPSBOZXctT2JqZWN0IC1Db21PYmplY3QgU2hlbGwuQXBwbGljYXRpb24KICAgICR6aXAgPSAkc2hlbGwuTmFtZVNwYWNlKCRzcmMpCiAgICAkZGVzdF9wYXRoID0gJHNoZWxsLk5hbWVTcGFjZSgkZGVzdCkKCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJHppcC5JdGVtcygpKSB7CiAgICAgICAgJGlzX2RpciA9ICRlbnRyeS5Jc0ZvbGRlcgogICAgICAgICRlbmNvZGVkX2FyY2hpdmVfZW50cnkgPSAkZW50cnkuTmFtZQogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRlbmNvZGVkX2FyY2hpdmVfZW50cnkpKQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSAiJGRlY29kZWRfYXJjaGl2ZV9lbnRyeS8iCiAgICAgICAgfQoKICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX2VudHJ5KQogICAgICAgICRlbnRyeV9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRlbnRyeV90YXJnZXRfcGF0aCkKCiAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkZW50cnlfZGlyKSkgewogICAgICAgICAgICBOZXctSXRlbSAtUGF0aCAkZW50cnlfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfQoKICAgICAgICBpZiAoJGlzX2RpciAtZXEgJGZhbHNlIC1hbmQgKC1ub3QgJGNoZWNrX21vZGUpKSB7CiAgICAgICAgICAgICMgaHR0cHM6Ly9tc2RuLm1pY3Jvc29mdC5jb20vZW4tdXMvbGlicmFyeS93aW5kb3dzL2Rlc2t0b3AvYmI3ODc4NjYuYXNweAogICAgICAgICAgICAjIEZyb20gRm9sZGVyLkNvcHlIZXJlIGRvY3VtZW50YXRpb24sIDEwNDQgbWVhbnM6CiAgICAgICAgICAgICMgIC0gMTAyNDogZG8gbm90IGRpc3BsYXkgYSB1c2VyIGludGVyZmFjZSBpZiBhbiBlcnJvciBvY2N1cnMKICAgICAgICAgICAgIyAgLSAgIDE2OiByZXNwb25kIHdpdGggInllcyB0byBhbGwiIGZvciBhbnkgZGlhbG9nIGJveCB0aGF0IGlzIGRpc3BsYXllZAogICAgICAgICAgICAjICAtICAgIDQ6IGRvIG5vdCBkaXNwbGF5IGEgcHJvZ3Jlc3MgZGlhbG9nIGJveAogICAgICAgICAgICAkZGVzdF9wYXRoLkNvcHlIZXJlKCRlbnRyeSwgMTA0NCkKCiAgICAgICAgICAgICMgb25jZSBmaWxlIGlzIGV4dHJhY2VkLCB3ZSBuZWVkIHRvIHJlbmFtZSBpdCB3aXRoIG5vbiBiYXNlNjQgbmFtZQogICAgICAgICAgICAkY29tYmluZWRfZW5jb2RlZF9wYXRoID0gW1N5c3RlbS5JTy5QYXRoXTo6Q29tYmluZSgkZGVzdCwgJGVuY29kZWRfYXJjaGl2ZV9lbnRyeSkKICAgICAgICAgICAgTW92ZS1JdGVtIC1QYXRoICRjb21iaW5lZF9lbmNvZGVkX3BhdGggLURlc3RpbmF0aW9uICRlbnRyeV90YXJnZXRfcGF0aCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0KfQoKaWYgKCRjb3B5X21vZGUgLWVxICJxdWVyeSIpIHsKICAgICMgd2Ugb25seSByZXR1cm4gYSBsaXN0IG9mIGZpbGVzL2RpcmVjdG9yaWVzIHRoYXQgbmVlZCB0byBiZSBjb3BpZWQgb3ZlcgogICAgIyB0aGUgc291cmNlIG9mIHRoZSBsb2NhbCBmaWxlIHdpbGwgYmUgdGhlIGtleSB1c2VkCiAgICAkY2hhbmdlZF9maWxlcyA9IEAoKQogICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgPSBAKCkKICAgICRjaGFuZ2VkX3N5bWxpbmtzID0gQCgpCgogICAgZm9yZWFjaCAoJGZpbGUgaW4gJGZpbGVzKSB7CiAgICAgICAgJGZpbGVuYW1lID0gJGZpbGUuZGVzdAogICAgICAgICRsb2NhbF9jaGVja3N1bSA9ICRmaWxlLmNoZWNrc3VtCgogICAgICAgICRmaWxlcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoICRmaWxlbmFtZQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGZpbGVwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAgICAgICAgICRjaGVja3N1bSA9IEdldC1GaWxlQ2hlY2tzdW0gLXBhdGggJGZpbGVwYXRoCiAgICAgICAgICAgICAgICBpZiAoJGNoZWNrc3VtIC1uZSAkbG9jYWxfY2hlY2tzdW0pIHsKICAgICAgICAgICAgICAgICAgICAkd2lsbF9jaGFuZ2UgPSAkdHJ1ZQogICAgICAgICAgICAgICAgICAgICRjaGFuZ2VkX2ZpbGVzICs9ICRmaWxlCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRmaWxlcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZpbGUgdG8gZGVzdCAnJGZpbGVwYXRoJzogb2JqZWN0IGF0IHBhdGggaXMgYWxyZWFkeSBhIGRpcmVjdG9yeSIKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkY2hhbmdlZF9maWxlcyArPSAkZmlsZQogICAgICAgIH0KICAgIH0KCiAgICBmb3JlYWNoICgkZGlyZWN0b3J5IGluICRkaXJlY3RvcmllcykgewogICAgICAgICRkaXJuYW1lID0gJGRpcmVjdG9yeS5kZXN0CgogICAgICAgICRkaXJwYXRoID0gSm9pbi1QYXRoIC1QYXRoICRkZXN0IC1DaGlsZFBhdGggJGRpcm5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGRpcnBhdGgpCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgdG8gZGVzdCAnJGRpcnBhdGgnOiBvYmplY3QgYXQgcGFyZW50IGRpcmVjdG9yeSBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0KICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRkaXJwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZvbGRlciB0byBkZXN0ICckZGlycGF0aCc6IG9iamVjdCBhdCBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0gZWxzZWlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGRpcnBhdGggLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAgICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgKz0gJGRpcmVjdG9yeQogICAgICAgIH0KICAgIH0KCiAgICAjIFRPRE86IEhhbmRsZSBzeW1saW5rcwoKICAgICRyZXN1bHQuZmlsZXMgPSAkY2hhbmdlZF9maWxlcwogICAgJHJlc3VsdC5kaXJlY3RvcmllcyA9ICRjaGFuZ2VkX2RpcmVjdG9yaWVzCiAgICAkcmVzdWx0LnN5bWxpbmtzID0gJGNoYW5nZWRfc3ltbGlua3MKfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJleHBsb2RlIikgewogICAgIyBhIHNpbmdsZSB6aXAgZmlsZSBjb250YWluaW5nIHRoZSBmaWxlcyBhbmQgZGlyZWN0b3JpZXMgbmVlZHMgdG8gYmUKICAgICMgZXhwYW5kZWQgdGhpcyB3aWxsIGFsd2F5cyByZXN1bHQgaW4gYSBjaGFuZ2UgYXMgdGhlIGNhbGN1bGF0aW9uIGlzIGRvbmUKICAgICMgb24gdGhlIHdpbl9jb3B5IGFjdGlvbiBwbHVnaW4gYW5kIGlzIG9ubHkgcnVuIGlmIGEgY2hhbmdlIG5lZWRzIHRvIG9jY3VyCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRzcmMgLVBhdGhUeXBlIExlYWYpKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiQ2Fubm90IGV4cGFuZCBzcmMgemlwIGZpbGU6ICckc3JjJyBhcyBpdCBkb2VzIG5vdCBleGlzdCIKICAgIH0KCiAgICAjIERldGVjdCBpZiB0aGUgUFMgemlwIGFzc2VtYmxpZXMgYXJlIGF2YWlsYWJsZSBvciB3aGV0aGVyIHRvIHVzZSBTaGVsbAogICAgJHVzZV9sZWdhY3kgPSAkZmFsc2UKICAgIHRyeSB7CiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24uRmlsZVN5c3RlbSB8IE91dC1OdWxsCiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24gfCBPdXQtTnVsbAogICAgfSBjYXRjaCB7CiAgICAgICAgJHVzZV9sZWdhY3kgPSAkdHJ1ZQogICAgfQogICAgaWYgKCR1c2VfbGVnYWN5KSB7CiAgICAgICAgRXh0cmFjdC1aaXBMZWdhY3kgLXNyYyAkc3JjIC1kZXN0ICRkZXN0CiAgICB9IGVsc2UgewogICAgICAgIEV4dHJhY3QtWmlwIC1zcmMgJHNyYyAtZGVzdCAkZGVzdAogICAgfQoKICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCn0gZWxzZWlmICgkY29weV9tb2RlIC1lcSAicmVtb3RlIikgewogICAgIyBhbGwgY29weSBhY3Rpb25zIGFyZSBoYXBwZW5pbmcgb24gdGhlIHJlbW90ZSBzaWRlICh3aW5kb3dzIGhvc3QpLCBuZWVkCiAgICAjIHRvbyBjb3B5IHNvdXJjZSBhbmQgZGVzdCB1c2luZyBQUyBjb2RlCiAgICAkcmVzdWx0LnNyYyA9ICRzcmMKICAgICRyZXN1bHQuZGVzdCA9ICRkZXN0CgogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBDb250YWluZXIpIHsKICAgICAgICAjIHdlIGFyZSBjb3B5aW5nIGEgZGlyZWN0b3J5IG9yIHRoZSBjb250ZW50cyBvZiBhIGRpcmVjdG9yeQogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZvbGRlcl9jb3B5JwogICAgICAgIGlmICgkc3JjLkVuZHNXaXRoKCIvIikgLW9yICRzcmMuRW5kc1dpdGgoImBcIikpIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIncyBjb250ZW50cyB0byBkZXN0CiAgICAgICAgICAgICRkaWZmID0gIiIKICAgICAgICAgICAgJGNoaWxkX2ZpbGVzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZQogICAgICAgICAgICBmb3JlYWNoICgkY2hpbGRfZmlsZSBpbiAkY2hpbGRfZmlsZXMpIHsKICAgICAgICAgICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfZmlsZS5OYW1lCiAgICAgICAgICAgICAgICBpZiAoJGNoaWxkX2ZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgICAgICRkaWZmICs9IENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aAogICAgICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIgYW5kIGl0J3MgY29udGVudHMgdG8gZGVzdAogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgICAgICAkZGlmZiA9IENvcHktRm9sZGVyIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgIyB3ZSBhcmUganVzdCBjb3B5aW5nIGEgc2luZ2xlIGZpbGUgdG8gZGVzdAogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZpbGVfY29weScKCiAgICAgICAgJHNvdXJjZV9iYXNlbmFtZSA9IChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICRyZXN1bHQub3JpZ2luYWxfYmFzZW5hbWUgPSAkc291cmNlX2Jhc2VuYW1lCgogICAgICAgIGlmICgkZGVzdC5FbmRzV2l0aCgiLyIpIC1vciAkZGVzdC5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICMgY2hlY2sgaWYgdGhlIHBhcmVudCBkaXIgZXhpc3RzLCB0aGlzIGlzIG9ubHkgZG9uZSBpZiBzcmMgaXMgYQogICAgICAgICAgICAjIGZpbGUgYW5kIGRlc3QgaWYgdGhlIHBhdGggdG8gYSBmaWxlIChkb2Vzbid0IGVuZCB3aXRoIFwgb3IgLykKICAgICAgICAgICAgJHBhcmVudF9kaXIgPSBTcGxpdC1QYXRoIC1QYXRoICRkZXN0CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRGVzdGluYXRpb24gZGlyZWN0b3J5ICckcGFyZW50X2RpcicgZG9lcyBub3QgZXhpc3QiCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgJGNvcHlfcmVzdWx0ID0gQ29weS1GaWxlIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgICRkaWZmID0gJGNvcHlfcmVzdWx0LmRpZmYKICAgICAgICAkcmVzdWx0LmNoZWNrc3VtID0gJGNvcHlfcmVzdWx0LmNoZWNrc3VtCiAgICB9CgogICAgIyB0aGUgZmlsZSBtaWdodCBub3QgZXhpc3QgaWYgcnVubmluZyBpbiBjaGVjayBtb2RlCiAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSAtb3IgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikpIHsKICAgICAgICAkcmVzdWx0LnNpemUgPSBHZXQtRmlsZVNpemUgLXBhdGggJGRlc3QKICAgIH0gZWxzZSB7CiAgICAgICAgJHJlc3VsdC5zaXplID0gJG51bGwKICAgIH0KICAgIGlmICgkZGlmZl9tb2RlKSB7CiAgICAgICAgJHJlc3VsdC5kaWZmLnByZXBhcmVkID0gJGRpZmYKICAgIH0KfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJzaW5nbGUiKSB7CiAgICAjIGEgc2luZ2xlIGZpbGUgaXMgbG9jYXRlZCBpbiBzcmMgYW5kIHdlIG5lZWQgdG8gY29weSB0byBkZXN0LCB0aGlzIHdpbGwKICAgICMgYWx3YXlzIHJlc3VsdCBpbiBhIGNoYW5nZSBhcyB0aGUgY2FsY3VsYXRpb24gaXMgZG9uZSBvbiB0aGUgQW5zaWJsZSBzaWRlCiAgICAjIGJlZm9yZSB0aGlzIGlzIHJ1bi4gVGhpcyBzaG91bGQgYWxzbyBuZXZlciBydW4gaW4gY2hlY2sgbW9kZQogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBMZWFmKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgIyB0aGUgZGVzdCBwYXJhbWV0ZXIgaXMgYSBkaXJlY3RvcnksIHdlIG5lZWQgdG8gYXBwZW5kIG9yaWdpbmFsX2Jhc2VuYW1lCiAgICBpZiAoJGRlc3QuRW5kc1dpdGgoIi8iKSAtb3IgJGRlc3QuRW5kc1dpdGgoImBcIikgLW9yIChUZXN0LVBhdGggLVBhdGggJGRlc3QgLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAkcmVtb3RlX2Rlc3QgPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkb3JpZ2luYWxfYmFzZW5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgd2hlbiBkZXN0IGVuZHMgd2l0aCAvLCB3ZSBuZWVkIHRvIGNyZWF0ZSB0aGUgZGVzdGluYXRpb24gZGlyZWN0b3JpZXMKICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXJlbnRfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHJlbW90ZV9kZXN0ID0gJGRlc3QKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgY2hlY2sgaWYgdGhlIGRlc3QgcGFyZW50IGRpcnMgZXhpc3QsIG5lZWQgdG8gZmFpbCBpZiB0aGV5IGRvbid0CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJvYmplY3QgYXQgZGVzdGluYXRpb24gcGFyZW50IGRpciAnJHBhcmVudF9kaXInIGlzIGN1cnJlbnRseSBhIGZpbGUiCiAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJEZXN0aW5hdGlvbiBkaXJlY3RvcnkgJyRwYXJlbnRfZGlyJyBkb2VzIG5vdCBleGlzdCIKICAgICAgICB9CiAgICB9CgogICAgQ29weS1JdGVtIC1QYXRoICRzcmMgLURlc3RpbmF0aW9uICRyZW1vdGVfZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_copy_mode": "single", "_ansible_remote_tmp": "%TEMP%", "_ansible_syslog_facility": "LOG_USER", "_ansible_keep_remote_files": false, "_ansible_socket": null, "_original_basename": "pip-install-neutron.log", "_ansible_check_mode": false, "src": "C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1625573817.4-274514082719972\\source", "_ansible_no_log": false, "_ansible_module_name": "copy", "_ansible_verbosity": 2, "dest": "c:\\openstack\\log\\pip-install-neutron.log", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_tmpdir": "'C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1625573817.4-274514082719972'"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual ScriptBlock ID: 1bfe2d8c-b6e1-4fd4-8615-345bda77e02c Path:	4104	1		3	2	15	0	1390	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	580	4908	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:16:58 PM	7f70462d-725d-0002-8d8c-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): BbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTUsIEpvbiBIYXdrZXN3b3J0aCAoQGpoYXdrZXN3b3J0aCkgPGZpZ3NAdW5pdHkuZGVtb24uY28udWs+CiMgQ29weXJpZ2h0OiAoYykgMjAxNywgQW5zaWJsZSBQcm9qZWN0CiMgR05VIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgdjMuMCsgKHNlZSBDT1BZSU5HIG9yIGh0dHBzOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvZ3BsLTMuMC50eHQpCgojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxlZ2FjeQoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKJHBhcmFtcyA9IFBhcnNlLUFyZ3MgLWFyZ3VtZW50cyAkYXJncyAtc3VwcG9ydHNfY2hlY2tfbW9kZSAkdHJ1ZQokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtdHlwZSAiYm9vbCIgLWRlZmF1bHQgJGZhbHNlCiRkaWZmX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfZGlmZiIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQoKIyB0aGVyZSBhcmUgNCBtb2RlcyB0byB3aW5fY29weSB3aGljaCBhcmUgZHJpdmVuIGJ5IHRoZSBhY3Rpb24gcGx1Z2luczoKIyAgIGV4cGxvZGU6IHNyYyBpcyBhIHppcCBmaWxlIHdoaWNoIG5lZWRzIHRvIGJlIGV4dHJhY3RlZCB0byBkZXN0LCBmb3IgdXNlIHdpdGggbXVsdGlwbGUgZmlsZXMKIyAgIHF1ZXJ5OiB3aW5fY29weSBhY3Rpb24gcGx1Z2luIHdhbnRzIHRvIGdldCB0aGUgc3RhdGUgb2YgcmVtb3RlIGZpbGVzIHRvIGNoZWNrIHdoZXRoZXIgaXQgbmVlZHMgdG8gc2VuZCB0aGVtCiMgICByZW1vdGU6IGFsbCBjb3B5IGFjdGlvbiBpcyBoYXBwZW5pbmcgcmVtb3RlbHkgKHJlbW90ZV9zcmM9VHJ1ZSkKIyAgIHNpbmdsZTogYSBzaW5nbGUgZmlsZSBoYXMgYmVlbiBjb3BpZWQsIGFsc28gdXNlZCB3aXRoIHRlbXBsYXRlCiRjb3B5X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2NvcHlfbW9kZSIgLXR5cGUgInN0ciIgLWRlZmF1bHQgInNpbmdsZSIgLXZhbGlkYXRlc2V0ICJleHBsb2RlIiwicXVlcnkiLCJyZW1vdGUiLCJzaW5nbGUiCgojIHVzZWQgaW4gZXhwbG9kZSwgcmVtb3RlIGFuZCBzaW5nbGUgbW9kZQokc3JjID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInNyYyIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAoJGNvcHlfbW9kZSAtaW4gQCgiZXhwbG9kZSIsInByb2Nlc3MiLCJzaW5nbGUiKSkKJGRlc3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGVzdCIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAkdHJ1ZQoKIyB1c2VkIGluIHNpbmdsZSBtb2RlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCgojIHVzZWQgaW4gcXVlcnkgYW5kIHJlbW90ZSBtb2RlCiRmb3JjZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmb3JjZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCgojIHVzZWQgaW4gcXVlcnkgbW9kZSwgY29udGFpbnMgdGhlIGxvY2FsIGZpbGVzL2RpcmVjdG9yaWVzL3N5bWxpbmtzIHRoYXQgYXJlIHRvIGJlIGNvcGllZAokZmlsZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZmlsZXMiIC10eXBlICJsaXN0IgokZGlyZWN0b3JpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGlyZWN0b3JpZXMiIC10eXBlICJsaXN0Igokc3ltbGlua3MgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3ltbGlua3MiIC10eXBlICJsaXN0IgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCn0KCmlmICgkZGlmZl9tb2RlKSB7CiAgICAkcmVzdWx0LmRpZmYgPSBAe30KfQoKRnVuY3Rpb24gQ29weS1GaWxlKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9maWxlID0gJGZhbHNlCiAgICAkc291cmNlX2NoZWNrc3VtID0gJG51bGwKICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAkc291cmNlX2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkc291cmNlCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBkZXN0IGlzIGFscmVhZHkgYSBmb2xkZXIiCiAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgaWYgKCRmb3JjZSkgewogICAgICAgICAgICAkdGFyZ2V0X2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkZGVzdAogICAgICAgICAgICBpZiAoJHNvdXJjZV9jaGVja3N1bSAtbmUgJHRhcmdldF9jaGVja3N1bSkgewogICAgICAgICAgICAgICAgJGNvcHlfZmlsZSA9ICR0cnVlCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICRjb3B5X2ZpbGUgPSAkdHJ1ZQogICAgfQoKICAgIGlmICgkY29weV9maWxlKSB7CiAgICAgICAgJGZpbGVfZGlyID0gW1N5c3RlbS5JTy5QYXRoXTo6R2V0RGlyZWN0b3J5TmFtZSgkZGVzdCkKICAgICAgICAjIHZhbGlkYXRlIHRoZSBwYXJlbnQgZGlyIGlzIG5vdCBhIGZpbGUgYW5kIHRoYXQgaXQgZXhpc3RzCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZmlsZV9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRmaWxlX2RpcikpIHsKICAgICAgICAgICAgIyBkaXJlY3RvcnkgZG9lc24ndCBleGlzdCwgbmVlZCB0byBjcmVhdGUKICAgICAgICAgICAgTmV3LUl0ZW0gLVBhdGggJGZpbGVfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICIrJGZpbGVfZGlyXGBuIgogICAgICAgIH0KCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBSZW1vdmUtSXRlbSAtUGF0aCAkZGVzdCAtRm9yY2UgLVJlY3Vyc2UgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICItJGRlc3RgbiIKICAgICAgICB9CgogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICMgY2Fubm90IHJ1biB3aXRoIC1XaGF0SWY6JGNoZWNrX21vZGUgYXMgaWYgdGhlIHBhcmVudCBkaXIgZGlkbid0CiAgICAgICAgICAgICMgZXhpc3QgYW5kIHdhcyBjcmVhdGVkIGFib3ZlIHdvdWxkIHN0aWxsIG5vdCBleGlzdCBpbiBjaGVjayBtb2RlCiAgICAgICAgICAgIENvcHktSXRlbSAtUGF0aCAkc291cmNlIC1EZXN0aW5hdGlvbiAkZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgICAgICAkZGlmZiArPSAiKyRkZXN0YG4iCgogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgIyB1Z2x5IGJ1dCB0byBzYXZlIHVzIGZyb20gcnVubmluZyB0aGUgY2hlY2tzdW0gdHdpY2UsIGxldCdzIHJldHVybiBpdCBmb3IKICAgICMgdGhlIG1haW4gY29kZSB0byBhZGQgaXQgdG8gJHJlc3VsdAogICAgcmV0dXJuICxAeyBkaWZmID0gJGRpZmY7IGNoZWNrc3VtID0gJHNvdXJjZV9jaGVja3N1bSB9Cn0KCkZ1bmN0aW9uIENvcHktRm9sZGVyKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9mb2xkZXIgPSAkZmFsc2UKCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgJHBhcmVudF9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRkZXN0KQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgZnJvbSAnJHNvdXJjZScgdG8gJyRkZXN0JzogZGVzdCBpcyBhbHJlYWR5IGEgZmlsZSIKICAgICAgICB9CgogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBDb250YWluZXIgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgJGRpZmYgKz0gIiskZGVzdFxgbiIKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQoKICAgICRjaGlsZF9pdGVtcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJHNvdXJjZSAtRm9yY2UKICAgIGZvcmVhY2ggKCRjaGlsZF9pdGVtIGluICRjaGlsZF9pdGVtcykgewogICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfaXRlbS5OYW1lCiAgICAgICAgaWYgKCRjaGlsZF9pdGVtLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgJGRpZmYgKz0gKENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgIH0KICAgIH0KCiAgICByZXR1cm4gJGRpZmYKfQoKRnVuY3Rpb24gR2V0LUZpbGVTaXplKCRwYXRoKSB7CiAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRwYXRoIC1Gb3JjZQogICAgJHNpemUgPSAkbnVsbAogICAgaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAkZGlyX2ZpbGVzX3N1bSA9IEdldC1DaGlsZEl0ZW0gJGZpbGUuRnVsbE5hbWUgLVJlY3Vyc2UKICAgICAgICBpZiAoJGRpcl9maWxlc19zdW0gLWVxICRudWxsIC1vciAoJGRpcl9maWxlc19zdW0uUFNPYmplY3QuUHJvcGVydGllcy5uYW1lIC1jb250YWlucyAnbGVuZ3RoJyAtZXEgJGZhbHNlKSkgewogICAgICAgICAgICAkc2l6ZSA9IDAKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkc2l6ZSA9ICgkZGlyX2ZpbGVzX3N1bSB8IE1lYXN1cmUtT2JqZWN0IC1wcm9wZXJ0eSBsZW5ndGggLXN1bSkuU3VtCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkc2l6ZSA9ICRmaWxlLkxlbmd0aAogICAgfQoKICAgICRzaXplCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwKCRzcmMsICRkZXN0KSB7CiAgICAkYXJjaGl2ZSA9IFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZV06Ok9wZW4oJHNyYywgW1N5c3RlbS5JTy5Db21wcmVzc2lvbi5aaXBBcmNoaXZlTW9kZV06OlJlYWQsIFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjgpCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJGFyY2hpdmUuRW50cmllcykgewogICAgICAgICRhcmNoaXZlX25hbWUgPSAkZW50cnkuRnVsbE5hbWUKCiAgICAgICAgIyBGdWxsTmFtZSBtYXkgYmUgYXBwZW5kZWQgd2l0aCAvIG9yIFwsIGRldGVybWluZSBpZiBpdCBpcyBwYWRkZWQgYW5kIHJlbW92ZSBpdAogICAgICAgICRwYWRkaW5nX2xlbmd0aCA9ICRhcmNoaXZlX25hbWUuTGVuZ3RoICUgNAogICAgICAgIGlmICgkcGFkZGluZ19sZW5ndGggLWVxIDApIHsKICAgICAgICAgICAgJGlzX2RpciA9ICRmYWxzZQogICAgICAgICAgICAkYmFzZTY0X25hbWUgPSAkYXJjaGl2ZV9uYW1lCiAgICAgICAgfSBlbHNlaWYgKCRwYWRkaW5nX2xlbmd0aCAtZXEgMSkgewogICAgICAgICAgICAkaXNfZGlyID0gJHRydWUKICAgICAgICAgICAgaWYgKCRhcmNoaXZlX25hbWUuRW5kc1dpdGgoIi8iKSAtb3IgJGFyY2hpdmVfbmFtZS5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAgICAgJGJhc2U2NF9uYW1lID0gJGFyY2hpdmVfbmFtZS5TdWJzdHJpbmcoMCwgJGFyY2hpdmVfbmFtZS5MZW5ndGggLSAxKQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgdGhyb3cgImludmFsaWQgYmFzZTY0IGFyY2hpdmUgbmFtZSAnJGFyY2hpdmVfbmFtZSciCiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICB0aHJvdyAiaW52YWxpZCBiYXNlNjQgbGVuZ3RoICckYXJjaGl2ZV9uYW1lJyIKICAgICAgICB9CgogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN ScriptBlock ID: 1bfe2d8c-b6e1-4fd4-8615-345bda77e02c Path:	4104	1		3	2	15	0	1389	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	580	4908	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:16:58 PM	7f70462d-725d-0002-8d8c-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcy ScriptBlock ID: 1bfe2d8c-b6e1-4fd4-8615-345bda77e02c Path:	4104	1		3	2	15	0	1388	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	580	4908	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:16:58 PM	7f70462d-725d-0002-8d8c-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1387	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	580	4892	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:16:58 PM	7f70462d-725d-0004-4f65-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 580 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1386	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	580	4372	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:16:58 PM	7f70462d-725d-0004-4f65-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1385	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	580	4892	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:16:58 PM	7f70462d-725d-0004-4f65-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): begin { $path = 'C:\Users\Admin\AppData\Local\Temp\ansible-tmp-1625573817.4-274514082719972\source' $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 $fd = [System.IO.File]::Create($path) $sha1 = [System.Security.Cryptography.SHA1CryptoServiceProvider]::Create() $bytes = @() #initialize for empty file case } process { $bytes = [System.Convert]::FromBase64String($input) $sha1.TransformBlock($bytes, 0, $bytes.Length, $bytes, 0) | Out-Null $fd.Write($bytes, 0, $bytes.Length) } end { $sha1.TransformFinalBlock($bytes, 0, 0) | Out-Null $hash = [System.BitConverter]::ToString($sha1.Hash).Replace("-", "").ToLowerInvariant() $fd.Close() Write-Output "{""sha1"":""$hash""}" } ScriptBlock ID: 3b507613-bded-40b7-a278-9865be39db79 Path:	4104	1		3	2	15	0	1384	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2480	1376	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:16:58 PM	7f70462d-725d-0005-8055-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1383	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2480	3252	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:16:58 PM	7f70462d-725d-0003-e48e-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2480 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1382	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2480	316	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:16:58 PM	7f70462d-725d-0003-e48e-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1381	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2480	3252	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:16:58 PM	7f70462d-725d-0003-e48e-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1380	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4172	4824	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:16:57 PM	7f70462d-725d-0004-4b65-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4172 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1379	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4172	1696	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:16:57 PM	7f70462d-725d-0004-4b65-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1378	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4172	4824	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:16:57 PM	7f70462d-725d-0004-4b65-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1377	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4660	4152	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:16:57 PM	7f70462d-725d-0004-4a65-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4660 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1376	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4660	3448	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:16:57 PM	7f70462d-725d-0004-4a65-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1375	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4660	4152	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:16:57 PM	7f70462d-725d-0004-4a65-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2015, Jon Hawkesworth (@jhawkesworth) <figs@unity.demon.co.uk> # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = 'Stop' $params = Parse-Args -arguments $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false $diff_mode = Get-AnsibleParam -obj $params -name "_ansible_diff" -type "bool" -default $false # there are 4 modes to win_copy which are driven by the action plugins: # explode: src is a zip file which needs to be extracted to dest, for use with multiple files # query: win_copy action plugin wants to get the state of remote files to check whether it needs to send them # remote: all copy action is happening remotely (remote_src=True) # single: a single file has been copied, also used with template $copy_mode = Get-AnsibleParam -obj $params -name "_copy_mode" -type "str" -default "single" -validateset "explode","query","remote","single" # used in explode, remote and single mode $src = Get-AnsibleParam -obj $params -name "src" -type "path" -failifempty ($copy_mode -in @("explode","process","single")) $dest = Get-AnsibleParam -obj $params -name "dest" -type "path" -failifempty $true # used in single mode $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" # used in query and remote mode $force = Get-AnsibleParam -obj $params -name "force" -type "bool" -default $true # used in query mode, contains the local files/directories/symlinks that are to be copied $files = Get-AnsibleParam -obj $params -name "files" -type "list" $directories = Get-AnsibleParam -obj $params -name "directories" -type "list" $symlinks = Get-AnsibleParam -obj $params -name "symlinks" -type "list" $result = @{ changed = $false } if ($diff_mode) { $result.diff = @{} } Function Copy-File($source, $dest) { $diff = "" $copy_file = $false $source_checksum = $null if ($force) { $source_checksum = Get-FileChecksum -path $source } if (Test-Path -Path $dest -PathType Container) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': dest is already a folder" } elseif (Test-Path -Path $dest -PathType Leaf) { if ($force) { $target_checksum = Get-FileChecksum -path $dest if ($source_checksum -ne $target_checksum) { $copy_file = $true } } } else { $copy_file = $true } if ($copy_file) { $file_dir = [System.IO.Path]::GetDirectoryName($dest) # validate the parent dir is not a file and that it exists if (Test-Path -Path $file_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } elseif (-not (Test-Path -Path $file_dir)) { # directory doesn't exist, need to create New-Item -Path $file_dir -ItemType Directory -WhatIf:$check_mode | Out-Null $diff += "+$file_dir\`n" } if (Test-Path -Path $dest -PathType Leaf) { Remove-Item -Path $dest -Force -Recurse -WhatIf:$check_mode | Out-Null $diff += "-$dest`n" } if (-not $check_mode) { # cannot run with -WhatIf:$check_mode as if the parent dir didn't # exist and was created above would still not exist in check mode Copy-Item -Path $source -Destination $dest -Force | Out-Null } $diff += "+$dest`n" $result.changed = $true } # ugly but to save us from running the checksum twice, let's return it for # the main code to add it to $result return ,@{ diff = $diff; checksum = $source_checksum } } Function Copy-Folder($source, $dest) { $diff = "" $copy_folder = $false if (-not (Test-Path -Path $dest -PathType Container)) { $parent_dir = [System.IO.Path]::GetDirectoryName($dest) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } if (Test-Path -Path $dest -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder from '$source' to '$dest': dest is already a file" } New-Item -Path $dest -ItemType Container -WhatIf:$check_mode | Out-Null $diff += "+$dest\`n" $result.changed = $true } $child_items = Get-ChildItem -Path $source -Force foreach ($child_item in $child_items) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_item.Name if ($child_item.PSIsContainer) { $diff += (Copy-Folder -source $child_item.Fullname -dest $dest_child_path) } else { $diff += (Copy-File -source $child_item.Fullname -dest $dest_child_path).diff } } return $diff } Function Get-FileSize($path) { $file = Get-Item -Path $path -Force $size = $null if ($file.PSIsContainer) { $dir_files_sum = Get-ChildItem $file.FullName -Recurse if ($dir_files_sum -eq $null -or ($dir_files_sum.PSObject.Properties.name -contains 'length' -eq $false)) { $size = 0 } else { $size = ($dir_files_sum | Measure-Object -property length -sum).Sum } } else { $size = $file.Length } $size } Function Extract-Zip($src, $dest) { $archive = [System.IO.Compression.ZipFile]::Open($src, [System.IO.Compression.ZipArchiveMode]::Read, [System.Text.Encoding]::UTF8) foreach ($entry in $archive.Entries) { $archive_name = $entry.FullName # FullName may be appended with / or \, determine if it is padded and remove it $padding_length = $archive_name.Length % 4 if ($padding_length -eq 0) { $is_dir = $false $base64_name = $archive_name } elseif ($padding_length -eq 1) { $is_dir = $true if ($archive_name.EndsWith("/") -or $archive_name.EndsWith("`\")) { $base64_name = $archive_name.Substring(0, $archive_name.Length - 1) } else { throw "invalid base64 archive name '$archive_name'" } } else { throw "invalid base64 length '$archive_name'" } # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_name = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_name)) # re-add the / to the entry full name if it was a directory if ($is_dir) { $decoded_archive_name = "$decoded_archive_name/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_name) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false) { if (-not $check_mode) { [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $entry_target_path, $true) } } } $archive.Dispose() # release the handle of the zip file } Function Extract-ZipLegacy($src, $dest) { if (-not (Test-Path -Path $dest)) { New-Item -Path $dest -ItemType Directory -WhatIf:$check_mode | Out-Null } $shell = New-Object -ComObject Shell.Application $zip = $shell.NameSpace($src) $dest_path = $shell.NameSpace($dest) foreach ($entry in $zip.Items()) { $is_dir = $entry.IsFolder $encoded_archive_entry = $entry.Name # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_entry = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encoded_archive_entry)) if ($is_dir) { $decoded_archive_entry = "$decoded_archive_entry/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_entry) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false -and (-not $check_mode)) { # https://msdn.microsoft.com/en-us/library/windows/desktop/bb787866.aspx # From Folder.CopyHere documentation, 1044 means: # - 1024: do not display a user interface if an error occurs # - 16: respond with "yes to all" for any dialog box that is displayed # - 4: do not display a progress dialog box $dest_path.CopyHere($entry, 1044) # once file is extraced, we need to rename it with non base64 name $combined_encoded_path = [System.IO.Path]::Combine($dest, $encoded_archive_entry) Move-Item -Path $combined_encoded_path -Destination $entry_target_path -Force | Out-Null } } } if ($copy_mode -eq "query") { # we only return a list of files/directories that need to be copied over # the source of the local file will be the key used $changed_files = @() $changed_directories = @() $changed_symlinks = @() foreach ($file in $files) { $filename = $file.dest $local_checksum = $file.checksum $filepath = Join-Path -Path $dest -ChildPath $filename if (Test-Path -Path $filepath -PathType Leaf) { if ($force) { $checksum = Get-FileChecksum -path $filepath if ($checksum -ne $local_checksum) { $will_change = $true $changed_files += $file } } } elseif (Test-Path -Path $filepath -PathType Container) { Fail-Json -obj $result -message "cannot copy file to dest '$filepath': object at path is already a directory" } else { $changed_files += $file } } foreach ($directory in $directories) { $dirname = $directory.dest $dirpath = Join-Path -Path $dest -ChildPath $dirname $parent_dir = [System.IO.Path]::GetDirectoryName($dirpath) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at parent directory path is already a file" } if (Test-Path -Path $dirpath -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at path is already a file" } elseif (-not (Test-Path -Path $dirpath -PathType Container)) { $changed_directories += $directory } } # TODO: Handle symlinks $result.files = $changed_files $result.directories = $changed_directories $result.symlinks = $changed_symlinks } elseif ($copy_mode -eq "explode") { # a single zip file containing the files and directories needs to be # expanded this will always result in a change as the calculation is done # on the win_copy action plugin and is only run if a change needs to occur if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot expand src zip file: '$src' as it does not exist" } # Detect if the PS zip assemblies are available or whether to use Shell $use_legacy = $false try { Add-Type -AssemblyName System.IO.Compression.FileSystem | Out-Null Add-Type -AssemblyName System.IO.Compression | Out-Null } catch { $use_legacy = $true } if ($use_legacy) { Extract-ZipLegacy -src $src -dest $dest } else { Extract-Zip -src $src -dest $dest } $result.changed = $true } elseif ($copy_mode -eq "remote") { # all copy actions are happening on the remote side (windows host), need # too copy source and dest using PS code $result.src = $src $result.dest = $dest if (-not (Test-Path -Path $src)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } if (Test-Path -Path $src -PathType Container) { # we are copying a directory or the contents of a directory $result.operation = 'folder_copy' if ($src.EndsWith("/") -or $src.EndsWith("`\")) { # copying the folder's contents to dest $diff = "" $child_files = Get-ChildItem -Path $src -Force foreach ($child_file in $child_files) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_file.Name if ($child_file.PSIsContainer) { $diff += Copy-Folder -source $child_file.FullName -dest $dest_child_path } else { $diff += (Copy-File -source $child_file.FullName -dest $dest_child_path).diff } } } else { # copying the folder and it's contents to dest $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest $diff = Copy-Folder -source $src -dest $dest } } else { # we are just copying a single file to dest $result.operation = 'file_copy' $source_basename = (Get-Item -Path $src -Force).Name $result.original_basename = $source_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\")) { $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest } else { # check if the parent dir exists, this is only done if src is a # file and dest if the path to a file (doesn't end with \ or /) $parent_dir = Split-Path -Path $dest if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } $copy_result = Copy-File -source $src -dest $dest $diff = $copy_result.diff $result.checksum = $copy_result.checksum } # the file might not exist if running in check mode if (-not $check_mode -or (Test-Path -Path $dest -PathType Leaf)) { $result.size = Get-FileSize -path $dest } else { $result.size = $null } if ($diff_mode) { $result.diff.prepared = $diff } } elseif ($copy_mode -eq "single") { # a single file is located in src and we need to copy to dest, this will # always result in a change as the calculation is done on the Ansible side # before this is run. This should also never run in check mode if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } # the dest parameter is a directory, we need to append original_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\") -or (Test-Path -Path $dest -PathType Container)) { $remote_dest = Join-Path -Path $dest -ChildPath $original_basename $parent_dir = Split-Path -Path $remote_dest # when dest ends with /, we need to create the destination directories if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { New-Item -Path $parent_dir -ItemType Directory | Out-Null } } else { $remote_dest = $dest $parent_dir = Split-Path -Path $remote_dest # check if the dest parent dirs exist, need to fail if they don't if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } Copy-Item -Path $src -Destination $remote_dest -Force | Out-Null $result.changed = $true } Exit-Json -obj $result ScriptBlock ID: 7e55f186-af81-499e-84ab-2e164f7af388 Path:	4104	1		3	2	15	0	1374	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	504	2300	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:16:57 PM	7f70462d-725d-0003-b78e-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: aa6eb2e9-c87a-4369-a4ee-4156e632fc68 Path:	4104	1		3	2	15	0	1373	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	504	1340	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:16:57 PM	7f70462d-725d-0000-6459-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 17336f0b-f7c2-4d4f-8cbe-3d6195a35f68 Path:	4104	1		3	2	15	0	1372	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	504	1340	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:16:56 PM	7f70462d-725d-0000-5559-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 5): 0", "_ansible_module_name": "win_copy"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 9ddebfb2-6021-45e7-8d67-6b0d96970451 Path:	4104	1		3	2	15	0	1371	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	504	1340	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:16:56 PM	7f70462d-725d-0000-5059-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 5): MgZGlhbG9nIGJveAogICAgICAgICAgICAkZGVzdF9wYXRoLkNvcHlIZXJlKCRlbnRyeSwgMTA0NCkKCiAgICAgICAgICAgICMgb25jZSBmaWxlIGlzIGV4dHJhY2VkLCB3ZSBuZWVkIHRvIHJlbmFtZSBpdCB3aXRoIG5vbiBiYXNlNjQgbmFtZQogICAgICAgICAgICAkY29tYmluZWRfZW5jb2RlZF9wYXRoID0gW1N5c3RlbS5JTy5QYXRoXTo6Q29tYmluZSgkZGVzdCwgJGVuY29kZWRfYXJjaGl2ZV9lbnRyeSkKICAgICAgICAgICAgTW92ZS1JdGVtIC1QYXRoICRjb21iaW5lZF9lbmNvZGVkX3BhdGggLURlc3RpbmF0aW9uICRlbnRyeV90YXJnZXRfcGF0aCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0KfQoKaWYgKCRjb3B5X21vZGUgLWVxICJxdWVyeSIpIHsKICAgICMgd2Ugb25seSByZXR1cm4gYSBsaXN0IG9mIGZpbGVzL2RpcmVjdG9yaWVzIHRoYXQgbmVlZCB0byBiZSBjb3BpZWQgb3ZlcgogICAgIyB0aGUgc291cmNlIG9mIHRoZSBsb2NhbCBmaWxlIHdpbGwgYmUgdGhlIGtleSB1c2VkCiAgICAkY2hhbmdlZF9maWxlcyA9IEAoKQogICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgPSBAKCkKICAgICRjaGFuZ2VkX3N5bWxpbmtzID0gQCgpCgogICAgZm9yZWFjaCAoJGZpbGUgaW4gJGZpbGVzKSB7CiAgICAgICAgJGZpbGVuYW1lID0gJGZpbGUuZGVzdAogICAgICAgICRsb2NhbF9jaGVja3N1bSA9ICRmaWxlLmNoZWNrc3VtCgogICAgICAgICRmaWxlcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoICRmaWxlbmFtZQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGZpbGVwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAgICAgICAgICRjaGVja3N1bSA9IEdldC1GaWxlQ2hlY2tzdW0gLXBhdGggJGZpbGVwYXRoCiAgICAgICAgICAgICAgICBpZiAoJGNoZWNrc3VtIC1uZSAkbG9jYWxfY2hlY2tzdW0pIHsKICAgICAgICAgICAgICAgICAgICAkd2lsbF9jaGFuZ2UgPSAkdHJ1ZQogICAgICAgICAgICAgICAgICAgICRjaGFuZ2VkX2ZpbGVzICs9ICRmaWxlCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRmaWxlcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZpbGUgdG8gZGVzdCAnJGZpbGVwYXRoJzogb2JqZWN0IGF0IHBhdGggaXMgYWxyZWFkeSBhIGRpcmVjdG9yeSIKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkY2hhbmdlZF9maWxlcyArPSAkZmlsZQogICAgICAgIH0KICAgIH0KCiAgICBmb3JlYWNoICgkZGlyZWN0b3J5IGluICRkaXJlY3RvcmllcykgewogICAgICAgICRkaXJuYW1lID0gJGRpcmVjdG9yeS5kZXN0CgogICAgICAgICRkaXJwYXRoID0gSm9pbi1QYXRoIC1QYXRoICRkZXN0IC1DaGlsZFBhdGggJGRpcm5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGRpcnBhdGgpCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgdG8gZGVzdCAnJGRpcnBhdGgnOiBvYmplY3QgYXQgcGFyZW50IGRpcmVjdG9yeSBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0KICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRkaXJwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZvbGRlciB0byBkZXN0ICckZGlycGF0aCc6IG9iamVjdCBhdCBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0gZWxzZWlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGRpcnBhdGggLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAgICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgKz0gJGRpcmVjdG9yeQogICAgICAgIH0KICAgIH0KCiAgICAjIFRPRE86IEhhbmRsZSBzeW1saW5rcwoKICAgICRyZXN1bHQuZmlsZXMgPSAkY2hhbmdlZF9maWxlcwogICAgJHJlc3VsdC5kaXJlY3RvcmllcyA9ICRjaGFuZ2VkX2RpcmVjdG9yaWVzCiAgICAkcmVzdWx0LnN5bWxpbmtzID0gJGNoYW5nZWRfc3ltbGlua3MKfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJleHBsb2RlIikgewogICAgIyBhIHNpbmdsZSB6aXAgZmlsZSBjb250YWluaW5nIHRoZSBmaWxlcyBhbmQgZGlyZWN0b3JpZXMgbmVlZHMgdG8gYmUKICAgICMgZXhwYW5kZWQgdGhpcyB3aWxsIGFsd2F5cyByZXN1bHQgaW4gYSBjaGFuZ2UgYXMgdGhlIGNhbGN1bGF0aW9uIGlzIGRvbmUKICAgICMgb24gdGhlIHdpbl9jb3B5IGFjdGlvbiBwbHVnaW4gYW5kIGlzIG9ubHkgcnVuIGlmIGEgY2hhbmdlIG5lZWRzIHRvIG9jY3VyCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRzcmMgLVBhdGhUeXBlIExlYWYpKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiQ2Fubm90IGV4cGFuZCBzcmMgemlwIGZpbGU6ICckc3JjJyBhcyBpdCBkb2VzIG5vdCBleGlzdCIKICAgIH0KCiAgICAjIERldGVjdCBpZiB0aGUgUFMgemlwIGFzc2VtYmxpZXMgYXJlIGF2YWlsYWJsZSBvciB3aGV0aGVyIHRvIHVzZSBTaGVsbAogICAgJHVzZV9sZWdhY3kgPSAkZmFsc2UKICAgIHRyeSB7CiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24uRmlsZVN5c3RlbSB8IE91dC1OdWxsCiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24gfCBPdXQtTnVsbAogICAgfSBjYXRjaCB7CiAgICAgICAgJHVzZV9sZWdhY3kgPSAkdHJ1ZQogICAgfQogICAgaWYgKCR1c2VfbGVnYWN5KSB7CiAgICAgICAgRXh0cmFjdC1aaXBMZWdhY3kgLXNyYyAkc3JjIC1kZXN0ICRkZXN0CiAgICB9IGVsc2UgewogICAgICAgIEV4dHJhY3QtWmlwIC1zcmMgJHNyYyAtZGVzdCAkZGVzdAogICAgfQoKICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCn0gZWxzZWlmICgkY29weV9tb2RlIC1lcSAicmVtb3RlIikgewogICAgIyBhbGwgY29weSBhY3Rpb25zIGFyZSBoYXBwZW5pbmcgb24gdGhlIHJlbW90ZSBzaWRlICh3aW5kb3dzIGhvc3QpLCBuZWVkCiAgICAjIHRvbyBjb3B5IHNvdXJjZSBhbmQgZGVzdCB1c2luZyBQUyBjb2RlCiAgICAkcmVzdWx0LnNyYyA9ICRzcmMKICAgICRyZXN1bHQuZGVzdCA9ICRkZXN0CgogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBDb250YWluZXIpIHsKICAgICAgICAjIHdlIGFyZSBjb3B5aW5nIGEgZGlyZWN0b3J5IG9yIHRoZSBjb250ZW50cyBvZiBhIGRpcmVjdG9yeQogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZvbGRlcl9jb3B5JwogICAgICAgIGlmICgkc3JjLkVuZHNXaXRoKCIvIikgLW9yICRzcmMuRW5kc1dpdGgoImBcIikpIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIncyBjb250ZW50cyB0byBkZXN0CiAgICAgICAgICAgICRkaWZmID0gIiIKICAgICAgICAgICAgJGNoaWxkX2ZpbGVzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZQogICAgICAgICAgICBmb3JlYWNoICgkY2hpbGRfZmlsZSBpbiAkY2hpbGRfZmlsZXMpIHsKICAgICAgICAgICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfZmlsZS5OYW1lCiAgICAgICAgICAgICAgICBpZiAoJGNoaWxkX2ZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgICAgICRkaWZmICs9IENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aAogICAgICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIgYW5kIGl0J3MgY29udGVudHMgdG8gZGVzdAogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgICAgICAkZGlmZiA9IENvcHktRm9sZGVyIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgIyB3ZSBhcmUganVzdCBjb3B5aW5nIGEgc2luZ2xlIGZpbGUgdG8gZGVzdAogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZpbGVfY29weScKCiAgICAgICAgJHNvdXJjZV9iYXNlbmFtZSA9IChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICRyZXN1bHQub3JpZ2luYWxfYmFzZW5hbWUgPSAkc291cmNlX2Jhc2VuYW1lCgogICAgICAgIGlmICgkZGVzdC5FbmRzV2l0aCgiLyIpIC1vciAkZGVzdC5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICMgY2hlY2sgaWYgdGhlIHBhcmVudCBkaXIgZXhpc3RzLCB0aGlzIGlzIG9ubHkgZG9uZSBpZiBzcmMgaXMgYQogICAgICAgICAgICAjIGZpbGUgYW5kIGRlc3QgaWYgdGhlIHBhdGggdG8gYSBmaWxlIChkb2Vzbid0IGVuZCB3aXRoIFwgb3IgLykKICAgICAgICAgICAgJHBhcmVudF9kaXIgPSBTcGxpdC1QYXRoIC1QYXRoICRkZXN0CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRGVzdGluYXRpb24gZGlyZWN0b3J5ICckcGFyZW50X2RpcicgZG9lcyBub3QgZXhpc3QiCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgJGNvcHlfcmVzdWx0ID0gQ29weS1GaWxlIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgICRkaWZmID0gJGNvcHlfcmVzdWx0LmRpZmYKICAgICAgICAkcmVzdWx0LmNoZWNrc3VtID0gJGNvcHlfcmVzdWx0LmNoZWNrc3VtCiAgICB9CgogICAgIyB0aGUgZmlsZSBtaWdodCBub3QgZXhpc3QgaWYgcnVubmluZyBpbiBjaGVjayBtb2RlCiAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSAtb3IgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikpIHsKICAgICAgICAkcmVzdWx0LnNpemUgPSBHZXQtRmlsZVNpemUgLXBhdGggJGRlc3QKICAgIH0gZWxzZSB7CiAgICAgICAgJHJlc3VsdC5zaXplID0gJG51bGwKICAgIH0KICAgIGlmICgkZGlmZl9tb2RlKSB7CiAgICAgICAgJHJlc3VsdC5kaWZmLnByZXBhcmVkID0gJGRpZmYKICAgIH0KfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJzaW5nbGUiKSB7CiAgICAjIGEgc2luZ2xlIGZpbGUgaXMgbG9jYXRlZCBpbiBzcmMgYW5kIHdlIG5lZWQgdG8gY29weSB0byBkZXN0LCB0aGlzIHdpbGwKICAgICMgYWx3YXlzIHJlc3VsdCBpbiBhIGNoYW5nZSBhcyB0aGUgY2FsY3VsYXRpb24gaXMgZG9uZSBvbiB0aGUgQW5zaWJsZSBzaWRlCiAgICAjIGJlZm9yZSB0aGlzIGlzIHJ1bi4gVGhpcyBzaG91bGQgYWxzbyBuZXZlciBydW4gaW4gY2hlY2sgbW9kZQogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBMZWFmKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgIyB0aGUgZGVzdCBwYXJhbWV0ZXIgaXMgYSBkaXJlY3RvcnksIHdlIG5lZWQgdG8gYXBwZW5kIG9yaWdpbmFsX2Jhc2VuYW1lCiAgICBpZiAoJGRlc3QuRW5kc1dpdGgoIi8iKSAtb3IgJGRlc3QuRW5kc1dpdGgoImBcIikgLW9yIChUZXN0LVBhdGggLVBhdGggJGRlc3QgLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAkcmVtb3RlX2Rlc3QgPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkb3JpZ2luYWxfYmFzZW5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgd2hlbiBkZXN0IGVuZHMgd2l0aCAvLCB3ZSBuZWVkIHRvIGNyZWF0ZSB0aGUgZGVzdGluYXRpb24gZGlyZWN0b3JpZXMKICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXJlbnRfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHJlbW90ZV9kZXN0ID0gJGRlc3QKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgY2hlY2sgaWYgdGhlIGRlc3QgcGFyZW50IGRpcnMgZXhpc3QsIG5lZWQgdG8gZmFpbCBpZiB0aGV5IGRvbid0CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJvYmplY3QgYXQgZGVzdGluYXRpb24gcGFyZW50IGRpciAnJHBhcmVudF9kaXInIGlzIGN1cnJlbnRseSBhIGZpbGUiCiAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJEZXN0aW5hdGlvbiBkaXJlY3RvcnkgJyRwYXJlbnRfZGlyJyBkb2VzIG5vdCBleGlzdCIKICAgICAgICB9CiAgICB9CgogICAgQ29weS1JdGVtIC1QYXRoICRzcmMgLURlc3RpbmF0aW9uICRyZW1vdGVfZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"symlinks": [], "files": [{"dest": "pip-install-neutron.log", "checksum": "1940e7cd63ca018477d6443a8ff8406e7daad1d2", "src": "/home/jenkins-slave/.ansible/tmp/ansible-local-28147HK_CHA/tmpMgbHhX"}], "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "force": true, "_ansible_no_log": false, "dest": "c:/openstack/log", "directories": [], "_ansible_remote_tmp": "%TEMP%", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_copy_mode": "query", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null, "_ansible_version": "2.7. ScriptBlock ID: 9ddebfb2-6021-45e7-8d67-6b0d96970451 Path:	4104	1		3	2	15	0	1370	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	504	1340	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:16:56 PM	7f70462d-725d-0000-5059-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 5): yBhIHppcCBmaWxlIHdoaWNoIG5lZWRzIHRvIGJlIGV4dHJhY3RlZCB0byBkZXN0LCBmb3IgdXNlIHdpdGggbXVsdGlwbGUgZmlsZXMKIyAgIHF1ZXJ5OiB3aW5fY29weSBhY3Rpb24gcGx1Z2luIHdhbnRzIHRvIGdldCB0aGUgc3RhdGUgb2YgcmVtb3RlIGZpbGVzIHRvIGNoZWNrIHdoZXRoZXIgaXQgbmVlZHMgdG8gc2VuZCB0aGVtCiMgICByZW1vdGU6IGFsbCBjb3B5IGFjdGlvbiBpcyBoYXBwZW5pbmcgcmVtb3RlbHkgKHJlbW90ZV9zcmM9VHJ1ZSkKIyAgIHNpbmdsZTogYSBzaW5nbGUgZmlsZSBoYXMgYmVlbiBjb3BpZWQsIGFsc28gdXNlZCB3aXRoIHRlbXBsYXRlCiRjb3B5X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2NvcHlfbW9kZSIgLXR5cGUgInN0ciIgLWRlZmF1bHQgInNpbmdsZSIgLXZhbGlkYXRlc2V0ICJleHBsb2RlIiwicXVlcnkiLCJyZW1vdGUiLCJzaW5nbGUiCgojIHVzZWQgaW4gZXhwbG9kZSwgcmVtb3RlIGFuZCBzaW5nbGUgbW9kZQokc3JjID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInNyYyIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAoJGNvcHlfbW9kZSAtaW4gQCgiZXhwbG9kZSIsInByb2Nlc3MiLCJzaW5nbGUiKSkKJGRlc3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGVzdCIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAkdHJ1ZQoKIyB1c2VkIGluIHNpbmdsZSBtb2RlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCgojIHVzZWQgaW4gcXVlcnkgYW5kIHJlbW90ZSBtb2RlCiRmb3JjZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmb3JjZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCgojIHVzZWQgaW4gcXVlcnkgbW9kZSwgY29udGFpbnMgdGhlIGxvY2FsIGZpbGVzL2RpcmVjdG9yaWVzL3N5bWxpbmtzIHRoYXQgYXJlIHRvIGJlIGNvcGllZAokZmlsZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZmlsZXMiIC10eXBlICJsaXN0IgokZGlyZWN0b3JpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGlyZWN0b3JpZXMiIC10eXBlICJsaXN0Igokc3ltbGlua3MgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3ltbGlua3MiIC10eXBlICJsaXN0IgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCn0KCmlmICgkZGlmZl9tb2RlKSB7CiAgICAkcmVzdWx0LmRpZmYgPSBAe30KfQoKRnVuY3Rpb24gQ29weS1GaWxlKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9maWxlID0gJGZhbHNlCiAgICAkc291cmNlX2NoZWNrc3VtID0gJG51bGwKICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAkc291cmNlX2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkc291cmNlCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBkZXN0IGlzIGFscmVhZHkgYSBmb2xkZXIiCiAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgaWYgKCRmb3JjZSkgewogICAgICAgICAgICAkdGFyZ2V0X2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkZGVzdAogICAgICAgICAgICBpZiAoJHNvdXJjZV9jaGVja3N1bSAtbmUgJHRhcmdldF9jaGVja3N1bSkgewogICAgICAgICAgICAgICAgJGNvcHlfZmlsZSA9ICR0cnVlCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICRjb3B5X2ZpbGUgPSAkdHJ1ZQogICAgfQoKICAgIGlmICgkY29weV9maWxlKSB7CiAgICAgICAgJGZpbGVfZGlyID0gW1N5c3RlbS5JTy5QYXRoXTo6R2V0RGlyZWN0b3J5TmFtZSgkZGVzdCkKICAgICAgICAjIHZhbGlkYXRlIHRoZSBwYXJlbnQgZGlyIGlzIG5vdCBhIGZpbGUgYW5kIHRoYXQgaXQgZXhpc3RzCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZmlsZV9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRmaWxlX2RpcikpIHsKICAgICAgICAgICAgIyBkaXJlY3RvcnkgZG9lc24ndCBleGlzdCwgbmVlZCB0byBjcmVhdGUKICAgICAgICAgICAgTmV3LUl0ZW0gLVBhdGggJGZpbGVfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICIrJGZpbGVfZGlyXGBuIgogICAgICAgIH0KCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBSZW1vdmUtSXRlbSAtUGF0aCAkZGVzdCAtRm9yY2UgLVJlY3Vyc2UgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICItJGRlc3RgbiIKICAgICAgICB9CgogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICMgY2Fubm90IHJ1biB3aXRoIC1XaGF0SWY6JGNoZWNrX21vZGUgYXMgaWYgdGhlIHBhcmVudCBkaXIgZGlkbid0CiAgICAgICAgICAgICMgZXhpc3QgYW5kIHdhcyBjcmVhdGVkIGFib3ZlIHdvdWxkIHN0aWxsIG5vdCBleGlzdCBpbiBjaGVjayBtb2RlCiAgICAgICAgICAgIENvcHktSXRlbSAtUGF0aCAkc291cmNlIC1EZXN0aW5hdGlvbiAkZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgICAgICAkZGlmZiArPSAiKyRkZXN0YG4iCgogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgIyB1Z2x5IGJ1dCB0byBzYXZlIHVzIGZyb20gcnVubmluZyB0aGUgY2hlY2tzdW0gdHdpY2UsIGxldCdzIHJldHVybiBpdCBmb3IKICAgICMgdGhlIG1haW4gY29kZSB0byBhZGQgaXQgdG8gJHJlc3VsdAogICAgcmV0dXJuICxAeyBkaWZmID0gJGRpZmY7IGNoZWNrc3VtID0gJHNvdXJjZV9jaGVja3N1bSB9Cn0KCkZ1bmN0aW9uIENvcHktRm9sZGVyKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9mb2xkZXIgPSAkZmFsc2UKCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgJHBhcmVudF9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRkZXN0KQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgZnJvbSAnJHNvdXJjZScgdG8gJyRkZXN0JzogZGVzdCBpcyBhbHJlYWR5IGEgZmlsZSIKICAgICAgICB9CgogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBDb250YWluZXIgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgJGRpZmYgKz0gIiskZGVzdFxgbiIKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQoKICAgICRjaGlsZF9pdGVtcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJHNvdXJjZSAtRm9yY2UKICAgIGZvcmVhY2ggKCRjaGlsZF9pdGVtIGluICRjaGlsZF9pdGVtcykgewogICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfaXRlbS5OYW1lCiAgICAgICAgaWYgKCRjaGlsZF9pdGVtLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgJGRpZmYgKz0gKENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgIH0KICAgIH0KCiAgICByZXR1cm4gJGRpZmYKfQoKRnVuY3Rpb24gR2V0LUZpbGVTaXplKCRwYXRoKSB7CiAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRwYXRoIC1Gb3JjZQogICAgJHNpemUgPSAkbnVsbAogICAgaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAkZGlyX2ZpbGVzX3N1bSA9IEdldC1DaGlsZEl0ZW0gJGZpbGUuRnVsbE5hbWUgLVJlY3Vyc2UKICAgICAgICBpZiAoJGRpcl9maWxlc19zdW0gLWVxICRudWxsIC1vciAoJGRpcl9maWxlc19zdW0uUFNPYmplY3QuUHJvcGVydGllcy5uYW1lIC1jb250YWlucyAnbGVuZ3RoJyAtZXEgJGZhbHNlKSkgewogICAgICAgICAgICAkc2l6ZSA9IDAKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkc2l6ZSA9ICgkZGlyX2ZpbGVzX3N1bSB8IE1lYXN1cmUtT2JqZWN0IC1wcm9wZXJ0eSBsZW5ndGggLXN1bSkuU3VtCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkc2l6ZSA9ICRmaWxlLkxlbmd0aAogICAgfQoKICAgICRzaXplCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwKCRzcmMsICRkZXN0KSB7CiAgICAkYXJjaGl2ZSA9IFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZV06Ok9wZW4oJHNyYywgW1N5c3RlbS5JTy5Db21wcmVzc2lvbi5aaXBBcmNoaXZlTW9kZV06OlJlYWQsIFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjgpCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJGFyY2hpdmUuRW50cmllcykgewogICAgICAgICRhcmNoaXZlX25hbWUgPSAkZW50cnkuRnVsbE5hbWUKCiAgICAgICAgIyBGdWxsTmFtZSBtYXkgYmUgYXBwZW5kZWQgd2l0aCAvIG9yIFwsIGRldGVybWluZSBpZiBpdCBpcyBwYWRkZWQgYW5kIHJlbW92ZSBpdAogICAgICAgICRwYWRkaW5nX2xlbmd0aCA9ICRhcmNoaXZlX25hbWUuTGVuZ3RoICUgNAogICAgICAgIGlmICgkcGFkZGluZ19sZW5ndGggLWVxIDApIHsKICAgICAgICAgICAgJGlzX2RpciA9ICRmYWxzZQogICAgICAgICAgICAkYmFzZTY0X25hbWUgPSAkYXJjaGl2ZV9uYW1lCiAgICAgICAgfSBlbHNlaWYgKCRwYWRkaW5nX2xlbmd0aCAtZXEgMSkgewogICAgICAgICAgICAkaXNfZGlyID0gJHRydWUKICAgICAgICAgICAgaWYgKCRhcmNoaXZlX25hbWUuRW5kc1dpdGgoIi8iKSAtb3IgJGFyY2hpdmVfbmFtZS5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAgICAgJGJhc2U2NF9uYW1lID0gJGFyY2hpdmVfbmFtZS5TdWJzdHJpbmcoMCwgJGFyY2hpdmVfbmFtZS5MZW5ndGggLSAxKQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgdGhyb3cgImludmFsaWQgYmFzZTY0IGFyY2hpdmUgbmFtZSAnJGFyY2hpdmVfbmFtZSciCiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICB0aHJvdyAiaW52YWxpZCBiYXNlNjQgbGVuZ3RoICckYXJjaGl2ZV9uYW1lJyIKICAgICAgICB9CgogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGJhc2U2NF9uYW1lKSkKICAgICAgICAjIHJlLWFkZCB0aGUgLyB0byB0aGUgZW50cnkgZnVsbCBuYW1lIGlmIGl0IHdhcyBhIGRpcmVjdG9yeQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9ICIkZGVjb2RlZF9hcmNoaXZlX25hbWUvIgogICAgICAgIH0KICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX25hbWUpCiAgICAgICAgJGVudHJ5X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGVudHJ5X3RhcmdldF9wYXRoKQoKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRlbnRyeV9kaXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRlbnRyeV9kaXIgLUl0ZW1UeXBlIERpcmVjdG9yeSAtV2hhdElmOiRjaGVja19tb2RlIHwgT3V0LU51bGwKICAgICAgICB9CgogICAgICAgIGlmICgkaXNfZGlyIC1lcSAkZmFsc2UpIHsKICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgICAgIFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZUV4dGVuc2lvbnNdOjpFeHRyYWN0VG9GaWxlKCRlbnRyeSwgJGVudHJ5X3RhcmdldF9wYXRoLCAkdHJ1ZSkKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KICAgICRhcmNoaXZlLkRpc3Bvc2UoKSAgIyByZWxlYXNlIHRoZSBoYW5kbGUgb2YgdGhlIHppcCBmaWxlCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwTGVnYWN5KCRzcmMsICRkZXN0KSB7CiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0KSkgewogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICB9CiAgICAkc2hlbGwgPSBOZXctT2JqZWN0IC1Db21PYmplY3QgU2hlbGwuQXBwbGljYXRpb24KICAgICR6aXAgPSAkc2hlbGwuTmFtZVNwYWNlKCRzcmMpCiAgICAkZGVzdF9wYXRoID0gJHNoZWxsLk5hbWVTcGFjZSgkZGVzdCkKCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJHppcC5JdGVtcygpKSB7CiAgICAgICAgJGlzX2RpciA9ICRlbnRyeS5Jc0ZvbGRlcgogICAgICAgICRlbmNvZGVkX2FyY2hpdmVfZW50cnkgPSAkZW50cnkuTmFtZQogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRlbmNvZGVkX2FyY2hpdmVfZW50cnkpKQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSAiJGRlY29kZWRfYXJjaGl2ZV9lbnRyeS8iCiAgICAgICAgfQoKICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX2VudHJ5KQogICAgICAgICRlbnRyeV9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRlbnRyeV90YXJnZXRfcGF0aCkKCiAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkZW50cnlfZGlyKSkgewogICAgICAgICAgICBOZXctSXRlbSAtUGF0aCAkZW50cnlfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfQoKICAgICAgICBpZiAoJGlzX2RpciAtZXEgJGZhbHNlIC1hbmQgKC1ub3QgJGNoZWNrX21vZGUpKSB7CiAgICAgICAgICAgICMgaHR0cHM6Ly9tc2RuLm1pY3Jvc29mdC5jb20vZW4tdXMvbGlicmFyeS93aW5kb3dzL2Rlc2t0b3AvYmI3ODc4NjYuYXNweAogICAgICAgICAgICAjIEZyb20gRm9sZGVyLkNvcHlIZXJlIGRvY3VtZW50YXRpb24sIDEwNDQgbWVhbnM6CiAgICAgICAgICAgICMgIC0gMTAyNDogZG8gbm90IGRpc3BsYXkgYSB1c2VyIGludGVyZmFjZSBpZiBhbiBlcnJvciBvY2N1cnMKICAgICAgICAgICAgIyAgLSAgIDE2OiByZXNwb25kIHdpdGggInllcyB0byBhbGwiIGZvciBhbnkgZGlhbG9nIGJveCB0aGF0IGlzIGRpc3BsYXllZAogICAgICAgICAgICAjICAtICAgIDQ6IGRvIG5vdCBkaXNwbGF5IGEgcHJvZ3Jlc3 ScriptBlock ID: 9ddebfb2-6021-45e7-8d67-6b0d96970451 Path:	4104	1		3	2	15	0	1369	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	504	1340	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:16:56 PM	7f70462d-725d-0000-5059-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 5): CAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTUsIEpvbiBIYXdrZXN3b3J0aCAoQGpoYXdrZXN3b3J0aCkgPGZpZ3NAdW5pdHkuZGVtb24uY28udWs+CiMgQ29weXJpZ2h0OiAoYykgMjAxNywgQW5zaWJsZSBQcm9qZWN0CiMgR05VIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgdjMuMCsgKHNlZSBDT1BZSU5HIG9yIGh0dHBzOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvZ3BsLTMuMC50eHQpCgojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxlZ2FjeQoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKJHBhcmFtcyA9IFBhcnNlLUFyZ3MgLWFyZ3VtZW50cyAkYXJncyAtc3VwcG9ydHNfY2hlY2tfbW9kZSAkdHJ1ZQokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtdHlwZSAiYm9vbCIgLWRlZmF1bHQgJGZhbHNlCiRkaWZmX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfZGlmZiIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQoKIyB0aGVyZSBhcmUgNCBtb2RlcyB0byB3aW5fY29weSB3aGljaCBhcmUgZHJpdmVuIGJ5IHRoZSBhY3Rpb24gcGx1Z2luczoKIyAgIGV4cGxvZGU6IHNyYyBpc ScriptBlock ID: 9ddebfb2-6021-45e7-8d67-6b0d96970451 Path:	4104	1		3	2	15	0	1368	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	504	1340	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:16:56 PM	7f70462d-725d-0000-5059-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 5): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgI ScriptBlock ID: 9ddebfb2-6021-45e7-8d67-6b0d96970451 Path:	4104	1		3	2	15	0	1367	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	504	1340	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:16:56 PM	7f70462d-725d-0000-5059-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1366	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	504	4872	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:16:56 PM	7f70462d-725d-0004-3e65-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 504 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1365	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	504	4452	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:16:56 PM	7f70462d-725d-0004-3e65-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1364	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	504	4872	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:16:56 PM	7f70462d-725d-0004-3e65-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1363	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4728	4552	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:55 PM	7f70462d-725d-0004-e964-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4728 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1362	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4728	4292	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:55 PM	7f70462d-725d-0004-e964-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1361	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4728	4552	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:55 PM	7f70462d-725d-0004-e964-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 38ecf50f-cdaa-4dff-8ec5-d4c2d16b1301 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = f7405386-79cb-4842-a310-4a2dba8aa112 Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = HV-CINDER-79963\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1360	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1036	676	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:55 PM	7f70462d-725d-0000-1659-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: def817a3-a9c0-4e21-a281-8689d573f803 Path:	4104	1		3	2	15	0	1359	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1036	3936	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:54 PM	7f70462d-725d-0003-698e-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 42d25a42-a357-4c9f-bbe2-382b9ca955c4 Path:	4104	1		3	2	15	0	1358	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1036	3936	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:54 PM	7f70462d-725d-0003-628e-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 86f081e8-f5e6-41a9-886a-b58a5d0b8450 Path:	4104	1		3	2	15	0	1357	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1036	3936	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:54 PM	7f70462d-725d-0003-538e-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): 0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "pip install -c c:\\openstack\\build\\requirements\\upper-constraints.txt -U -e c:\\openstack\\build\\neutron", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: ab3a92f4-5883-4fd0-96e7-ada98603bca5 Path:	4104	1		3	2	15	0	1356	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1036	3936	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:54 PM	7f70462d-725d-0003-4d8e-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): HRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z ScriptBlock ID: ab3a92f4-5883-4fd0-96e7-ada98603bca5 Path:	4104	1		3	2	15	0	1355	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1036	3936	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:54 PM	7f70462d-725d-0003-4d8e-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): 3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzI ScriptBlock ID: ab3a92f4-5883-4fd0-96e7-ada98603bca5 Path:	4104	1		3	2	15	0	1354	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1036	3936	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:54 PM	7f70462d-725d-0003-4d8e-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X ScriptBlock ID: ab3a92f4-5883-4fd0-96e7-ada98603bca5 Path:	4104	1		3	2	15	0	1353	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1036	3936	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:54 PM	7f70462d-725d-0003-4d8e-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1352	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1036	4180	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:54 PM	7f70462d-725d-0004-e664-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1036 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1351	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1036	1140	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:54 PM	7f70462d-725d-0004-e664-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1350	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1036	4180	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:54 PM	7f70462d-725d-0004-e664-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1349	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2628	3548	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:51 PM	7f70462d-725d-0004-dd64-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2628 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1348	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2628	1760	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:51 PM	7f70462d-725d-0004-dd64-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1347	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2628	3548	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:51 PM	7f70462d-725d-0004-dd64-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 5b992557-e338-4c4f-b98f-8dbd7b8abf0c Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 3ef3130f-02fc-4c6e-b274-2db6c4464950 Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = HV-CINDER-79963\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1346	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3752	1188	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:51 PM	7f70462d-725d-0002-3a8c-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: f10b192f-179d-414f-9d9a-4f41de964873 Path:	4104	1		3	2	15	0	1345	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3752	3476	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:51 PM	7f70462d-725d-0002-178c-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: f32c4ce1-f008-4faa-93f3-a4a24eccd49d Path:	4104	1		3	2	15	0	1344	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3752	3476	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:51 PM	7f70462d-725d-0002-108c-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 9689a480-02cc-4699-ab64-06870364bd59 Path:	4104	1		3	2	15	0	1343	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3752	3476	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:50 PM	7f70462d-725d-0002-018c-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (6 of 6): ess { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 9282126d-927c-4270-b9ec-ea94ddf7f27a Path:	4104	1		3	2	15	0	1342	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3752	3476	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:50 PM	7f70462d-725d-0002-fb8b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 6): SBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "edit-constraints c:\\openstack\\build\\\\requirements\\\\upper-constraints.txt -- neutron \"-e file:///C:/openstack/build/neutron#egg=neutron\"", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } proc ScriptBlock ID: 9282126d-927c-4270-b9ec-ea94ddf7f27a Path:	4104	1		3	2	15	0	1341	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3752	3476	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:50 PM	7f70462d-725d-0002-fb8b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 6): 2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQ ScriptBlock ID: 9282126d-927c-4270-b9ec-ea94ddf7f27a Path:	4104	1		3	2	15	0	1340	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3752	3476	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:50 PM	7f70462d-725d-0002-fb8b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 6): tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b ScriptBlock ID: 9282126d-927c-4270-b9ec-ea94ddf7f27a Path:	4104	1		3	2	15	0	1339	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3752	3476	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:50 PM	7f70462d-725d-0002-fb8b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 6): lKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21 ScriptBlock ID: 9282126d-927c-4270-b9ec-ea94ddf7f27a Path:	4104	1		3	2	15	0	1338	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3752	3476	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:50 PM	7f70462d-725d-0002-fb8b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 6): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2R ScriptBlock ID: 9282126d-927c-4270-b9ec-ea94ddf7f27a Path:	4104	1		3	2	15	0	1337	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3752	3476	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:50 PM	7f70462d-725d-0002-fb8b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1336	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3752	3660	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:50 PM	7f70462d-725d-0002-f98b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3752 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1335	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3752	4148	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:50 PM	7f70462d-725d-0002-f98b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1334	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3752	3660	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:50 PM	7f70462d-725d-0002-f98b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1333	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2932	2944	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:49 PM	7f70462d-725d-0004-d164-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2932 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1332	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2932	4028	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:49 PM	7f70462d-725d-0004-d164-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1331	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2932	2944	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:48 PM	7f70462d-725d-0004-d164-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = d987c5e9-8453-45c9-85ce-e4a9a0602918 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 76df2aea-4eae-478c-bc42-cb6b634dc0c0 Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = HV-CINDER-79963\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1330	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5004	1672	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:48 PM	7f70462d-725d-0003-258e-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 86bce090-de3c-4354-ae5f-ba95856eaba4 Path:	4104	1		3	2	15	0	1329	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5004	1648	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:48 PM	7f70462d-725d-0001-9e50-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 8fbeec96-e789-424c-b712-772a5ae76ab4 Path:	4104	1		3	2	15	0	1328	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5004	1648	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:48 PM	7f70462d-725d-0001-9750-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: c1bcbfa1-5061-4bb8-ab8b-722652448807 Path:	4104	1		3	2	15	0	1327	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5004	1648	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:48 PM	7f70462d-725d-0001-8850-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "Select-String -path c:\\openstack\\build\\neutron\\\\setup.cfg -pattern \"^name.*=.*\" | % {$_.matches.value.split(\"=\")[1].trim()}", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: d40e6582-e0c3-4446-9d2e-852d2fd986ff Path:	4104	1		3	2	15	0	1326	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5004	1648	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:47 PM	7f70462d-725d-0001-8250-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29 ScriptBlock ID: d40e6582-e0c3-4446-9d2e-852d2fd986ff Path:	4104	1		3	2	15	0	1325	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5004	1648	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:47 PM	7f70462d-725d-0001-8250-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): ICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8 ScriptBlock ID: d40e6582-e0c3-4446-9d2e-852d2fd986ff Path:	4104	1		3	2	15	0	1324	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5004	1648	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:47 PM	7f70462d-725d-0001-8250-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAg ScriptBlock ID: d40e6582-e0c3-4446-9d2e-852d2fd986ff Path:	4104	1		3	2	15	0	1323	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5004	1648	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:47 PM	7f70462d-725d-0001-8250-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1322	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5004	4688	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:47 PM	7f70462d-725d-0004-cc64-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 5004 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1321	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5004	892	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:47 PM	7f70462d-725d-0004-cc64-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1320	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5004	4688	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:47 PM	7f70462d-725d-0004-cc64-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1319	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4128	4168	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:46 PM	7f70462d-725d-0004-c664-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4128 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1318	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4128	4960	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:46 PM	7f70462d-725d-0004-c664-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1317	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4128	4168	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:46 PM	7f70462d-725d-0004-c664-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1316	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4504	4352	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:46 PM	7f70462d-725d-0004-c564-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4504 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1315	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4504	4240	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:46 PM	7f70462d-725d-0004-c564-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1314	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4504	4352	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:46 PM	7f70462d-725d-0004-c564-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2015, Jon Hawkesworth (@jhawkesworth) <figs@unity.demon.co.uk> # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = 'Stop' $params = Parse-Args -arguments $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false $diff_mode = Get-AnsibleParam -obj $params -name "_ansible_diff" -type "bool" -default $false # there are 4 modes to win_copy which are driven by the action plugins: # explode: src is a zip file which needs to be extracted to dest, for use with multiple files # query: win_copy action plugin wants to get the state of remote files to check whether it needs to send them # remote: all copy action is happening remotely (remote_src=True) # single: a single file has been copied, also used with template $copy_mode = Get-AnsibleParam -obj $params -name "_copy_mode" -type "str" -default "single" -validateset "explode","query","remote","single" # used in explode, remote and single mode $src = Get-AnsibleParam -obj $params -name "src" -type "path" -failifempty ($copy_mode -in @("explode","process","single")) $dest = Get-AnsibleParam -obj $params -name "dest" -type "path" -failifempty $true # used in single mode $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" # used in query and remote mode $force = Get-AnsibleParam -obj $params -name "force" -type "bool" -default $true # used in query mode, contains the local files/directories/symlinks that are to be copied $files = Get-AnsibleParam -obj $params -name "files" -type "list" $directories = Get-AnsibleParam -obj $params -name "directories" -type "list" $symlinks = Get-AnsibleParam -obj $params -name "symlinks" -type "list" $result = @{ changed = $false } if ($diff_mode) { $result.diff = @{} } Function Copy-File($source, $dest) { $diff = "" $copy_file = $false $source_checksum = $null if ($force) { $source_checksum = Get-FileChecksum -path $source } if (Test-Path -Path $dest -PathType Container) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': dest is already a folder" } elseif (Test-Path -Path $dest -PathType Leaf) { if ($force) { $target_checksum = Get-FileChecksum -path $dest if ($source_checksum -ne $target_checksum) { $copy_file = $true } } } else { $copy_file = $true } if ($copy_file) { $file_dir = [System.IO.Path]::GetDirectoryName($dest) # validate the parent dir is not a file and that it exists if (Test-Path -Path $file_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } elseif (-not (Test-Path -Path $file_dir)) { # directory doesn't exist, need to create New-Item -Path $file_dir -ItemType Directory -WhatIf:$check_mode | Out-Null $diff += "+$file_dir\`n" } if (Test-Path -Path $dest -PathType Leaf) { Remove-Item -Path $dest -Force -Recurse -WhatIf:$check_mode | Out-Null $diff += "-$dest`n" } if (-not $check_mode) { # cannot run with -WhatIf:$check_mode as if the parent dir didn't # exist and was created above would still not exist in check mode Copy-Item -Path $source -Destination $dest -Force | Out-Null } $diff += "+$dest`n" $result.changed = $true } # ugly but to save us from running the checksum twice, let's return it for # the main code to add it to $result return ,@{ diff = $diff; checksum = $source_checksum } } Function Copy-Folder($source, $dest) { $diff = "" $copy_folder = $false if (-not (Test-Path -Path $dest -PathType Container)) { $parent_dir = [System.IO.Path]::GetDirectoryName($dest) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } if (Test-Path -Path $dest -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder from '$source' to '$dest': dest is already a file" } New-Item -Path $dest -ItemType Container -WhatIf:$check_mode | Out-Null $diff += "+$dest\`n" $result.changed = $true } $child_items = Get-ChildItem -Path $source -Force foreach ($child_item in $child_items) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_item.Name if ($child_item.PSIsContainer) { $diff += (Copy-Folder -source $child_item.Fullname -dest $dest_child_path) } else { $diff += (Copy-File -source $child_item.Fullname -dest $dest_child_path).diff } } return $diff } Function Get-FileSize($path) { $file = Get-Item -Path $path -Force $size = $null if ($file.PSIsContainer) { $dir_files_sum = Get-ChildItem $file.FullName -Recurse if ($dir_files_sum -eq $null -or ($dir_files_sum.PSObject.Properties.name -contains 'length' -eq $false)) { $size = 0 } else { $size = ($dir_files_sum | Measure-Object -property length -sum).Sum } } else { $size = $file.Length } $size } Function Extract-Zip($src, $dest) { $archive = [System.IO.Compression.ZipFile]::Open($src, [System.IO.Compression.ZipArchiveMode]::Read, [System.Text.Encoding]::UTF8) foreach ($entry in $archive.Entries) { $archive_name = $entry.FullName # FullName may be appended with / or \, determine if it is padded and remove it $padding_length = $archive_name.Length % 4 if ($padding_length -eq 0) { $is_dir = $false $base64_name = $archive_name } elseif ($padding_length -eq 1) { $is_dir = $true if ($archive_name.EndsWith("/") -or $archive_name.EndsWith("`\")) { $base64_name = $archive_name.Substring(0, $archive_name.Length - 1) } else { throw "invalid base64 archive name '$archive_name'" } } else { throw "invalid base64 length '$archive_name'" } # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_name = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_name)) # re-add the / to the entry full name if it was a directory if ($is_dir) { $decoded_archive_name = "$decoded_archive_name/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_name) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false) { if (-not $check_mode) { [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $entry_target_path, $true) } } } $archive.Dispose() # release the handle of the zip file } Function Extract-ZipLegacy($src, $dest) { if (-not (Test-Path -Path $dest)) { New-Item -Path $dest -ItemType Directory -WhatIf:$check_mode | Out-Null } $shell = New-Object -ComObject Shell.Application $zip = $shell.NameSpace($src) $dest_path = $shell.NameSpace($dest) foreach ($entry in $zip.Items()) { $is_dir = $entry.IsFolder $encoded_archive_entry = $entry.Name # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_entry = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encoded_archive_entry)) if ($is_dir) { $decoded_archive_entry = "$decoded_archive_entry/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_entry) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false -and (-not $check_mode)) { # https://msdn.microsoft.com/en-us/library/windows/desktop/bb787866.aspx # From Folder.CopyHere documentation, 1044 means: # - 1024: do not display a user interface if an error occurs # - 16: respond with "yes to all" for any dialog box that is displayed # - 4: do not display a progress dialog box $dest_path.CopyHere($entry, 1044) # once file is extraced, we need to rename it with non base64 name $combined_encoded_path = [System.IO.Path]::Combine($dest, $encoded_archive_entry) Move-Item -Path $combined_encoded_path -Destination $entry_target_path -Force | Out-Null } } } if ($copy_mode -eq "query") { # we only return a list of files/directories that need to be copied over # the source of the local file will be the key used $changed_files = @() $changed_directories = @() $changed_symlinks = @() foreach ($file in $files) { $filename = $file.dest $local_checksum = $file.checksum $filepath = Join-Path -Path $dest -ChildPath $filename if (Test-Path -Path $filepath -PathType Leaf) { if ($force) { $checksum = Get-FileChecksum -path $filepath if ($checksum -ne $local_checksum) { $will_change = $true $changed_files += $file } } } elseif (Test-Path -Path $filepath -PathType Container) { Fail-Json -obj $result -message "cannot copy file to dest '$filepath': object at path is already a directory" } else { $changed_files += $file } } foreach ($directory in $directories) { $dirname = $directory.dest $dirpath = Join-Path -Path $dest -ChildPath $dirname $parent_dir = [System.IO.Path]::GetDirectoryName($dirpath) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at parent directory path is already a file" } if (Test-Path -Path $dirpath -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at path is already a file" } elseif (-not (Test-Path -Path $dirpath -PathType Container)) { $changed_directories += $directory } } # TODO: Handle symlinks $result.files = $changed_files $result.directories = $changed_directories $result.symlinks = $changed_symlinks } elseif ($copy_mode -eq "explode") { # a single zip file containing the files and directories needs to be # expanded this will always result in a change as the calculation is done # on the win_copy action plugin and is only run if a change needs to occur if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot expand src zip file: '$src' as it does not exist" } # Detect if the PS zip assemblies are available or whether to use Shell $use_legacy = $false try { Add-Type -AssemblyName System.IO.Compression.FileSystem | Out-Null Add-Type -AssemblyName System.IO.Compression | Out-Null } catch { $use_legacy = $true } if ($use_legacy) { Extract-ZipLegacy -src $src -dest $dest } else { Extract-Zip -src $src -dest $dest } $result.changed = $true } elseif ($copy_mode -eq "remote") { # all copy actions are happening on the remote side (windows host), need # too copy source and dest using PS code $result.src = $src $result.dest = $dest if (-not (Test-Path -Path $src)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } if (Test-Path -Path $src -PathType Container) { # we are copying a directory or the contents of a directory $result.operation = 'folder_copy' if ($src.EndsWith("/") -or $src.EndsWith("`\")) { # copying the folder's contents to dest $diff = "" $child_files = Get-ChildItem -Path $src -Force foreach ($child_file in $child_files) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_file.Name if ($child_file.PSIsContainer) { $diff += Copy-Folder -source $child_file.FullName -dest $dest_child_path } else { $diff += (Copy-File -source $child_file.FullName -dest $dest_child_path).diff } } } else { # copying the folder and it's contents to dest $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest $diff = Copy-Folder -source $src -dest $dest } } else { # we are just copying a single file to dest $result.operation = 'file_copy' $source_basename = (Get-Item -Path $src -Force).Name $result.original_basename = $source_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\")) { $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest } else { # check if the parent dir exists, this is only done if src is a # file and dest if the path to a file (doesn't end with \ or /) $parent_dir = Split-Path -Path $dest if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } $copy_result = Copy-File -source $src -dest $dest $diff = $copy_result.diff $result.checksum = $copy_result.checksum } # the file might not exist if running in check mode if (-not $check_mode -or (Test-Path -Path $dest -PathType Leaf)) { $result.size = Get-FileSize -path $dest } else { $result.size = $null } if ($diff_mode) { $result.diff.prepared = $diff } } elseif ($copy_mode -eq "single") { # a single file is located in src and we need to copy to dest, this will # always result in a change as the calculation is done on the Ansible side # before this is run. This should also never run in check mode if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } # the dest parameter is a directory, we need to append original_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\") -or (Test-Path -Path $dest -PathType Container)) { $remote_dest = Join-Path -Path $dest -ChildPath $original_basename $parent_dir = Split-Path -Path $remote_dest # when dest ends with /, we need to create the destination directories if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { New-Item -Path $parent_dir -ItemType Directory | Out-Null } } else { $remote_dest = $dest $parent_dir = Split-Path -Path $remote_dest # check if the dest parent dirs exist, need to fail if they don't if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } Copy-Item -Path $src -Destination $remote_dest -Force | Out-Null $result.changed = $true } Exit-Json -obj $result ScriptBlock ID: 3dae9529-d566-4ae2-bdcb-5d34882936bf Path:	4104	1		3	2	15	0	1313	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4636	5028	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:46 PM	7f70462d-725d-0000-c058-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 56866c2a-7fe1-490c-9147-6063ca931a50 Path:	4104	1		3	2	15	0	1312	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4636	3712	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:45 PM	7f70462d-725d-0000-b358-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 45e90915-5107-4528-b20f-49dd70c30f3b Path:	4104	1		3	2	15	0	1311	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4636	3712	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:45 PM	7f70462d-725d-0000-a458-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): gICAkcmVzdWx0LmNoZWNrc3VtID0gJGNvcHlfcmVzdWx0LmNoZWNrc3VtCiAgICB9CgogICAgIyB0aGUgZmlsZSBtaWdodCBub3QgZXhpc3QgaWYgcnVubmluZyBpbiBjaGVjayBtb2RlCiAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSAtb3IgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikpIHsKICAgICAgICAkcmVzdWx0LnNpemUgPSBHZXQtRmlsZVNpemUgLXBhdGggJGRlc3QKICAgIH0gZWxzZSB7CiAgICAgICAgJHJlc3VsdC5zaXplID0gJG51bGwKICAgIH0KICAgIGlmICgkZGlmZl9tb2RlKSB7CiAgICAgICAgJHJlc3VsdC5kaWZmLnByZXBhcmVkID0gJGRpZmYKICAgIH0KfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJzaW5nbGUiKSB7CiAgICAjIGEgc2luZ2xlIGZpbGUgaXMgbG9jYXRlZCBpbiBzcmMgYW5kIHdlIG5lZWQgdG8gY29weSB0byBkZXN0LCB0aGlzIHdpbGwKICAgICMgYWx3YXlzIHJlc3VsdCBpbiBhIGNoYW5nZSBhcyB0aGUgY2FsY3VsYXRpb24gaXMgZG9uZSBvbiB0aGUgQW5zaWJsZSBzaWRlCiAgICAjIGJlZm9yZSB0aGlzIGlzIHJ1bi4gVGhpcyBzaG91bGQgYWxzbyBuZXZlciBydW4gaW4gY2hlY2sgbW9kZQogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBMZWFmKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgIyB0aGUgZGVzdCBwYXJhbWV0ZXIgaXMgYSBkaXJlY3RvcnksIHdlIG5lZWQgdG8gYXBwZW5kIG9yaWdpbmFsX2Jhc2VuYW1lCiAgICBpZiAoJGRlc3QuRW5kc1dpdGgoIi8iKSAtb3IgJGRlc3QuRW5kc1dpdGgoImBcIikgLW9yIChUZXN0LVBhdGggLVBhdGggJGRlc3QgLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAkcmVtb3RlX2Rlc3QgPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkb3JpZ2luYWxfYmFzZW5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgd2hlbiBkZXN0IGVuZHMgd2l0aCAvLCB3ZSBuZWVkIHRvIGNyZWF0ZSB0aGUgZGVzdGluYXRpb24gZGlyZWN0b3JpZXMKICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXJlbnRfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHJlbW90ZV9kZXN0ID0gJGRlc3QKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgY2hlY2sgaWYgdGhlIGRlc3QgcGFyZW50IGRpcnMgZXhpc3QsIG5lZWQgdG8gZmFpbCBpZiB0aGV5IGRvbid0CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJvYmplY3QgYXQgZGVzdGluYXRpb24gcGFyZW50IGRpciAnJHBhcmVudF9kaXInIGlzIGN1cnJlbnRseSBhIGZpbGUiCiAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJEZXN0aW5hdGlvbiBkaXJlY3RvcnkgJyRwYXJlbnRfZGlyJyBkb2VzIG5vdCBleGlzdCIKICAgICAgICB9CiAgICB9CgogICAgQ29weS1JdGVtIC1QYXRoICRzcmMgLURlc3RpbmF0aW9uICRyZW1vdGVfZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_copy_mode": "single", "_ansible_remote_tmp": "%TEMP%", "_ansible_syslog_facility": "LOG_USER", "_ansible_keep_remote_files": false, "_ansible_socket": null, "_original_basename": "pip-install-nova.log", "_ansible_check_mode": false, "src": "C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1625573744.0-272094080135992\\source", "_ansible_no_log": false, "_ansible_module_name": "copy", "_ansible_verbosity": 2, "dest": "c:\\openstack\\log\\pip-install-nova.log", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_tmpdir": "'C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1625573744.0-272094080135992'"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: aa873a84-f91d-4cf4-b378-3fadd8c25dbe Path:	4104	1		3	2	15	0	1310	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4636	3712	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:45 PM	7f70462d-725d-0001-7550-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): gICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgZnJvbSAnJHNvdXJjZScgdG8gJyRkZXN0JzogZGVzdCBpcyBhbHJlYWR5IGEgZmlsZSIKICAgICAgICB9CgogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBDb250YWluZXIgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgJGRpZmYgKz0gIiskZGVzdFxgbiIKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQoKICAgICRjaGlsZF9pdGVtcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJHNvdXJjZSAtRm9yY2UKICAgIGZvcmVhY2ggKCRjaGlsZF9pdGVtIGluICRjaGlsZF9pdGVtcykgewogICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfaXRlbS5OYW1lCiAgICAgICAgaWYgKCRjaGlsZF9pdGVtLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgJGRpZmYgKz0gKENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgIH0KICAgIH0KCiAgICByZXR1cm4gJGRpZmYKfQoKRnVuY3Rpb24gR2V0LUZpbGVTaXplKCRwYXRoKSB7CiAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRwYXRoIC1Gb3JjZQogICAgJHNpemUgPSAkbnVsbAogICAgaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAkZGlyX2ZpbGVzX3N1bSA9IEdldC1DaGlsZEl0ZW0gJGZpbGUuRnVsbE5hbWUgLVJlY3Vyc2UKICAgICAgICBpZiAoJGRpcl9maWxlc19zdW0gLWVxICRudWxsIC1vciAoJGRpcl9maWxlc19zdW0uUFNPYmplY3QuUHJvcGVydGllcy5uYW1lIC1jb250YWlucyAnbGVuZ3RoJyAtZXEgJGZhbHNlKSkgewogICAgICAgICAgICAkc2l6ZSA9IDAKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkc2l6ZSA9ICgkZGlyX2ZpbGVzX3N1bSB8IE1lYXN1cmUtT2JqZWN0IC1wcm9wZXJ0eSBsZW5ndGggLXN1bSkuU3VtCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkc2l6ZSA9ICRmaWxlLkxlbmd0aAogICAgfQoKICAgICRzaXplCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwKCRzcmMsICRkZXN0KSB7CiAgICAkYXJjaGl2ZSA9IFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZV06Ok9wZW4oJHNyYywgW1N5c3RlbS5JTy5Db21wcmVzc2lvbi5aaXBBcmNoaXZlTW9kZV06OlJlYWQsIFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjgpCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJGFyY2hpdmUuRW50cmllcykgewogICAgICAgICRhcmNoaXZlX25hbWUgPSAkZW50cnkuRnVsbE5hbWUKCiAgICAgICAgIyBGdWxsTmFtZSBtYXkgYmUgYXBwZW5kZWQgd2l0aCAvIG9yIFwsIGRldGVybWluZSBpZiBpdCBpcyBwYWRkZWQgYW5kIHJlbW92ZSBpdAogICAgICAgICRwYWRkaW5nX2xlbmd0aCA9ICRhcmNoaXZlX25hbWUuTGVuZ3RoICUgNAogICAgICAgIGlmICgkcGFkZGluZ19sZW5ndGggLWVxIDApIHsKICAgICAgICAgICAgJGlzX2RpciA9ICRmYWxzZQogICAgICAgICAgICAkYmFzZTY0X25hbWUgPSAkYXJjaGl2ZV9uYW1lCiAgICAgICAgfSBlbHNlaWYgKCRwYWRkaW5nX2xlbmd0aCAtZXEgMSkgewogICAgICAgICAgICAkaXNfZGlyID0gJHRydWUKICAgICAgICAgICAgaWYgKCRhcmNoaXZlX25hbWUuRW5kc1dpdGgoIi8iKSAtb3IgJGFyY2hpdmVfbmFtZS5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAgICAgJGJhc2U2NF9uYW1lID0gJGFyY2hpdmVfbmFtZS5TdWJzdHJpbmcoMCwgJGFyY2hpdmVfbmFtZS5MZW5ndGggLSAxKQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgdGhyb3cgImludmFsaWQgYmFzZTY0IGFyY2hpdmUgbmFtZSAnJGFyY2hpdmVfbmFtZSciCiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICB0aHJvdyAiaW52YWxpZCBiYXNlNjQgbGVuZ3RoICckYXJjaGl2ZV9uYW1lJyIKICAgICAgICB9CgogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGJhc2U2NF9uYW1lKSkKICAgICAgICAjIHJlLWFkZCB0aGUgLyB0byB0aGUgZW50cnkgZnVsbCBuYW1lIGlmIGl0IHdhcyBhIGRpcmVjdG9yeQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9ICIkZGVjb2RlZF9hcmNoaXZlX25hbWUvIgogICAgICAgIH0KICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX25hbWUpCiAgICAgICAgJGVudHJ5X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGVudHJ5X3RhcmdldF9wYXRoKQoKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRlbnRyeV9kaXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRlbnRyeV9kaXIgLUl0ZW1UeXBlIERpcmVjdG9yeSAtV2hhdElmOiRjaGVja19tb2RlIHwgT3V0LU51bGwKICAgICAgICB9CgogICAgICAgIGlmICgkaXNfZGlyIC1lcSAkZmFsc2UpIHsKICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgICAgIFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZUV4dGVuc2lvbnNdOjpFeHRyYWN0VG9GaWxlKCRlbnRyeSwgJGVudHJ5X3RhcmdldF9wYXRoLCAkdHJ1ZSkKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KICAgICRhcmNoaXZlLkRpc3Bvc2UoKSAgIyByZWxlYXNlIHRoZSBoYW5kbGUgb2YgdGhlIHppcCBmaWxlCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwTGVnYWN5KCRzcmMsICRkZXN0KSB7CiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0KSkgewogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICB9CiAgICAkc2hlbGwgPSBOZXctT2JqZWN0IC1Db21PYmplY3QgU2hlbGwuQXBwbGljYXRpb24KICAgICR6aXAgPSAkc2hlbGwuTmFtZVNwYWNlKCRzcmMpCiAgICAkZGVzdF9wYXRoID0gJHNoZWxsLk5hbWVTcGFjZSgkZGVzdCkKCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJHppcC5JdGVtcygpKSB7CiAgICAgICAgJGlzX2RpciA9ICRlbnRyeS5Jc0ZvbGRlcgogICAgICAgICRlbmNvZGVkX2FyY2hpdmVfZW50cnkgPSAkZW50cnkuTmFtZQogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRlbmNvZGVkX2FyY2hpdmVfZW50cnkpKQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSAiJGRlY29kZWRfYXJjaGl2ZV9lbnRyeS8iCiAgICAgICAgfQoKICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX2VudHJ5KQogICAgICAgICRlbnRyeV9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRlbnRyeV90YXJnZXRfcGF0aCkKCiAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkZW50cnlfZGlyKSkgewogICAgICAgICAgICBOZXctSXRlbSAtUGF0aCAkZW50cnlfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfQoKICAgICAgICBpZiAoJGlzX2RpciAtZXEgJGZhbHNlIC1hbmQgKC1ub3QgJGNoZWNrX21vZGUpKSB7CiAgICAgICAgICAgICMgaHR0cHM6Ly9tc2RuLm1pY3Jvc29mdC5jb20vZW4tdXMvbGlicmFyeS93aW5kb3dzL2Rlc2t0b3AvYmI3ODc4NjYuYXNweAogICAgICAgICAgICAjIEZyb20gRm9sZGVyLkNvcHlIZXJlIGRvY3VtZW50YXRpb24sIDEwNDQgbWVhbnM6CiAgICAgICAgICAgICMgIC0gMTAyNDogZG8gbm90IGRpc3BsYXkgYSB1c2VyIGludGVyZmFjZSBpZiBhbiBlcnJvciBvY2N1cnMKICAgICAgICAgICAgIyAgLSAgIDE2OiByZXNwb25kIHdpdGggInllcyB0byBhbGwiIGZvciBhbnkgZGlhbG9nIGJveCB0aGF0IGlzIGRpc3BsYXllZAogICAgICAgICAgICAjICAtICAgIDQ6IGRvIG5vdCBkaXNwbGF5IGEgcHJvZ3Jlc3MgZGlhbG9nIGJveAogICAgICAgICAgICAkZGVzdF9wYXRoLkNvcHlIZXJlKCRlbnRyeSwgMTA0NCkKCiAgICAgICAgICAgICMgb25jZSBmaWxlIGlzIGV4dHJhY2VkLCB3ZSBuZWVkIHRvIHJlbmFtZSBpdCB3aXRoIG5vbiBiYXNlNjQgbmFtZQogICAgICAgICAgICAkY29tYmluZWRfZW5jb2RlZF9wYXRoID0gW1N5c3RlbS5JTy5QYXRoXTo6Q29tYmluZSgkZGVzdCwgJGVuY29kZWRfYXJjaGl2ZV9lbnRyeSkKICAgICAgICAgICAgTW92ZS1JdGVtIC1QYXRoICRjb21iaW5lZF9lbmNvZGVkX3BhdGggLURlc3RpbmF0aW9uICRlbnRyeV90YXJnZXRfcGF0aCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0KfQoKaWYgKCRjb3B5X21vZGUgLWVxICJxdWVyeSIpIHsKICAgICMgd2Ugb25seSByZXR1cm4gYSBsaXN0IG9mIGZpbGVzL2RpcmVjdG9yaWVzIHRoYXQgbmVlZCB0byBiZSBjb3BpZWQgb3ZlcgogICAgIyB0aGUgc291cmNlIG9mIHRoZSBsb2NhbCBmaWxlIHdpbGwgYmUgdGhlIGtleSB1c2VkCiAgICAkY2hhbmdlZF9maWxlcyA9IEAoKQogICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgPSBAKCkKICAgICRjaGFuZ2VkX3N5bWxpbmtzID0gQCgpCgogICAgZm9yZWFjaCAoJGZpbGUgaW4gJGZpbGVzKSB7CiAgICAgICAgJGZpbGVuYW1lID0gJGZpbGUuZGVzdAogICAgICAgICRsb2NhbF9jaGVja3N1bSA9ICRmaWxlLmNoZWNrc3VtCgogICAgICAgICRmaWxlcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoICRmaWxlbmFtZQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGZpbGVwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAgICAgICAgICRjaGVja3N1bSA9IEdldC1GaWxlQ2hlY2tzdW0gLXBhdGggJGZpbGVwYXRoCiAgICAgICAgICAgICAgICBpZiAoJGNoZWNrc3VtIC1uZSAkbG9jYWxfY2hlY2tzdW0pIHsKICAgICAgICAgICAgICAgICAgICAkd2lsbF9jaGFuZ2UgPSAkdHJ1ZQogICAgICAgICAgICAgICAgICAgICRjaGFuZ2VkX2ZpbGVzICs9ICRmaWxlCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRmaWxlcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZpbGUgdG8gZGVzdCAnJGZpbGVwYXRoJzogb2JqZWN0IGF0IHBhdGggaXMgYWxyZWFkeSBhIGRpcmVjdG9yeSIKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkY2hhbmdlZF9maWxlcyArPSAkZmlsZQogICAgICAgIH0KICAgIH0KCiAgICBmb3JlYWNoICgkZGlyZWN0b3J5IGluICRkaXJlY3RvcmllcykgewogICAgICAgICRkaXJuYW1lID0gJGRpcmVjdG9yeS5kZXN0CgogICAgICAgICRkaXJwYXRoID0gSm9pbi1QYXRoIC1QYXRoICRkZXN0IC1DaGlsZFBhdGggJGRpcm5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGRpcnBhdGgpCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgdG8gZGVzdCAnJGRpcnBhdGgnOiBvYmplY3QgYXQgcGFyZW50IGRpcmVjdG9yeSBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0KICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRkaXJwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZvbGRlciB0byBkZXN0ICckZGlycGF0aCc6IG9iamVjdCBhdCBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0gZWxzZWlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGRpcnBhdGggLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAgICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgKz0gJGRpcmVjdG9yeQogICAgICAgIH0KICAgIH0KCiAgICAjIFRPRE86IEhhbmRsZSBzeW1saW5rcwoKICAgICRyZXN1bHQuZmlsZXMgPSAkY2hhbmdlZF9maWxlcwogICAgJHJlc3VsdC5kaXJlY3RvcmllcyA9ICRjaGFuZ2VkX2RpcmVjdG9yaWVzCiAgICAkcmVzdWx0LnN5bWxpbmtzID0gJGNoYW5nZWRfc3ltbGlua3MKfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJleHBsb2RlIikgewogICAgIyBhIHNpbmdsZSB6aXAgZmlsZSBjb250YWluaW5nIHRoZSBmaWxlcyBhbmQgZGlyZWN0b3JpZXMgbmVlZHMgdG8gYmUKICAgICMgZXhwYW5kZWQgdGhpcyB3aWxsIGFsd2F5cyByZXN1bHQgaW4gYSBjaGFuZ2UgYXMgdGhlIGNhbGN1bGF0aW9uIGlzIGRvbmUKICAgICMgb24gdGhlIHdpbl9jb3B5IGFjdGlvbiBwbHVnaW4gYW5kIGlzIG9ubHkgcnVuIGlmIGEgY2hhbmdlIG5lZWRzIHRvIG9jY3VyCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRzcmMgLVBhdGhUeXBlIExlYWYpKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiQ2Fubm90IGV4cGFuZCBzcmMgemlwIGZpbGU6ICckc3JjJyBhcyBpdCBkb2VzIG5vdCBleGlzdCIKICAgIH0KCiAgICAjIERldGVjdCBpZiB0aGUgUFMgemlwIGFzc2VtYmxpZXMgYXJlIGF2YWlsYWJsZSBvciB3aGV0aGVyIHRvIHVzZSBTaGVsbAogICAgJHVzZV9sZWdhY3kgPSAkZmFsc2UKICAgIHRyeSB7CiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24uRmlsZVN5c3RlbSB8IE91dC1OdWxsCiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24gfCBPdXQtTnVsbAogICAgfSBjYXRjaCB7CiAgICAgICAgJHVzZV9sZWdhY3kgPSAkdHJ1ZQogICAgfQogICAgaWYgKCR1c2VfbGVnYWN5KSB7CiAgICAgICAgRXh0cmFjdC1aaXBMZWdhY3kgLXNyYyAkc3JjIC1kZXN0ICRkZXN0CiAgICB9IGVsc2UgewogICAgICAgIEV4dHJhY3QtWmlwIC1zcmMgJHNyYyAtZGVzdCAkZGVzdAogICAgfQoKICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCn0gZWxzZWlmICgkY29weV9tb2RlIC1lcSAicmVtb3RlIikgewogICAgIyBhbGwgY29weSBhY3Rpb25zIGFyZSBoYXBwZW5pbmcgb24gdGhlIHJlbW90ZSBzaWRlICh3aW5kb3dzIGhvc3QpLCBuZWVkCiAgICAjIHRvbyBjb3B5IHNvdXJjZSBhbmQgZGVzdCB1c2luZyBQUyBjb2RlCiAgICAkcmVzdWx0LnNyYyA9ICRzcmMKICAgICRyZXN1bHQuZGVzdCA9ICRkZXN0CgogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBDb250YWluZXIpIHsKICAgICAgICAjIHdlIGFyZSBjb3B5aW5nIGEgZGlyZWN0b3J5IG9yIHRoZSBjb250ZW50cyBvZiBhIGRpcmVjdG9yeQogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZvbGRlcl9jb3B5JwogICAgICAgIGlmICgkc3JjLkVuZHNXaXRoKCIvIikgLW9yICRzcmMuRW5kc1dpdGgoImBcIikpIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIncyBjb250ZW50cyB0byBkZXN0CiAgICAgICAgICAgICRkaWZmID0gIiIKICAgICAgICAgICAgJGNoaWxkX2ZpbGVzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZQogICAgICAgICAgICBmb3JlYWNoICgkY2hpbGRfZmlsZSBpbiAkY2hpbGRfZmlsZXMpIHsKICAgICAgICAgICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfZmlsZS5OYW1lCiAgICAgICAgICAgICAgICBpZiAoJGNoaWxkX2ZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgICAgICRkaWZmICs9IENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aAogICAgICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIgYW5kIGl0J3MgY29udGVudHMgdG8gZGVzdAogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgICAgICAkZGlmZiA9IENvcHktRm9sZGVyIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgIyB3ZSBhcmUganVzdCBjb3B5aW5nIGEgc2luZ2xlIGZpbGUgdG8gZGVzdAogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZpbGVfY29weScKCiAgICAgICAgJHNvdXJjZV9iYXNlbmFtZSA9IChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICRyZXN1bHQub3JpZ2luYWxfYmFzZW5hbWUgPSAkc291cmNlX2Jhc2VuYW1lCgogICAgICAgIGlmICgkZGVzdC5FbmRzV2l0aCgiLyIpIC1vciAkZGVzdC5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICMgY2hlY2sgaWYgdGhlIHBhcmVudCBkaXIgZXhpc3RzLCB0aGlzIGlzIG9ubHkgZG9uZSBpZiBzcmMgaXMgYQogICAgICAgICAgICAjIGZpbGUgYW5kIGRlc3QgaWYgdGhlIHBhdGggdG8gYSBmaWxlIChkb2Vzbid0IGVuZCB3aXRoIFwgb3IgLykKICAgICAgICAgICAgJHBhcmVudF9kaXIgPSBTcGxpdC1QYXRoIC1QYXRoICRkZXN0CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRGVzdGluYXRpb24gZGlyZWN0b3J5ICckcGFyZW50X2RpcicgZG9lcyBub3QgZXhpc3QiCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgJGNvcHlfcmVzdWx0ID0gQ29weS1GaWxlIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgICRkaWZmID0gJGNvcHlfcmVzdWx0LmRpZmYKICAgICA ScriptBlock ID: aa873a84-f91d-4cf4-b378-3fadd8c25dbe Path:	4104	1		3	2	15	0	1309	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4636	3712	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:45 PM	7f70462d-725d-0001-7550-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): cGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTUsIEpvbiBIYXdrZXN3b3J0aCAoQGpoYXdrZXN3b3J0aCkgPGZpZ3NAdW5pdHkuZGVtb24uY28udWs+CiMgQ29weXJpZ2h0OiAoYykgMjAxNywgQW5zaWJsZSBQcm9qZWN0CiMgR05VIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgdjMuMCsgKHNlZSBDT1BZSU5HIG9yIGh0dHBzOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvZ3BsLTMuMC50eHQpCgojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxlZ2FjeQoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKJHBhcmFtcyA9IFBhcnNlLUFyZ3MgLWFyZ3VtZW50cyAkYXJncyAtc3VwcG9ydHNfY2hlY2tfbW9kZSAkdHJ1ZQokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtdHlwZSAiYm9vbCIgLWRlZmF1bHQgJGZhbHNlCiRkaWZmX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfZGlmZiIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQoKIyB0aGVyZSBhcmUgNCBtb2RlcyB0byB3aW5fY29weSB3aGljaCBhcmUgZHJpdmVuIGJ5IHRoZSBhY3Rpb24gcGx1Z2luczoKIyAgIGV4cGxvZGU6IHNyYyBpcyBhIHppcCBmaWxlIHdoaWNoIG5lZWRzIHRvIGJlIGV4dHJhY3RlZCB0byBkZXN0LCBmb3IgdXNlIHdpdGggbXVsdGlwbGUgZmlsZXMKIyAgIHF1ZXJ5OiB3aW5fY29weSBhY3Rpb24gcGx1Z2luIHdhbnRzIHRvIGdldCB0aGUgc3RhdGUgb2YgcmVtb3RlIGZpbGVzIHRvIGNoZWNrIHdoZXRoZXIgaXQgbmVlZHMgdG8gc2VuZCB0aGVtCiMgICByZW1vdGU6IGFsbCBjb3B5IGFjdGlvbiBpcyBoYXBwZW5pbmcgcmVtb3RlbHkgKHJlbW90ZV9zcmM9VHJ1ZSkKIyAgIHNpbmdsZTogYSBzaW5nbGUgZmlsZSBoYXMgYmVlbiBjb3BpZWQsIGFsc28gdXNlZCB3aXRoIHRlbXBsYXRlCiRjb3B5X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2NvcHlfbW9kZSIgLXR5cGUgInN0ciIgLWRlZmF1bHQgInNpbmdsZSIgLXZhbGlkYXRlc2V0ICJleHBsb2RlIiwicXVlcnkiLCJyZW1vdGUiLCJzaW5nbGUiCgojIHVzZWQgaW4gZXhwbG9kZSwgcmVtb3RlIGFuZCBzaW5nbGUgbW9kZQokc3JjID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInNyYyIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAoJGNvcHlfbW9kZSAtaW4gQCgiZXhwbG9kZSIsInByb2Nlc3MiLCJzaW5nbGUiKSkKJGRlc3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGVzdCIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAkdHJ1ZQoKIyB1c2VkIGluIHNpbmdsZSBtb2RlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCgojIHVzZWQgaW4gcXVlcnkgYW5kIHJlbW90ZSBtb2RlCiRmb3JjZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmb3JjZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCgojIHVzZWQgaW4gcXVlcnkgbW9kZSwgY29udGFpbnMgdGhlIGxvY2FsIGZpbGVzL2RpcmVjdG9yaWVzL3N5bWxpbmtzIHRoYXQgYXJlIHRvIGJlIGNvcGllZAokZmlsZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZmlsZXMiIC10eXBlICJsaXN0IgokZGlyZWN0b3JpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGlyZWN0b3JpZXMiIC10eXBlICJsaXN0Igokc3ltbGlua3MgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3ltbGlua3MiIC10eXBlICJsaXN0IgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCn0KCmlmICgkZGlmZl9tb2RlKSB7CiAgICAkcmVzdWx0LmRpZmYgPSBAe30KfQoKRnVuY3Rpb24gQ29weS1GaWxlKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9maWxlID0gJGZhbHNlCiAgICAkc291cmNlX2NoZWNrc3VtID0gJG51bGwKICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAkc291cmNlX2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkc291cmNlCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBkZXN0IGlzIGFscmVhZHkgYSBmb2xkZXIiCiAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgaWYgKCRmb3JjZSkgewogICAgICAgICAgICAkdGFyZ2V0X2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkZGVzdAogICAgICAgICAgICBpZiAoJHNvdXJjZV9jaGVja3N1bSAtbmUgJHRhcmdldF9jaGVja3N1bSkgewogICAgICAgICAgICAgICAgJGNvcHlfZmlsZSA9ICR0cnVlCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICRjb3B5X2ZpbGUgPSAkdHJ1ZQogICAgfQoKICAgIGlmICgkY29weV9maWxlKSB7CiAgICAgICAgJGZpbGVfZGlyID0gW1N5c3RlbS5JTy5QYXRoXTo6R2V0RGlyZWN0b3J5TmFtZSgkZGVzdCkKICAgICAgICAjIHZhbGlkYXRlIHRoZSBwYXJlbnQgZGlyIGlzIG5vdCBhIGZpbGUgYW5kIHRoYXQgaXQgZXhpc3RzCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZmlsZV9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRmaWxlX2RpcikpIHsKICAgICAgICAgICAgIyBkaXJlY3RvcnkgZG9lc24ndCBleGlzdCwgbmVlZCB0byBjcmVhdGUKICAgICAgICAgICAgTmV3LUl0ZW0gLVBhdGggJGZpbGVfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICIrJGZpbGVfZGlyXGBuIgogICAgICAgIH0KCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBSZW1vdmUtSXRlbSAtUGF0aCAkZGVzdCAtRm9yY2UgLVJlY3Vyc2UgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICItJGRlc3RgbiIKICAgICAgICB9CgogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICMgY2Fubm90IHJ1biB3aXRoIC1XaGF0SWY6JGNoZWNrX21vZGUgYXMgaWYgdGhlIHBhcmVudCBkaXIgZGlkbid0CiAgICAgICAgICAgICMgZXhpc3QgYW5kIHdhcyBjcmVhdGVkIGFib3ZlIHdvdWxkIHN0aWxsIG5vdCBleGlzdCBpbiBjaGVjayBtb2RlCiAgICAgICAgICAgIENvcHktSXRlbSAtUGF0aCAkc291cmNlIC1EZXN0aW5hdGlvbiAkZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgICAgICAkZGlmZiArPSAiKyRkZXN0YG4iCgogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgIyB1Z2x5IGJ1dCB0byBzYXZlIHVzIGZyb20gcnVubmluZyB0aGUgY2hlY2tzdW0gdHdpY2UsIGxldCdzIHJldHVybiBpdCBmb3IKICAgICMgdGhlIG1haW4gY29kZSB0byBhZGQgaXQgdG8gJHJlc3VsdAogICAgcmV0dXJuICxAeyBkaWZmID0gJGRpZmY7IGNoZWNrc3VtID0gJHNvdXJjZV9jaGVja3N1bSB9Cn0KCkZ1bmN0aW9uIENvcHktRm9sZGVyKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9mb2xkZXIgPSAkZmFsc2UKCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgJHBhcmVudF9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRkZXN0KQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICA ScriptBlock ID: aa873a84-f91d-4cf4-b378-3fadd8c25dbe Path:	4104	1		3	2	15	0	1308	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4636	3712	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:45 PM	7f70462d-725d-0001-7550-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUg ScriptBlock ID: aa873a84-f91d-4cf4-b378-3fadd8c25dbe Path:	4104	1		3	2	15	0	1307	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4636	3712	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:45 PM	7f70462d-725d-0001-7550-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1306	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4636	516	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:45 PM	7f70462d-725d-0004-b864-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4636 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1305	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4636	4272	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:45 PM	7f70462d-725d-0004-b864-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1304	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4636	516	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:45 PM	7f70462d-725d-0004-b864-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): begin { $path = 'C:\Users\Admin\AppData\Local\Temp\ansible-tmp-1625573744.0-272094080135992\source' $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 $fd = [System.IO.File]::Create($path) $sha1 = [System.Security.Cryptography.SHA1CryptoServiceProvider]::Create() $bytes = @() #initialize for empty file case } process { $bytes = [System.Convert]::FromBase64String($input) $sha1.TransformBlock($bytes, 0, $bytes.Length, $bytes, 0) | Out-Null $fd.Write($bytes, 0, $bytes.Length) } end { $sha1.TransformFinalBlock($bytes, 0, 0) | Out-Null $hash = [System.BitConverter]::ToString($sha1.Hash).Replace("-", "").ToLowerInvariant() $fd.Close() Write-Output "{""sha1"":""$hash""}" } ScriptBlock ID: 44019ea8-fc67-486b-97f9-8921307fec17 Path:	4104	1		3	2	15	0	1303	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4424	4860	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:44 PM	7f70462d-725d-0004-ad64-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1302	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4424	1032	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:44 PM	7f70462d-725d-0004-ab64-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4424 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1301	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4424	5056	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:44 PM	7f70462d-725d-0004-ab64-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1300	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4424	1032	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:44 PM	7f70462d-725d-0004-ab64-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1299	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3968	1692	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:44 PM	7f70462d-725d-0004-a764-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3968 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1298	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3968	4536	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:44 PM	7f70462d-725d-0004-a764-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1297	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3968	1692	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:44 PM	7f70462d-725d-0004-a764-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1296	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4396	2556	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:44 PM	7f70462d-725d-0004-a664-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4396 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1295	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4396	5036	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:44 PM	7f70462d-725d-0004-a664-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1294	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4396	2556	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:44 PM	7f70462d-725d-0004-a664-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2015, Jon Hawkesworth (@jhawkesworth) <figs@unity.demon.co.uk> # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = 'Stop' $params = Parse-Args -arguments $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false $diff_mode = Get-AnsibleParam -obj $params -name "_ansible_diff" -type "bool" -default $false # there are 4 modes to win_copy which are driven by the action plugins: # explode: src is a zip file which needs to be extracted to dest, for use with multiple files # query: win_copy action plugin wants to get the state of remote files to check whether it needs to send them # remote: all copy action is happening remotely (remote_src=True) # single: a single file has been copied, also used with template $copy_mode = Get-AnsibleParam -obj $params -name "_copy_mode" -type "str" -default "single" -validateset "explode","query","remote","single" # used in explode, remote and single mode $src = Get-AnsibleParam -obj $params -name "src" -type "path" -failifempty ($copy_mode -in @("explode","process","single")) $dest = Get-AnsibleParam -obj $params -name "dest" -type "path" -failifempty $true # used in single mode $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" # used in query and remote mode $force = Get-AnsibleParam -obj $params -name "force" -type "bool" -default $true # used in query mode, contains the local files/directories/symlinks that are to be copied $files = Get-AnsibleParam -obj $params -name "files" -type "list" $directories = Get-AnsibleParam -obj $params -name "directories" -type "list" $symlinks = Get-AnsibleParam -obj $params -name "symlinks" -type "list" $result = @{ changed = $false } if ($diff_mode) { $result.diff = @{} } Function Copy-File($source, $dest) { $diff = "" $copy_file = $false $source_checksum = $null if ($force) { $source_checksum = Get-FileChecksum -path $source } if (Test-Path -Path $dest -PathType Container) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': dest is already a folder" } elseif (Test-Path -Path $dest -PathType Leaf) { if ($force) { $target_checksum = Get-FileChecksum -path $dest if ($source_checksum -ne $target_checksum) { $copy_file = $true } } } else { $copy_file = $true } if ($copy_file) { $file_dir = [System.IO.Path]::GetDirectoryName($dest) # validate the parent dir is not a file and that it exists if (Test-Path -Path $file_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } elseif (-not (Test-Path -Path $file_dir)) { # directory doesn't exist, need to create New-Item -Path $file_dir -ItemType Directory -WhatIf:$check_mode | Out-Null $diff += "+$file_dir\`n" } if (Test-Path -Path $dest -PathType Leaf) { Remove-Item -Path $dest -Force -Recurse -WhatIf:$check_mode | Out-Null $diff += "-$dest`n" } if (-not $check_mode) { # cannot run with -WhatIf:$check_mode as if the parent dir didn't # exist and was created above would still not exist in check mode Copy-Item -Path $source -Destination $dest -Force | Out-Null } $diff += "+$dest`n" $result.changed = $true } # ugly but to save us from running the checksum twice, let's return it for # the main code to add it to $result return ,@{ diff = $diff; checksum = $source_checksum } } Function Copy-Folder($source, $dest) { $diff = "" $copy_folder = $false if (-not (Test-Path -Path $dest -PathType Container)) { $parent_dir = [System.IO.Path]::GetDirectoryName($dest) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } if (Test-Path -Path $dest -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder from '$source' to '$dest': dest is already a file" } New-Item -Path $dest -ItemType Container -WhatIf:$check_mode | Out-Null $diff += "+$dest\`n" $result.changed = $true } $child_items = Get-ChildItem -Path $source -Force foreach ($child_item in $child_items) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_item.Name if ($child_item.PSIsContainer) { $diff += (Copy-Folder -source $child_item.Fullname -dest $dest_child_path) } else { $diff += (Copy-File -source $child_item.Fullname -dest $dest_child_path).diff } } return $diff } Function Get-FileSize($path) { $file = Get-Item -Path $path -Force $size = $null if ($file.PSIsContainer) { $dir_files_sum = Get-ChildItem $file.FullName -Recurse if ($dir_files_sum -eq $null -or ($dir_files_sum.PSObject.Properties.name -contains 'length' -eq $false)) { $size = 0 } else { $size = ($dir_files_sum | Measure-Object -property length -sum).Sum } } else { $size = $file.Length } $size } Function Extract-Zip($src, $dest) { $archive = [System.IO.Compression.ZipFile]::Open($src, [System.IO.Compression.ZipArchiveMode]::Read, [System.Text.Encoding]::UTF8) foreach ($entry in $archive.Entries) { $archive_name = $entry.FullName # FullName may be appended with / or \, determine if it is padded and remove it $padding_length = $archive_name.Length % 4 if ($padding_length -eq 0) { $is_dir = $false $base64_name = $archive_name } elseif ($padding_length -eq 1) { $is_dir = $true if ($archive_name.EndsWith("/") -or $archive_name.EndsWith("`\")) { $base64_name = $archive_name.Substring(0, $archive_name.Length - 1) } else { throw "invalid base64 archive name '$archive_name'" } } else { throw "invalid base64 length '$archive_name'" } # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_name = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_name)) # re-add the / to the entry full name if it was a directory if ($is_dir) { $decoded_archive_name = "$decoded_archive_name/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_name) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false) { if (-not $check_mode) { [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $entry_target_path, $true) } } } $archive.Dispose() # release the handle of the zip file } Function Extract-ZipLegacy($src, $dest) { if (-not (Test-Path -Path $dest)) { New-Item -Path $dest -ItemType Directory -WhatIf:$check_mode | Out-Null } $shell = New-Object -ComObject Shell.Application $zip = $shell.NameSpace($src) $dest_path = $shell.NameSpace($dest) foreach ($entry in $zip.Items()) { $is_dir = $entry.IsFolder $encoded_archive_entry = $entry.Name # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_entry = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encoded_archive_entry)) if ($is_dir) { $decoded_archive_entry = "$decoded_archive_entry/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_entry) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false -and (-not $check_mode)) { # https://msdn.microsoft.com/en-us/library/windows/desktop/bb787866.aspx # From Folder.CopyHere documentation, 1044 means: # - 1024: do not display a user interface if an error occurs # - 16: respond with "yes to all" for any dialog box that is displayed # - 4: do not display a progress dialog box $dest_path.CopyHere($entry, 1044) # once file is extraced, we need to rename it with non base64 name $combined_encoded_path = [System.IO.Path]::Combine($dest, $encoded_archive_entry) Move-Item -Path $combined_encoded_path -Destination $entry_target_path -Force | Out-Null } } } if ($copy_mode -eq "query") { # we only return a list of files/directories that need to be copied over # the source of the local file will be the key used $changed_files = @() $changed_directories = @() $changed_symlinks = @() foreach ($file in $files) { $filename = $file.dest $local_checksum = $file.checksum $filepath = Join-Path -Path $dest -ChildPath $filename if (Test-Path -Path $filepath -PathType Leaf) { if ($force) { $checksum = Get-FileChecksum -path $filepath if ($checksum -ne $local_checksum) { $will_change = $true $changed_files += $file } } } elseif (Test-Path -Path $filepath -PathType Container) { Fail-Json -obj $result -message "cannot copy file to dest '$filepath': object at path is already a directory" } else { $changed_files += $file } } foreach ($directory in $directories) { $dirname = $directory.dest $dirpath = Join-Path -Path $dest -ChildPath $dirname $parent_dir = [System.IO.Path]::GetDirectoryName($dirpath) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at parent directory path is already a file" } if (Test-Path -Path $dirpath -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at path is already a file" } elseif (-not (Test-Path -Path $dirpath -PathType Container)) { $changed_directories += $directory } } # TODO: Handle symlinks $result.files = $changed_files $result.directories = $changed_directories $result.symlinks = $changed_symlinks } elseif ($copy_mode -eq "explode") { # a single zip file containing the files and directories needs to be # expanded this will always result in a change as the calculation is done # on the win_copy action plugin and is only run if a change needs to occur if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot expand src zip file: '$src' as it does not exist" } # Detect if the PS zip assemblies are available or whether to use Shell $use_legacy = $false try { Add-Type -AssemblyName System.IO.Compression.FileSystem | Out-Null Add-Type -AssemblyName System.IO.Compression | Out-Null } catch { $use_legacy = $true } if ($use_legacy) { Extract-ZipLegacy -src $src -dest $dest } else { Extract-Zip -src $src -dest $dest } $result.changed = $true } elseif ($copy_mode -eq "remote") { # all copy actions are happening on the remote side (windows host), need # too copy source and dest using PS code $result.src = $src $result.dest = $dest if (-not (Test-Path -Path $src)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } if (Test-Path -Path $src -PathType Container) { # we are copying a directory or the contents of a directory $result.operation = 'folder_copy' if ($src.EndsWith("/") -or $src.EndsWith("`\")) { # copying the folder's contents to dest $diff = "" $child_files = Get-ChildItem -Path $src -Force foreach ($child_file in $child_files) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_file.Name if ($child_file.PSIsContainer) { $diff += Copy-Folder -source $child_file.FullName -dest $dest_child_path } else { $diff += (Copy-File -source $child_file.FullName -dest $dest_child_path).diff } } } else { # copying the folder and it's contents to dest $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest $diff = Copy-Folder -source $src -dest $dest } } else { # we are just copying a single file to dest $result.operation = 'file_copy' $source_basename = (Get-Item -Path $src -Force).Name $result.original_basename = $source_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\")) { $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest } else { # check if the parent dir exists, this is only done if src is a # file and dest if the path to a file (doesn't end with \ or /) $parent_dir = Split-Path -Path $dest if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } $copy_result = Copy-File -source $src -dest $dest $diff = $copy_result.diff $result.checksum = $copy_result.checksum } # the file might not exist if running in check mode if (-not $check_mode -or (Test-Path -Path $dest -PathType Leaf)) { $result.size = Get-FileSize -path $dest } else { $result.size = $null } if ($diff_mode) { $result.diff.prepared = $diff } } elseif ($copy_mode -eq "single") { # a single file is located in src and we need to copy to dest, this will # always result in a change as the calculation is done on the Ansible side # before this is run. This should also never run in check mode if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } # the dest parameter is a directory, we need to append original_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\") -or (Test-Path -Path $dest -PathType Container)) { $remote_dest = Join-Path -Path $dest -ChildPath $original_basename $parent_dir = Split-Path -Path $remote_dest # when dest ends with /, we need to create the destination directories if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { New-Item -Path $parent_dir -ItemType Directory | Out-Null } } else { $remote_dest = $dest $parent_dir = Split-Path -Path $remote_dest # check if the dest parent dirs exist, need to fail if they don't if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } Copy-Item -Path $src -Destination $remote_dest -Force | Out-Null $result.changed = $true } Exit-Json -obj $result ScriptBlock ID: a332d6ba-2c01-4d52-baaf-4d00d7e488ba Path:	4104	1		3	2	15	0	1293	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4748	3528	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:43 PM	7f70462d-725d-0005-0255-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: fdcd08c4-4178-4723-adca-eeeed729e303 Path:	4104	1		3	2	15	0	1292	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4748	3680	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:43 PM	7f70462d-725d-0005-0155-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: b8ab2f64-0386-4569-93d7-390f2c3625f8 Path:	4104	1		3	2	15	0	1291	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4748	3680	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:43 PM	7f70462d-725d-0005-f254-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): 24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJvYmplY3QgYXQgZGVzdGluYXRpb24gcGFyZW50IGRpciAnJHBhcmVudF9kaXInIGlzIGN1cnJlbnRseSBhIGZpbGUiCiAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJEZXN0aW5hdGlvbiBkaXJlY3RvcnkgJyRwYXJlbnRfZGlyJyBkb2VzIG5vdCBleGlzdCIKICAgICAgICB9CiAgICB9CgogICAgQ29weS1JdGVtIC1QYXRoICRzcmMgLURlc3RpbmF0aW9uICRyZW1vdGVfZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"symlinks": [], "files": [{"dest": "pip-install-nova.log", "checksum": "546abe1a6c72dc9b937fad558247956f1e244c22", "src": "/home/jenkins-slave/.ansible/tmp/ansible-local-28147HK_CHA/tmpBglHCm"}], "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "force": true, "_ansible_no_log": false, "dest": "c:/openstack/log", "directories": [], "_ansible_remote_tmp": "%TEMP%", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_copy_mode": "query", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null, "_ansible_version": "2.7.0", "_ansible_module_name": "win_copy"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 394af48d-9ba5-4e5a-b027-9ecf9c6a3dff Path:	4104	1		3	2	15	0	1290	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4748	3680	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:43 PM	7f70462d-725d-0005-ec54-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): gfSBlbHNlIHsKICAgICAgICAkc2l6ZSA9ICRmaWxlLkxlbmd0aAogICAgfQoKICAgICRzaXplCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwKCRzcmMsICRkZXN0KSB7CiAgICAkYXJjaGl2ZSA9IFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZV06Ok9wZW4oJHNyYywgW1N5c3RlbS5JTy5Db21wcmVzc2lvbi5aaXBBcmNoaXZlTW9kZV06OlJlYWQsIFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjgpCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJGFyY2hpdmUuRW50cmllcykgewogICAgICAgICRhcmNoaXZlX25hbWUgPSAkZW50cnkuRnVsbE5hbWUKCiAgICAgICAgIyBGdWxsTmFtZSBtYXkgYmUgYXBwZW5kZWQgd2l0aCAvIG9yIFwsIGRldGVybWluZSBpZiBpdCBpcyBwYWRkZWQgYW5kIHJlbW92ZSBpdAogICAgICAgICRwYWRkaW5nX2xlbmd0aCA9ICRhcmNoaXZlX25hbWUuTGVuZ3RoICUgNAogICAgICAgIGlmICgkcGFkZGluZ19sZW5ndGggLWVxIDApIHsKICAgICAgICAgICAgJGlzX2RpciA9ICRmYWxzZQogICAgICAgICAgICAkYmFzZTY0X25hbWUgPSAkYXJjaGl2ZV9uYW1lCiAgICAgICAgfSBlbHNlaWYgKCRwYWRkaW5nX2xlbmd0aCAtZXEgMSkgewogICAgICAgICAgICAkaXNfZGlyID0gJHRydWUKICAgICAgICAgICAgaWYgKCRhcmNoaXZlX25hbWUuRW5kc1dpdGgoIi8iKSAtb3IgJGFyY2hpdmVfbmFtZS5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAgICAgJGJhc2U2NF9uYW1lID0gJGFyY2hpdmVfbmFtZS5TdWJzdHJpbmcoMCwgJGFyY2hpdmVfbmFtZS5MZW5ndGggLSAxKQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgdGhyb3cgImludmFsaWQgYmFzZTY0IGFyY2hpdmUgbmFtZSAnJGFyY2hpdmVfbmFtZSciCiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICB0aHJvdyAiaW52YWxpZCBiYXNlNjQgbGVuZ3RoICckYXJjaGl2ZV9uYW1lJyIKICAgICAgICB9CgogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGJhc2U2NF9uYW1lKSkKICAgICAgICAjIHJlLWFkZCB0aGUgLyB0byB0aGUgZW50cnkgZnVsbCBuYW1lIGlmIGl0IHdhcyBhIGRpcmVjdG9yeQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9ICIkZGVjb2RlZF9hcmNoaXZlX25hbWUvIgogICAgICAgIH0KICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX25hbWUpCiAgICAgICAgJGVudHJ5X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGVudHJ5X3RhcmdldF9wYXRoKQoKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRlbnRyeV9kaXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRlbnRyeV9kaXIgLUl0ZW1UeXBlIERpcmVjdG9yeSAtV2hhdElmOiRjaGVja19tb2RlIHwgT3V0LU51bGwKICAgICAgICB9CgogICAgICAgIGlmICgkaXNfZGlyIC1lcSAkZmFsc2UpIHsKICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgICAgIFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZUV4dGVuc2lvbnNdOjpFeHRyYWN0VG9GaWxlKCRlbnRyeSwgJGVudHJ5X3RhcmdldF9wYXRoLCAkdHJ1ZSkKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KICAgICRhcmNoaXZlLkRpc3Bvc2UoKSAgIyByZWxlYXNlIHRoZSBoYW5kbGUgb2YgdGhlIHppcCBmaWxlCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwTGVnYWN5KCRzcmMsICRkZXN0KSB7CiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0KSkgewogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICB9CiAgICAkc2hlbGwgPSBOZXctT2JqZWN0IC1Db21PYmplY3QgU2hlbGwuQXBwbGljYXRpb24KICAgICR6aXAgPSAkc2hlbGwuTmFtZVNwYWNlKCRzcmMpCiAgICAkZGVzdF9wYXRoID0gJHNoZWxsLk5hbWVTcGFjZSgkZGVzdCkKCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJHppcC5JdGVtcygpKSB7CiAgICAgICAgJGlzX2RpciA9ICRlbnRyeS5Jc0ZvbGRlcgogICAgICAgICRlbmNvZGVkX2FyY2hpdmVfZW50cnkgPSAkZW50cnkuTmFtZQogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRlbmNvZGVkX2FyY2hpdmVfZW50cnkpKQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSAiJGRlY29kZWRfYXJjaGl2ZV9lbnRyeS8iCiAgICAgICAgfQoKICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX2VudHJ5KQogICAgICAgICRlbnRyeV9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRlbnRyeV90YXJnZXRfcGF0aCkKCiAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkZW50cnlfZGlyKSkgewogICAgICAgICAgICBOZXctSXRlbSAtUGF0aCAkZW50cnlfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfQoKICAgICAgICBpZiAoJGlzX2RpciAtZXEgJGZhbHNlIC1hbmQgKC1ub3QgJGNoZWNrX21vZGUpKSB7CiAgICAgICAgICAgICMgaHR0cHM6Ly9tc2RuLm1pY3Jvc29mdC5jb20vZW4tdXMvbGlicmFyeS93aW5kb3dzL2Rlc2t0b3AvYmI3ODc4NjYuYXNweAogICAgICAgICAgICAjIEZyb20gRm9sZGVyLkNvcHlIZXJlIGRvY3VtZW50YXRpb24sIDEwNDQgbWVhbnM6CiAgICAgICAgICAgICMgIC0gMTAyNDogZG8gbm90IGRpc3BsYXkgYSB1c2VyIGludGVyZmFjZSBpZiBhbiBlcnJvciBvY2N1cnMKICAgICAgICAgICAgIyAgLSAgIDE2OiByZXNwb25kIHdpdGggInllcyB0byBhbGwiIGZvciBhbnkgZGlhbG9nIGJveCB0aGF0IGlzIGRpc3BsYXllZAogICAgICAgICAgICAjICAtICAgIDQ6IGRvIG5vdCBkaXNwbGF5IGEgcHJvZ3Jlc3MgZGlhbG9nIGJveAogICAgICAgICAgICAkZGVzdF9wYXRoLkNvcHlIZXJlKCRlbnRyeSwgMTA0NCkKCiAgICAgICAgICAgICMgb25jZSBmaWxlIGlzIGV4dHJhY2VkLCB3ZSBuZWVkIHRvIHJlbmFtZSBpdCB3aXRoIG5vbiBiYXNlNjQgbmFtZQogICAgICAgICAgICAkY29tYmluZWRfZW5jb2RlZF9wYXRoID0gW1N5c3RlbS5JTy5QYXRoXTo6Q29tYmluZSgkZGVzdCwgJGVuY29kZWRfYXJjaGl2ZV9lbnRyeSkKICAgICAgICAgICAgTW92ZS1JdGVtIC1QYXRoICRjb21iaW5lZF9lbmNvZGVkX3BhdGggLURlc3RpbmF0aW9uICRlbnRyeV90YXJnZXRfcGF0aCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0KfQoKaWYgKCRjb3B5X21vZGUgLWVxICJxdWVyeSIpIHsKICAgICMgd2Ugb25seSByZXR1cm4gYSBsaXN0IG9mIGZpbGVzL2RpcmVjdG9yaWVzIHRoYXQgbmVlZCB0byBiZSBjb3BpZWQgb3ZlcgogICAgIyB0aGUgc291cmNlIG9mIHRoZSBsb2NhbCBmaWxlIHdpbGwgYmUgdGhlIGtleSB1c2VkCiAgICAkY2hhbmdlZF9maWxlcyA9IEAoKQogICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgPSBAKCkKICAgICRjaGFuZ2VkX3N5bWxpbmtzID0gQCgpCgogICAgZm9yZWFjaCAoJGZpbGUgaW4gJGZpbGVzKSB7CiAgICAgICAgJGZpbGVuYW1lID0gJGZpbGUuZGVzdAogICAgICAgICRsb2NhbF9jaGVja3N1bSA9ICRmaWxlLmNoZWNrc3VtCgogICAgICAgICRmaWxlcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoICRmaWxlbmFtZQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGZpbGVwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAgICAgICAgICRjaGVja3N1bSA9IEdldC1GaWxlQ2hlY2tzdW0gLXBhdGggJGZpbGVwYXRoCiAgICAgICAgICAgICAgICBpZiAoJGNoZWNrc3VtIC1uZSAkbG9jYWxfY2hlY2tzdW0pIHsKICAgICAgICAgICAgICAgICAgICAkd2lsbF9jaGFuZ2UgPSAkdHJ1ZQogICAgICAgICAgICAgICAgICAgICRjaGFuZ2VkX2ZpbGVzICs9ICRmaWxlCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRmaWxlcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZpbGUgdG8gZGVzdCAnJGZpbGVwYXRoJzogb2JqZWN0IGF0IHBhdGggaXMgYWxyZWFkeSBhIGRpcmVjdG9yeSIKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkY2hhbmdlZF9maWxlcyArPSAkZmlsZQogICAgICAgIH0KICAgIH0KCiAgICBmb3JlYWNoICgkZGlyZWN0b3J5IGluICRkaXJlY3RvcmllcykgewogICAgICAgICRkaXJuYW1lID0gJGRpcmVjdG9yeS5kZXN0CgogICAgICAgICRkaXJwYXRoID0gSm9pbi1QYXRoIC1QYXRoICRkZXN0IC1DaGlsZFBhdGggJGRpcm5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGRpcnBhdGgpCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgdG8gZGVzdCAnJGRpcnBhdGgnOiBvYmplY3QgYXQgcGFyZW50IGRpcmVjdG9yeSBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0KICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRkaXJwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZvbGRlciB0byBkZXN0ICckZGlycGF0aCc6IG9iamVjdCBhdCBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0gZWxzZWlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGRpcnBhdGggLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAgICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgKz0gJGRpcmVjdG9yeQogICAgICAgIH0KICAgIH0KCiAgICAjIFRPRE86IEhhbmRsZSBzeW1saW5rcwoKICAgICRyZXN1bHQuZmlsZXMgPSAkY2hhbmdlZF9maWxlcwogICAgJHJlc3VsdC5kaXJlY3RvcmllcyA9ICRjaGFuZ2VkX2RpcmVjdG9yaWVzCiAgICAkcmVzdWx0LnN5bWxpbmtzID0gJGNoYW5nZWRfc3ltbGlua3MKfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJleHBsb2RlIikgewogICAgIyBhIHNpbmdsZSB6aXAgZmlsZSBjb250YWluaW5nIHRoZSBmaWxlcyBhbmQgZGlyZWN0b3JpZXMgbmVlZHMgdG8gYmUKICAgICMgZXhwYW5kZWQgdGhpcyB3aWxsIGFsd2F5cyByZXN1bHQgaW4gYSBjaGFuZ2UgYXMgdGhlIGNhbGN1bGF0aW9uIGlzIGRvbmUKICAgICMgb24gdGhlIHdpbl9jb3B5IGFjdGlvbiBwbHVnaW4gYW5kIGlzIG9ubHkgcnVuIGlmIGEgY2hhbmdlIG5lZWRzIHRvIG9jY3VyCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRzcmMgLVBhdGhUeXBlIExlYWYpKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiQ2Fubm90IGV4cGFuZCBzcmMgemlwIGZpbGU6ICckc3JjJyBhcyBpdCBkb2VzIG5vdCBleGlzdCIKICAgIH0KCiAgICAjIERldGVjdCBpZiB0aGUgUFMgemlwIGFzc2VtYmxpZXMgYXJlIGF2YWlsYWJsZSBvciB3aGV0aGVyIHRvIHVzZSBTaGVsbAogICAgJHVzZV9sZWdhY3kgPSAkZmFsc2UKICAgIHRyeSB7CiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24uRmlsZVN5c3RlbSB8IE91dC1OdWxsCiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24gfCBPdXQtTnVsbAogICAgfSBjYXRjaCB7CiAgICAgICAgJHVzZV9sZWdhY3kgPSAkdHJ1ZQogICAgfQogICAgaWYgKCR1c2VfbGVnYWN5KSB7CiAgICAgICAgRXh0cmFjdC1aaXBMZWdhY3kgLXNyYyAkc3JjIC1kZXN0ICRkZXN0CiAgICB9IGVsc2UgewogICAgICAgIEV4dHJhY3QtWmlwIC1zcmMgJHNyYyAtZGVzdCAkZGVzdAogICAgfQoKICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCn0gZWxzZWlmICgkY29weV9tb2RlIC1lcSAicmVtb3RlIikgewogICAgIyBhbGwgY29weSBhY3Rpb25zIGFyZSBoYXBwZW5pbmcgb24gdGhlIHJlbW90ZSBzaWRlICh3aW5kb3dzIGhvc3QpLCBuZWVkCiAgICAjIHRvbyBjb3B5IHNvdXJjZSBhbmQgZGVzdCB1c2luZyBQUyBjb2RlCiAgICAkcmVzdWx0LnNyYyA9ICRzcmMKICAgICRyZXN1bHQuZGVzdCA9ICRkZXN0CgogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBDb250YWluZXIpIHsKICAgICAgICAjIHdlIGFyZSBjb3B5aW5nIGEgZGlyZWN0b3J5IG9yIHRoZSBjb250ZW50cyBvZiBhIGRpcmVjdG9yeQogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZvbGRlcl9jb3B5JwogICAgICAgIGlmICgkc3JjLkVuZHNXaXRoKCIvIikgLW9yICRzcmMuRW5kc1dpdGgoImBcIikpIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIncyBjb250ZW50cyB0byBkZXN0CiAgICAgICAgICAgICRkaWZmID0gIiIKICAgICAgICAgICAgJGNoaWxkX2ZpbGVzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZQogICAgICAgICAgICBmb3JlYWNoICgkY2hpbGRfZmlsZSBpbiAkY2hpbGRfZmlsZXMpIHsKICAgICAgICAgICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfZmlsZS5OYW1lCiAgICAgICAgICAgICAgICBpZiAoJGNoaWxkX2ZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgICAgICRkaWZmICs9IENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aAogICAgICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIgYW5kIGl0J3MgY29udGVudHMgdG8gZGVzdAogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgICAgICAkZGlmZiA9IENvcHktRm9sZGVyIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgIyB3ZSBhcmUganVzdCBjb3B5aW5nIGEgc2luZ2xlIGZpbGUgdG8gZGVzdAogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZpbGVfY29weScKCiAgICAgICAgJHNvdXJjZV9iYXNlbmFtZSA9IChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICRyZXN1bHQub3JpZ2luYWxfYmFzZW5hbWUgPSAkc291cmNlX2Jhc2VuYW1lCgogICAgICAgIGlmICgkZGVzdC5FbmRzV2l0aCgiLyIpIC1vciAkZGVzdC5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICMgY2hlY2sgaWYgdGhlIHBhcmVudCBkaXIgZXhpc3RzLCB0aGlzIGlzIG9ubHkgZG9uZSBpZiBzcmMgaXMgYQogICAgICAgICAgICAjIGZpbGUgYW5kIGRlc3QgaWYgdGhlIHBhdGggdG8gYSBmaWxlIChkb2Vzbid0IGVuZCB3aXRoIFwgb3IgLykKICAgICAgICAgICAgJHBhcmVudF9kaXIgPSBTcGxpdC1QYXRoIC1QYXRoICRkZXN0CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRGVzdGluYXRpb24gZGlyZWN0b3J5ICckcGFyZW50X2RpcicgZG9lcyBub3QgZXhpc3QiCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgJGNvcHlfcmVzdWx0ID0gQ29weS1GaWxlIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgICRkaWZmID0gJGNvcHlfcmVzdWx0LmRpZmYKICAgICAgICAkcmVzdWx0LmNoZWNrc3VtID0gJGNvcHlfcmVzdWx0LmNoZWNrc3VtCiAgICB9CgogICAgIyB0aGUgZmlsZSBtaWdodCBub3QgZXhpc3QgaWYgcnVubmluZyBpbiBjaGVjayBtb2RlCiAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSAtb3IgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikpIHsKICAgICAgICAkcmVzdWx0LnNpemUgPSBHZXQtRmlsZVNpemUgLXBhdGggJGRlc3QKICAgIH0gZWxzZSB7CiAgICAgICAgJHJlc3VsdC5zaXplID0gJG51bGwKICAgIH0KICAgIGlmICgkZGlmZl9tb2RlKSB7CiAgICAgICAgJHJlc3VsdC5kaWZmLnByZXBhcmVkID0gJGRpZmYKICAgIH0KfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJzaW5nbGUiKSB7CiAgICAjIGEgc2luZ2xlIGZpbGUgaXMgbG9jYXRlZCBpbiBzcmMgYW5kIHdlIG5lZWQgdG8gY29weSB0byBkZXN0LCB0aGlzIHdpbGwKICAgICMgYWx3YXlzIHJlc3VsdCBpbiBhIGNoYW5nZSBhcyB0aGUgY2FsY3VsYXRpb24gaXMgZG9uZSBvbiB0aGUgQW5zaWJsZSBzaWRlCiAgICAjIGJlZm9yZSB0aGlzIGlzIHJ1bi4gVGhpcyBzaG91bGQgYWxzbyBuZXZlciBydW4gaW4gY2hlY2sgbW9kZQogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBMZWFmKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgIyB0aGUgZGVzdCBwYXJhbWV0ZXIgaXMgYSBkaXJlY3RvcnksIHdlIG5lZWQgdG8gYXBwZW5kIG9yaWdpbmFsX2Jhc2VuYW1lCiAgICBpZiAoJGRlc3QuRW5kc1dpdGgoIi8iKSAtb3IgJGRlc3QuRW5kc1dpdGgoImBcIikgLW9yIChUZXN0LVBhdGggLVBhdGggJGRlc3QgLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAkcmVtb3RlX2Rlc3QgPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkb3JpZ2luYWxfYmFzZW5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgd2hlbiBkZXN0IGVuZHMgd2l0aCAvLCB3ZSBuZWVkIHRvIGNyZWF0ZSB0aGUgZGVzdGluYXRpb24gZGlyZWN0b3JpZXMKICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXJlbnRfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHJlbW90ZV9kZXN0ID0gJGRlc3QKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgY2hlY2sgaWYgdGhlIGRlc3QgcGFyZW50IGRpcnMgZXhpc3QsIG5lZWQgdG8gZmFpbCBpZiB0aGV5IGRvbid0CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb ScriptBlock ID: 394af48d-9ba5-4e5a-b027-9ecf9c6a3dff Path:	4104	1		3	2	15	0	1289	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4748	3680	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:43 PM	7f70462d-725d-0005-ec54-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): AgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTUsIEpvbiBIYXdrZXN3b3J0aCAoQGpoYXdrZXN3b3J0aCkgPGZpZ3NAdW5pdHkuZGVtb24uY28udWs+CiMgQ29weXJpZ2h0OiAoYykgMjAxNywgQW5zaWJsZSBQcm9qZWN0CiMgR05VIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgdjMuMCsgKHNlZSBDT1BZSU5HIG9yIGh0dHBzOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvZ3BsLTMuMC50eHQpCgojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxlZ2FjeQoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKJHBhcmFtcyA9IFBhcnNlLUFyZ3MgLWFyZ3VtZW50cyAkYXJncyAtc3VwcG9ydHNfY2hlY2tfbW9kZSAkdHJ1ZQokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtdHlwZSAiYm9vbCIgLWRlZmF1bHQgJGZhbHNlCiRkaWZmX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfZGlmZiIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQoKIyB0aGVyZSBhcmUgNCBtb2RlcyB0byB3aW5fY29weSB3aGljaCBhcmUgZHJpdmVuIGJ5IHRoZSBhY3Rpb24gcGx1Z2luczoKIyAgIGV4cGxvZGU6IHNyYyBpcyBhIHppcCBmaWxlIHdoaWNoIG5lZWRzIHRvIGJlIGV4dHJhY3RlZCB0byBkZXN0LCBmb3IgdXNlIHdpdGggbXVsdGlwbGUgZmlsZXMKIyAgIHF1ZXJ5OiB3aW5fY29weSBhY3Rpb24gcGx1Z2luIHdhbnRzIHRvIGdldCB0aGUgc3RhdGUgb2YgcmVtb3RlIGZpbGVzIHRvIGNoZWNrIHdoZXRoZXIgaXQgbmVlZHMgdG8gc2VuZCB0aGVtCiMgICByZW1vdGU6IGFsbCBjb3B5IGFjdGlvbiBpcyBoYXBwZW5pbmcgcmVtb3RlbHkgKHJlbW90ZV9zcmM9VHJ1ZSkKIyAgIHNpbmdsZTogYSBzaW5nbGUgZmlsZSBoYXMgYmVlbiBjb3BpZWQsIGFsc28gdXNlZCB3aXRoIHRlbXBsYXRlCiRjb3B5X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2NvcHlfbW9kZSIgLXR5cGUgInN0ciIgLWRlZmF1bHQgInNpbmdsZSIgLXZhbGlkYXRlc2V0ICJleHBsb2RlIiwicXVlcnkiLCJyZW1vdGUiLCJzaW5nbGUiCgojIHVzZWQgaW4gZXhwbG9kZSwgcmVtb3RlIGFuZCBzaW5nbGUgbW9kZQokc3JjID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInNyYyIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAoJGNvcHlfbW9kZSAtaW4gQCgiZXhwbG9kZSIsInByb2Nlc3MiLCJzaW5nbGUiKSkKJGRlc3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGVzdCIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAkdHJ1ZQoKIyB1c2VkIGluIHNpbmdsZSBtb2RlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCgojIHVzZWQgaW4gcXVlcnkgYW5kIHJlbW90ZSBtb2RlCiRmb3JjZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmb3JjZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCgojIHVzZWQgaW4gcXVlcnkgbW9kZSwgY29udGFpbnMgdGhlIGxvY2FsIGZpbGVzL2RpcmVjdG9yaWVzL3N5bWxpbmtzIHRoYXQgYXJlIHRvIGJlIGNvcGllZAokZmlsZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZmlsZXMiIC10eXBlICJsaXN0IgokZGlyZWN0b3JpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGlyZWN0b3JpZXMiIC10eXBlICJsaXN0Igokc3ltbGlua3MgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3ltbGlua3MiIC10eXBlICJsaXN0IgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCn0KCmlmICgkZGlmZl9tb2RlKSB7CiAgICAkcmVzdWx0LmRpZmYgPSBAe30KfQoKRnVuY3Rpb24gQ29weS1GaWxlKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9maWxlID0gJGZhbHNlCiAgICAkc291cmNlX2NoZWNrc3VtID0gJG51bGwKICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAkc291cmNlX2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkc291cmNlCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBkZXN0IGlzIGFscmVhZHkgYSBmb2xkZXIiCiAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgaWYgKCRmb3JjZSkgewogICAgICAgICAgICAkdGFyZ2V0X2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkZGVzdAogICAgICAgICAgICBpZiAoJHNvdXJjZV9jaGVja3N1bSAtbmUgJHRhcmdldF9jaGVja3N1bSkgewogICAgICAgICAgICAgICAgJGNvcHlfZmlsZSA9ICR0cnVlCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICRjb3B5X2ZpbGUgPSAkdHJ1ZQogICAgfQoKICAgIGlmICgkY29weV9maWxlKSB7CiAgICAgICAgJGZpbGVfZGlyID0gW1N5c3RlbS5JTy5QYXRoXTo6R2V0RGlyZWN0b3J5TmFtZSgkZGVzdCkKICAgICAgICAjIHZhbGlkYXRlIHRoZSBwYXJlbnQgZGlyIGlzIG5vdCBhIGZpbGUgYW5kIHRoYXQgaXQgZXhpc3RzCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZmlsZV9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRmaWxlX2RpcikpIHsKICAgICAgICAgICAgIyBkaXJlY3RvcnkgZG9lc24ndCBleGlzdCwgbmVlZCB0byBjcmVhdGUKICAgICAgICAgICAgTmV3LUl0ZW0gLVBhdGggJGZpbGVfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICIrJGZpbGVfZGlyXGBuIgogICAgICAgIH0KCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBSZW1vdmUtSXRlbSAtUGF0aCAkZGVzdCAtRm9yY2UgLVJlY3Vyc2UgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICItJGRlc3RgbiIKICAgICAgICB9CgogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICMgY2Fubm90IHJ1biB3aXRoIC1XaGF0SWY6JGNoZWNrX21vZGUgYXMgaWYgdGhlIHBhcmVudCBkaXIgZGlkbid0CiAgICAgICAgICAgICMgZXhpc3QgYW5kIHdhcyBjcmVhdGVkIGFib3ZlIHdvdWxkIHN0aWxsIG5vdCBleGlzdCBpbiBjaGVjayBtb2RlCiAgICAgICAgICAgIENvcHktSXRlbSAtUGF0aCAkc291cmNlIC1EZXN0aW5hdGlvbiAkZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgICAgICAkZGlmZiArPSAiKyRkZXN0YG4iCgogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgIyB1Z2x5IGJ1dCB0byBzYXZlIHVzIGZyb20gcnVubmluZyB0aGUgY2hlY2tzdW0gdHdpY2UsIGxldCdzIHJldHVybiBpdCBmb3IKICAgICMgdGhlIG1haW4gY29kZSB0byBhZGQgaXQgdG8gJHJlc3VsdAogICAgcmV0dXJuICxAeyBkaWZmID0gJGRpZmY7IGNoZWNrc3VtID0gJHNvdXJjZV9jaGVja3N1bSB9Cn0KCkZ1bmN0aW9uIENvcHktRm9sZGVyKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9mb2xkZXIgPSAkZmFsc2UKCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgJHBhcmVudF9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRkZXN0KQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgZnJvbSAnJHNvdXJjZScgdG8gJyRkZXN0JzogZGVzdCBpcyBhbHJlYWR5IGEgZmlsZSIKICAgICAgICB9CgogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBDb250YWluZXIgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgJGRpZmYgKz0gIiskZGVzdFxgbiIKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQoKICAgICRjaGlsZF9pdGVtcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJHNvdXJjZSAtRm9yY2UKICAgIGZvcmVhY2ggKCRjaGlsZF9pdGVtIGluICRjaGlsZF9pdGVtcykgewogICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfaXRlbS5OYW1lCiAgICAgICAgaWYgKCRjaGlsZF9pdGVtLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgJGRpZmYgKz0gKENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgIH0KICAgIH0KCiAgICByZXR1cm4gJGRpZmYKfQoKRnVuY3Rpb24gR2V0LUZpbGVTaXplKCRwYXRoKSB7CiAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRwYXRoIC1Gb3JjZQogICAgJHNpemUgPSAkbnVsbAogICAgaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAkZGlyX2ZpbGVzX3N1bSA9IEdldC1DaGlsZEl0ZW0gJGZpbGUuRnVsbE5hbWUgLVJlY3Vyc2UKICAgICAgICBpZiAoJGRpcl9maWxlc19zdW0gLWVxICRudWxsIC1vciAoJGRpcl9maWxlc19zdW0uUFNPYmplY3QuUHJvcGVydGllcy5uYW1lIC1jb250YWlucyAnbGVuZ3RoJyAtZXEgJGZhbHNlKSkgewogICAgICAgICAgICAkc2l6ZSA9IDAKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkc2l6ZSA9ICgkZGlyX2ZpbGVzX3N1bSB8IE1lYXN1cmUtT2JqZWN0IC1wcm9wZXJ0eSBsZW5ndGggLXN1bSkuU3VtCiAgICAgICAgfQogICA ScriptBlock ID: 394af48d-9ba5-4e5a-b027-9ecf9c6a3dff Path:	4104	1		3	2	15	0	1288	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4748	3680	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:43 PM	7f70462d-725d-0005-ec54-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgIC ScriptBlock ID: 394af48d-9ba5-4e5a-b027-9ecf9c6a3dff Path:	4104	1		3	2	15	0	1287	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4748	3680	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:43 PM	7f70462d-725d-0005-ec54-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1286	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4748	4404	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:42 PM	7f70462d-725d-0003-038e-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4748 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1285	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4748	860	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:42 PM	7f70462d-725d-0003-038e-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1284	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4748	4404	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:15:42 PM	7f70462d-725d-0003-038e-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1283	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3184	4768	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:50 PM	7f70462d-725d-0003-d18d-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3184 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1282	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3184	4172	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:50 PM	7f70462d-725d-0003-d18d-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1281	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3184	4768	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:50 PM	7f70462d-725d-0003-d18d-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 5b56ecb8-31f2-4f52-996f-3d1907ce9da5 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 6da06478-b242-4c40-984b-bcef5ce02319 Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = HV-CINDER-79963\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1280	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	580	3524	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:50 PM	7f70462d-725d-0004-e663-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 9fc5a484-1bcc-464d-97f0-54d632b9b26c Path:	4104	1		3	2	15	0	1279	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	580	1484	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:49 PM	7f70462d-725d-0002-708b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: c42c3425-41a5-440c-8ba8-e52efb1eb1a9 Path:	4104	1		3	2	15	0	1278	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	580	1484	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:49 PM	7f70462d-725d-0002-698b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 0f09a2f9-3d86-4bce-8cfb-4a88df711b6e Path:	4104	1		3	2	15	0	1277	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	580	1484	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:49 PM	7f70462d-725d-0002-5a8b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): CAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "pip install -c c:\\openstack\\build\\requirements\\upper-constraints.txt -U -e c:\\openstack\\build\\nova", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 746c4cf9-f29d-4e71-979d-c56e23ea32bf Path:	4104	1		3	2	15	0	1276	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	580	1484	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:49 PM	7f70462d-725d-0002-548b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): gogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgI ScriptBlock ID: 746c4cf9-f29d-4e71-979d-c56e23ea32bf Path:	4104	1		3	2	15	0	1275	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	580	1484	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:49 PM	7f70462d-725d-0002-548b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7C ScriptBlock ID: 746c4cf9-f29d-4e71-979d-c56e23ea32bf Path:	4104	1		3	2	15	0	1274	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	580	1484	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:49 PM	7f70462d-725d-0002-548b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1273	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	580	5020	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:49 PM	7f70462d-725d-0002-528b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 580 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1272	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	580	5000	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:49 PM	7f70462d-725d-0002-528b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1271	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	580	5020	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:49 PM	7f70462d-725d-0002-528b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1270	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3664	2324	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:47 PM	7f70462d-725d-0002-438b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3664 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1269	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3664	4616	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:47 PM	7f70462d-725d-0002-438b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1268	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3664	2324	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:46 PM	7f70462d-725d-0002-438b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 0c8e209b-7081-4d0e-b527-2720e884684e Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 591cfa12-4792-4184-a0c9-a1dbd073a5a7 Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = HV-CINDER-79963\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1267	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2296	4520	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:46 PM	7f70462d-725d-0002-3f8b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: f68a22f4-3fad-408c-a6e4-081376d65799 Path:	4104	1		3	2	15	0	1266	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2296	4236	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:46 PM	7f70462d-725d-0005-b454-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 6960dc5a-c96f-4694-b81f-49c5a7f85b90 Path:	4104	1		3	2	15	0	1265	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2296	4236	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:46 PM	7f70462d-725d-0005-ad54-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 5d4599f7-6bd1-4c36-92b0-0a0d7053264e Path:	4104	1		3	2	15	0	1264	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2296	4236	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:46 PM	7f70462d-725d-0005-9e54-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 6fec6133-1661-4c02-82ed-23c489623870 Path:	4104	1		3	2	15	0	1263	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2296	4236	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:45 PM	7f70462d-725d-0004-c263-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): yBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "edit-constraints c:\\openstack\\build\\\\requirements\\\\upper-constraints.txt -- nova \"-e file:///C:/openstack/build/nova#egg=nova\"", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value ScriptBlock ID: 6fec6133-1661-4c02-82ed-23c489623870 Path:	4104	1		3	2	15	0	1262	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2296	4236	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:45 PM	7f70462d-725d-0004-c263-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): wOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hc ScriptBlock ID: 6fec6133-1661-4c02-82ed-23c489623870 Path:	4104	1		3	2	15	0	1261	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2296	4236	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:45 PM	7f70462d-725d-0004-c263-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQ ScriptBlock ID: 6fec6133-1661-4c02-82ed-23c489623870 Path:	4104	1		3	2	15	0	1260	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2296	4236	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:45 PM	7f70462d-725d-0004-c263-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1259	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2296	3020	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:45 PM	7f70462d-725d-0001-1750-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2296 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1258	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2296	1924	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:45 PM	7f70462d-725d-0001-1750-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1257	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2296	3020	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:45 PM	7f70462d-725d-0001-1750-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1256	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	368	4284	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:44 PM	7f70462d-725d-0002-1b8b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 368 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1255	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	368	4612	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:44 PM	7f70462d-725d-0002-1b8b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1254	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	368	4284	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:44 PM	7f70462d-725d-0002-1b8b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = b6ee2db9-547c-48d7-9616-a5c156b48f0b Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 6f8bcc1b-0155-4b57-86f8-774e649e5165 Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = HV-CINDER-79963\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1253	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4168	4880	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:43 PM	7f70462d-725d-0004-b163-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 3edb6c8f-9d8f-4873-abb7-68934220a2f4 Path:	4104	1		3	2	15	0	1252	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4168	4864	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:43 PM	7f70462d-725d-0002-078b-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 61d1e1f1-f948-49a3-9782-3b49d36507f7 Path:	4104	1		3	2	15	0	1251	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4168	4864	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:43 PM	7f70462d-725d-0003-a68d-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 7cca7c09-b2a8-42bd-bea9-86121e23c35e Path:	4104	1		3	2	15	0	1250	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4168	4864	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:43 PM	7f70462d-725d-0003-978d-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): e -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 8b7d419e-0335-4f16-80a3-0a9a6f2c98e8 Path:	4104	1		3	2	15	0	1249	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4168	4864	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:43 PM	7f70462d-725d-0002-fe8a-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): 0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "Select-String -path c:\\openstack\\build\\nova\\\\setup.cfg -pattern \"^name.*=.*\" | % {$_.matches.value.split(\"=\")[1].trim()}", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Modul ScriptBlock ID: 8b7d419e-0335-4f16-80a3-0a9a6f2c98e8 Path:	4104	1		3	2	15	0	1248	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4168	4864	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:43 PM	7f70462d-725d-0002-fe8a-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): dGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB ScriptBlock ID: 8b7d419e-0335-4f16-80a3-0a9a6f2c98e8 Path:	4104	1		3	2	15	0	1247	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4168	4864	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:43 PM	7f70462d-725d-0002-fe8a-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihz ScriptBlock ID: 8b7d419e-0335-4f16-80a3-0a9a6f2c98e8 Path:	4104	1		3	2	15	0	1246	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4168	4864	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:43 PM	7f70462d-725d-0002-fe8a-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1245	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4168	3196	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:42 PM	7f70462d-725d-0002-fc8a-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4168 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1244	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4168	4956	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:42 PM	7f70462d-725d-0002-fc8a-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1243	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4168	3196	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:42 PM	7f70462d-725d-0002-fc8a-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1242	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4996	4740	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:41 PM	7f70462d-725d-0002-f48a-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4996 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1241	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4996	4248	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:41 PM	7f70462d-725d-0002-f48a-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1240	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4996	4740	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:41 PM	7f70462d-725d-0002-f48a-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1239	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2832	4428	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:41 PM	7f70462d-725d-0001-0750-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2832 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1238	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2832	4316	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:41 PM	7f70462d-725d-0001-0750-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1237	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2832	4428	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:41 PM	7f70462d-725d-0001-0750-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2015, Jon Hawkesworth (@jhawkesworth) <figs@unity.demon.co.uk> # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = 'Stop' $params = Parse-Args -arguments $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false $diff_mode = Get-AnsibleParam -obj $params -name "_ansible_diff" -type "bool" -default $false # there are 4 modes to win_copy which are driven by the action plugins: # explode: src is a zip file which needs to be extracted to dest, for use with multiple files # query: win_copy action plugin wants to get the state of remote files to check whether it needs to send them # remote: all copy action is happening remotely (remote_src=True) # single: a single file has been copied, also used with template $copy_mode = Get-AnsibleParam -obj $params -name "_copy_mode" -type "str" -default "single" -validateset "explode","query","remote","single" # used in explode, remote and single mode $src = Get-AnsibleParam -obj $params -name "src" -type "path" -failifempty ($copy_mode -in @("explode","process","single")) $dest = Get-AnsibleParam -obj $params -name "dest" -type "path" -failifempty $true # used in single mode $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" # used in query and remote mode $force = Get-AnsibleParam -obj $params -name "force" -type "bool" -default $true # used in query mode, contains the local files/directories/symlinks that are to be copied $files = Get-AnsibleParam -obj $params -name "files" -type "list" $directories = Get-AnsibleParam -obj $params -name "directories" -type "list" $symlinks = Get-AnsibleParam -obj $params -name "symlinks" -type "list" $result = @{ changed = $false } if ($diff_mode) { $result.diff = @{} } Function Copy-File($source, $dest) { $diff = "" $copy_file = $false $source_checksum = $null if ($force) { $source_checksum = Get-FileChecksum -path $source } if (Test-Path -Path $dest -PathType Container) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': dest is already a folder" } elseif (Test-Path -Path $dest -PathType Leaf) { if ($force) { $target_checksum = Get-FileChecksum -path $dest if ($source_checksum -ne $target_checksum) { $copy_file = $true } } } else { $copy_file = $true } if ($copy_file) { $file_dir = [System.IO.Path]::GetDirectoryName($dest) # validate the parent dir is not a file and that it exists if (Test-Path -Path $file_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } elseif (-not (Test-Path -Path $file_dir)) { # directory doesn't exist, need to create New-Item -Path $file_dir -ItemType Directory -WhatIf:$check_mode | Out-Null $diff += "+$file_dir\`n" } if (Test-Path -Path $dest -PathType Leaf) { Remove-Item -Path $dest -Force -Recurse -WhatIf:$check_mode | Out-Null $diff += "-$dest`n" } if (-not $check_mode) { # cannot run with -WhatIf:$check_mode as if the parent dir didn't # exist and was created above would still not exist in check mode Copy-Item -Path $source -Destination $dest -Force | Out-Null } $diff += "+$dest`n" $result.changed = $true } # ugly but to save us from running the checksum twice, let's return it for # the main code to add it to $result return ,@{ diff = $diff; checksum = $source_checksum } } Function Copy-Folder($source, $dest) { $diff = "" $copy_folder = $false if (-not (Test-Path -Path $dest -PathType Container)) { $parent_dir = [System.IO.Path]::GetDirectoryName($dest) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } if (Test-Path -Path $dest -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder from '$source' to '$dest': dest is already a file" } New-Item -Path $dest -ItemType Container -WhatIf:$check_mode | Out-Null $diff += "+$dest\`n" $result.changed = $true } $child_items = Get-ChildItem -Path $source -Force foreach ($child_item in $child_items) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_item.Name if ($child_item.PSIsContainer) { $diff += (Copy-Folder -source $child_item.Fullname -dest $dest_child_path) } else { $diff += (Copy-File -source $child_item.Fullname -dest $dest_child_path).diff } } return $diff } Function Get-FileSize($path) { $file = Get-Item -Path $path -Force $size = $null if ($file.PSIsContainer) { $dir_files_sum = Get-ChildItem $file.FullName -Recurse if ($dir_files_sum -eq $null -or ($dir_files_sum.PSObject.Properties.name -contains 'length' -eq $false)) { $size = 0 } else { $size = ($dir_files_sum | Measure-Object -property length -sum).Sum } } else { $size = $file.Length } $size } Function Extract-Zip($src, $dest) { $archive = [System.IO.Compression.ZipFile]::Open($src, [System.IO.Compression.ZipArchiveMode]::Read, [System.Text.Encoding]::UTF8) foreach ($entry in $archive.Entries) { $archive_name = $entry.FullName # FullName may be appended with / or \, determine if it is padded and remove it $padding_length = $archive_name.Length % 4 if ($padding_length -eq 0) { $is_dir = $false $base64_name = $archive_name } elseif ($padding_length -eq 1) { $is_dir = $true if ($archive_name.EndsWith("/") -or $archive_name.EndsWith("`\")) { $base64_name = $archive_name.Substring(0, $archive_name.Length - 1) } else { throw "invalid base64 archive name '$archive_name'" } } else { throw "invalid base64 length '$archive_name'" } # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_name = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_name)) # re-add the / to the entry full name if it was a directory if ($is_dir) { $decoded_archive_name = "$decoded_archive_name/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_name) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false) { if (-not $check_mode) { [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $entry_target_path, $true) } } } $archive.Dispose() # release the handle of the zip file } Function Extract-ZipLegacy($src, $dest) { if (-not (Test-Path -Path $dest)) { New-Item -Path $dest -ItemType Directory -WhatIf:$check_mode | Out-Null } $shell = New-Object -ComObject Shell.Application $zip = $shell.NameSpace($src) $dest_path = $shell.NameSpace($dest) foreach ($entry in $zip.Items()) { $is_dir = $entry.IsFolder $encoded_archive_entry = $entry.Name # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_entry = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encoded_archive_entry)) if ($is_dir) { $decoded_archive_entry = "$decoded_archive_entry/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_entry) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false -and (-not $check_mode)) { # https://msdn.microsoft.com/en-us/library/windows/desktop/bb787866.aspx # From Folder.CopyHere documentation, 1044 means: # - 1024: do not display a user interface if an error occurs # - 16: respond with "yes to all" for any dialog box that is displayed # - 4: do not display a progress dialog box $dest_path.CopyHere($entry, 1044) # once file is extraced, we need to rename it with non base64 name $combined_encoded_path = [System.IO.Path]::Combine($dest, $encoded_archive_entry) Move-Item -Path $combined_encoded_path -Destination $entry_target_path -Force | Out-Null } } } if ($copy_mode -eq "query") { # we only return a list of files/directories that need to be copied over # the source of the local file will be the key used $changed_files = @() $changed_directories = @() $changed_symlinks = @() foreach ($file in $files) { $filename = $file.dest $local_checksum = $file.checksum $filepath = Join-Path -Path $dest -ChildPath $filename if (Test-Path -Path $filepath -PathType Leaf) { if ($force) { $checksum = Get-FileChecksum -path $filepath if ($checksum -ne $local_checksum) { $will_change = $true $changed_files += $file } } } elseif (Test-Path -Path $filepath -PathType Container) { Fail-Json -obj $result -message "cannot copy file to dest '$filepath': object at path is already a directory" } else { $changed_files += $file } } foreach ($directory in $directories) { $dirname = $directory.dest $dirpath = Join-Path -Path $dest -ChildPath $dirname $parent_dir = [System.IO.Path]::GetDirectoryName($dirpath) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at parent directory path is already a file" } if (Test-Path -Path $dirpath -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at path is already a file" } elseif (-not (Test-Path -Path $dirpath -PathType Container)) { $changed_directories += $directory } } # TODO: Handle symlinks $result.files = $changed_files $result.directories = $changed_directories $result.symlinks = $changed_symlinks } elseif ($copy_mode -eq "explode") { # a single zip file containing the files and directories needs to be # expanded this will always result in a change as the calculation is done # on the win_copy action plugin and is only run if a change needs to occur if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot expand src zip file: '$src' as it does not exist" } # Detect if the PS zip assemblies are available or whether to use Shell $use_legacy = $false try { Add-Type -AssemblyName System.IO.Compression.FileSystem | Out-Null Add-Type -AssemblyName System.IO.Compression | Out-Null } catch { $use_legacy = $true } if ($use_legacy) { Extract-ZipLegacy -src $src -dest $dest } else { Extract-Zip -src $src -dest $dest } $result.changed = $true } elseif ($copy_mode -eq "remote") { # all copy actions are happening on the remote side (windows host), need # too copy source and dest using PS code $result.src = $src $result.dest = $dest if (-not (Test-Path -Path $src)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } if (Test-Path -Path $src -PathType Container) { # we are copying a directory or the contents of a directory $result.operation = 'folder_copy' if ($src.EndsWith("/") -or $src.EndsWith("`\")) { # copying the folder's contents to dest $diff = "" $child_files = Get-ChildItem -Path $src -Force foreach ($child_file in $child_files) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_file.Name if ($child_file.PSIsContainer) { $diff += Copy-Folder -source $child_file.FullName -dest $dest_child_path } else { $diff += (Copy-File -source $child_file.FullName -dest $dest_child_path).diff } } } else { # copying the folder and it's contents to dest $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest $diff = Copy-Folder -source $src -dest $dest } } else { # we are just copying a single file to dest $result.operation = 'file_copy' $source_basename = (Get-Item -Path $src -Force).Name $result.original_basename = $source_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\")) { $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest } else { # check if the parent dir exists, this is only done if src is a # file and dest if the path to a file (doesn't end with \ or /) $parent_dir = Split-Path -Path $dest if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } $copy_result = Copy-File -source $src -dest $dest $diff = $copy_result.diff $result.checksum = $copy_result.checksum } # the file might not exist if running in check mode if (-not $check_mode -or (Test-Path -Path $dest -PathType Leaf)) { $result.size = Get-FileSize -path $dest } else { $result.size = $null } if ($diff_mode) { $result.diff.prepared = $diff } } elseif ($copy_mode -eq "single") { # a single file is located in src and we need to copy to dest, this will # always result in a change as the calculation is done on the Ansible side # before this is run. This should also never run in check mode if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } # the dest parameter is a directory, we need to append original_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\") -or (Test-Path -Path $dest -PathType Container)) { $remote_dest = Join-Path -Path $dest -ChildPath $original_basename $parent_dir = Split-Path -Path $remote_dest # when dest ends with /, we need to create the destination directories if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { New-Item -Path $parent_dir -ItemType Directory | Out-Null } } else { $remote_dest = $dest $parent_dir = Split-Path -Path $remote_dest # check if the dest parent dirs exist, need to fail if they don't if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } Copy-Item -Path $src -Destination $remote_dest -Force | Out-Null $result.changed = $true } Exit-Json -obj $result ScriptBlock ID: 54f895a5-b8c5-49d9-a453-f6e3cfc28561 Path:	4104	1		3	2	15	0	1236	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2352	4748	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:41 PM	7f70462d-725d-0001-e54f-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 491b7784-5595-47b2-83e3-83b5953cf1c0 Path:	4104	1		3	2	15	0	1235	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2352	4404	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:40 PM	7f70462d-725d-0001-d64f-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: bc27b51a-085b-4f26-b4b5-4d92a17d5f19 Path:	4104	1		3	2	15	0	1234	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2352	4404	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:40 PM	7f70462d-725d-0001-c74f-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 5): \Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1625573499.07-192100432675437\\source", "_ansible_no_log": false, "_ansible_module_name": "copy", "_ansible_verbosity": 2, "dest": "c:\\openstack\\log\\pip-install-requirements.log", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_tmpdir": "'C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1625573499.07-192100432675437'"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: c28f0d46-65cd-4c52-9c43-1deaac8e0147 Path:	4104	1		3	2	15	0	1233	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2352	4404	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:40 PM	7f70462d-725d-0001-c14f-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 5): gICAgICMgIC0gMTAyNDogZG8gbm90IGRpc3BsYXkgYSB1c2VyIGludGVyZmFjZSBpZiBhbiBlcnJvciBvY2N1cnMKICAgICAgICAgICAgIyAgLSAgIDE2OiByZXNwb25kIHdpdGggInllcyB0byBhbGwiIGZvciBhbnkgZGlhbG9nIGJveCB0aGF0IGlzIGRpc3BsYXllZAogICAgICAgICAgICAjICAtICAgIDQ6IGRvIG5vdCBkaXNwbGF5IGEgcHJvZ3Jlc3MgZGlhbG9nIGJveAogICAgICAgICAgICAkZGVzdF9wYXRoLkNvcHlIZXJlKCRlbnRyeSwgMTA0NCkKCiAgICAgICAgICAgICMgb25jZSBmaWxlIGlzIGV4dHJhY2VkLCB3ZSBuZWVkIHRvIHJlbmFtZSBpdCB3aXRoIG5vbiBiYXNlNjQgbmFtZQogICAgICAgICAgICAkY29tYmluZWRfZW5jb2RlZF9wYXRoID0gW1N5c3RlbS5JTy5QYXRoXTo6Q29tYmluZSgkZGVzdCwgJGVuY29kZWRfYXJjaGl2ZV9lbnRyeSkKICAgICAgICAgICAgTW92ZS1JdGVtIC1QYXRoICRjb21iaW5lZF9lbmNvZGVkX3BhdGggLURlc3RpbmF0aW9uICRlbnRyeV90YXJnZXRfcGF0aCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0KfQoKaWYgKCRjb3B5X21vZGUgLWVxICJxdWVyeSIpIHsKICAgICMgd2Ugb25seSByZXR1cm4gYSBsaXN0IG9mIGZpbGVzL2RpcmVjdG9yaWVzIHRoYXQgbmVlZCB0byBiZSBjb3BpZWQgb3ZlcgogICAgIyB0aGUgc291cmNlIG9mIHRoZSBsb2NhbCBmaWxlIHdpbGwgYmUgdGhlIGtleSB1c2VkCiAgICAkY2hhbmdlZF9maWxlcyA9IEAoKQogICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgPSBAKCkKICAgICRjaGFuZ2VkX3N5bWxpbmtzID0gQCgpCgogICAgZm9yZWFjaCAoJGZpbGUgaW4gJGZpbGVzKSB7CiAgICAgICAgJGZpbGVuYW1lID0gJGZpbGUuZGVzdAogICAgICAgICRsb2NhbF9jaGVja3N1bSA9ICRmaWxlLmNoZWNrc3VtCgogICAgICAgICRmaWxlcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoICRmaWxlbmFtZQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGZpbGVwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAgICAgICAgICRjaGVja3N1bSA9IEdldC1GaWxlQ2hlY2tzdW0gLXBhdGggJGZpbGVwYXRoCiAgICAgICAgICAgICAgICBpZiAoJGNoZWNrc3VtIC1uZSAkbG9jYWxfY2hlY2tzdW0pIHsKICAgICAgICAgICAgICAgICAgICAkd2lsbF9jaGFuZ2UgPSAkdHJ1ZQogICAgICAgICAgICAgICAgICAgICRjaGFuZ2VkX2ZpbGVzICs9ICRmaWxlCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRmaWxlcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZpbGUgdG8gZGVzdCAnJGZpbGVwYXRoJzogb2JqZWN0IGF0IHBhdGggaXMgYWxyZWFkeSBhIGRpcmVjdG9yeSIKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkY2hhbmdlZF9maWxlcyArPSAkZmlsZQogICAgICAgIH0KICAgIH0KCiAgICBmb3JlYWNoICgkZGlyZWN0b3J5IGluICRkaXJlY3RvcmllcykgewogICAgICAgICRkaXJuYW1lID0gJGRpcmVjdG9yeS5kZXN0CgogICAgICAgICRkaXJwYXRoID0gSm9pbi1QYXRoIC1QYXRoICRkZXN0IC1DaGlsZFBhdGggJGRpcm5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGRpcnBhdGgpCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgdG8gZGVzdCAnJGRpcnBhdGgnOiBvYmplY3QgYXQgcGFyZW50IGRpcmVjdG9yeSBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0KICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRkaXJwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZvbGRlciB0byBkZXN0ICckZGlycGF0aCc6IG9iamVjdCBhdCBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0gZWxzZWlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGRpcnBhdGggLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAgICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgKz0gJGRpcmVjdG9yeQogICAgICAgIH0KICAgIH0KCiAgICAjIFRPRE86IEhhbmRsZSBzeW1saW5rcwoKICAgICRyZXN1bHQuZmlsZXMgPSAkY2hhbmdlZF9maWxlcwogICAgJHJlc3VsdC5kaXJlY3RvcmllcyA9ICRjaGFuZ2VkX2RpcmVjdG9yaWVzCiAgICAkcmVzdWx0LnN5bWxpbmtzID0gJGNoYW5nZWRfc3ltbGlua3MKfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJleHBsb2RlIikgewogICAgIyBhIHNpbmdsZSB6aXAgZmlsZSBjb250YWluaW5nIHRoZSBmaWxlcyBhbmQgZGlyZWN0b3JpZXMgbmVlZHMgdG8gYmUKICAgICMgZXhwYW5kZWQgdGhpcyB3aWxsIGFsd2F5cyByZXN1bHQgaW4gYSBjaGFuZ2UgYXMgdGhlIGNhbGN1bGF0aW9uIGlzIGRvbmUKICAgICMgb24gdGhlIHdpbl9jb3B5IGFjdGlvbiBwbHVnaW4gYW5kIGlzIG9ubHkgcnVuIGlmIGEgY2hhbmdlIG5lZWRzIHRvIG9jY3VyCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRzcmMgLVBhdGhUeXBlIExlYWYpKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiQ2Fubm90IGV4cGFuZCBzcmMgemlwIGZpbGU6ICckc3JjJyBhcyBpdCBkb2VzIG5vdCBleGlzdCIKICAgIH0KCiAgICAjIERldGVjdCBpZiB0aGUgUFMgemlwIGFzc2VtYmxpZXMgYXJlIGF2YWlsYWJsZSBvciB3aGV0aGVyIHRvIHVzZSBTaGVsbAogICAgJHVzZV9sZWdhY3kgPSAkZmFsc2UKICAgIHRyeSB7CiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24uRmlsZVN5c3RlbSB8IE91dC1OdWxsCiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24gfCBPdXQtTnVsbAogICAgfSBjYXRjaCB7CiAgICAgICAgJHVzZV9sZWdhY3kgPSAkdHJ1ZQogICAgfQogICAgaWYgKCR1c2VfbGVnYWN5KSB7CiAgICAgICAgRXh0cmFjdC1aaXBMZWdhY3kgLXNyYyAkc3JjIC1kZXN0ICRkZXN0CiAgICB9IGVsc2UgewogICAgICAgIEV4dHJhY3QtWmlwIC1zcmMgJHNyYyAtZGVzdCAkZGVzdAogICAgfQoKICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCn0gZWxzZWlmICgkY29weV9tb2RlIC1lcSAicmVtb3RlIikgewogICAgIyBhbGwgY29weSBhY3Rpb25zIGFyZSBoYXBwZW5pbmcgb24gdGhlIHJlbW90ZSBzaWRlICh3aW5kb3dzIGhvc3QpLCBuZWVkCiAgICAjIHRvbyBjb3B5IHNvdXJjZSBhbmQgZGVzdCB1c2luZyBQUyBjb2RlCiAgICAkcmVzdWx0LnNyYyA9ICRzcmMKICAgICRyZXN1bHQuZGVzdCA9ICRkZXN0CgogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBDb250YWluZXIpIHsKICAgICAgICAjIHdlIGFyZSBjb3B5aW5nIGEgZGlyZWN0b3J5IG9yIHRoZSBjb250ZW50cyBvZiBhIGRpcmVjdG9yeQogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZvbGRlcl9jb3B5JwogICAgICAgIGlmICgkc3JjLkVuZHNXaXRoKCIvIikgLW9yICRzcmMuRW5kc1dpdGgoImBcIikpIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIncyBjb250ZW50cyB0byBkZXN0CiAgICAgICAgICAgICRkaWZmID0gIiIKICAgICAgICAgICAgJGNoaWxkX2ZpbGVzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZQogICAgICAgICAgICBmb3JlYWNoICgkY2hpbGRfZmlsZSBpbiAkY2hpbGRfZmlsZXMpIHsKICAgICAgICAgICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfZmlsZS5OYW1lCiAgICAgICAgICAgICAgICBpZiAoJGNoaWxkX2ZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgICAgICRkaWZmICs9IENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aAogICAgICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIgYW5kIGl0J3MgY29udGVudHMgdG8gZGVzdAogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgICAgICAkZGlmZiA9IENvcHktRm9sZGVyIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgIyB3ZSBhcmUganVzdCBjb3B5aW5nIGEgc2luZ2xlIGZpbGUgdG8gZGVzdAogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZpbGVfY29weScKCiAgICAgICAgJHNvdXJjZV9iYXNlbmFtZSA9IChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICRyZXN1bHQub3JpZ2luYWxfYmFzZW5hbWUgPSAkc291cmNlX2Jhc2VuYW1lCgogICAgICAgIGlmICgkZGVzdC5FbmRzV2l0aCgiLyIpIC1vciAkZGVzdC5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICMgY2hlY2sgaWYgdGhlIHBhcmVudCBkaXIgZXhpc3RzLCB0aGlzIGlzIG9ubHkgZG9uZSBpZiBzcmMgaXMgYQogICAgICAgICAgICAjIGZpbGUgYW5kIGRlc3QgaWYgdGhlIHBhdGggdG8gYSBmaWxlIChkb2Vzbid0IGVuZCB3aXRoIFwgb3IgLykKICAgICAgICAgICAgJHBhcmVudF9kaXIgPSBTcGxpdC1QYXRoIC1QYXRoICRkZXN0CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRGVzdGluYXRpb24gZGlyZWN0b3J5ICckcGFyZW50X2RpcicgZG9lcyBub3QgZXhpc3QiCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgJGNvcHlfcmVzdWx0ID0gQ29weS1GaWxlIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgICRkaWZmID0gJGNvcHlfcmVzdWx0LmRpZmYKICAgICAgICAkcmVzdWx0LmNoZWNrc3VtID0gJGNvcHlfcmVzdWx0LmNoZWNrc3VtCiAgICB9CgogICAgIyB0aGUgZmlsZSBtaWdodCBub3QgZXhpc3QgaWYgcnVubmluZyBpbiBjaGVjayBtb2RlCiAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSAtb3IgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikpIHsKICAgICAgICAkcmVzdWx0LnNpemUgPSBHZXQtRmlsZVNpemUgLXBhdGggJGRlc3QKICAgIH0gZWxzZSB7CiAgICAgICAgJHJlc3VsdC5zaXplID0gJG51bGwKICAgIH0KICAgIGlmICgkZGlmZl9tb2RlKSB7CiAgICAgICAgJHJlc3VsdC5kaWZmLnByZXBhcmVkID0gJGRpZmYKICAgIH0KfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJzaW5nbGUiKSB7CiAgICAjIGEgc2luZ2xlIGZpbGUgaXMgbG9jYXRlZCBpbiBzcmMgYW5kIHdlIG5lZWQgdG8gY29weSB0byBkZXN0LCB0aGlzIHdpbGwKICAgICMgYWx3YXlzIHJlc3VsdCBpbiBhIGNoYW5nZSBhcyB0aGUgY2FsY3VsYXRpb24gaXMgZG9uZSBvbiB0aGUgQW5zaWJsZSBzaWRlCiAgICAjIGJlZm9yZSB0aGlzIGlzIHJ1bi4gVGhpcyBzaG91bGQgYWxzbyBuZXZlciBydW4gaW4gY2hlY2sgbW9kZQogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBMZWFmKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgIyB0aGUgZGVzdCBwYXJhbWV0ZXIgaXMgYSBkaXJlY3RvcnksIHdlIG5lZWQgdG8gYXBwZW5kIG9yaWdpbmFsX2Jhc2VuYW1lCiAgICBpZiAoJGRlc3QuRW5kc1dpdGgoIi8iKSAtb3IgJGRlc3QuRW5kc1dpdGgoImBcIikgLW9yIChUZXN0LVBhdGggLVBhdGggJGRlc3QgLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAkcmVtb3RlX2Rlc3QgPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkb3JpZ2luYWxfYmFzZW5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgd2hlbiBkZXN0IGVuZHMgd2l0aCAvLCB3ZSBuZWVkIHRvIGNyZWF0ZSB0aGUgZGVzdGluYXRpb24gZGlyZWN0b3JpZXMKICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXJlbnRfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHJlbW90ZV9kZXN0ID0gJGRlc3QKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgY2hlY2sgaWYgdGhlIGRlc3QgcGFyZW50IGRpcnMgZXhpc3QsIG5lZWQgdG8gZmFpbCBpZiB0aGV5IGRvbid0CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJvYmplY3QgYXQgZGVzdGluYXRpb24gcGFyZW50IGRpciAnJHBhcmVudF9kaXInIGlzIGN1cnJlbnRseSBhIGZpbGUiCiAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJEZXN0aW5hdGlvbiBkaXJlY3RvcnkgJyRwYXJlbnRfZGlyJyBkb2VzIG5vdCBleGlzdCIKICAgICAgICB9CiAgICB9CgogICAgQ29weS1JdGVtIC1QYXRoICRzcmMgLURlc3RpbmF0aW9uICRyZW1vdGVfZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_copy_mode": "single", "_ansible_remote_tmp": "%TEMP%", "_ansible_syslog_facility": "LOG_USER", "_ansible_keep_remote_files": false, "_ansible_socket": null, "_original_basename": "pip-install-requirements.log", "_ansible_check_mode": false, "src": "C:\ ScriptBlock ID: c28f0d46-65cd-4c52-9c43-1deaac8e0147 Path:	4104	1		3	2	15	0	1232	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2352	4404	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:40 PM	7f70462d-725d-0001-c14f-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 5): uc2libGVfZGlmZiIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQoKIyB0aGVyZSBhcmUgNCBtb2RlcyB0byB3aW5fY29weSB3aGljaCBhcmUgZHJpdmVuIGJ5IHRoZSBhY3Rpb24gcGx1Z2luczoKIyAgIGV4cGxvZGU6IHNyYyBpcyBhIHppcCBmaWxlIHdoaWNoIG5lZWRzIHRvIGJlIGV4dHJhY3RlZCB0byBkZXN0LCBmb3IgdXNlIHdpdGggbXVsdGlwbGUgZmlsZXMKIyAgIHF1ZXJ5OiB3aW5fY29weSBhY3Rpb24gcGx1Z2luIHdhbnRzIHRvIGdldCB0aGUgc3RhdGUgb2YgcmVtb3RlIGZpbGVzIHRvIGNoZWNrIHdoZXRoZXIgaXQgbmVlZHMgdG8gc2VuZCB0aGVtCiMgICByZW1vdGU6IGFsbCBjb3B5IGFjdGlvbiBpcyBoYXBwZW5pbmcgcmVtb3RlbHkgKHJlbW90ZV9zcmM9VHJ1ZSkKIyAgIHNpbmdsZTogYSBzaW5nbGUgZmlsZSBoYXMgYmVlbiBjb3BpZWQsIGFsc28gdXNlZCB3aXRoIHRlbXBsYXRlCiRjb3B5X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2NvcHlfbW9kZSIgLXR5cGUgInN0ciIgLWRlZmF1bHQgInNpbmdsZSIgLXZhbGlkYXRlc2V0ICJleHBsb2RlIiwicXVlcnkiLCJyZW1vdGUiLCJzaW5nbGUiCgojIHVzZWQgaW4gZXhwbG9kZSwgcmVtb3RlIGFuZCBzaW5nbGUgbW9kZQokc3JjID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInNyYyIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAoJGNvcHlfbW9kZSAtaW4gQCgiZXhwbG9kZSIsInByb2Nlc3MiLCJzaW5nbGUiKSkKJGRlc3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGVzdCIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAkdHJ1ZQoKIyB1c2VkIGluIHNpbmdsZSBtb2RlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCgojIHVzZWQgaW4gcXVlcnkgYW5kIHJlbW90ZSBtb2RlCiRmb3JjZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmb3JjZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCgojIHVzZWQgaW4gcXVlcnkgbW9kZSwgY29udGFpbnMgdGhlIGxvY2FsIGZpbGVzL2RpcmVjdG9yaWVzL3N5bWxpbmtzIHRoYXQgYXJlIHRvIGJlIGNvcGllZAokZmlsZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZmlsZXMiIC10eXBlICJsaXN0IgokZGlyZWN0b3JpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGlyZWN0b3JpZXMiIC10eXBlICJsaXN0Igokc3ltbGlua3MgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3ltbGlua3MiIC10eXBlICJsaXN0IgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCn0KCmlmICgkZGlmZl9tb2RlKSB7CiAgICAkcmVzdWx0LmRpZmYgPSBAe30KfQoKRnVuY3Rpb24gQ29weS1GaWxlKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9maWxlID0gJGZhbHNlCiAgICAkc291cmNlX2NoZWNrc3VtID0gJG51bGwKICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAkc291cmNlX2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkc291cmNlCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBkZXN0IGlzIGFscmVhZHkgYSBmb2xkZXIiCiAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgaWYgKCRmb3JjZSkgewogICAgICAgICAgICAkdGFyZ2V0X2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkZGVzdAogICAgICAgICAgICBpZiAoJHNvdXJjZV9jaGVja3N1bSAtbmUgJHRhcmdldF9jaGVja3N1bSkgewogICAgICAgICAgICAgICAgJGNvcHlfZmlsZSA9ICR0cnVlCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICRjb3B5X2ZpbGUgPSAkdHJ1ZQogICAgfQoKICAgIGlmICgkY29weV9maWxlKSB7CiAgICAgICAgJGZpbGVfZGlyID0gW1N5c3RlbS5JTy5QYXRoXTo6R2V0RGlyZWN0b3J5TmFtZSgkZGVzdCkKICAgICAgICAjIHZhbGlkYXRlIHRoZSBwYXJlbnQgZGlyIGlzIG5vdCBhIGZpbGUgYW5kIHRoYXQgaXQgZXhpc3RzCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZmlsZV9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRmaWxlX2RpcikpIHsKICAgICAgICAgICAgIyBkaXJlY3RvcnkgZG9lc24ndCBleGlzdCwgbmVlZCB0byBjcmVhdGUKICAgICAgICAgICAgTmV3LUl0ZW0gLVBhdGggJGZpbGVfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICIrJGZpbGVfZGlyXGBuIgogICAgICAgIH0KCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBSZW1vdmUtSXRlbSAtUGF0aCAkZGVzdCAtRm9yY2UgLVJlY3Vyc2UgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICItJGRlc3RgbiIKICAgICAgICB9CgogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICMgY2Fubm90IHJ1biB3aXRoIC1XaGF0SWY6JGNoZWNrX21vZGUgYXMgaWYgdGhlIHBhcmVudCBkaXIgZGlkbid0CiAgICAgICAgICAgICMgZXhpc3QgYW5kIHdhcyBjcmVhdGVkIGFib3ZlIHdvdWxkIHN0aWxsIG5vdCBleGlzdCBpbiBjaGVjayBtb2RlCiAgICAgICAgICAgIENvcHktSXRlbSAtUGF0aCAkc291cmNlIC1EZXN0aW5hdGlvbiAkZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgICAgICAkZGlmZiArPSAiKyRkZXN0YG4iCgogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgIyB1Z2x5IGJ1dCB0byBzYXZlIHVzIGZyb20gcnVubmluZyB0aGUgY2hlY2tzdW0gdHdpY2UsIGxldCdzIHJldHVybiBpdCBmb3IKICAgICMgdGhlIG1haW4gY29kZSB0byBhZGQgaXQgdG8gJHJlc3VsdAogICAgcmV0dXJuICxAeyBkaWZmID0gJGRpZmY7IGNoZWNrc3VtID0gJHNvdXJjZV9jaGVja3N1bSB9Cn0KCkZ1bmN0aW9uIENvcHktRm9sZGVyKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9mb2xkZXIgPSAkZmFsc2UKCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgJHBhcmVudF9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRkZXN0KQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgZnJvbSAnJHNvdXJjZScgdG8gJyRkZXN0JzogZGVzdCBpcyBhbHJlYWR5IGEgZmlsZSIKICAgICAgICB9CgogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBDb250YWluZXIgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgJGRpZmYgKz0gIiskZGVzdFxgbiIKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQoKICAgICRjaGlsZF9pdGVtcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJHNvdXJjZSAtRm9yY2UKICAgIGZvcmVhY2ggKCRjaGlsZF9pdGVtIGluICRjaGlsZF9pdGVtcykgewogICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfaXRlbS5OYW1lCiAgICAgICAgaWYgKCRjaGlsZF9pdGVtLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgJGRpZmYgKz0gKENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgIH0KICAgIH0KCiAgICByZXR1cm4gJGRpZmYKfQoKRnVuY3Rpb24gR2V0LUZpbGVTaXplKCRwYXRoKSB7CiAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRwYXRoIC1Gb3JjZQogICAgJHNpemUgPSAkbnVsbAogICAgaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAkZGlyX2ZpbGVzX3N1bSA9IEdldC1DaGlsZEl0ZW0gJGZpbGUuRnVsbE5hbWUgLVJlY3Vyc2UKICAgICAgICBpZiAoJGRpcl9maWxlc19zdW0gLWVxICRudWxsIC1vciAoJGRpcl9maWxlc19zdW0uUFNPYmplY3QuUHJvcGVydGllcy5uYW1lIC1jb250YWlucyAnbGVuZ3RoJyAtZXEgJGZhbHNlKSkgewogICAgICAgICAgICAkc2l6ZSA9IDAKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkc2l6ZSA9ICgkZGlyX2ZpbGVzX3N1bSB8IE1lYXN1cmUtT2JqZWN0IC1wcm9wZXJ0eSBsZW5ndGggLXN1bSkuU3VtCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkc2l6ZSA9ICRmaWxlLkxlbmd0aAogICAgfQoKICAgICRzaXplCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwKCRzcmMsICRkZXN0KSB7CiAgICAkYXJjaGl2ZSA9IFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZV06Ok9wZW4oJHNyYywgW1N5c3RlbS5JTy5Db21wcmVzc2lvbi5aaXBBcmNoaXZlTW9kZV06OlJlYWQsIFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjgpCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJGFyY2hpdmUuRW50cmllcykgewogICAgICAgICRhcmNoaXZlX25hbWUgPSAkZW50cnkuRnVsbE5hbWUKCiAgICAgICAgIyBGdWxsTmFtZSBtYXkgYmUgYXBwZW5kZWQgd2l0aCAvIG9yIFwsIGRldGVybWluZSBpZiBpdCBpcyBwYWRkZWQgYW5kIHJlbW92ZSBpdAogICAgICAgICRwYWRkaW5nX2xlbmd0aCA9ICRhcmNoaXZlX25hbWUuTGVuZ3RoICUgNAogICAgICAgIGlmICgkcGFkZGluZ19sZW5ndGggLWVxIDApIHsKICAgICAgICAgICAgJGlzX2RpciA9ICRmYWxzZQogICAgICAgICAgICAkYmFzZTY0X25hbWUgPSAkYXJjaGl2ZV9uYW1lCiAgICAgICAgfSBlbHNlaWYgKCRwYWRkaW5nX2xlbmd0aCAtZXEgMSkgewogICAgICAgICAgICAkaXNfZGlyID0gJHRydWUKICAgICAgICAgICAgaWYgKCRhcmNoaXZlX25hbWUuRW5kc1dpdGgoIi8iKSAtb3IgJGFyY2hpdmVfbmFtZS5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAgICAgJGJhc2U2NF9uYW1lID0gJGFyY2hpdmVfbmFtZS5TdWJzdHJpbmcoMCwgJGFyY2hpdmVfbmFtZS5MZW5ndGggLSAxKQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgdGhyb3cgImludmFsaWQgYmFzZTY0IGFyY2hpdmUgbmFtZSAnJGFyY2hpdmVfbmFtZSciCiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICB0aHJvdyAiaW52YWxpZCBiYXNlNjQgbGVuZ3RoICckYXJjaGl2ZV9uYW1lJyIKICAgICAgICB9CgogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGJhc2U2NF9uYW1lKSkKICAgICAgICAjIHJlLWFkZCB0aGUgLyB0byB0aGUgZW50cnkgZnVsbCBuYW1lIGlmIGl0IHdhcyBhIGRpcmVjdG9yeQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9ICIkZGVjb2RlZF9hcmNoaXZlX25hbWUvIgogICAgICAgIH0KICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX25hbWUpCiAgICAgICAgJGVudHJ5X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGVudHJ5X3RhcmdldF9wYXRoKQoKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRlbnRyeV9kaXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRlbnRyeV9kaXIgLUl0ZW1UeXBlIERpcmVjdG9yeSAtV2hhdElmOiRjaGVja19tb2RlIHwgT3V0LU51bGwKICAgICAgICB9CgogICAgICAgIGlmICgkaXNfZGlyIC1lcSAkZmFsc2UpIHsKICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgICAgIFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZUV4dGVuc2lvbnNdOjpFeHRyYWN0VG9GaWxlKCRlbnRyeSwgJGVudHJ5X3RhcmdldF9wYXRoLCAkdHJ1ZSkKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KICAgICRhcmNoaXZlLkRpc3Bvc2UoKSAgIyByZWxlYXNlIHRoZSBoYW5kbGUgb2YgdGhlIHppcCBmaWxlCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwTGVnYWN5KCRzcmMsICRkZXN0KSB7CiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0KSkgewogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICB9CiAgICAkc2hlbGwgPSBOZXctT2JqZWN0IC1Db21PYmplY3QgU2hlbGwuQXBwbGljYXRpb24KICAgICR6aXAgPSAkc2hlbGwuTmFtZVNwYWNlKCRzcmMpCiAgICAkZGVzdF9wYXRoID0gJHNoZWxsLk5hbWVTcGFjZSgkZGVzdCkKCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJHppcC5JdGVtcygpKSB7CiAgICAgICAgJGlzX2RpciA9ICRlbnRyeS5Jc0ZvbGRlcgogICAgICAgICRlbmNvZGVkX2FyY2hpdmVfZW50cnkgPSAkZW50cnkuTmFtZQogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRlbmNvZGVkX2FyY2hpdmVfZW50cnkpKQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSAiJGRlY29kZWRfYXJjaGl2ZV9lbnRyeS8iCiAgICAgICAgfQoKICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX2VudHJ5KQogICAgICAgICRlbnRyeV9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRlbnRyeV90YXJnZXRfcGF0aCkKCiAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkZW50cnlfZGlyKSkgewogICAgICAgICAgICBOZXctSXRlbSAtUGF0aCAkZW50cnlfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfQoKICAgICAgICBpZiAoJGlzX2RpciAtZXEgJGZhbHNlIC1hbmQgKC1ub3QgJGNoZWNrX21vZGUpKSB7CiAgICAgICAgICAgICMgaHR0cHM6Ly9tc2RuLm1pY3Jvc29mdC5jb20vZW4tdXMvbGlicmFyeS93aW5kb3dzL2Rlc2t0b3AvYmI3ODc4NjYuYXNweAogICAgICAgICAgICAjIEZyb20gRm9sZGVyLkNvcHlIZXJlIGRvY3VtZW50YXRpb24sIDEwNDQgbWVhbnM6CiAgICAgICA ScriptBlock ID: c28f0d46-65cd-4c52-9c43-1deaac8e0147 Path:	4104	1		3	2	15	0	1231	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2352	4404	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:40 PM	7f70462d-725d-0001-c14f-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 5): Q29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTUsIEpvbiBIYXdrZXN3b3J0aCAoQGpoYXdrZXN3b3J0aCkgPGZpZ3NAdW5pdHkuZGVtb24uY28udWs+CiMgQ29weXJpZ2h0OiAoYykgMjAxNywgQW5zaWJsZSBQcm9qZWN0CiMgR05VIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgdjMuMCsgKHNlZSBDT1BZSU5HIG9yIGh0dHBzOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvZ3BsLTMuMC50eHQpCgojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxlZ2FjeQoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKJHBhcmFtcyA9IFBhcnNlLUFyZ3MgLWFyZ3VtZW50cyAkYXJncyAtc3VwcG9ydHNfY2hlY2tfbW9kZSAkdHJ1ZQokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtdHlwZSAiYm9vbCIgLWRlZmF1bHQgJGZhbHNlCiRkaWZmX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2F ScriptBlock ID: c28f0d46-65cd-4c52-9c43-1deaac8e0147 Path:	4104	1		3	2	15	0	1230	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2352	4404	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:40 PM	7f70462d-725d-0001-c14f-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 5): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmou ScriptBlock ID: c28f0d46-65cd-4c52-9c43-1deaac8e0147 Path:	4104	1		3	2	15	0	1229	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2352	4404	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:40 PM	7f70462d-725d-0001-c14f-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1228	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2352	4332	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:40 PM	7f70462d-725d-0002-ef8a-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2352 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1227	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2352	4912	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:40 PM	7f70462d-725d-0002-ef8a-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1226	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2352	4332	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:40 PM	7f70462d-725d-0002-ef8a-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): begin { $path = 'C:\Users\Admin\AppData\Local\Temp\ansible-tmp-1625573499.07-192100432675437\source' $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 $fd = [System.IO.File]::Create($path) $sha1 = [System.Security.Cryptography.SHA1CryptoServiceProvider]::Create() $bytes = @() #initialize for empty file case } process { $bytes = [System.Convert]::FromBase64String($input) $sha1.TransformBlock($bytes, 0, $bytes.Length, $bytes, 0) | Out-Null $fd.Write($bytes, 0, $bytes.Length) } end { $sha1.TransformFinalBlock($bytes, 0, 0) | Out-Null $hash = [System.BitConverter]::ToString($sha1.Hash).Replace("-", "").ToLowerInvariant() $fd.Close() Write-Output "{""sha1"":""$hash""}" } ScriptBlock ID: c08d41b4-aa02-4491-a2aa-96e33e99f7e3 Path:	4104	1		3	2	15	0	1225	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5036	1688	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:40 PM	7f70462d-725d-0005-6f54-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1224	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5036	4432	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:39 PM	7f70462d-725d-0002-ec8a-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 5036 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1223	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5036	3636	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:39 PM	7f70462d-725d-0002-ec8a-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1222	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5036	4432	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:39 PM	7f70462d-725d-0002-ec8a-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1221	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1680	808	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:39 PM	7f70462d-725d-0004-8363-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1680 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1220	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1680	1256	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:39 PM	7f70462d-725d-0004-8363-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1219	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1680	808	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:39 PM	7f70462d-725d-0004-8363-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1218	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2180	4560	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:39 PM	7f70462d-725d-0003-7b8d-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2180 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1217	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2180	1664	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:39 PM	7f70462d-725d-0003-7b8d-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1216	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2180	4560	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:39 PM	7f70462d-725d-0003-7b8d-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2015, Jon Hawkesworth (@jhawkesworth) <figs@unity.demon.co.uk> # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = 'Stop' $params = Parse-Args -arguments $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false $diff_mode = Get-AnsibleParam -obj $params -name "_ansible_diff" -type "bool" -default $false # there are 4 modes to win_copy which are driven by the action plugins: # explode: src is a zip file which needs to be extracted to dest, for use with multiple files # query: win_copy action plugin wants to get the state of remote files to check whether it needs to send them # remote: all copy action is happening remotely (remote_src=True) # single: a single file has been copied, also used with template $copy_mode = Get-AnsibleParam -obj $params -name "_copy_mode" -type "str" -default "single" -validateset "explode","query","remote","single" # used in explode, remote and single mode $src = Get-AnsibleParam -obj $params -name "src" -type "path" -failifempty ($copy_mode -in @("explode","process","single")) $dest = Get-AnsibleParam -obj $params -name "dest" -type "path" -failifempty $true # used in single mode $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" # used in query and remote mode $force = Get-AnsibleParam -obj $params -name "force" -type "bool" -default $true # used in query mode, contains the local files/directories/symlinks that are to be copied $files = Get-AnsibleParam -obj $params -name "files" -type "list" $directories = Get-AnsibleParam -obj $params -name "directories" -type "list" $symlinks = Get-AnsibleParam -obj $params -name "symlinks" -type "list" $result = @{ changed = $false } if ($diff_mode) { $result.diff = @{} } Function Copy-File($source, $dest) { $diff = "" $copy_file = $false $source_checksum = $null if ($force) { $source_checksum = Get-FileChecksum -path $source } if (Test-Path -Path $dest -PathType Container) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': dest is already a folder" } elseif (Test-Path -Path $dest -PathType Leaf) { if ($force) { $target_checksum = Get-FileChecksum -path $dest if ($source_checksum -ne $target_checksum) { $copy_file = $true } } } else { $copy_file = $true } if ($copy_file) { $file_dir = [System.IO.Path]::GetDirectoryName($dest) # validate the parent dir is not a file and that it exists if (Test-Path -Path $file_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } elseif (-not (Test-Path -Path $file_dir)) { # directory doesn't exist, need to create New-Item -Path $file_dir -ItemType Directory -WhatIf:$check_mode | Out-Null $diff += "+$file_dir\`n" } if (Test-Path -Path $dest -PathType Leaf) { Remove-Item -Path $dest -Force -Recurse -WhatIf:$check_mode | Out-Null $diff += "-$dest`n" } if (-not $check_mode) { # cannot run with -WhatIf:$check_mode as if the parent dir didn't # exist and was created above would still not exist in check mode Copy-Item -Path $source -Destination $dest -Force | Out-Null } $diff += "+$dest`n" $result.changed = $true } # ugly but to save us from running the checksum twice, let's return it for # the main code to add it to $result return ,@{ diff = $diff; checksum = $source_checksum } } Function Copy-Folder($source, $dest) { $diff = "" $copy_folder = $false if (-not (Test-Path -Path $dest -PathType Container)) { $parent_dir = [System.IO.Path]::GetDirectoryName($dest) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } if (Test-Path -Path $dest -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder from '$source' to '$dest': dest is already a file" } New-Item -Path $dest -ItemType Container -WhatIf:$check_mode | Out-Null $diff += "+$dest\`n" $result.changed = $true } $child_items = Get-ChildItem -Path $source -Force foreach ($child_item in $child_items) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_item.Name if ($child_item.PSIsContainer) { $diff += (Copy-Folder -source $child_item.Fullname -dest $dest_child_path) } else { $diff += (Copy-File -source $child_item.Fullname -dest $dest_child_path).diff } } return $diff } Function Get-FileSize($path) { $file = Get-Item -Path $path -Force $size = $null if ($file.PSIsContainer) { $dir_files_sum = Get-ChildItem $file.FullName -Recurse if ($dir_files_sum -eq $null -or ($dir_files_sum.PSObject.Properties.name -contains 'length' -eq $false)) { $size = 0 } else { $size = ($dir_files_sum | Measure-Object -property length -sum).Sum } } else { $size = $file.Length } $size } Function Extract-Zip($src, $dest) { $archive = [System.IO.Compression.ZipFile]::Open($src, [System.IO.Compression.ZipArchiveMode]::Read, [System.Text.Encoding]::UTF8) foreach ($entry in $archive.Entries) { $archive_name = $entry.FullName # FullName may be appended with / or \, determine if it is padded and remove it $padding_length = $archive_name.Length % 4 if ($padding_length -eq 0) { $is_dir = $false $base64_name = $archive_name } elseif ($padding_length -eq 1) { $is_dir = $true if ($archive_name.EndsWith("/") -or $archive_name.EndsWith("`\")) { $base64_name = $archive_name.Substring(0, $archive_name.Length - 1) } else { throw "invalid base64 archive name '$archive_name'" } } else { throw "invalid base64 length '$archive_name'" } # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_name = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_name)) # re-add the / to the entry full name if it was a directory if ($is_dir) { $decoded_archive_name = "$decoded_archive_name/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_name) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false) { if (-not $check_mode) { [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $entry_target_path, $true) } } } $archive.Dispose() # release the handle of the zip file } Function Extract-ZipLegacy($src, $dest) { if (-not (Test-Path -Path $dest)) { New-Item -Path $dest -ItemType Directory -WhatIf:$check_mode | Out-Null } $shell = New-Object -ComObject Shell.Application $zip = $shell.NameSpace($src) $dest_path = $shell.NameSpace($dest) foreach ($entry in $zip.Items()) { $is_dir = $entry.IsFolder $encoded_archive_entry = $entry.Name # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_entry = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encoded_archive_entry)) if ($is_dir) { $decoded_archive_entry = "$decoded_archive_entry/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_entry) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false -and (-not $check_mode)) { # https://msdn.microsoft.com/en-us/library/windows/desktop/bb787866.aspx # From Folder.CopyHere documentation, 1044 means: # - 1024: do not display a user interface if an error occurs # - 16: respond with "yes to all" for any dialog box that is displayed # - 4: do not display a progress dialog box $dest_path.CopyHere($entry, 1044) # once file is extraced, we need to rename it with non base64 name $combined_encoded_path = [System.IO.Path]::Combine($dest, $encoded_archive_entry) Move-Item -Path $combined_encoded_path -Destination $entry_target_path -Force | Out-Null } } } if ($copy_mode -eq "query") { # we only return a list of files/directories that need to be copied over # the source of the local file will be the key used $changed_files = @() $changed_directories = @() $changed_symlinks = @() foreach ($file in $files) { $filename = $file.dest $local_checksum = $file.checksum $filepath = Join-Path -Path $dest -ChildPath $filename if (Test-Path -Path $filepath -PathType Leaf) { if ($force) { $checksum = Get-FileChecksum -path $filepath if ($checksum -ne $local_checksum) { $will_change = $true $changed_files += $file } } } elseif (Test-Path -Path $filepath -PathType Container) { Fail-Json -obj $result -message "cannot copy file to dest '$filepath': object at path is already a directory" } else { $changed_files += $file } } foreach ($directory in $directories) { $dirname = $directory.dest $dirpath = Join-Path -Path $dest -ChildPath $dirname $parent_dir = [System.IO.Path]::GetDirectoryName($dirpath) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at parent directory path is already a file" } if (Test-Path -Path $dirpath -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at path is already a file" } elseif (-not (Test-Path -Path $dirpath -PathType Container)) { $changed_directories += $directory } } # TODO: Handle symlinks $result.files = $changed_files $result.directories = $changed_directories $result.symlinks = $changed_symlinks } elseif ($copy_mode -eq "explode") { # a single zip file containing the files and directories needs to be # expanded this will always result in a change as the calculation is done # on the win_copy action plugin and is only run if a change needs to occur if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot expand src zip file: '$src' as it does not exist" } # Detect if the PS zip assemblies are available or whether to use Shell $use_legacy = $false try { Add-Type -AssemblyName System.IO.Compression.FileSystem | Out-Null Add-Type -AssemblyName System.IO.Compression | Out-Null } catch { $use_legacy = $true } if ($use_legacy) { Extract-ZipLegacy -src $src -dest $dest } else { Extract-Zip -src $src -dest $dest } $result.changed = $true } elseif ($copy_mode -eq "remote") { # all copy actions are happening on the remote side (windows host), need # too copy source and dest using PS code $result.src = $src $result.dest = $dest if (-not (Test-Path -Path $src)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } if (Test-Path -Path $src -PathType Container) { # we are copying a directory or the contents of a directory $result.operation = 'folder_copy' if ($src.EndsWith("/") -or $src.EndsWith("`\")) { # copying the folder's contents to dest $diff = "" $child_files = Get-ChildItem -Path $src -Force foreach ($child_file in $child_files) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_file.Name if ($child_file.PSIsContainer) { $diff += Copy-Folder -source $child_file.FullName -dest $dest_child_path } else { $diff += (Copy-File -source $child_file.FullName -dest $dest_child_path).diff } } } else { # copying the folder and it's contents to dest $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest $diff = Copy-Folder -source $src -dest $dest } } else { # we are just copying a single file to dest $result.operation = 'file_copy' $source_basename = (Get-Item -Path $src -Force).Name $result.original_basename = $source_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\")) { $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest } else { # check if the parent dir exists, this is only done if src is a # file and dest if the path to a file (doesn't end with \ or /) $parent_dir = Split-Path -Path $dest if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } $copy_result = Copy-File -source $src -dest $dest $diff = $copy_result.diff $result.checksum = $copy_result.checksum } # the file might not exist if running in check mode if (-not $check_mode -or (Test-Path -Path $dest -PathType Leaf)) { $result.size = Get-FileSize -path $dest } else { $result.size = $null } if ($diff_mode) { $result.diff.prepared = $diff } } elseif ($copy_mode -eq "single") { # a single file is located in src and we need to copy to dest, this will # always result in a change as the calculation is done on the Ansible side # before this is run. This should also never run in check mode if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } # the dest parameter is a directory, we need to append original_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\") -or (Test-Path -Path $dest -PathType Container)) { $remote_dest = Join-Path -Path $dest -ChildPath $original_basename $parent_dir = Split-Path -Path $remote_dest # when dest ends with /, we need to create the destination directories if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { New-Item -Path $parent_dir -ItemType Directory | Out-Null } } else { $remote_dest = $dest $parent_dir = Split-Path -Path $remote_dest # check if the dest parent dirs exist, need to fail if they don't if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } Copy-Item -Path $src -Destination $remote_dest -Force | Out-Null $result.changed = $true } Exit-Json -obj $result ScriptBlock ID: 34ab2bb3-4ccc-4e52-9d23-2a2700e151b4 Path:	4104	1		3	2	15	0	1215	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3588	4988	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:38 PM	7f70462d-725d-0000-d757-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 8f1ac156-e02a-4b83-83ea-f071bc059055 Path:	4104	1		3	2	15	0	1214	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3588	1812	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:38 PM	7f70462d-725d-0000-ca57-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 888ae27a-c1f6-42d1-9a25-5fafb05db4e5 Path:	4104	1		3	2	15	0	1213	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3588	1812	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:38 PM	7f70462d-725d-0000-bb57-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): WwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRGVzdGluYXRpb24gZGlyZWN0b3J5ICckcGFyZW50X2RpcicgZG9lcyBub3QgZXhpc3QiCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgJGNvcHlfcmVzdWx0ID0gQ29weS1GaWxlIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgICRkaWZmID0gJGNvcHlfcmVzdWx0LmRpZmYKICAgICAgICAkcmVzdWx0LmNoZWNrc3VtID0gJGNvcHlfcmVzdWx0LmNoZWNrc3VtCiAgICB9CgogICAgIyB0aGUgZmlsZSBtaWdodCBub3QgZXhpc3QgaWYgcnVubmluZyBpbiBjaGVjayBtb2RlCiAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSAtb3IgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikpIHsKICAgICAgICAkcmVzdWx0LnNpemUgPSBHZXQtRmlsZVNpemUgLXBhdGggJGRlc3QKICAgIH0gZWxzZSB7CiAgICAgICAgJHJlc3VsdC5zaXplID0gJG51bGwKICAgIH0KICAgIGlmICgkZGlmZl9tb2RlKSB7CiAgICAgICAgJHJlc3VsdC5kaWZmLnByZXBhcmVkID0gJGRpZmYKICAgIH0KfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJzaW5nbGUiKSB7CiAgICAjIGEgc2luZ2xlIGZpbGUgaXMgbG9jYXRlZCBpbiBzcmMgYW5kIHdlIG5lZWQgdG8gY29weSB0byBkZXN0LCB0aGlzIHdpbGwKICAgICMgYWx3YXlzIHJlc3VsdCBpbiBhIGNoYW5nZSBhcyB0aGUgY2FsY3VsYXRpb24gaXMgZG9uZSBvbiB0aGUgQW5zaWJsZSBzaWRlCiAgICAjIGJlZm9yZSB0aGlzIGlzIHJ1bi4gVGhpcyBzaG91bGQgYWxzbyBuZXZlciBydW4gaW4gY2hlY2sgbW9kZQogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBMZWFmKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgIyB0aGUgZGVzdCBwYXJhbWV0ZXIgaXMgYSBkaXJlY3RvcnksIHdlIG5lZWQgdG8gYXBwZW5kIG9yaWdpbmFsX2Jhc2VuYW1lCiAgICBpZiAoJGRlc3QuRW5kc1dpdGgoIi8iKSAtb3IgJGRlc3QuRW5kc1dpdGgoImBcIikgLW9yIChUZXN0LVBhdGggLVBhdGggJGRlc3QgLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAkcmVtb3RlX2Rlc3QgPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkb3JpZ2luYWxfYmFzZW5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgd2hlbiBkZXN0IGVuZHMgd2l0aCAvLCB3ZSBuZWVkIHRvIGNyZWF0ZSB0aGUgZGVzdGluYXRpb24gZGlyZWN0b3JpZXMKICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXJlbnRfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHJlbW90ZV9kZXN0ID0gJGRlc3QKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgY2hlY2sgaWYgdGhlIGRlc3QgcGFyZW50IGRpcnMgZXhpc3QsIG5lZWQgdG8gZmFpbCBpZiB0aGV5IGRvbid0CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJvYmplY3QgYXQgZGVzdGluYXRpb24gcGFyZW50IGRpciAnJHBhcmVudF9kaXInIGlzIGN1cnJlbnRseSBhIGZpbGUiCiAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJEZXN0aW5hdGlvbiBkaXJlY3RvcnkgJyRwYXJlbnRfZGlyJyBkb2VzIG5vdCBleGlzdCIKICAgICAgICB9CiAgICB9CgogICAgQ29weS1JdGVtIC1QYXRoICRzcmMgLURlc3RpbmF0aW9uICRyZW1vdGVfZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"symlinks": [], "files": [{"dest": "pip-install-requirements.log", "checksum": "abb8c252e1673437a7155333cd68bbfc6be86485", "src": "/home/jenkins-slave/.ansible/tmp/ansible-local-28147HK_CHA/tmpedAeIB"}], "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "force": true, "_ansible_no_log": false, "dest": "c:/openstack/log", "directories": [], "_ansible_remote_tmp": "%TEMP%", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_copy_mode": "query", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null, "_ansible_version": "2.7.0", "_ansible_module_name": "win_copy"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: afbd0583-9fa3-4051-aa53-e3f88aade152 Path:	4104	1		3	2	15	0	1212	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3588	1812	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:38 PM	7f70462d-725d-0000-b557-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): kZXN0KQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgZnJvbSAnJHNvdXJjZScgdG8gJyRkZXN0JzogZGVzdCBpcyBhbHJlYWR5IGEgZmlsZSIKICAgICAgICB9CgogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBDb250YWluZXIgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgJGRpZmYgKz0gIiskZGVzdFxgbiIKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQoKICAgICRjaGlsZF9pdGVtcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJHNvdXJjZSAtRm9yY2UKICAgIGZvcmVhY2ggKCRjaGlsZF9pdGVtIGluICRjaGlsZF9pdGVtcykgewogICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfaXRlbS5OYW1lCiAgICAgICAgaWYgKCRjaGlsZF9pdGVtLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgJGRpZmYgKz0gKENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgIH0KICAgIH0KCiAgICByZXR1cm4gJGRpZmYKfQoKRnVuY3Rpb24gR2V0LUZpbGVTaXplKCRwYXRoKSB7CiAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRwYXRoIC1Gb3JjZQogICAgJHNpemUgPSAkbnVsbAogICAgaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAkZGlyX2ZpbGVzX3N1bSA9IEdldC1DaGlsZEl0ZW0gJGZpbGUuRnVsbE5hbWUgLVJlY3Vyc2UKICAgICAgICBpZiAoJGRpcl9maWxlc19zdW0gLWVxICRudWxsIC1vciAoJGRpcl9maWxlc19zdW0uUFNPYmplY3QuUHJvcGVydGllcy5uYW1lIC1jb250YWlucyAnbGVuZ3RoJyAtZXEgJGZhbHNlKSkgewogICAgICAgICAgICAkc2l6ZSA9IDAKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkc2l6ZSA9ICgkZGlyX2ZpbGVzX3N1bSB8IE1lYXN1cmUtT2JqZWN0IC1wcm9wZXJ0eSBsZW5ndGggLXN1bSkuU3VtCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkc2l6ZSA9ICRmaWxlLkxlbmd0aAogICAgfQoKICAgICRzaXplCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwKCRzcmMsICRkZXN0KSB7CiAgICAkYXJjaGl2ZSA9IFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZV06Ok9wZW4oJHNyYywgW1N5c3RlbS5JTy5Db21wcmVzc2lvbi5aaXBBcmNoaXZlTW9kZV06OlJlYWQsIFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjgpCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJGFyY2hpdmUuRW50cmllcykgewogICAgICAgICRhcmNoaXZlX25hbWUgPSAkZW50cnkuRnVsbE5hbWUKCiAgICAgICAgIyBGdWxsTmFtZSBtYXkgYmUgYXBwZW5kZWQgd2l0aCAvIG9yIFwsIGRldGVybWluZSBpZiBpdCBpcyBwYWRkZWQgYW5kIHJlbW92ZSBpdAogICAgICAgICRwYWRkaW5nX2xlbmd0aCA9ICRhcmNoaXZlX25hbWUuTGVuZ3RoICUgNAogICAgICAgIGlmICgkcGFkZGluZ19sZW5ndGggLWVxIDApIHsKICAgICAgICAgICAgJGlzX2RpciA9ICRmYWxzZQogICAgICAgICAgICAkYmFzZTY0X25hbWUgPSAkYXJjaGl2ZV9uYW1lCiAgICAgICAgfSBlbHNlaWYgKCRwYWRkaW5nX2xlbmd0aCAtZXEgMSkgewogICAgICAgICAgICAkaXNfZGlyID0gJHRydWUKICAgICAgICAgICAgaWYgKCRhcmNoaXZlX25hbWUuRW5kc1dpdGgoIi8iKSAtb3IgJGFyY2hpdmVfbmFtZS5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAgICAgJGJhc2U2NF9uYW1lID0gJGFyY2hpdmVfbmFtZS5TdWJzdHJpbmcoMCwgJGFyY2hpdmVfbmFtZS5MZW5ndGggLSAxKQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgdGhyb3cgImludmFsaWQgYmFzZTY0IGFyY2hpdmUgbmFtZSAnJGFyY2hpdmVfbmFtZSciCiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICB0aHJvdyAiaW52YWxpZCBiYXNlNjQgbGVuZ3RoICckYXJjaGl2ZV9uYW1lJyIKICAgICAgICB9CgogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGJhc2U2NF9uYW1lKSkKICAgICAgICAjIHJlLWFkZCB0aGUgLyB0byB0aGUgZW50cnkgZnVsbCBuYW1lIGlmIGl0IHdhcyBhIGRpcmVjdG9yeQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9ICIkZGVjb2RlZF9hcmNoaXZlX25hbWUvIgogICAgICAgIH0KICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX25hbWUpCiAgICAgICAgJGVudHJ5X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGVudHJ5X3RhcmdldF9wYXRoKQoKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRlbnRyeV9kaXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRlbnRyeV9kaXIgLUl0ZW1UeXBlIERpcmVjdG9yeSAtV2hhdElmOiRjaGVja19tb2RlIHwgT3V0LU51bGwKICAgICAgICB9CgogICAgICAgIGlmICgkaXNfZGlyIC1lcSAkZmFsc2UpIHsKICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgICAgIFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZUV4dGVuc2lvbnNdOjpFeHRyYWN0VG9GaWxlKCRlbnRyeSwgJGVudHJ5X3RhcmdldF9wYXRoLCAkdHJ1ZSkKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KICAgICRhcmNoaXZlLkRpc3Bvc2UoKSAgIyByZWxlYXNlIHRoZSBoYW5kbGUgb2YgdGhlIHppcCBmaWxlCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwTGVnYWN5KCRzcmMsICRkZXN0KSB7CiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0KSkgewogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICB9CiAgICAkc2hlbGwgPSBOZXctT2JqZWN0IC1Db21PYmplY3QgU2hlbGwuQXBwbGljYXRpb24KICAgICR6aXAgPSAkc2hlbGwuTmFtZVNwYWNlKCRzcmMpCiAgICAkZGVzdF9wYXRoID0gJHNoZWxsLk5hbWVTcGFjZSgkZGVzdCkKCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJHppcC5JdGVtcygpKSB7CiAgICAgICAgJGlzX2RpciA9ICRlbnRyeS5Jc0ZvbGRlcgogICAgICAgICRlbmNvZGVkX2FyY2hpdmVfZW50cnkgPSAkZW50cnkuTmFtZQogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRlbmNvZGVkX2FyY2hpdmVfZW50cnkpKQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSAiJGRlY29kZWRfYXJjaGl2ZV9lbnRyeS8iCiAgICAgICAgfQoKICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX2VudHJ5KQogICAgICAgICRlbnRyeV9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRlbnRyeV90YXJnZXRfcGF0aCkKCiAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkZW50cnlfZGlyKSkgewogICAgICAgICAgICBOZXctSXRlbSAtUGF0aCAkZW50cnlfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfQoKICAgICAgICBpZiAoJGlzX2RpciAtZXEgJGZhbHNlIC1hbmQgKC1ub3QgJGNoZWNrX21vZGUpKSB7CiAgICAgICAgICAgICMgaHR0cHM6Ly9tc2RuLm1pY3Jvc29mdC5jb20vZW4tdXMvbGlicmFyeS93aW5kb3dzL2Rlc2t0b3AvYmI3ODc4NjYuYXNweAogICAgICAgICAgICAjIEZyb20gRm9sZGVyLkNvcHlIZXJlIGRvY3VtZW50YXRpb24sIDEwNDQgbWVhbnM6CiAgICAgICAgICAgICMgIC0gMTAyNDogZG8gbm90IGRpc3BsYXkgYSB1c2VyIGludGVyZmFjZSBpZiBhbiBlcnJvciBvY2N1cnMKICAgICAgICAgICAgIyAgLSAgIDE2OiByZXNwb25kIHdpdGggInllcyB0byBhbGwiIGZvciBhbnkgZGlhbG9nIGJveCB0aGF0IGlzIGRpc3BsYXllZAogICAgICAgICAgICAjICAtICAgIDQ6IGRvIG5vdCBkaXNwbGF5IGEgcHJvZ3Jlc3MgZGlhbG9nIGJveAogICAgICAgICAgICAkZGVzdF9wYXRoLkNvcHlIZXJlKCRlbnRyeSwgMTA0NCkKCiAgICAgICAgICAgICMgb25jZSBmaWxlIGlzIGV4dHJhY2VkLCB3ZSBuZWVkIHRvIHJlbmFtZSBpdCB3aXRoIG5vbiBiYXNlNjQgbmFtZQogICAgICAgICAgICAkY29tYmluZWRfZW5jb2RlZF9wYXRoID0gW1N5c3RlbS5JTy5QYXRoXTo6Q29tYmluZSgkZGVzdCwgJGVuY29kZWRfYXJjaGl2ZV9lbnRyeSkKICAgICAgICAgICAgTW92ZS1JdGVtIC1QYXRoICRjb21iaW5lZF9lbmNvZGVkX3BhdGggLURlc3RpbmF0aW9uICRlbnRyeV90YXJnZXRfcGF0aCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0KfQoKaWYgKCRjb3B5X21vZGUgLWVxICJxdWVyeSIpIHsKICAgICMgd2Ugb25seSByZXR1cm4gYSBsaXN0IG9mIGZpbGVzL2RpcmVjdG9yaWVzIHRoYXQgbmVlZCB0byBiZSBjb3BpZWQgb3ZlcgogICAgIyB0aGUgc291cmNlIG9mIHRoZSBsb2NhbCBmaWxlIHdpbGwgYmUgdGhlIGtleSB1c2VkCiAgICAkY2hhbmdlZF9maWxlcyA9IEAoKQogICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgPSBAKCkKICAgICRjaGFuZ2VkX3N5bWxpbmtzID0gQCgpCgogICAgZm9yZWFjaCAoJGZpbGUgaW4gJGZpbGVzKSB7CiAgICAgICAgJGZpbGVuYW1lID0gJGZpbGUuZGVzdAogICAgICAgICRsb2NhbF9jaGVja3N1bSA9ICRmaWxlLmNoZWNrc3VtCgogICAgICAgICRmaWxlcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoICRmaWxlbmFtZQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGZpbGVwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAgICAgICAgICRjaGVja3N1bSA9IEdldC1GaWxlQ2hlY2tzdW0gLXBhdGggJGZpbGVwYXRoCiAgICAgICAgICAgICAgICBpZiAoJGNoZWNrc3VtIC1uZSAkbG9jYWxfY2hlY2tzdW0pIHsKICAgICAgICAgICAgICAgICAgICAkd2lsbF9jaGFuZ2UgPSAkdHJ1ZQogICAgICAgICAgICAgICAgICAgICRjaGFuZ2VkX2ZpbGVzICs9ICRmaWxlCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRmaWxlcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZpbGUgdG8gZGVzdCAnJGZpbGVwYXRoJzogb2JqZWN0IGF0IHBhdGggaXMgYWxyZWFkeSBhIGRpcmVjdG9yeSIKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkY2hhbmdlZF9maWxlcyArPSAkZmlsZQogICAgICAgIH0KICAgIH0KCiAgICBmb3JlYWNoICgkZGlyZWN0b3J5IGluICRkaXJlY3RvcmllcykgewogICAgICAgICRkaXJuYW1lID0gJGRpcmVjdG9yeS5kZXN0CgogICAgICAgICRkaXJwYXRoID0gSm9pbi1QYXRoIC1QYXRoICRkZXN0IC1DaGlsZFBhdGggJGRpcm5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGRpcnBhdGgpCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgdG8gZGVzdCAnJGRpcnBhdGgnOiBvYmplY3QgYXQgcGFyZW50IGRpcmVjdG9yeSBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0KICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRkaXJwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZvbGRlciB0byBkZXN0ICckZGlycGF0aCc6IG9iamVjdCBhdCBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0gZWxzZWlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGRpcnBhdGggLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAgICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgKz0gJGRpcmVjdG9yeQogICAgICAgIH0KICAgIH0KCiAgICAjIFRPRE86IEhhbmRsZSBzeW1saW5rcwoKICAgICRyZXN1bHQuZmlsZXMgPSAkY2hhbmdlZF9maWxlcwogICAgJHJlc3VsdC5kaXJlY3RvcmllcyA9ICRjaGFuZ2VkX2RpcmVjdG9yaWVzCiAgICAkcmVzdWx0LnN5bWxpbmtzID0gJGNoYW5nZWRfc3ltbGlua3MKfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJleHBsb2RlIikgewogICAgIyBhIHNpbmdsZSB6aXAgZmlsZSBjb250YWluaW5nIHRoZSBmaWxlcyBhbmQgZGlyZWN0b3JpZXMgbmVlZHMgdG8gYmUKICAgICMgZXhwYW5kZWQgdGhpcyB3aWxsIGFsd2F5cyByZXN1bHQgaW4gYSBjaGFuZ2UgYXMgdGhlIGNhbGN1bGF0aW9uIGlzIGRvbmUKICAgICMgb24gdGhlIHdpbl9jb3B5IGFjdGlvbiBwbHVnaW4gYW5kIGlzIG9ubHkgcnVuIGlmIGEgY2hhbmdlIG5lZWRzIHRvIG9jY3VyCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRzcmMgLVBhdGhUeXBlIExlYWYpKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiQ2Fubm90IGV4cGFuZCBzcmMgemlwIGZpbGU6ICckc3JjJyBhcyBpdCBkb2VzIG5vdCBleGlzdCIKICAgIH0KCiAgICAjIERldGVjdCBpZiB0aGUgUFMgemlwIGFzc2VtYmxpZXMgYXJlIGF2YWlsYWJsZSBvciB3aGV0aGVyIHRvIHVzZSBTaGVsbAogICAgJHVzZV9sZWdhY3kgPSAkZmFsc2UKICAgIHRyeSB7CiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24uRmlsZVN5c3RlbSB8IE91dC1OdWxsCiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24gfCBPdXQtTnVsbAogICAgfSBjYXRjaCB7CiAgICAgICAgJHVzZV9sZWdhY3kgPSAkdHJ1ZQogICAgfQogICAgaWYgKCR1c2VfbGVnYWN5KSB7CiAgICAgICAgRXh0cmFjdC1aaXBMZWdhY3kgLXNyYyAkc3JjIC1kZXN0ICRkZXN0CiAgICB9IGVsc2UgewogICAgICAgIEV4dHJhY3QtWmlwIC1zcmMgJHNyYyAtZGVzdCAkZGVzdAogICAgfQoKICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCn0gZWxzZWlmICgkY29weV9tb2RlIC1lcSAicmVtb3RlIikgewogICAgIyBhbGwgY29weSBhY3Rpb25zIGFyZSBoYXBwZW5pbmcgb24gdGhlIHJlbW90ZSBzaWRlICh3aW5kb3dzIGhvc3QpLCBuZWVkCiAgICAjIHRvbyBjb3B5IHNvdXJjZSBhbmQgZGVzdCB1c2luZyBQUyBjb2RlCiAgICAkcmVzdWx0LnNyYyA9ICRzcmMKICAgICRyZXN1bHQuZGVzdCA9ICRkZXN0CgogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBDb250YWluZXIpIHsKICAgICAgICAjIHdlIGFyZSBjb3B5aW5nIGEgZGlyZWN0b3J5IG9yIHRoZSBjb250ZW50cyBvZiBhIGRpcmVjdG9yeQogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZvbGRlcl9jb3B5JwogICAgICAgIGlmICgkc3JjLkVuZHNXaXRoKCIvIikgLW9yICRzcmMuRW5kc1dpdGgoImBcIikpIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIncyBjb250ZW50cyB0byBkZXN0CiAgICAgICAgICAgICRkaWZmID0gIiIKICAgICAgICAgICAgJGNoaWxkX2ZpbGVzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZQogICAgICAgICAgICBmb3JlYWNoICgkY2hpbGRfZmlsZSBpbiAkY2hpbGRfZmlsZXMpIHsKICAgICAgICAgICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfZmlsZS5OYW1lCiAgICAgICAgICAgICAgICBpZiAoJGNoaWxkX2ZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgICAgICRkaWZmICs9IENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aAogICAgICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIgYW5kIGl0J3MgY29udGVudHMgdG8gZGVzdAogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgICAgICAkZGlmZiA9IENvcHktRm9sZGVyIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgIyB3ZSBhcmUganVzdCBjb3B5aW5nIGEgc2luZ2xlIGZpbGUgdG8gZGVzdAogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZpbGVfY29weScKCiAgICAgICAgJHNvdXJjZV9iYXNlbmFtZSA9IChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICRyZXN1bHQub3JpZ2luYWxfYmFzZW5hbWUgPSAkc291cmNlX2Jhc2VuYW1lCgogICAgICAgIGlmICgkZGVzdC5FbmRzV2l0aCgiLyIpIC1vciAkZGVzdC5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICMgY2hlY2sgaWYgdGhlIHBhcmVudCBkaXIgZXhpc3RzLCB0aGlzIGlzIG9ubHkgZG9uZSBpZiBzcmMgaXMgYQogICAgICAgICAgICAjIGZpbGUgYW5kIGRlc3QgaWYgdGhlIHBhdGggdG8gYSBmaWxlIChkb2Vzbid0IGVuZCB3aXRoIFwgb3IgLykKICAgICAgICAgICAgJHBhcmVudF9kaXIgPSBTcGxpdC1QYXRoIC1QYXRoICRkZXN0CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgICAgIEZha ScriptBlock ID: afbd0583-9fa3-4051-aa53-e3f88aade152 Path:	4104	1		3	2	15	0	1211	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3588	1812	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:38 PM	7f70462d-725d-0000-b557-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTUsIEpvbiBIYXdrZXN3b3J0aCAoQGpoYXdrZXN3b3J0aCkgPGZpZ3NAdW5pdHkuZGVtb24uY28udWs+CiMgQ29weXJpZ2h0OiAoYykgMjAxNywgQW5zaWJsZSBQcm9qZWN0CiMgR05VIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgdjMuMCsgKHNlZSBDT1BZSU5HIG9yIGh0dHBzOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvZ3BsLTMuMC50eHQpCgojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxlZ2FjeQoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKJHBhcmFtcyA9IFBhcnNlLUFyZ3MgLWFyZ3VtZW50cyAkYXJncyAtc3VwcG9ydHNfY2hlY2tfbW9kZSAkdHJ1ZQokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtdHlwZSAiYm9vbCIgLWRlZmF1bHQgJGZhbHNlCiRkaWZmX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfZGlmZiIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQoKIyB0aGVyZSBhcmUgNCBtb2RlcyB0byB3aW5fY29weSB3aGljaCBhcmUgZHJpdmVuIGJ5IHRoZSBhY3Rpb24gcGx1Z2luczoKIyAgIGV4cGxvZGU6IHNyYyBpcyBhIHppcCBmaWxlIHdoaWNoIG5lZWRzIHRvIGJlIGV4dHJhY3RlZCB0byBkZXN0LCBmb3IgdXNlIHdpdGggbXVsdGlwbGUgZmlsZXMKIyAgIHF1ZXJ5OiB3aW5fY29weSBhY3Rpb24gcGx1Z2luIHdhbnRzIHRvIGdldCB0aGUgc3RhdGUgb2YgcmVtb3RlIGZpbGVzIHRvIGNoZWNrIHdoZXRoZXIgaXQgbmVlZHMgdG8gc2VuZCB0aGVtCiMgICByZW1vdGU6IGFsbCBjb3B5IGFjdGlvbiBpcyBoYXBwZW5pbmcgcmVtb3RlbHkgKHJlbW90ZV9zcmM9VHJ1ZSkKIyAgIHNpbmdsZTogYSBzaW5nbGUgZmlsZSBoYXMgYmVlbiBjb3BpZWQsIGFsc28gdXNlZCB3aXRoIHRlbXBsYXRlCiRjb3B5X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2NvcHlfbW9kZSIgLXR5cGUgInN0ciIgLWRlZmF1bHQgInNpbmdsZSIgLXZhbGlkYXRlc2V0ICJleHBsb2RlIiwicXVlcnkiLCJyZW1vdGUiLCJzaW5nbGUiCgojIHVzZWQgaW4gZXhwbG9kZSwgcmVtb3RlIGFuZCBzaW5nbGUgbW9kZQokc3JjID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInNyYyIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAoJGNvcHlfbW9kZSAtaW4gQCgiZXhwbG9kZSIsInByb2Nlc3MiLCJzaW5nbGUiKSkKJGRlc3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGVzdCIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAkdHJ1ZQoKIyB1c2VkIGluIHNpbmdsZSBtb2RlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCgojIHVzZWQgaW4gcXVlcnkgYW5kIHJlbW90ZSBtb2RlCiRmb3JjZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmb3JjZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCgojIHVzZWQgaW4gcXVlcnkgbW9kZSwgY29udGFpbnMgdGhlIGxvY2FsIGZpbGVzL2RpcmVjdG9yaWVzL3N5bWxpbmtzIHRoYXQgYXJlIHRvIGJlIGNvcGllZAokZmlsZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZmlsZXMiIC10eXBlICJsaXN0IgokZGlyZWN0b3JpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGlyZWN0b3JpZXMiIC10eXBlICJsaXN0Igokc3ltbGlua3MgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3ltbGlua3MiIC10eXBlICJsaXN0IgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCn0KCmlmICgkZGlmZl9tb2RlKSB7CiAgICAkcmVzdWx0LmRpZmYgPSBAe30KfQoKRnVuY3Rpb24gQ29weS1GaWxlKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9maWxlID0gJGZhbHNlCiAgICAkc291cmNlX2NoZWNrc3VtID0gJG51bGwKICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAkc291cmNlX2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkc291cmNlCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBkZXN0IGlzIGFscmVhZHkgYSBmb2xkZXIiCiAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgaWYgKCRmb3JjZSkgewogICAgICAgICAgICAkdGFyZ2V0X2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkZGVzdAogICAgICAgICAgICBpZiAoJHNvdXJjZV9jaGVja3N1bSAtbmUgJHRhcmdldF9jaGVja3N1bSkgewogICAgICAgICAgICAgICAgJGNvcHlfZmlsZSA9ICR0cnVlCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICRjb3B5X2ZpbGUgPSAkdHJ1ZQogICAgfQoKICAgIGlmICgkY29weV9maWxlKSB7CiAgICAgICAgJGZpbGVfZGlyID0gW1N5c3RlbS5JTy5QYXRoXTo6R2V0RGlyZWN0b3J5TmFtZSgkZGVzdCkKICAgICAgICAjIHZhbGlkYXRlIHRoZSBwYXJlbnQgZGlyIGlzIG5vdCBhIGZpbGUgYW5kIHRoYXQgaXQgZXhpc3RzCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZmlsZV9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRmaWxlX2RpcikpIHsKICAgICAgICAgICAgIyBkaXJlY3RvcnkgZG9lc24ndCBleGlzdCwgbmVlZCB0byBjcmVhdGUKICAgICAgICAgICAgTmV3LUl0ZW0gLVBhdGggJGZpbGVfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICIrJGZpbGVfZGlyXGBuIgogICAgICAgIH0KCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBSZW1vdmUtSXRlbSAtUGF0aCAkZGVzdCAtRm9yY2UgLVJlY3Vyc2UgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICItJGRlc3RgbiIKICAgICAgICB9CgogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICMgY2Fubm90IHJ1biB3aXRoIC1XaGF0SWY6JGNoZWNrX21vZGUgYXMgaWYgdGhlIHBhcmVudCBkaXIgZGlkbid0CiAgICAgICAgICAgICMgZXhpc3QgYW5kIHdhcyBjcmVhdGVkIGFib3ZlIHdvdWxkIHN0aWxsIG5vdCBleGlzdCBpbiBjaGVjayBtb2RlCiAgICAgICAgICAgIENvcHktSXRlbSAtUGF0aCAkc291cmNlIC1EZXN0aW5hdGlvbiAkZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgICAgICAkZGlmZiArPSAiKyRkZXN0YG4iCgogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgIyB1Z2x5IGJ1dCB0byBzYXZlIHVzIGZyb20gcnVubmluZyB0aGUgY2hlY2tzdW0gdHdpY2UsIGxldCdzIHJldHVybiBpdCBmb3IKICAgICMgdGhlIG1haW4gY29kZSB0byBhZGQgaXQgdG8gJHJlc3VsdAogICAgcmV0dXJuICxAeyBkaWZmID0gJGRpZmY7IGNoZWNrc3VtID0gJHNvdXJjZV9jaGVja3N1bSB9Cn0KCkZ1bmN0aW9uIENvcHktRm9sZGVyKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9mb2xkZXIgPSAkZmFsc2UKCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgJHBhcmVudF9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCR ScriptBlock ID: afbd0583-9fa3-4051-aa53-e3f88aade152 Path:	4104	1		3	2	15	0	1210	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3588	1812	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:38 PM	7f70462d-725d-0000-b557-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3 ScriptBlock ID: afbd0583-9fa3-4051-aa53-e3f88aade152 Path:	4104	1		3	2	15	0	1209	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3588	1812	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:38 PM	7f70462d-725d-0000-b557-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1208	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3588	2440	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:38 PM	7f70462d-725d-0003-738d-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3588 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1207	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3588	4856	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:38 PM	7f70462d-725d-0003-738d-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1206	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3588	2440	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:37 PM	7f70462d-725d-0003-738d-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1205	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4736	3780	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:09 PM	7f70462d-725d-0002-b48a-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4736 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1204	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4736	3532	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:09 PM	7f70462d-725d-0002-b48a-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1203	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4736	3780	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:09 PM	7f70462d-725d-0002-b48a-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = c29dd455-0d92-4282-8d09-76b250bc6dfd Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = b3c8efb8-9a1a-4f06-bfed-2ddf2ab9bc4b Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = HV-CINDER-79963\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1202	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4216	2292	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:09 PM	7f70462d-725d-0003-4a8d-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 6d701156-7d39-4e86-be1c-29fa5640abfb Path:	4104	1		3	2	15	0	1201	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4216	536	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:08 PM	7f70462d-725d-0002-af8a-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: d4761004-614f-4936-b66a-1991a04d7080 Path:	4104	1		3	2	15	0	1200	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4216	536	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:08 PM	7f70462d-725d-0002-a88a-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: c031c0fe-1cf2-4a1a-8dcf-a00673d68855 Path:	4104	1		3	2	15	0	1199	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4216	536	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:08 PM	7f70462d-725d-0002-998a-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): XRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "pip install -c c:\\openstack\\build\\requirements\\upper-constraints.txt -U -e c:\\openstack\\build\\requirements", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 1a9e6e09-a395-4754-b361-a2720ed0d189 Path:	4104	1		3	2	15	0	1198	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4216	536	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:08 PM	7f70462d-725d-0002-938a-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): yAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjY ScriptBlock ID: 1a9e6e09-a395-4754-b361-a2720ed0d189 Path:	4104	1		3	2	15	0	1197	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4216	536	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:08 PM	7f70462d-725d-0002-938a-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): IYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5nc ScriptBlock ID: 1a9e6e09-a395-4754-b361-a2720ed0d189 Path:	4104	1		3	2	15	0	1196	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4216	536	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:08 PM	7f70462d-725d-0002-938a-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXR ScriptBlock ID: 1a9e6e09-a395-4754-b361-a2720ed0d189 Path:	4104	1		3	2	15	0	1195	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4216	536	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:08 PM	7f70462d-725d-0002-938a-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1194	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4216	4524	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:08 PM	7f70462d-725d-0002-918a-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4216 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1193	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4216	3184	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:08 PM	7f70462d-725d-0002-918a-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1192	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4216	4524	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:08 PM	7f70462d-725d-0002-918a-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1191	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2556	1444	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:06 PM	7f70462d-725d-0003-288d-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2556 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1190	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2556	2252	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:06 PM	7f70462d-725d-0003-288d-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1189	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2556	1444	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:06 PM	7f70462d-725d-0003-288d-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = d670e9af-8836-4cf3-a15c-e3ff43f372c7 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 17a32f1a-a92e-4d01-b764-0215fc21c119 Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = HV-CINDER-79963\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1188	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1272	4876	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:06 PM	7f70462d-725d-0000-7757-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 56dfa377-ef5d-4c2b-9427-94ecedd48463 Path:	4104	1		3	2	15	0	1187	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1272	4916	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:05 PM	7f70462d-725d-0003-148d-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: f908cc02-af95-48b4-850c-795b08542439 Path:	4104	1		3	2	15	0	1186	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1272	4916	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:05 PM	7f70462d-725d-0003-0d8d-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 61055cb5-1aff-444f-81bc-db5ca3392821 Path:	4104	1		3	2	15	0	1185	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1272	4916	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:05 PM	7f70462d-725d-0003-fe8c-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): odDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "Select-String -path c:\\openstack\\build\\requirements\\\\setup.cfg -pattern \"^name.*=.*\" | % {$_.matches.value.split(\"=\")[1].trim()}", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 0c3343b9-d5c9-4315-bab5-ce44dc42c533 Path:	4104	1		3	2	15	0	1184	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1272	4916	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:05 PM	7f70462d-725d-0003-f88c-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): jPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWd ScriptBlock ID: 0c3343b9-d5c9-4315-bab5-ce44dc42c533 Path:	4104	1		3	2	15	0	1183	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1272	4916	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:05 PM	7f70462d-725d-0003-f88c-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgo ScriptBlock ID: 0c3343b9-d5c9-4315-bab5-ce44dc42c533 Path:	4104	1		3	2	15	0	1182	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1272	4916	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:05 PM	7f70462d-725d-0003-f88c-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1 ScriptBlock ID: 0c3343b9-d5c9-4315-bab5-ce44dc42c533 Path:	4104	1		3	2	15	0	1181	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1272	4916	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:05 PM	7f70462d-725d-0003-f88c-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1180	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1272	4396	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:05 PM	7f70462d-725d-0001-8b4f-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1272 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1179	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1272	4872	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:05 PM	7f70462d-725d-0001-8b4f-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1178	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1272	4396	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:11:05 PM	7f70462d-725d-0001-8b4f-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1177	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1588	4828	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:10:44 PM	7f70462d-725d-0002-768a-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1588 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1176	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1588	364	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:10:44 PM	7f70462d-725d-0002-768a-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1175	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1588	4828	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:10:44 PM	7f70462d-725d-0002-768a-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = af2ebebe-e085-4fad-b9c3-0def00ca80c9 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = c2a2d606-359c-4d3b-8bdb-f6e0954e9304 Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = HV-CINDER-79963\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1174	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4312	4416	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:10:43 PM	7f70462d-725d-0002-758a-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 460d17bb-141d-4ae2-9696-7895753517f4 Path:	4104	1		3	2	15	0	1173	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4312	2432	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:10:43 PM	7f70462d-725d-0005-3854-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: b497dd75-5ea8-4b7f-a0a3-4d0cf2add0bf Path:	4104	1		3	2	15	0	1172	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4312	2432	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:10:43 PM	7f70462d-725d-0001-6b4f-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 88a0a285-eb2b-4fa9-9e76-f1d3543f826e Path:	4104	1		3	2	15	0	1171	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4312	2432	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:10:43 PM	7f70462d-725d-0005-2754-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 5): IHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "pip install -c c:\\openstack\\build\\requirements\\upper-constraints.txt -U pywin32 pbr pymysql ovs", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: e3337028-e610-43cc-aecb-947feb5e871c Path:	4104	1		3	2	15	0	1170	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4312	2432	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:10:43 PM	7f70462d-725d-0005-2154-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 5): WUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNo ScriptBlock ID: e3337028-e610-43cc-aecb-947feb5e871c Path:	4104	1		3	2	15	0	1169	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4312	2432	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:10:43 PM	7f70462d-725d-0005-2154-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 5): 4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRyd ScriptBlock ID: e3337028-e610-43cc-aecb-947feb5e871c Path:	4104	1		3	2	15	0	1168	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4312	2432	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:10:43 PM	7f70462d-725d-0005-2154-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 5): gICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV ScriptBlock ID: e3337028-e610-43cc-aecb-947feb5e871c Path:	4104	1		3	2	15	0	1167	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4312	2432	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:10:43 PM	7f70462d-725d-0005-2154-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 5): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewo ScriptBlock ID: e3337028-e610-43cc-aecb-947feb5e871c Path:	4104	1		3	2	15	0	1166	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4312	2432	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:10:43 PM	7f70462d-725d-0005-2154-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1165	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4312	1124	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:10:42 PM	7f70462d-725d-0002-648a-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4312 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1164	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4312	4148	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:10:42 PM	7f70462d-725d-0002-648a-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1163	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4312	1124	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:10:42 PM	7f70462d-725d-0002-648a-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1162	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4540	1304	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:10:34 PM	7f70462d-725d-0001-584f-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4540 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1161	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4540	748	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:10:34 PM	7f70462d-725d-0001-584f-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1160	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4540	1304	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:10:34 PM	7f70462d-725d-0001-584f-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 2eedd9ef-691f-4a5d-939a-a8cecc588cfe Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = fe5faf26-6bd4-442e-a97e-b65fbe3d86fe Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = HV-CINDER-79963\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1159	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4128	4380	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:10:34 PM	7f70462d-725d-0003-d68c-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 9ec32081-3afd-46ab-8676-a7c3c607cd6d Path:	4104	1		3	2	15	0	1158	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4128	3440	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:10:34 PM	7f70462d-725d-0003-b38c-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 28cb38a8-576c-4c7b-997d-0a40974af944 Path:	4104	1		3	2	15	0	1157	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4128	3440	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:10:34 PM	7f70462d-725d-0003-ac8c-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 84f13cc1-6f83-41c6-9303-7dddaacb34d2 Path:	4104	1		3	2	15	0	1156	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4128	3440	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:10:33 PM	7f70462d-725d-0001-574f-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): gICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "pip install -c c:\\openstack\\build\\requirements\\upper-constraints.txt -U setuptools", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 076f4821-8a84-4f55-8f07-388b490f73cd Path:	4104	1		3	2	15	0	1155	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4128	3440	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:10:33 PM	7f70462d-725d-0001-514f-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): ogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICA ScriptBlock ID: 076f4821-8a84-4f55-8f07-388b490f73cd Path:	4104	1		3	2	15	0	1154	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4128	3440	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:10:33 PM	7f70462d-725d-0001-514f-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7Cg ScriptBlock ID: 076f4821-8a84-4f55-8f07-388b490f73cd Path:	4104	1		3	2	15	0	1153	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4128	3440	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:10:33 PM	7f70462d-725d-0001-514f-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1152	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4128	4444	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:10:33 PM	7f70462d-725d-0002-558a-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4128 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1151	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4128	4900	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:10:33 PM	7f70462d-725d-0002-558a-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1150	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4128	4444	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:10:33 PM	7f70462d-725d-0002-558a-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1149	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1912	3432	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:10:30 PM	7f70462d-725d-0001-494f-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1912 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1148	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1912	4400	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:10:30 PM	7f70462d-725d-0001-494f-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1147	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1912	3432	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:10:30 PM	7f70462d-725d-0001-494f-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = c8598ad4-d4f5-47f0-a134-09b941ec331c Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = ee897fa5-9ee5-46ca-a1be-0e4cd012a4bb Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = HV-CINDER-79963\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1146	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3104	1256	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:10:30 PM	7f70462d-725d-0002-448a-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 4f097d14-394e-4c56-b083-440f9a9933f6 Path:	4104	1		3	2	15	0	1145	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3104	4808	hv-cinder-79963	S-1-5-21-57071957-2412517775-1683461289-1001	7/6/2021 12:10:29 PM	7f70462d-725d-0000-2057-707f5d72d701		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]